Loading core/java/android/app/admin/DevicePolicyManager.java +17 −0 Original line number Diff line number Diff line Loading @@ -11990,4 +11990,21 @@ public class DevicePolicyManager { } return 0; } /** * Returns {@code true} when {@code userId} has a profile owner that is capable of resetting * password in RUNNING_LOCKED state. For that it should have at least one direct boot aware * component and have an active password reset token. Can only be called by the system. * @hide */ public boolean canProfileOwnerResetPasswordWhenLocked(int userId) { if (mService != null) { try { return mService.canProfileOwnerResetPasswordWhenLocked(userId); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } return false; } } core/java/android/app/admin/IDevicePolicyManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -478,4 +478,5 @@ interface IDevicePolicyManager { long getManagedProfileMaximumTimeOff(in ComponentName admin); void setManagedProfileMaximumTimeOff(in ComponentName admin, long timeoutMs); boolean canProfileOwnerResetPasswordWhenLocked(in int userId); } core/java/android/os/UserManager.java +15 −3 Original line number Diff line number Diff line Loading @@ -33,8 +33,8 @@ import android.annotation.UserIdInt; import android.annotation.WorkerThread; import android.app.Activity; import android.app.ActivityManager; import android.app.admin.DevicePolicyManager; import android.app.PropertyInvalidatedCache; import android.app.admin.DevicePolicyManager; import android.compat.annotation.UnsupportedAppUsage; import android.content.ComponentName; import android.content.Context; Loading Loading @@ -150,13 +150,24 @@ public class UserManager { */ public static final int QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED = 0x1; /** * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode without * asking for credentials. This is used when managed profile password is forgotten. It starts * the user in locked state so that a direct boot aware DPC could reset the password. * Should not be used together with * {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED} or an exception will be thrown. * @hide */ public static final int QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL = 0x2; /** * List of flags available for the {@link #requestQuietModeEnabled} method. * @hide */ @Retention(RetentionPolicy.SOURCE) @IntDef(flag = true, prefix = { "QUIET_MODE_" }, value = { QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED }) QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED, QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL}) public @interface QuietModeFlag {} /** Loading Loading @@ -3521,12 +3532,13 @@ public class UserManager { boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target) { return requestQuietModeEnabled(enableQuietMode, userHandle, target, 0); } /** * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify * a target to start when user is unlocked. If {@code target} is specified, caller must have * the {@link android.Manifest.permission#MANAGE_USERS} permission. * * @see {@link #requestQuietModeEnabled(boolean, UserHandle)} * @see #requestQuietModeEnabled(boolean, UserHandle) * @hide */ public boolean requestQuietModeEnabled( Loading services/core/java/com/android/server/pm/UserManagerService.java +20 −7 Original line number Diff line number Diff line Loading @@ -437,7 +437,7 @@ public class UserManagerService extends IUserManager.Stub { /** * Start an {@link IntentSender} when user is unlocked after disabling quiet mode. * * @see {@link #requestQuietModeEnabled(String, boolean, int, IntentSender)} * @see #requestQuietModeEnabled(String, boolean, int, IntentSender, int) */ private class DisableQuietModeUserUnlockedCallback extends IProgressListener.Stub { private final IntentSender mTarget; Loading Loading @@ -967,7 +967,16 @@ public class UserManagerService extends IUserManager.Stub { "target should only be specified when we are disabling quiet mode."); } ensureCanModifyQuietMode(callingPackage, Binder.getCallingUid(), userId, target != null); final boolean dontAskCredential = (flags & UserManager.QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL) != 0; final boolean onlyIfCredentialNotRequired = (flags & UserManager.QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED) != 0; if (dontAskCredential && onlyIfCredentialNotRequired) { throw new IllegalArgumentException("invalid