Merge changes from topics "WPT_279560135", "WPT_DPM_ROLE_HOLDER" into udc-dev

* changes: Remove flag, switch to work profile for sms dialog Throw exception if can't set default sms app on profile DPM role holder to control access managed sub api
author: Ayush Sharma <ayushsha@google.com> 2023-05-12 14:48:28 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-05-12 14:48:28 +0000
commit: a1f45f65ac2c277dbbeb6293bb50aad70cd2cc53 (patch)
tree: cfc3d3ab240abe27a058a933caafa332f5c21d4a
parent: 4cc3a86ba6514788c298d2a7552cb3918b46b0d8 (diff)
parent: a63a2f3e63a5bb53e56db2a98f7b1774ecb37a4c (diff)
5 files changed, 50 insertions, 58 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index e9fb8110b4b2..59b59784b780 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -9862,6 +9862,9 @@ public class DevicePolicyManager {
      *                                  profile owner of an organization-owned managed profile.
      * @throws IllegalArgumentException if called on the parent profile and the package
      *                                  provided is not a pre-installed system package.
+     * @throws IllegalStateException while trying to set default sms app on the profile and
+     *                             {@link ManagedSubscriptionsPolicy#TYPE_ALL_MANAGED_SUBSCRIPTIONS}
+     *                             policy is not set.
      */
     @RequiresPermission(value = MANAGE_DEVICE_POLICY_DEFAULT_SMS, conditional = true)
     public void setDefaultSmsApplication(@Nullable ComponentName admin,
diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index a42af1af2d46..fd5e206990db 100644
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -12446,6 +12446,17 @@ public final class Settings {
                 "bypass_device_policy_management_role_qualifications";
 
         /**
+         * Whether work profile telephony feature is enabled for non
+         * {@link android.app.role.RoleManager#ROLE_DEVICE_POLICY_MANAGEMENT} holders.
+         * ("0" = false, "1" = true).
+         *
+         * @hide
+         */
+        @Readable
+        public static final String ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS =
+                "allow_work_profile_telephony_for_non_dpm_role_holders";
+
+        /**
          * Indicates whether mobile data should be allowed while the device is being provisioned.
          * This allows the provisioning process to turn off mobile data before the user
          * has an opportunity to set things up, preventing other processes from burning
diff --git a/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java b/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
index 9d3620eb29a9..ef4b81491ce1 100644
--- a/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
+++ b/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
@@ -116,6 +116,7 @@ public class SettingsBackupTest {
                     Settings.Global.ADD_USERS_WHEN_LOCKED,
                     Settings.Global.AIRPLANE_MODE_ON,
                     Settings.Global.AIRPLANE_MODE_RADIOS,
+                    Settings.Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS,
                     Settings.Global.SATELLITE_MODE_RADIOS,
                     Settings.Global.SATELLITE_MODE_ENABLED,
                     Settings.Global.AIRPLANE_MODE_TOGGLEABLE_RADIOS,
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 324e2602f384..4f29abff69ee 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -232,7 +232,6 @@ import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPR
 import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPRISE_NO_FALLBACK;
 import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
 import static android.provider.DeviceConfig.NAMESPACE_DEVICE_POLICY_MANAGER;
-import static android.provider.DeviceConfig.NAMESPACE_TELEPHONY;
 import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;
 import static android.provider.Settings.Secure.MANAGED_PROVISIONING_DPC_DOWNLOADED;
 import static android.provider.Settings.Secure.USER_SETUP_COMPLETE;
@@ -876,10 +875,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     private static final String KEEP_PROFILES_RUNNING_FLAG = "enable_keep_profiles_running";
     public static final boolean DEFAULT_KEEP_PROFILES_RUNNING_FLAG = true;
 
