DevicePolicyManagerService.java revision 2c082aeeb7410e8341e57562b8e1bad8e88300ec 
1/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.devicepolicy;
18
19import static android.Manifest.permission.BIND_DEVICE_ADMIN;
20import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;
21import static android.app.ActivityManager.LOCK_TASK_MODE_NONE;
22import static android.app.ActivityManager.USER_OP_SUCCESS;
23import static android.app.admin.DeviceAdminReceiver.EXTRA_TRANSFER_OWNER_ADMIN_EXTRAS_BUNDLE;
24import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_USER;
25import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY;
26import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED;
27import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE;
28import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED;
29import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER;
30import static android.app.admin.DevicePolicyManager.CODE_HAS_PAIRED;
31import static android.app.admin.DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED;
32import static android.app.admin.DevicePolicyManager.CODE_NONSYSTEM_USER_EXISTS;
33import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER;
34import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT;
35import static android.app.admin.DevicePolicyManager.CODE_OK;
36import static android.app.admin.DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER;
37import static android.app.admin.DevicePolicyManager.CODE_SYSTEM_USER;
38import static android.app.admin.DevicePolicyManager.CODE_USER_HAS_PROFILE_OWNER;
39import static android.app.admin.DevicePolicyManager.CODE_USER_NOT_RUNNING;
40import static android.app.admin.DevicePolicyManager.CODE_USER_SETUP_COMPLETED;
41import static android.app.admin.DevicePolicyManager.DELEGATION_APP_RESTRICTIONS;
42import static android.app.admin.DevicePolicyManager.DELEGATION_BLOCK_UNINSTALL;
43import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL;
44import static android.app.admin.DevicePolicyManager.DELEGATION_ENABLE_SYSTEM_APP;
45import static android.app.admin.DevicePolicyManager.DELEGATION_INSTALL_EXISTING_PACKAGE;
46import static android.app.admin.DevicePolicyManager.DELEGATION_KEEP_UNINSTALLED_PACKAGES;
47import static android.app.admin.DevicePolicyManager.DELEGATION_PACKAGE_ACCESS;
48import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT;
49import static android.app.admin.DevicePolicyManager.ID_TYPE_BASE_INFO;
50import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI;
51import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID;
52import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL;
53import static android.app.admin.DevicePolicyManager.LEAVE_ALL_SYSTEM_APPS_ENABLED;
54import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
55import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
56import static android.app.admin.DevicePolicyManager.PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER;
57import static android.app.admin.DevicePolicyManager.WIPE_EUICC;
58import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE;
59import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA;
60import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES;
61import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB;
62import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;
63import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT;
64import static org.xmlpull.v1.XmlPullParser.END_TAG;
65import static org.xmlpull.v1.XmlPullParser.TEXT;
66
67import android.Manifest.permission;
68import android.accessibilityservice.AccessibilityServiceInfo;
69import android.accounts.Account;
70import android.accounts.AccountManager;
71import android.annotation.NonNull;
72import android.annotation.Nullable;
73import android.annotation.UserIdInt;
74import android.app.Activity;
75import android.app.ActivityManager;
76import android.app.ActivityManagerInternal;
77import android.app.AlarmManager;
78import android.app.AppGlobals;
79import android.app.IActivityManager;
80import android.app.IApplicationThread;
81import android.app.IServiceConnection;
82import android.app.Notification;
83import android.app.NotificationManager;
84import android.app.PendingIntent;
85import android.app.StatusBarManager;
86import android.app.admin.DeviceAdminInfo;
87import android.app.admin.DeviceAdminReceiver;
88import android.app.admin.DevicePolicyManager;
89import android.app.admin.DevicePolicyManagerInternal;
90import android.app.admin.NetworkEvent;
91import android.app.admin.PasswordMetrics;
92import android.app.admin.SecurityLog;
93import android.app.admin.SecurityLog.SecurityEvent;
94import android.app.admin.SystemUpdateInfo;
95import android.app.admin.SystemUpdatePolicy;
96import android.app.backup.IBackupManager;
97import android.app.trust.TrustManager;
98import android.app.usage.UsageStatsManagerInternal;
99import android.content.BroadcastReceiver;
100import android.content.ComponentName;
101import android.content.Context;
102import android.content.Intent;
103import android.content.IntentFilter;
104import android.content.pm.ActivityInfo;
105import android.content.pm.ApplicationInfo;
106import android.content.pm.IPackageDataObserver;
107import android.content.pm.IPackageManager;
108import android.content.pm.PackageInfo;
109import android.content.pm.PackageManager;
110import android.content.pm.PackageManagerInternal;
111import android.content.pm.PackageManager.NameNotFoundException;
112import android.content.pm.ParceledListSlice;
113import android.content.pm.PermissionInfo;
114import android.content.pm.ResolveInfo;
115import android.content.pm.ServiceInfo;
116import android.content.pm.StringParceledListSlice;
117import android.content.pm.UserInfo;
118import android.content.res.Resources;
119import android.database.ContentObserver;
120import android.graphics.Bitmap;
121import android.graphics.Color;
122import android.media.AudioManager;
123import android.media.IAudioService;
124import android.net.ConnectivityManager;
125import android.net.IIpConnectivityMetrics;
126import android.net.ProxyInfo;
127import android.net.Uri;
128import android.net.metrics.IpConnectivityLog;
129import android.net.wifi.WifiInfo;
130import android.net.wifi.WifiManager;
131import android.os.Binder;
132import android.os.Build;
133import android.os.Bundle;
134import android.os.Environment;
135import android.os.FileUtils;
136import android.os.Handler;
137import android.os.IBinder;
138import android.os.Looper;
139import android.os.ParcelFileDescriptor;
140import android.os.PersistableBundle;
141import android.os.PowerManager;
142import android.os.PowerManagerInternal;
143import android.os.Process;
144import android.os.RecoverySystem;
145import android.os.RemoteCallback;
146import android.os.RemoteException;
147import android.os.ServiceManager;
148import android.os.SystemClock;
149import android.os.SystemProperties;
150import android.os.UserHandle;
151import android.os.UserManager;
152import android.os.UserManagerInternal;
153import android.os.UserManagerInternal.UserRestrictionsListener;
154import android.os.storage.StorageManager;
155import android.provider.ContactsContract.QuickContact;
156import android.provider.ContactsInternal;
157import android.provider.Settings;
158import android.provider.Settings.Global;
159import android.security.IKeyChainAliasCallback;
160import android.security.IKeyChainService;
161import android.security.KeyChain;
162import android.security.KeyChain.KeyChainConnection;
163import android.security.keymaster.KeymasterCertificateChain;
164import android.security.keystore.KeyGenParameterSpec;
165import android.security.keystore.ParcelableKeyGenParameterSpec;
166import android.security.KeyStore;
167import android.security.keystore.AttestationUtils;
168import android.service.persistentdata.PersistentDataBlockManager;
169import android.telephony.TelephonyManager;
170import android.text.TextUtils;
171import android.util.ArrayMap;
172import android.util.ArraySet;
173import android.util.Log;
174import android.util.Pair;
175import android.util.Slog;
176import android.util.SparseArray;
177import android.util.Xml;
178import android.view.IWindowManager;
179import android.view.accessibility.AccessibilityManager;
180import android.view.accessibility.IAccessibilityManager;
181import android.view.inputmethod.InputMethodInfo;
182import android.view.inputmethod.InputMethodManager;
183
184import com.android.internal.R;
185import com.android.internal.annotations.GuardedBy;
186import com.android.internal.annotations.VisibleForTesting;
187import com.android.internal.logging.MetricsLogger;
188import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;
189import com.android.internal.notification.SystemNotificationChannels;
190import com.android.internal.os.BackgroundThread;
191import com.android.internal.statusbar.IStatusBarService;
192import com.android.internal.util.DumpUtils;
193import com.android.internal.util.FastXmlSerializer;
194import com.android.internal.util.FunctionalUtils.ThrowingRunnable;
195import com.android.internal.util.JournaledFile;
196import com.android.internal.util.Preconditions;
197import com.android.internal.util.XmlUtils;
198import com.android.internal.widget.LockPatternUtils;
199import com.android.server.LocalServices;
200import com.android.server.SystemService;
201import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo;
202import com.android.server.pm.UserRestrictionsUtils;
203
204import com.google.android.collect.Sets;
205
206import org.xmlpull.v1.XmlPullParser;
207import org.xmlpull.v1.XmlPullParserException;
208import org.xmlpull.v1.XmlSerializer;
209
210import java.io.File;
211import java.io.FileDescriptor;
212import java.io.FileInputStream;
213import java.io.FileNotFoundException;
214import java.io.FileOutputStream;
215import java.io.IOException;
216import java.io.PrintWriter;
217import java.lang.IllegalStateException;
218import java.lang.reflect.Constructor;
219import java.nio.charset.StandardCharsets;
220import java.text.DateFormat;
221import java.util.ArrayList;
222import java.util.Arrays;
223import java.util.Collection;
224import java.util.Collections;
225import java.util.Date;
226import java.util.HashMap;
227import java.util.List;
228import java.util.Map.Entry;
229import java.util.Map;
230import java.util.Objects;
231import java.util.Set;
232import java.util.concurrent.TimeUnit;
233import java.util.concurrent.atomic.AtomicBoolean;
234import java.util.function.Function;
235
236/**
237 * Implementation of the device policy APIs.
238 */
239public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
240
241    protected static final String LOG_TAG = "DevicePolicyManager";
242
243    private static final boolean VERBOSE_LOG = false; // DO NOT SUBMIT WITH TRUE
244
245    private static final String DEVICE_POLICIES_XML = "device_policies.xml";
246
247    private static final String TAG_ACCEPTED_CA_CERTIFICATES = "accepted-ca-certificate";
248
249    private static final String TAG_LOCK_TASK_COMPONENTS = "lock-task-component";
250
251    private static final String TAG_LOCK_TASK_FEATURES = "lock-task-features";
252
253    private static final String TAG_STATUS_BAR = "statusbar";
254
255    private static final String ATTR_DISABLED = "disabled";
256
257    private static final String ATTR_NAME = "name";
258
259    private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML =
260            "do-not-ask-credentials-on-boot";
261
262    private static final String TAG_AFFILIATION_ID = "affiliation-id";
263
264    private static final String TAG_LAST_SECURITY_LOG_RETRIEVAL = "last-security-log-retrieval";
265
266    private static final String TAG_LAST_BUG_REPORT_REQUEST = "last-bug-report-request";
267
268    private static final String TAG_LAST_NETWORK_LOG_RETRIEVAL = "last-network-log-retrieval";
269
270    private static final String TAG_ADMIN_BROADCAST_PENDING = "admin-broadcast-pending";
271
272    private static final String TAG_CURRENT_INPUT_METHOD_SET = "current-ime-set";
273
274    private static final String TAG_OWNER_INSTALLED_CA_CERT = "owner-installed-ca-cert";
275
276    private static final String ATTR_ID = "id";
277
278    private static final String ATTR_VALUE = "value";
279
280    private static final String ATTR_ALIAS = "alias";
281
282    private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle";
283
284    private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token";
285
286    private static final String TAG_PASSWORD_VALIDITY = "password-validity";
287
288    private static final int REQUEST_EXPIRE_PASSWORD = 5571;
289
290    private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1);
291
292    private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms
293
294    private static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION
295            = "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION";
296
297    private static final String ATTR_PERMISSION_PROVIDER = "permission-provider";
298    private static final String ATTR_SETUP_COMPLETE = "setup-complete";
299    private static final String ATTR_PROVISIONING_STATE = "provisioning-state";
300    private static final String ATTR_PERMISSION_POLICY = "permission-policy";
301    private static final String ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED =
302            "device-provisioning-config-applied";
303    private static final String ATTR_DEVICE_PAIRED = "device-paired";
304    private static final String ATTR_DELEGATED_CERT_INSTALLER = "delegated-cert-installer";
305    private static final String ATTR_APPLICATION_RESTRICTIONS_MANAGER
306            = "application-restrictions-manager";
307
308    private static final String MANAGED_PROVISIONING_PKG = "com.android.managedprovisioning";
309
310    // Comprehensive list of delegations.
311    private static final String DELEGATIONS[] = {
312        DELEGATION_CERT_INSTALL,
313        DELEGATION_APP_RESTRICTIONS,
314        DELEGATION_BLOCK_UNINSTALL,
315        DELEGATION_ENABLE_SYSTEM_APP,
316        DELEGATION_KEEP_UNINSTALLED_PACKAGES,
317        DELEGATION_PACKAGE_ACCESS,
318        DELEGATION_PERMISSION_GRANT,
319        DELEGATION_INSTALL_EXISTING_PACKAGE,
320        DELEGATION_KEEP_UNINSTALLED_PACKAGES
321    };
322
323    /**
324     *  System property whose value is either "true" or "false", indicating whether
325     *  device owner is present.
326     */
327    private static final String PROPERTY_DEVICE_OWNER_PRESENT = "ro.device_owner";
328
329    private static final int STATUS_BAR_DISABLE_MASK =
330            StatusBarManager.DISABLE_EXPAND |
331            StatusBarManager.DISABLE_NOTIFICATION_ICONS |
332            StatusBarManager.DISABLE_NOTIFICATION_ALERTS |
333            StatusBarManager.DISABLE_SEARCH;
334
335    private static final int STATUS_BAR_DISABLE2_MASK =
336            StatusBarManager.DISABLE2_QUICK_SETTINGS;
337
338    private static final Set<String> SECURE_SETTINGS_WHITELIST;
339    private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST;
340    private static final Set<String> GLOBAL_SETTINGS_WHITELIST;
341    private static final Set<String> GLOBAL_SETTINGS_DEPRECATED;
342    private static final Set<String> SYSTEM_SETTINGS_WHITELIST;
343    static {
344        SECURE_SETTINGS_WHITELIST = new ArraySet<>();
345        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD);
346        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS);
347        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.INSTALL_NON_MARKET_APPS);
348
349        SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new ArraySet<>();
350        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST);
351        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE);
352
353        GLOBAL_SETTINGS_WHITELIST = new ArraySet<>();
354        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED);
355        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME);
356        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE);
357        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING);
358        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED);
359        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY);
360        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.STAY_ON_WHILE_PLUGGED_IN);
361        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN);
362
363        GLOBAL_SETTINGS_DEPRECATED = new ArraySet<>();
364        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.BLUETOOTH_ON);
365        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED);
366        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.MODE_RINGER);
367        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.NETWORK_PREFERENCE);
368        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.WIFI_ON);
369
370        SYSTEM_SETTINGS_WHITELIST = new ArraySet<>();
371        SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS);
372        SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS_MODE);
373        SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_OFF_TIMEOUT);
374    }
375
376    /**
377     * Keyguard features that when set on a profile affect the profile content or challenge only.
378     * These cannot be set on the managed profile's parent DPM instance
379     */
380    private static final int PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY =
381            DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS;
382
383    /** Keyguard features that are allowed to be set on a managed profile */
384    private static final int PROFILE_KEYGUARD_FEATURES =
385            PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER | PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY;
386
387    private static final int DEVICE_ADMIN_DEACTIVATE_TIMEOUT = 10000;
388
389    /**
390     * Minimum timeout in milliseconds after which unlocking with weak auth times out,
391     * i.e. the user has to use a strong authentication method like password, PIN or pattern.
392     */
393    private static final long MINIMUM_STRONG_AUTH_TIMEOUT_MS = TimeUnit.HOURS.toMillis(1);
394
395    /**
396     * Strings logged with {@link
397     * com.android.internal.logging.nano.MetricsProto.MetricsEvent#PROVISIONING_ENTRY_POINT_ADB}.
398     */
399    private static final String LOG_TAG_PROFILE_OWNER = "profile-owner";
400    private static final String LOG_TAG_DEVICE_OWNER = "device-owner";
401
402    final Context mContext;
403    final Injector mInjector;
404    final IPackageManager mIPackageManager;
405    final UserManager mUserManager;
406    final UserManagerInternal mUserManagerInternal;
407    final UsageStatsManagerInternal mUsageStatsManagerInternal;
408    final TelephonyManager mTelephonyManager;
409    private final LockPatternUtils mLockPatternUtils;
410    private final DevicePolicyConstants mConstants;
411    private final DeviceAdminServiceController mDeviceAdminServiceController;
412    private final OverlayPackagesProvider mOverlayPackagesProvider;
413
414    /**
415     * Contains (package-user) pairs to remove. An entry (p, u) implies that removal of package p
416     * is requested for user u.
417     */
418    private final Set<Pair<String, Integer>> mPackagesToRemove =
419            new ArraySet<Pair<String, Integer>>();
420
421    final LocalService mLocalService;
422
423    // Stores and loads state on device and profile owners.
424    @VisibleForTesting
425    final Owners mOwners;
426
427    private final Binder mToken = new Binder();
428
429    /**
430     * Whether or not device admin feature is supported. If it isn't return defaults for all
431     * public methods.
432     */
433    boolean mHasFeature;
434
435    /**
436     * Whether or not this device is a watch.
437     */
438    boolean mIsWatch;
439
440    private final CertificateMonitor mCertificateMonitor;
441    private final SecurityLogMonitor mSecurityLogMonitor;
442    private NetworkLogger mNetworkLogger;
443
444    private final AtomicBoolean mRemoteBugreportServiceIsActive = new AtomicBoolean();
445    private final AtomicBoolean mRemoteBugreportSharingAccepted = new AtomicBoolean();
446
447    private SetupContentObserver mSetupContentObserver;
448
449    private final Runnable mRemoteBugreportTimeoutRunnable = new Runnable() {
450        @Override
451        public void run() {
452            if(mRemoteBugreportServiceIsActive.get()) {
453                onBugreportFailed();
454            }
455        }
456    };
457
458    /** Listens only if mHasFeature == true. */
459    private final BroadcastReceiver mRemoteBugreportFinishedReceiver = new BroadcastReceiver() {
460
461        @Override
462        public void onReceive(Context context, Intent intent) {
463            if (DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH.equals(intent.getAction())
464                    && mRemoteBugreportServiceIsActive.get()) {
465                onBugreportFinished(intent);
466            }
467        }
468    };
469
470    /** Listens only if mHasFeature == true. */
471    private final BroadcastReceiver mRemoteBugreportConsentReceiver = new BroadcastReceiver() {
472
473        @Override
474        public void onReceive(Context context, Intent intent) {
475            String action = intent.getAction();
476            mInjector.getNotificationManager().cancel(LOG_TAG,
477                    RemoteBugreportUtils.NOTIFICATION_ID);
478            if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED.equals(action)) {
479                onBugreportSharingAccepted();
480            } else if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) {
481                onBugreportSharingDeclined();
482            }
483            mContext.unregisterReceiver(mRemoteBugreportConsentReceiver);
484        }
485    };
486
487    public static final class Lifecycle extends SystemService {
488        private BaseIDevicePolicyManager mService;
489
490        public Lifecycle(Context context) {
491            super(context);
492            String dpmsClassName = context.getResources()
493                    .getString(R.string.config_deviceSpecificDevicePolicyManagerService);
494            if (TextUtils.isEmpty(dpmsClassName)) {
495                dpmsClassName = DevicePolicyManagerService.class.getName();
496            }
497            try {
498                Class serviceClass = Class.forName(dpmsClassName);
499                Constructor constructor = serviceClass.getConstructor(Context.class);
500                mService = (BaseIDevicePolicyManager) constructor.newInstance(context);
501            } catch (Exception e) {
502                throw new IllegalStateException(
503                    "Failed to instantiate DevicePolicyManagerService with class name: "
504                    + dpmsClassName, e);
505            }
506        }
507
508        @Override
509        public void onStart() {
510            publishBinderService(Context.DEVICE_POLICY_SERVICE, mService);
511            mService.handleStart();
512        }
513
514        @Override
515        public void onBootPhase(int phase) {
516            mService.systemReady(phase);
517        }
518
519        @Override
520        public void onStartUser(int userHandle) {
521            mService.handleStartUser(userHandle);
522        }
523
524        @Override
525        public void onUnlockUser(int userHandle) {
526            mService.handleUnlockUser(userHandle);
527        }
528
529        @Override
530        public void onStopUser(int userHandle) {
531            mService.handleStopUser(userHandle);
532        }
533    }
534
535    public static class DevicePolicyData {
536        @NonNull PasswordMetrics mActivePasswordMetrics = new PasswordMetrics();
537        int mFailedPasswordAttempts = 0;
538        boolean mPasswordStateHasBeenSetSinceBoot = false;
539        boolean mPasswordValidAtLastCheckpoint = false;
540
541        int mUserHandle;
542        int mPasswordOwner = -1;
543        long mLastMaximumTimeToLock = -1;
544        boolean mUserSetupComplete = false;
545        boolean mPaired = false;
546        int mUserProvisioningState;
547        int mPermissionPolicy;
548
549        boolean mDeviceProvisioningConfigApplied = false;
550
551        final ArrayMap<ComponentName, ActiveAdmin> mAdminMap = new ArrayMap<>();
552        final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>();
553        final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>();
554
555        // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead.
