mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-23 22:01:08 -05:00
175 lines
8.7 KiB
Diff
175 lines
8.7 KiB
Diff
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Jonathan Scott <scottjonathan@google.com>
|
||
|
Date: Tue, 5 Apr 2022 18:47:56 +0000
|
||
|
Subject: [PATCH] RESTRICT AUTOMERGE Add finalizeWorkProfileProvisioning.
|
||
|
|
||
|
Test: atest android.devicepolicy.cts.DevicePolicyManagerTest
|
||
|
Bug: 210469972
|
||
|
Change-Id: I2de99f9ccd8b27ffdc2562fa451f132e73d54317
|
||
|
(cherry picked from commit c5037ec63cdc72846082a66e72b34cf5067a6046)
|
||
|
Merged-In: I2de99f9ccd8b27ffdc2562fa451f132e73d54317
|
||
|
---
|
||
|
.../app/admin/DevicePolicyManager.java | 21 ++++++++++++
|
||
|
.../app/admin/IDevicePolicyManager.aidl | 3 ++
|
||
|
core/res/AndroidManifest.xml | 1 +
|
||
|
.../BaseIDevicePolicyManager.java | 6 ++++
|
||
|
.../DevicePolicyManagerService.java | 33 +++++++++++++++++++
|
||
|
5 files changed, 64 insertions(+)
|
||
|
|
||
|
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
|
||
|
index f298bc6992b0..485ce78c3320 100644
|
||
|
--- a/core/java/android/app/admin/DevicePolicyManager.java
|
||
|
+++ b/core/java/android/app/admin/DevicePolicyManager.java
|
||
|
@@ -16,6 +16,7 @@
|
||
|
|
||
|
package android.app.admin;
|
||
|
|
||
|
+import android.accounts.Account;
|
||
|
import android.annotation.CallbackExecutor;
|
||
|
import android.annotation.ColorInt;
|
||
|
import android.annotation.IntDef;
|
||
|
@@ -136,6 +137,26 @@ public class DevicePolicyManager {
|
||
|
this(context, service, false);
|
||
|
}
|
||
|
|
||
|
+ /**
|
||
|
+ * Called when a managed profile has been provisioned.
|
||
|
+ *
|
||
|
+ * @throws SecurityException if the caller does not hold
|
||
|
+ * {@link android.Manifest.permission#MANAGE_PROFILE_AND_DEVICE_OWNERS}.
|
||
|
+ * @hide
|
||
|
+ */
|
||
|
+ @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)
|
||
|
+ public void finalizeWorkProfileProvisioning(
|
||
|
+ @NonNull UserHandle managedProfileUser, @Nullable Account migratedAccount) {
|
||
|
+ if (mService == null) {
|
||
|
+ throw new IllegalStateException("Could not find DevicePolicyManagerService");
|
||
|
+ }
|
||
|
+ try {
|
||
|
+ mService.finalizeWorkProfileProvisioning(managedProfileUser, migratedAccount);
|
||
|
+ } catch (RemoteException e) {
|
||
|
+ throw e.rethrowFromSystemServer();
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
/** @hide */
|
||
|
@VisibleForTesting
|
||
|
protected DevicePolicyManager(Context context, IDevicePolicyManager service,
|
||
|
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
|
||
|
index 096427451662..64b8eaa359aa 100644
|
||
|
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
|
||
|
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
|
||
|
@@ -17,6 +17,7 @@
|
||
|
|
||
|
package android.app.admin;
|
||
|
|
||
|
+import android.accounts.Account;
|
||
|
import android.app.admin.NetworkEvent;
|
||
|
import android.app.IApplicationThread;
|
||
|
import android.app.IServiceConnection;
|
||
|
@@ -85,6 +86,8 @@ interface IDevicePolicyManager {
|
||
|
int getCurrentFailedPasswordAttempts(int userHandle, boolean parent);
|
||
|
int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent);
|
||
|
|
||
|
+ void finalizeWorkProfileProvisioning(in UserHandle managedProfileUser, in Account migratedAccount);
|
||
|
+
|
||
|
void setMaximumFailedPasswordsForWipe(in ComponentName admin, int num, boolean parent);
|
||
|
int getMaximumFailedPasswordsForWipe(in ComponentName admin, int userHandle, boolean parent);
|
||
|
|
||
|
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||
|
index af1a6fa9e3c5..0aafab66dabd 100644
|
||
|
--- a/core/res/AndroidManifest.xml
|
||
|
+++ b/core/res/AndroidManifest.xml
|
||
|
@@ -91,6 +91,7 @@
|
||
|
<protected-broadcast android:name="android.intent.action.USER_ACTIVITY_NOTIFICATION" />
|
||
|
<protected-broadcast android:name="android.intent.action.MY_PACKAGE_SUSPENDED" />
|
||
|
<protected-broadcast android:name="android.intent.action.MY_PACKAGE_UNSUSPENDED" />
|
||
|
+ <protected-broadcast android:name="android.app.action.MANAGED_PROFILE_PROVISIONED" />
|
||
|
|
||
|
<protected-broadcast android:name="android.os.action.POWER_SAVE_MODE_CHANGED" />
|
||
|
<protected-broadcast android:name="android.os.action.POWER_SAVE_MODE_CHANGING" />
|
||
|
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