flags: " + flags); } ensureCanModifyQuietMode( callingPackage, Binder.getCallingUid(), userId, target != null, dontAskCredential); final long identity = Binder.clearCallingIdentity(); try { if (enableQuietMode) { Loading @@ -976,11 +985,11 @@ public class UserManagerService extends IUserManager.Stub { return true; } mLockPatternUtils.tryUnlockWithCachedUnifiedChallenge(userId); boolean needToShowConfirmCredential = mLockPatternUtils.isSecure(userId) final boolean needToShowConfirmCredential = !dontAskCredential && mLockPatternUtils.isSecure(userId) && !StorageManager.isUserKeyUnlocked(userId); if (needToShowConfirmCredential) { if ((flags & UserManager.QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED) != 0) { if (onlyIfCredentialNotRequired) { return false; } showConfirmCredentialToDisableQuietMode(userId, target); Loading @@ -1007,7 +1016,7 @@ public class UserManagerService extends IUserManager.Stub { * {@link Manifest.permission#MANAGE_USERS}. */ private void ensureCanModifyQuietMode(String callingPackage, int callingUid, @UserIdInt int targetUserId, boolean startIntent) { @UserIdInt int targetUserId, boolean startIntent, boolean dontAskCredential) { if (hasManageUsersPermission()) { return; } Loading @@ -1015,6 +1024,10 @@ public class UserManagerService extends IUserManager.Stub { throw new SecurityException("MANAGE_USERS permission is required to start intent " + "after disabling quiet mode."); } if (dontAskCredential) { throw new SecurityException("MANAGE_USERS permission is required to disable quiet " + "mode without credentials."); } if (!isSameProfileGroupNoChecks(UserHandle.getUserId(callingUid), targetUserId)) { throw new SecurityException("MANAGE_USERS permission is required to modify quiet mode " + "for a different profile group."); Loading services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +4 −0 Original line number Diff line number Diff line Loading @@ -82,4 +82,8 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { public long getManagedProfileMaximumTimeOff(ComponentName admin) { return 0; } public boolean canProfileOwnerResetPasswordWhenLocked(int userId) { return false; } } Loading
core/java/android/app/admin/DevicePolicyManager.java +17 −0 Original line number Diff line number Diff line Loading @@ -11990,4 +11990,21 @@ public class DevicePolicyManager { } return 0; } /** * Returns {@code true} when {@code userId} has a profile owner that is capable of resetting * password in RUNNING_LOCKED state. For that it should have at least one direct boot aware * component and have an active password reset token. Can only be called by the system. * @hide */ public boolean canProfileOwnerResetPasswordWhenLocked(int userId) { if (mService != null) { try { return mService.canProfileOwnerResetPasswordWhenLocked(userId); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } return false; } }
core/java/android/app/admin/IDevicePolicyManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -478,4 +478,5 @@ interface IDevicePolicyManager { long getManagedProfileMaximumTimeOff(in ComponentName admin); void setManagedProfileMaximumTimeOff(in ComponentName admin, long timeoutMs); boolean canProfileOwnerResetPasswordWhenLocked(in int userId); }
core/java/android/os/UserManager.java +15 −3 Original line number Diff line number Diff line Loading @@ -33,8 +33,8 @@ import android.annotation.UserIdInt; import android.annotation.WorkerThread; import android.app.Activity; import android.app.ActivityManager; import android.app.admin.DevicePolicyManager; import android.app.PropertyInvalidatedCache; import android.app.admin.DevicePolicyManager; import android.compat.annotation.UnsupportedAppUsage; import android.content.ComponentName; import android.content.Context; Loading Loading @@ -150,13 +150,24 @@ public class UserManager { */ public static final int QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED = 0x1; /** * Flag passed to {@link #requestQuietModeEnabled} to request disabling quiet mode without * asking for credentials. This is used when managed profile password is forgotten. It starts * the user in locked state so that a direct boot aware DPC could reset the password. * Should not be used together with * {@link #QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED} or an exception will be thrown. * @hide */ public static final int QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL = 0x2; /** * List of flags available for the {@link #requestQuietModeEnabled} method. * @hide */ @Retention(RetentionPolicy.SOURCE) @IntDef(flag = true, prefix = { "QUIET_MODE_" }, value = { QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED }) QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED, QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL}) public @interface QuietModeFlag {} /** Loading Loading @@ -3521,12 +3532,13 @@ public class UserManager { boolean enableQuietMode, @NonNull UserHandle userHandle, IntentSender target) { return requestQuietModeEnabled(enableQuietMode, userHandle, target, 0); } /** * Similar to {@link #requestQuietModeEnabled(boolean, UserHandle)}, except you can specify * a target to start when user is unlocked. If {@code target} is specified, caller must have * the {@link android.Manifest.permission#MANAGE_USERS} permission. * * @see {@link #requestQuietModeEnabled(boolean, UserHandle)} * @see #requestQuietModeEnabled(boolean, UserHandle) * @hide */ public boolean requestQuietModeEnabled( Loading
services/core/java/com/android/server/pm/UserManagerService.java +20 −7 Original line number Diff line number Diff line Loading @@ -437,7 +437,7 @@ public class UserManagerService extends IUserManager.Stub { /** * Start an {@link IntentSender} when user is unlocked after disabling quiet mode. * * @see {@link #requestQuietModeEnabled(String, boolean, int, IntentSender)} * @see #requestQuietModeEnabled(String, boolean, int, IntentSender, int) */ private class DisableQuietModeUserUnlockedCallback extends IProgressListener.Stub { private final IntentSender mTarget; Loading Loading @@ -967,7 +967,16 @@ public class UserManagerService extends IUserManager.Stub { "target should only be specified when we are disabling quiet mode."); } ensureCanModifyQuietMode(callingPackage, Binder.getCallingUid(), userId, target != null); final boolean dontAskCredential = (flags & UserManager.QUIET_MODE_DISABLE_DONT_ASK_CREDENTIAL) != 0; final boolean onlyIfCredentialNotRequired = (flags & UserManager.QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED) != 0; if (dontAskCredential && onlyIfCredentialNotRequired) { throw new IllegalArgumentException("invalid flags: " + flags); } ensureCanModifyQuietMode( callingPackage, Binder.getCallingUid(), userId, target != null, dontAskCredential); final long identity = Binder.clearCallingIdentity(); try { if (enableQuietMode) { Loading @@ -976,11 +985,11 @@ public class UserManagerService extends IUserManager.Stub { return true; } mLockPatternUtils.tryUnlockWithCachedUnifiedChallenge(userId); boolean needToShowConfirmCredential = mLockPatternUtils.isSecure(userId) final boolean needToShowConfirmCredential = !dontAskCredential && mLockPatternUtils.isSecure(userId) && !StorageManager.isUserKeyUnlocked(userId); if (needToShowConfirmCredential) { if ((flags & UserManager.QUIET_MODE_DISABLE_ONLY_IF_CREDENTIAL_NOT_REQUIRED) != 0) { if (onlyIfCredentialNotRequired) { return false; } showConfirmCredentialToDisableQuietMode(userId, target); Loading @@ -1007,7 +1016,7 @@ public class UserManagerService extends IUserManager.Stub { * {@link Manifest.permission#MANAGE_USERS}. */ private void ensureCanModifyQuietMode(String callingPackage, int callingUid, @UserIdInt int targetUserId, boolean startIntent) { @UserIdInt int targetUserId, boolean startIntent, boolean dontAskCredential) { if (hasManageUsersPermission()) { return; } Loading @@ -1015,6 +1024,10 @@ public class UserManagerService extends IUserManager.Stub { throw new SecurityException("MANAGE_USERS permission is required to start intent " + "after disabling quiet mode."); } if (dontAskCredential) { throw new SecurityException("MANAGE_USERS permission is required to disable quiet " + "mode without credentials."); } if (!isSameProfileGroupNoChecks(UserHandle.getUserId(callingUid), targetUserId)) { throw new SecurityException("MANAGE_USERS permission is required to modify quiet mode " + "for a different profile group."); Loading
services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +4 −0 Original line number Diff line number Diff line Loading @@ -82,4 +82,8 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { public long getManagedProfileMaximumTimeOff(ComponentName admin) { return 0; } public boolean canProfileOwnerResetPasswordWhenLocked(int userId) { return false; } }
