Allow ProfileOwner apps to manage app restrictions
Simple wrapper around the UserManager.{get|set}ApplicationRestrictions
APIs. Also added a new Intent to signal to running apps that the set
of restrictions has changed since startup.
Change-Id: Ifd108108a73f87325b499d9de2e1b2aacc59b264
diff --git a/api/current.txt b/api/current.txt
index 42b1e18..7b09a85 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -4922,6 +4922,7 @@
method public void addPersistentPreferredActivity(android.content.ComponentName, android.content.IntentFilter, android.content.ComponentName);
method public void clearPackagePersistentPreferredActivities(android.content.ComponentName, java.lang.String);
method public java.util.List<android.content.ComponentName> getActiveAdmins();
+ method public android.os.Bundle getApplicationRestrictions(android.content.ComponentName, java.lang.String);
method public boolean getCameraDisabled(android.content.ComponentName);
method public int getCurrentFailedPasswordAttempts();
method public int getKeyguardDisabledFeatures(android.content.ComponentName);
@@ -4949,6 +4950,7 @@
method public void lockNow();
method public void removeActiveAdmin(android.content.ComponentName);
method public boolean resetPassword(java.lang.String, int);
+ method public void setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle);
method public void setCameraDisabled(android.content.ComponentName, boolean);
method public void setKeyguardDisabledFeatures(android.content.ComponentName, int);
method public void setMaximumFailedPasswordsForWipe(android.content.ComponentName, int);
@@ -6825,6 +6827,7 @@
field public static final java.lang.String ACTION_AIRPLANE_MODE_CHANGED = "android.intent.action.AIRPLANE_MODE";
field public static final java.lang.String ACTION_ALL_APPS = "android.intent.action.ALL_APPS";
field public static final java.lang.String ACTION_ANSWER = "android.intent.action.ANSWER";
+ field public static final java.lang.String ACTION_APPLICATION_RESTRICTIONS_CHANGED = "android.intent.action.APPLICATION_RESTRICTIONS_CHANGED";
field public static final java.lang.String ACTION_APP_ERROR = "android.intent.action.APP_ERROR";
field public static final java.lang.String ACTION_ASSIST = "android.intent.action.ASSIST";
field public static final java.lang.String ACTION_ATTACH_DATA = "android.intent.action.ATTACH_DATA";
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 725f808..db08a41 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -26,6 +26,7 @@
import android.content.pm.ActivityInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
+import android.os.Bundle;
import android.os.Handler;
import android.os.Process;
import android.os.RemoteCallback;
@@ -1880,4 +1881,59 @@
}
}
}
+
+ /**
+ * Called by a profile or device owner to set the application restrictions for a given target
+ * application running in the managed profile.
+ *
+ * <p>The provided {@link Bundle} consists of key-value pairs, where the types of values may be
+ * {@link Boolean}, {@link String}, or {@link String}[]. The recommended format for key strings
+ * is "com.example.packagename/example-setting" to avoid naming conflicts with library
+ * components such as {@link android.webkit.WebView}.
+ *
+ * <p>The application restrictions are only made visible to the target application and the
+ * profile or device owner.
+ *
+ * <p>The calling device admin must be a profile or device owner; if it is not, a security
+ * exception will be thrown.
+ *
+ * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+ * @param packageName The name of the package to update restricted settings for.
+ * @param settings A {@link Bundle} to be parsed by the receiving application, conveying a new
+ * set of active restrictions.
+ */
+ public void setApplicationRestrictions(ComponentName admin, String packageName,
+ Bundle settings) {
+ if (mService != null) {
+ try {
+ mService.setApplicationRestrictions(admin, packageName, settings);
+ } catch (RemoteException e) {
+ Log.w(TAG, "Failed talking with device policy service", e);
+ }
+ }
+ }
+
+ /**
+ * Called by a profile or device owner to get the application restrictions for a given target
+ * application running in the managed profile.
+ *
+ * <p>The calling device admin must be a profile or device owner; if it is not, a security
+ * exception will be thrown.
+ *
+ * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+ * @param packageName The name of the package to fetch restricted settings of.
