Merge "Disable "Developer options" by default for managed profiles." into main (f2229050) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -309,7 +309,8 @@ public class UserRestrictionsUtils {
		* in settings. So it is handled separately.
		*/
		private static final Set<String> DEFAULT_ENABLED_FOR_MANAGED_PROFILES = Sets.newArraySet(
		UserManager.DISALLOW_BLUETOOTH_SHARING
		UserManager.DISALLOW_BLUETOOTH_SHARING,
		UserManager.DISALLOW_DEBUGGING_FEATURES
		);

		/**

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+23 −11

Original line number	Diff line number	Diff line
		@@ -2723,16 +2723,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}
		}

		/**
		* Apply default restrictions that haven't been applied to a given admin yet.
		*/
		/** Apply default restrictions that haven't been applied to a given admin yet. */
		private void maybeSetDefaultRestrictionsForAdminLocked(int userId, ActiveAdmin admin) {
		Set<String> defaultRestrictions =
		UserRestrictionsUtils.getDefaultEnabledForManagedProfiles();
		if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) {
		Set<String> newDefaultRestrictions = new HashSet(
		UserRestrictionsUtils.getDefaultEnabledForManagedProfiles());
		newDefaultRestrictions.removeAll(admin.defaultEnabledRestrictionsAlreadySet);
		if (newDefaultRestrictions.isEmpty()) {
		return; // The same set of default restrictions has been already applied.
		}
		for (String restriction : defaultRestrictions) {

		for (String restriction : newDefaultRestrictions) {
		mDevicePolicyEngine.setLocalPolicy(
		PolicyDefinition.getPolicyDefinitionForUserRestriction(restriction),
		EnforcingAdmin.createEnterpriseEnforcingAdmin(
		@@ -2740,10 +2740,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		admin.getUserHandle().getIdentifier()),
		new BooleanPolicyValue(true),
		userId);
		admin.defaultEnabledRestrictionsAlreadySet.add(restriction);
		Slogf.i(LOG_TAG, "Enabled the following restriction by default: " + restriction);
		}
		admin.defaultEnabledRestrictionsAlreadySet.addAll(defaultRestrictions);
		Slogf.i(LOG_TAG, "Enabled the following restrictions by default: "
		+ defaultRestrictions);
		}

		private void maybeStartSecurityLogMonitorOnActivityManagerReady() {
		@@ -10282,7 +10281,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return false;
		}

		if (isAdb(caller)) {
		boolean isAdb = isAdb(caller);
		if (isAdb) {
		// Log profile owner provisioning was started using adb.
		MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER);
		DevicePolicyEventLogger
		@@ -10305,6 +10305,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin,
		true /* newOwner */);
		}
		if(isAdb) {
		// DISALLOW_DEBUGGING_FEATURES is being added to newly-created
		// work profile by default due to b/382064697 . This would have
		// impacted certain CTS test flows when they interact with the
		// work profile via ADB (for example installing an app into the
		// work profile). Remove DISALLOW_DEBUGGING_FEATURES here to
		// reduce the potential impact.
		setLocalUserRestrictionInternal(
		EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userHandle),
		UserManager.DISALLOW_DEBUGGING_FEATURES, false, userHandle);
		}

		sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
		userHandle);
		});