diff options
| -rw-r--r-- | core/api/current.txt | 4 | ||||
| -rw-r--r-- | core/java/android/app/admin/DevicePolicyManager.java | 25 | ||||
| -rw-r--r-- | core/java/android/view/contentprotection/flags/content_protection_flags.aconfig | 7 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 7 |
4 files changed, 43 insertions, 0 deletions
diff --git a/core/api/current.txt b/core/api/current.txt index 89c772826822..77696c09f27e 100644 --- a/core/api/current.txt +++ b/core/api/current.txt @@ -147,6 +147,7 @@ package android { field public static final String MANAGE_DEVICE_POLICY_CAMERA = "android.permission.MANAGE_DEVICE_POLICY_CAMERA"; field public static final String MANAGE_DEVICE_POLICY_CERTIFICATES = "android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES"; field public static final String MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE = "android.permission.MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE"; + field @FlaggedApi("android.view.contentprotection.flags.manage_device_policy_enabled") public static final String MANAGE_DEVICE_POLICY_CONTENT_PROTECTION = "android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION"; field public static final String MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES = "android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES"; field public static final String MANAGE_DEVICE_POLICY_DEFAULT_SMS = "android.permission.MANAGE_DEVICE_POLICY_DEFAULT_SMS"; field public static final String MANAGE_DEVICE_POLICY_DEVICE_IDENTIFIERS = "android.permission.MANAGE_DEVICE_POLICY_DEVICE_IDENTIFIERS"; @@ -8194,6 +8195,9 @@ package android.app.admin { field public static final String ACTION_SET_NEW_PASSWORD = "android.app.action.SET_NEW_PASSWORD"; field public static final String ACTION_START_ENCRYPTION = "android.app.action.START_ENCRYPTION"; field public static final String ACTION_SYSTEM_UPDATE_POLICY_CHANGED = "android.app.action.SYSTEM_UPDATE_POLICY_CHANGED"; + field @FlaggedApi("android.view.contentprotection.flags.manage_device_policy_enabled") public static final int CONTENT_PROTECTION_DISABLED = 1; // 0x1 + field @FlaggedApi("android.view.contentprotection.flags.manage_device_policy_enabled") public static final int CONTENT_PROTECTION_ENABLED = 2; // 0x2 + field @FlaggedApi("android.view.contentprotection.flags.manage_device_policy_enabled") public static final int CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY = 0; // 0x0 field public static final String DELEGATION_APP_RESTRICTIONS = "delegation-app-restrictions"; field public static final String DELEGATION_BLOCK_UNINSTALL = "delegation-block-uninstall"; field public static final String DELEGATION_CERT_INSTALL = "delegation-cert-install"; diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 5c42b0ed975a..86d0125fd7a2 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -53,6 +53,7 @@ import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled; import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM; import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1; import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE; +import static android.view.contentprotection.flags.Flags.FLAG_MANAGE_DEVICE_POLICY_ENABLED; import static com.android.internal.util.function.pooled.PooledLambda.obtainMessage; @@ -61,6 +62,7 @@ import android.accounts.Account; import android.annotation.BroadcastBehavior; import android.annotation.CallbackExecutor; import android.annotation.ColorInt; +import android.annotation.FlaggedApi; import android.annotation.IntDef; import android.annotation.NonNull; import android.annotation.Nullable; @@ -4092,6 +4094,29 @@ public class DevicePolicyManager { return MTE_NOT_CONTROLLED_BY_POLICY; } + /** Indicates that content protection is not controlled by policy, allowing user to choose. */ + @FlaggedApi(FLAG_MANAGE_DEVICE_POLICY_ENABLED) + public static final int CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY = 0; + + /** Indicates that content protection is controlled and disabled by a policy. */ + @FlaggedApi(FLAG_MANAGE_DEVICE_POLICY_ENABLED) + public static final int CONTENT_PROTECTION_DISABLED = 1; + + /** Indicates that content protection is controlled and enabled by a policy. */ + @FlaggedApi(FLAG_MANAGE_DEVICE_POLICY_ENABLED) + public static final int CONTENT_PROTECTION_ENABLED = 2; + + /** @hide */ + @IntDef( + prefix = {"CONTENT_PROTECTION_"}, + value = { + CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY, + CONTENT_PROTECTION_DISABLED, + CONTENT_PROTECTION_ENABLED, + }) + @Retention(RetentionPolicy.SOURCE) + public @interface ContentProtectionPolicy {} + /** * This object is a single place to tack on invalidation and disable calls. All * binder caches in this class derive from this Config, so all can be invalidated or diff --git a/core/java/android/view/contentprotection/flags/content_protection_flags.aconfig b/core/java/android/view/contentprotection/flags/content_protection_flags.aconfig index 2a3008a53635..5d3153c00e8a 100644 --- a/core/java/android/view/contentprotection/flags/content_protection_flags.aconfig +++ b/core/java/android/view/contentprotection/flags/content_protection_flags.aconfig @@ -34,3 +34,10 @@ flag { description: "If true, an appop is logged when a notification is rapidly cleared by a notification listener." bug: "289080543" } + +flag { + name: "manage_device_policy_enabled" + namespace: "content_protection" + description: "If true, the APIs to manage content protection device policy will be enabled." + bug: "319477846" +} diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index c4b5d8187845..0171f584a838 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -3751,6 +3751,13 @@ <permission android:name="android.permission.MANAGE_DEVICE_POLICY_DEVICE_IDENTIFIERS" android:protectionLevel="internal|role" /> + <!-- Allows an application to manage policy related to content protection. + <p>Protection level: internal|role + @FlaggedApi("android.view.contentprotection.flags.manage_device_policy_enabled") + --> + <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" + android:protectionLevel="internal|role" /> + <!-- Allows an application to set device policies outside the current user that are critical for securing data within the current user. <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_* |