Loading api/system-current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -75,6 +75,7 @@ package android { field public static final java.lang.String GET_PROCESS_STATE_AND_OOM_SCORE = "android.permission.GET_PROCESS_STATE_AND_OOM_SCORE"; field public static final java.lang.String GET_TOP_ACTIVITY_INFO = "android.permission.GET_TOP_ACTIVITY_INFO"; field public static final java.lang.String GLOBAL_SEARCH = "android.permission.GLOBAL_SEARCH"; field public static final java.lang.String GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS = "android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS"; field public static final java.lang.String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS"; field public static final java.lang.String HARDWARE_TEST = "android.permission.HARDWARE_TEST"; field public static final java.lang.String HDMI_CEC = "android.permission.HDMI_CEC"; Loading Loading @@ -586,6 +587,7 @@ package android.app.admin { method public boolean packageHasActiveAdmins(java.lang.String); method public deprecated boolean setActiveProfileOwner(android.content.ComponentName, java.lang.String) throws java.lang.IllegalArgumentException; method public void setDeviceProvisioningConfigApplied(); method public void setProfileOwnerCanAccessDeviceIdsForUser(android.content.ComponentName, android.os.UserHandle); field public static final java.lang.String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED"; field public static final java.lang.String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED"; field public static final java.lang.String ACTION_PROVISION_FINALIZATION = "android.app.action.PROVISION_FINALIZATION"; Loading cmds/dpm/src/com/android/commands/dpm/Dpm.java +16 −1 Original line number Diff line number Diff line Loading @@ -48,6 +48,8 @@ public final class Dpm extends BaseCommand { private static final String COMMAND_CLEAR_FREEZE_PERIOD_RECORD = "clear-freeze-period-record"; private static final String COMMAND_FORCE_NETWORK_LOGS = "force-network-logs"; private static final String COMMAND_FORCE_SECURITY_LOGS = "force-security-logs"; private static final String COMMAND_GRANT_PO_DEVICE_ID_ACCESS = "grant-profile-owner-device-ids-access"; private IDevicePolicyManager mDevicePolicyManager; private int mUserId = UserHandle.USER_SYSTEM; Loading Loading @@ -89,7 +91,10 @@ public final class Dpm extends BaseCommand { "the DPC and triggers DeviceAdminReceiver.onNetworkLogsAvailable() if needed.\n" + "\n" + "dpm " + COMMAND_FORCE_SECURITY_LOGS + ": makes all security logs available to " + "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed."); "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed." + "\n" + "usage: dpm " + COMMAND_GRANT_PO_DEVICE_ID_ACCESS + ": " + "[ --user <USER_ID> | current ] <COMPONENT>\n"); } @Override Loading Loading @@ -124,6 +129,9 @@ public final class Dpm extends BaseCommand { case COMMAND_FORCE_SECURITY_LOGS: runForceSecurityLogs(); break; case COMMAND_GRANT_PO_DEVICE_ID_ACCESS: runGrantProfileOwnerDeviceIdsAccess(); break; default: throw new IllegalArgumentException ("unknown command '" + command + "'"); } Loading Loading @@ -242,6 +250,13 @@ public final class Dpm extends BaseCommand { System.out.println("Success"); } private void runGrantProfileOwnerDeviceIdsAccess() throws RemoteException { parseArgs(/*canHaveName=*/ false); mDevicePolicyManager.grantDeviceIdsAccessToProfileOwner(mComponent, mUserId); System.out.println("Success"); } private ComponentName parseComponentName(String component) { ComponentName cn = ComponentName.unflattenFromString(component); if (cn == null) { Loading core/java/android/app/admin/DevicePolicyManager.java +27 −1 Original line number Diff line number Diff line Loading @@ -9792,7 +9792,6 @@ public class DevicePolicyManager { } } /** * Sets the global Private DNS mode and host to be used. * May only be called by the device owner. Loading Loading @@ -9867,4 +9866,31 @@ public class DevicePolicyManager { throw re.rethrowFromSystemServer(); } } /** * Grants the profile owner of the given user access to device identifiers (such as * serial number, IMEI and MEID). * * <p>This lets the profile owner request inclusion of device identifiers when calling * {@link generateKeyPair}. * * <p>This grant is necessary to guarantee that profile owners can access device identifiers. * * <p>Privileged system API - meant to be called by the system, particularly the managed * provisioning app, when a work profile is set up. * * @hide */ @SystemApi public void setProfileOwnerCanAccessDeviceIdsForUser( @NonNull ComponentName who, @NonNull UserHandle userHandle) { if (mService == null) { return; } try { mService.grantDeviceIdsAccessToProfileOwner(who, userHandle.getIdentifier()); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } } core/java/android/app/admin/IDevicePolicyManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -417,4 +417,6 @@ interface IDevicePolicyManager { void setGlobalPrivateDns(in ComponentName admin, int mode, in String privateDnsHost); int getGlobalPrivateDnsMode(in ComponentName admin); String getGlobalPrivateDnsHost(in ComponentName admin); void grantDeviceIdsAccessToProfileOwner(in ComponentName who, int userId); } core/res/AndroidManifest.xml +7 −1 Original line number Diff line number Diff line Loading @@ -4203,6 +4203,12 @@ <permission android:name="android.permission.MANAGE_ACCESSIBILITY" android:protectionLevel="signature|setup" /> <!-- @SystemApi Allows an app to grant a profile owner access to device identifiers. <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS" android:protectionLevel="signature" /> <!-- Allows financial apps to read filtered sms messages. --> <permission android:name="android.permission.SMS_FINANCIAL_TRANSACTIONS" android:protectionLevel="signature|appop" /> Loading Loading
