Add removeManagedProfile API: Checks if the given user is a managed profile and deletes it (dea24e47) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -1354,6 +1354,7 @@ package android.app.admin {
		method @RequiresPermission("android.permission.NOTIFY_PENDING_SYSTEM_UPDATE") public void notifyPendingSystemUpdate(long, boolean);
		method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL) public boolean packageHasActiveAdmins(String);
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, android.Manifest.permission.PROVISION_DEMO_DEVICE}) public void provisionFullyManagedDevice(@NonNull android.app.admin.FullyManagedDeviceProvisioningParams) throws android.app.admin.ProvisioningException;
		method @FlaggedApi("android.app.admin.flags.remove_managed_profile_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public boolean removeManagedProfile();
		method @RequiresPermission(android.Manifest.permission.TRIGGER_LOST_MODE) public void sendLostModeLocationUpdate(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>);
		method @Deprecated @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS) public boolean setActiveProfileOwner(@NonNull android.content.ComponentName, String) throws java.lang.IllegalArgumentException;
		method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS) public void setApplicationExemptions(@NonNull String, @NonNull java.util.Set<java.lang.Integer>) throws android.content.pm.PackageManager.NameNotFoundException;

core/java/android/app/admin/DevicePolicyManager.java

+25 −0

Original line number	Diff line number	Diff line
		@@ -55,6 +55,7 @@ import static android.Manifest.permission.SET_TIME;
		import static android.Manifest.permission.SET_TIME_ZONE;
		import static android.app.admin.DeviceAdminInfo.HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED;
		import static android.app.admin.flags.Flags.FLAG_DEVICE_THEFT_API_ENABLED;
		import static android.app.admin.flags.Flags.FLAG_REMOVE_MANAGED_PROFILE_ENABLED;
		import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled;
		import static android.app.admin.flags.Flags.onboardingConsentlessBugreports;
		import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;
		@@ -16961,6 +16962,30 @@ public class DevicePolicyManager {
		}
		}

		/**
		* Removes a manged profile from the device only when called from a managed profile's context
		*
		* @param user UserHandle of the profile to be removed
		* @return {@code true} when removal of managed profile was successful, {@code false} when
		* removal was unsuccessful or throws IllegalArgumentException when provided user was not a
		* managed profile
		* @hide
		*/
		@SystemApi
		@UserHandleAware
		@FlaggedApi(FLAG_REMOVE_MANAGED_PROFILE_ENABLED)
		@RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)
		public boolean removeManagedProfile() {
		if (mService == null) {
		throw new IllegalStateException("Could not find DevicePolicyManagerService");
		}
		try {
		return mService.removeManagedProfile(myUserId());
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}

		/**
		* Called when a managed profile has been provisioned.
		*

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −0

Original line number	Diff line number	Diff line
		@@ -567,6 +567,8 @@ interface IDevicePolicyManager {

		void finalizeWorkProfileProvisioning(in UserHandle managedProfileUser, in Account migratedAccount);

		boolean removeManagedProfile(int userId);

		void setDeviceOwnerType(in ComponentName admin, in int deviceOwnerType);
		int getDeviceOwnerType(in ComponentName admin);

core/java/android/app/admin/flags/flags.aconfig

+14 −7

Original line number	Diff line number	Diff line
		@@ -342,6 +342,13 @@ flag {
		}
		}

		flag {
		name: "remove_managed_profile_enabled"
		namespace: "enterprise"
		description: "API that removes a given managed profile."
		bug: "372652841"
		}

		flag {
		name: "set_mte_policy_coexistence"
		is_exported: true

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+21 −0

Original line number	Diff line number	Diff line
		@@ -21417,6 +21417,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}
		}

		@Override
		public boolean removeManagedProfile(int userId) {
		Preconditions.checkCallAuthorization(
		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

		if (!isManagedProfile(userId)){
		throw new IllegalArgumentException("Cannot remove user as it is not a managed profile");
		}

		boolean success = false;
		final long identity = Binder.clearCallingIdentity();
		try{
		success = mUserManager.removeUserEvenWhenDisallowed(userId);
		} catch (Exception e) {
		Slogf.e(LOG_TAG, "Remove managed profile failed due to: ", e);
		} finally {
		Binder.restoreCallingIdentity(identity);
		}
		return success;
		}

		@Override
		public UserHandle createAndProvisionManagedProfile(
		@NonNull ManagedProfileProvisioningParams provisioningParams,