556        final ArraySet<String> mAcceptedCaCertificates = new ArraySet<>();
557
558        // This is the list of component allowed to start lock task mode.
559        List<String> mLockTaskPackages = new ArrayList<>();
560
561        // Bitfield of feature flags to be enabled during LockTask mode.
562        int mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE;
563
564        boolean mStatusBarDisabled = false;
565
566        ComponentName mRestrictionsProvider;
567
568        // Map of delegate package to delegation scopes
569        final ArrayMap<String, List<String>> mDelegationMap = new ArrayMap<>();
570
571        boolean doNotAskCredentialsOnBoot = false;
572
573        Set<String> mAffiliationIds = new ArraySet<>();
574
575        long mLastSecurityLogRetrievalTime = -1;
576
577        long mLastBugReportRequestTime = -1;
578
579        long mLastNetworkLogsRetrievalTime = -1;
580
581        boolean mCurrentInputMethodSet = false;
582
583        // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead.
584        Set<String> mOwnerInstalledCaCerts = new ArraySet<>();
585
586        // Used for initialization of users created by createAndManageUser.
587        boolean mAdminBroadcastPending = false;
588        PersistableBundle mInitBundle = null;
589
590        long mPasswordTokenHandle = 0;
591
592        public DevicePolicyData(int userHandle) {
593            mUserHandle = userHandle;
594        }
595    }
596
597    final SparseArray<DevicePolicyData> mUserData = new SparseArray<>();
598
599    final Handler mHandler;
600    final Handler mBackgroundHandler;
601
602    /** Listens only if mHasFeature == true. */
603    final BroadcastReceiver mReceiver = new BroadcastReceiver() {
604        @Override
605        public void onReceive(Context context, Intent intent) {
606            final String action = intent.getAction();
607            final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE,
608                    getSendingUserId());
609
610            /*
611             * Network logging would ideally be started in setDeviceOwnerSystemPropertyLocked(),
612             * however it's too early in the boot process to register with IIpConnectivityMetrics
613             * to listen for events.
614             */
615            if (Intent.ACTION_USER_STARTED.equals(action)
616                    && userHandle == mOwners.getDeviceOwnerUserId()) {
617                synchronized (DevicePolicyManagerService.this) {
618                    if (isNetworkLoggingEnabledInternalLocked()) {
619                        setNetworkLoggingActiveInternal(true);
620                    }
621                }
622            }
623            if (Intent.ACTION_BOOT_COMPLETED.equals(action)
624                    && userHandle == mOwners.getDeviceOwnerUserId()
625                    && getDeviceOwnerRemoteBugreportUri() != null) {
626                IntentFilter filterConsent = new IntentFilter();
627                filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED);
628                filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED);
629                mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent);
630                mInjector.getNotificationManager().notifyAsUser(LOG_TAG,
631                        RemoteBugreportUtils.NOTIFICATION_ID,
632                        RemoteBugreportUtils.buildNotification(mContext,
633                                DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED),
634                                UserHandle.ALL);
635            }
636            if (Intent.ACTION_BOOT_COMPLETED.equals(action)
637                    || ACTION_EXPIRED_PASSWORD_NOTIFICATION.equals(action)) {
638                if (VERBOSE_LOG) {
639                    Slog.v(LOG_TAG, "Sending password expiration notifications for action "
640                            + action + " for user " + userHandle);
641                }
642                mHandler.post(new Runnable() {
643                    @Override
644                    public void run() {
645                        handlePasswordExpirationNotification(userHandle);
646                    }
647                });
648            }
649
650            if (Intent.ACTION_USER_ADDED.equals(action)) {
651                sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_ADDED, userHandle);
652                synchronized (DevicePolicyManagerService.this) {
653                    // It might take a while for the user to become affiliated. Make security
654                    // and network logging unavailable in the meantime.
655                    maybePauseDeviceWideLoggingLocked();
656                }
657            } else if (Intent.ACTION_USER_REMOVED.equals(action)) {
658                sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_REMOVED, userHandle);
659                synchronized (DevicePolicyManagerService.this) {
660                    // Check whether the user is affiliated, *before* removing its data.
661                    boolean isRemovedUserAffiliated = isUserAffiliatedWithDeviceLocked(userHandle);
662                    removeUserData(userHandle);
663                    if (!isRemovedUserAffiliated) {
664                        // We discard the logs when unaffiliated users are deleted (so that the
665                        // device owner cannot retrieve data about that user after it's gone).
666                        discardDeviceWideLogsLocked();
667                        // Resume logging if all remaining users are affiliated.
668                        maybeResumeDeviceWideLoggingLocked();
669                    }
670                }
671            } else if (Intent.ACTION_USER_STARTED.equals(action)) {
672                sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STARTED, userHandle);
673                synchronized (DevicePolicyManagerService.this) {
674                    maybeSendAdminEnabledBroadcastLocked(userHandle);
675                    // Reset the policy data
676                    mUserData.remove(userHandle);
677                }
678                handlePackagesChanged(null /* check all admins */, userHandle);
679            } else if (Intent.ACTION_USER_STOPPED.equals(action)) {
680                sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STOPPED, userHandle);
681            } else if (Intent.ACTION_USER_SWITCHED.equals(action)) {
682                sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_SWITCHED, userHandle);
683            } else if (Intent.ACTION_USER_UNLOCKED.equals(action)) {
684                synchronized (DevicePolicyManagerService.this) {
685                    maybeSendAdminEnabledBroadcastLocked(userHandle);
686                }
687            } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) {
688                handlePackagesChanged(null /* check all admins */, userHandle);
689            } else if (Intent.ACTION_PACKAGE_CHANGED.equals(action)
690                    || (Intent.ACTION_PACKAGE_ADDED.equals(action)
691                    && intent.getBooleanExtra(Intent.EXTRA_REPLACING, false))) {
692                handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle);
693            } else if (Intent.ACTION_PACKAGE_REMOVED.equals(action)
694                    && !intent.getBooleanExtra(Intent.EXTRA_REPLACING, false)) {
695                handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle);
696            } else if (Intent.ACTION_MANAGED_PROFILE_ADDED.equals(action)) {
697                clearWipeProfileNotification();
698            }
699        }
700
701        private void sendDeviceOwnerUserCommand(String action, int userHandle) {
702            synchronized (DevicePolicyManagerService.this) {
703                ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
704                if (deviceOwner != null) {
705                    Bundle extras = new Bundle();
706                    extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle));
707                    sendAdminCommandLocked(deviceOwner, action, extras, null);
708                }
709            }
710        }
711    };
712
713    protected static class RestrictionsListener implements UserRestrictionsListener {
714        private Context mContext;
715
716        public RestrictionsListener(Context context) {
717            mContext = context;
718        }
719
720        public void onUserRestrictionsChanged(int userId, Bundle newRestrictions,
721                Bundle prevRestrictions) {
722            final boolean newlyDisallowed =
723                    newRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE);
724            final boolean previouslyDisallowed =
725                    prevRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE);
726            final boolean restrictionChanged = (newlyDisallowed != previouslyDisallowed);
727
728            if (restrictionChanged) {
729                // Notify ManagedProvisioning to update the built-in cross profile intent filters.
730                Intent intent = new Intent(
731                        DevicePolicyManager.ACTION_DATA_SHARING_RESTRICTION_CHANGED);
732                intent.setPackage(MANAGED_PROVISIONING_PKG);
733                intent.putExtra(Intent.EXTRA_USER_ID, userId);
734                intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
735                mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM);
736            }
737        }
738    }
739
740    static class ActiveAdmin {
741        private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features";
742        private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin";
743        private static final String TAG_DISABLE_CAMERA = "disable-camera";
744        private static final String TAG_DISABLE_CALLER_ID = "disable-caller-id";
745        private static final String TAG_DISABLE_CONTACTS_SEARCH = "disable-contacts-search";
746        private static final String TAG_DISABLE_BLUETOOTH_CONTACT_SHARING
747                = "disable-bt-contacts-sharing";
748        private static final String TAG_DISABLE_SCREEN_CAPTURE = "disable-screen-capture";
749        private static final String TAG_DISABLE_ACCOUNT_MANAGEMENT = "disable-account-management";
750        private static final String TAG_REQUIRE_AUTO_TIME = "require_auto_time";
751        private static final String TAG_FORCE_EPHEMERAL_USERS = "force_ephemeral_users";
752        private static final String TAG_IS_NETWORK_LOGGING_ENABLED = "is_network_logging_enabled";
753        private static final String TAG_ACCOUNT_TYPE = "account-type";
754        private static final String TAG_PERMITTED_ACCESSIBILITY_SERVICES
755                = "permitted-accessiblity-services";
756        private static final String TAG_ENCRYPTION_REQUESTED = "encryption-requested";
757        private static final String TAG_MANAGE_TRUST_AGENT_FEATURES = "manage-trust-agent-features";
758        private static final String TAG_TRUST_AGENT_COMPONENT_OPTIONS = "trust-agent-component-options";
759        private static final String TAG_TRUST_AGENT_COMPONENT = "component";
760        private static final String TAG_PASSWORD_EXPIRATION_DATE = "password-expiration-date";
761        private static final String TAG_PASSWORD_EXPIRATION_TIMEOUT = "password-expiration-timeout";
762        private static final String TAG_GLOBAL_PROXY_EXCLUSION_LIST = "global-proxy-exclusion-list";
763        private static final String TAG_GLOBAL_PROXY_SPEC = "global-proxy-spec";
764        private static final String TAG_SPECIFIES_GLOBAL_PROXY = "specifies-global-proxy";
765        private static final String TAG_PERMITTED_IMES = "permitted-imes";
766        private static final String TAG_PERMITTED_NOTIFICATION_LISTENERS =
767                "permitted-notification-listeners";
768        private static final String TAG_MAX_FAILED_PASSWORD_WIPE = "max-failed-password-wipe";
769        private static final String TAG_MAX_TIME_TO_UNLOCK = "max-time-to-unlock";
770        private static final String TAG_STRONG_AUTH_UNLOCK_TIMEOUT = "strong-auth-unlock-timeout";
771        private static final String TAG_MIN_PASSWORD_NONLETTER = "min-password-nonletter";
772        private static final String TAG_MIN_PASSWORD_SYMBOLS = "min-password-symbols";
773        private static final String TAG_MIN_PASSWORD_NUMERIC = "min-password-numeric";
774        private static final String TAG_MIN_PASSWORD_LETTERS = "min-password-letters";
775        private static final String TAG_MIN_PASSWORD_LOWERCASE = "min-password-lowercase";
776        private static final String TAG_MIN_PASSWORD_UPPERCASE = "min-password-uppercase";
777        private static final String TAG_PASSWORD_HISTORY_LENGTH = "password-history-length";
778        private static final String TAG_MIN_PASSWORD_LENGTH = "min-password-length";
779        private static final String ATTR_VALUE = "value";
780        private static final String TAG_PASSWORD_BLACKLIST = "password-blacklist";
781        private static final String TAG_PASSWORD_QUALITY = "password-quality";
782        private static final String TAG_POLICIES = "policies";
783        private static final String TAG_CROSS_PROFILE_WIDGET_PROVIDERS =
784                "cross-profile-widget-providers";
785        private static final String TAG_PROVIDER = "provider";
786        private static final String TAG_PACKAGE_LIST_ITEM  = "item";
787        private static final String TAG_KEEP_UNINSTALLED_PACKAGES  = "keep-uninstalled-packages";
788        private static final String TAG_USER_RESTRICTIONS = "user-restrictions";
789        private static final String TAG_DEFAULT_ENABLED_USER_RESTRICTIONS =
790                "default-enabled-user-restrictions";
791        private static final String TAG_RESTRICTION = "restriction";
792        private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message";
793        private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message";
794        private static final String TAG_PARENT_ADMIN = "parent-admin";
795        private static final String TAG_ORGANIZATION_COLOR = "organization-color";
796        private static final String TAG_ORGANIZATION_NAME = "organization-name";
797        private static final String ATTR_LAST_NETWORK_LOGGING_NOTIFICATION = "last-notification";
798        private static final String ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS = "num-notifications";
799        private static final String TAG_IS_LOGOUT_ENABLED = "is_logout_enabled";
800        private static final String TAG_MANDATORY_BACKUP_TRANSPORT = "mandatory_backup_transport";
801        private static final String TAG_START_USER_SESSION_MESSAGE = "start_user_session_message";
802        private static final String TAG_END_USER_SESSION_MESSAGE = "end_user_session_message";
803
804        DeviceAdminInfo info;
805
806
807        static final int DEF_PASSWORD_HISTORY_LENGTH = 0;
808        int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH;
809
810        static final int DEF_MINIMUM_PASSWORD_LENGTH = 0;
811        static final int DEF_MINIMUM_PASSWORD_LETTERS = 1;
812        static final int DEF_MINIMUM_PASSWORD_UPPER_CASE = 0;
813        static final int DEF_MINIMUM_PASSWORD_LOWER_CASE = 0;
814        static final int DEF_MINIMUM_PASSWORD_NUMERIC = 1;
815        static final int DEF_MINIMUM_PASSWORD_SYMBOLS = 1;
816        static final int DEF_MINIMUM_PASSWORD_NON_LETTER = 0;
817        @NonNull
818        PasswordMetrics minimumPasswordMetrics = new PasswordMetrics(
819                PASSWORD_QUALITY_UNSPECIFIED, DEF_MINIMUM_PASSWORD_LENGTH,
820                DEF_MINIMUM_PASSWORD_LETTERS, DEF_MINIMUM_PASSWORD_UPPER_CASE,
821                DEF_MINIMUM_PASSWORD_LOWER_CASE, DEF_MINIMUM_PASSWORD_NUMERIC,
822                DEF_MINIMUM_PASSWORD_SYMBOLS, DEF_MINIMUM_PASSWORD_NON_LETTER);
823
824        static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0;
825        long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK;
826
827        long strongAuthUnlockTimeout = 0; // admin doesn't participate by default
828
829        static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0;
830        int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE;
831
832        static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0;
833        long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT;
834
835        static final long DEF_PASSWORD_EXPIRATION_DATE = 0;
836        long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE;
837
838        static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none
839
840        int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED;
841
842        boolean encryptionRequested = false;
843        boolean testOnlyAdmin = false;
844        boolean disableCamera = false;
845        boolean disableCallerId = false;
846        boolean disableContactsSearch = false;
847        boolean disableBluetoothContactSharing = true;
848        boolean disableScreenCapture = false; // Can only be set by a device/profile owner.
849        boolean requireAutoTime = false; // Can only be set by a device owner.
850        boolean forceEphemeralUsers = false; // Can only be set by a device owner.
851        boolean isNetworkLoggingEnabled = false; // Can only be set by a device owner.
852        boolean isLogoutEnabled = false; // Can only be set by a device owner.
853
854        // one notification after enabling + one more after reboots
855        static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2;
856        int numNetworkLoggingNotifications = 0;
857        long lastNetworkLoggingNotificationTimeMs = 0; // Time in milliseconds since epoch
858
859        ActiveAdmin parentAdmin;
860        final boolean isParent;
861
862        static class TrustAgentInfo {
863            public PersistableBundle options;
864            TrustAgentInfo(PersistableBundle bundle) {
865                options = bundle;
866            }
867        }
868
869        final Set<String> accountTypesWithManagementDisabled = new ArraySet<>();
870
871        // The list of permitted accessibility services package namesas set by a profile
872        // or device owner. Null means all accessibility services are allowed, empty means
873        // none except system services are allowed.
874        List<String> permittedAccessiblityServices;
875
876        // The list of permitted input methods package names as set by a profile or device owner.
877        // Null means all input methods are allowed, empty means none except system imes are
878        // allowed.
879        List<String> permittedInputMethods;
880
881        // The list of packages allowed to use a NotificationListenerService to receive events for
882        // notifications from this user. Null means that all packages are allowed. Empty list means
883        // that only packages from the system are allowed.
884        List<String> permittedNotificationListeners;
885
886        // List of package names to keep cached.
887        List<String> keepUninstalledPackages;
888
889        // TODO: review implementation decisions with frameworks team
890        boolean specifiesGlobalProxy = false;
891        String globalProxySpec = null;
892        String globalProxyExclusionList = null;
893
894        ArrayMap<String, TrustAgentInfo> trustAgentInfos = new ArrayMap<>();
895
896        List<String> crossProfileWidgetProviders;
897
898        Bundle userRestrictions;
899
900        // User restrictions that have already been enabled by default for this admin (either when
901        // setting the device or profile owner, or during a system update if one of those "enabled
902        // by default" restrictions is newly added).
903        final Set<String> defaultEnabledRestrictionsAlreadySet = new ArraySet<>();
904
905        // Support text provided by the admin to display to the user.
906        CharSequence shortSupportMessage = null;
907        CharSequence longSupportMessage = null;
908
909        // Background color of confirm credentials screen. Default: teal.
910        static final int DEF_ORGANIZATION_COLOR = Color.parseColor("#00796B");
911        int organizationColor = DEF_ORGANIZATION_COLOR;
912
913        // Default title of confirm credentials screen
914        String organizationName = null;
915
916        // The blacklist data is stored in a file whose name is stored in the XML
917        String passwordBlacklistFile = null;
918
919        // The component name of the backup transport which has to be used if backups are mandatory
920        // or null if backups are not mandatory.
