am 2c3886cb: Merge "Fix admin policies in managed profiles" into lmp-dev

* commit '2c3886cb3463ff39c1986c5b85eba79748dd8c24': Fix admin policies in managed profiles
2014-10-15 17:49:19 +00:00
parent 203ed4db96 2c3886cb34
commit 01ddc75fc1
2 changed files with 7 additions and 9 deletions
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -1341,7 +1341,7 @@ public class DevicePolicyManager {
     * {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call
     * this method; if it has not, a security exception will be thrown.
     *
-     * Can not be called from a managed profile.
+     * <p>Calling this from a managed profile will throw a security exception.
     *
     * @param password The new password for the user.
     * @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}.
@@ -1887,8 +1887,8 @@ public class DevicePolicyManager {

    /**
     * Called by an application that is administering the device to disable all cameras
-     * on the device.  After setting this, no applications will be able to access any cameras
-     * on the device.
+     * on the device, for this user. After setting this, no applications running as this user
+     * will be able to access any cameras on the device.
     *
     * <p>The calling device admin must have requested
     * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call
@@ -1908,8 +1908,8 @@ public class DevicePolicyManager {
    }

    /**
-     * Determine whether or not the device's cameras have been disabled either by the current
-     * admin, if specified, or all admins.
+     * Determine whether or not the device's cameras have been disabled for this user,
+     * either by the current admin, if specified, or all admins.
     * @param admin The name of the admin component to check, or null to check if any admins
     * have disabled the camera
     */
@@ -2018,6 +2018,8 @@ public class DevicePolicyManager {
     * {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call
     * this method; if it has not, a security exception will be thrown.
     *
+     * <p>Calling this from a managed profile will throw a security exception.
+     *
     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
     * @param which {@link #KEYGUARD_DISABLE_FEATURES_NONE} (default),
     * {@link #KEYGUARD_DISABLE_WIDGETS_ALL}, {@link #KEYGUARD_DISABLE_SECURE_CAMERA},
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2924,9 +2924,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
            return;
        }
        enforceCrossUserPermission(userHandle);
-        if ((flags & DevicePolicyManager.WIPE_EXTERNAL_STORAGE) != 0) {
-            enforceNotManagedProfile(userHandle, "wipe external storage");
-        }
        synchronized (this) {
            // This API can only be called by an active device admin,
            // so try to retrieve it to check that the caller is one.
@@ -3526,7 +3523,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
            return;
        }
        enforceCrossUserPermission(userHandle);
-        enforceNotManagedProfile(userHandle, "enable/disable cameras");
        synchronized (this) {
            if (who == null) {
                throw new NullPointerException("ComponentName is null");