diff options
6 files changed, 97 insertions, 49 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index 30a0c850f865..ac8fc9c23cb8 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -523,11 +523,11 @@ package android.app.admin { method public android.content.ComponentName getDeviceOwnerComponentOnAnyUser(); method public java.lang.String getDeviceOwnerNameOnAnyUser(); method public java.lang.CharSequence getDeviceOwnerOrganizationName(); - method public int getDeviceOwnerUserId(); + method public android.os.UserHandle getDeviceOwnerUser(); method public java.util.List<java.lang.String> getPermittedAccessibilityServices(int); method public java.util.List<java.lang.String> getPermittedInputMethodsForCurrentUser(); method public android.content.ComponentName getProfileOwner() throws java.lang.IllegalArgumentException; - method public android.content.ComponentName getProfileOwnerAsUser(int); + method public android.content.ComponentName getProfileOwnerAsUser(android.os.UserHandle); method public java.lang.String getProfileOwnerNameAsUser(int) throws java.lang.IllegalArgumentException; method public int getUserProvisioningState(); method public boolean isDeviceManaged(); @@ -4132,7 +4132,6 @@ package android.os { field public static final android.os.UserHandle ALL; field public static final android.os.UserHandle CURRENT; field public static final android.os.UserHandle SYSTEM; - field public static final int USER_NULL = -10000; // 0xffffd8f0 } public class UserManager { diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 09ab67186266..4d5a5c455b2f 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -5224,13 +5224,30 @@ public class DevicePolicyManager { } /** - * @return ID of the user who runs device owner, or {@link UserHandle#USER_NULL} if there's - * no device owner. + * @return Handle of the user who runs device owner, or {@code null} if there's no device owner. * * @hide */ @RequiresPermission(android.Manifest.permission.MANAGE_USERS) @SystemApi + public @Nullable UserHandle getDeviceOwnerUser() { + if (mService != null) { + try { + int userId = mService.getDeviceOwnerUserId(); + + if (userId != UserHandle.USER_NULL) { + return UserHandle.of(userId); + } + } catch (RemoteException re) { + throw re.rethrowFromSystemServer(); + } + } + return null; + } + + /** + * @hide + */ public int getDeviceOwnerUserId() { if (mService != null) { try { @@ -5653,6 +5670,20 @@ public class DevicePolicyManager { @RequiresPermission(value = android.Manifest.permission.INTERACT_ACROSS_USERS, conditional = true) @SystemApi + public @Nullable ComponentName getProfileOwnerAsUser(@NonNull UserHandle user) { + if (mService != null) { + try { + return mService.getProfileOwnerAsUser(user.getIdentifier()); + } catch (RemoteException re) { + throw re.rethrowFromSystemServer(); + } + } + return null; + } + + /** + * @hide + */ public @Nullable ComponentName getProfileOwnerAsUser(final int userId) { if (mService != null) { try { diff --git a/core/java/android/os/UserHandle.java b/core/java/android/os/UserHandle.java index 4fe2d58ff75f..f8feb7b4a693 100644 --- a/core/java/android/os/UserHandle.java +++ b/core/java/android/os/UserHandle.java @@ -61,7 +61,6 @@ public final class UserHandle implements Parcelable { public static final UserHandle CURRENT_OR_SELF = new UserHandle(USER_CURRENT_OR_SELF); /** @hide An undefined user id */ - @SystemApi public static final @UserIdInt int USER_NULL = -10000; /** diff --git a/packages/SettingsLib/RestrictedLockUtils/src/com/android/settingslib/RestrictedLockUtils.java b/packages/SettingsLib/RestrictedLockUtils/src/com/android/settingslib/RestrictedLockUtils.java index 738181d76c2a..b87c9e8de1b2 100644 --- a/packages/SettingsLib/RestrictedLockUtils/src/com/android/settingslib/RestrictedLockUtils.java +++ b/packages/SettingsLib/RestrictedLockUtils/src/com/android/settingslib/RestrictedLockUtils.java @@ -33,13 +33,13 @@ import java.util.Objects; * support message dialog. */ public class RestrictedLockUtils { - public static EnforcedAdmin getProfileOrDeviceOwner(Context context, int userId) { - return getProfileOrDeviceOwner(context, null, userId); + public static EnforcedAdmin getProfileOrDeviceOwner(Context context, UserHandle user) { + return getProfileOrDeviceOwner(context, null, user); } public static EnforcedAdmin getProfileOrDeviceOwner( - Context context, String enforcedRestriction, int