1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.app.admin; 18 19 import android.annotation.NonNull; 20 import android.annotation.Nullable; 21 import android.annotation.UserIdInt; 22 import android.content.ComponentName; 23 import android.content.Intent; 24 import android.os.Bundle; 25 import android.os.UserHandle; 26 import android.os.UserManager.EnforcingUser; 27 28 import java.util.List; 29 import java.util.Set; 30 import java.util.function.Consumer; 31 32 /** 33 * Device policy manager local system service interface. 34 * 35 * Maintenance note: if you need to expose information from DPMS to lower level services such as 36 * PM/UM/AM/etc, then exposing it from DevicePolicyManagerInternal is not safe because it may cause 37 * lock order inversion. Consider using {@link DevicePolicyCache} instead. 38 * 39 * @hide Only for use within the system server. 40 */ 41 public abstract class DevicePolicyManagerInternal { 42 43 /** 44 * Listener for changes in the allowlisted packages to show cross-profile 45 * widgets. 46 */ 47 public interface OnCrossProfileWidgetProvidersChangeListener { 48 49 /** 50 * Called when the allowlisted packages to show cross-profile widgets 51 * have changed for a given user. 52 * 53 * @param profileId The profile for which the allowlisted packages changed. 54 * @param packages The allowlisted packages. 55 */ onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages)56 public void onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages); 57 } 58 59 /** 60 * Gets the packages whose widget providers are allowlisted to be 61 * available in the parent user. 62 * 63 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 64 * 65 * @param profileId The profile id. 66 * @return The list of packages if such or empty list if there are 67 * no allowlisted packages or the profile id is not a managed 68 * profile. 69 */ getCrossProfileWidgetProviders(int profileId)70 public abstract List<String> getCrossProfileWidgetProviders(int profileId); 71 72 /** 73 * Adds a listener for changes in the allowlisted packages to show 74 * cross-profile app widgets. 75 * 76 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 77 * 78 * @param listener The listener to add. 79 */ addOnCrossProfileWidgetProvidersChangeListener( OnCrossProfileWidgetProvidersChangeListener listener)80 public abstract void addOnCrossProfileWidgetProvidersChangeListener( 81 OnCrossProfileWidgetProvidersChangeListener listener); 82 83 /** 84 * @param userHandle the handle of the user whose profile owner is being fetched. 85 * @return the configured supervision app if it exists and is the device owner or policy owner. 86 */ getProfileOwnerOrDeviceOwnerSupervisionComponent( @onNull UserHandle userHandle)87 public abstract @Nullable ComponentName getProfileOwnerOrDeviceOwnerSupervisionComponent( 88 @NonNull UserHandle userHandle); 89 90 /** 91 * Checks if an app with given uid is an active device owner of its user. 92 * 93 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 94 * 95 * @param uid App uid. 96 * @return true if the uid is an active device owner. 97 */ isActiveDeviceOwner(int uid)98 public abstract boolean isActiveDeviceOwner(int uid); 99 100 /** 101 * Checks if an app with given uid is an active profile owner of its user. 102 * 103 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 104 * 105 * @param uid App uid. 106 * @return true if the uid is an active profile owner. 107 */ isActiveProfileOwner(int uid)108 public abstract boolean isActiveProfileOwner(int uid); 109 110 /** 111 * Checks if an app with given uid is the active supervision admin. 112 * 113 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 114 * 115 * @param uid App uid. 116 * @return true if the uid is the active supervision app. 117 */ isActiveSupervisionApp(int uid)118 public abstract boolean isActiveSupervisionApp(int uid); 119 120 /** 121 * Creates an intent to show the admin support dialog to say that an action is disallowed by 122 * the device/profile owner. 123 * 124 * <p>This method does not take the DPMS lock. Safe to be called from anywhere. 125 * @param userId The user where the action is disallowed. 126 * @param useDefaultIfNoAdmin If true, a non-null intent will be returned, even if we couldn't 127 * find a profile/device owner. 128 * @return The intent to trigger the admin support dialog. 129 */ createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin)130 public abstract Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin); 131 132 /** 133 * Creates an intent to show the admin support dialog showing the admin who has set a user 134 * restriction. 135 * 136 * <p>This method does not take the DPMS lock. Safe to be called from anywhere. 137 * @param userId The user where the user restriction is set. 138 * @return The intent to trigger the admin support dialog, or null if the user restriction is 139 * not enforced by the profile/device owner. 