am 467eb056: Merge "Allowing profile to set a subset of keyguard restrictions." into mnc-dev
* commit '467eb0566ff1df320c9a9be3da0f44ee3d6bc9fa': Allowing profile to set a subset of keyguard restrictions.
This commit is contained in:
Kenny Guy
@@ -2523,13 +2523,26 @@ public class DevicePolicyManager {
|
||||
* {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call
|
||||
* this method; if it has not, a security exception will be thrown.
|
||||
*
|
||||
* <p>Calling this from a managed profile will throw a security exception.
|
||||
* <p>Calling this from a managed profile before version
|
||||
* {@link android.os.Build.VERSION_CODES#MNC} will throw a security exception.
|
||||
*
|
||||
* <p>From version {@link android.os.Build.VERSION_CODES#MNC} a profile owner can set:
|
||||
* <ul>
|
||||
* <li>{@link #KEYGUARD_DISABLE_TRUST_AGENTS}, {@link #KEYGUARD_DISABLE_FINGERPRINT}
|
||||
* these will affect the profile's parent user.
|
||||
* <li>{@link #KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS} this will affect notifications
|
||||
* generated by applications in the managed profile.
|
||||
* </ul>
|
||||
* <p>Requests to disable other features on a managed profile will be ignored. The admin
|
||||
* can check which features have been disabled by calling
|
||||
* {@link #getKeyguardDisabledFeatures(ComponentName)}
|
||||
*
|
||||
* @param admin Which {@link DeviceAdminReceiver} this request is associated with.
|
||||
* @param which {@link #KEYGUARD_DISABLE_FEATURES_NONE} (default),
|
||||
* {@link #KEYGUARD_DISABLE_WIDGETS_ALL}, {@link #KEYGUARD_DISABLE_SECURE_CAMERA},
|
||||
* {@link #KEYGUARD_DISABLE_SECURE_NOTIFICATIONS}, {@link #KEYGUARD_DISABLE_TRUST_AGENTS},
|
||||
* {@link #KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS}, {@link #KEYGUARD_DISABLE_FEATURES_ALL}
|
||||
* {@link #KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS}, {@link #KEYGUARD_DISABLE_FINGERPRINT},
|
||||
* {@link #KEYGUARD_DISABLE_FEATURES_ALL}
|
||||
*/
|
||||
public void setKeyguardDisabledFeatures(ComponentName admin, int which) {
|
||||
if (mService != null) {
|
||||
|
||||
@@ -395,11 +395,6 @@ public abstract class BaseStatusBar extends SystemUI implements
|
||||
Toast.LENGTH_SHORT).show();
|
||||
}
|
||||
}
|
||||
} else if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(
|
||||
action)) {
|
||||
mUsersAllowingPrivateNotifications.clear();
|
||||
updateLockscreenNotificationSetting();
|
||||
updateNotifications();
|
||||
} else if (BANNER_ACTION_CANCEL.equals(action) || BANNER_ACTION_SETUP.equals(action)) {
|
||||
NotificationManager noMan = (NotificationManager)
|
||||
mContext.getSystemService(Context.NOTIFICATION_SERVICE);
|
||||
@@ -419,6 +414,19 @@ public abstract class BaseStatusBar extends SystemUI implements
|
||||
}
|
||||
};
|
||||
|
||||
private final BroadcastReceiver mAllUsersReceiver = new BroadcastReceiver() {
|
||||
@Override
|
||||
public void onReceive(Context context, Intent intent) {
|
||||
String action = intent.getAction();
|
||||
if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(action) &&
|
||||
isCurrentProfile(getSendingUserId())) {
|
||||
mUsersAllowingPrivateNotifications.clear();
|
||||
updateLockscreenNotificationSetting();
|
||||
updateNotifications();
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
private final NotificationListenerService mNotificationListener =
|
||||
new NotificationListenerService() {
|
||||
@Override
|
||||
@@ -631,9 +639,13 @@ public abstract class BaseStatusBar extends SystemUI implements
|
||||
filter.addAction(Intent.ACTION_USER_PRESENT);
|
||||
filter.addAction(BANNER_ACTION_CANCEL);
|
||||
filter.addAction(BANNER_ACTION_SETUP);
|
||||
filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);
|
||||
mContext.registerReceiver(mBroadcastReceiver, filter);
|
||||
|
||||
IntentFilter allUsersFilter = new IntentFilter();
|
||||
allUsersFilter.addAction(
|
||||
DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);
|
||||
mContext.registerReceiverAsUser(mAllUsersReceiver, UserHandle.ALL, allUsersFilter,
|
||||
null, null);
|
||||
updateCurrentProfilesCache();
|
||||
}
|
||||
|
||||
|
||||
@@ -246,6 +246,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
|
||||
GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.STAY_ON_WHILE_PLUGGED_IN);
|
||||
}
|
||||
|
||||
// Keyguard features that when set of a profile will affect the profiles
|
||||
// parent user.
