Private DNS: Add user restriction
Add a user restriction to prevent the user from changing the Private DNS
settings.
This would be used together with the new DevicePolicyManager API to set
the Private DNS settings by the Device Policy Client to enforce Private
DNS settings by the IT admin of the user.
Bug: 112982691
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testPrivateDnsPolicy
Test: m -j RunSettingsRoboTests ROBOTEST_FILTER=PrivateDnsModeDialogPreferenceTest
Test: Manual, using TestDPC
Change-Id: Ibec3cfcede7e4082db4068cbdd047ada3f6c227e
diff --git a/api/current.txt b/api/current.txt
index 0b6af29..f4b25c1 100755
--- a/api/current.txt
+++ b/api/current.txt
@@ -33739,6 +33739,7 @@
field public static final java.lang.String DISALLOW_CONFIG_LOCALE = "no_config_locale";
field public static final java.lang.String DISALLOW_CONFIG_LOCATION = "no_config_location";
field public static final java.lang.String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks";
+ field public static final java.lang.String DISALLOW_CONFIG_PRIVATE_DNS = "disallow_config_private_dns";
field public static final java.lang.String DISALLOW_CONFIG_SCREEN_TIMEOUT = "no_config_screen_timeout";
field public static final java.lang.String DISALLOW_CONFIG_TETHERING = "no_config_tethering";
field public static final java.lang.String DISALLOW_CONFIG_VPN = "no_config_vpn";
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index 8123744..2359910 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -983,6 +983,21 @@
public static final String DISALLOW_PRINTING = "no_printing";
/**
+ * Specifies whether the user is allowed to modify private DNS settings.
+ *
+ * <p>The default value is <code>false</code>.
+ *
+ * <p>This user restriction can only be applied by the Device Owner.
+ * <p>Key for user restrictions.
+ * <p>Type: Boolean
+ * @see DevicePolicyManager#addUserRestriction(ComponentName, String)
+ * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
+ * @see #getUserRestrictions()
+ */
+ public static final String DISALLOW_CONFIG_PRIVATE_DNS =
+ "disallow_config_private_dns";
+
+ /**
* Application restriction key that is used to indicate the pending arrival
* of real restrictions for the app.
*
diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
index 1315502..dd04652 100644
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -127,7 +127,8 @@
UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE,
UserManager.DISALLOW_AMBIENT_DISPLAY,
UserManager.DISALLOW_CONFIG_SCREEN_TIMEOUT,
- UserManager.DISALLOW_PRINTING
+ UserManager.DISALLOW_PRINTING,
+ UserManager.DISALLOW_CONFIG_PRIVATE_DNS
});
/**
@@ -163,7 +164,8 @@
* User restrictions that cannot be set by profile owners. Applied to all users.
*/
private static final Set<String> DEVICE_OWNER_ONLY_RESTRICTIONS = Sets.newArraySet(
- UserManager.DISALLOW_USER_SWITCH
+ UserManager.DISALLOW_USER_SWITCH,
+ UserManager.DISALLOW_CONFIG_PRIVATE_DNS
);
/**
@@ -741,6 +743,10 @@
restriction = UserManager.DISALLOW_CONFIG_SCREEN_TIMEOUT;
break;
+ case android.provider.Settings.Global.PRIVATE_DNS_MODE:
+ case android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER:
+ restriction = UserManager.DISALLOW_CONFIG_PRIVATE_DNS;
+ break;
default:
if (setting.startsWith(Settings.Global.DATA_ROAMING)) {
if ("0".equals(value)) {