140 */ createUserRestrictionSupportIntent(int userId, String userRestriction)141 public abstract Intent createUserRestrictionSupportIntent(int userId, String userRestriction); 142 143 /** 144 * Returns whether this user/profile is affiliated with the device. 145 * 146 * <p> 147 * By definition, the user that the device owner runs on is always affiliated with the device. 148 * Any other user/profile is considered affiliated with the device if the set specified by its 149 * profile owner via {@link DevicePolicyManager#setAffiliationIds} intersects with the device 150 * owner's. 151 * <p> 152 * Profile owner on the primary user will never be considered as affiliated as there is no 153 * device owner to be affiliated with. 154 */ isUserAffiliatedWithDevice(int userId)155 public abstract boolean isUserAffiliatedWithDevice(int userId); 156 157 /** 158 * Returns whether the calling package can install or uninstall packages without user 159 * interaction. 160 */ canSilentlyInstallPackage(String callerPackage, int callerUid)161 public abstract boolean canSilentlyInstallPackage(String callerPackage, int callerUid); 162 163 /** 164 * Reports that a profile has changed to use a unified or separate credential. 165 * 166 * @param userId User ID of the profile. 167 */ reportSeparateProfileChallengeChanged(@serIdInt int userId)168 public abstract void reportSeparateProfileChallengeChanged(@UserIdInt int userId); 169 170 /** 171 * Return text of error message if printing is disabled. 172 * Called by Print Service when printing is disabled by PO or DO when printing is attempted. 173 * 174 * @param userId The user in question 175 * @return localized error message 176 */ getPrintingDisabledReasonForUser(@serIdInt int userId)177 public abstract CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId); 178 179 /** 180 * @return cached version of DPM policies that can be accessed without risking deadlocks. 181 * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. 182 */ getDevicePolicyCache()183 protected abstract DevicePolicyCache getDevicePolicyCache(); 184 185 /** 186 * @return cached version of device state related to DPM that can be accessed without risking 187 * deadlocks. 188 * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. 189 */ getDeviceStateCache()190 protected abstract DeviceStateCache getDeviceStateCache(); 191 192 /** 193 * Returns the combined set of the following: 194 * <ul> 195 * <li>The package names that the admin has previously set as allowed to request user consent 196 * for cross-profile communication, via {@link 197 * DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)}.</li> 198 * <li>The default package names that are allowed to request user consent for cross-profile 199 * communication without being explicitly enabled by the admin, via 200 * {@link com.android.internal.R.array#cross_profile_apps} and 201 * {@link com.android.internal.R.array#vendor_cross_profile_apps}.</li> 202 * </ul> 203 * 204 * @return the combined set of allowlisted package names set via 205 * {@link DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)} and 206 * {@link com.android.internal.R.array#cross_profile_apps} and 207 * {@link com.android.internal.R.array#vendor_cross_profile_apps} 208 * 209 * @hide 210 */ getAllCrossProfilePackages(int userId)211 public abstract List<String> getAllCrossProfilePackages(int userId); 212 213 /** 214 * Returns the default package names set by the OEM that are allowed to communicate 215 * cross-profile without being explicitly enabled by the admin, via {@link 216 * com.android.internal.R.array#cross_profile_apps} and {@link 217 * com.android.internal.R.array#vendor_cross_profile_apps}. 218 * 219 * @hide 220 */ getDefaultCrossProfilePackages()221 public abstract List<String> getDefaultCrossProfilePackages(); 222 223 /** 224 * Sends the {@code intent} to the package holding the 225 * {@link android.app.role.RoleManager#ROLE_DEVICE_MANAGER} role and packages with cross 226 * profile capabilities, meaning the application must have the {@code crossProfile} 227 * property and at least one of the following permissions: 228 * 229 * <ul> 230 * <li>{@link android.Manifest.permission.INTERACT_ACROSS_PROFILES} 231 * <li>{@link android.Manifest.permission.INTERACT_ACROSS_USERS} 232 * <li>{@link android.Manifest.permission.INTERACT_ACROSS_USERS_FULL} 233 * <li>{@link AppOpsManager.OP_INTERACT_ACROSS_PROFILES} appop 234 * </ul> 235 * 236 * <p>Note: The intent itself is not modified but copied before use. 237 *` 238 * @param intent Template for the intent sent to the packages. 239 * @param parentHandle Handle of the user that will receive the intents. 240 * @param requiresPermission If false, all packages with the {@code crossProfile} property 241 * will receive the intent without requiring the additional 242 * permissions. 