Merge "Persist bypassDevicePolicyMmanagementRoleQualification in global setting" into tm-dev

author: Kholoud Mohamed <kholoudm@google.com> 2022-03-28 16:44:18 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2022-03-28 16:44:18 +0000
commit: bc16160052c93a78e380cee85871f98bc199e0f9 (patch)
tree: 0539529179baf0c6120e04ba3729520417446473
parent: adf9921ee47e8d0a878e9e2b07ff6090f36ff610 (diff)
parent: cfe99b77740f8475cd20b025c3a6eb84192888e7 (diff)
3 files changed, 29 insertions, 5 deletions
diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index d26ca92dbfc4..6e6581790649 100644
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -11482,6 +11482,15 @@ public final class Settings {
         public static final String DEVICE_PROVISIONED = "device_provisioned";
 
         /**
+         * Whether bypassing the device policy management role holder qualifcation is allowed,
+         * (0 = false, 1 = true).
+         *
+         * @hide
+         */
+        public static final String BYPASS_DEVICE_POLICY_MANAGEMENT_ROLE_QUALIFICATIONS =
+                "bypass_device_policy_management_role_qualifications";
+
+        /**
          * Indicates whether mobile data should be allowed while the device is being provisioned.
          * This allows the provisioning process to turn off mobile data before the user
          * has an opportunity to set things up, preventing other processes from burning
diff --git a/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java b/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
index 057a9b05de58..e358b16d6ed4 100644
--- a/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
+++ b/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
@@ -236,6 +236,7 @@ public class SettingsBackupTest {
                     Settings.Global.DEVICE_NAME,
                     Settings.Global.DEVICE_POLICY_CONSTANTS,
                     Settings.Global.DEVICE_PROVISIONED,
+                    Settings.Global.BYPASS_DEVICE_POLICY_MANAGEMENT_ROLE_QUALIFICATIONS,
                     Settings.Global.DEVICE_PROVISIONING_MOBILE_DATA_ENABLED,
                     Settings.Global.DISK_FREE_CHANGE_REPORTING_THRESHOLD,
                     Settings.Global.DISPLAY_PANEL_LPM,
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 20392c378636..17b44e3c0d64 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -138,6 +138,7 @@ import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_DEFAULT
 import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPRISE;
 import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPRISE_NO_FALLBACK;
 import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
+import static android.provider.Settings.Global.BYPASS_DEVICE_POLICY_MANAGEMENT_ROLE_QUALIFICATIONS;
 import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;
 import static android.provider.Settings.Secure.MANAGED_PROVISIONING_DPC_DOWNLOADED;
 import static android.provider.Settings.Secure.USER_SETUP_COMPLETE;
@@ -18776,15 +18777,28 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
                 android.Manifest.permission.MANAGE_ROLE_HOLDERS));
         return mInjector.binderWithCleanCallingIdentity(() -> {
-            if (mUserManager.getUserCount() > 1) {
-                return false;
+            if (mInjector.settingsGlobalGetInt(
+                    BYPASS_DEVICE_POLICY_MANAGEMENT_ROLE_QUALIFICATIONS, /* def= */ 0) == 1) {
+                return true;
             }
-            AccountManager am = AccountManager.get(mContext);
-            Account[] accounts = am.getAccounts();
-            return accounts.length == 0;
+            if (shouldAllowBypassingDevicePolicyManagementRoleQualificationInternal()) {
+                mInjector.settingsGlobalPutInt(
+                        BYPASS_DEVICE_POLICY_MANAGEMENT_ROLE_QUALIFICATIONS, /* value= */ 1);
+                return true;
+            }
+            return false;
         });
     }
 
+    private boolean shouldAllowBypassingDevicePolicyManagementRoleQualificationInternal() {
+        if (mUserManager.getUserCount() > 1) {
+            return false;
+        }
+        AccountManager am = AccountManager.get(mContext);
+        Account[] accounts = am.getAccounts();
+        return accounts.length == 0;
+    }
+
     @Override
     public List<UserHandle> getPolicyManagedProfiles(@NonNull UserHandle user) {
         Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
author	Kholoud Mohamed <kholoudm@google.com>	2022-03-28 16:44:18 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2022-03-28 16:44:18 +0000
commit	bc16160052c93a78e380cee85871f98bc199e0f9 (patch)
tree	0539529179baf0c6120e04ba3729520417446473
parent	adf9921ee47e8d0a878e9e2b07ff6090f36ff610 (diff)
parent	cfe99b77740f8475cd20b025c3a6eb84192888e7 (diff)