From bc33c8290f63731e8bd73ecd6f744e2733b15bf5 Mon Sep 17 00:00:00 2001 From: Benjamin Franz Date: Fri, 15 Apr 2016 08:57:52 +0100 Subject: [PATCH] Revert "Revert "Throw security exception for non-parent aware APIs"" This reverts commit a26c6265641543aef24245b84064b8f58de66c29. Bug: 27532279 Change-Id: I0c0394a8abf12e7382e7083a0b9d7f8385c3a63d --- .../app/admin/DevicePolicyManager.java | 132 +++++++++++++++++- 1 file changed, 129 insertions(+), 3 deletions(-) diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 269089e3a2627..7a18df6e4e447 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -1093,6 +1093,7 @@ public class DevicePolicyManager { * returned. */ public List getActiveAdmins() { + throwIfParentInstance("getActiveAdmins"); return getActiveAdminsAsUser(myUserId()); } @@ -1149,6 +1150,7 @@ public class DevicePolicyManager { * @throws SecurityException if the caller is not in the owner application of {@code admin}. */ public void removeActiveAdmin(@NonNull ComponentName admin) { + throwIfParentInstance("removeActiveAdmin"); if (mService != null) { try { mService.removeActiveAdmin(admin, myUserId()); @@ -1169,6 +1171,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not an active administrator. */ public boolean hasGrantedPolicy(@NonNull ComponentName admin, int usesPolicy) { + throwIfParentInstance("hasGrantedPolicy"); if (mService != null) { try { return mService.hasGrantedPolicy(admin, usesPolicy, myUserId()); @@ -2216,9 +2219,7 @@ public class DevicePolicyManager { * that uses {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} */ public boolean resetPassword(String password, int flags) { - if (mParentInstance) { - throw new SecurityException("Reset password does not work across profiles."); - } + throwIfParentInstance("resetPassword"); if (mService != null) { try { return mService.resetPassword(password, flags); @@ -2355,6 +2356,7 @@ public class DevicePolicyManager { * that uses {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA} */ public void wipeData(int flags) { + throwIfParentInstance("wipeData"); if (mService != null) { try { mService.wipeData(flags); @@ -2388,6 +2390,7 @@ public class DevicePolicyManager { */ public ComponentName setGlobalProxy(@NonNull ComponentName admin, Proxy proxySpec, List exclusionList ) { + throwIfParentInstance("setGlobalProxy"); if (proxySpec == null) { throw new NullPointerException(); } @@ -2453,6 +2456,7 @@ public class DevicePolicyManager { */ public void setRecommendedGlobalProxy(@NonNull ComponentName admin, @Nullable ProxyInfo proxyInfo) { + throwIfParentInstance("setRecommendedGlobalProxy"); if (mService != null) { try { mService.setRecommendedGlobalProxy(admin, proxyInfo); @@ -2603,6 +2607,7 @@ public class DevicePolicyManager { * {@link DeviceAdminInfo#USES_ENCRYPTED_STORAGE} */ public int setStorageEncryption(@NonNull ComponentName admin, boolean encrypt) { + throwIfParentInstance("setStorageEncryption"); if (mService != null) { try { return mService.setStorageEncryption(admin, encrypt); @@ -2623,6 +2628,7 @@ public class DevicePolicyManager { * @return true if the admin(s) are requesting encryption, false if not. */ public boolean getStorageEncryption(@Nullable ComponentName admin) { + throwIfParentInstance("getStorageEncryption"); if (mService != null) { try { return mService.getStorageEncryption(admin, myUserId()); @@ -2653,6 +2659,7 @@ public class DevicePolicyManager { * or {@link #ENCRYPTION_STATUS_ACTIVE}. */ public int getStorageEncryptionStatus() { + throwIfParentInstance("getStorageEncryptionStatus"); return getStorageEncryptionStatus(myUserId()); } @@ -2718,6 +2725,7 @@ public class DevicePolicyManager { * owner. */ public boolean installCaCert(@Nullable ComponentName admin, byte[] certBuffer) { + throwIfParentInstance("installCaCert"); if (mService != null) { try { return mService.installCaCert(admin, certBuffer); @@ -2738,6 +2746,7 @@ public class DevicePolicyManager { * owner. */ public void uninstallCaCert(@Nullable ComponentName admin, byte[] certBuffer) { + throwIfParentInstance("uninstallCaCert"); if (mService != null) { try { final String alias = getCaCertAlias(certBuffer); @@ -2763,6 +2772,7 @@ public class DevicePolicyManager { */ public List getInstalledCaCerts(@Nullable ComponentName admin) { List certs = new ArrayList(); + throwIfParentInstance("getInstalledCaCerts"); if (mService != null) { try { mService.enforceCanManageCaCerts(admin); @@ -2791,6 +2801,7 @@ public class DevicePolicyManager { * owner. */ public void uninstallAllUserCaCerts(@Nullable ComponentName admin) { + throwIfParentInstance("uninstallAllUserCaCerts"); if (mService != null) { try { mService.uninstallCaCerts(admin, new