1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.app.admin; 18 19 import android.annotation.Nullable; 20 import android.annotation.UserIdInt; 21 import android.content.ComponentName; 22 import android.content.Intent; 23 import android.os.UserHandle; 24 25 import java.util.List; 26 import java.util.Set; 27 28 /** 29 * Device policy manager local system service interface. 30 * 31 * Maintenance note: if you need to expose information from DPMS to lower level services such as 32 * PM/UM/AM/etc, then exposing it from DevicePolicyManagerInternal is not safe because it may cause 33 * lock order inversion. Consider using {@link DevicePolicyCache} instead. 34 * 35 * @hide Only for use within the system server. 36 */ 37 public abstract class DevicePolicyManagerInternal { 38 39 /** 40 * Listener for changes in the allowlisted packages to show cross-profile 41 * widgets. 42 */ 43 public interface OnCrossProfileWidgetProvidersChangeListener { 44 45 /** 46 * Called when the allowlisted packages to show cross-profile widgets 47 * have changed for a given user. 48 * 49 * @param profileId The profile for which the allowlisted packages changed. 50 * @param packages The allowlisted packages. 51 */ onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages)52 public void onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages); 53 } 54 55 /** 56 * Gets the packages whose widget providers are allowlisted to be 57 * available in the parent user. 58 * 59 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 60 * 61 * @param profileId The profile id. 62 * @return The list of packages if such or empty list if there are 63 * no allowlisted packages or the profile id is not a managed 64 * profile. 65 */ getCrossProfileWidgetProviders(int profileId)66 public abstract List<String> getCrossProfileWidgetProviders(int profileId); 67 68 /** 69 * Adds a listener for changes in the allowlisted packages to show 70 * cross-profile app widgets. 71 * 72 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 73 * 74 * @param listener The listener to add. 75 */ addOnCrossProfileWidgetProvidersChangeListener( OnCrossProfileWidgetProvidersChangeListener listener)76 public abstract void addOnCrossProfileWidgetProvidersChangeListener( 77 OnCrossProfileWidgetProvidersChangeListener listener); 78 79 /** 80 * Checks if an app with given uid is an active device owner of its user. 81 * 82 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 83 * 84 * @param uid App uid. 85 * @return true if the uid is an active device owner. 86 */ isActiveDeviceOwner(int uid)87 public abstract boolean isActiveDeviceOwner(int uid); 88 89 /** 90 * Checks if an app with given uid is an active profile owner of its user. 91 * 92 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 93 * 94 * @param uid App uid. 95 * @return true if the uid is an active profile owner. 96 */ isActiveProfileOwner(int uid)97 public abstract boolean isActiveProfileOwner(int uid); 98 99 /** 100 * Checks if an app with given uid is the active supervision admin. 101 * 102 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 103 * 104 * @param uid App uid. 105 * @return true if the uid is the active supervision app. 106 */ isActiveSupervisionApp(int uid)107 public abstract boolean isActiveSupervisionApp(int uid); 108 109 /** 110 * Creates an intent to show the admin support dialog to say that an action is disallowed by 111 * the device/profile owner. 112 * 113 * <p>This method does not take the DPMS lock. Safe to be called from anywhere. 114 * @param userId The user where the action is disallowed. 115 * @param useDefaultIfNoAdmin If true, a non-null intent will be returned, even if we couldn't 116 * find a profile/device owner. 117 * @return The intent to trigger the admin support dialog. 118 */ createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin)119 public abstract Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin); 120 121 /** 122 * Creates an intent to show the admin support dialog showing the admin who has set a user 123 * restriction. 124 * 125 * <p>This method does not take the DPMS lock. Safe to be called from anywhere. 126 * @param userId The user where the user restriction is set. 127 * @return The intent to trigger the admin support dialog, or null if the user restriction is 128 * not enforced by the profile/device owner. 129 */ createUserRestrictionSupportIntent(int userId, String userRestriction)130 public abstract Intent createUserRestrictionSupportIntent(int userId, String userRestriction); 131 132 /** 133 * Returns whether this user/profile is affiliated with the device. 134 * 135 * <p> 136 * By definition, the user that the device owner runs on is always affiliated with the device. 137 * Any other user/profile is considered affiliated with the device if the set specified by its 138 * profile owner via {@link DevicePolicyManager#setAffiliationIds} intersects with the device 139 * owner's. 140 * <p> 141 * Profile owner on the primary user will never be considered as affiliated as there is no 142 * device owner to be affiliated with. 143 */ isUserAffiliatedWithDevice(int userId)144 public abstract boolean isUserAffiliatedWithDevice(int userId); 145 146 /** 147 * Returns whether the calling package can install or uninstall packages without user 148 * interaction. 