Device Owner, a special kind of device admin
A Device Owner cannot be uninstalled and is available to all users. It must
be registered before the device_provisioned flag is set.
Device admins can be disabled until used, but visible to device policy
manager, so that users wont be bothered with update requests.
Opened up a few related APIs for use by a system-installed Device Owner.
Change-Id: I847b5fe68c0f724863f778a67602b5bddc79d8e5
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index f1af634..f7ed9d7 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -5933,7 +5933,7 @@
null);
final int uid = Binder.getCallingUid();
- if (!isUserAllowed(UserHandle.getUserId(uid), UserManager.ALLOW_INSTALL_APPS)) {
+ if (isUserRestricted(UserHandle.getUserId(uid), UserManager.DISALLOW_INSTALL_APPS)) {
try {
observer.packageInstalled("", PackageManager.INSTALL_FAILED_USER_RESTRICTED);
} catch (RemoteException re) {
@@ -5981,7 +5981,7 @@
android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
"installExistingPackage for user " + userId);
}
- if (!isUserAllowed(userId, UserManager.ALLOW_INSTALL_APPS)) {
+ if (isUserRestricted(userId, UserManager.DISALLOW_INSTALL_APPS)) {
return PackageManager.INSTALL_FAILED_USER_RESTRICTED;
}
@@ -6015,13 +6015,13 @@
return PackageManager.INSTALL_SUCCEEDED;
}
- private boolean isUserAllowed(int userId, String restrictionKey) {
+ private boolean isUserRestricted(int userId, String restrictionKey) {
Bundle restrictions = sUserManager.getUserRestrictions(userId);
- if (!restrictions.getBoolean(UserManager.ALLOW_INSTALL_APPS)) {
- Log.w(TAG, "User does not have permission to: " + restrictionKey);
- return false;
+ if (restrictions.getBoolean(restrictionKey, false)) {
+ Log.w(TAG, "User is restricted: " + restrictionKey);
+ return true;
}
- return true;
+ return false;
}
@Override
@@ -8418,7 +8418,7 @@
android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
"deletePackage for user " + userId);
}
- if (!isUserAllowed(userId, UserManager.ALLOW_UNINSTALL_APPS)) {
+ if (isUserRestricted(userId, UserManager.DISALLOW_UNINSTALL_APPS)) {
try {
observer.packageDeleted(packageName, PackageManager.DELETE_FAILED_USER_RESTRICTED);
} catch (RemoteException re) {
@@ -8464,7 +8464,8 @@
IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface(
ServiceManager.getService(Context.DEVICE_POLICY_SERVICE));
try {
- if (dpm != null && dpm.packageHasActiveAdmins(packageName, userId)) {
+ if (dpm != null && (dpm.packageHasActiveAdmins(packageName, userId)
+ || dpm.isDeviceOwner(packageName))) {
Slog.w(TAG, "Not removing package " + packageName + ": has active device admin");
return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER;
}
diff --git a/services/java/com/android/server/pm/UserManagerService.java b/services/java/com/android/server/pm/UserManagerService.java
index 636b0e5..fecc2df 100644
--- a/services/java/com/android/server/pm/UserManagerService.java
+++ b/services/java/com/android/server/pm/UserManagerService.java
@@ -226,6 +226,13 @@
}
}
+ @Override
+ public boolean isRestricted() {
+ synchronized (mPackagesLock) {
+ return getUserInfoLocked(UserHandle.getCallingUserId()).isRestricted();
+ }
+ }
+
/*
* Should be locked on mUsers before calling this.