api/system-current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -75,6 +75,7 @@ package android { field public static final java.lang.String GET_PROCESS_STATE_AND_OOM_SCORE = "android.permission.GET_PROCESS_STATE_AND_OOM_SCORE"; field public static final java.lang.String GET_TOP_ACTIVITY_INFO = "android.permission.GET_TOP_ACTIVITY_INFO"; field public static final java.lang.String GLOBAL_SEARCH = "android.permission.GLOBAL_SEARCH"; field public static final java.lang.String GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS = "android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS"; field public static final java.lang.String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS"; field public static final java.lang.String HARDWARE_TEST = "android.permission.HARDWARE_TEST"; field public static final java.lang.String HDMI_CEC = "android.permission.HDMI_CEC"; Loading Loading @@ -586,6 +587,7 @@ package android.app.admin { method public boolean packageHasActiveAdmins(java.lang.String); method public deprecated boolean setActiveProfileOwner(android.content.ComponentName, java.lang.String) throws java.lang.IllegalArgumentException; method public void setDeviceProvisioningConfigApplied(); method public void setProfileOwnerCanAccessDeviceIdsForUser(android.content.ComponentName, android.os.UserHandle); field public static final java.lang.String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED"; field public static final java.lang.String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED"; field public static final java.lang.String ACTION_PROVISION_FINALIZATION = "android.app.action.PROVISION_FINALIZATION"; Loading
cmds/dpm/src/com/android/commands/dpm/Dpm.java +16 −1 Original line number Diff line number Diff line Loading @@ -48,6 +48,8 @@ public final class Dpm extends BaseCommand { private static final String COMMAND_CLEAR_FREEZE_PERIOD_RECORD = "clear-freeze-period-record"; private static final String COMMAND_FORCE_NETWORK_LOGS = "force-network-logs"; private static final String COMMAND_FORCE_SECURITY_LOGS = "force-security-logs"; private static final String COMMAND_GRANT_PO_DEVICE_ID_ACCESS = "grant-profile-owner-device-ids-access"; private IDevicePolicyManager mDevicePolicyManager; private int mUserId = UserHandle.USER_SYSTEM; Loading Loading @@ -89,7 +91,10 @@ public final class Dpm extends BaseCommand { "the DPC and triggers DeviceAdminReceiver.onNetworkLogsAvailable() if needed.\n" + "\n" + "dpm " + COMMAND_FORCE_SECURITY_LOGS + ": makes all security logs available to " + "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed."); "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed." + "\n" + "usage: dpm " + COMMAND_GRANT_PO_DEVICE_ID_ACCESS + ": " + "[ --user <USER_ID> | current ] <COMPONENT>\n"); } @Override Loading Loading @@ -124,6 +129,9 @@ public final class Dpm extends BaseCommand { case COMMAND_FORCE_SECURITY_LOGS: runForceSecurityLogs(); break; case COMMAND_GRANT_PO_DEVICE_ID_ACCESS: runGrantProfileOwnerDeviceIdsAccess(); break; default: throw new IllegalArgumentException ("unknown command '" + command + "'"); } Loading Loading @@ -242,6 +250,13 @@ public final class Dpm extends BaseCommand { System.out.println("Success"); } private void runGrantProfileOwnerDeviceIdsAccess() throws RemoteException { parseArgs(/*canHaveName=*/ false); mDevicePolicyManager.grantDeviceIdsAccessToProfileOwner(mComponent, mUserId); System.out.println("Success"); } private ComponentName parseComponentName(String component) { ComponentName cn = ComponentName.unflattenFromString(component); if (cn == null) { Loading
core/java/android/app/admin/DevicePolicyManager.java +27 −1 Original line number Diff line number Diff line Loading @@ -9792,7 +9792,6 @@ public class DevicePolicyManager { } } /** * Sets the global Private DNS mode and host to be used. * May only be called by the device owner. Loading Loading @@ -9867,4 +9866,31 @@ public class DevicePolicyManager { throw re.rethrowFromSystemServer(); } } /** * Grants the profile owner of the given user access to device identifiers (such as * serial number, IMEI and MEID). * * <p>This lets the profile owner request inclusion of device identifiers when calling * {@link generateKeyPair}. * * <p>This grant is necessary to guarantee that profile owners can access device identifiers. * * <p>Privileged system API - meant to be called by the system, particularly the managed * provisioning app, when a work profile is set up. * * @hide */ @SystemApi public void setProfileOwnerCanAccessDeviceIdsForUser( @NonNull ComponentName who, @NonNull UserHandle userHandle) { if (mService == null) { return; } try { mService.grantDeviceIdsAccessToProfileOwner(who, userHandle.getIdentifier()); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } }
core/java/android/app/admin/IDevicePolicyManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -417,4 +417,6 @@ interface IDevicePolicyManager { void setGlobalPrivateDns(in ComponentName admin, int mode, in String privateDnsHost); int getGlobalPrivateDnsMode(in ComponentName admin); String getGlobalPrivateDnsHost(in ComponentName admin); void grantDeviceIdsAccessToProfileOwner(in ComponentName who, int userId); }
core/res/AndroidManifest.xml +7 −1 Original line number Diff line number Diff line Loading @@ -4203,6 +4203,12 @@ <permission android:name="android.permission.MANAGE_ACCESSIBILITY" android:protectionLevel="signature|setup" /> <!-- @SystemApi Allows an app to grant a profile owner access to device identifiers. <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS" android:protectionLevel="signature" /> <!-- Allows financial apps to read filtered sms messages. --> <permission android:name="android.permission.SMS_FINANCIAL_TRANSACTIONS" android:protectionLevel="signature|appop" /> Loading
