summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/app/admin/DevicePolicyManager.java38
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java41
2 files changed, 61 insertions, 18 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 0a2b42121545..c4a5eea16980 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -11210,7 +11210,9 @@ public class DevicePolicyManager {
* for enterprise use.
*
* An example of a supported preferential network service is the Enterprise
- * slice on 5G networks.
+ * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally
+ * configure enterprise APN to set up data call for the preferential network service.
+ * These APNs can be added using {@link #addOverrideApn}.
*
* By default, preferential network service is disabled on the work profile and
* fully managed devices, on supported carriers and devices.
@@ -11260,7 +11262,9 @@ public class DevicePolicyManager {
* {@see PreferentialNetworkServiceConfig}
*
* An example of a supported preferential network service is the Enterprise
- * slice on 5G networks.
+ * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally
+ * configure enterprise APN to set up data call for the preferential network service.
+ * These APNs can be added using {@link #addOverrideApn}.
*
* By default, preferential network service is disabled on the work profile and fully managed
* devices, on supported carriers and devices. Admins can explicitly enable it with this API.
@@ -13782,18 +13786,13 @@ public class DevicePolicyManager {
}
/**
- * Called by device owner or profile owner to add an override APN.
+ * Called by device owner or managed profile owner to add an override APN.
*
* <p>This method may returns {@code -1} if {@code apnSetting} conflicts with an existing
* override APN. Update the existing conflicted APN with
* {@link #updateOverrideApn(ComponentName, int, ApnSetting)} instead of adding a new entry.
* <p>Two override APNs are considered to conflict when all the following APIs return
* the same values on both override APNs:
- * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
- * Only device owners can add APNs.
- * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
- * Device and profile owners can add enterprise APNs
- * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs.
* <ul>
* <li>{@link ApnSetting#getOperatorNumeric()}</li>
* <li>{@link ApnSetting#getApnName()}</li>
@@ -13808,6 +13807,15 @@ public class DevicePolicyManager {
* <li>{@link ApnSetting#getRoamingProtocol()}</li>
* </ul>
*
+ * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
+ * Only device owners can add APNs.
+ * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
+ * Both device owners and managed profile owners can add enterprise APNs
+ * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs.
+ * Enterprise APNs are specific to the managed profile and do not override any user-configured
+ * VPNs. They are prerequisites for enabling preferential network service on the managed
+ * profile on 4G networks ({@link #setPreferentialNetworkServiceConfigs}).
+ *
* @param admin which {@link DeviceAdminReceiver} this request is associated with
* @param apnSetting the override APN to insert
* @return The {@code id} of inserted override APN. Or {@code -1} when failed to insert into
@@ -13830,7 +13838,7 @@ public class DevicePolicyManager {
}
/**
- * Called by device owner or profile owner to update an override APN.
+ * Called by device owner or managed profile owner to update an override APN.
*
* <p>This method may returns {@code false} if there is no override APN with the given
* {@code apnId}.
@@ -13840,7 +13848,7 @@ public class DevicePolicyManager {
* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
* Only device owners can update APNs.
* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
- * Device and profile owners can update enterprise APNs
+ * Both device owners and managed profile owners can update enterprise APNs
* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can update other type of APNs.
*
* @param admin which {@link DeviceAdminReceiver} this request is associated with
@@ -13867,14 +13875,14 @@ public class DevicePolicyManager {
}
/**
- * Called by device owner or profile owner to remove an override APN.
+ * Called by device owner or managed profile owner to remove an override APN.
*
* <p>This method may returns {@code false} if there is no override APN with the given
* {@code apnId}.
* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
* Only device owners can remove APNs.
* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
- * Device and profile owners can remove enterprise APNs
+ * Both device owners and managed profile owners can remove enterprise APNs
* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can remove other type of APNs.
*
* @param admin which {@link DeviceAdminReceiver} this request is associated with
@@ -13899,7 +13907,8 @@ public class DevicePolicyManager {
}
/**
- * Called by device owner to get all override APNs inserted by device owner.
+ * Called by device owner or managed profile owner to get all override APNs inserted by
+ * device owner or managed profile owner previously using {@link #addOverrideApn}.
*
* @param admin which {@link DeviceAdminReceiver} this request is associated with
* @return A list of override APNs inserted by device owner.
@@ -13924,6 +13933,9 @@ public class DevicePolicyManager {
* <p> Override APNs are separated from other APNs on the device, and can only be inserted or
* modified by the device owner. When enabled, only override APNs are in use, any other APNs
* are ignored.
+ * <p>Note: Enterprise APNs added by managed profile owners do not need to be enabled by
+ * this API. They are part of the preferential network service config and is controlled by
+ * {@link #setPreferentialNetworkServiceConfigs}.
*
* @param admin which {@link DeviceAdminReceiver} this request is associated with
* @param enabled {@code true} if override APNs should be enabled, {@code false} otherwise
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index ceac1023dfb0..8d36d929595f 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -1937,6 +1937,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
updatePasswordQualityCacheForUserGroup(userHandle);
mPolicyCache.onUserRemoved(userHandle);
+ if (isManagedProfile(userHandle)) {
+ clearManagedProfileApnUnchecked();
+ }
isOrgOwned = mOwners.isProfileOwnerOfOrganizationOwnedDevice(userHandle);
mOwners.removeProfileOwner(userHandle);
@@ -8755,6 +8758,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
}
+ private void clearManagedProfileApnUnchecked() {
+ if (!mHasTelephonyFeature) {
+ return;
+ }
+ final List<ApnSetting> apns = getOverrideApnsUnchecked();
+ for (ApnSetting apn : apns) {
+ if (apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
+ removeOverrideApnUnchecked(apn.getId());
+ }
+ }
+ }
+
private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {
mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner");
@@ -12095,6 +12110,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
}
+ private boolean isManagedProfileOwner(CallerIdentity caller) {
+ return isProfileOwner(caller) && isManagedProfile(caller.getUserId());
+ }
+
private boolean isDefaultSupervisor(CallerIdentity caller) {
final String supervisor = mContext.getResources().getString(
com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
@@ -16295,7 +16314,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final CallerIdentity caller = getCallerIdentity(who);
if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
- || isProfileOwner(caller));
+ || isManagedProfileOwner(caller));
} else {
Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
}
@@ -16323,7 +16342,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE
&& apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
- || isProfileOwner(caller));
+ || isManagedProfileOwner(caller));
} else {
Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
}
@@ -16351,7 +16370,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
ApnSetting apn = getApnSetting(apnId);
if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
- || isProfileOwner(caller));
+ || isManagedProfileOwner(caller));
} else {
Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
}
@@ -16396,8 +16415,20 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
- Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
- return getOverrideApnsUnchecked();
+ Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
+ || isManagedProfileOwner(caller));
+ List<ApnSetting> apnSettings = getOverrideApnsUnchecked();
+ if (isProfileOwner(caller)) {
+ List<ApnSetting> apnSettingList = new ArrayList<>();
+ for (ApnSetting apnSetting : apnSettings) {
+ if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
+ apnSettingList.add(apnSetting);
+ }
+ }
+ return apnSettingList;
+ } else {
+ return apnSettings;
+ }
}
private List<ApnSetting> getOverrideApnsUnchecked() {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-12 02:16:20 +0000