921        ComponentName mandatoryBackupTransport = null;
922
923        // Message for user switcher
924        String startUserSessionMessage = null;
925        String endUserSessionMessage = null;
926
927        ActiveAdmin(DeviceAdminInfo _info, boolean parent) {
928            info = _info;
929            isParent = parent;
930        }
931
932        ActiveAdmin getParentActiveAdmin() {
933            Preconditions.checkState(!isParent);
934
935            if (parentAdmin == null) {
936                parentAdmin = new ActiveAdmin(info, /* parent */ true);
937            }
938            return parentAdmin;
939        }
940
941        boolean hasParentActiveAdmin() {
942            return parentAdmin != null;
943        }
944
945        int getUid() { return info.getActivityInfo().applicationInfo.uid; }
946
947        public UserHandle getUserHandle() {
948            return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid));
949        }
950
951        void writeToXml(XmlSerializer out)
952                throws IllegalArgumentException, IllegalStateException, IOException {
953            out.startTag(null, TAG_POLICIES);
954            info.writePoliciesToXml(out);
955            out.endTag(null, TAG_POLICIES);
956            if (minimumPasswordMetrics.quality != PASSWORD_QUALITY_UNSPECIFIED) {
957                out.startTag(null, TAG_PASSWORD_QUALITY);
958                out.attribute(null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.quality));
959                out.endTag(null, TAG_PASSWORD_QUALITY);
960                if (minimumPasswordMetrics.length != DEF_MINIMUM_PASSWORD_LENGTH) {
961                    out.startTag(null, TAG_MIN_PASSWORD_LENGTH);
962                    out.attribute(
963                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.length));
964                    out.endTag(null, TAG_MIN_PASSWORD_LENGTH);
965                }
966                if(passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) {
967                    out.startTag(null, TAG_PASSWORD_HISTORY_LENGTH);
968                    out.attribute(null, ATTR_VALUE, Integer.toString(passwordHistoryLength));
969                    out.endTag(null, TAG_PASSWORD_HISTORY_LENGTH);
970                }
971                if (minimumPasswordMetrics.upperCase != DEF_MINIMUM_PASSWORD_UPPER_CASE) {
972                    out.startTag(null, TAG_MIN_PASSWORD_UPPERCASE);
973                    out.attribute(
974                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.upperCase));
975                    out.endTag(null, TAG_MIN_PASSWORD_UPPERCASE);
976                }
977                if (minimumPasswordMetrics.lowerCase != DEF_MINIMUM_PASSWORD_LOWER_CASE) {
978                    out.startTag(null, TAG_MIN_PASSWORD_LOWERCASE);
979                    out.attribute(
980                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.lowerCase));
981                    out.endTag(null, TAG_MIN_PASSWORD_LOWERCASE);
982                }
983                if (minimumPasswordMetrics.letters != DEF_MINIMUM_PASSWORD_LETTERS) {
984                    out.startTag(null, TAG_MIN_PASSWORD_LETTERS);
985                    out.attribute(
986                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.letters));
987                    out.endTag(null, TAG_MIN_PASSWORD_LETTERS);
988                }
989                if (minimumPasswordMetrics.numeric != DEF_MINIMUM_PASSWORD_NUMERIC) {
990                    out.startTag(null, TAG_MIN_PASSWORD_NUMERIC);
991                    out.attribute(
992                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.numeric));
993                    out.endTag(null, TAG_MIN_PASSWORD_NUMERIC);
994                }
995                if (minimumPasswordMetrics.symbols != DEF_MINIMUM_PASSWORD_SYMBOLS) {
996                    out.startTag(null, TAG_MIN_PASSWORD_SYMBOLS);
997                    out.attribute(
998                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.symbols));
999                    out.endTag(null, TAG_MIN_PASSWORD_SYMBOLS);
1000                }
1001                if (minimumPasswordMetrics.nonLetter > DEF_MINIMUM_PASSWORD_NON_LETTER) {
1002                    out.startTag(null, TAG_MIN_PASSWORD_NONLETTER);
1003                    out.attribute(
1004                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.nonLetter));
1005                    out.endTag(null, TAG_MIN_PASSWORD_NONLETTER);
1006                }
1007            }
1008            if (passwordBlacklistFile != null) {
1009                out.startTag(null, TAG_PASSWORD_BLACKLIST);
1010                out.attribute(null, ATTR_VALUE, passwordBlacklistFile);
1011                out.endTag(null, TAG_PASSWORD_BLACKLIST);
1012            }
1013            if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) {
1014                out.startTag(null, TAG_MAX_TIME_TO_UNLOCK);
1015                out.attribute(null, ATTR_VALUE, Long.toString(maximumTimeToUnlock));
1016                out.endTag(null, TAG_MAX_TIME_TO_UNLOCK);
1017            }
1018            if (strongAuthUnlockTimeout != DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) {
1019                out.startTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT);
1020                out.attribute(null, ATTR_VALUE, Long.toString(strongAuthUnlockTimeout));
1021                out.endTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT);
1022            }
1023            if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
1024                out.startTag(null, TAG_MAX_FAILED_PASSWORD_WIPE);
1025                out.attribute(null, ATTR_VALUE, Integer.toString(maximumFailedPasswordsForWipe));
1026                out.endTag(null, TAG_MAX_FAILED_PASSWORD_WIPE);
1027            }
1028            if (specifiesGlobalProxy) {
1029                out.startTag(null, TAG_SPECIFIES_GLOBAL_PROXY);
1030                out.attribute(null, ATTR_VALUE, Boolean.toString(specifiesGlobalProxy));
1031                out.endTag(null, TAG_SPECIFIES_GLOBAL_PROXY);
1032                if (globalProxySpec != null) {
1033                    out.startTag(null, TAG_GLOBAL_PROXY_SPEC);
1034                    out.attribute(null, ATTR_VALUE, globalProxySpec);
1035                    out.endTag(null, TAG_GLOBAL_PROXY_SPEC);
1036                }
1037                if (globalProxyExclusionList != null) {
1038                    out.startTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST);
1039                    out.attribute(null, ATTR_VALUE, globalProxyExclusionList);
1040                    out.endTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST);
1041                }
1042            }
1043            if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) {
1044                out.startTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT);
1045                out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationTimeout));
1046                out.endTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT);
1047            }
1048            if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) {
1049                out.startTag(null, TAG_PASSWORD_EXPIRATION_DATE);
1050                out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationDate));
1051                out.endTag(null, TAG_PASSWORD_EXPIRATION_DATE);
1052            }
1053            if (encryptionRequested) {
1054                out.startTag(null, TAG_ENCRYPTION_REQUESTED);
1055                out.attribute(null, ATTR_VALUE, Boolean.toString(encryptionRequested));
1056                out.endTag(null, TAG_ENCRYPTION_REQUESTED);
1057            }
1058            if (testOnlyAdmin) {
1059                out.startTag(null, TAG_TEST_ONLY_ADMIN);
1060                out.attribute(null, ATTR_VALUE, Boolean.toString(testOnlyAdmin));
1061                out.endTag(null, TAG_TEST_ONLY_ADMIN);
1062            }
1063            if (disableCamera) {
1064                out.startTag(null, TAG_DISABLE_CAMERA);
1065                out.attribute(null, ATTR_VALUE, Boolean.toString(disableCamera));
1066                out.endTag(null, TAG_DISABLE_CAMERA);
1067            }
1068            if (disableCallerId) {
1069                out.startTag(null, TAG_DISABLE_CALLER_ID);
1070                out.attribute(null, ATTR_VALUE, Boolean.toString(disableCallerId));
1071                out.endTag(null, TAG_DISABLE_CALLER_ID);
1072            }
1073            if (disableContactsSearch) {
1074                out.startTag(null, TAG_DISABLE_CONTACTS_SEARCH);
1075                out.attribute(null, ATTR_VALUE, Boolean.toString(disableContactsSearch));
1076                out.endTag(null, TAG_DISABLE_CONTACTS_SEARCH);
1077            }
1078            if (!disableBluetoothContactSharing) {
1079                out.startTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING);
1080                out.attribute(null, ATTR_VALUE,
1081                        Boolean.toString(disableBluetoothContactSharing));
1082                out.endTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING);
1083            }
1084            if (disableScreenCapture) {
1085                out.startTag(null, TAG_DISABLE_SCREEN_CAPTURE);
1086                out.attribute(null, ATTR_VALUE, Boolean.toString(disableScreenCapture));
1087                out.endTag(null, TAG_DISABLE_SCREEN_CAPTURE);
1088            }
1089            if (requireAutoTime) {
1090                out.startTag(null, TAG_REQUIRE_AUTO_TIME);
1091                out.attribute(null, ATTR_VALUE, Boolean.toString(requireAutoTime));
1092                out.endTag(null, TAG_REQUIRE_AUTO_TIME);
1093            }
1094            if (forceEphemeralUsers) {
1095                out.startTag(null, TAG_FORCE_EPHEMERAL_USERS);
1096                out.attribute(null, ATTR_VALUE, Boolean.toString(forceEphemeralUsers));
1097                out.endTag(null, TAG_FORCE_EPHEMERAL_USERS);
1098            }
1099            if (isNetworkLoggingEnabled) {
1100                out.startTag(null, TAG_IS_NETWORK_LOGGING_ENABLED);
1101                out.attribute(null, ATTR_VALUE, Boolean.toString(isNetworkLoggingEnabled));
1102                out.attribute(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS,
1103                        Integer.toString(numNetworkLoggingNotifications));
1104                out.attribute(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION,
1105                        Long.toString(lastNetworkLoggingNotificationTimeMs));
1106                out.endTag(null, TAG_IS_NETWORK_LOGGING_ENABLED);
1107            }
1108            if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) {
1109                out.startTag(null, TAG_DISABLE_KEYGUARD_FEATURES);
1110                out.attribute(null, ATTR_VALUE, Integer.toString(disabledKeyguardFeatures));
1111                out.endTag(null, TAG_DISABLE_KEYGUARD_FEATURES);
1112            }
1113            if (!accountTypesWithManagementDisabled.isEmpty()) {
1114                out.startTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT);
1115                writeAttributeValuesToXml(
1116                        out, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled);
1117                out.endTag(null,  TAG_DISABLE_ACCOUNT_MANAGEMENT);
1118            }
1119            if (!trustAgentInfos.isEmpty()) {
1120                Set<Entry<String, TrustAgentInfo>> set = trustAgentInfos.entrySet();
1121                out.startTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES);
1122                for (Entry<String, TrustAgentInfo> entry : set) {
1123                    TrustAgentInfo trustAgentInfo = entry.getValue();
1124                    out.startTag(null, TAG_TRUST_AGENT_COMPONENT);
1125                    out.attribute(null, ATTR_VALUE, entry.getKey());
1126                    if (trustAgentInfo.options != null) {
1127                        out.startTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS);
1128                        try {
1129                            trustAgentInfo.options.saveToXml(out);
1130                        } catch (XmlPullParserException e) {
1131                            Log.e(LOG_TAG, "Failed to save TrustAgent options", e);
1132                        }
1133                        out.endTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS);
1134                    }
1135                    out.endTag(null, TAG_TRUST_AGENT_COMPONENT);
1136                }
1137                out.endTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES);
1138            }
1139            if (crossProfileWidgetProviders != null && !crossProfileWidgetProviders.isEmpty()) {
1140                out.startTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS);
1141                writeAttributeValuesToXml(out, TAG_PROVIDER, crossProfileWidgetProviders);
1142                out.endTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS);
1143            }
1144            writePackageListToXml(out, TAG_PERMITTED_ACCESSIBILITY_SERVICES,
1145                    permittedAccessiblityServices);
1146            writePackageListToXml(out, TAG_PERMITTED_IMES, permittedInputMethods);
1147            writePackageListToXml(out, TAG_PERMITTED_NOTIFICATION_LISTENERS,
1148                    permittedNotificationListeners);
1149            writePackageListToXml(out, TAG_KEEP_UNINSTALLED_PACKAGES, keepUninstalledPackages);
1150            if (hasUserRestrictions()) {
1151                UserRestrictionsUtils.writeRestrictions(
1152                        out, userRestrictions, TAG_USER_RESTRICTIONS);
1153            }
1154            if (!defaultEnabledRestrictionsAlreadySet.isEmpty()) {
1155                out.startTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS);
1156                writeAttributeValuesToXml(
1157                        out, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet);
1158                out.endTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS);
1159            }
1160            if (!TextUtils.isEmpty(shortSupportMessage)) {
1161                out.startTag(null, TAG_SHORT_SUPPORT_MESSAGE);
1162                out.text(shortSupportMessage.toString());
1163                out.endTag(null, TAG_SHORT_SUPPORT_MESSAGE);
1164            }
1165            if (!TextUtils.isEmpty(longSupportMessage)) {
1166                out.startTag(null, TAG_LONG_SUPPORT_MESSAGE);
1167                out.text(longSupportMessage.toString());
1168                out.endTag(null, TAG_LONG_SUPPORT_MESSAGE);
1169            }
1170            if (parentAdmin != null) {
1171                out.startTag(null, TAG_PARENT_ADMIN);
1172                parentAdmin.writeToXml(out);
1173                out.endTag(null, TAG_PARENT_ADMIN);
1174            }
1175            if (organizationColor != DEF_ORGANIZATION_COLOR) {
1176                out.startTag(null, TAG_ORGANIZATION_COLOR);
1177                out.attribute(null, ATTR_VALUE, Integer.toString(organizationColor));
1178                out.endTag(null, TAG_ORGANIZATION_COLOR);
1179            }
1180            if (organizationName != null) {
1181                out.startTag(null, TAG_ORGANIZATION_NAME);
1182                out.text(organizationName);
1183                out.endTag(null, TAG_ORGANIZATION_NAME);
1184            }
1185            if (isLogoutEnabled) {
1186                out.startTag(null, TAG_IS_LOGOUT_ENABLED);
1187                out.attribute(null, ATTR_VALUE, Boolean.toString(isLogoutEnabled));
1188                out.endTag(null, TAG_IS_LOGOUT_ENABLED);
1189            }
1190            if (mandatoryBackupTransport != null) {
1191                out.startTag(null, TAG_MANDATORY_BACKUP_TRANSPORT);
1192                out.attribute(null, ATTR_VALUE, mandatoryBackupTransport.flattenToString());
1193                out.endTag(null, TAG_MANDATORY_BACKUP_TRANSPORT);
1194            }
1195            if (startUserSessionMessage != null) {
1196                out.startTag(null, TAG_START_USER_SESSION_MESSAGE);
1197                out.text(startUserSessionMessage);
1198                out.endTag(null, TAG_START_USER_SESSION_MESSAGE);
1199            }
1200            if (endUserSessionMessage != null) {
1201                out.startTag(null, TAG_END_USER_SESSION_MESSAGE);
1202                out.text(endUserSessionMessage);
1203                out.endTag(null, TAG_END_USER_SESSION_MESSAGE);
1204            }
1205        }
1206
1207        void writePackageListToXml(XmlSerializer out, String outerTag,
1208                List<String> packageList)
1209                throws IllegalArgumentException, IllegalStateException, IOException {
1210            if (packageList == null) {
1211                return;
1212            }
1213
1214            out.startTag(null, outerTag);
1215            writeAttributeValuesToXml(out, TAG_PACKAGE_LIST_ITEM, packageList);
1216            out.endTag(null, outerTag);
1217        }
1218
1219        void writeAttributeValuesToXml(XmlSerializer out, String tag,
1220                @NonNull Collection<String> values) throws IOException {
1221            for (String value : values) {
1222                out.startTag(null, tag);
1223                out.attribute(null, ATTR_VALUE, value);
1224                out.endTag(null, tag);
1225            }
1226        }
1227
1228        void readFromXml(XmlPullParser parser)
1229                throws XmlPullParserException, IOException {
1230            int outerDepth = parser.getDepth();
1231            int type;
1232            while ((type=parser.next()) != END_DOCUMENT
1233                   && (type != END_TAG || parser.getDepth() > outerDepth)) {
1234                if (type == END_TAG || type == TEXT) {
1235                    continue;
1236                }
1237                String tag = parser.getName();
1238                if (TAG_POLICIES.equals(tag)) {
1239                    info.readPoliciesFromXml(parser);
1240                } else if (TAG_PASSWORD_QUALITY.equals(tag)) {
1241                    minimumPasswordMetrics.quality = Integer.parseInt(
1242                            parser.getAttributeValue(null, ATTR_VALUE));
1243                } else if (TAG_MIN_PASSWORD_LENGTH.equals(tag)) {
1244                    minimumPasswordMetrics.length = Integer.parseInt(
1245                            parser.getAttributeValue(null, ATTR_VALUE));
1246                } else if (TAG_PASSWORD_HISTORY_LENGTH.equals(tag)) {
1247                    passwordHistoryLength = Integer.parseInt(
1248                            parser.getAttributeValue(null, ATTR_VALUE));
1249                } else if (TAG_MIN_PASSWORD_UPPERCASE.equals(tag)) {
1250                    minimumPasswordMetrics.upperCase = Integer.parseInt(
1251                            parser.getAttributeValue(null, ATTR_VALUE));
1252                } else if (TAG_MIN_PASSWORD_LOWERCASE.equals(tag)) {
1253                    minimumPasswordMetrics.lowerCase = Integer.parseInt(
1254                            parser.getAttributeValue(null, ATTR_VALUE));
1255                } else if (TAG_MIN_PASSWORD_LETTERS.equals(tag)) {
1256                    minimumPasswordMetrics.letters = Integer.parseInt(
1257                            parser.getAttributeValue(null, ATTR_VALUE));
1258                } else if (TAG_MIN_PASSWORD_NUMERIC.equals(tag)) {
1259                    minimumPasswordMetrics.numeric = Integer.parseInt(
1260                            parser.getAttributeValue(null, ATTR_VALUE));
1261                } else if (TAG_MIN_PASSWORD_SYMBOLS.equals(tag)) {
1262                    minimumPasswordMetrics.symbols = Integer.parseInt(
1263                            parser.getAttributeValue(null, ATTR_VALUE));
1264                } else if (TAG_MIN_PASSWORD_NONLETTER.equals(tag)) {
1265                    minimumPasswordMetrics.nonLetter = Integer.parseInt(
1266                            parser.getAttributeValue(null, ATTR_VALUE));
1267                } else if (TAG_PASSWORD_BLACKLIST.equals(tag)) {
1268                    passwordBlacklistFile = parser.getAttributeValue(null, ATTR_VALUE);
1269                }else if (TAG_MAX_TIME_TO_UNLOCK.equals(tag)) {
1270                    maximumTimeToUnlock = Long.parseLong(
1271                            parser.getAttributeValue(null, ATTR_VALUE));
1272                } else if (TAG_STRONG_AUTH_UNLOCK_TIMEOUT.equals(tag)) {
1273                    strongAuthUnlockTimeout = Long.parseLong(
1274                            parser.getAttributeValue(null, ATTR_VALUE));
1275                } else if (TAG_MAX_FAILED_PASSWORD_WIPE.equals(tag)) {
1276                    maximumFailedPasswordsForWipe = Integer.parseInt(
1277                            parser.getAttributeValue(null, ATTR_VALUE));