userId) { - if (userId == UserHandle.USER_NULL) { + Context context, String enforcedRestriction, UserHandle user) { + if (user == null) { return null; } final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( @@ -47,14 +47,14 @@ public class RestrictedLockUtils { if (dpm == null) { return null; } - ComponentName adminComponent = dpm.getProfileOwnerAsUser(userId); + ComponentName adminComponent = dpm.getProfileOwnerAsUser(user); if (adminComponent != null) { - return new EnforcedAdmin(adminComponent, enforcedRestriction, userId); + return new EnforcedAdmin(adminComponent, enforcedRestriction, user); } - if (dpm.getDeviceOwnerUserId() == userId) { + if (Objects.equals(dpm.getDeviceOwnerUser(), user)) { adminComponent = dpm.getDeviceOwnerComponentOnAnyUser(); if (adminComponent != null) { - return new EnforcedAdmin(adminComponent, enforcedRestriction, userId); + return new EnforcedAdmin(adminComponent, enforcedRestriction, user); } } return null; @@ -66,9 +66,9 @@ public class RestrictedLockUtils { public static void sendShowAdminSupportDetailsIntent(Context context, EnforcedAdmin admin) { final Intent intent = getShowAdminSupportDetailsIntent(context, admin); int targetUserId = UserHandle.myUserId(); - if (admin != null && admin.userId != UserHandle.USER_NULL - && isCurrentUserOrProfile(context, admin.userId)) { - targetUserId = admin.userId; + if (admin != null && admin.user != null + && isCurrentUserOrProfile(context, admin.user.getIdentifier())) { + targetUserId = admin.user.getIdentifier(); } intent.putExtra(DevicePolicyManager.EXTRA_RESTRICTION, admin.enforcedRestriction); context.startActivityAsUser(intent, UserHandle.of(targetUserId)); @@ -81,8 +81,8 @@ public class RestrictedLockUtils { intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, admin.component); } int adminUserId = UserHandle.myUserId(); - if (admin.userId != UserHandle.USER_NULL) { - adminUserId = admin.userId; + if (admin.user != null) { + adminUserId = admin.user.getIdentifier(); } intent.putExtra(Intent.EXTRA_USER_ID, adminUserId); } @@ -109,7 +109,8 @@ public class RestrictedLockUtils { */ @Nullable public String enforcedRestriction = null; - public int userId = UserHandle.USER_NULL; + @Nullable + public UserHandle user = null; // We use this to represent the case where a policy is enforced by multiple admins. public final static EnforcedAdmin MULTIPLE_ENFORCED_ADMIN = new EnforcedAdmin(); @@ -121,15 +122,15 @@ public class RestrictedLockUtils { return enforcedAdmin; } - public EnforcedAdmin(ComponentName component, int userId) { + public EnforcedAdmin(ComponentName component, UserHandle user) { this.component = component; - this.userId = userId; + this.user = user; } - public EnforcedAdmin(ComponentName component, String enforcedRestriction, int userId) { + public EnforcedAdmin(ComponentName component, String enforcedRestriction, UserHandle user) { this.component = component; this.enforcedRestriction = enforcedRestriction; - this.userId = userId; + this.user = user; } public EnforcedAdmin(EnforcedAdmin other) { @@ -138,7 +139,7 @@ public class RestrictedLockUtils { } this.component = other.component; this.enforcedRestriction = other.enforcedRestriction; - this.userId = other.userId; + this.user = other.user; } public EnforcedAdmin() { @@ -149,14 +150,14 @@ public class RestrictedLockUtils { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; EnforcedAdmin that = (EnforcedAdmin) o; - return userId == that.userId && + return Objects.equals(user, that.user) && Objects.equals(component, that.component) && Objects.equals(enforcedRestriction, that.enforcedRestriction); } @Override public int hashCode() { - return Objects.hash(component, enforcedRestriction, userId); + return Objects.hash(component, enforcedRestriction, user); } @Override @@ -164,7 +165,7 @@ public class RestrictedLockUtils { return "EnforcedAdmin{" + "component=" + component + ", enforcedRestriction='" + enforcedRestriction + - ", userId=" + userId + + ", user=" + user + '}'; } } diff --git a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtilsInternal.java b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtilsInternal.java index c03ba9a93294..f57122e6708d 100644 --- a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtilsInternal.java +++ b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtilsInternal.java @@ -164,6 +164,17 