summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/UserRestrictionsUtils.java3
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java51
2 files changed, 32 insertions, 22 deletions
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
index 8815834f6b5c..0b3f6fd87013 100644
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -282,7 +282,8 @@ public class UserRestrictionsUtils {
* in settings. So it is handled separately.
*/
private static final Set<String> DEFAULT_ENABLED_FOR_MANAGED_PROFILES = Sets.newArraySet(
- UserManager.DISALLOW_BLUETOOTH_SHARING
+ UserManager.DISALLOW_BLUETOOTH_SHARING,
+ UserManager.DISALLOW_DEBUGGING_FEATURES
);
/**
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 1549677fdbb2..59ca6151639b 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2663,13 +2663,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
* Apply default restrictions that haven't been applied to a given admin yet.
*/
private void maybeSetDefaultRestrictionsForAdminLocked(int userId, ActiveAdmin admin) {
- Set<String> defaultRestrictions =
- UserRestrictionsUtils.getDefaultEnabledForManagedProfiles();
- if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) {
+ final Set<String> restrictionsToSet =
+ new ArraySet<>(UserRestrictionsUtils.getDefaultEnabledForManagedProfiles());
+ restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet);
+ if (restrictionsToSet.isEmpty()) {
return; // The same set of default restrictions has been already applied.
}
if (isPolicyEngineForFinanceFlagEnabled()) {
- for (String restriction : defaultRestrictions) {
+ for (String restriction : restrictionsToSet) {
mDevicePolicyEngine.setLocalPolicy(
PolicyDefinition.getPolicyDefinitionForUserRestriction(restriction),
EnforcingAdmin.createEnterpriseEnforcingAdmin(
@@ -2678,9 +2679,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
new BooleanPolicyValue(true),
userId);
}
- admin.defaultEnabledRestrictionsAlreadySet.addAll(defaultRestrictions);
+ admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet);
Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " +
- defaultRestrictions);
+ restrictionsToSet);
return;
}
@@ -2688,21 +2689,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (VERBOSE_LOG) {
Slogf.d(LOG_TAG, "Default enabled restrictions: "
- + defaultRestrictions
+ + restrictionsToSet
+ ". Restrictions already enabled: "
+ admin.defaultEnabledRestrictionsAlreadySet);
}
-
- final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions);
- restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet);
- if (!restrictionsToSet.isEmpty()) {
- for (final String restriction : restrictionsToSet) {
- admin.ensureUserRestrictions().putBoolean(restriction, true);
- }
- admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet);
- Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet);
- saveUserRestrictionsLocked(userId);
+ for (final String restriction : restrictionsToSet) {
+ admin.ensureUserRestrictions().putBoolean(restriction, true);
}
+ admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet);
+ Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet);
+ saveUserRestrictionsLocked(userId);
}
private void setDeviceOwnershipSystemPropertyLocked() {
@@ -10192,7 +10188,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
return false;
}
- if (isAdb(caller)) {
+ boolean isAdb = isAdb(caller);
+ if (isAdb) {
// Log profile owner provisioning was started using adb.
MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER);
DevicePolicyEventLogger
@@ -10214,7 +10211,19 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin);
ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin,
true /* newOwner */);
+ if (isAdb) {
+ // DISALLOW_DEBUGGING_FEATURES is being added to newly-created
+ // work profile by default due to b/382064697 . This would have
+ // impacted certain CTS test flows when they interact with the
+ // work profile via ADB (for example installing an app into the
+ // work profile). Remove DISALLOW_DEBUGGING_FEATURES here to
+ // reduce the potential impact.
+ setLocalUserRestrictionInternal(
+ EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userHandle),
+ UserManager.DISALLOW_DEBUGGING_FEATURES, false, userHandle);
+ }
}
+
sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
userHandle);
});
@@ -11131,7 +11140,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (mOwners.hasDeviceOwner()) {
return false;
}
-
+
final ComponentName profileOwner = getProfileOwnerAsUser(userId);
if (profileOwner == null) {
return false;
@@ -11140,7 +11149,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (isManagedProfile(userId)) {
return false;
}
-
+
return true;
}
private void enforceCanQueryLockTaskLocked(ComponentName who, String callerPackageName) {
@@ -24460,7 +24469,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
});
}
-
+
private void migrateUserControlDisabledPackagesLocked() {
Binder.withCleanCallingIdentity(() -> {
List<UserInfo> users = mUserManager.getUsers();
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-02 05:01:27 +0000