1278                } else if (TAG_SPECIFIES_GLOBAL_PROXY.equals(tag)) {
1279                    specifiesGlobalProxy = Boolean.parseBoolean(
1280                            parser.getAttributeValue(null, ATTR_VALUE));
1281                } else if (TAG_GLOBAL_PROXY_SPEC.equals(tag)) {
1282                    globalProxySpec =
1283                        parser.getAttributeValue(null, ATTR_VALUE);
1284                } else if (TAG_GLOBAL_PROXY_EXCLUSION_LIST.equals(tag)) {
1285                    globalProxyExclusionList =
1286                        parser.getAttributeValue(null, ATTR_VALUE);
1287                } else if (TAG_PASSWORD_EXPIRATION_TIMEOUT.equals(tag)) {
1288                    passwordExpirationTimeout = Long.parseLong(
1289                            parser.getAttributeValue(null, ATTR_VALUE));
1290                } else if (TAG_PASSWORD_EXPIRATION_DATE.equals(tag)) {
1291                    passwordExpirationDate = Long.parseLong(
1292                            parser.getAttributeValue(null, ATTR_VALUE));
1293                } else if (TAG_ENCRYPTION_REQUESTED.equals(tag)) {
1294                    encryptionRequested = Boolean.parseBoolean(
1295                            parser.getAttributeValue(null, ATTR_VALUE));
1296                } else if (TAG_TEST_ONLY_ADMIN.equals(tag)) {
1297                    testOnlyAdmin = Boolean.parseBoolean(
1298                            parser.getAttributeValue(null, ATTR_VALUE));
1299                } else if (TAG_DISABLE_CAMERA.equals(tag)) {
1300                    disableCamera = Boolean.parseBoolean(
1301                            parser.getAttributeValue(null, ATTR_VALUE));
1302                } else if (TAG_DISABLE_CALLER_ID.equals(tag)) {
1303                    disableCallerId = Boolean.parseBoolean(
1304                            parser.getAttributeValue(null, ATTR_VALUE));
1305                } else if (TAG_DISABLE_CONTACTS_SEARCH.equals(tag)) {
1306                    disableContactsSearch = Boolean.parseBoolean(
1307                            parser.getAttributeValue(null, ATTR_VALUE));
1308                } else if (TAG_DISABLE_BLUETOOTH_CONTACT_SHARING.equals(tag)) {
1309                    disableBluetoothContactSharing = Boolean.parseBoolean(parser
1310                            .getAttributeValue(null, ATTR_VALUE));
1311                } else if (TAG_DISABLE_SCREEN_CAPTURE.equals(tag)) {
1312                    disableScreenCapture = Boolean.parseBoolean(
1313                            parser.getAttributeValue(null, ATTR_VALUE));
1314                } else if (TAG_REQUIRE_AUTO_TIME.equals(tag)) {
1315                    requireAutoTime = Boolean.parseBoolean(
1316                            parser.getAttributeValue(null, ATTR_VALUE));
1317                } else if (TAG_FORCE_EPHEMERAL_USERS.equals(tag)) {
1318                    forceEphemeralUsers = Boolean.parseBoolean(
1319                            parser.getAttributeValue(null, ATTR_VALUE));
1320                } else if (TAG_IS_NETWORK_LOGGING_ENABLED.equals(tag)) {
1321                    isNetworkLoggingEnabled = Boolean.parseBoolean(
1322                            parser.getAttributeValue(null, ATTR_VALUE));
1323                    lastNetworkLoggingNotificationTimeMs = Long.parseLong(
1324                            parser.getAttributeValue(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION));
1325                    numNetworkLoggingNotifications = Integer.parseInt(
1326                            parser.getAttributeValue(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS));
1327                } else if (TAG_DISABLE_KEYGUARD_FEATURES.equals(tag)) {
1328                    disabledKeyguardFeatures = Integer.parseInt(
1329                            parser.getAttributeValue(null, ATTR_VALUE));
1330                } else if (TAG_DISABLE_ACCOUNT_MANAGEMENT.equals(tag)) {
1331                    readAttributeValues(
1332                            parser, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled);
1333                } else if (TAG_MANAGE_TRUST_AGENT_FEATURES.equals(tag)) {
1334                    trustAgentInfos = getAllTrustAgentInfos(parser, tag);
1335                } else if (TAG_CROSS_PROFILE_WIDGET_PROVIDERS.equals(tag)) {
1336                    crossProfileWidgetProviders = new ArrayList<>();
1337                    readAttributeValues(parser, TAG_PROVIDER, crossProfileWidgetProviders);
1338                } else if (TAG_PERMITTED_ACCESSIBILITY_SERVICES.equals(tag)) {
1339                    permittedAccessiblityServices = readPackageList(parser, tag);
1340                } else if (TAG_PERMITTED_IMES.equals(tag)) {
1341                    permittedInputMethods = readPackageList(parser, tag);
1342                } else if (TAG_PERMITTED_NOTIFICATION_LISTENERS.equals(tag)) {
1343                    permittedNotificationListeners = readPackageList(parser, tag);
1344                } else if (TAG_KEEP_UNINSTALLED_PACKAGES.equals(tag)) {
1345                    keepUninstalledPackages = readPackageList(parser, tag);
1346                } else if (TAG_USER_RESTRICTIONS.equals(tag)) {
1347                    userRestrictions = UserRestrictionsUtils.readRestrictions(parser);
1348                } else if (TAG_DEFAULT_ENABLED_USER_RESTRICTIONS.equals(tag)) {
1349                    readAttributeValues(
1350                            parser, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet);
1351                } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) {
1352                    type = parser.next();
1353                    if (type == XmlPullParser.TEXT) {
1354                        shortSupportMessage = parser.getText();
1355                    } else {
1356                        Log.w(LOG_TAG, "Missing text when loading short support message");
1357                    }
1358                } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) {
1359                    type = parser.next();
1360                    if (type == XmlPullParser.TEXT) {
1361                        longSupportMessage = parser.getText();
1362                    } else {
1363                        Log.w(LOG_TAG, "Missing text when loading long support message");
1364                    }
1365                } else if (TAG_PARENT_ADMIN.equals(tag)) {
1366                    Preconditions.checkState(!isParent);
1367
1368                    parentAdmin = new ActiveAdmin(info, /* parent */ true);
1369                    parentAdmin.readFromXml(parser);
1370                } else if (TAG_ORGANIZATION_COLOR.equals(tag)) {
1371                    organizationColor = Integer.parseInt(
1372                            parser.getAttributeValue(null, ATTR_VALUE));
1373                } else if (TAG_ORGANIZATION_NAME.equals(tag)) {
1374                    type = parser.next();
1375                    if (type == XmlPullParser.TEXT) {
1376                        organizationName = parser.getText();
1377                    } else {
1378                        Log.w(LOG_TAG, "Missing text when loading organization name");
1379                    }
1380                } else if (TAG_IS_LOGOUT_ENABLED.equals(tag)) {
1381                    isLogoutEnabled = Boolean.parseBoolean(
1382                            parser.getAttributeValue(null, ATTR_VALUE));
1383                } else if (TAG_MANDATORY_BACKUP_TRANSPORT.equals(tag)) {
1384                    mandatoryBackupTransport = ComponentName.unflattenFromString(
1385                            parser.getAttributeValue(null, ATTR_VALUE));
1386                } else if (TAG_START_USER_SESSION_MESSAGE.equals(tag)) {
1387                    type = parser.next();
1388                    if (type == XmlPullParser.TEXT) {
1389                        startUserSessionMessage = parser.getText();
1390                    } else {
1391                        Log.w(LOG_TAG, "Missing text when loading start session message");
1392                    }
1393                } else if (TAG_END_USER_SESSION_MESSAGE.equals(tag)) {
1394                    type = parser.next();
1395                    if (type == XmlPullParser.TEXT) {
1396                        endUserSessionMessage = parser.getText();
1397                    } else {
1398                        Log.w(LOG_TAG, "Missing text when loading end session message");
1399                    }
1400                } else {
1401                    Slog.w(LOG_TAG, "Unknown admin tag: " + tag);
1402                    XmlUtils.skipCurrentTag(parser);
1403                }
1404            }
1405        }
1406
1407        private List<String> readPackageList(XmlPullParser parser,
1408                String tag) throws XmlPullParserException, IOException {
1409            List<String> result = new ArrayList<String>();
1410            int outerDepth = parser.getDepth();
1411            int outerType;
1412            while ((outerType=parser.next()) != XmlPullParser.END_DOCUMENT
1413                    && (outerType != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1414                if (outerType == XmlPullParser.END_TAG || outerType == XmlPullParser.TEXT) {
1415                    continue;
1416                }
1417                String outerTag = parser.getName();
1418                if (TAG_PACKAGE_LIST_ITEM.equals(outerTag)) {
1419                    String packageName = parser.getAttributeValue(null, ATTR_VALUE);
1420                    if (packageName != null) {
1421                        result.add(packageName);
1422                    } else {
1423                        Slog.w(LOG_TAG, "Package name missing under " + outerTag);
1424                    }
1425                } else {
1426                    Slog.w(LOG_TAG, "Unknown tag under " + tag +  ": " + outerTag);
1427                }
1428            }
1429            return result;
1430        }
1431
1432        private void readAttributeValues(
1433                XmlPullParser parser, String tag, Collection<String> result)
1434                throws XmlPullParserException, IOException {
1435            result.clear();
1436            int outerDepthDAM = parser.getDepth();
1437            int typeDAM;
1438            while ((typeDAM=parser.next()) != END_DOCUMENT
1439                    && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1440                if (typeDAM == END_TAG || typeDAM == TEXT) {
1441                    continue;
1442                }
1443                String tagDAM = parser.getName();
1444                if (tag.equals(tagDAM)) {
1445                    result.add(parser.getAttributeValue(null, ATTR_VALUE));
1446                } else {
1447                    Slog.e(LOG_TAG, "Expected tag " + tag +  " but found " + tagDAM);
1448                }
1449            }
1450        }
1451
1452        private ArrayMap<String, TrustAgentInfo> getAllTrustAgentInfos(
1453                XmlPullParser parser, String tag) throws XmlPullParserException, IOException {
1454            int outerDepthDAM = parser.getDepth();
1455            int typeDAM;
1456            final ArrayMap<String, TrustAgentInfo> result = new ArrayMap<>();
1457            while ((typeDAM=parser.next()) != END_DOCUMENT
1458                    && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1459                if (typeDAM == END_TAG || typeDAM == TEXT) {
1460                    continue;
1461                }
1462                String tagDAM = parser.getName();
1463                if (TAG_TRUST_AGENT_COMPONENT.equals(tagDAM)) {
1464                    final String component = parser.getAttributeValue(null, ATTR_VALUE);
1465                    final TrustAgentInfo trustAgentInfo = getTrustAgentInfo(parser, tag);
1466                    result.put(component, trustAgentInfo);
1467                } else {
1468                    Slog.w(LOG_TAG, "Unknown tag under " + tag +  ": " + tagDAM);
1469                }
1470            }
1471            return result;
1472        }
1473
1474        private TrustAgentInfo getTrustAgentInfo(XmlPullParser parser, String tag)
1475                throws XmlPullParserException, IOException  {
1476            int outerDepthDAM = parser.getDepth();
1477            int typeDAM;
1478            TrustAgentInfo result = new TrustAgentInfo(null);
1479            while ((typeDAM=parser.next()) != END_DOCUMENT
1480                    && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1481                if (typeDAM == END_TAG || typeDAM == TEXT) {
1482                    continue;
1483                }
1484                String tagDAM = parser.getName();
1485                if (TAG_TRUST_AGENT_COMPONENT_OPTIONS.equals(tagDAM)) {
1486                    result.options = PersistableBundle.restoreFromXml(parser);
1487                } else {
1488                    Slog.w(LOG_TAG, "Unknown tag under " + tag +  ": " + tagDAM);
1489                }
1490            }
1491            return result;
1492        }
1493
1494        boolean hasUserRestrictions() {
1495            return userRestrictions != null && userRestrictions.size() > 0;
1496        }
1497
1498        Bundle ensureUserRestrictions() {
1499            if (userRestrictions == null) {
1500                userRestrictions = new Bundle();
1501            }
1502            return userRestrictions;
1503        }
1504
1505        public void transfer(DeviceAdminInfo deviceAdminInfo) {
1506            if (hasParentActiveAdmin()) {
1507                parentAdmin.info = deviceAdminInfo;
1508            }
1509            info = deviceAdminInfo;
1510        }
1511
1512        void dump(String prefix, PrintWriter pw) {
1513            pw.print(prefix); pw.print("uid="); pw.println(getUid());
1514            pw.print(prefix); pw.print("testOnlyAdmin=");
1515            pw.println(testOnlyAdmin);
1516            pw.print(prefix); pw.println("policies:");
1517            ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies();
1518            if (pols != null) {
1519                for (int i=0; i<pols.size(); i++) {
1520                    pw.print(prefix); pw.print("  "); pw.println(pols.get(i).tag);
1521                }
1522            }
1523            pw.print(prefix); pw.print("passwordQuality=0x");
1524                    pw.println(Integer.toHexString(minimumPasswordMetrics.quality));
1525            pw.print(prefix); pw.print("minimumPasswordLength=");
1526                    pw.println(minimumPasswordMetrics.length);
1527            pw.print(prefix); pw.print("passwordHistoryLength=");
1528                    pw.println(passwordHistoryLength);
1529            pw.print(prefix); pw.print("minimumPasswordUpperCase=");
1530                    pw.println(minimumPasswordMetrics.upperCase);
1531            pw.print(prefix); pw.print("minimumPasswordLowerCase=");
1532                    pw.println(minimumPasswordMetrics.lowerCase);
1533            pw.print(prefix); pw.print("minimumPasswordLetters=");
1534                    pw.println(minimumPasswordMetrics.letters);
1535            pw.print(prefix); pw.print("minimumPasswordNumeric=");
1536                    pw.println(minimumPasswordMetrics.numeric);
1537            pw.print(prefix); pw.print("minimumPasswordSymbols=");
1538                    pw.println(minimumPasswordMetrics.symbols);
1539            pw.print(prefix); pw.print("minimumPasswordNonLetter=");
1540                    pw.println(minimumPasswordMetrics.nonLetter);
1541            pw.print(prefix); pw.print("passwordBlacklist=");
1542                    pw.println(passwordBlacklistFile != null);
1543            pw.print(prefix); pw.print("maximumTimeToUnlock=");
1544                    pw.println(maximumTimeToUnlock);
1545            pw.print(prefix); pw.print("strongAuthUnlockTimeout=");
1546                    pw.println(strongAuthUnlockTimeout);
1547            pw.print(prefix); pw.print("maximumFailedPasswordsForWipe=");
1548                    pw.println(maximumFailedPasswordsForWipe);
1549            pw.print(prefix); pw.print("specifiesGlobalProxy=");
1550                    pw.println(specifiesGlobalProxy);
1551            pw.print(prefix); pw.print("passwordExpirationTimeout=");
1552                    pw.println(passwordExpirationTimeout);
1553            pw.print(prefix); pw.print("passwordExpirationDate=");
1554                    pw.println(passwordExpirationDate);
1555            if (globalProxySpec != null) {
1556                pw.print(prefix); pw.print("globalProxySpec=");
1557                        pw.println(globalProxySpec);
1558            }
1559            if (globalProxyExclusionList != null) {
1560                pw.print(prefix); pw.print("globalProxyEclusionList=");
1561                        pw.println(globalProxyExclusionList);
1562            }
1563            pw.print(prefix); pw.print("encryptionRequested=");
1564                    pw.println(encryptionRequested);
1565            pw.print(prefix); pw.print("disableCamera=");
1566                    pw.println(disableCamera);
1567            pw.print(prefix); pw.print("disableCallerId=");
1568                    pw.println(disableCallerId);
1569            pw.print(prefix); pw.print("disableContactsSearch=");
1570                    pw.println(disableContactsSearch);
1571            pw.print(prefix); pw.print("disableBluetoothContactSharing=");
1572                    pw.println(disableBluetoothContactSharing);
1573            pw.print(prefix); pw.print("disableScreenCapture=");
1574                    pw.println(disableScreenCapture);
1575            pw.print(prefix); pw.print("requireAutoTime=");
1576                    pw.println(requireAutoTime);
1577            pw.print(prefix); pw.print("forceEphemeralUsers=");
1578                    pw.println(forceEphemeralUsers);
1579            pw.print(prefix); pw.print("isNetworkLoggingEnabled=");
1580                    pw.println(isNetworkLoggingEnabled);
1581            pw.print(prefix); pw.print("disabledKeyguardFeatures=");
1582                    pw.println(disabledKeyguardFeatures);
1583            pw.print(prefix); pw.print("crossProfileWidgetProviders=");
1584                    pw.println(crossProfileWidgetProviders);
1585            if (permittedAccessiblityServices != null) {
1586                pw.print(prefix); pw.print("permittedAccessibilityServices=");
1587                    pw.println(permittedAccessiblityServices);
1588            }
1589            if (permittedInputMethods != null) {
1590                pw.print(prefix); pw.print("permittedInputMethods=");
1591                    pw.println(permittedInputMethods);
1592            }
1593            if (permittedNotificationListeners != null) {
1594                pw.print(prefix); pw.print("permittedNotificationListeners=");
1595                pw.println(permittedNotificationListeners);
1596            }
1597            if (keepUninstalledPackages != null) {
1598                pw.print(prefix); pw.print("keepUninstalledPackages=");
1599                    pw.println(keepUninstalledPackages);
1600            }
1601            pw.print(prefix); pw.print("organizationColor=");
1602                    pw.println(organizationColor);
1603            if (organizationName != null) {
1604                pw.print(prefix); pw.print("organizationName=");
1605                    pw.println(organizationName);
1606            }
1607            pw.print(prefix); pw.println("userRestrictions:");
1608            UserRestrictionsUtils.dumpRestrictions(pw, prefix + "  ", userRestrictions);
1609            pw.print(prefix); pw.print("defaultEnabledRestrictionsAlreadySet=");
1610                    pw.println(defaultEnabledRestrictionsAlreadySet);
1611            pw.print(prefix); pw.print("isParent=");
1612                    pw.println(isParent);
1613            if (parentAdmin != null) {
1614                pw.print(prefix);  pw.println("parentAdmin:");
1615                parentAdmin.dump(prefix + "  ", pw);
1616            }
1617        }
1618    }
1619
1620    private void handlePackagesChanged(@Nullable String packageName, int userHandle) {
1621        boolean removedAdmin = false;
1622        if (VERBOSE_LOG) {
1623            Slog.d(LOG_TAG, "Handling package changes package " + packageName
1624                    + " for user " + userHandle);
1625        }
1626        DevicePolicyData policy = getUserData(userHandle);
1627        synchronized (this) {
1628            for (int i = policy.mAdminList.size() - 1; i >= 0; i--) {
1629                ActiveAdmin aa = policy.mAdminList.get(i);
1630                try {
1631                    // If we're checking all packages or if the specific one we're checking matches,
1632                    // then check if the package and receiver still exist.
