Merge "Remove FRP wipe support for device initializers" into mnc-dev

api/current.txt

@@ -5852,7 +5852,6 @@ package android.app.admin {
     field public static final java.lang.String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED = "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED";
     field public static final java.lang.String EXTRA_PROVISIONING_LOCALE = "android.app.extra.PROVISIONING_LOCALE";
     field public static final java.lang.String EXTRA_PROVISIONING_LOCAL_TIME = "android.app.extra.PROVISIONING_LOCAL_TIME";
-    field public static final java.lang.String EXTRA_PROVISIONING_RESET_PROTECTION_PARAMETERS = "android.app.extra.PROVISIONING_RESET_PROTECTION_PARAMETERS";
     field public static final java.lang.String EXTRA_PROVISIONING_SKIP_ENCRYPTION = "android.app.extra.PROVISIONING_SKIP_ENCRYPTION";
     field public static final java.lang.String EXTRA_PROVISIONING_TIME_ZONE = "android.app.extra.PROVISIONING_TIME_ZONE";
     field public static final java.lang.String EXTRA_PROVISIONING_WIFI_HIDDEN = "android.app.extra.PROVISIONING_WIFI_HIDDEN";

api/system-current.txt

@@ -5969,7 +5969,6 @@ package android.app.admin {
     field public static final java.lang.String EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED = "android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED";
     field public static final java.lang.String EXTRA_PROVISIONING_LOCALE = "android.app.extra.PROVISIONING_LOCALE";
     field public static final java.lang.String EXTRA_PROVISIONING_LOCAL_TIME = "android.app.extra.PROVISIONING_LOCAL_TIME";
-    field public static final java.lang.String EXTRA_PROVISIONING_RESET_PROTECTION_PARAMETERS = "android.app.extra.PROVISIONING_RESET_PROTECTION_PARAMETERS";
     field public static final java.lang.String EXTRA_PROVISIONING_SKIP_ENCRYPTION = "android.app.extra.PROVISIONING_SKIP_ENCRYPTION";
     field public static final java.lang.String EXTRA_PROVISIONING_TIME_ZONE = "android.app.extra.PROVISIONING_TIME_ZONE";
     field public static final java.lang.String EXTRA_PROVISIONING_WIFI_HIDDEN = "android.app.extra.PROVISIONING_WIFI_HIDDEN";
@@ -30918,7 +30917,6 @@ package android.service.persistentdata {
     method public abstract byte[] read() throws android.os.RemoteException;
     method public abstract void setOemUnlockEnabled(boolean) throws android.os.RemoteException;
     method public abstract void wipe() throws android.os.RemoteException;
-    method public abstract void wipeIfAllowed(android.os.Bundle, android.app.PendingIntent) throws android.os.RemoteException;
     method public abstract int write(byte[]) throws android.os.RemoteException;
   }
 
@@ -30930,14 +30928,7 @@ package android.service.persistentdata {
     method public byte[] read();
     method public void setOemUnlockEnabled(boolean);
     method public void wipe();
-    method public void wipeIfAllowed(android.os.Bundle, android.app.PendingIntent);
     method public int write(byte[]);
-    field public static final java.lang.String ACTION_WIPE_IF_ALLOWED = "android.service.persistentdata.action.WIPE_IF_ALLOWED";
-    field public static final java.lang.String EXTRA_WIPE_IF_ALLOWED_CALLBACK = "android.service.persistentdata.extra.WIPE_IF_ALLOWED_CALLBACK";
-    field public static final int STATUS_ERROR_NETWORK_ERROR = 2; // 0x2
-    field public static final int STATUS_ERROR_NOT_COMPLIANT = 3; // 0x3
-    field public static final int STATUS_ERROR_REMOTE_EXCEPTION = 1; // 0x1
-    field public static final int STATUS_SUCCESS = 0; // 0x0
   }
 
 }

core/java/android/app/admin/DevicePolicyManager.java

@@ -551,19 +551,6 @@ public class DevicePolicyManager {
     public static final String EXTRA_PROVISIONING_DEVICE_INITIALIZER_SIGNATURE_CHECKSUM
         = "android.app.extra.PROVISIONING_DEVICE_INITIALIZER_SIGNATURE_CHECKSUM";
 