|
||||
private static final int PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER =
|
||||
DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS
|
||||
| DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT;
|
||||
|
||||
// Keyguard features that are allowed to be set on a managed profile
|
||||
private static final int PROFILE_KEYGUARD_FEATURES =
|
||||
PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER
|
||||
| DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS;
|
||||
|
||||
final Context mContext;
|
||||
final UserManager mUserManager;
|
||||
final PowerManager.WakeLock mWakeLock;
|
||||
@@ -3957,7 +3968,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
|
||||
}
|
||||
Preconditions.checkNotNull(who, "ComponentName is null");
|
||||
final int userHandle = UserHandle.getCallingUserId();
|
||||
enforceNotManagedProfile(userHandle, "disable keyguard features");
|
||||
if (isManagedProfile(userHandle)) {
|
||||
which = which & PROFILE_KEYGUARD_FEATURES;
|
||||
}
|
||||
synchronized (this) {
|
||||
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
|
||||
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES);
|
||||
@@ -3978,21 +3991,50 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
|
||||
return 0;
|
||||
}
|
||||
enforceCrossUserPermission(userHandle);
|
||||
synchronized (this) {
|
||||
if (who != null) {
|
||||
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
|
||||
return (admin != null) ? admin.disabledKeyguardFeatures : 0;
|
||||
}
|
||||
long ident = Binder.clearCallingIdentity();
|
||||
try {
|
||||
synchronized (this) {
|
||||
if (who != null) {
|
||||
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
|
||||
return (admin != null) ? admin.disabledKeyguardFeatures : 0;
|
||||
}
|
||||
|
||||
// Determine which keyguard features are disabled for any active admins.
|
||||
DevicePolicyData policy = getUserData(userHandle);
|
||||
final int N = policy.mAdminList.size();
|
||||
int which = 0;
|
||||
for (int i = 0; i < N; i++) {
|
||||
ActiveAdmin admin = policy.mAdminList.get(i);
|
||||
which |= admin.disabledKeyguardFeatures;
|
||||
UserInfo user = mUserManager.getUserInfo(userHandle);
|
||||
final List<UserInfo> profiles;
|
||||
if (user.isManagedProfile()) {
|
||||
// If we are being asked about a managed profile just return
|
||||
// keyguard features disabled by admins in the profile.
|
||||
profiles = new ArrayList<UserInfo>(1);
|
||||
profiles.add(user);
|
||||
} else {
|
||||
// Otherwise return those set by admins in the user
|
||||
// and its profiles.
|
||||
profiles = mUserManager.getProfiles(userHandle);
|
||||
}
|
||||
|
||||
// Determine which keyguard features are disabled by any active admin.
|
||||
int which = 0;
|
||||
for (UserInfo userInfo : profiles) {
|
||||
DevicePolicyData policy = getUserData(userInfo.id);
|
||||
final int N = policy.mAdminList.size();
|
||||
for (int i = 0; i < N; i++) {
|
||||
ActiveAdmin admin = policy.mAdminList.get(i);
|
||||
if (userInfo.id == userHandle || !userInfo.isManagedProfile()) {
|
||||
// If we are being asked explictly about this user
|
||||
// return all disabled features even if its a managed profile.
|
||||
which |= admin.disabledKeyguardFeatures;
|
||||
} else {
|
||||
// Otherwise a managed profile is only allowed to disable
|
||||
// some features on the parent user.
|
||||
which |= (admin.disabledKeyguardFeatures
|
||||
& PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER);
|
||||
}
|
||||
}
|
||||
}
|
||||
return which;
|
||||
}
|
||||
return which;
|
||||
} finally {
|
||||
Binder.restoreCallingIdentity(ident);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user