diff --git a/api/current.txt b/api/current.txt
index 3e63cd7237e1f..73b522fa0aca4 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -5730,6 +5730,7 @@ package android.app.admin {
     method public int getStorageEncryptionStatus();
     method public android.app.admin.SystemUpdatePolicy getSystemUpdatePolicy();
     method public java.util.List<android.os.PersistableBundle> getTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName);
+    method public android.os.Bundle getUserRestrictions(android.content.ComponentName);
     method public boolean hasCaCertInstalled(android.content.ComponentName, byte[]);
     method public boolean hasGrantedPolicy(android.content.ComponentName, int);
     method public boolean installCaCert(android.content.ComponentName, byte[]);
diff --git a/api/system-current.txt b/api/system-current.txt
index 64162aed38eb0..87932ac9617be 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -5860,6 +5860,7 @@ package android.app.admin {
     method public int getStorageEncryptionStatus();
     method public android.app.admin.SystemUpdatePolicy getSystemUpdatePolicy();
     method public java.util.List<android.os.PersistableBundle> getTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName);
+    method public android.os.Bundle getUserRestrictions(android.content.ComponentName);
     method public boolean hasCaCertInstalled(android.content.ComponentName, byte[]);
     method public boolean hasGrantedPolicy(android.content.ComponentName, int);
     method public boolean installCaCert(android.content.ComponentName, byte[]);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 0fdf3d3693c36..d7ffcc4190f6b 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -3636,6 +3636,28 @@ public class DevicePolicyManager {
         }
     }
 
+    /**
+     * Called by a profile or device owner to get user restrictions set with
+     * {@link #addUserRestriction(ComponentName, String)}.
+     * <p>
+     * The target user may have more restrictions set by the system or other device owner / profile
+     * owner.  To get all the user restrictions currently set, use
+     * {@link UserManager#getUserRestrictions()}.
+     *
+     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+     */
+    public Bundle getUserRestrictions(@NonNull ComponentName admin) {
+        Bundle ret = null;
+        if (mService != null) {
+            try {
+                ret = mService.getUserRestrictions(admin);
+            } catch (RemoteException e) {
+                Log.w(TAG, "Failed talking with device policy service", e);
+            }
+        }
+        return ret == null ? new Bundle() : ret;
+    }
+
     /**
      * Called by profile or device owners to hide or unhide packages. When a package is hidden it
      * is unavailable for use, but the data and actual package file remain.
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index ccaa8cb82170d..cfa58618138e8 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -147,6 +147,7 @@ interface IDevicePolicyManager {
     ComponentName getRestrictionsProvider(int userHandle);
 
     void setUserRestriction(in ComponentName who, in String key, boolean enable);
+    Bundle getUserRestrictions(in ComponentName who);
     void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags);
     void clearCrossProfileIntentFilters(in ComponentName admin);
 
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 382b83897434d..37e46fbe8a958 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5644,6 +5644,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
+    @Override
+    public Bundle getUserRestrictions(ComponentName who) {
+        Preconditions.checkNotNull(who, "ComponentName is null");
+        synchronized (this) {
+            final ActiveAdmin activeAdmin =
+                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+            return activeAdmin.userRestrictions;
+        }
+    }
+
     @Override
     public boolean setApplicationHidden(ComponentName who, String packageName,
             boolean hidden) {
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index d579f58b265b7..36980e3c7d493 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -763,6 +763,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 DpmTestUtils.newRestrictions(),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.addUserRestriction(admin1, UserManager.DISALLOW_SMS);
         dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
@@ -772,6 +776,11 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                         UserManager.DISALLOW_SMS, UserManager.DISALLOW_OUTGOING_CALLS),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(
+                        UserManager.DISALLOW_SMS, UserManager.DISALLOW_OUTGOING_CALLS),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_SMS);
 
@@ -779,6 +788,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
 
@@ -786,6 +799,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 DpmTestUtils.newRestrictions(),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(),
+                dpm.getUserRestrictions(admin1)
+        );
 
         // TODO Check inner calls.
         // TODO Make sure restrictions are written to the file.
@@ -811,6 +828,13 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
                         .ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(
+                        UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
+                        UserManager.DISALLOW_OUTGOING_CALLS
+                ),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
 
@@ -822,6 +846,12 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
                         .ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(
+                        UserManager.DISALLOW_OUTGOING_CALLS
+                ),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
 
@@ -830,6 +860,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
                         .ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(),
+                dpm.getUserRestrictions(admin1)
+        );
 
         // TODO Check inner calls.
         // TODO Make sure restrictions are written to the file.