TrustedCertificateStore().userAliases() @@ -2811,6 +2822,7 @@ public class DevicePolicyManager { * owner. */ public boolean hasCaCertInstalled(@Nullable ComponentName admin, byte[] certBuffer) { + throwIfParentInstance("hasCaCertInstalled"); if (mService != null) { try { mService.enforceCanManageCaCerts(admin); @@ -2879,6 +2891,7 @@ public class DevicePolicyManager { */ public boolean installKeyPair(@Nullable ComponentName admin, @NonNull PrivateKey privKey, @NonNull Certificate[] certs, @NonNull String alias, boolean requestAccess) { + throwIfParentInstance("installKeyPair"); try { final byte[] pemCert = Credentials.convertToPem(certs[0]); byte[] pemChain = null; @@ -2911,6 +2924,7 @@ public class DevicePolicyManager { * owner. */ public boolean removeKeyPair(@Nullable ComponentName admin, @NonNull String alias) { + throwIfParentInstance("removeKeyPair"); try { return mService.removeKeyPair(admin, alias); } catch (RemoteException e) { @@ -2951,6 +2965,7 @@ public class DevicePolicyManager { */ public void setCertInstallerPackage(@NonNull ComponentName admin, @Nullable String installerPackage) throws SecurityException { + throwIfParentInstance("setCertInstallerPackage"); if (mService != null) { try { mService.setCertInstallerPackage(admin, installerPackage); @@ -2970,6 +2985,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or a profile owner. */ public String getCertInstallerPackage(@NonNull ComponentName admin) throws SecurityException { + throwIfParentInstance("getCertInstallerPackage"); if (mService != null) { try { return mService.getCertInstallerPackage(admin); @@ -3000,6 +3016,7 @@ public class DevicePolicyManager { */ public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage) throws NameNotFoundException, UnsupportedOperationException { + throwIfParentInstance("setAlwaysOnVpnPackage"); if (mService != null) { try { if (!mService.setAlwaysOnVpnPackage(admin, vpnPackage)) { @@ -3021,6 +3038,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or a profile owner. */ public String getAlwaysOnVpnPackage(@NonNull ComponentName admin) { + throwIfParentInstance("getAlwaysOnVpnPackage"); if (mService != null) { try { return mService.getAlwaysOnVpnPackage(admin); @@ -3048,6 +3066,7 @@ public class DevicePolicyManager { * {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA}. */ public void setCameraDisabled(@NonNull ComponentName admin, boolean disabled) { + throwIfParentInstance("setCameraDisabled"); if (mService != null) { try { mService.setCameraDisabled(admin, disabled); @@ -3064,6 +3083,7 @@ public class DevicePolicyManager { * have disabled the camera */ public boolean getCameraDisabled(@Nullable ComponentName admin) { + throwIfParentInstance("getCameraDisabled"); return getCameraDisabled(admin, myUserId()); } @@ -3093,6 +3113,7 @@ public class DevicePolicyManager { * than the one managed by the device owner. */ public boolean requestBugreport(@NonNull ComponentName admin) { + throwIfParentInstance("requestBugreport"); if (mService != null) { try { return mService.requestBugreport(admin); @@ -3131,6 +3152,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void setScreenCaptureDisabled(@NonNull ComponentName admin, boolean disabled) { + throwIfParentInstance("setScreenCaptureDisabled"); if (mService != null) { try { mService.setScreenCaptureDisabled(admin, disabled); @@ -3147,6 +3169,7 @@ public class DevicePolicyManager { * have disabled screen capture. */ public boolean getScreenCaptureDisabled(@Nullable ComponentName admin) { + throwIfParentInstance("getScreenCaptureDisabled"); return getScreenCaptureDisabled(admin, myUserId()); } @@ -3176,6 +3199,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public void setAutoTimeRequired(@NonNull ComponentName admin, boolean required) { + throwIfParentInstance("setAutoTimeRequired"); if (mService != null) { try { mService.setAutoTimeRequired(admin, required); @@ -3189,6 +3213,7 @@ public class DevicePolicyManager { * @return true if auto time is required. */ public boolean getAutoTimeRequired() { + throwIfParentInstance("getAutoTimeRequired"); if (mService != null) { try { return mService.getAutoTimeRequired(); @@ -3215,6 +3240,7 @@ public class DevicePolicyManager { */ public void setForceEphemeralUsers( @NonNull ComponentName admin, boolean forceEphemeralUsers) { + throwIfParentInstance("setForceEphemeralUsers"); if (mService != null) { try { mService.setForceEphemeralUsers(admin, forceEphemeralUsers); @@ -3230,6 +3256,7 @@ public class DevicePolicyManager { * @hide */ public boolean getForceEphemeralUsers(@NonNull ComponentName admin) { + throwIfParentInstance("getForceEphemeralUsers"); if (mService != null) { try { return