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { } /** + * @return the UserHandle for a userId. Return null for USER_NULL + */ + private static UserHandle getUserHandleOf(@UserIdInt int userId) { + if (userId == UserHandle.USER_NULL) { + return null; + } else { + return UserHandle.of(userId); + } + } + + /** * Filter a set of device admins based on a predicate {@code check}. This is equivalent to * {@code admins.stream().filter(check).map(x → new EnforcedAdmin(admin, userId)} except it's * returning a zero/one/many-type thing. @@ -183,11 +194,13 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { if (admins == null) { return null; } + + final UserHandle user = getUserHandleOf(userId); EnforcedAdmin enforcedAdmin = null; for (ComponentName admin : admins) { if (check.isEnforcing(dpm, admin, userId)) { if (enforcedAdmin == null) { - enforcedAdmin = new EnforcedAdmin(admin, userId); + enforcedAdmin = new EnforcedAdmin(admin, user); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; } @@ -211,7 +224,7 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { IPackageManager ipm = AppGlobals.getPackageManager(); try { if (ipm.getBlockUninstallForUser(packageName, userId)) { - return getProfileOrDeviceOwner(context, userId); + return getProfileOrDeviceOwner(context, getUserHandleOf(userId)); } } catch (RemoteException e) { // Nothing to do @@ -230,7 +243,7 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { IPackageManager ipm = AppGlobals.getPackageManager(); try { if (ipm.isPackageSuspendedForUser(packageName, userId)) { - return getProfileOrDeviceOwner(context, userId); + return getProfileOrDeviceOwner(context, getUserHandleOf(userId)); } } catch (RemoteException | IllegalArgumentException e) { // Nothing to do @@ -245,14 +258,15 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { if (dpm == null) { return null; } - EnforcedAdmin admin = getProfileOrDeviceOwner(context, userId); + EnforcedAdmin admin = getProfileOrDeviceOwner(context, getUserHandleOf(userId)); boolean permitted = true; if (admin != null) { permitted = dpm.isInputMethodPermittedByAdmin(admin.component, packageName, userId); } int managedProfileId = getManagedProfileId(context, userId); - EnforcedAdmin profileAdmin = getProfileOrDeviceOwner(context, managedProfileId); + EnforcedAdmin profileAdmin = getProfileOrDeviceOwner(context, + getUserHandleOf(managedProfileId)); boolean permittedByProfileAdmin = true; if (profileAdmin != null) { permittedByProfileAdmin = dpm.isInputMethodPermittedByAdmin(profileAdmin.component, @@ -298,14 +312,15 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { if (dpm == null) { return null; } - EnforcedAdmin admin = getProfileOrDeviceOwner(context, userId); + EnforcedAdmin admin = getProfileOrDeviceOwner(context, getUserHandleOf(userId)); boolean permitted = true; if (admin != null) { permitted = dpm.isAccessibilityServicePermittedByAdmin(admin.component, packageName, userId); } int managedProfileId = getManagedProfileId(context, userId); - EnforcedAdmin profileAdmin = getProfileOrDeviceOwner(context, managedProfileId); + EnforcedAdmin profileAdmin = getProfileOrDeviceOwner(context, + getUserHandleOf(managedProfileId)); boolean permittedByProfileAdmin = true; if (profileAdmin != null) { permittedByProfileAdmin = dpm.isAccessibilityServicePermittedByAdmin( @@ -365,7 +380,7 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { if (!isAccountTypeDisabled) { return null; } - return getProfileOrDeviceOwner(context, userId); + return getProfileOrDeviceOwner(context, getUserHandleOf(userId)); } /** @@ -377,7 +392,8 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { */ public static EnforcedAdmin checkIfMeteredDataRestricted(Context context, String packageName, int userId) { - final EnforcedAdmin enforcedAdmin = getProfileOrDeviceOwner(context, userId); + final EnforcedAdmin enforcedAdmin = getProfileOrDeviceOwner(context, + getUserHandleOf(userId)); if (enforcedAdmin == null) { return null; } @@ -402,7 +418,7 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { return null; } ComponentName adminComponent = dpm.getDeviceOwnerComponentOnCallingUser(); - return new EnforcedAdmin(adminComponent, UserHandle.myUserId()); + return new EnforcedAdmin(adminComponent, getUserHandleOf(UserHandle.myUserId())); } /** @@ -434,10 +450,11 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { return null; } EnforcedAdmin