-    private static final String ENABLE_WORK_PROFILE_TELEPHONY_FLAG =
-            "enable_work_profile_telephony";
-    private static final boolean DEFAULT_WORK_PROFILE_TELEPHONY_FLAG = false;
-
     // TODO(b/261999445) remove the flag after rollout.
     private static final String HEADLESS_FLAG = "headless";
     private static final boolean DEFAULT_HEADLESS_FLAG = true;
@@ -3376,9 +3371,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 onLockSettingsReady();
                 loadAdminDataAsync();
                 mOwners.systemReady();
-                if (isWorkProfileTelephonyEnabled()) {
-                    applyManagedSubscriptionsPolicyIfRequired();
-                }
+                applyManagedSubscriptionsPolicyIfRequired();
                 break;
             case SystemService.PHASE_ACTIVITY_MANAGER_READY:
                 synchronized (getLockObject()) {
@@ -3409,9 +3402,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             unregisterOnSubscriptionsChangedListener();
             int policyType = getManagedSubscriptionsPolicy().getPolicyType();
             if (policyType == ManagedSubscriptionsPolicy.TYPE_ALL_PERSONAL_SUBSCRIPTIONS) {
-                final int parentUserId = getProfileParentId(copeProfileUserId);
-                // By default, assign all current and future subs to system user on COPE devices.
-                registerListenerToAssignSubscriptionsToUser(parentUserId);
+                clearManagedSubscriptionsPolicy();
             } else if (policyType == ManagedSubscriptionsPolicy.TYPE_ALL_MANAGED_SUBSCRIPTIONS) {
                 // Add listener to assign all current and future subs to managed profile.
                 registerListenerToAssignSubscriptionsToUser(copeProfileUserId);
@@ -7718,11 +7709,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
         mLockSettingsInternal.refreshStrongAuthTimeout(parentId);
 
-        if (isWorkProfileTelephonyEnabled()) {
-            clearManagedSubscriptionsPolicy();
-            clearLauncherShortcutOverrides();
-            updateTelephonyCrossProfileIntentFilters(parentId, UserHandle.USER_NULL, false);
-        }
+        clearManagedSubscriptionsPolicy();
+        clearLauncherShortcutOverrides();
+        updateTelephonyCrossProfileIntentFilters(parentId, UserHandle.USER_NULL, false);
+
         Slogf.i(LOG_TAG, "Cleaning up device-wide policies done.");
     }
 
@@ -11334,11 +11324,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             synchronized (mSubscriptionsChangedListenerLock) {
                 pw.println("Subscription changed listener : " + mSubscriptionsChangedListener);
             }
-            pw.println("DPM Flag enable_work_profile_telephony : "
-                    + isWorkProfileTelephonyDevicePolicyManagerFlagEnabled());
-            pw.println("Telephony Flag enable_work_profile_telephony : "
-                    + isWorkProfileTelephonySubscriptionManagerFlagEnabled());
 
+            pw.println("DPM global setting ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS : "
+                    + mInjector.settingsGlobalGetString(
+                    Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS));
             mHandler.post(() -> handleDump(pw));
             dumpResources(pw);
         }
@@ -11580,6 +11569,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
                     || isProfileOwnerOfOrganizationOwnedDevice(caller));
         }
+
+        if (!parent && isManagedProfile(caller.getUserId())
+                && getManagedSubscriptionsPolicy().getPolicyType()
+                != ManagedSubscriptionsPolicy.TYPE_ALL_MANAGED_SUBSCRIPTIONS) {
+            throw new IllegalStateException(
+                    "Default sms application can only be set on the profile, when "
+                            + "ManagedSubscriptions policy is set");
+        }
+
         if (parent) {
             userId = getProfileParentId(mInjector.userHandleGetCallingUserId());
             mInjector.binderWithCleanCallingIdentity(() -> enforcePackageIsSystemPackage(
@@ -15197,8 +15195,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
     @Override
     public void setGlobalSetting(ComponentName who, String setting, String value) {
-        Objects.requireNonNull(who, "ComponentName is null");
         final CallerIdentity caller = getCallerIdentity(who);
+        if (Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS.equals(setting)) {
+            Preconditions.checkCallAuthorization(isCallerDevicePolicyManagementRoleHolder(caller));
+            mInjector.binderWithCleanCallingIdentity(
+                    () -> mInjector.settingsGlobalPutString(setting, value));
+            return;
+        }
+        Objects.requireNonNull(who, "ComponentName is null");
         Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
 
         DevicePolicyEventLogger
@@ -23791,26 +23795,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         suspendAppsForQuietProfiles(keepProfileRunning);
     }
 
