From 3a3092fab0ccb631bc70de64f3bbe5c076a1f94b Mon Sep 17 00:00:00 2001
From: Makoto Onuki <omakoto@google.com>
Date: Fri, 30 Oct 2015 11:07:51 -0700
Subject: [PATCH] Add DPM.getUserRestrictions()

This returns per-DO/PO restrictions.

Bug 23902097

Change-Id: I225c1b01444fe2f60e5a6674d327182cc9bb15dc
---
 api/current.txt                               |  1 +
 api/system-current.txt                        |  1 +
 .../app/admin/DevicePolicyManager.java        | 22 ++++++++++++
 .../app/admin/IDevicePolicyManager.aidl       |  1 +
 .../DevicePolicyManagerService.java           | 10 ++++++
 .../devicepolicy/DevicePolicyManagerTest.java | 34 +++++++++++++++++++
 6 files changed, 69 insertions(+)

diff --git a/api/current.txt b/api/current.txt
index eb888afc10dd2..2b4dc5f0c2d9e 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -5722,6 +5722,7 @@ package android.app.admin {
     method public int getStorageEncryptionStatus();
     method public android.app.admin.SystemUpdatePolicy getSystemUpdatePolicy();
     method public java.util.List<android.os.PersistableBundle> getTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName);
+    method public android.os.Bundle getUserRestrictions(android.content.ComponentName);
     method public boolean hasCaCertInstalled(android.content.ComponentName, byte[]);
     method public boolean hasGrantedPolicy(android.content.ComponentName, int);
     method public boolean installCaCert(android.content.ComponentName, byte[]);
diff --git a/api/system-current.txt b/api/system-current.txt
index d288ad1a44439..34f5b2640a3de 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -5851,6 +5851,7 @@ package android.app.admin {
     method public int getStorageEncryptionStatus();
     method public android.app.admin.SystemUpdatePolicy getSystemUpdatePolicy();
     method public java.util.List<android.os.PersistableBundle> getTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName);
+    method public android.os.Bundle getUserRestrictions(android.content.ComponentName);
     method public boolean hasCaCertInstalled(android.content.ComponentName, byte[]);
     method public boolean hasGrantedPolicy(android.content.ComponentName, int);
     method public boolean installCaCert(android.content.ComponentName, byte[]);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 9e9d9496b4613..aa8bf53d5e562 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -3634,6 +3634,28 @@ public class DevicePolicyManager {
         }
     }
 
+    /**
+     * Called by a profile or device owner to get user restrictions set with
+     * {@link #addUserRestriction(ComponentName, String)}.
+     * <p>
+     * The target user may have more restrictions set by the system or other device owner / profile
+     * owner.  To get all the user restrictions currently set, use
+     * {@link UserManager#getUserRestrictions()}.
+     *
+     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+     */
+    public Bundle getUserRestrictions(@NonNull ComponentName admin) {
+        Bundle ret = null;
+        if (mService != null) {
+            try {
+                ret = mService.getUserRestrictions(admin);
+            } catch (RemoteException e) {
+                Log.w(TAG, "Failed talking with device policy service", e);
+            }
+        }
+        return ret == null ? new Bundle() : ret;
+    }
+
     /**
      * Called by profile or device owners to hide or unhide packages. When a package is hidden it
      * is unavailable for use, but the data and actual package file remain.
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index ccaa8cb82170d..cfa58618138e8 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -147,6 +147,7 @@ interface IDevicePolicyManager {
     ComponentName getRestrictionsProvider(int userHandle);
 
     void setUserRestriction(in ComponentName who, in String key, boolean enable);
+    Bundle getUserRestrictions(in ComponentName who);
     void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags);
     void clearCrossProfileIntentFilters(in ComponentName admin);
 
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index b4c8f966ba711..6ef85dc352196 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5723,6 +5723,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
+    @Override
+    public Bundle getUserRestrictions(ComponentName who) {
+        Preconditions.checkNotNull(who, "ComponentName is null");
+        synchronized (this) {
+            final ActiveAdmin activeAdmin =
+                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+            return activeAdmin.userRestrictions;
+        }
+    }
+
     @Override
     public boolean setApplicationHidden(ComponentName who, String packageName,
             boolean hidden) {
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 727858b77f41b..f0446a9bf0332 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -739,6 +739,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 DpmTestUtils.newRestrictions(),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.addUserRestriction(admin1, UserManager.DISALLOW_SMS);
         dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
@@ -748,6 +752,11 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                         UserManager.DISALLOW_SMS, UserManager.DISALLOW_OUTGOING_CALLS),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(
+                        UserManager.DISALLOW_SMS, UserManager.DISALLOW_OUTGOING_CALLS),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_SMS);
 
@@ -755,6 +764,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
 
@@ -762,6 +775,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 DpmTestUtils.newRestrictions(),
                 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(),
+                dpm.getUserRestrictions(admin1)
+        );
 
         // TODO Check inner calls.
         // TODO Make sure restrictions are written to the file.
@@ -787,6 +804,13 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
                         .ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(
+                        UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
+                        UserManager.DISALLOW_OUTGOING_CALLS
+                ),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
 
@@ -798,6 +822,12 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
                         .ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(
+                        UserManager.DISALLOW_OUTGOING_CALLS
+                ),
+                dpm.getUserRestrictions(admin1)
+        );
 
         dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
 
@@ -806,6 +836,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
                         .ensureUserRestrictions()
         );
+        DpmTestUtils.assertRestrictions(
+                DpmTestUtils.newRestrictions(),
+                dpm.getUserRestrictions(admin1)
+        );
 
         // TODO Check inner calls.
         // TODO Make sure restrictions are written to the file.