Merge "Make FRP APIs callable by Settings" into rvc-dev am: 7bd3e833ce
Change-Id: I20f4d085bdbf299526353ba8d595ae72ca8a8f27
This commit is contained in:
Alex Johnston
@@ -4424,11 +4424,13 @@ public class DevicePolicyManager {
|
||||
* the current factory reset protection (FRP) policy set previously by
|
||||
* {@link #setFactoryResetProtectionPolicy}.
|
||||
* <p>
|
||||
* This method can also be called by the FRP management agent on device, in which case,
|
||||
* it can pass {@code null} as the ComponentName.
|
||||
* This method can also be called by the FRP management agent on device or with the permission
|
||||
* {@link android.Manifest.permission#MASTER_CLEAR}, in which case, it can pass {@code null}
|
||||
* as the ComponentName.
|
||||
*
|
||||
* @param admin Which {@link DeviceAdminReceiver} this request is associated with or
|
||||
* {@code null} if called by the FRP management agent on device.
|
||||
* {@code null} if called by the FRP management agent on device or with the
|
||||
* permission {@link android.Manifest.permission#MASTER_CLEAR}.
|
||||
* @return The current FRP policy object or {@code null} if no policy is set.
|
||||
* @throws SecurityException if {@code admin} is not a device owner, a profile owner of
|
||||
* an organization-owned device or the FRP management agent.
|
||||
|
||||
@@ -43,6 +43,12 @@ import java.util.List;
|
||||
* reset protection policy for the device by calling the {@code DevicePolicyManager} method
|
||||
* {@link DevicePolicyManager#setFactoryResetProtectionPolicy(ComponentName,
|
||||
* FactoryResetProtectionPolicy)}}.
|
||||
* <p>
|
||||
* Normally factory reset protection does not kick in if the device is factory reset via Settings.
|
||||
* This is also the case when a device owner sets factory reset protection policy. However,
|
||||
* when a profile owner of an organization-owned device sets factory reset protection policy that
|
||||
* locks the device to specific accounts, the policy will take effect even if factory reset is
|
||||
* performed from Settings.
|
||||
*
|
||||
* @see DevicePolicyManager#setFactoryResetProtectionPolicy
|
||||
* @see DevicePolicyManager#getFactoryResetProtectionPolicy
|
||||
@@ -236,4 +242,16 @@ public final class FactoryResetProtectionPolicy implements Parcelable {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns if the policy will result in factory reset protection being locked to
|
||||
* admin-specified accounts.
|
||||
* <p>
|
||||
* When a device has a non-empty factory reset protection policy, trusted factory reset
|
||||
* via Settings will no longer remove factory reset protection from the device.
|
||||
* @hide
|
||||
*/
|
||||
public boolean isNotEmpty() {
|
||||
return !mFactoryResetProtectionAccounts.isEmpty() && mFactoryResetProtectionEnabled;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -7171,7 +7171,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
|
||||
ActiveAdmin admin;
|
||||
synchronized (getLockObject()) {
|
||||
if (who == null) {
|
||||
if ((frpManagementAgentUid != mInjector.binderGetCallingUid())) {
|
||||
if ((frpManagementAgentUid != mInjector.binderGetCallingUid())
|
||||
&& (mContext.checkCallingPermission(permission.MASTER_CLEAR)
|
||||
!= PackageManager.PERMISSION_GRANTED)) {
|
||||
throw new SecurityException(
|
||||
"Must be called by the FRP management agent on device");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user