Loading core/java/android/app/admin/DevicePolicyManager.java +25 −13 Original line number Diff line number Diff line Loading @@ -11210,7 +11210,9 @@ public class DevicePolicyManager { * for enterprise use. * * An example of a supported preferential network service is the Enterprise * slice on 5G networks. * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally * configure enterprise APN to set up data call for the preferential network service. * These APNs can be added using {@link #addOverrideApn}. * * By default, preferential network service is disabled on the work profile and * fully managed devices, on supported carriers and devices. Loading Loading @@ -11260,7 +11262,9 @@ public class DevicePolicyManager { * {@see PreferentialNetworkServiceConfig} * * An example of a supported preferential network service is the Enterprise * slice on 5G networks. * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally * configure enterprise APN to set up data call for the preferential network service. * These APNs can be added using {@link #addOverrideApn}. * * By default, preferential network service is disabled on the work profile and fully managed * devices, on supported carriers and devices. Admins can explicitly enable it with this API. Loading Loading @@ -13782,18 +13786,13 @@ public class DevicePolicyManager { } /** * Called by device owner or profile owner to add an override APN. * Called by device owner or managed profile owner to add an override APN. * * <p>This method may returns {@code -1} if {@code apnSetting} conflicts with an existing * override APN. Update the existing conflicted APN with * {@link #updateOverrideApn(ComponentName, int, ApnSetting)} instead of adding a new entry. * <p>Two override APNs are considered to conflict when all the following APIs return * the same values on both override APNs: * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can add APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Device and profile owners can add enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs. * <ul> * <li>{@link ApnSetting#getOperatorNumeric()}</li> * <li>{@link ApnSetting#getApnName()}</li> Loading @@ -13808,6 +13807,15 @@ public class DevicePolicyManager { * <li>{@link ApnSetting#getRoamingProtocol()}</li> * </ul> * * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can add APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Both device owners and managed profile owners can add enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs. * Enterprise APNs are specific to the managed profile and do not override any user-configured * VPNs. They are prerequisites for enabling preferential network service on the managed * profile on 4G networks ({@link #setPreferentialNetworkServiceConfigs}). * * @param admin which {@link DeviceAdminReceiver} this request is associated with * @param apnSetting the override APN to insert * @return The {@code id} of inserted override APN. Or {@code -1} when failed to insert into Loading @@ -13830,7 +13838,7 @@ public class DevicePolicyManager { } /** * Called by device owner or profile owner to update an override APN. * Called by device owner or managed profile owner to update an override APN. * * <p>This method may returns {@code false} if there is no override APN with the given * {@code apnId}. Loading @@ -13840,7 +13848,7 @@ public class DevicePolicyManager { * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can update APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Device and profile owners can update enterprise APNs * Both device owners and managed profile owners can update enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can update other type of APNs. * * @param admin which {@link DeviceAdminReceiver} this request is associated with Loading @@ -13867,14 +13875,14 @@ public class DevicePolicyManager { } /** * Called by device owner or profile owner to remove an override APN. * Called by device owner or managed profile owner to remove an override APN. * * <p>This method may returns {@code false} if there is no override APN with the given * {@code apnId}. * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can remove APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Device and profile owners can remove enterprise APNs * Both device owners and managed profile owners can remove enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can remove other type of APNs. * * @param admin which {@link DeviceAdminReceiver} this request is associated with Loading @@ -13899,7 +13907,8 @@ public class DevicePolicyManager { } /** * Called by device owner to get all override APNs inserted by device owner. * Called by device owner or managed profile owner to get all override APNs inserted by * device owner or managed profile owner previously using {@link #addOverrideApn}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with * @return A list of override APNs inserted by device owner. Loading @@ -13924,6 +13933,9 @@ public class DevicePolicyManager { * <p> Override APNs are separated from other APNs on the device, and can only be inserted or * modified by the device owner. When enabled, only override APNs are in use, any other APNs * are ignored. * <p>Note: Enterprise APNs added by managed profile owners do not need to be enabled by * this API. They are part of the preferential network service config and is controlled by * {@link #setPreferentialNetworkServiceConfigs}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with * @param enabled {@code true} if override APNs should be enabled, {@code false} otherwise services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +36 −5 Original line number Diff line number Diff line Loading @@ -1937,6 +1937,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { updatePasswordQualityCacheForUserGroup(userHandle); mPolicyCache.onUserRemoved(userHandle); if (isManagedProfile(userHandle)) { clearManagedProfileApnUnchecked(); } isOrgOwned = mOwners.isProfileOwnerOfOrganizationOwnedDevice(userHandle); mOwners.removeProfileOwner(userHandle); Loading Loading @@ -8760,6 +8763,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private void clearManagedProfileApnUnchecked() { if (!mHasTelephonyFeature) { return; } final List<ApnSetting> apns = getOverrideApnsUnchecked(); for (ApnSetting apn : apns) { if (apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { removeOverrideApnUnchecked(apn.getId()); } } } private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) { mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner"); Loading Loading @@ -12100,6 +12115,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private boolean isManagedProfileOwner(CallerIdentity caller) { return isProfileOwner(caller) && isManagedProfile(caller.getUserId()); } private boolean isDefaultSupervisor(CallerIdentity caller) { final String supervisor = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); Loading Loading @@ -16300,7 +16319,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final CallerIdentity caller = getCallerIdentity(who); if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isProfileOwner(caller)); || isManagedProfileOwner(caller)); } else { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); } Loading Loading @@ -16328,7 +16347,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE && apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isProfileOwner(caller)); || isManagedProfileOwner(caller)); } else { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); } Loading Loading @@ -16356,7 +16375,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { ApnSetting apn = getApnSetting(apnId); if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isProfileOwner(caller)); || isManagedProfileOwner(caller)); } else { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); } Loading Loading @@ -16401,8 +16420,20 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } Objects.requireNonNull(who, "ComponentName is null"); final CallerIdentity caller = getCallerIdentity(who); Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); return getOverrideApnsUnchecked(); Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isManagedProfileOwner(caller)); List<ApnSetting> apnSettings = getOverrideApnsUnchecked(); if (isProfileOwner(caller)) { List<ApnSetting> apnSettingList = new ArrayList<>(); for (ApnSetting apnSetting : apnSettings) { if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { apnSettingList.add(apnSetting); } } return apnSettingList; } else { return apnSettings; } } private List<ApnSetting> getOverrideApnsUnchecked() { Loading
core/java/android/app/admin/DevicePolicyManager.java +25 −13 Original line number Diff line number Diff line Loading @@ -11210,7 +11210,9 @@ public class DevicePolicyManager { * for enterprise use. * * An example of a supported preferential network service is the Enterprise * slice on 5G networks. * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally * configure enterprise APN to set up data call for the preferential network service. * These APNs can be added using {@link #addOverrideApn}. * * By default, preferential network service is disabled on the work profile and * fully managed devices, on supported carriers and devices. Loading Loading @@ -11260,7 +11262,9 @@ public class DevicePolicyManager { * {@see PreferentialNetworkServiceConfig} * * An example of a supported preferential network service is the Enterprise * slice on 5G networks. * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally * configure enterprise APN to set up data call for the preferential network service. * These APNs can be added using {@link #addOverrideApn}. * * By default, preferential network service is disabled on the work profile and fully managed * devices, on supported carriers and devices. Admins can explicitly enable it with this API. Loading Loading @@ -13782,18 +13786,13 @@ public class DevicePolicyManager { } /** * Called by device owner or profile owner to add an override APN. * Called by device owner or managed profile owner to add an override APN. * * <p>This method may returns {@code -1} if {@code apnSetting} conflicts with an existing * override APN. Update the existing conflicted APN with * {@link #updateOverrideApn(ComponentName, int, ApnSetting)} instead of adding a new entry. * <p>Two override APNs are considered to conflict when all the following APIs return * the same values on both override APNs: * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can add APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Device and profile owners can add enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs. * <ul> * <li>{@link ApnSetting#getOperatorNumeric()}</li> * <li>{@link ApnSetting#getApnName()}</li> Loading @@ -13808,6 +13807,15 @@ public class DevicePolicyManager { * <li>{@link ApnSetting#getRoamingProtocol()}</li> * </ul> * * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can add APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Both device owners and managed profile owners can add enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs. * Enterprise APNs are specific to the managed profile and do not override any user-configured * VPNs. They are prerequisites for enabling preferential network service on the managed * profile on 4G networks ({@link #setPreferentialNetworkServiceConfigs}). * * @param admin which {@link DeviceAdminReceiver} this request is associated with * @param apnSetting the override APN to insert * @return The {@code id} of inserted override APN. Or {@code -1} when failed to insert into Loading @@ -13830,7 +13838,7 @@ public class DevicePolicyManager { } /** * Called by device owner or profile owner to update an override APN. * Called by device owner or managed profile owner to update an override APN. * * <p>This method may returns {@code false} if there is no override APN with the given * {@code apnId}. Loading @@ -13840,7 +13848,7 @@ public class DevicePolicyManager { * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can update APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Device and profile owners can update enterprise APNs * Both device owners and managed profile owners can update enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can update other type of APNs. * * @param admin which {@link DeviceAdminReceiver} this request is associated with Loading @@ -13867,14 +13875,14 @@ public class DevicePolicyManager { } /** * Called by device owner or profile owner to remove an override APN. * Called by device owner or managed profile owner to remove an override APN. * * <p>This method may returns {@code false} if there is no override APN with the given * {@code apnId}. * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Only device owners can remove APNs. * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}: * Device and profile owners can remove enterprise APNs * Both device owners and managed profile owners can remove enterprise APNs * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can remove other type of APNs. * * @param admin which {@link DeviceAdminReceiver} this request is associated with Loading @@ -13899,7 +13907,8 @@ public class DevicePolicyManager { } /** * Called by device owner to get all override APNs inserted by device owner. * Called by device owner or managed profile owner to get all override APNs inserted by * device owner or managed profile owner previously using {@link #addOverrideApn}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with * @return A list of override APNs inserted by device owner. Loading @@ -13924,6 +13933,9 @@ public class DevicePolicyManager { * <p> Override APNs are separated from other APNs on the device, and can only be inserted or * modified by the device owner. When enabled, only override APNs are in use, any other APNs * are ignored. * <p>Note: Enterprise APNs added by managed profile owners do not need to be enabled by * this API. They are part of the preferential network service config and is controlled by * {@link #setPreferentialNetworkServiceConfigs}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with * @param enabled {@code true} if override APNs should be enabled, {@code false} otherwise
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +36 −5 Original line number Diff line number Diff line Loading @@ -1937,6 +1937,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { updatePasswordQualityCacheForUserGroup(userHandle); mPolicyCache.onUserRemoved(userHandle); if (isManagedProfile(userHandle)) { clearManagedProfileApnUnchecked(); } isOrgOwned = mOwners.isProfileOwnerOfOrganizationOwnedDevice(userHandle); mOwners.removeProfileOwner(userHandle); Loading Loading @@ -8760,6 +8763,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private void clearManagedProfileApnUnchecked() { if (!mHasTelephonyFeature) { return; } final List<ApnSetting> apns = getOverrideApnsUnchecked(); for (ApnSetting apn : apns) { if (apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { removeOverrideApnUnchecked(apn.getId()); } } } private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) { mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner"); Loading Loading @@ -12100,6 +12115,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private boolean isManagedProfileOwner(CallerIdentity caller) { return isProfileOwner(caller) && isManagedProfile(caller.getUserId()); } private boolean isDefaultSupervisor(CallerIdentity caller) { final String supervisor = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); Loading Loading @@ -16300,7 +16319,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final CallerIdentity caller = getCallerIdentity(who); if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isProfileOwner(caller)); || isManagedProfileOwner(caller)); } else { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); } Loading Loading @@ -16328,7 +16347,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE && apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isProfileOwner(caller)); || isManagedProfileOwner(caller)); } else { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); } Loading Loading @@ -16356,7 +16375,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { ApnSetting apn = getApnSetting(apnId); if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isProfileOwner(caller)); || isManagedProfileOwner(caller)); } else { Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); } Loading Loading @@ -16401,8 +16420,20 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } Objects.requireNonNull(who, "ComponentName is null"); final CallerIdentity caller = getCallerIdentity(who); Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)); return getOverrideApnsUnchecked(); Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller) || isManagedProfileOwner(caller)); List<ApnSetting> apnSettings = getOverrideApnsUnchecked(); if (isProfileOwner(caller)) { List<ApnSetting> apnSettingList = new ArrayList<>(); for (ApnSetting apnSetting : apnSettings) { if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) { apnSettingList.add(apnSetting); } } return apnSettingList; } else { return apnSettings; } } private List<ApnSetting> getOverrideApnsUnchecked() {
