Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f1dae63d authored by Samiul Islam's avatar Samiul Islam
Browse files

Annotate System Manager classes that are restricted in SdkSandbox 3/n 

These manager classes are inaccessible from SdkSandbox due to selinux
policies added back in Android U. Currently, developers trying to access
these managers/api will receive runtime error and crash, if they don't
handle the RTE properly.

To help developers understand if an API is available to the environment
they are running from, we are annotating these managers with the new
@RestrictedForEnvironment annotation.

This is a documentation enhancement feature. We are not adding any new
restriction. We are only highlighting the ALREADY existing restrictions
to users.

The annotation will be used to:
    - Update the javadoc in developer site.
    - Add lint support in IDE.

The annotation cannot be flag guarded (see flag stanza below). This
should still be safe since it's a documentation only change.

Bug: 325606627
Test: atest SdkSandboxSystemServiceRestrictionsTests
Flag: EXEMPT RestrictedForEnvironment makes javadoc changes which cannot
      be disabled with flag. See b/396346859#comment11.
Change-Id: I23a055a6f506782d52742a12168b170e49fb4e8d
parent 44208c12

core/api/current.txt

+3 −3
Original line number Diff line number Diff line
@@ -8282,7 +8282,7 @@ package android.app.admin { 
    field public static final String USER_CONTROL_DISABLED_PACKAGES_POLICY = "userControlDisabledPackages";

  }













  public class DevicePolicyManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public class DevicePolicyManager {















    method public void acknowledgeDeviceCompliant();















    method @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_PROFILE_INTERACTION, conditional=true) public void addCrossProfileIntentFilter(@Nullable android.content.ComponentName, android.content.IntentFilter, int);















    method @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_PROFILE_INTERACTION, conditional=true) public boolean addCrossProfileWidgetProvider(@Nullable android.content.ComponentName, String);










@@ -9742,7 +9742,7 @@ package android.app.people {













    method @NonNull public android.app.people.ConversationStatus.Builder setStartTimeMillis(long);















  }



























  public final class PeopleManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public final class PeopleManager {















    method public void addOrUpdateStatus(@NonNull String, @NonNull android.app.people.ConversationStatus);















    method public void clearStatus(@NonNull String, @NonNull String);















    method public void clearStatuses(@NonNull String);










@@ -40808,7 +40808,7 @@ package android.security {













    method public android.security.ConfirmationPrompt.Builder setPromptText(CharSequence);















  }



























  public final class FileIntegrityManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public final class FileIntegrityManager {















    method public boolean isApkVeritySupported();















    method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;















  }

























core/api/module-lib-current.txt



+1
−1




























Original line number
Diff line number
Diff line








@@ -75,7 +75,7 @@ package android.app {





























package android.app.admin {





























  public class DevicePolicyManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public class DevicePolicyManager {















    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}) public void acknowledgeNewUserDisclaimer();















    method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}) public android.os.UserHandle getLogoutUser();















    method public boolean hasManagedProfileCallerIdAccess(@NonNull android.os.UserHandle, @NonNull String);

































core/api/system-current.txt



+3
−3




























Original line number
Diff line number
Diff line








@@ -1359,7 +1359,7 @@ package android.app.admin {













    method @Nullable public android.view.SurfaceControlViewHost.SurfacePackage onCreateKeyguardSurface(@NonNull android.os.IBinder);















  }



























  public class DevicePolicyManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public class DevicePolicyManager {















    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public int checkProvisioningPrecondition(@NonNull String, @NonNull String);















    method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void clearAuditLogEventCallback();















    method @Deprecated @FlaggedApi("android.app.admin.flags.split_create_managed_profile_enabled") @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public android.os.UserHandle createAndProvisionManagedProfile(@NonNull android.app.admin.ManagedProfileProvisioningParams) throws android.app.admin.ProvisioningException;










@@ -2309,7 +2309,7 @@ package android.app.job {



























package android.app.people {



























  public final class PeopleManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public final class PeopleManager {















    method @RequiresPermission(android.Manifest.permission.READ_PEOPLE_DATA) public boolean isConversation(@NonNull String, @NonNull String);















  }
























@@ -12910,7 +12910,7 @@ package android.se.omapi {



























package android.security {



























  public final class FileIntegrityManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public final class FileIntegrityManager {















    method @FlaggedApi("android.security.fsverity_api") @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException;















    method @FlaggedApi("android.security.fsverity_api") public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException;















  }

























core/api/test-current.txt



+1
−1




























Original line number
Diff line number
Diff line








@@ -585,7 +585,7 @@ package android.app.admin {













    field public static final String SCREEN_CAPTURE_DISABLED_POLICY = "screenCaptureDisabled";















  }





























  public class DevicePolicyManager {













  @RestrictedForEnvironment(environments=android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME, from=android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE) public class DevicePolicyManager {















    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}) public void acknowledgeNewUserDisclaimer();















    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void calculateHasIncompatibleAccounts();















    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void clearOrganizationId();

































core/java/android/app/admin/DevicePolicyManager.java



+4
−0




























Original line number
Diff line number
Diff line








@@ -55,6 +55,7 @@ import static android.Manifest.permission.QUERY_DEVICE_STOLEN_STATE;













import static android.Manifest.permission.REQUEST_PASSWORD_COMPLEXITY;















import static android.Manifest.permission.SET_TIME;















import static android.Manifest.permission.SET_TIME_ZONE;













import static android.annotation.RestrictedForEnvironment.ENVIRONMENT_SDK_RUNTIME;















import static android.app.admin.DeviceAdminInfo.HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED;















import static android.app.admin.flags.Flags.FLAG_DEVICE_THEFT_API_ENABLED;















import static android.app.admin.flags.Flags.FLAG_REMOVE_MANAGED_PROFILE_ENABLED;









@@ -78,6 +79,7 @@ import android.annotation.NonNull;













import android.annotation.Nullable;















import android.annotation.RequiresFeature;















import android.annotation.RequiresPermission;













import android.annotation.RestrictedForEnvironment;















import android.annotation.SdkConstant;















import android.annotation.SdkConstant.SdkConstantType;















import android.annotation.StringDef;










@@ -315,6 +317,8 @@ import java.util.function.Consumer;













 * "Android Automotive builds"} should always check for this exception.















 */



























@RestrictedForEnvironment(













        environments = ENVIRONMENT_SDK_RUNTIME, from = Build.VERSION_CODES.UPSIDE_DOWN_CAKE)















@SystemService(Context.DEVICE_POLICY_SERVICE)















@RequiresFeature(PackageManager.FEATURE_DEVICE_ADMIN)















public class DevicePolicyManager {