+ * @return {@link Bundle} of settings corresponding to what was set last time
+ * {@link DevicePolicyManager#setApplicationRestrictions} was called, or an empty {@link Bundle}
+ * if no restrictions have been set.
+ */
+ public Bundle getApplicationRestrictions(ComponentName admin, String packageName) {
+ if (mService != null) {
+ try {
+ return mService.getApplicationRestrictions(admin, packageName);
+ } catch (RemoteException e) {
+ Log.w(TAG, "Failed talking with device policy service", e);
+ }
+ }
+ return null;
+ }
}
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index e4b2adc..4ed85e9 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -19,6 +19,7 @@
import android.content.ComponentName;
import android.content.IntentFilter;
+import android.os.Bundle;
import android.os.RemoteCallback;
/**
@@ -114,4 +115,7 @@
void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity);
void clearPackagePersistentPreferredActivities(in ComponentName admin, String packageName);
+
+ void setApplicationRestrictions(in ComponentName who, in String packageName, in Bundle settings);
+ Bundle getApplicationRestrictions(in ComponentName who, in String packageName);
}
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index a7d5606..421956b 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -2306,6 +2306,16 @@
= "android.intent.action.ADVANCED_SETTINGS";
/**
+ * Broadcast Action: Sent after application restrictions are changed.
+ *
+ * <p class="note">This is a protected intent that can only be sent
+ * by the system.</p>
+ */
+ @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
+ public static final String ACTION_APPLICATION_RESTRICTIONS_CHANGED =
+ "android.intent.action.APPLICATION_RESTRICTIONS_CHANGED";
+
+ /**
* Broadcast Action: An outgoing call is about to be placed.
*
* <p>The Intent will have the following extra value:</p>
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 606a4b1..b8fe0ff 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -239,6 +239,7 @@
<protected-broadcast android:name="android.intent.action.EXTERNAL_APPLICATIONS_UNAVAILABLE" />
<protected-broadcast android:name="android.intent.action.AIRPLANE_MODE" />
<protected-broadcast android:name="android.intent.action.ADVANCED_SETTINGS" />
+ <protected-broadcast android:name="android.intent.action.APPLICATION_RESTRICTIONS_CHANGED" />
<protected-broadcast android:name="android.intent.action.BUGREPORT_FINISHED" />
<protected-broadcast android:name="android.intent.action.ACTION_IDLE_MAINTENANCE_START" />
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 32515b5..a6e83a7 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -1194,6 +1194,12 @@
// Write the restrictions to XML
writeApplicationRestrictionsLocked(packageName, restrictions, userId);
}
+
+ // Notify package of changes via an intent - only sent to explicitly registered receivers.
+ Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED);
+ changeIntent.setPackage(packageName);
+ changeIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
+ mContext.sendBroadcastAsUser(changeIntent, new UserHandle(userId));
}
@Override
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 5a458a3..d6f9dea 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -51,6 +51,7 @@
import android.content.pm.UserInfo;
import android.net.ProxyProperties;
import android.os.Binder;
+import android.os.Bundle;
import android.os.Environment;
import android.os.Handler;
import android.os.IBinder;
@@ -3056,4 +3057,44 @@
}
}
}
+
+ @Override
+ public void setApplicationRestrictions(ComponentName who, String packageName, Bundle settings) {
+ final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId());
+
+ synchronized (this) {
+ if (who == null) {
+ throw new NullPointerException("ComponentName is null");
+ }
+ getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+
+ UserManager um = UserManager.get(mContext);
+ long id = Binder.clearCallingIdentity();
+ try {
+ um.setApplicationRestrictions(packageName, settings, userHandle);
+ } finally {
+ restoreCallingIdentity(id);
+ }
+ }
+ }
+
+ @Override
+ public Bundle getApplicationRestrictions(ComponentName who, String packageName) {
+ final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId());
+
+ synchronized (this) {
+ if (who == null) {
+ throw new NullPointerException("ComponentName is null");
+ }
+ getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+
+ UserManager um = UserManager.get(mContext);
+ long id = Binder.clearCallingIdentity();
+ try {
+ return um.getApplicationRestrictions(packageName, userHandle);
+ } finally {
+ restoreCallingIdentity(id);
+ }
+ }
+ }
}