-    private boolean isWorkProfileTelephonyEnabled() {
-        return isWorkProfileTelephonyDevicePolicyManagerFlagEnabled()
-                && isWorkProfileTelephonySubscriptionManagerFlagEnabled();
-    }
-
-    private boolean isWorkProfileTelephonyDevicePolicyManagerFlagEnabled() {
-        return DeviceConfig.getBoolean(NAMESPACE_DEVICE_POLICY_MANAGER,
-                ENABLE_WORK_PROFILE_TELEPHONY_FLAG, DEFAULT_WORK_PROFILE_TELEPHONY_FLAG);
-    }
-
-    private boolean isWorkProfileTelephonySubscriptionManagerFlagEnabled() {
-        final long ident = mInjector.binderClearCallingIdentity();
-        try {
-            return DeviceConfig.getBoolean(NAMESPACE_TELEPHONY, ENABLE_WORK_PROFILE_TELEPHONY_FLAG,
-                    false);
-        } finally {
-            mInjector.binderRestoreCallingIdentity(ident);
-        }
-    }
-
     @Override
     public void setOverrideKeepProfilesRunning(boolean enabled) {
         Preconditions.checkCallAuthorization(
@@ -23921,12 +23905,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
     @Override
     public ManagedSubscriptionsPolicy getManagedSubscriptionsPolicy() {
-        if (isWorkProfileTelephonyEnabled()) {
-            synchronized (getLockObject()) {
-                ActiveAdmin admin = getProfileOwnerOfOrganizationOwnedDeviceLocked();
-                if (admin != null && admin.mManagedSubscriptionsPolicy != null) {
-                    return admin.mManagedSubscriptionsPolicy;
-                }
+        synchronized (getLockObject()) {
+            ActiveAdmin admin = getProfileOwnerOfOrganizationOwnedDeviceLocked();
+            if (admin != null && admin.mManagedSubscriptionsPolicy != null) {
+                return admin.mManagedSubscriptionsPolicy;
             }
         }
         return new ManagedSubscriptionsPolicy(
@@ -23935,10 +23917,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
     @Override
     public void setManagedSubscriptionsPolicy(ManagedSubscriptionsPolicy policy) {
-        if (!isWorkProfileTelephonyEnabled()) {
+        CallerIdentity caller = getCallerIdentity();
+
+        if (!isCallerDevicePolicyManagementRoleHolder(caller)
+                && !Objects.equals(mInjector.settingsGlobalGetString(
+                        Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS), "1")) {
             throw new UnsupportedOperationException("This api is not enabled");
         }
-        CallerIdentity caller = getCallerIdentity();
+
         Preconditions.checkCallAuthorization(isProfileOwnerOfOrganizationOwnedDevice(caller),
                 "This policy can only be set by a profile owner on an organization-owned "
                         + "device.");
diff --git a/telephony/common/com/android/internal/telephony/util/TelephonyUtils.java b/telephony/common/com/android/internal/telephony/util/TelephonyUtils.java
index f9b76f4907cf..9a8c9655375d 100644
--- a/telephony/common/com/android/internal/telephony/util/TelephonyUtils.java
+++ b/telephony/common/com/android/internal/telephony/util/TelephonyUtils.java
@@ -32,7 +32,6 @@ import android.os.RemoteException;
 import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.os.UserManager;
-import android.provider.DeviceConfig;
 import android.telephony.SubscriptionManager;
 import android.telephony.TelephonyFrameworkInitializer;
 import android.telephony.TelephonyManager;
@@ -262,9 +261,6 @@ public final class TelephonyUtils {
      */
     public static void showSwitchToManagedProfileDialogIfAppropriate(Context context,
             int subId, int callingUid, String callingPackage) {
-        if (!isSwitchToManagedProfileDialogFlagEnabled()) {
-            return;
-        }
         final long token = Binder.clearCallingIdentity();
         try {
             UserHandle callingUserHandle = UserHandle.getUserHandleForUid(callingUid);
@@ -302,11 +298,6 @@ public final class TelephonyUtils {
         }
     }
 
-    public static boolean isSwitchToManagedProfileDialogFlagEnabled() {
-        return DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_DEVICE_POLICY_MANAGER,
-                "enable_switch_to_managed_profile_dialog", false);
-    }
-
     private static boolean isUidForeground(Context context, int uid) {
         ActivityManager am = context.getSystemService(ActivityManager.class);
         boolean result = am != null && am.getUidImportance(uid)
author	Ayush Sharma <ayushsha@google.com>	2023-05-12 14:48:28 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-05-12 14:48:28 +0000
commit	a1f45f65ac2c277dbbeb6293bb50aad70cd2cc53 (patch)
tree	cfc3d3ab240abe27a058a933caafa332f5c21d4a
parent	4cc3a86ba6514788c298d2a7552cb3918b46b0d8 (diff)
parent	a63a2f3e63a5bb53e56db2a98f7b1774ecb37a4c (diff)