1633                    final String adminPackage = aa.info.getPackageName();
1634                    if (packageName == null || packageName.equals(adminPackage)) {
1635                        if (mIPackageManager.getPackageInfo(adminPackage, 0, userHandle) == null
1636                                || mIPackageManager.getReceiverInfo(aa.info.getComponent(),
1637                                PackageManager.MATCH_DIRECT_BOOT_AWARE
1638                                        | PackageManager.MATCH_DIRECT_BOOT_UNAWARE,
1639                                userHandle) == null) {
1640                            removedAdmin = true;
1641                            policy.mAdminList.remove(i);
1642                            policy.mAdminMap.remove(aa.info.getComponent());
1643                            pushActiveAdminPackagesLocked(userHandle);
1644                        }
1645                    }
1646                } catch (RemoteException re) {
1647                    // Shouldn't happen.
1648                }
1649            }
1650            if (removedAdmin) {
1651                validatePasswordOwnerLocked(policy);
1652            }
1653
1654            boolean removedDelegate = false;
1655
1656            // Check if a delegate was removed.
1657            for (int i = policy.mDelegationMap.size() - 1; i >= 0; i--) {
1658                final String delegatePackage = policy.mDelegationMap.keyAt(i);
1659                if (isRemovedPackage(packageName, delegatePackage, userHandle)) {
1660                    policy.mDelegationMap.removeAt(i);
1661                    removedDelegate = true;
1662                }
1663            }
1664
1665            // If it's an owner package, we may need to refresh the bound connection.
1666            final ComponentName owner = getOwnerComponent(userHandle);
1667            if ((packageName != null) && (owner != null)
1668                    && (owner.getPackageName().equals(packageName))) {
1669                startOwnerService(userHandle, "package-broadcast");
1670            }
1671
1672            // Persist updates if the removed package was an admin or delegate.
1673            if (removedAdmin || removedDelegate) {
1674                saveSettingsLocked(policy.mUserHandle);
1675            }
1676        }
1677        if (removedAdmin) {
1678            // The removed admin might have disabled camera, so update user restrictions.
1679            pushUserRestrictions(userHandle);
1680        }
1681    }
1682
1683    private boolean isRemovedPackage(String changedPackage, String targetPackage, int userHandle) {
1684        try {
1685            return targetPackage != null
1686                    && (changedPackage == null || changedPackage.equals(targetPackage))
1687                    && mIPackageManager.getPackageInfo(targetPackage, 0, userHandle) == null;
1688        } catch (RemoteException e) {
1689            // Shouldn't happen
1690        }
1691
1692        return false;
1693    }
1694
1695    /**
1696     * Unit test will subclass it to inject mocks.
1697     */
1698    @VisibleForTesting
1699    static class Injector {
1700
1701        public final Context mContext;
1702
1703        Injector(Context context) {
1704            mContext = context;
1705        }
1706
1707        public boolean hasFeature() {
1708            return getPackageManager().hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN);
1709        }
1710
1711        Context createContextAsUser(UserHandle user) throws PackageManager.NameNotFoundException {
1712            final String packageName = mContext.getPackageName();
1713            return mContext.createPackageContextAsUser(packageName, 0, user);
1714        }
1715
1716        Resources getResources() {
1717            return mContext.getResources();
1718        }
1719
1720        Owners newOwners() {
1721            return new Owners(getUserManager(), getUserManagerInternal(),
1722                    getPackageManagerInternal());
1723        }
1724
1725        UserManager getUserManager() {
1726            return UserManager.get(mContext);
1727        }
1728
1729        UserManagerInternal getUserManagerInternal() {
1730            return LocalServices.getService(UserManagerInternal.class);
1731        }
1732
1733        PackageManagerInternal getPackageManagerInternal() {
1734            return LocalServices.getService(PackageManagerInternal.class);
1735        }
1736
1737        UsageStatsManagerInternal getUsageStatsManagerInternal() {
1738            return LocalServices.getService(UsageStatsManagerInternal.class);
1739        }
1740
1741        NotificationManager getNotificationManager() {
1742            return mContext.getSystemService(NotificationManager.class);
1743        }
1744
1745        IIpConnectivityMetrics getIIpConnectivityMetrics() {
1746            return (IIpConnectivityMetrics) IIpConnectivityMetrics.Stub.asInterface(
1747                ServiceManager.getService(IpConnectivityLog.SERVICE_NAME));
1748        }
1749
1750        PackageManager getPackageManager() {
1751            return mContext.getPackageManager();
1752        }
1753
1754        PowerManagerInternal getPowerManagerInternal() {
1755            return LocalServices.getService(PowerManagerInternal.class);
1756        }
1757
1758        TelephonyManager getTelephonyManager() {
1759            return TelephonyManager.from(mContext);
1760        }
1761
1762        TrustManager getTrustManager() {
1763            return (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);
1764        }
1765
1766        AlarmManager getAlarmManager() {
1767            return (AlarmManager) mContext.getSystemService(AlarmManager.class);
1768        }
1769
1770        IWindowManager getIWindowManager() {
1771            return IWindowManager.Stub
1772                    .asInterface(ServiceManager.getService(Context.WINDOW_SERVICE));
1773        }
1774
1775        IActivityManager getIActivityManager() {
1776            return ActivityManager.getService();
1777        }
1778
1779        ActivityManagerInternal getActivityManagerInternal() {
1780            return LocalServices.getService(ActivityManagerInternal.class);
1781        }
1782
1783        IPackageManager getIPackageManager() {
1784            return AppGlobals.getPackageManager();
1785        }
1786
1787        IBackupManager getIBackupManager() {
1788            return IBackupManager.Stub.asInterface(
1789                    ServiceManager.getService(Context.BACKUP_SERVICE));
1790        }
1791
1792        IAudioService getIAudioService() {
1793            return IAudioService.Stub.asInterface(ServiceManager.getService(Context.AUDIO_SERVICE));
1794        }
1795
1796        boolean isBuildDebuggable() {
1797            return Build.IS_DEBUGGABLE;
1798        }
1799
1800        LockPatternUtils newLockPatternUtils() {
1801            return new LockPatternUtils(mContext);
1802        }
1803
1804        PasswordBlacklist newPasswordBlacklist(File file) {
1805            return new PasswordBlacklist(file);
1806        }
1807
1808        boolean storageManagerIsFileBasedEncryptionEnabled() {
1809            return StorageManager.isFileEncryptedNativeOnly();
1810        }
1811
1812        boolean storageManagerIsNonDefaultBlockEncrypted() {
1813            long identity = Binder.clearCallingIdentity();
1814            try {
1815                return StorageManager.isNonDefaultBlockEncrypted();
1816            } finally {
1817                Binder.restoreCallingIdentity(identity);
1818            }
1819        }
1820
1821        boolean storageManagerIsEncrypted() {
1822            return StorageManager.isEncrypted();
1823        }
1824
1825        boolean storageManagerIsEncryptable() {
1826            return StorageManager.isEncryptable();
1827        }
1828
1829        Looper getMyLooper() {
1830            return Looper.myLooper();
1831        }
1832
1833        WifiManager getWifiManager() {
1834            return mContext.getSystemService(WifiManager.class);
1835        }
1836
1837        long binderClearCallingIdentity() {
1838            return Binder.clearCallingIdentity();
1839        }
1840
1841        void binderRestoreCallingIdentity(long token) {
1842            Binder.restoreCallingIdentity(token);
1843        }
1844
1845        int binderGetCallingUid() {
1846            return Binder.getCallingUid();
1847        }
1848
1849        int binderGetCallingPid() {
1850            return Binder.getCallingPid();
1851        }
1852
1853        UserHandle binderGetCallingUserHandle() {
1854            return Binder.getCallingUserHandle();
1855        }
1856
1857        boolean binderIsCallingUidMyUid() {
1858            return getCallingUid() == Process.myUid();
1859        }
1860
1861        void binderWithCleanCallingIdentity(@NonNull ThrowingRunnable action) {
1862             Binder.withCleanCallingIdentity(action);
1863        }
1864
1865        final int userHandleGetCallingUserId() {
1866            return UserHandle.getUserId(binderGetCallingUid());
1867        }
1868
1869        File environmentGetUserSystemDirectory(int userId) {
1870            return Environment.getUserSystemDirectory(userId);
1871        }
1872
1873        void powerManagerGoToSleep(long time, int reason, int flags) {
1874            mContext.getSystemService(PowerManager.class).goToSleep(time, reason, flags);
1875        }
1876
1877        void powerManagerReboot(String reason) {
1878            mContext.getSystemService(PowerManager.class).reboot(reason);
1879        }
1880
1881        void recoverySystemRebootWipeUserData(boolean shutdown, String reason, boolean force,
1882                boolean wipeEuicc) throws IOException {
1883            RecoverySystem.rebootWipeUserData(mContext, shutdown, reason, force, wipeEuicc);
1884        }
1885
1886        boolean systemPropertiesGetBoolean(String key, boolean def) {
1887            return SystemProperties.getBoolean(key, def);
1888        }
1889
1890        long systemPropertiesGetLong(String key, long def) {
1891            return SystemProperties.getLong(key, def);
1892        }
1893
1894        String systemPropertiesGet(String key, String def) {
1895            return SystemProperties.get(key, def);
1896        }
1897
1898        String systemPropertiesGet(String key) {
1899            return SystemProperties.get(key);
1900        }
1901
1902        void systemPropertiesSet(String key, String value) {
1903            SystemProperties.set(key, value);
1904        }
1905
1906        boolean userManagerIsSplitSystemUser() {
1907            return UserManager.isSplitSystemUser();
1908        }
1909
1910        String getDevicePolicyFilePathForSystemUser() {
1911            return "/data/system/";
1912        }
1913
1914        PendingIntent pendingIntentGetActivityAsUser(Context context, int requestCode,
1915                @NonNull Intent intent, int flags, Bundle options, UserHandle user) {
1916            return PendingIntent.getActivityAsUser(
1917                    context, requestCode, intent, flags, options, user);
1918        }
1919
1920        void registerContentObserver(Uri uri, boolean notifyForDescendents,
1921                ContentObserver observer, int userHandle) {
1922            mContext.getContentResolver().registerContentObserver(uri, notifyForDescendents,
1923                    observer, userHandle);
1924        }
1925
1926        int settingsSecureGetIntForUser(String name, int def, int userHandle) {
1927            return Settings.Secure.getIntForUser(mContext.getContentResolver(),
1928                    name, def, userHandle);
1929        }
1930
1931        String settingsSecureGetStringForUser(String name, int userHandle) {
1932            return Settings.Secure.getStringForUser(mContext.getContentResolver(), name,
1933                    userHandle);
1934        }
1935
1936        void settingsSecurePutIntForUser(String name, int value, int userHandle) {
1937            Settings.Secure.putIntForUser(mContext.getContentResolver(),
1938                    name, value, userHandle);
1939        }
1940
1941        void settingsSecurePutStringForUser(String name, String value, int userHandle) {
1942            Settings.Secure.putStringForUser(mContext.getContentResolver(),
1943                    name, value, userHandle);
1944        }
1945
1946        void settingsGlobalPutStringForUser(String name, String value, int userHandle) {
1947            Settings.Global.putStringForUser(mContext.getContentResolver(),
1948                    name, value, userHandle);
1949        }
1950
1951        void settingsSecurePutInt(String name, int value) {
1952            Settings.Secure.putInt(mContext.getContentResolver(), name, value);
1953        }
1954
1955        int settingsGlobalGetInt(String name, int def) {
1956            return Settings.Global.getInt(mContext.getContentResolver(), name, def);
1957        }
1958
1959        String settingsGlobalGetString(String name) {
1960            return Settings.Global.getString(mContext.getContentResolver(), name);
1961        }
1962
1963        void settingsGlobalPutInt(String name, int value) {
1964            Settings.Global.putInt(mContext.getContentResolver(), name, value);
1965        }
1966
1967        void settingsSecurePutString(String name, String value) {
1968            Settings.Secure.putString(mContext.getContentResolver(), name, value);
1969        }
1970
1971        void settingsGlobalPutString(String name, String value) {
1972            Settings.Global.putString(mContext.getContentResolver(), name, value);
1973        }
1974
1975        void settingsSystemPutString(String name, String value) {
1976            Settings.System.putString(mContext.getContentResolver(), name, value);
1977        }
1978
1979        void securityLogSetLoggingEnabledProperty(boolean enabled) {
1980            SecurityLog.setLoggingEnabledProperty(enabled);
1981        }
1982
1983        boolean securityLogGetLoggingEnabledProperty() {
1984            return SecurityLog.getLoggingEnabledProperty();
1985        }
1986
1987        boolean securityLogIsLoggingEnabled() {
1988            return SecurityLog.isLoggingEnabled();
1989        }
1990
1991        KeyChainConnection keyChainBindAsUser(UserHandle user) throws InterruptedException {
1992            return KeyChain.bindAsUser(mContext, user);
1993        }
1994    }
1995
1996    /**
1997     * Instantiates the service.
1998     */
1999    public DevicePolicyManagerService(Context context) {
2000        this(new Injector(context));
2001    }
2002
2003    @VisibleForTesting
2004    DevicePolicyManagerService(Injector injector) {
2005        mInjector = injector;
2006        mContext = Preconditions.checkNotNull(injector.mContext);
2007        mHandler = new Handler(Preconditions.checkNotNull(injector.getMyLooper()));
2008        mConstants = DevicePolicyConstants.loadFromString(
2009                mInjector.settingsGlobalGetString(Global.DEVICE_POLICY_CONSTANTS));
2010
2011        mOwners = Preconditions.checkNotNull(injector.newOwners());
2012
2013        mUserManager = Preconditions.checkNotNull(injector.getUserManager());
2014        mUserManagerInternal = Preconditions.checkNotNull(injector.getUserManagerInternal());
2015        mUsageStatsManagerInternal = Preconditions.checkNotNull(
2016                injector.getUsageStatsManagerInternal());
2017        mIPackageManager = Preconditions.checkNotNull(injector.getIPackageManager());
2018        mTelephonyManager = Preconditions.checkNotNull(injector.getTelephonyManager());
2019
2020        mLocalService = new LocalService();
2021        mLockPatternUtils = injector.newLockPatternUtils();
2022
2023        // TODO: why does SecurityLogMonitor need to be created even when mHasFeature == false?
2024        mSecurityLogMonitor = new SecurityLogMonitor(this);
2025
2026        mHasFeature = mInjector.hasFeature();
2027        mIsWatch = mInjector.getPackageManager()
2028                .hasSystemFeature(PackageManager.FEATURE_WATCH);
2029        mBackgroundHandler = BackgroundThread.getHandler();
2030
2031        // Needed when mHasFeature == false, because it controls the certificate warning text.
2032        mCertificateMonitor = new CertificateMonitor(this, mInjector, mBackgroundHandler);
2033
2034        mDeviceAdminServiceController = new DeviceAdminServiceController(this, mConstants);
2035
2036        mOverlayPackagesProvider = new OverlayPackagesProvider(mContext);
2037
2038        if (!mHasFeature) {
2039            // Skip the rest of the initialization
2040            return;
2041        }
2042
2043        IntentFilter filter = new IntentFilter();
2044        filter.addAction(Intent.ACTION_BOOT_COMPLETED);
2045        filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION);
2046        filter.addAction(Intent.ACTION_USER_ADDED);
2047        filter.addAction(Intent.ACTION_USER_REMOVED);
2048        filter.addAction(Intent.ACTION_USER_STARTED);
2049        filter.addAction(Intent.ACTION_USER_STOPPED);
2050        filter.addAction(Intent.ACTION_USER_SWITCHED);
2051        filter.addAction(Intent.ACTION_USER_UNLOCKED);
2052        filter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY);
2053        mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
2054        filter = new IntentFilter();
2055        filter.addAction(Intent.ACTION_PACKAGE_CHANGED);
2056        filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
2057        filter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE);
2058        filter.addAction(Intent.ACTION_PACKAGE_ADDED);
2059        filter.addDataScheme("package");
2060        mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
2061        filter = new IntentFilter();
2062        filter.addAction(Intent.ACTION_MANAGED_PROFILE_ADDED);
2063        mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
2064
2065        LocalServices.addService(DevicePolicyManagerInternal.class, mLocalService);
2066
2067        mSetupContentObserver = new SetupContentObserver(mHandler);
2068
2069        mUserManagerInternal.addUserRestrictionsListener(new RestrictionsListener(mContext));
2070    }
2071
2072    /**
2073     * Creates and loads the policy data from xml.
2074     * @param userHandle the user for whom to load the policy data
2075     * @return
2076     */
2077    @NonNull
2078    DevicePolicyData getUserData(int userHandle) {
2079        synchronized (this) {
2080            DevicePolicyData policy = mUserData.get(userHandle);
2081            if (policy == null) {
2082                policy = new DevicePolicyData(userHandle);
2083                mUserData.append(userHandle, policy);
2084                loadSettingsLocked(policy, userHandle);
2085            }
2086            return policy;
2087        }
2088    }
2089
2090    /**
2091     * Creates and loads the policy data from xml for data that is shared between
2092     * various profiles of a user. In contrast to {@link #getUserData(int)}
2093     * it allows access to data of users other than the calling user.
2094     *
2095     * This function should only be used for shared data, e.g. everything regarding
2096     * passwords and should be removed once multiple screen locks are present.
2097     * @param userHandle the user for whom to load the policy data
2098     * @return
2099     */
2100    DevicePolicyData getUserDataUnchecked(int userHandle) {
2101        long ident = mInjector.binderClearCallingIdentity();
2102        try {
2103            return getUserData(userHandle);
2104        } finally {
2105            mInjector.binderRestoreCallingIdentity(ident);
2106        }
2107    }
2108
2109    void removeUserData(int userHandle) {
2110        synchronized (this) {
2111            if (userHandle == UserHandle.USER_SYSTEM) {
2112                Slog.w(LOG_TAG, "Tried to remove device policy file for user 0! Ignoring.");
2113                return;
2114            }
2115            mOwners.removeProfileOwner(userHandle);
2116            mOwners.writeProfileOwner(userHandle);
2117
2118            DevicePolicyData policy = mUserData.get(userHandle);
2119            if (policy != null) {
2120                mUserData.remove(userHandle);
2121            }
2122            File policyFile = new File(mInjector.environmentGetUserSystemDirectory(userHandle),
2123                    DEVICE_POLICIES_XML);
2124            policyFile.delete();
2125            Slog.i(LOG_TAG, "Removed device policy file " + policyFile.getAbsolutePath());
2126        }
2127        updateScreenCaptureDisabledInWindowManager(userHandle, false /* default value */);
2128    }
2129
2130    void loadOwners() {
2131        synchronized (this) {
2132            mOwners.load();
2133            setDeviceOwnerSystemPropertyLocked();
2134            findOwnerComponentIfNecessaryLocked();
2135            migrateUserRestrictionsIfNecessaryLocked();
2136            maybeSetDefaultDeviceOwnerUserRestrictionsLocked();
2137
2138            // TODO PO may not have a class name either due to b/17652534.  Address that too.
