implement app functions enterprise policy (e93aa8b6) · Commits · e / os / android_frameworks_base

core/api/current.txt

+3 −0

Original line number	Diff line number	Diff line
		@@ -8075,6 +8075,7 @@ package android.app.admin {
		field public static final String ACCOUNT_MANAGEMENT_DISABLED_POLICY = "accountManagementDisabled";
		field public static final String APPLICATION_HIDDEN_POLICY = "applicationHidden";
		field public static final String APPLICATION_RESTRICTIONS_POLICY = "applicationRestrictions";
		field @FlaggedApi("android.app.appfunctions.flags.enable_app_function_manager") public static final String APP_FUNCTIONS_POLICY = "appFunctions";
		field public static final String AUTO_TIMEZONE_POLICY = "autoTimezone";
		field public static final String AUTO_TIME_POLICY = "autoTime";
		field public static final String BACKUP_SERVICE_POLICY = "backupService";
		@@ -8124,6 +8125,7 @@ package android.app.admin {
		method @NonNull public java.util.Set<java.lang.String> getAffiliationIds(@NonNull android.content.ComponentName);
		method @Nullable public java.util.Set<java.lang.String> getAlwaysOnVpnLockdownWhitelist(@NonNull android.content.ComponentName);
		method @Nullable public String getAlwaysOnVpnPackage(@NonNull android.content.ComponentName);
		method @FlaggedApi("android.app.appfunctions.flags.enable_app_function_manager") @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_APP_FUNCTIONS, conditional=true) public int getAppFunctionsPolicy();
		method @NonNull @WorkerThread public android.os.Bundle getApplicationRestrictions(@Nullable android.content.ComponentName, String);
		method @Deprecated @Nullable public String getApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName);
		method @RequiresPermission(anyOf={android.Manifest.permission.SET_TIME, "android.permission.QUERY_ADMIN_POLICY"}, conditional=true) public boolean getAutoTimeEnabled(@Nullable android.content.ComponentName);
		@@ -8282,6 +8284,7 @@ package android.app.admin {
		method public void setAffiliationIds(@NonNull android.content.ComponentName, @NonNull java.util.Set<java.lang.String>);
		method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean) throws android.content.pm.PackageManager.NameNotFoundException;
		method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean, @Nullable java.util.Set<java.lang.String>) throws android.content.pm.PackageManager.NameNotFoundException;
		method @FlaggedApi("android.app.appfunctions.flags.enable_app_function_manager") @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_APP_FUNCTIONS, conditional=true) public void setAppFunctionsPolicy(int);
		method @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE, conditional=true) public boolean setApplicationHidden(@Nullable android.content.ComponentName, String, boolean);
		method @WorkerThread public void setApplicationRestrictions(@Nullable android.content.ComponentName, String, android.os.Bundle);
		method @Deprecated public void setApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName, @Nullable String) throws android.content.pm.PackageManager.NameNotFoundException;

core/api/test-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -657,6 +657,7 @@ package android.app.admin {
		field public static final int OPERATION_SET_ALWAYS_ON_VPN_PACKAGE = 30; // 0x1e
		field public static final int OPERATION_SET_APPLICATION_HIDDEN = 15; // 0xf
		field public static final int OPERATION_SET_APPLICATION_RESTRICTIONS = 16; // 0x10
		field @FlaggedApi("android.app.appfunctions.flags.enable_app_function_manager") public static final int OPERATION_SET_APP_FUNCTIONS_POLICY = 42; // 0x2a
		field public static final int OPERATION_SET_CAMERA_DISABLED = 31; // 0x1f
		field @FlaggedApi("android.view.contentprotection.flags.manage_device_policy_enabled") public static final int OPERATION_SET_CONTENT_PROTECTION_POLICY = 41; // 0x29
		field public static final int OPERATION_SET_FACTORY_RESET_PROTECTION_POLICY = 32; // 0x20

core/java/android/app/admin/DevicePolicyIdentifiers.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -20,6 +20,7 @@ import android.annotation.FlaggedApi;
		import android.annotation.NonNull;
		import android.annotation.SystemApi;
		import android.annotation.TestApi;
		import android.app.appfunctions.flags.Flags;
		import android.os.UserManager;

		import java.util.Objects;
		@@ -180,6 +181,12 @@ public final class DevicePolicyIdentifiers {
		@FlaggedApi(android.view.contentprotection.flags.Flags.FLAG_MANAGE_DEVICE_POLICY_ENABLED)
		public static final String CONTENT_PROTECTION_POLICY = "contentProtection";

		/**
		* String identifier for {@link DevicePolicyManager#setAppFunctionsPolicy(int)}.
		*/
		@FlaggedApi(Flags.FLAG_ENABLE_APP_FUNCTION_MANAGER)
		public static final String APP_FUNCTIONS_POLICY = "appFunctions";

