Merge "Avoid A11y features blocked by IT admin can be allowed to bind at the...

            }

            if (userState.mEnabledServices.contains(componentName)

                    && !mUiAutomationManager.suppressingAccessibilityServicesLocked()) {

                // Skip the enabling service disallowed by device admin policy.

                if (!isAccessibilityTargetAllowed(componentName.getPackageName(),

                        installedService.getResolveInfo().serviceInfo.applicationInfo.uid,

                        userState.mUserId)) {

                    Slog.d(LOG_TAG, "Skipping enabling service disallowed by device admin policy: "

                            + componentName);

                    disableAccessibilityServiceLocked(componentName, userState.mUserId);

                    continue;

                }

                if (service == null) {

                    service = new AccessibilityServiceConnection(userState, mContext, componentName,

                            installedService, sIdCounter++, mMainHandler, mLock, mSecurityPolicy,

        }

    }

    @Override

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.QUERY_ADMIN_POLICY})

    public boolean isAccessibilityTargetAllowed(String packageName, int uid, int userId) {

        final long identity = Binder.clearCallingIdentity();

        try {

            final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);

            final List<String> permittedServices = dpm.getPermittedAccessibilityServices(userId);

                return !ecmEnabled || mode == AppOpsManager.MODE_ALLOWED;

            }

            return false;

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }

    @Override

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.QUERY_ADMIN_POLICY})

    public boolean sendRestrictedDialogIntent(String packageName, int uid, int userId) {

        // The accessibility service is allowed. Don't show the restricted dialog.

        if (isAccessibilityTargetAllowed(packageName, uid, userId)) {

        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(canManageUsers(caller) || canQueryAdminPolicy(caller));

        // Move AccessibilityManager out of lock to prevent potential deadlock

        final List<AccessibilityServiceInfo> installedServices;

        long id = mInjector.binderClearCallingIdentity();

        try {

            UserInfo user = getUserInfo(userId);

            if (user.isManagedProfile()) {

                userId = user.profileGroupId;

            }

            installedServices = withAccessibilityManager(userId,

                    AccessibilityManager::getInstalledAccessibilityServiceList);

        } finally {

            mInjector.binderRestoreCallingIdentity(id);

        }

        synchronized (getLockObject()) {

            List<String> result = null;

            // If we have multiple profiles we return the intersection of the

            // If we have a permitted list add all system accessibility services.

            if (result != null) {

                long id = mInjector.binderClearCallingIdentity();

                try {

                    UserInfo user = getUserInfo(userId);

                    if (user.isManagedProfile()) {

                        userId = user.profileGroupId;

                    }

                    final List<AccessibilityServiceInfo> installedServices =

                            withAccessibilityManager(userId,

                                    AccessibilityManager::getInstalledAccessibilityServiceList);

                if (installedServices != null) {

                    for (AccessibilityServiceInfo service : installedServices) {

                        ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo;

                        }

                    }

                }

                } finally {

                    mInjector.binderRestoreCallingIdentity(id);

                }

            }

            return result;