-    /**
-     * A {@link android.os.Parcelable} extra of type {@link android.os.PersistableBundle} that
-     * holds data needed by the system to wipe factory reset protection. The data needed to wipe
-     * the device depend on the installed factory reset protection implementation. For example,
-     * if an account is needed to unlock a device, this extra may contain data used to
-     * authenticate that account.
-     *
-     * <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC_V2} that starts device owner
-     * provisioning via an NFC bump.
-     */
-    public static final String EXTRA_PROVISIONING_RESET_PROTECTION_PARAMETERS
-            = "android.app.extra.PROVISIONING_RESET_PROTECTION_PARAMETERS";
-
     /**
      * This MIME type is used for starting the Device Owner provisioning that does not require
      * provisioning features introduced in Android API level

core/java/android/service/persistentdata/IPersistentDataBlockService.aidl

@@ -16,8 +16,6 @@
 
 package android.service.persistentdata;
 
-import android.app.PendingIntent;
-import android.os.Bundle;
 import android.os.ParcelFileDescriptor;
 
 /**
@@ -32,7 +30,6 @@ interface IPersistentDataBlockService {
     int write(in byte[] data);
     byte[] read();
     void wipe();
-    void wipeIfAllowed(in Bundle bundle, in PendingIntent pi);
     int getDataBlockSize();
     long getMaximumDataBlockSize();
 

core/java/android/service/persistentdata/PersistentDataBlockManager.java

@@ -17,8 +17,6 @@
 package android.service.persistentdata;
 
 import android.annotation.SystemApi;
-import android.app.PendingIntent;
-import android.os.Bundle;
 import android.os.RemoteException;
 import android.util.Slog;
 
@@ -43,56 +41,6 @@ import android.util.Slog;
 @SystemApi
 public class PersistentDataBlockManager {
     private static final String TAG = PersistentDataBlockManager.class.getSimpleName();
-
-    /**
-     * Broadcast action that will be called when the {@link #wipeIfAllowed(Bundle,PendingIntent)}
-     * method is called.  A broadcast with this action will be sent to the package allowed to write
-     * to the persistent data block. Packages receiving this broadcasts should respond by using the
-     * {@link android.app.PendingIntent} sent in the {@link #EXTRA_WIPE_IF_ALLOWED_CALLBACK} extra.
-     */
-    public static final String ACTION_WIPE_IF_ALLOWED
-            = "android.service.persistentdata.action.WIPE_IF_ALLOWED";
-
-    /**
-     * A {@link android.os.Parcelable} extra of type {@link android.app.PendingIntent} used to
-     * response to {@link #wipeIfAllowed(Bundle,PendingIntent)}. This extra will set in broadcasts
-     * with an action of {@link #ACTION_WIPE_IF_ALLOWED}.
-     */
-    public static final String EXTRA_WIPE_IF_ALLOWED_CALLBACK
-            = "android.service.persistentdata.extra.WIPE_IF_ALLOWED_CALLBACK";
-
-    /**
-     * Result code indicating that the data block was wiped.
-     *
-     * <p>This value is set as result code of the {@link android.app.PendingIntent} argument to
-     * {@link #wipeIfAllowed(Bundle,PendingIntent)}
-     */
-    public static final int STATUS_SUCCESS = 0;
-
-    /**
-     * Result code indicating that a remote exception was received while processing the request.
-     *
-     * <p>This value is set as result code of the {@link android.app.PendingIntent} argument to
-     * {@link #wipeIfAllowed(Bundle,PendingIntent)}
-     */
-    public static final int STATUS_ERROR_REMOTE_EXCEPTION = 1;
-
-    /**
-     * Result code indicating that a network error occurred while processing the request.
-     *
-     * <p>This value is set as result code of the {@link android.app.PendingIntent} argument to
-     * {@link #wipeIfAllowed(Bundle,PendingIntent)}
-     */
-    public static final int STATUS_ERROR_NETWORK_ERROR = 2;
-
-    /**
-     * Result code indicating that the data block could not be cleared with the provided data.
-     *
-     * <p>This value is set as result code of the {@link android.app.PendingIntent} argument to
-     * {@link #wipeIfAllowed(Bundle,PendingIntent)}
-     */
-    public static final int STATUS_ERROR_NOT_COMPLIANT = 3;
-
     private IPersistentDataBlockService sService;
 
     public PersistentDataBlockManager(IPersistentDataBlockService service) {
@@ -169,28 +117,6 @@ public class PersistentDataBlockManager {
         }
     }
 