149 */ canSilentlyInstallPackage(String callerPackage, int callerUid)150 public abstract boolean canSilentlyInstallPackage(String callerPackage, int callerUid); 151 152 /** 153 * Reports that a profile has changed to use a unified or separate credential. 154 * 155 * @param userId User ID of the profile. 156 */ reportSeparateProfileChallengeChanged(@serIdInt int userId)157 public abstract void reportSeparateProfileChallengeChanged(@UserIdInt int userId); 158 159 /** 160 * Return text of error message if printing is disabled. 161 * Called by Print Service when printing is disabled by PO or DO when printing is attempted. 162 * 163 * @param userId The user in question 164 * @return localized error message 165 */ getPrintingDisabledReasonForUser(@serIdInt int userId)166 public abstract CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId); 167 168 /** 169 * @return cached version of DPM policies that can be accessed without risking deadlocks. 170 * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. 171 */ getDevicePolicyCache()172 protected abstract DevicePolicyCache getDevicePolicyCache(); 173 174 /** 175 * @return cached version of device state related to DPM that can be accessed without risking 176 * deadlocks. 177 * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. 178 */ getDeviceStateCache()179 protected abstract DeviceStateCache getDeviceStateCache(); 180 181 /** 182 * Returns the combined set of the following: 183 * <ul> 184 * <li>The package names that the admin has previously set as allowed to request user consent 185 * for cross-profile communication, via {@link 186 * DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)}.</li> 187 * <li>The default package names that are allowed to request user consent for cross-profile 188 * communication without being explicitly enabled by the admin, via 189 * {@link com.android.internal.R.array#cross_profile_apps} and 190 * {@link com.android.internal.R.array#vendor_cross_profile_apps}.</li> 191 * </ul> 192 * 193 * @return the combined set of allowlisted package names set via 194 * {@link DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)} and 195 * {@link com.android.internal.R.array#cross_profile_apps} and 196 * {@link com.android.internal.R.array#vendor_cross_profile_apps} 197 * 198 * @hide 199 */ getAllCrossProfilePackages()200 public abstract List<String> getAllCrossProfilePackages(); 201 202 /** 203 * Returns the default package names set by the OEM that are allowed to request user consent for 204 * cross-profile communication without being explicitly enabled by the admin, via 205 * {@link com.android.internal.R.array#cross_profile_apps} and 206 * {@link com.android.internal.R.array#vendor_cross_profile_apps}. 207 * 208 * @hide 209 */ getDefaultCrossProfilePackages()210 public abstract List<String> getDefaultCrossProfilePackages(); 211 212 /** 213 * Sends the {@code intent} to the packages with cross profile capabilities. 214 * 215 * <p>This means the application must have the {@code crossProfile} property and the 216 * corresponding permissions, defined by 217 * {@link 218 * android.content.pm.CrossProfileAppsInternal#verifyPackageHasInteractAcrossProfilePermission}. 219 * 220 * <p>Note: This method doesn't modify {@code intent} but copies it before use. 221 * 222 * @param intent Template for the intent sent to the package. 223 * @param parentHandle Handle of the user that will receive the intents. 224 * @param requiresPermission If false, all packages with the {@code crossProfile} property 225 * will receive the intent. 226 */ broadcastIntentToCrossProfileManifestReceiversAsUser(Intent intent, UserHandle parentHandle, boolean requiresPermission)227 public abstract void broadcastIntentToCrossProfileManifestReceiversAsUser(Intent intent, 228 UserHandle parentHandle, boolean requiresPermission); 229 230 /** 231 * Returns the profile owner component for the given user, or {@code null} if there is not one. 232 */ 233 @Nullable getProfileOwnerAsUser(@serIdInt int userId)234 public abstract ComponentName getProfileOwnerAsUser(@UserIdInt int userId); 235 236 /** 237 * Returns the user id of the device owner, or {@link UserHandle#USER_NULL} if there is not one. 238 */ 239 @UserIdInt getDeviceOwnerUserId()240 public abstract int getDeviceOwnerUserId(); 241 242 /** 243 * Returns whether the given package is a device owner or a profile owner in the calling user. 244 */ isDeviceOrProfileOwnerInCallingUser(String packageName)245 public abstract boolean isDeviceOrProfileOwnerInCallingUser(String packageName); 246 247 /** 248 * Returns whether this class supports being deferred the responsibility for resetting the given 249 * op. 250 */ supportsResetOp(int op)251 public abstract boolean supportsResetOp(int op); 252 253 /** 254 * Resets the given op across the profile group of the given user for the given package. Assumes 255 * {@link #supportsResetOp(int)} is true. 256 */ resetOp(int op, String packageName, @UserIdInt int userId)257 public abstract void resetOp(int op, String packageName, @UserIdInt int userId); 258 } 259