Merge "Fix admin policies in managed profiles" into lmp-dev
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 8917928..a30ae57 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -1341,7 +1341,7 @@
* {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD} to be able to call
* this method; if it has not, a security exception will be thrown.
*
- * Can not be called from a managed profile.
+ * <p>Calling this from a managed profile will throw a security exception.
*
* @param password The new password for the user.
* @param flags May be 0 or {@link #RESET_PASSWORD_REQUIRE_ENTRY}.
@@ -1887,8 +1887,8 @@
/**
* Called by an application that is administering the device to disable all cameras
- * on the device. After setting this, no applications will be able to access any cameras
- * on the device.
+ * on the device, for this user. After setting this, no applications running as this user
+ * will be able to access any cameras on the device.
*
* <p>The calling device admin must have requested
* {@link DeviceAdminInfo#USES_POLICY_DISABLE_CAMERA} to be able to call
@@ -1908,8 +1908,8 @@
}
/**
- * Determine whether or not the device's cameras have been disabled either by the current
- * admin, if specified, or all admins.
+ * Determine whether or not the device's cameras have been disabled for this user,
+ * either by the current admin, if specified, or all admins.
* @param admin The name of the admin component to check, or null to check if any admins
* have disabled the camera
*/
@@ -2018,6 +2018,8 @@
* {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call
* this method; if it has not, a security exception will be thrown.
*
+ * <p>Calling this from a managed profile will throw a security exception.
+ *
* @param admin Which {@link DeviceAdminReceiver} this request is associated with.
* @param which {@link #KEYGUARD_DISABLE_FEATURES_NONE} (default),
* {@link #KEYGUARD_DISABLE_WIDGETS_ALL}, {@link #KEYGUARD_DISABLE_SECURE_CAMERA},
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index a5a622c..af4ae44 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2924,9 +2924,6 @@
return;
}
enforceCrossUserPermission(userHandle);
- if ((flags & DevicePolicyManager.WIPE_EXTERNAL_STORAGE) != 0) {
- enforceNotManagedProfile(userHandle, "wipe external storage");
- }
synchronized (this) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
@@ -3526,7 +3523,6 @@
return;
}
enforceCrossUserPermission(userHandle);
- enforceNotManagedProfile(userHandle, "enable/disable cameras");
synchronized (this) {
if (who == null) {
throw new NullPointerException("ComponentName is null");