2139
2140            updateDeviceOwnerLocked();
2141        }
2142    }
2143
2144    /** Apply default restrictions that haven't been applied to device owners yet. */
2145    private void maybeSetDefaultDeviceOwnerUserRestrictionsLocked() {
2146        final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
2147        if (deviceOwner != null) {
2148            maybeSetDefaultRestrictionsForAdminLocked(mOwners.getDeviceOwnerUserId(),
2149                    deviceOwner, UserRestrictionsUtils.getDefaultEnabledForDeviceOwner());
2150        }
2151    }
2152
2153    /** Apply default restrictions that haven't been applied to profile owners yet. */
2154    private void maybeSetDefaultProfileOwnerUserRestrictions() {
2155        synchronized (this) {
2156            for (final int userId : mOwners.getProfileOwnerKeys()) {
2157                final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
2158                // The following restrictions used to be applied to managed profiles by different
2159                // means (via Settings or by disabling components). Now they are proper user
2160                // restrictions so we apply them to managed profile owners. Non-managed secondary
2161                // users didn't have those restrictions so we skip them to keep existing behavior.
2162                if (profileOwner == null || !mUserManager.isManagedProfile(userId)) {
2163                    continue;
2164                }
2165                maybeSetDefaultRestrictionsForAdminLocked(userId, profileOwner,
2166                        UserRestrictionsUtils.getDefaultEnabledForManagedProfiles());
2167                ensureUnknownSourcesRestrictionForProfileOwnerLocked(
2168                        userId, profileOwner, false /* newOwner */);
2169            }
2170        }
2171    }
2172
2173    /**
2174     * Checks whether {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES} should be added to the
2175     * set of restrictions for this profile owner.
2176     */
2177    private void ensureUnknownSourcesRestrictionForProfileOwnerLocked(int userId,
2178            ActiveAdmin profileOwner, boolean newOwner) {
2179        if (newOwner || mInjector.settingsSecureGetIntForUser(
2180                Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId) != 0) {
2181            profileOwner.ensureUserRestrictions().putBoolean(
2182                    UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true);
2183            saveUserRestrictionsLocked(userId);
2184            mInjector.settingsSecurePutIntForUser(
2185                    Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId);
2186        }
2187    }
2188
2189    /**
2190     * Apply default restrictions that haven't been applied to a given admin yet.
2191     */
2192    private void maybeSetDefaultRestrictionsForAdminLocked(
2193            int userId, ActiveAdmin admin, Set<String> defaultRestrictions) {
2194        if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) {
2195            return; // The same set of default restrictions has been already applied.
2196        }
2197        Slog.i(LOG_TAG, "New user restrictions need to be set by default for user " + userId);
2198
2199        if (VERBOSE_LOG) {
2200            Slog.d(LOG_TAG,"Default enabled restrictions: "
2201                    + defaultRestrictions
2202                    + ". Restrictions already enabled: "
2203                    + admin.defaultEnabledRestrictionsAlreadySet);
2204        }
2205
2206        final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions);
2207        restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet);
2208        if (!restrictionsToSet.isEmpty()) {
2209            for (final String restriction : restrictionsToSet) {
2210                admin.ensureUserRestrictions().putBoolean(restriction, true);
2211            }
2212            admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet);
2213            Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet);
2214            saveUserRestrictionsLocked(userId);
2215        }
2216    }
2217
2218    private void setDeviceOwnerSystemPropertyLocked() {
2219        final boolean deviceProvisioned =
2220                mInjector.settingsGlobalGetInt(Settings.Global.DEVICE_PROVISIONED, 0) != 0;
2221        final boolean hasDeviceOwner = mOwners.hasDeviceOwner();
2222        // If the device is not provisioned and there is currently no device owner, do not set the
2223        // read-only system property yet, since Device owner may still be provisioned.
2224        if (!hasDeviceOwner && !deviceProvisioned) {
2225            return;
2226        }
2227        // Still at the first stage of CryptKeeper double bounce, mOwners.hasDeviceOwner is
2228        // always false at this point.
2229        if (StorageManager.inCryptKeeperBounce()) {
2230            return;
2231        }
2232
2233        if (!mInjector.systemPropertiesGet(PROPERTY_DEVICE_OWNER_PRESENT, "").isEmpty()) {
2234            Slog.w(LOG_TAG, "Trying to set ro.device_owner, but it has already been set?");
2235        } else {
2236            final String value = Boolean.toString(hasDeviceOwner);
2237            mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, value);
2238            Slog.i(LOG_TAG, "Set ro.device_owner property to " + value);
2239
2240            if (hasDeviceOwner && mInjector.securityLogGetLoggingEnabledProperty()) {
2241                mSecurityLogMonitor.start();
2242                maybePauseDeviceWideLoggingLocked();
2243            }
2244        }
2245    }
2246
2247    private void findOwnerComponentIfNecessaryLocked() {
2248        if (!mOwners.hasDeviceOwner()) {
2249            return;
2250        }
2251        final ComponentName doComponentName = mOwners.getDeviceOwnerComponent();
2252
2253        if (!TextUtils.isEmpty(doComponentName.getClassName())) {
2254            return; // Already a full component name.
2255        }
2256
2257        final ComponentName doComponent = findAdminComponentWithPackageLocked(
2258                doComponentName.getPackageName(),
2259                mOwners.getDeviceOwnerUserId());
2260        if (doComponent == null) {
2261            Slog.e(LOG_TAG, "Device-owner isn't registered as device-admin");
2262        } else {
2263            mOwners.setDeviceOwnerWithRestrictionsMigrated(
2264                    doComponent,
2265                    mOwners.getDeviceOwnerName(),
2266                    mOwners.getDeviceOwnerUserId(),
2267                    !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration());
2268            mOwners.writeDeviceOwner();
2269            if (VERBOSE_LOG) {
2270                Log.v(LOG_TAG, "Device owner component filled in");
2271            }
2272        }
2273    }
2274
2275    /**
2276     * We didn't use to persist user restrictions for each owners but only persisted in user
2277     * manager.
2278     */
2279    private void migrateUserRestrictionsIfNecessaryLocked() {
2280        boolean migrated = false;
2281        // Migrate for the DO.  Basically all restrictions should be considered to be set by DO,
2282        // except for the "system controlled" ones.
2283        if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) {
2284            if (VERBOSE_LOG) {
2285                Log.v(LOG_TAG, "Migrating DO user restrictions");
2286            }
2287            migrated = true;
2288
2289            // Migrate user 0 restrictions to DO.
2290            final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
2291
2292            migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin,
2293                    /* exceptionList =*/ null, /* isDeviceOwner =*/ true);
2294
2295            // Push DO user restrictions to user manager.
2296            pushUserRestrictions(UserHandle.USER_SYSTEM);
2297
2298            mOwners.setDeviceOwnerUserRestrictionsMigrated();
2299        }
2300
2301        // Migrate for POs.
2302
2303        // The following restrictions can be set on secondary users by the device owner, so we
2304        // assume they're not from the PO.
2305        final Set<String> secondaryUserExceptionList = Sets.newArraySet(
2306                UserManager.DISALLOW_OUTGOING_CALLS,
2307                UserManager.DISALLOW_SMS);
2308
2309        for (UserInfo ui : mUserManager.getUsers()) {
2310            final int userId = ui.id;
2311            if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) {
2312                if (VERBOSE_LOG) {
2313                    Log.v(LOG_TAG, "Migrating PO user restrictions for user " + userId);
2314                }
2315                migrated = true;
2316
2317                final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId);
2318
2319                final Set<String> exceptionList =
2320                        (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList;
2321
2322                migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin,
2323                        exceptionList, /* isDeviceOwner =*/ false);
2324
2325                // Note if a secondary user has no PO but has a DA that disables camera, we
2326                // don't get here and won't push the camera user restriction to UserManager
2327                // here.  That's okay because we'll push user restrictions anyway when a user
2328                // starts.  But we still do it because we want to let user manager persist
2329                // upon migration.
2330                pushUserRestrictions(userId);
2331
2332                mOwners.setProfileOwnerUserRestrictionsMigrated(userId);
2333            }
2334        }
2335        if (VERBOSE_LOG && migrated) {
2336            Log.v(LOG_TAG, "User restrictions migrated.");
2337        }
2338    }
2339
2340    private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin,
2341            Set<String> exceptionList, boolean isDeviceOwner) {
2342        final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions(
2343                user.getIdentifier());
2344
2345        final Bundle newBaseRestrictions = new Bundle();
2346        final Bundle newOwnerRestrictions = new Bundle();
2347
2348        for (String key : origRestrictions.keySet()) {
2349            if (!origRestrictions.getBoolean(key)) {
2350                continue;
2351            }
2352            final boolean canOwnerChange = isDeviceOwner
2353                    ? UserRestrictionsUtils.canDeviceOwnerChange(key)
2354                    : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier());
2355
2356            if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) {
2357                newBaseRestrictions.putBoolean(key, true);
2358            } else {
2359                newOwnerRestrictions.putBoolean(key, true);
2360            }
2361        }
2362
2363        if (VERBOSE_LOG) {
2364            Log.v(LOG_TAG, "origRestrictions=" + origRestrictions);
2365            Log.v(LOG_TAG, "newBaseRestrictions=" + newBaseRestrictions);
2366            Log.v(LOG_TAG, "newOwnerRestrictions=" + newOwnerRestrictions);
2367        }
2368        mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(),
2369                newBaseRestrictions);
2370
2371        if (admin != null) {
2372            admin.ensureUserRestrictions().clear();
2373            admin.ensureUserRestrictions().putAll(newOwnerRestrictions);
2374        } else {
2375            Slog.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier());
2376        }
2377        saveSettingsLocked(user.getIdentifier());
2378    }
2379
2380    private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) {
2381        final DevicePolicyData policy = getUserData(userId);
2382        final int n = policy.mAdminList.size();
2383        ComponentName found = null;
2384        int nFound = 0;
2385        for (int i = 0; i < n; i++) {
2386            final ActiveAdmin admin = policy.mAdminList.get(i);
2387            if (packageName.equals(admin.info.getPackageName())) {
2388                // Found!
2389                if (nFound == 0) {
2390                    found = admin.info.getComponent();
2391                }
2392                nFound++;
2393            }
2394        }
2395        if (nFound > 1) {
2396            Slog.w(LOG_TAG, "Multiple DA found; assume the first one is DO.");
2397        }
2398        return found;
2399    }
2400
2401    /**
2402     * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration
2403     * reminders.  Clears alarm if no expirations are configured.
2404     */
2405    private void setExpirationAlarmCheckLocked(Context context, int userHandle, boolean parent) {
2406        final long expiration = getPasswordExpirationLocked(null, userHandle, parent);
2407        final long now = System.currentTimeMillis();
2408        final long timeToExpire = expiration - now;
2409        final long alarmTime;
2410        if (expiration == 0) {
2411            // No expirations are currently configured:  Cancel alarm.
2412            alarmTime = 0;
2413        } else if (timeToExpire <= 0) {
2414            // The password has already expired:  Repeat every 24 hours.
2415            alarmTime = now + MS_PER_DAY;
2416        } else {
2417            // Selecting the next alarm time:  Roll forward to the next 24 hour multiple before
2418            // the expiration time.
2419            long alarmInterval = timeToExpire % MS_PER_DAY;
2420            if (alarmInterval == 0) {
2421                alarmInterval = MS_PER_DAY;
2422            }
2423            alarmTime = now + alarmInterval;
2424        }
2425
2426        long token = mInjector.binderClearCallingIdentity();
2427        try {
2428            int affectedUserHandle = parent ? getProfileParentId(userHandle) : userHandle;
2429            AlarmManager am = mInjector.getAlarmManager();
2430            PendingIntent pi = PendingIntent.getBroadcastAsUser(context, REQUEST_EXPIRE_PASSWORD,
2431                    new Intent(ACTION_EXPIRED_PASSWORD_NOTIFICATION),
2432                    PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_UPDATE_CURRENT,
2433                    UserHandle.of(affectedUserHandle));
2434            am.cancel(pi);
2435            if (alarmTime != 0) {
2436                am.set(AlarmManager.RTC, alarmTime, pi);
2437            }
2438        } finally {
2439            mInjector.binderRestoreCallingIdentity(token);
2440        }
2441    }
2442
2443    ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) {
2444        ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who);
2445        if (admin != null
2446                && who.getPackageName().equals(admin.info.getActivityInfo().packageName)
2447                && who.getClassName().equals(admin.info.getActivityInfo().name)) {
2448            return admin;
2449        }
2450        return null;
2451    }
2452
2453    ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle, boolean parent) {
2454        if (parent) {
2455            enforceManagedProfile(userHandle, "call APIs on the parent profile");
2456        }
2457        ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
2458        if (admin != null && parent) {
2459            admin = admin.getParentActiveAdmin();
2460        }
2461        return admin;
2462    }
2463
2464    ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy)
2465            throws SecurityException {
2466        final int callingUid = mInjector.binderGetCallingUid();
2467
2468        ActiveAdmin result = getActiveAdminWithPolicyForUidLocked(who, reqPolicy, callingUid);
2469        if (result != null) {
2470            return result;
2471        }
2472
2473        if (who != null) {
2474            final int userId = UserHandle.getUserId(callingUid);
2475            final DevicePolicyData policy = getUserData(userId);
2476            ActiveAdmin admin = policy.mAdminMap.get(who);
2477            if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) {
2478                throw new SecurityException("Admin " + admin.info.getComponent()
2479                         + " does not own the device");
2480            }
2481            if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) {
2482                throw new SecurityException("Admin " + admin.info.getComponent()
2483                        + " does not own the profile");
2484            }
2485            throw new SecurityException("Admin " + admin.info.getComponent()
2486                    + " did not specify uses-policy for: "
2487                    + admin.info.getTagForPolicy(reqPolicy));
2488        } else {
2489            throw new SecurityException("No active admin owned by uid "
2490                    + mInjector.binderGetCallingUid() + " for policy #" + reqPolicy);
2491        }
2492    }
2493
2494    ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy, boolean parent)
2495            throws SecurityException {
2496        if (parent) {
2497            enforceManagedProfile(mInjector.userHandleGetCallingUserId(),
2498                    "call APIs on the parent profile");
2499        }
2500        ActiveAdmin admin = getActiveAdminForCallerLocked(who, reqPolicy);
2501        return parent ? admin.getParentActiveAdmin() : admin;
2502    }
2503    /**
2504     * Find the admin for the component and userId bit of the uid, then check
2505     * the admin's uid matches the uid.
2506     */
2507    private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) {
2508        final int userId = UserHandle.getUserId(uid);
2509        final DevicePolicyData policy = getUserData(userId);
2510        ActiveAdmin admin = policy.mAdminMap.get(who);
2511        if (admin == null) {
2512            throw new SecurityException("No active admin " + who);
2513        }
2514        if (admin.getUid() != uid) {
2515            throw new SecurityException("Admin " + who + " is not owned by uid " + uid);
2516        }
2517        return admin;
2518    }
2519
2520    private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy,
2521            int uid) {
2522        // Try to find an admin which can use reqPolicy
2523        final int userId = UserHandle.getUserId(uid);
2524        final DevicePolicyData policy = getUserData(userId);
2525        if (who != null) {
2526            ActiveAdmin admin = policy.mAdminMap.get(who);
2527            if (admin == null) {
2528                throw new SecurityException("No active admin " + who);
2529            }
2530            if (admin.getUid() != uid) {
2531                throw new SecurityException("Admin " + who + " is not owned by uid " + uid);
2532            }
2533            if (isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, userId)) {
2534                return admin;
2535            }
2536        } else {
2537            for (ActiveAdmin admin : policy.mAdminList) {
2538                if (admin.getUid() == uid && isActiveAdminWithPolicyForUserLocked(admin, reqPolicy,
2539                        userId)) {
2540                    return admin;
2541                }
2542            }
2543        }
2544
2545        return null;
2546    }
2547
2548    @VisibleForTesting
2549    boolean isActiveAdminWithPolicyForUserLocked(ActiveAdmin admin, int reqPolicy,
2550            int userId) {
2551        final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userId);
2552        final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userId);
2553
2554        if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) {
2555            return ownsDevice;
2556        } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) {
2557            // DO always has the PO power.
2558            return ownsDevice || ownsProfile;
2559        } else {
2560            return admin.info.usesPolicy(reqPolicy);
2561        }
2562    }
2563
2564    void sendAdminCommandLocked(ActiveAdmin admin, String action) {
2565        sendAdminCommandLocked(admin, action, null);
2566    }
2567
2568    void sendAdminCommandLocked(ActiveAdmin admin, String action, BroadcastReceiver result) {
2569        sendAdminCommandLocked(admin, action, null, result);
2570    }
2571
2572    void sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras,
2573            BroadcastReceiver result) {
2574        sendAdminCommandLocked(admin, action, adminExtras, result, false);
2575    }
2576
2577    /**
2578     * Send an update to one specific admin, get notified when that admin returns a result.
2579     *
2580     * @return whether the broadcast was successfully sent
2581     */
2582    boolean sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras,
2583            BroadcastReceiver result, boolean inForeground) {
2584        Intent intent = new Intent(action);
2585        intent.setComponent(admin.info.getComponent());
2586        if (UserManager.isDeviceInDemoMode(mContext)) {
2587            intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
2588        }
2589        if (action.equals(DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING)) {
2590            intent.putExtra("expiration", admin.passwordExpirationDate);
2591        }
2592        if (inForeground) {
2593            intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
2594        }
2595        if (adminExtras != null) {
2596            intent.putExtras(adminExtras);
2597        }
2598        if (mInjector.getPackageManager().queryBroadcastReceiversAsUser(
2599                intent,
2600                PackageManager.MATCH_DEBUG_TRIAGED_MISSING,
2601                admin.getUserHandle()).isEmpty()) {
2602            return false;
2603        }
2604        if (result != null) {
2605            mContext.sendOrderedBroadcastAsUser(intent, admin.getUserHandle(),
2606                    null, result, mHandler, Activity.RESULT_OK, null, null);
2607        } else {
2608            mContext.sendBroadcastAsUser(intent, admin.getUserHandle());
2609        }
2610        return true;
2611    }
2612
2613    /**
2614     * Send an update to all admins of a user that enforce a specified policy.
2615     */
2616    void sendAdminCommandLocked(String action, int reqPolicy, int userHandle, Bundle adminExtras) {
2617        final DevicePolicyData policy = getUserData(userHandle);
2618        final int count = policy.mAdminList.size();
2619        for (int i = 0; i < count; i++) {
2620            final ActiveAdmin admin = policy.mAdminList.get(i);
2621            if (admin.info.usesPolicy(reqPolicy)) {
2622                sendAdminCommandLocked(admin, action, adminExtras, null);
2623            }
2624        }
2625    }
2626
2627    /**
2628     * Send an update intent to all admins of a user and its profiles. Only send to admins that
2629     * enforce a specified policy.
2630     */
2631    private void sendAdminCommandToSelfAndProfilesLocked(String action, int reqPolicy,
2632            int userHandle, Bundle adminExtras) {
2633        int[] profileIds = mUserManager.getProfileIdsWithDisabled(userHandle);
2634        for (int profileId : profileIds) {
2635            sendAdminCommandLocked(action, reqPolicy, profileId, adminExtras);
2636        }
2637    }
2638
2639    /**
2640     * Sends a broadcast to each profile that share the password unlock with the given user id.
