Merge "Return null value if getActiveAdminUncheckedLocked returns null." into nyc-dev
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 36c82e5..6b4771c 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -4889,15 +4889,30 @@
      * @throws SecurityException if {@code admin} is not a device or profile owner.
      */
     public Bundle getUserRestrictions(@NonNull ComponentName admin) {
-        return getUserRestrictions(admin, myUserId());
-    }
-
-    /** @hide per-user version */
-    public Bundle getUserRestrictions(@NonNull ComponentName admin, int userHandle) {
         Bundle ret = null;
         if (mService != null) {
             try {
-                ret = mService.getUserRestrictions(admin, userHandle);
+                ret = mService.getUserRestrictions(admin);
+            } catch (RemoteException e) {
+                throw e.rethrowFromSystemServer();
+            }
+        }
+        return ret == null ? new Bundle() : ret;
+    }
+
+    /**
+     * Called by the system to get the user restrictions for a user.
+     *
+     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+     * @param userHandle user id the admin is running as.
+     *
+     * @hide
+     */
+    public Bundle getUserRestrictionsForUser(@NonNull ComponentName admin, int userHandle) {
+        Bundle ret = null;
+        if (mService != null) {
+            try {
+                ret = mService.getUserRestrictionsForUser(admin, userHandle);
             } catch (RemoteException e) {
                 throw e.rethrowFromSystemServer();
             }
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 8be52d8..c3d5ed9 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -169,7 +169,8 @@
     ComponentName getRestrictionsProvider(int userHandle);
 
     void setUserRestriction(in ComponentName who, in String key, boolean enable);
-    Bundle getUserRestrictions(in ComponentName who, int userId);
+    Bundle getUserRestrictions(in ComponentName who);
+    Bundle getUserRestrictionsForUser(in ComponentName who, int userId);
     void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags);
     void clearCrossProfileIntentFilters(in ComponentName admin);
 
diff --git a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java
index 1f1a9b8..1135200 100644
--- a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java
+++ b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java
@@ -78,7 +78,8 @@
         int deviceOwnerUserId = dpm.getDeviceOwnerUserId();
         boolean enforcedByDeviceOwner = false;
         if (deviceOwner != null && deviceOwnerUserId != UserHandle.USER_NULL) {
-            Bundle enforcedRestrictions = dpm.getUserRestrictions(deviceOwner, deviceOwnerUserId);
+            Bundle enforcedRestrictions =
+                    dpm.getUserRestrictionsForUser(deviceOwner, deviceOwnerUserId);
             if (enforcedRestrictions != null
                     && enforcedRestrictions.getBoolean(userRestriction, false)) {
                 enforcedByDeviceOwner = true;
@@ -90,7 +91,8 @@
         if (userId != UserHandle.USER_NULL) {
             profileOwner = dpm.getProfileOwnerAsUser(userId);
             if (profileOwner != null) {
-                Bundle enforcedRestrictions = dpm.getUserRestrictions(profileOwner, userId);
+                Bundle enforcedRestrictions =
+                        dpm.getUserRestrictionsForUser(profileOwner, userId);
                 if (enforcedRestrictions != null
                         && enforcedRestrictions.getBoolean(userRestriction, false)) {
                     enforcedByProfileOwner = true;
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 3e368f5..96ec02a 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5796,8 +5796,7 @@
                 transitionCheckNeeded = false;
             } else {
                 // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS.
-                mContext.enforceCallingOrSelfPermission(
-                        android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);
+                enforceCanManageProfileAndDeviceOwners();
             }
 
             final DevicePolicyData policyData = getUserData(userHandle);
@@ -5990,8 +5989,7 @@
             }
             return;
         }
-        mContext.enforceCallingOrSelfPermission(
-                android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);
+        enforceCanManageProfileAndDeviceOwners();
         if (hasUserSetupCompleted(userHandle) && !isCallerWithSystemUid()) {
             throw new IllegalStateException("Cannot set the profile owner on a user which is "
                     + "already set-up");
@@ -6006,8 +6004,7 @@
         int callingUid = mInjector.binderGetCallingUid();
         boolean isAdb = callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
         if (!isAdb) {
-            mContext.enforceCallingOrSelfPermission(
-                    android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);
+            enforceCanManageProfileAndDeviceOwners();
         }
 
         final int code = checkSetDeviceOwnerPreCondition(userId, isAdb);
@@ -6663,6 +6660,9 @@
         }
         synchronized (this) {
             ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
+            if (admin == null) {
+                return false;
+            }
             if (admin.permittedAccessiblityServices == null) {
                 return true;
             }
@@ -6833,6 +6833,9 @@
         }
         synchronized (this) {
             ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
+            if (admin == null) {
+                return false;
+            }
             if (admin.permittedInputMethods == null) {
                 return true;
             }
@@ -7103,19 +7106,30 @@
     }
 
     @Override
-    public Bundle getUserRestrictions(ComponentName who, int userHandle) {
+    public Bundle getUserRestrictions(ComponentName who) {
+        if (!mHasFeature) {
+            return null;
+        }
+        Preconditions.checkNotNull(who, "ComponentName is null");
+        synchronized (this) {
+            final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who,
+                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+            return activeAdmin.userRestrictions;
+        }
+    }
+
+    @Override
+    public Bundle getUserRestrictionsForUser(ComponentName who, int userHandle) {
+        if (!mHasFeature) {
+            return null;
+        }
         Preconditions.checkNotNull(who, "ComponentName is null");
         enforceFullCrossUsersPermission(userHandle);
+        enforceCanManageProfileAndDeviceOwners();
         synchronized (this) {
             ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(who, userHandle);
             if (activeAdmin == null) {
-                throw new SecurityException("No active admin: " + activeAdmin);
-            }
-            if (activeAdmin.getUid() != mInjector.binderGetCallingUid()) {
-                mContext.enforceCallingOrSelfPermission(
-                        android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS,
-                        "Calling uid " + mInjector.binderGetCallingUid() + " neither owns the admin"
-                        + " " + who + " nor has MANAGE_PROFILE_AND_DEVICE_OWNERS permission");
+                return null;
             }
             return activeAdmin.userRestrictions;
         }
@@ -8689,6 +8703,11 @@
                 null);
     }
 
+    private void enforceCanManageProfileAndDeviceOwners() {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);
+    }
+
     @Override
     public boolean isUninstallInQueue(final String packageName) {
         enforceCanManageDeviceAdmin();