enforcedAdmin = null; + final UserHandle user = getUserHandleOf(userId); for (ComponentName admin : admins) { if (check.isEnforcing(dpm, admin, userId)) { if (enforcedAdmin == null) { - enforcedAdmin = new EnforcedAdmin(admin, userId); + enforcedAdmin = new EnforcedAdmin(admin, user); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; } @@ -488,13 +505,14 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { if (admins == null) { continue; } + final UserHandle user = getUserHandleOf(userInfo.id); final boolean isSeparateProfileChallengeEnabled = sProxy.isSeparateProfileChallengeEnabled(lockPatternUtils, userInfo.id); for (ComponentName admin : admins) { if (!isSeparateProfileChallengeEnabled) { if (check.isEnforcing(dpm, admin, userInfo.id)) { if (enforcedAdmin == null) { - enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); + enforcedAdmin = new EnforcedAdmin(admin, user); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; } @@ -511,7 +529,7 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { DevicePolicyManager parentDpm = sProxy.getParentProfileInstance(dpm, userInfo); if (check.isEnforcing(parentDpm, admin, userInfo.id)) { if (enforcedAdmin == null) { - enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); + enforcedAdmin = new EnforcedAdmin(admin, user); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; } @@ -535,7 +553,7 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { ComponentName adminComponent = dpm.getDeviceOwnerComponentOnAnyUser(); if (adminComponent != null) { return new EnforcedAdmin( - adminComponent, enforcedRestriction, dpm.getDeviceOwnerUserId()); + adminComponent, enforcedRestriction, dpm.getDeviceOwnerUser()); } return null; } @@ -556,7 +574,7 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { } ComponentName adminComponent = dpm.getProfileOwnerAsUser(userId); if (adminComponent != null) { - return new EnforcedAdmin(adminComponent, enforcedRestriction, userId); + return new EnforcedAdmin(adminComponent, enforcedRestriction, getUserHandleOf(userId)); } return null; } diff --git a/packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java index fc8d9db20607..88ac8ce5fae5 100644 --- a/packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java +++ b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java @@ -156,7 +156,7 @@ public class RestrictedLockUtilsTest { final EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal .checkIfKeyguardFeaturesDisabled(mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); - assertThat(enforcedAdmin).isEqualTo(new EnforcedAdmin(mAdmin1, mUserId)); + assertThat(enforcedAdmin).isEqualTo(new EnforcedAdmin(mAdmin1, UserHandle.of(mUserId))); } @Test @@ -189,12 +189,12 @@ public class RestrictedLockUtilsTest { // Querying the parent should return the policy, since it affects the parent. EnforcedAdmin parent = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); - assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); + assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); // Querying the child should return that too. EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); - assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); + assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); // Querying for some unrelated feature should return nothing. Nothing! assertThat(RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( @@ -224,7 +224,7 @@ public class RestrictedLockUtilsTest { // Querying the child should still return the policy. EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS, mProfileId); - assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); + assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); } @Test @@ -251,7 +251,7 @@ public class RestrictedLockUtilsTest { // Querying the child should still return the policy. EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); - assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); + assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); } /** @@ -278,7 +278,7 @@ public class RestrictedLockUtilsTest { // Parent should get the policy. EnforcedAdmin parent = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); - assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); + assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); // Profile should not get the policy. EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( |