From 93f8fd714ad89067bf81d2ce8be3b2f2e816dee2 Mon Sep 17 00:00:00 2001 From: Sudheer Shanka Date: Thu, 5 May 2016 13:14:24 -0700 Subject: [PATCH] Update RestrictedLockUtils to use UM.getUserRestrictionSource. Bug: 28269827 Change-Id: Ib4a1441b71986ca6637a9236136b60e18dbc1643 --- api/system-current.txt | 8 +-- .../app/admin/DevicePolicyManager.java | 20 ------- .../app/admin/IDevicePolicyManager.aidl | 1 - .../settingslib/RestrictedLockUtils.java | 56 ++++++++----------- .../DevicePolicyManagerService.java | 17 ------ 5 files changed, 26 insertions(+), 76 deletions(-) diff --git a/api/system-current.txt b/api/system-current.txt index 911fc2b40890f..03a4b77a89da3 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -31762,6 +31762,7 @@ package android.os { method public android.os.UserHandle getUserForSerialNumber(long); method public java.lang.String getUserName(); method public java.util.List getUserProfiles(); + method public int getUserRestrictionSource(java.lang.String, android.os.UserHandle); method public android.os.Bundle getUserRestrictions(); method public android.os.Bundle getUserRestrictions(android.os.UserHandle); method public boolean hasUserRestriction(java.lang.String); @@ -31779,7 +31780,6 @@ package android.os { method public deprecated void setUserRestrictions(android.os.Bundle); method public deprecated void setUserRestrictions(android.os.Bundle, android.os.UserHandle); method public static boolean supportsMultipleUsers(); - method public int getUserRestrictionSource(java.lang.String, android.os.UserHandle); field public static final java.lang.String ALLOW_PARENT_PROFILE_APP_LINKING = "allow_parent_profile_app_linking"; field public static final java.lang.String DISALLOW_ADD_USER = "no_add_user"; field public static final java.lang.String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; @@ -31815,12 +31815,12 @@ package android.os { field public static final java.lang.String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; field public static final java.lang.String ENSURE_VERIFY_APPS = "ensure_verify_apps"; field public static final java.lang.String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; - field public static final int USER_CREATION_FAILED_NOT_PERMITTED = 1; // 0x1 - field public static final int USER_CREATION_FAILED_NO_MORE_USERS = 2; // 0x2 field public static final int RESTRICTION_NOT_SET = 0; // 0x0 - field public static final int RESTRICTION_SOURCE_SYSTEM = 1; // 0x1 field public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 2; // 0x2 field public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 4; // 0x4 + field public static final int RESTRICTION_SOURCE_SYSTEM = 1; // 0x1 + field public static final int USER_CREATION_FAILED_NOT_PERMITTED = 1; // 0x1 + field public static final int USER_CREATION_FAILED_NO_MORE_USERS = 2; // 0x2 } public static abstract class UserManager.UserRestrictionSource implements java.lang.annotation.Annotation { diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index f78ed1e032b71..a672d8097d3b8 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -5061,26 +5061,6 @@ public class DevicePolicyManager { return ret == null ? new Bundle() : ret; } - /** - * Called by the system to get the user restrictions for a user. - * - * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @param userHandle user id the admin is running as. - * - * @hide - */ - public Bundle getUserRestrictionsForUser(@NonNull ComponentName admin, int userHandle) { - Bundle ret = null; - if (mService != null) { - try { - ret = mService.getUserRestrictionsForUser(admin, userHandle); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } - } - return ret == null ? new Bundle() : ret; - } - /** * Called by profile or device owners to hide or unhide packages. When a package is hidden it is * unavailable for use, but the data and actual package file remain. diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 447ee29bd967e..ddec412e53c14 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -174,7 +174,6 @@ interface IDevicePolicyManager { void setUserRestriction(in ComponentName who, in String key, boolean enable); Bundle getUserRestrictions(in ComponentName who); - Bundle getUserRestrictionsForUser(in ComponentName who, int