||
|
index 1c9782fa5565..af1735f6e26e 100644
|
||
|
--- a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
||
|
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
||
|
@@ -15,10 +15,12 @@
|
||
|
*/
|
||
|
package com.android.server.devicepolicy;
|
||
|
|
||
|
+import android.accounts.Account;
|
||
|
import android.annotation.UserIdInt;
|
||
|
import android.app.admin.IDevicePolicyManager;
|
||
|
import android.content.ComponentName;
|
||
|
import android.os.PersistableBundle;
|
||
|
+import android.os.UserHandle;
|
||
|
import android.security.keymaster.KeymasterCertificateChain;
|
||
|
import android.security.keystore.ParcelableKeyGenParameterSpec;
|
||
|
import android.telephony.data.ApnSetting;
|
||
|
@@ -159,4 +161,8 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub {
|
||
|
@Override
|
||
|
public void setDefaultSmsApplication(ComponentName admin, String packageName) {
|
||
|
}
|
||
|
+
|
||
|
+ public void finalizeWorkProfileProvisioning(
|
||
|
+ UserHandle managedProfileUser, Account migratedAccount) {
|
||
|
+ }
|
||
|
}
|
||
|
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||
|
index 3a183865ead3..d7539e11bea9 100644
|
||
|
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||
|
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
||
|
@@ -20,6 +20,7 @@ import static android.Manifest.permission.BIND_DEVICE_ADMIN;
|
||
|
import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;
|
||
|
import static android.app.ActivityManager.LOCK_TASK_MODE_NONE;
|
||
|
import static android.app.admin.DeviceAdminReceiver.EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE;
|
||
|
+import static android.app.admin.DevicePolicyManager.ACTION_MANAGED_PROFILE_PROVISIONED;
|
||
|
import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_USER;
|
||
|
import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY;
|
||
|
import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED;
|
||
|
@@ -45,6 +46,7 @@ import static android.app.admin.DevicePolicyManager.DELEGATION_INSTALL_EXISTING_
|
||
|
import static android.app.admin.DevicePolicyManager.DELEGATION_KEEP_UNINSTALLED_PACKAGES;
|
||
|
import static android.app.admin.DevicePolicyManager.DELEGATION_PACKAGE_ACCESS;
|
||
|
import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT;
|
||
|
+import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE;
|
||
|
import static android.app.admin.DevicePolicyManager.ID_TYPE_BASE_INFO;
|
||
|
import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI;
|
||
|
import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID;
|
||
|
@@ -8878,6 +8880,37 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+ @Override
|
||
|
+ public void finalizeWorkProfileProvisioning(UserHandle managedProfileUser,
|
||
|
+ Account migratedAccount) {
|
||
|
+ if (mContext.checkCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)
|
||
|
+ != PackageManager.PERMISSION_GRANTED) {
|
||
|
+ throw new SecurityException("Calling identity is not authorized");
|
||
|
+ }
|
||
|
+
|
||
|
+ if (!isManagedProfile(managedProfileUser.getIdentifier())) {
|
||
|
+ throw new IllegalStateException("Given user is not a managed profile");
|
||
|
+ }
|
||
|
+ ComponentName profileOwnerComponent =
|
||
|
+ mOwners.getProfileOwnerComponent(managedProfileUser.getIdentifier());
|
||
|
+ if (profileOwnerComponent == null) {
|
||
|
+ throw new IllegalStateException("There is no profile owner on the given profile");
|
||
|
+ }
|
||
|
+ Intent primaryProfileSuccessIntent = new Intent(ACTION_MANAGED_PROFILE_PROVISIONED);
|
||
|
+ primaryProfileSuccessIntent.setPackage(profileOwnerComponent.getPackageName());
|
||
|
+ primaryProfileSuccessIntent.addFlags(Intent.FLAG_INCLUDE_STOPPED_PACKAGES
|
||
|
+ | Intent.FLAG_RECEIVER_FOREGROUND);
|
||
|
+ primaryProfileSuccessIntent.putExtra(Intent.EXTRA_USER, managedProfileUser);
|
||
|
+
|
||
|
+ if (migratedAccount != null) {
|
||
|
+ primaryProfileSuccessIntent.putExtra(EXTRA_PROVISIONING_ACCOUNT_TO_MIGRATE,
|
||
|
+ migratedAccount);
|
||
|
+ }
|
||
|
+
|
||
|
+ mContext.sendBroadcastAsUser(primaryProfileSuccessIntent,
|
||
|
+ UserHandle.of(getProfileParentId(managedProfileUser.getIdentifier())));
|
||
|
+ }
|
||
|
+
|
||
|
@Override
|
||
|
public UserHandle createAndManageUser(ComponentName admin, String name,
|
||
|
ComponentName profileOwner, PersistableBundle adminExtras, int flags) {
|