243 */ broadcastIntentToManifestReceivers(Intent intent, UserHandle parentHandle, boolean requiresPermission)244 public abstract void broadcastIntentToManifestReceivers(Intent intent, 245 UserHandle parentHandle, boolean requiresPermission); 246 247 /** 248 * Returns the profile owner component for the given user, or {@code null} if there is not one. 249 */ 250 @Nullable getProfileOwnerAsUser(@serIdInt int userId)251 public abstract ComponentName getProfileOwnerAsUser(@UserIdInt int userId); 252 253 /** 254 * Returns the device owner component for the device, or {@code null} if there is not one. 255 * 256 * @deprecated added temporarily to support Android Role permission granting. 257 * Please contact Android Enterprise Device Policy team before calling this function. 258 */ 259 @Deprecated 260 @Nullable getDeviceOwnerComponent(boolean callingUserOnly)261 public abstract ComponentName getDeviceOwnerComponent(boolean callingUserOnly); 262 263 /** 264 * Returns the user id of the device owner, or {@link UserHandle#USER_NULL} if there is not one. 265 */ 266 @UserIdInt getDeviceOwnerUserId()267 public abstract int getDeviceOwnerUserId(); 268 269 /** 270 * Returns whether the given package is a device owner or a profile owner in the calling user. 271 */ isDeviceOrProfileOwnerInCallingUser(String packageName)272 public abstract boolean isDeviceOrProfileOwnerInCallingUser(String packageName); 273 274 /** 275 * Returns whether this class supports being deferred the responsibility for resetting the given 276 * op. 277 */ supportsResetOp(int op)278 public abstract boolean supportsResetOp(int op); 279 280 /** 281 * Resets the given op across the profile group of the given user for the given package. Assumes 282 * {@link #supportsResetOp(int)} is true. 283 */ resetOp(int op, String packageName, @UserIdInt int userId)284 public abstract void resetOp(int op, String packageName, @UserIdInt int userId); 285 286 /** 287 * Checks if the calling process has been granted permission to apply a device policy on a 288 * specific user. 289 * 290 * The given permission will be checked along with its associated cross-user permission, if it 291 * exists and the target user is different to the calling user. 292 * 293 * @param callerPackage the package of the calling application. 294 * @param permission The name of the permission being checked. 295 * @param targetUserId The userId of the user which the caller needs permission to act on. 296 * @throws SecurityException If the calling process has not been granted the permission. 297 */ enforcePermission(String callerPackage, String permission, int targetUserId)298 public abstract void enforcePermission(String callerPackage, String permission, 299 int targetUserId); 300 301 /** 302 * Return whether the calling process has been granted permission to apply a device policy on 303 * a specific user. 304 * 305 * The given permission will be checked along with its associated cross-user 306 * permission, if it exists and the target user is different to the calling user. 307 * 308 * @param callerPackage the package of the calling application. 309 * @param permission The name of the permission being checked. 310 * @param targetUserId The userId of the user which the caller needs permission to act on. 311 */ hasPermission(String callerPackage, String permission, int targetUserId)312 public abstract boolean hasPermission(String callerPackage, String permission, 313 int targetUserId); 314 315 /** 316 * True if either the entire device or the user is organization managed. 317 */ isUserOrganizationManaged(@serIdInt int userId)318 public abstract boolean isUserOrganizationManaged(@UserIdInt int userId); 319 320 /** 321 * Returns a map of admin to {@link Bundle} map of restrictions set by the admins for the 322 * provided {@code packageName} in the provided {@code userId} 323 */ getApplicationRestrictionsPerAdminForUser( String packageName, @UserIdInt int userId)324 public abstract List<Bundle> getApplicationRestrictionsPerAdminForUser( 325 String packageName, @UserIdInt int userId); 326 327 /** 328 * Returns a list of users who set a user restriction on a given user. 329 */ getUserRestrictionSources(String restriction, @UserIdInt int userId)330 public abstract List<EnforcingUser> getUserRestrictionSources(String restriction, 331 @UserIdInt int userId); 332 333 /** 334 * Enforces resolved security logging policy, should only be invoked from device policy engine. 335 */ enforceSecurityLoggingPolicy(boolean enabled)336 public abstract void enforceSecurityLoggingPolicy(boolean enabled); 337 338 /** 339 * Enforces resolved audit logging policy, should only be invoked from device policy engine. 340 */ enforceAuditLoggingPolicy(boolean enabled)341 public abstract void enforceAuditLoggingPolicy(boolean enabled); 342 343 /** 344 * Installs internal callback for security log events. 345 */ setInternalEventsCallback( @ullable Consumer<List<SecurityLog.SecurityEvent>> callback)346 public abstract void setInternalEventsCallback( 347 @Nullable Consumer<List<SecurityLog.SecurityEvent>> callback); 348 } 349