		/**
		* String identifier for {@link DevicePolicyManager#setUsbDataSignalingEnabled}.
		*/

core/java/android/app/admin/DevicePolicyManager.java

+58 −1

Original line number	Diff line number	Diff line
		@@ -23,6 +23,7 @@ import static android.Manifest.permission.LOCK_DEVICE;
		import static android.Manifest.permission.MANAGE_DEVICE_ADMINS;
		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT;
		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL;
		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_APP_FUNCTIONS;
		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_CAMERA;
		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_CERTIFICATES;
		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE;
		@@ -3931,6 +3932,11 @@ public class DevicePolicyManager {
		@FlaggedApi(android.view.contentprotection.flags.Flags.FLAG_MANAGE_DEVICE_POLICY_ENABLED)
		public static final int OPERATION_SET_CONTENT_PROTECTION_POLICY = 41;

		/** @hide */
		@TestApi
		@FlaggedApi(android.app.appfunctions.flags.Flags.FLAG_ENABLE_APP_FUNCTION_MANAGER)
		public static final int OPERATION_SET_APP_FUNCTIONS_POLICY = 42;

		private static final String PREFIX_OPERATION = "OPERATION_";

		/** @hide */
		@@ -3975,7 +3981,8 @@ public class DevicePolicyManager {
		OPERATION_SET_PERMISSION_POLICY,
		OPERATION_SET_RESTRICTIONS_PROVIDER,
		OPERATION_UNINSTALL_CA_CERT,
		OPERATION_SET_CONTENT_PROTECTION_POLICY
		OPERATION_SET_CONTENT_PROTECTION_POLICY,
		OPERATION_SET_APP_FUNCTIONS_POLICY
		})
		@Retention(RetentionPolicy.SOURCE)
		public static @interface DevicePolicyOperation {
		@@ -4380,6 +4387,56 @@ public class DevicePolicyManager {
		@Retention(RetentionPolicy.SOURCE)
		public @interface AppFunctionsPolicy {}

		/**
		* Sets the app functions policy which controls app functions operations on the device.
		*
		* <p>This function can only be called by a device owner, a profile owner or holders of the
		* permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_APP_FUNCTIONS}.
		*
		* @param policy The app functions policy to set. One of {@link
		* #APP_FUNCTIONS_NOT_CONTROLLED_BY_POLICY},
		* {@link #APP_FUNCTIONS_DISABLED} or
		* {@link #APP_FUNCTIONS_DISABLED_CROSS_PROFILE}
		* @throws SecurityException if caller is not a device owner, a profile owner or a holder
		* of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_APP_FUNCTIONS}.
		*/
		@RequiresPermission(value = MANAGE_DEVICE_POLICY_APP_FUNCTIONS, conditional = true)
		@FlaggedApi(android.app.appfunctions.flags.Flags.FLAG_ENABLE_APP_FUNCTION_MANAGER)
		public void setAppFunctionsPolicy(@AppFunctionsPolicy int policy) {
		throwIfParentInstance("setAppFunctionsPolicy");
		if (mService != null) {
		try {
		mService.setAppFunctionsPolicy(mContext.getPackageName(), policy);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}
		}

		/**
		* Returns the current app functions policy.
		*
		* <p>The returned policy will be the current resolved policy rather than the policy set by the
		* calling admin.
		*
		* @throws SecurityException if caller is not a device owner, a profile owner or a holder
		* of the permission {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_APP_FUNCTIONS}.
		*/
		@RequiresPermission(value = MANAGE_DEVICE_POLICY_APP_FUNCTIONS, conditional = true)
		@FlaggedApi(android.app.appfunctions.flags.Flags.FLAG_ENABLE_APP_FUNCTION_MANAGER)
		public @AppFunctionsPolicy int getAppFunctionsPolicy() {
		throwIfParentInstance("getAppFunctionsPolicy");
		if (mService != null) {
		try {
		return mService.getAppFunctionsPolicy(mContext.getPackageName(),
		myUserId());
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}
		return APP_FUNCTIONS_NOT_CONTROLLED_BY_POLICY;
		}

		/**
		* This object is a single place to tack on invalidation and disable calls. All
		* binder caches in this class derive from this Config, so all can be invalidated or

core/java/android/app/admin/IDevicePolicyManager.aidl

+3 −0

Original line number	Diff line number	Diff line
		@@ -644,4 +644,7 @@ interface IDevicePolicyManager {
		int getPolicySizeForAdmin(String callerPackageName, in EnforcingAdmin admin);

		int getHeadlessDeviceOwnerMode(String callerPackageName);

		void setAppFunctionsPolicy(String callerPackageName, int policy);
		int getAppFunctionsPolicy(String callerPackageName, int userId);
		}