6 files changed, 61 insertions, 3 deletions

diff --git a/api/system-current.txt b/api/system-current.txt
index 5e54c7f94279..2587b39ecc43 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -6205,6 +6205,7 @@ package android.app.admin {
     method public java.lang.String getDeviceOwner();
     method public java.lang.CharSequence getDeviceOwnerLockScreenInfo();
     method public java.lang.String getDeviceOwnerNameOnAnyUser();
+    method public java.lang.CharSequence getDeviceOwnerOrganizationName();
     method public java.util.List<byte[]> getInstalledCaCerts(android.content.ComponentName);
     method public int getKeyguardDisabledFeatures(android.content.ComponentName);
     method public java.lang.CharSequence getLongSupportMessage(android.content.ComponentName);
diff --git a/api/test-current.txt b/api/test-current.txt
index 2cc218a555ca..ee81f1283dc1 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -6046,6 +6046,7 @@ package android.app.admin {
     method public java.util.List<java.lang.String> getCrossProfileWidgetProviders(android.content.ComponentName);
     method public int getCurrentFailedPasswordAttempts();
     method public java.lang.CharSequence getDeviceOwnerLockScreenInfo();
+    method public java.lang.CharSequence getDeviceOwnerOrganizationName();
     method public java.util.List<byte[]> getInstalledCaCerts(android.content.ComponentName);
     method public int getKeyguardDisabledFeatures(android.content.ComponentName);
     method public long getLastBugReportRequestTime();
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 9ffedf925fe1..39c8b7956187 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -6424,7 +6424,7 @@ public class DevicePolicyManager {
     }
 
     /**
-     * Called by a profile owner of a managed profile to set the name of the organization under
+     * Called by the device owner or profile owner to set the name of the organization under
      * management.
      * <p>
      * If the organization name needs to be localized, it is the responsibility of the
@@ -6433,7 +6433,7 @@ public class DevicePolicyManager {
      *
      * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
      * @param title The organization name or {@code null} to clear a previously set name.
-     * @throws SecurityException if {@code admin} is not a profile owner.
+     * @throws SecurityException if {@code admin} is not a device or profile owner.
      */
     public void setOrganizationName(@NonNull ComponentName admin, @Nullable CharSequence title) {
         throwIfParentInstance("setOrganizationName");
@@ -6462,6 +6462,25 @@ public class DevicePolicyManager {
     }
 
     /**
+     * Called by the system to retrieve the name of the organization managing the device.
+     *
+     * @return The organization name or {@code null} if none is set.
+     * @throws SecurityException if the caller is not the device owner, does not hold the
+     *         MANAGE_USERS permission and is not the system.
+     *
+     * @hide
+     */
+    @SystemApi
+    @TestApi
+    public @Nullable CharSequence getDeviceOwnerOrganizationName() {
+        try {
+            return mService.getDeviceOwnerOrganizationName();
+        } catch (RemoteException re) {
+            throw re.rethrowFromSystemServer();
+        }
+    }
+
+    /**
      * Retrieve the default title message used in the confirm credentials screen for a given user.
      *
      * @param userHandle The user id of the user we're interested in.
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 02049ead3f33..f303bbcd354f 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -294,6 +294,7 @@ interface IDevicePolicyManager {
 
     void setOrganizationName(in ComponentName admin, in CharSequence title);
     CharSequence getOrganizationName(in ComponentName admin);
+    CharSequence getDeviceOwnerOrganizationName();
     CharSequence getOrganizationNameForUser(int userHandle);
 
     int getUserProvisioningState();
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index e971ed90f2c7..2f27201df1a4 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -9126,7 +9126,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
         Preconditions.checkNotNull(who, "ComponentName is null");
         final int userHandle = mInjector.userHandleGetCallingUserId();
-        enforceManagedProfile(userHandle, "set organization name");
+
         synchronized (this) {
             ActiveAdmin admin = getActiveAdminForCallerLocked(who,
                     DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -9153,6 +9153,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     @Override
+    public CharSequence getDeviceOwnerOrganizationName() {
+        if (!mHasFeature) {
+            return null;
+        }
+        enforceDeviceOwnerOrManageUsers();
+        synchronized(this) {
+            final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
+            return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName;
+        }
+    }
+
+    @Override
     public CharSequence getOrganizationNameForUser(int userHandle) {
         if (!mHasFeature) {
             return null;
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 46d93b242722..3ad40758aff6 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -2532,6 +2532,30 @@ public class DevicePolicyManagerTest extends DpmTestBase {
         assertFalse(dpm.isDeviceManaged());
     }
 
+    public void testDeviceOwnerOrganizationName() throws Exception {
+        mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+        setupDeviceOwner();
+
+        dpm.setOrganizationName(admin1, "organization");
+
+        // Device owner can retrieve organization managing the device.
+        assertEquals("organization", dpm.getDeviceOwnerOrganizationName());
+
+        // Any uid holding MANAGE_USERS permission can retrieve organization managing the device.
+        mContext.binder.callingUid = 1234567;
+        mContext.callerPermissions.add(permission.MANAGE_USERS);
+        assertEquals("organization", dpm.getDeviceOwnerOrganizationName());
+        mContext.callerPermissions.remove(permission.MANAGE_USERS);
+
+        // System can retrieve organization managing the device.
+        mContext.binder.clearCallingIdentity();
+        assertEquals("organization", dpm.getDeviceOwnerOrganizationName());
+
+        // Removing the device owner clears the organization managing the device.
+        clearDeviceOwner();
+        assertNull(dpm.getDeviceOwnerOrganizationName());
+    }
+
     private void setUserSetupCompleteForUser(boolean isUserSetupComplete, int userhandle) {
         when(mContext.settings.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0,
                 userhandle)).thenReturn(isUserSetupComplete ? 1 : 0);