mService.getForceEphemeralUsers(admin); @@ -3517,6 +3544,7 @@ public class DevicePolicyManager { * @return whether or not the package is registered as the device owner app. */ public boolean isDeviceOwnerApp(String packageName) { + throwIfParentInstance("isDeviceOwnerApp"); return isDeviceOwnerAppOnCallingUser(packageName); } @@ -3614,6 +3642,7 @@ public class DevicePolicyManager { * does not own the current device owner component. */ public void clearDeviceOwnerApp(String packageName) { + throwIfParentInstance("clearDeviceOwnerApp"); if (mService != null) { try { mService.clearDeviceOwner(packageName); @@ -3632,6 +3661,7 @@ public class DevicePolicyManager { */ @SystemApi public String getDeviceOwner() { + throwIfParentInstance("getDeviceOwner"); final ComponentName name = getDeviceOwnerComponentOnCallingUser(); return name != null ? name.getPackageName() : null; } @@ -3657,6 +3687,7 @@ public class DevicePolicyManager { */ @SystemApi public String getDeviceOwnerNameOnAnyUser() { + throwIfParentInstance("getDeviceOwnerNameOnAnyUser"); if (mService != null) { try { return mService.getDeviceOwnerName(); @@ -3708,6 +3739,7 @@ public class DevicePolicyManager { @SystemApi public boolean setActiveProfileOwner(@NonNull ComponentName admin, @Deprecated String ownerName) throws IllegalArgumentException { + throwIfParentInstance("setActiveProfileOwner"); if (mService != null) { try { final int myUserId = myUserId(); @@ -3731,6 +3763,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not an active profile owner. */ public void clearProfileOwner(@NonNull ComponentName admin) { + throwIfParentInstance("clearProfileOwner"); if (mService != null) { try { mService.clearProfileOwner(admin); @@ -3804,6 +3837,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public void setDeviceOwnerLockScreenInfo(@NonNull ComponentName admin, CharSequence info) { + throwIfParentInstance("setDeviceOwnerLockScreenInfo"); if (mService != null) { try { mService.setDeviceOwnerLockScreenInfo(admin, info); @@ -3817,6 +3851,7 @@ public class DevicePolicyManager { * @return The device owner information. If it is not set returns {@code null}. */ public CharSequence getDeviceOwnerLockScreenInfo() { + throwIfParentInstance("getDeviceOwnerLockScreenInfo"); if (mService != null) { try { return mService.getDeviceOwnerLockScreenInfo(); @@ -3848,6 +3883,7 @@ public class DevicePolicyManager { */ public String[] setPackagesSuspended(@NonNull ComponentName admin, String[] packageNames, boolean suspended) { + throwIfParentInstance("setPackagesSuspended"); if (mService != null) { try { return mService.setPackagesSuspended(admin, packageNames, suspended); @@ -3870,6 +3906,7 @@ public class DevicePolicyManager { */ public boolean isPackageSuspended(@NonNull ComponentName admin, String packageName) throws NameNotFoundException { + throwIfParentInstance("isPackageSuspended"); if (mService != null) { try { return mService.isPackageSuspended(admin, packageName); @@ -3891,6 +3928,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a profile owner. */ public void setProfileEnabled(@NonNull ComponentName admin) { + throwIfParentInstance("setProfileEnabled"); if (mService != null) { try { mService.setProfileEnabled(admin); @@ -3912,6 +3950,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void setProfileName(@NonNull ComponentName admin, String profileName) { + throwIfParentInstance("setProfileName"); if (mService != null) { try { mService.setProfileName(admin, profileName); @@ -3930,6 +3969,7 @@ public class DevicePolicyManager { * @return Whether or not the package is registered as the profile owner. */ public boolean isProfileOwnerApp(String packageName) { + throwIfParentInstance("isProfileOwnerApp"); if (mService != null) { try { ComponentName profileOwner = mService.getProfileOwner(myUserId()); @@ -3950,6 +3990,7 @@ public class DevicePolicyManager { */ @SystemApi public ComponentName getProfileOwner() throws IllegalArgumentException { + throwIfParentInstance("getProfileOwner"); return getProfileOwnerAsUser(Process.myUserHandle().getIdentifier()); } @@ -3994,6 +4035,7 @@ public class DevicePolicyManager { */ @SystemApi public String getProfileOwnerNameAsUser(int userId) throws IllegalArgumentException { + throwIfParentInstance("getProfileOwnerNameAsUser"); if (mService != null) { try { return mService.getProfileOwnerName(userId); @@ -4024,6 +4066,7 @@ public class DevicePolicyManager { */ public void addPersistentPreferredActivity(@NonNull ComponentName admin, IntentFilter filter, @NonNull ComponentName activity) { + throwIfParentInstance("addPersistentPreferredActivity"); if (mService != null) { try { mService.addPersistentPreferredActivity(admin, filter, activity); @@ -4046,6 +4089,7 @@ public class DevicePolicyManager { */ public void clearPackagePersistentPreferredActivities(@NonNull ComponentName admin, String packageName) { + throwIfParentInstance("clearPackagePersistentPreferredActivities"); if (mService != null) { try { mService.clearPackagePersistentPreferredActivities(admin, packageName); @@ -4074,6 +4118,7 @@ public class DevicePolicyManager { */ public void setApplicationRestrictionsManagingPackage(@NonNull ComponentName admin, @Nullable String packageName) throws NameNotFoundException { + throwIfParentInstance("setApplicationRestrictionsManagingPackage"); if (mService != null) { try { if (!mService.setApplicationRestrictionsManagingPackage(admin, packageName)) { @@ -4095,6 +4140,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public String getApplicationRestrictionsManagingPackage(@NonNull ComponentName admin) { + throwIfParentInstance("getApplicationRestrictionsManagingPackage"); if (mService != null) { try { return mService.getApplicationRestrictionsManagingPackage(admin); @@ -4114,6 +4160,7 @@ public class DevicePolicyManager { * that method. */ public boolean isCallerApplicationRestrictionsManagingPackage() { + throwIfParentInstance("isCallerApplicationRestrictionsManagingPackage"); if (mService != null) { try { return mService.isCallerApplicationRestrictionsManagingPackage(); @@ -4159,6 +4206,7 @@ public class DevicePolicyManager { */ public void setApplicationRestrictions(@Nullable ComponentName admin, String packageName, Bundle settings) { + throwIfParentInstance("setApplicationRestrictions"); if (mService != null) { try { mService.setApplicationRestrictions(admin, packageName, settings); @@ -4257,6 +4305,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void setCrossProfileCallerIdDisabled(@NonNull ComponentName admin, boolean disabled) { + throwIfParentInstance("setCrossProfileCallerIdDisabled"); if (mService != null) { try { mService.setCrossProfileCallerIdDisabled(admin, disabled); @@ -4277,6 +4326,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean getCrossProfileCallerIdDisabled(@NonNull ComponentName admin) { + throwIfParentInstance("getCrossProfileCallerIdDisabled"); if (mService != null) { try { return mService.getCrossProfileCallerIdDisabled(admin); @@ -4317,6 +4367,7 @@ public class DevicePolicyManager { */ public void setCrossProfileContactsSearchDisabled(@NonNull ComponentName admin, boolean disabled) { + throwIfParentInstance("setCrossProfileContactsSearchDisabled"); if (mService != null) { try { mService.setCrossProfileContactsSearchDisabled(admin, disabled); @@ -4337,6 +4388,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean getCrossProfileContactsSearchDisabled(@NonNull ComponentName admin) { + throwIfParentInstance("getCrossProfileContactsSearchDisabled"); if (mService != null) { try { return mService.getCrossProfileContactsSearchDisabled(admin); @@ -4407,6 +4459,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void setBluetoothContactSharingDisabled(@NonNull ComponentName admin, boolean disabled) { + throwIfParentInstance("setBluetoothContactSharingDisabled"); if (mService != null) { try { mService.setBluetoothContactSharingDisabled(admin, disabled); @@ -4429,6 +4482,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean getBluetoothContactSharingDisabled(@NonNull ComponentName admin) { + throwIfParentInstance("getBluetoothContactSharingDisabled"); if (mService != null) { try { return mService.getBluetoothContactSharingDisabled(admin); @@ -4472,6 +4526,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void addCrossProfileIntentFilter(@NonNull ComponentName admin, IntentFilter filter, int flags) { + throwIfParentInstance("addCrossProfileIntentFilter"); if (mService != null) { try { mService.addCrossProfileIntentFilter(admin, filter, flags); @@ -4490,6 +4545,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void clearCrossProfileIntentFilters(@NonNull ComponentName admin) { + throwIfParentInstance("clearCrossProfileIntentFilters"); if (mService != null) { try { mService.clearCrossProfileIntentFilters(admin); @@ -4519,6 +4575,7 @@ public class DevicePolicyManager { */ public boolean setPermittedAccessibilityServices(@NonNull ComponentName admin, List packageNames) { + throwIfParentInstance("setPermittedAccessibilityServices"); if (mService != null) { try { return mService.setPermittedAccessibilityServices(admin, packageNames); @@ -4540,6 +4597,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public List getPermittedAccessibilityServices(@NonNull ComponentName admin) { + throwIfParentInstance("getPermittedAccessibilityServices"); if (mService != null) { try { return mService.getPermittedAccessibilityServices(admin); @@ -4587,6 +4645,7 @@ public class DevicePolicyManager { */ @SystemApi public List getPermittedAccessibilityServices(int userId) { + throwIfParentInstance("getPermittedAccessibilityServices"); if (mService != null) { try { return mService.getPermittedAccessibilityServicesForUser(userId); @@ -4617,6 +4676,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean setPermittedInputMethods(@NonNull ComponentName admin, List packageNames) { + throwIfParentInstance("setPermittedInputMethods"); if (mService != null) { try { return mService.setPermittedInputMethods(admin, packageNames); @@ -4639,6 +4699,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public List getPermittedInputMethods(@NonNull ComponentName admin) { + throwIfParentInstance("getPermittedInputMethods"); if (mService != null) { try { return mService.getPermittedInputMethods(admin); @@ -4684,6 +4745,7 @@ public class DevicePolicyManager { */ @SystemApi public List getPermittedInputMethodsForCurrentUser() { + throwIfParentInstance("getPermittedInputMethodsForCurrentUser"); if (mService != null) { try { return mService.getPermittedInputMethodsForCurrentUser(); @@ -4704,6 +4766,7 @@ public class DevicePolicyManager { * @hide */ public List getKeepUninstalledPackages(@NonNull ComponentName admin) { + throwIfParentInstance("getKeepUninstalledPackages"); if (mService != null) { try { return mService.getKeepUninstalledPackages(admin); @@ -4728,6 +4791,7 @@ public class DevicePolicyManager { */ public void setKeepUninstalledPackages(@NonNull ComponentName admin, @NonNull List packageNames) { + throwIfParentInstance("setKeepUninstalledPackages"); if (mService != null) { try { mService.setKeepUninstalledPackages(admin, packageNames); @@ -4834,6 +4898,7 @@ public class DevicePolicyManager { public UserHandle createAndManageUser(@NonNull ComponentName admin, @NonNull String name, @NonNull ComponentName profileOwner, @Nullable PersistableBundle adminExtras, int flags) { + throwIfParentInstance("createAndManageUser"); try { return mService.createAndManageUser(admin, name, profileOwner, adminExtras, flags); } catch (RemoteException re) { @@ -4851,6 +4916,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public boolean removeUser(@NonNull ComponentName admin, UserHandle userHandle) { + throwIfParentInstance("removeUser"); try { return mService.removeUser(admin, userHandle); } catch (RemoteException re) { @@ -4868,6 +4934,7 @@ public class DevicePolicyManager { * @see Intent#ACTION_USER_FOREGROUND */ public boolean switchUser(@NonNull ComponentName admin, @Nullable UserHandle userHandle) { + throwIfParentInstance("switchUser"); try { return mService.switchUser(admin, userHandle); } catch (RemoteException re) { @@ -4893,6 +4960,7 @@ public class DevicePolicyManager { * @see {@link #setApplicationRestrictionsManagingPackage} */ public Bundle getApplicationRestrictions(@Nullable ComponentName admin, String packageName) { + throwIfParentInstance("getApplicationRestrictions"); if (mService != null) { try { return mService.getApplicationRestrictions(admin, packageName); @@ -4915,6 +4983,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void addUserRestriction(@NonNull ComponentName admin, String key) { + throwIfParentInstance("addUserRestriction"); if (mService != null) { try { mService.setUserRestriction(admin, key, true); @@ -4936,6 +5005,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void clearUserRestriction(@NonNull ComponentName admin, String key) { + throwIfParentInstance("clearUserRestriction"); if (mService != null) { try { mService.setUserRestriction(admin, key, false); @@ -4957,6 +5027,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public Bundle getUserRestrictions(@NonNull ComponentName admin) { + throwIfParentInstance("getUserRestrictions"); Bundle ret = null; if (mService != null) { try { @@ -5001,6 +5072,7 @@ public class DevicePolicyManager { */ public boolean setApplicationHidden(@NonNull ComponentName admin, String packageName, boolean hidden) { + throwIfParentInstance("setApplicationHidden"); if (mService != null) { try { return mService.setApplicationHidden(admin, packageName, hidden); @@ -5020,6 +5092,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean isApplicationHidden(@NonNull ComponentName admin, String packageName) { + throwIfParentInstance("isApplicationHidden"); if (mService != null) { try { return mService.isApplicationHidden(admin, packageName); @@ -5039,6 +5112,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void enableSystemApp(@NonNull ComponentName admin, String packageName) { + throwIfParentInstance("enableSystemApp"); if (mService != null) { try { mService.enableSystemApp(admin, packageName); @@ -5059,6 +5133,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public int enableSystemApp(@NonNull ComponentName admin, Intent intent) { + throwIfParentInstance("enableSystemApp"); if (mService != null) { try { return mService.enableSystemAppWithIntent(admin, intent); @@ -5091,6 +5166,7 @@ public class DevicePolicyManager { */ public void setAccountManagementDisabled(@NonNull ComponentName admin, String accountType, boolean disabled) { + throwIfParentInstance("setAccountManagementDisabled"); if (mService != null) { try { mService.setAccountManagementDisabled(admin, accountType, disabled); @@ -5111,6 +5187,7 @@ public class DevicePolicyManager { * @see #setAccountManagementDisabled */ public String[] getAccountTypesWithManagementDisabled() { + throwIfParentInstance("getAccountTypesWithManagementDisabled"); return getAccountTypesWithManagementDisabledAsUser(myUserId()); } @@ -5148,6 +5225,7 @@ public class DevicePolicyManager { */ public void setLockTaskPackages(@NonNull ComponentName admin, String[] packages) throws SecurityException { + throwIfParentInstance("setLockTaskPackages"); if (mService != null) { try { mService.setLockTaskPackages(admin, packages); @@ -5164,6 +5242,7 @@ public class DevicePolicyManager { * @hide */ public String[] getLockTaskPackages(@NonNull ComponentName admin) { + throwIfParentInstance("getLockTaskPackages"); if (mService != null) { try { return mService.getLockTaskPackages(admin); @@ -5180,6 +5259,7 @@ public class DevicePolicyManager { * @param pkg The package to check */ public boolean isLockTaskPermitted(String pkg) { + throwIfParentInstance("isLockTaskPermitted"); if (mService != null) { try { return mService.isLockTaskPermitted(pkg); @@ -5228,6 +5308,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public void setGlobalSetting(@NonNull ComponentName admin, String setting, String value) { + throwIfParentInstance("setGlobalSetting"); if (mService != null) { try { mService.setGlobalSetting(admin, setting, value); @@ -5260,6 +5341,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void setSecureSetting(@NonNull ComponentName admin, String setting, String value) { + throwIfParentInstance("setSecureSetting"); if (mService != null) { try { mService.setSecureSetting(admin, setting, value); @@ -5283,6 +5365,7 @@ public class DevicePolicyManager { */ public void setRestrictionsProvider(@NonNull ComponentName admin, @Nullable ComponentName provider) { + throwIfParentInstance("setRestrictionsProvider"); if (mService != null) { try { mService.setRestrictionsProvider(admin, provider); @@ -5300,6 +5383,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void setMasterVolumeMuted(@NonNull ComponentName admin, boolean on) { + throwIfParentInstance("setMasterVolumeMuted"); if (mService != null) { try { mService.setMasterVolumeMuted(admin, on); @@ -5317,6 +5401,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean isMasterVolumeMuted(@NonNull ComponentName admin) { + throwIfParentInstance("isMasterVolumeMuted"); if (mService != null) { try { return mService.isMasterVolumeMuted(admin); @@ -5337,6 +5422,7 @@ public class DevicePolicyManager { */ public void setUninstallBlocked(@NonNull ComponentName admin, String packageName, boolean uninstallBlocked) { + throwIfParentInstance("setUninstallBlocked"); if (mService != null) { try { mService.setUninstallBlocked(admin, packageName, uninstallBlocked); @@ -5362,6 +5448,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public boolean isUninstallBlocked(@Nullable ComponentName admin, String packageName) { + throwIfParentInstance("isUninstallBlocked"); if (mService != null) { try { return mService.isUninstallBlocked(admin, packageName); @@ -5389,6 +5476,7 @@ public class DevicePolicyManager { * @see #getCrossProfileWidgetProviders(android.content.ComponentName) */ public boolean addCrossProfileWidgetProvider(@NonNull ComponentName admin, String packageName) { + throwIfParentInstance("addCrossProfileWidgetProvider"); if (mService != null) { try { return mService.addCrossProfileWidgetProvider(admin, packageName); @@ -5416,6 +5504,7 @@ public class DevicePolicyManager { */ public boolean removeCrossProfileWidgetProvider( @NonNull ComponentName admin, String packageName) { + throwIfParentInstance("removeCrossProfileWidgetProvider"); if (mService != null) { try { return mService.removeCrossProfileWidgetProvider(admin, packageName); @@ -5437,6 +5526,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a profile owner. */ public List getCrossProfileWidgetProviders(@NonNull ComponentName admin) { + throwIfParentInstance("getCrossProfileWidgetProviders"); if (mService != null) { try { List providers = mService.getCrossProfileWidgetProviders(admin); @@ -5458,6 +5548,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void setUserIcon(@NonNull ComponentName admin, Bitmap icon) { + throwIfParentInstance("setUserIcon"); try { mService.setUserIcon(admin, icon); } catch (RemoteException re) { @@ -5477,6 +5568,7 @@ public class DevicePolicyManager { * @see SystemUpdatePolicy */ public void setSystemUpdatePolicy(@NonNull ComponentName admin, SystemUpdatePolicy policy) { + throwIfParentInstance("setSystemUpdatePolicy"); if (mService != null) { try { mService.setSystemUpdatePolicy(admin, policy); @@ -5492,6 +5584,7 @@ public class DevicePolicyManager { * @return The current policy object, or {@code null} if no policy is set. */ public SystemUpdatePolicy getSystemUpdatePolicy() { + throwIfParentInstance("getSystemUpdatePolicy"); if (mService != null) { try { return mService.getSystemUpdatePolicy(); @@ -5517,6 +5610,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public boolean setKeyguardDisabled(@NonNull ComponentName admin, boolean disabled) { + throwIfParentInstance("setKeyguardDisabled"); try { return mService.setKeyguardDisabled(admin, disabled); } catch (RemoteException re) { @@ -5535,6 +5629,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public boolean setStatusBarDisabled(@NonNull ComponentName admin, boolean disabled) { + throwIfParentInstance("setStatusBarDisabled"); try { return mService.setStatusBarDisabled(admin, disabled); } catch (RemoteException re) { @@ -5553,6 +5648,7 @@ public class DevicePolicyManager { */ @SystemApi public void notifyPendingSystemUpdate(long updateReceivedTime) { + throwIfParentInstance("notifyPendingSystemUpdate"); if (mService != null) { try { mService.notifyPendingSystemUpdate(updateReceivedTime); @@ -5580,6 +5676,7 @@ public class DevicePolicyManager { * @see #setPermissionGrantState */ public void setPermissionPolicy(@NonNull ComponentName admin, int policy) { + throwIfParentInstance("setPermissionPolicy"); try { mService.setPermissionPolicy(admin, policy); } catch (RemoteException re) { @@ -5594,6 +5691,7 @@ public class DevicePolicyManager { * @return the current policy for future permission requests. */ public int getPermissionPolicy(ComponentName admin) { + throwIfParentInstance("getPermissionPolicy"); try { return mService.getPermissionPolicy(admin); } catch (RemoteException re) { @@ -5630,6 +5728,7 @@ public class DevicePolicyManager { */ public boolean setPermissionGrantState(@NonNull ComponentName admin, String packageName, String permission, int grantState) { + throwIfParentInstance("setPermissionGrantState"); try { return mService.setPermissionGrantState(admin, packageName, permission, grantState); } catch (RemoteException re) { @@ -5658,6 +5757,7 @@ public class DevicePolicyManager { */ public int getPermissionGrantState(@NonNull ComponentName admin, String packageName, String permission) { + throwIfParentInstance("getPermissionGrantState"); try { return mService.getPermissionGrantState(admin, packageName, permission); } catch (RemoteException re) { @@ -5673,6 +5773,7 @@ public class DevicePolicyManager { * @throws IllegalArgumentException if the supplied action is not valid. */ public boolean isProvisioningAllowed(String action) { + throwIfParentInstance("isProvisioningAllowed"); try { return mService.isProvisioningAllowed(action); } catch (RemoteException re) { @@ -5688,6 +5789,7 @@ public class DevicePolicyManager { * @return if this user is a managed profile of another user. */ public boolean isManagedProfile(@NonNull ComponentName admin) { + throwIfParentInstance("isManagedProfile"); try { return mService.isManagedProfile(admin); } catch (RemoteException re) { @@ -5721,6 +5823,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public String getWifiMacAddress(@NonNull ComponentName admin) { + throwIfParentInstance("getWifiMacAddress"); try { return mService.getWifiMacAddress(admin); } catch (RemoteException re) { @@ -5737,6 +5840,7 @@ public class DevicePolicyManager { * @see TelephonyManager#CALL_STATE_IDLE */ public void reboot(@NonNull ComponentName admin) { + throwIfParentInstance("reboot"); try { mService.reboot(admin); } catch (RemoteException re) { @@ -5763,6 +5867,7 @@ public class DevicePolicyManager { */ public void setShortSupportMessage(@NonNull ComponentName admin, @Nullable CharSequence message) { + throwIfParentInstance("setShortSupportMessage"); if (mService != null) { try { mService.setShortSupportMessage(admin, message); @@ -5781,6 +5886,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not an active administrator. */ public CharSequence