userId); void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags); void clearCrossProfileIntentFilters(in ComponentName admin); diff --git a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java index 3c32615d5b057..8e43bffbbfdce 100644 --- a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java +++ b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java @@ -24,7 +24,6 @@ import android.content.Intent; import android.content.pm.IPackageManager; import android.content.pm.UserInfo; import android.graphics.drawable.Drawable; -import android.os.Bundle; import android.os.RemoteException; import android.os.UserHandle; import android.os.UserManager; @@ -74,45 +73,31 @@ public class RestrictedLockUtils { if (dpm == null) { return null; } - ComponentName deviceOwner = dpm.getDeviceOwnerComponentOnAnyUser(); - int deviceOwnerUserId = dpm.getDeviceOwnerUserId(); - boolean enforcedByDeviceOwner = false; - if (deviceOwner != null && deviceOwnerUserId != UserHandle.USER_NULL) { - Bundle enforcedRestrictions = - dpm.getUserRestrictionsForUser(deviceOwner, deviceOwnerUserId); - if (enforcedRestrictions != null - && enforcedRestrictions.getBoolean(userRestriction, false)) { - enforcedByDeviceOwner = true; - } - } + UserManager um = UserManager.get(context); + int restrictionSource = um.getUserRestrictionSource(userRestriction, + UserHandle.of(userId)); - ComponentName profileOwner = null; - boolean enforcedByProfileOwner = false; - if (userId != UserHandle.USER_NULL) { - profileOwner = dpm.getProfileOwnerAsUser(userId); - if (profileOwner != null) { - Bundle enforcedRestrictions = - dpm.getUserRestrictionsForUser(profileOwner, userId); - if (enforcedRestrictions != null - && enforcedRestrictions.getBoolean(userRestriction, false)) { - enforcedByProfileOwner = true; - } - } - } - - if (!enforcedByDeviceOwner && !enforcedByProfileOwner) { + // If the restriction is not enforced or enforced only by system then return null + if (restrictionSource == UserManager.RESTRICTION_NOT_SET + || restrictionSource == UserManager.RESTRICTION_SOURCE_SYSTEM) { return null; } - EnforcedAdmin admin = null; - if (enforcedByDeviceOwner && enforcedByProfileOwner) { - admin = new EnforcedAdmin(); + final boolean enforcedByProfileOwner = + (restrictionSource & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0; + final boolean enforcedByDeviceOwner = + (restrictionSource & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0; + if (enforcedByProfileOwner) { + return getProfileOwner(context, userId); } else if (enforcedByDeviceOwner) { - admin = new EnforcedAdmin(deviceOwner, deviceOwnerUserId); - } else { - admin = new EnforcedAdmin(profileOwner, userId); + // When the restriction is enforced by device owner, return the device owner admin only + // if the admin is for the {@param userId} otherwise return a default EnforcedAdmin. + final EnforcedAdmin deviceOwner = getDeviceOwner(context); + return deviceOwner.userId == userId + ? deviceOwner + : EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; } - return admin; + return null; } public static boolean hasBaseUserRestriction(Context context, @@ -479,6 +464,9 @@ public class RestrictedLockUtils { public static EnforcedAdmin checkIfMaximumTimeToLockIsSet(Context context) { final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); + if (dpm == null) { + return null; + } LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; final int userId = UserHandle.myUserId(); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index f729ac4b8f11b..a5eb0b217d1f9 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -7314,23 +7314,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - @Override - public Bundle getUserRestrictionsForUser(ComponentName who, int userHandle) { - if (!mHasFeature) { - return null; - } - Preconditions.checkNotNull(who, "ComponentName is null"); - enforceFullCrossUsersPermission(userHandle); - enforceCanManageProfileAndDeviceOwners(); - synchronized (this) { - ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(who, userHandle); - if (activeAdmin == null) { - return null; - } - return activeAdmin.userRestrictions; - } - } - @Override public boolean setApplicationHidden(ComponentName who, String packageName, boolean hidden) {