2641     */
2642    private void sendAdminCommandForLockscreenPoliciesLocked(
2643            String action, int reqPolicy, int userHandle) {
2644        final Bundle extras = new Bundle();
2645        extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle));
2646        if (isSeparateProfileChallengeEnabled(userHandle)) {
2647            sendAdminCommandLocked(action, reqPolicy, userHandle, extras);
2648        } else {
2649            sendAdminCommandToSelfAndProfilesLocked(action, reqPolicy, userHandle, extras);
2650        }
2651    }
2652
2653    void removeActiveAdminLocked(final ComponentName adminReceiver, final int userHandle) {
2654        final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
2655        DevicePolicyData policy = getUserData(userHandle);
2656        if (admin != null && !policy.mRemovingAdmins.contains(adminReceiver)) {
2657            policy.mRemovingAdmins.add(adminReceiver);
2658            sendAdminCommandLocked(admin,
2659                    DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED,
2660                    new BroadcastReceiver() {
2661                        @Override
2662                        public void onReceive(Context context, Intent intent) {
2663                            removeAdminArtifacts(adminReceiver, userHandle);
2664                            removePackageIfRequired(adminReceiver.getPackageName(), userHandle);
2665                        }
2666                    });
2667        }
2668    }
2669
2670
2671    public DeviceAdminInfo findAdmin(ComponentName adminName, int userHandle,
2672            boolean throwForMissingPermission) {
2673        if (!mHasFeature) {
2674            return null;
2675        }
2676        enforceFullCrossUsersPermission(userHandle);
2677        ActivityInfo ai = null;
2678        try {
2679            ai = mIPackageManager.getReceiverInfo(adminName,
2680                    PackageManager.GET_META_DATA |
2681                    PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS |
2682                    PackageManager.MATCH_DIRECT_BOOT_AWARE |
2683                    PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle);
2684        } catch (RemoteException e) {
2685            // shouldn't happen.
2686        }
2687        if (ai == null) {
2688            throw new IllegalArgumentException("Unknown admin: " + adminName);
2689        }
2690
2691        if (!permission.BIND_DEVICE_ADMIN.equals(ai.permission)) {
2692            final String message = "DeviceAdminReceiver " + adminName + " must be protected with "
2693                    + permission.BIND_DEVICE_ADMIN;
2694            Slog.w(LOG_TAG, message);
2695            if (throwForMissingPermission &&
2696                    ai.applicationInfo.targetSdkVersion > Build.VERSION_CODES.M) {
2697                throw new IllegalArgumentException(message);
2698            }
2699        }
2700
2701        try {
2702            return new DeviceAdminInfo(mContext, ai);
2703        } catch (XmlPullParserException | IOException e) {
2704            Slog.w(LOG_TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName,
2705                    e);
2706            return null;
2707        }
2708    }
2709
2710    private File getPolicyFileDirectory(@UserIdInt int userId) {
2711        return userId == UserHandle.USER_SYSTEM
2712                ? new File(mInjector.getDevicePolicyFilePathForSystemUser())
2713                : mInjector.environmentGetUserSystemDirectory(userId);
2714    }
2715
2716    private JournaledFile makeJournaledFile(@UserIdInt int userId) {
2717        final String base = new File(getPolicyFileDirectory(userId), DEVICE_POLICIES_XML)
2718                .getAbsolutePath();
2719        if (VERBOSE_LOG) {
2720            Log.v(LOG_TAG, "Opening " + base);
2721        }
2722        return new JournaledFile(new File(base), new File(base + ".tmp"));
2723    }
2724
2725    private void saveSettingsLocked(int userHandle) {
2726        DevicePolicyData policy = getUserData(userHandle);
2727        JournaledFile journal = makeJournaledFile(userHandle);
2728        FileOutputStream stream = null;
2729        try {
2730            stream = new FileOutputStream(journal.chooseForWrite(), false);
2731            XmlSerializer out = new FastXmlSerializer();
2732            out.setOutput(stream, StandardCharsets.UTF_8.name());
2733            out.startDocument(null, true);
2734
2735            out.startTag(null, "policies");
2736            if (policy.mRestrictionsProvider != null) {
2737                out.attribute(null, ATTR_PERMISSION_PROVIDER,
2738                        policy.mRestrictionsProvider.flattenToString());
2739            }
2740            if (policy.mUserSetupComplete) {
2741                out.attribute(null, ATTR_SETUP_COMPLETE,
2742                        Boolean.toString(true));
2743            }
2744            if (policy.mPaired) {
2745                out.attribute(null, ATTR_DEVICE_PAIRED,
2746                        Boolean.toString(true));
2747            }
2748            if (policy.mDeviceProvisioningConfigApplied) {
2749                out.attribute(null, ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED,
2750                        Boolean.toString(true));
2751            }
2752            if (policy.mUserProvisioningState != DevicePolicyManager.STATE_USER_UNMANAGED) {
2753                out.attribute(null, ATTR_PROVISIONING_STATE,
2754                        Integer.toString(policy.mUserProvisioningState));
2755            }
2756            if (policy.mPermissionPolicy != DevicePolicyManager.PERMISSION_POLICY_PROMPT) {
2757                out.attribute(null, ATTR_PERMISSION_POLICY,
2758                        Integer.toString(policy.mPermissionPolicy));
2759            }
2760
2761            // Serialize delegations.
2762            for (int i = 0; i < policy.mDelegationMap.size(); ++i) {
2763                final String delegatePackage = policy.mDelegationMap.keyAt(i);
2764                final List<String> scopes = policy.mDelegationMap.valueAt(i);
2765
2766                // Every "delegation" tag serializes the information of one delegate-scope pair.
2767                for (String scope : scopes) {
2768                    out.startTag(null, "delegation");
2769                    out.attribute(null, "delegatePackage", delegatePackage);
2770                    out.attribute(null, "scope", scope);
2771                    out.endTag(null, "delegation");
2772                }
2773            }
2774
2775            final int N = policy.mAdminList.size();
2776            for (int i=0; i<N; i++) {
2777                ActiveAdmin ap = policy.mAdminList.get(i);
2778                if (ap != null) {
2779                    out.startTag(null, "admin");
2780                    out.attribute(null, "name", ap.info.getComponent().flattenToString());
2781                    ap.writeToXml(out);
2782                    out.endTag(null, "admin");
2783                }
2784            }
2785
2786            if (policy.mPasswordOwner >= 0) {
2787                out.startTag(null, "password-owner");
2788                out.attribute(null, "value", Integer.toString(policy.mPasswordOwner));
2789                out.endTag(null, "password-owner");
2790            }
2791
2792            if (policy.mFailedPasswordAttempts != 0) {
2793                out.startTag(null, "failed-password-attempts");
2794                out.attribute(null, "value", Integer.toString(policy.mFailedPasswordAttempts));
2795                out.endTag(null, "failed-password-attempts");
2796            }
2797
2798            // For FDE devices only, we save this flag so we can report on password sufficiency
2799            // before the user enters their password for the first time after a reboot.  For
2800            // security reasons, we don't want to store the full set of active password metrics.
2801            if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
2802                out.startTag(null, TAG_PASSWORD_VALIDITY);
2803                out.attribute(null, ATTR_VALUE,
2804                        Boolean.toString(policy.mPasswordValidAtLastCheckpoint));
2805                out.endTag(null, TAG_PASSWORD_VALIDITY);
2806            }
2807
2808            for (int i = 0; i < policy.mAcceptedCaCertificates.size(); i++) {
2809                out.startTag(null, TAG_ACCEPTED_CA_CERTIFICATES);
2810                out.attribute(null, ATTR_NAME, policy.mAcceptedCaCertificates.valueAt(i));
2811                out.endTag(null, TAG_ACCEPTED_CA_CERTIFICATES);
2812            }
2813
2814            for (int i=0; i<policy.mLockTaskPackages.size(); i++) {
2815                String component = policy.mLockTaskPackages.get(i);
2816                out.startTag(null, TAG_LOCK_TASK_COMPONENTS);
2817                out.attribute(null, "name", component);
2818                out.endTag(null, TAG_LOCK_TASK_COMPONENTS);
2819            }
2820
2821            if (policy.mLockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE) {
2822                out.startTag(null, TAG_LOCK_TASK_FEATURES);
2823                out.attribute(null, ATTR_VALUE, Integer.toString(policy.mLockTaskFeatures));
2824                out.endTag(null, TAG_LOCK_TASK_FEATURES);
2825            }
2826
2827            if (policy.mStatusBarDisabled) {
2828                out.startTag(null, TAG_STATUS_BAR);
2829                out.attribute(null, ATTR_DISABLED, Boolean.toString(policy.mStatusBarDisabled));
2830                out.endTag(null, TAG_STATUS_BAR);
2831            }
2832
2833            if (policy.doNotAskCredentialsOnBoot) {
2834                out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
2835                out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
2836            }
2837
2838            for (String id : policy.mAffiliationIds) {
2839                out.startTag(null, TAG_AFFILIATION_ID);
2840                out.attribute(null, ATTR_ID, id);
2841                out.endTag(null, TAG_AFFILIATION_ID);
2842            }
2843
2844            if (policy.mLastSecurityLogRetrievalTime >= 0) {
2845                out.startTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL);
2846                out.attribute(null, ATTR_VALUE,
2847                        Long.toString(policy.mLastSecurityLogRetrievalTime));
2848                out.endTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL);
2849            }
2850
2851            if (policy.mLastBugReportRequestTime >= 0) {
2852                out.startTag(null, TAG_LAST_BUG_REPORT_REQUEST);
2853                out.attribute(null, ATTR_VALUE,
2854                        Long.toString(policy.mLastBugReportRequestTime));
2855                out.endTag(null, TAG_LAST_BUG_REPORT_REQUEST);
2856            }
2857
2858            if (policy.mLastNetworkLogsRetrievalTime >= 0) {
2859                out.startTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL);
2860                out.attribute(null, ATTR_VALUE,
2861                        Long.toString(policy.mLastNetworkLogsRetrievalTime));
2862                out.endTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL);
2863            }
2864
2865            if (policy.mAdminBroadcastPending) {
2866                out.startTag(null, TAG_ADMIN_BROADCAST_PENDING);
2867                out.attribute(null, ATTR_VALUE,
2868                        Boolean.toString(policy.mAdminBroadcastPending));
2869                out.endTag(null, TAG_ADMIN_BROADCAST_PENDING);
2870            }
2871
2872            if (policy.mInitBundle != null) {
2873                out.startTag(null, TAG_INITIALIZATION_BUNDLE);
2874                policy.mInitBundle.saveToXml(out);
2875                out.endTag(null, TAG_INITIALIZATION_BUNDLE);
2876            }
2877
2878            if (policy.mPasswordTokenHandle != 0) {
2879                out.startTag(null, TAG_PASSWORD_TOKEN_HANDLE);
2880                out.attribute(null, ATTR_VALUE,
2881                        Long.toString(policy.mPasswordTokenHandle));
2882                out.endTag(null, TAG_PASSWORD_TOKEN_HANDLE);
2883            }
2884
2885            if (policy.mCurrentInputMethodSet) {
2886                out.startTag(null, TAG_CURRENT_INPUT_METHOD_SET);
2887                out.endTag(null, TAG_CURRENT_INPUT_METHOD_SET);
2888            }
2889
2890            for (final String cert : policy.mOwnerInstalledCaCerts) {
2891                out.startTag(null, TAG_OWNER_INSTALLED_CA_CERT);
2892                out.attribute(null, ATTR_ALIAS, cert);
2893                out.endTag(null, TAG_OWNER_INSTALLED_CA_CERT);
2894            }
2895
2896            out.endTag(null, "policies");
2897
2898            out.endDocument();
2899            stream.flush();
2900            FileUtils.sync(stream);
2901            stream.close();
2902            journal.commit();
2903            sendChangedNotification(userHandle);
2904        } catch (XmlPullParserException | IOException e) {
2905            Slog.w(LOG_TAG, "failed writing file", e);
2906            try {
2907                if (stream != null) {
2908                    stream.close();
2909                }
2910            } catch (IOException ex) {
2911                // Ignore
2912            }
2913            journal.rollback();
2914        }
2915    }
2916
2917    private void sendChangedNotification(int userHandle) {
2918        Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);
2919        intent.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
2920        long ident = mInjector.binderClearCallingIdentity();
2921        try {
2922            mContext.sendBroadcastAsUser(intent, new UserHandle(userHandle));
2923        } finally {
2924            mInjector.binderRestoreCallingIdentity(ident);
2925        }
2926    }
2927
2928    private void loadSettingsLocked(DevicePolicyData policy, int userHandle) {
2929        JournaledFile journal = makeJournaledFile(userHandle);
2930        FileInputStream stream = null;
2931        File file = journal.chooseForRead();
2932        boolean needsRewrite = false;
2933        try {
2934            stream = new FileInputStream(file);
2935            XmlPullParser parser = Xml.newPullParser();
2936            parser.setInput(stream, StandardCharsets.UTF_8.name());
2937
2938            int type;
2939            while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
2940                    && type != XmlPullParser.START_TAG) {
2941            }
2942            String tag = parser.getName();
2943            if (!"policies".equals(tag)) {
2944                throw new XmlPullParserException(
2945                        "Settings do not start with policies tag: found " + tag);
2946            }
2947
2948            // Extract the permission provider component name if available
2949            String permissionProvider = parser.getAttributeValue(null, ATTR_PERMISSION_PROVIDER);
2950            if (permissionProvider != null) {
2951                policy.mRestrictionsProvider = ComponentName.unflattenFromString(permissionProvider);
2952            }
2953            String userSetupComplete = parser.getAttributeValue(null, ATTR_SETUP_COMPLETE);
2954            if (userSetupComplete != null && Boolean.toString(true).equals(userSetupComplete)) {
2955                policy.mUserSetupComplete = true;
2956            }
2957            String paired = parser.getAttributeValue(null, ATTR_DEVICE_PAIRED);
2958            if (paired != null && Boolean.toString(true).equals(paired)) {
2959                policy.mPaired = true;
2960            }
2961            String deviceProvisioningConfigApplied = parser.getAttributeValue(null,
2962                    ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED);
2963            if (deviceProvisioningConfigApplied != null
2964                    && Boolean.toString(true).equals(deviceProvisioningConfigApplied)) {
2965                policy.mDeviceProvisioningConfigApplied = true;
2966            }
2967            String provisioningState = parser.getAttributeValue(null, ATTR_PROVISIONING_STATE);
2968            if (!TextUtils.isEmpty(provisioningState)) {
2969                policy.mUserProvisioningState = Integer.parseInt(provisioningState);
2970            }
2971            String permissionPolicy = parser.getAttributeValue(null, ATTR_PERMISSION_POLICY);
2972            if (!TextUtils.isEmpty(permissionPolicy)) {
2973                policy.mPermissionPolicy = Integer.parseInt(permissionPolicy);
2974            }
2975            // Check for delegation compatibility with pre-O.
2976            // TODO(edmanp) remove in P.
2977            {
2978                final String certDelegate = parser.getAttributeValue(null,
2979                        ATTR_DELEGATED_CERT_INSTALLER);
2980                if (certDelegate != null) {
2981                    List<String> scopes = policy.mDelegationMap.get(certDelegate);
2982                    if (scopes == null) {
2983                        scopes = new ArrayList<>();
2984                        policy.mDelegationMap.put(certDelegate, scopes);
2985                    }
2986                    if (!scopes.contains(DELEGATION_CERT_INSTALL)) {
2987                        scopes.add(DELEGATION_CERT_INSTALL);
2988                        needsRewrite = true;
2989                    }
2990                }
2991                final String appRestrictionsDelegate = parser.getAttributeValue(null,
2992                        ATTR_APPLICATION_RESTRICTIONS_MANAGER);
2993                if (appRestrictionsDelegate != null) {
2994                    List<String> scopes = policy.mDelegationMap.get(appRestrictionsDelegate);
2995                    if (scopes == null) {
2996                        scopes = new ArrayList<>();
2997                        policy.mDelegationMap.put(appRestrictionsDelegate, scopes);
2998                    }
2999                    if (!scopes.contains(DELEGATION_APP_RESTRICTIONS)) {
3000                        scopes.add(DELEGATION_APP_RESTRICTIONS);
3001                        needsRewrite = true;
3002                    }
3003                }
3004            }
3005
3006            type = parser.next();
3007            int outerDepth = parser.getDepth();
3008            policy.mLockTaskPackages.clear();
3009            policy.mAdminList.clear();
3010            policy.mAdminMap.clear();
3011            policy.mAffiliationIds.clear();
3012            policy.mOwnerInstalledCaCerts.clear();
3013            while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
3014                   && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
3015                if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
3016                    continue;
3017                }
3018                tag = parser.getName();
3019                if ("admin".equals(tag)) {
3020                    String name = parser.getAttributeValue(null, "name");
3021                    try {
3022                        DeviceAdminInfo dai = findAdmin(
3023                                ComponentName.unflattenFromString(name), userHandle,
3024                                /* throwForMissingPermission= */ false);
3025                        if (VERBOSE_LOG
3026                                && (UserHandle.getUserId(dai.getActivityInfo().applicationInfo.uid)
3027                                != userHandle)) {
3028                            Slog.w(LOG_TAG, "findAdmin returned an incorrect uid "
3029                                    + dai.getActivityInfo().applicationInfo.uid + " for user "
3030                                    + userHandle);
3031                        }
3032                        if (dai != null) {
3033                            ActiveAdmin ap = new ActiveAdmin(dai, /* parent */ false);
3034                            ap.readFromXml(parser);
3035                            policy.mAdminMap.put(ap.info.getComponent(), ap);
3036                        }
3037                    } catch (RuntimeException e) {
3038                        Slog.w(LOG_TAG, "Failed loading admin " + name, e);
3039                    }
3040                } else if ("delegation".equals(tag)) {
3041                    // Parse delegation info.
3042                    final String delegatePackage = parser.getAttributeValue(null,
3043                            "delegatePackage");
3044                    final String scope = parser.getAttributeValue(null, "scope");
3045
3046                    // Get a reference to the scopes list for the delegatePackage.
3047                    List<String> scopes = policy.mDelegationMap.get(delegatePackage);
3048                    // Or make a new list if none was found.
3049                    if (scopes == null) {
3050                        scopes = new ArrayList<>();
3051                        policy.mDelegationMap.put(delegatePackage, scopes);
3052                    }
3053                    // Add the new scope to the list of delegatePackage if it's not already there.