*/
@@ -558,7 +565,6 @@
mNextSerialNumber = MIN_USER_ID;
Bundle restrictions = new Bundle();
- initRestrictionsToDefaults(restrictions);
mUserRestrictions.append(UserHandle.USER_OWNER, restrictions);
updateUserIdsLocked();
@@ -608,11 +614,11 @@
Bundle restrictions = mUserRestrictions.get(userInfo.id);
if (restrictions != null) {
serializer.startTag(null, TAG_RESTRICTIONS);
- writeBoolean(serializer, restrictions, UserManager.ALLOW_CONFIG_WIFI);
- writeBoolean(serializer, restrictions, UserManager.ALLOW_MODIFY_ACCOUNTS);
- writeBoolean(serializer, restrictions, UserManager.ALLOW_INSTALL_APPS);
- writeBoolean(serializer, restrictions, UserManager.ALLOW_UNINSTALL_APPS);
- writeBoolean(serializer, restrictions, UserManager.ALLOW_CONFIG_LOCATION_ACCESS);
+ writeBoolean(serializer, restrictions, UserManager.DISALLOW_CONFIG_WIFI);
+ writeBoolean(serializer, restrictions, UserManager.DISALLOW_MODIFY_ACCOUNTS);
+ writeBoolean(serializer, restrictions, UserManager.DISALLOW_INSTALL_APPS);
+ writeBoolean(serializer, restrictions, UserManager.DISALLOW_UNINSTALL_APPS);
+ writeBoolean(serializer, restrictions, UserManager.DISALLOW_SHARE_LOCATION);
serializer.endTag(null, TAG_RESTRICTIONS);
}
serializer.endTag(null, TAG_USER);
@@ -676,7 +682,6 @@
long lastLoggedInTime = 0L;
boolean partial = false;
Bundle restrictions = new Bundle();
- initRestrictionsToDefaults(restrictions);
FileInputStream fis = null;
try {
@@ -725,11 +730,11 @@
name = parser.getText();
}
} else if (TAG_RESTRICTIONS.equals(tag)) {
- readBoolean(parser, restrictions, UserManager.ALLOW_CONFIG_WIFI);
- readBoolean(parser, restrictions, UserManager.ALLOW_MODIFY_ACCOUNTS);
- readBoolean(parser, restrictions, UserManager.ALLOW_INSTALL_APPS);
- readBoolean(parser, restrictions, UserManager.ALLOW_UNINSTALL_APPS);
- readBoolean(parser, restrictions, UserManager.ALLOW_CONFIG_LOCATION_ACCESS);
+ readBoolean(parser, restrictions, UserManager.DISALLOW_CONFIG_WIFI);
+ readBoolean(parser, restrictions, UserManager.DISALLOW_MODIFY_ACCOUNTS);
+ readBoolean(parser, restrictions, UserManager.DISALLOW_INSTALL_APPS);
+ readBoolean(parser, restrictions, UserManager.DISALLOW_UNINSTALL_APPS);
+ readBoolean(parser, restrictions, UserManager.DISALLOW_SHARE_LOCATION);
}
}
}
@@ -758,7 +763,9 @@
private void readBoolean(XmlPullParser parser, Bundle restrictions,
String restrictionKey) {
String value = parser.getAttributeValue(null, restrictionKey);
- restrictions.putBoolean(restrictionKey, value == null ? true : Boolean.parseBoolean(value));
+ if (value != null) {
+ restrictions.putBoolean(restrictionKey, Boolean.parseBoolean(value));
+ }
}
private void writeBoolean(XmlSerializer xml, Bundle restrictions, String restrictionKey)
@@ -769,14 +776,6 @@
}
}
- private void initRestrictionsToDefaults(Bundle restrictions) {
- restrictions.putBoolean(UserManager.ALLOW_CONFIG_WIFI, true);
- restrictions.putBoolean(UserManager.ALLOW_MODIFY_ACCOUNTS, true);
- restrictions.putBoolean(UserManager.ALLOW_INSTALL_APPS, true);
- restrictions.putBoolean(UserManager.ALLOW_UNINSTALL_APPS, true);
- restrictions.putBoolean(UserManager.ALLOW_CONFIG_LOCATION_ACCESS, true);
- }
-
private int readIntAttribute(XmlPullParser parser, String attr, int defaultValue) {
String valueString = parser.getAttributeValue(null, attr);
if (valueString == null) return defaultValue;
@@ -823,7 +822,6 @@
writeUserLocked(userInfo);
updateUserIdsLocked();
Bundle restrictions = new Bundle();
- initRestrictionsToDefaults(restrictions);
mUserRestrictions.append(userId, restrictions);
}
}