getShortSupportMessage(@NonNull ComponentName admin) { + throwIfParentInstance("getShortSupportMessage"); if (mService != null) { try { return mService.getShortSupportMessage(admin); @@ -5807,6 +5913,7 @@ public class DevicePolicyManager { */ public void setLongSupportMessage(@NonNull ComponentName admin, @Nullable CharSequence message) { + throwIfParentInstance("setLongSupportMessage"); if (mService != null) { try { mService.setLongSupportMessage(admin, message); @@ -5825,6 +5932,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not an active administrator. */ public CharSequence getLongSupportMessage(@NonNull ComponentName admin) { + throwIfParentInstance("getLongSupportMessage"); if (mService != null) { try { return mService.getLongSupportMessage(admin); @@ -5922,6 +6030,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a profile owner. */ public DevicePolicyManager getParentProfileInstance(@NonNull ComponentName admin) { + throwIfParentInstance("getParentProfileInstance"); try { if (!mService.isManagedProfile(admin)) { throw new SecurityException("The current user does not have a parent profile."); @@ -5948,6 +6057,7 @@ public class DevicePolicyManager { * @see #retrieveSecurityLogs */ public void setSecurityLoggingEnabled(@NonNull ComponentName admin, boolean enabled) { + throwIfParentInstance("setSecurityLoggingEnabled"); try { mService.setSecurityLoggingEnabled(admin, enabled); } catch (RemoteException re) { @@ -5966,6 +6076,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public boolean isSecurityLoggingEnabled(@NonNull ComponentName admin) { + throwIfParentInstance("isSecurityLoggingEnabled"); try { return mService.isSecurityLoggingEnabled(admin); } catch (RemoteException re) { @@ -5989,6 +6100,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public List retrieveSecurityLogs(@NonNull ComponentName admin) { + throwIfParentInstance("retrieveSecurityLogs"); try { ParceledListSlice list = mService.retrieveSecurityLogs(admin); if (list != null) { @@ -6034,6 +6146,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device owner. */ public List retrievePreRebootSecurityLogs(@NonNull ComponentName admin) { + throwIfParentInstance("retrievePreRebootSecurityLogs"); try { ParceledListSlice list = mService.retrievePreRebootSecurityLogs(admin); return list.getList(); @@ -6055,6 +6168,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a profile owner. */ public void setOrganizationColor(@NonNull ComponentName admin, int color) { + throwIfParentInstance("setOrganizationColor"); try { // always enforce alpha channel to have 100% opacity color |= 0xFF000000; @@ -6094,6 +6208,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a profile owner. */ public @ColorInt int getOrganizationColor(@NonNull ComponentName admin) { + throwIfParentInstance("getOrganizationColor"); try { return mService.getOrganizationColor(admin); } catch (RemoteException re) { @@ -6129,6 +6244,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a profile owner. */ public void setOrganizationName(@NonNull ComponentName admin, @Nullable CharSequence title) { + throwIfParentInstance("setOrganizationName"); try { mService.setOrganizationName(admin, title); } catch (RemoteException re) { @@ -6145,6 +6261,7 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a profile owner. */ public CharSequence getOrganizationName(@NonNull ComponentName admin) { + throwIfParentInstance("getOrganizationName"); try { return mService.getOrganizationName(admin); } catch (RemoteException re) { @@ -6176,6 +6293,7 @@ public class DevicePolicyManager { @SystemApi @UserProvisioningState public int getUserProvisioningState() { + throwIfParentInstance("getUserProvisioningState"); if (mService != null) { try { return mService.getUserProvisioningState(); @@ -6222,6 +6340,7 @@ public class DevicePolicyManager { * @param ids A set of opaque affiliation ids. */ public void setAffiliationIds(@NonNull ComponentName admin, Set ids) { + throwIfParentInstance("setAffiliationIds"); try { mService.setAffiliationIds(admin, new ArrayList(ids)); } catch (RemoteException e) { @@ -6237,6 +6356,7 @@ public class DevicePolicyManager { * @return whether this user/profile is affiliated with the device. */ public boolean isAffiliatedUser() { + throwIfParentInstance("isAffiliatedUser"); try { return mService != null && mService.isAffiliatedUser(); } catch (RemoteException e) { @@ -6270,4 +6390,10 @@ public class DevicePolicyManager { throw re.rethrowFromSystemServer(); } } + + private void throwIfParentInstance(String functionName) { + if (mParentInstance) { + throw new SecurityException(functionName + " cannot be called on the parent instance"); + } + } }