-    /**
-     * Attempt to wipe the data block by sending a broadcast to the package allowed to modify the
-     * datablock. The allowed package can refuse to wipe the data block based on the contents of
-     * the specified bundle. This bundle may contain data used by the allowed package to wipe the
-     * partition such as account credentials or an authorization token.
-     * @param bundle data used to wipe the data block. The contents of this bundle depend on the
-     *    allowed package receiving the data.
-     * @param pi intent called when attempt finished. The result code of this intent will be set
-     *    to one of {@link #STATUS_SUCCESS}, {@link #STATUS_ERROR_REMOTE_EXCEPTION},
-     *    {@link #STATUS_ERROR_NETWORK_ERROR}, or {@link #STATUS_ERROR_NOT_COMPLIANT}.
-     */
-    public void wipeIfAllowed(Bundle bundle, PendingIntent pi) {
-        if (pi == null) {
-            throw new NullPointerException();
-        }
-        try {
-            sService.wipeIfAllowed(bundle, pi);
-        } catch (RemoteException e) {
-            onError("wiping persistent partition");
-        }
-    }
-
     /**
      * Writes a byte enabling or disabling the ability to "OEM unlock" the device.
      */

core/res/AndroidManifest.xml

@@ -316,8 +316,6 @@
     <protected-broadcast android:name="android.intent.action.ACTION_SET_RADIO_CAPABILITY_FAILED" />
 
     <protected-broadcast android:name="android.internal.policy.action.BURN_IN_PROTECTION" />
-    <protected-broadcast android:name="android.service.persistentdata.action.WIPE_IF_ALLOWED" />
-
     <protected-broadcast android:name="android.app.action.SYSTEM_UPDATE_POLICY_CHANGED" />
     <!-- ====================================================================== -->
     <!--                          RUNTIME PERMISSIONS                           -->

services/core/java/com/android/server/PersistentDataBlockService.java

@@ -18,18 +18,14 @@ package com.android.server;
 
 import android.Manifest;
 import android.app.ActivityManager;
-import android.app.PendingIntent;
 import android.content.Context;
-import android.content.Intent;
 import android.content.pm.PackageManager;
 import android.os.Binder;
-import android.os.Bundle;
 import android.os.IBinder;
 import android.os.RemoteException;
 import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.service.persistentdata.IPersistentDataBlockService;
-import android.service.persistentdata.PersistentDataBlockManager;
 import android.util.Slog;
 
 import com.android.internal.R;
@@ -431,29 +427,6 @@ public class PersistentDataBlockService extends SystemService {
             }
         }
 
-        @Override
-        public void wipeIfAllowed(Bundle bundle, PendingIntent pi) {
-            // Should only be called by owner
-            if (UserHandle.getCallingUserId() != UserHandle.USER_OWNER) {
-                throw new SecurityException("Only the Owner is allowed to wipe");
-            }
-            // Caller must be able to query the the state of the PersistentDataBlock
-            enforcePersistentDataBlockAccess();
-            String allowedPackage = mContext.getResources()
-                    .getString(R.string.config_persistentDataPackageName);
-            Intent intent = new Intent();
-            intent.setPackage(allowedPackage);
-            intent.setAction(PersistentDataBlockManager.ACTION_WIPE_IF_ALLOWED);
-            intent.putExtras(bundle);
-            intent.putExtra(PersistentDataBlockManager.EXTRA_WIPE_IF_ALLOWED_CALLBACK, pi);
-            long id = Binder.clearCallingIdentity();
-            try {
-                mContext.sendBroadcastAsUser(intent, UserHandle.OWNER);
-            } finally {
-                restoreCallingIdentity(id);
-            }
-        }
-
         @Override
         public void setOemUnlockEnabled(boolean enabled) {
             // do not allow monkey to flip the flag