3054                    if (!scopes.contains(scope)) {
3055                        scopes.add(scope);
3056                    }
3057                } else if ("failed-password-attempts".equals(tag)) {
3058                    policy.mFailedPasswordAttempts = Integer.parseInt(
3059                            parser.getAttributeValue(null, "value"));
3060                } else if ("password-owner".equals(tag)) {
3061                    policy.mPasswordOwner = Integer.parseInt(
3062                            parser.getAttributeValue(null, "value"));
3063                } else if (TAG_ACCEPTED_CA_CERTIFICATES.equals(tag)) {
3064                    policy.mAcceptedCaCertificates.add(parser.getAttributeValue(null, ATTR_NAME));
3065                } else if (TAG_LOCK_TASK_COMPONENTS.equals(tag)) {
3066                    policy.mLockTaskPackages.add(parser.getAttributeValue(null, "name"));
3067                } else if (TAG_LOCK_TASK_FEATURES.equals(tag)) {
3068                    policy.mLockTaskFeatures = Integer.parseInt(
3069                            parser.getAttributeValue(null, ATTR_VALUE));
3070                } else if (TAG_STATUS_BAR.equals(tag)) {
3071                    policy.mStatusBarDisabled = Boolean.parseBoolean(
3072                            parser.getAttributeValue(null, ATTR_DISABLED));
3073                } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) {
3074                    policy.doNotAskCredentialsOnBoot = true;
3075                } else if (TAG_AFFILIATION_ID.equals(tag)) {
3076                    policy.mAffiliationIds.add(parser.getAttributeValue(null, ATTR_ID));
3077                } else if (TAG_LAST_SECURITY_LOG_RETRIEVAL.equals(tag)) {
3078                    policy.mLastSecurityLogRetrievalTime = Long.parseLong(
3079                            parser.getAttributeValue(null, ATTR_VALUE));
3080                } else if (TAG_LAST_BUG_REPORT_REQUEST.equals(tag)) {
3081                    policy.mLastBugReportRequestTime = Long.parseLong(
3082                            parser.getAttributeValue(null, ATTR_VALUE));
3083                } else if (TAG_LAST_NETWORK_LOG_RETRIEVAL.equals(tag)) {
3084                    policy.mLastNetworkLogsRetrievalTime = Long.parseLong(
3085                            parser.getAttributeValue(null, ATTR_VALUE));
3086                } else if (TAG_ADMIN_BROADCAST_PENDING.equals(tag)) {
3087                    String pending = parser.getAttributeValue(null, ATTR_VALUE);
3088                    policy.mAdminBroadcastPending = Boolean.toString(true).equals(pending);
3089                } else if (TAG_INITIALIZATION_BUNDLE.equals(tag)) {
3090                    policy.mInitBundle = PersistableBundle.restoreFromXml(parser);
3091                } else if ("active-password".equals(tag)) {
3092                    // Remove password metrics from saved settings, as we no longer wish to store
3093                    // these on disk
3094                    needsRewrite = true;
3095                } else if (TAG_PASSWORD_VALIDITY.equals(tag)) {
3096                    if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
3097                        // This flag is only used for FDE devices
3098                        policy.mPasswordValidAtLastCheckpoint = Boolean.parseBoolean(
3099                                parser.getAttributeValue(null, ATTR_VALUE));
3100                    }
3101                } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) {
3102                    policy.mPasswordTokenHandle = Long.parseLong(
3103                            parser.getAttributeValue(null, ATTR_VALUE));
3104                } else if (TAG_CURRENT_INPUT_METHOD_SET.equals(tag)) {
3105                    policy.mCurrentInputMethodSet = true;
3106                } else if (TAG_OWNER_INSTALLED_CA_CERT.equals(tag)) {
3107                    policy.mOwnerInstalledCaCerts.add(parser.getAttributeValue(null, ATTR_ALIAS));
3108                } else {
3109                    Slog.w(LOG_TAG, "Unknown tag: " + tag);
3110                    XmlUtils.skipCurrentTag(parser);
3111                }
3112            }
3113        } catch (FileNotFoundException e) {
3114            // Don't be noisy, this is normal if we haven't defined any policies.
3115        } catch (NullPointerException | NumberFormatException | XmlPullParserException | IOException
3116                | IndexOutOfBoundsException e) {
3117            Slog.w(LOG_TAG, "failed parsing " + file, e);
3118        }
3119        try {
3120            if (stream != null) {
3121                stream.close();
3122            }
3123        } catch (IOException e) {
3124            // Ignore
3125        }
3126
3127        // Generate a list of admins from the admin map
3128        policy.mAdminList.addAll(policy.mAdminMap.values());
3129
3130        // Might need to upgrade the file by rewriting it
3131        if (needsRewrite) {
3132            saveSettingsLocked(userHandle);
3133        }
3134
3135        validatePasswordOwnerLocked(policy);
3136        updateMaximumTimeToLockLocked(userHandle);
3137        updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle);
3138        updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle);
3139        if (policy.mStatusBarDisabled) {
3140            setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle);
3141        }
3142    }
3143
3144    private void updateLockTaskPackagesLocked(List<String> packages, int userId) {
3145        long ident = mInjector.binderClearCallingIdentity();
3146        try {
3147            mInjector.getIActivityManager()
3148                    .updateLockTaskPackages(userId, packages.toArray(new String[packages.size()]));
3149        } catch (RemoteException e) {
3150            // Not gonna happen.
3151        } finally {
3152            mInjector.binderRestoreCallingIdentity(ident);
3153        }
3154    }
3155
3156    private void updateLockTaskFeaturesLocked(int flags, int userId) {
3157        long ident = mInjector.binderClearCallingIdentity();
3158        try {
3159            mInjector.getIActivityManager()
3160                    .updateLockTaskFeatures(userId, flags);
3161        } catch (RemoteException e) {
3162            // Not gonna happen.
3163        } finally {
3164            mInjector.binderRestoreCallingIdentity(ident);
3165        }
3166    }
3167
3168    private void updateDeviceOwnerLocked() {
3169        long ident = mInjector.binderClearCallingIdentity();
3170        try {
3171            // TODO This is to prevent DO from getting "clear data"ed, but it should also check the
3172            // user id and also protect all other DAs too.
3173            final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
3174            if (deviceOwnerComponent != null) {
3175                mInjector.getIActivityManager()
3176                        .updateDeviceOwner(deviceOwnerComponent.getPackageName());
3177            }
3178        } catch (RemoteException e) {
3179            // Not gonna happen.
3180        } finally {
3181            mInjector.binderRestoreCallingIdentity(ident);
3182        }
3183    }
3184
3185    static void validateQualityConstant(int quality) {
3186        switch (quality) {
3187            case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED:
3188            case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK:
3189            case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
3190            case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
3191            case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
3192            case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC:
3193            case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
3194            case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
3195            case DevicePolicyManager.PASSWORD_QUALITY_MANAGED:
3196                return;
3197        }
3198        throw new IllegalArgumentException("Invalid quality constant: 0x"
3199                + Integer.toHexString(quality));
3200    }
3201
3202    void validatePasswordOwnerLocked(DevicePolicyData policy) {
3203        if (policy.mPasswordOwner >= 0) {
3204            boolean haveOwner = false;
3205            for (int i = policy.mAdminList.size() - 1; i >= 0; i--) {
3206                if (policy.mAdminList.get(i).getUid() == policy.mPasswordOwner) {
3207                    haveOwner = true;
3208                    break;
3209                }
3210            }
3211            if (!haveOwner) {
3212                Slog.w(LOG_TAG, "Previous password owner " + policy.mPasswordOwner
3213                        + " no longer active; disabling");
3214                policy.mPasswordOwner = -1;
3215            }
3216        }
3217    }
3218
3219    @VisibleForTesting
3220    @Override
3221    void systemReady(int phase) {
3222        if (!mHasFeature) {
3223            return;
3224        }
3225        switch (phase) {
3226            case SystemService.PHASE_LOCK_SETTINGS_READY:
3227                onLockSettingsReady();
3228                break;
3229            case SystemService.PHASE_BOOT_COMPLETED:
3230                ensureDeviceOwnerUserStarted(); // TODO Consider better place to do this.
3231                break;
3232        }
3233    }
3234
3235    private void onLockSettingsReady() {
3236        getUserData(UserHandle.USER_SYSTEM);
3237        loadOwners();
3238        cleanUpOldUsers();
3239        maybeSetDefaultProfileOwnerUserRestrictions();
3240        handleStartUser(UserHandle.USER_SYSTEM);
3241
3242        // Register an observer for watching for user setup complete and settings changes.
3243        mSetupContentObserver.register();
3244        // Initialize the user setup state, to handle the upgrade case.
3245        updateUserSetupCompleteAndPaired();
3246
3247        List<String> packageList;
3248        synchronized (this) {
3249            packageList = getKeepUninstalledPackagesLocked();
3250        }
3251        if (packageList != null) {
3252            mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList);
3253        }
3254
3255        synchronized (this) {
3256            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
3257            if (deviceOwner != null) {
3258                // Push the force-ephemeral-users policy to the user manager.
3259                mUserManagerInternal.setForceEphemeralUsers(deviceOwner.forceEphemeralUsers);
3260
3261                // Update user switcher message to activity manager.
3262                ActivityManagerInternal activityManagerInternal =
3263                        mInjector.getActivityManagerInternal();
3264                activityManagerInternal.setSwitchingFromSystemUserMessage(
3265                        deviceOwner.startUserSessionMessage);
3266                activityManagerInternal.setSwitchingToSystemUserMessage(
3267                        deviceOwner.endUserSessionMessage);
3268            }
3269        }
3270    }
3271
3272    private void ensureDeviceOwnerUserStarted() {
3273        final int userId;
3274        synchronized (this) {
3275            if (!mOwners.hasDeviceOwner()) {
3276                return;
3277            }
3278            userId = mOwners.getDeviceOwnerUserId();
3279        }
3280        if (VERBOSE_LOG) {
3281            Log.v(LOG_TAG, "Starting non-system DO user: " + userId);
3282        }
3283        if (userId != UserHandle.USER_SYSTEM) {
3284            try {
3285                mInjector.getIActivityManager().startUserInBackground(userId);
3286
3287                // STOPSHIP Prevent the DO user from being killed.
3288
3289            } catch (RemoteException e) {
3290                Slog.w(LOG_TAG, "Exception starting user", e);
3291            }
3292        }
3293    }
3294
3295    @Override
3296    void handleStart() {
3297        pushActiveAdminPackages();
3298    }
3299
3300    @Override
3301    void handleStartUser(int userId) {
3302        updateScreenCaptureDisabledInWindowManager(userId,
3303                getScreenCaptureDisabled(null, userId));
3304        pushUserRestrictions(userId);
3305
3306        startOwnerService(userId, "start-user");
3307    }
3308
3309    @Override
3310    void handleUnlockUser(int userId) {
3311        startOwnerService(userId, "unlock-user");
3312    }
3313
3314    @Override
3315    void handleStopUser(int userId) {
3316        stopOwnerService(userId, "stop-user");
3317    }
3318
3319    private void startOwnerService(int userId, String actionForLog) {
3320        final ComponentName owner = getOwnerComponent(userId);
3321        if (owner != null) {
3322            mDeviceAdminServiceController.startServiceForOwner(
3323                    owner.getPackageName(), userId, actionForLog);
3324        }
3325    }
3326
3327    private void stopOwnerService(int userId, String actionForLog) {
3328        mDeviceAdminServiceController.stopServiceForOwner(userId, actionForLog);
3329    }
3330
3331    private void cleanUpOldUsers() {
3332        // This is needed in case the broadcast {@link Intent.ACTION_USER_REMOVED} was not handled
3333        // before reboot
3334        Set<Integer> usersWithProfileOwners;
3335        Set<Integer> usersWithData;
3336        synchronized(this) {
3337            usersWithProfileOwners = mOwners.getProfileOwnerKeys();
3338            usersWithData = new ArraySet<>();
3339            for (int i = 0; i < mUserData.size(); i++) {
3340                usersWithData.add(mUserData.keyAt(i));
3341            }
3342        }
3343        List<UserInfo> allUsers = mUserManager.getUsers();
3344
3345        Set<Integer> deletedUsers = new ArraySet<>();
3346        deletedUsers.addAll(usersWithProfileOwners);
3347        deletedUsers.addAll(usersWithData);
3348        for (UserInfo userInfo : allUsers) {
3349            deletedUsers.remove(userInfo.id);
3350        }
3351        for (Integer userId : deletedUsers) {
3352            removeUserData(userId);
3353        }
3354    }
3355
3356    private void handlePasswordExpirationNotification(int userHandle) {
3357        final Bundle adminExtras = new Bundle();
3358        adminExtras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle));
3359
3360        synchronized (this) {
3361            final long now = System.currentTimeMillis();
3362
3363            List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(
3364                    userHandle, /* parent */ false);
3365            final int N = admins.size();
3366            for (int i = 0; i < N; i++) {
3367                ActiveAdmin admin = admins.get(i);
3368                if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)
3369                        && admin.passwordExpirationTimeout > 0L
3370                        && now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS
3371                        && admin.passwordExpirationDate > 0L) {
3372                    sendAdminCommandLocked(admin,
3373                            DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING, adminExtras, null);
3374                }
3375            }
3376            setExpirationAlarmCheckLocked(mContext, userHandle, /* parent */ false);
3377        }
3378    }
3379
3380    /**
3381     * Clean up internal state when the set of installed trusted CA certificates changes.
3382     *
3383     * @param userHandle user to check for. This must be a real user and not, for example,
3384     *        {@link UserHandle#ALL}.
3385     * @param installedCertificates the full set of certificate authorities currently installed for
3386     *        {@param userHandle}. After calling this function, {@code mAcceptedCaCertificates} will
3387     *        correspond to some subset of this.
3388     */
3389    protected void onInstalledCertificatesChanged(final UserHandle userHandle,
3390            final @NonNull Collection<String> installedCertificates) {
3391        if (!mHasFeature) {
3392            return;
3393        }
3394        enforceManageUsers();
3395
3396        synchronized (this) {
3397            final DevicePolicyData policy = getUserData(userHandle.getIdentifier());
3398
3399            boolean changed = false;
3400            changed |= policy.mAcceptedCaCertificates.retainAll(installedCertificates);
3401            changed |= policy.mOwnerInstalledCaCerts.retainAll(installedCertificates);
3402            if (changed) {
3403                saveSettingsLocked(userHandle.getIdentifier());
3404            }
3405        }
3406    }
3407
3408    /**
3409     * Internal method used by {@link CertificateMonitor}.
3410     */
3411    protected Set<String> getAcceptedCaCertificates(final UserHandle userHandle) {
3412        if (!mHasFeature) {
3413            return Collections.<String> emptySet();
3414        }
3415        synchronized (this) {
3416            final DevicePolicyData policy = getUserData(userHandle.getIdentifier());
3417            return policy.mAcceptedCaCertificates;
3418        }
3419    }
3420
3421    /**
3422     * @param adminReceiver The admin to add
3423     * @param refreshing true = update an active admin, no error
3424     */
3425    @Override
3426    public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) {
3427        if (!mHasFeature) {
3428            return;
3429        }
3430        setActiveAdmin(adminReceiver, refreshing, userHandle, null);
3431    }
3432
3433    private void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle,
3434            Bundle onEnableData) {
3435        mContext.enforceCallingOrSelfPermission(
3436                android.Manifest.permission.MANAGE_DEVICE_ADMINS, null);
3437        enforceFullCrossUsersPermission(userHandle);
3438
3439        DevicePolicyData policy = getUserData(userHandle);
3440        DeviceAdminInfo info = findAdmin(adminReceiver, userHandle,
3441                /* throwForMissingPermission= */ true);
3442        synchronized (this) {
3443            checkActiveAdminPrecondition(adminReceiver, info, policy);
3444            long ident = mInjector.binderClearCallingIdentity();
3445            try {
3446                final ActiveAdmin existingAdmin
3447                        = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
3448                if (!refreshing && existingAdmin != null) {
3449                    throw new IllegalArgumentException("Admin is already added");
3450                }
3451                ActiveAdmin newAdmin = new ActiveAdmin(info, /* parent */ false);
3452                newAdmin.testOnlyAdmin =
3453                        (existingAdmin != null) ? existingAdmin.testOnlyAdmin
3454                                : isPackageTestOnly(adminReceiver.getPackageName(), userHandle);
3455                policy.mAdminMap.put(adminReceiver, newAdmin);
3456                int replaceIndex = -1;
3457                final int N = policy.mAdminList.size();
3458                for (int i=0; i < N; i++) {
3459                    ActiveAdmin oldAdmin = policy.mAdminList.get(i);
3460                    if (oldAdmin.info.getComponent().equals(adminReceiver)) {
3461                        replaceIndex = i;
3462                        break;
3463                    }
3464                }
3465                if (replaceIndex == -1) {
3466                    policy.mAdminList.add(newAdmin);
3467                    enableIfNecessary(info.getPackageName(), userHandle);
3468                    mUsageStatsManagerInternal.onActiveAdminAdded(
3469                            adminReceiver.getPackageName(), userHandle);
3470                } else {
3471                    policy.mAdminList.set(replaceIndex, newAdmin);
3472                }
3473                saveSettingsLocked(userHandle);
3474                sendAdminCommandLocked(newAdmin, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED,
3475                        onEnableData, null);
3476            } finally {
3477                mInjector.binderRestoreCallingIdentity(ident);
3478            }
3479        }
3480    }
3481
3482    private void pushActiveAdminPackages() {
3483        synchronized (this) {
3484            final List<UserInfo> users = mUserManager.getUsers();
3485            for (int i = users.size() - 1; i >= 0; --i) {
3486                final int userId = users.get(i).id;
3487                mUsageStatsManagerInternal.setActiveAdminApps(
3488                        getActiveAdminPackagesLocked(userId), userId);
3489            }
3490        }
3491    }
3492
3493    private void pushActiveAdminPackagesLocked(int userId) {
3494        mUsageStatsManagerInternal.setActiveAdminApps(
3495                getActiveAdminPackagesLocked(userId), userId);
3496    }
3497
3498    private Set<String> getActiveAdminPackagesLocked(int userId) {
3499        final DevicePolicyData policy = getUserData(userId);
3500        Set<String> adminPkgs = null;
3501        for (int i = policy.mAdminList.size() - 1; i >= 0; --i) {
3502            final String pkgName = policy.mAdminList.get(i).info.getPackageName();
3503            if (adminPkgs == null) {
3504                adminPkgs = new ArraySet<>();
3505            }
3506            adminPkgs.add(pkgName);
3507        }
3508        return adminPkgs;
3509    }
3510
3511    private void transferActiveAdminUncheckedLocked(ComponentName incomingReceiver,
3512            ComponentName outgoingReceiver, int userHandle) {
3513        final DevicePolicyData policy = getUserData(userHandle);
3514        final DeviceAdminInfo incomingDeviceInfo = findAdmin(incomingReceiver, userHandle,
3515            /* throwForMissingPermission= */ true);
3516        final ActiveAdmin adminToTransfer = policy.mAdminMap.get(outgoingReceiver);
3517        final int oldAdminUid = adminToTransfer.getUid();
3518
3519        adminToTransfer.transfer(incomingDeviceInfo);
3520        policy.mAdminMap.remove(outgoingReceiver);
3521        policy.mAdminMap.put(incomingReceiver, adminToTransfer);
3522        if (policy.mPasswordOwner == oldAdminUid) {
3523            policy.mPasswordOwner = adminToTransfer.getUid();
3524        }
3525
3526        saveSettingsLocked(userHandle);
3527        //TODO: Make sure we revert back when we detect a failure.
3528        sendAdminCommandLocked(adminToTransfer, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED,
3529                null, null);
3530    }
3531
3532    private void checkActiveAdminPrecondition(ComponentName adminReceiver, DeviceAdminInfo info,
3533            DevicePolicyData policy) {
3534        if (info == null) {
3535            throw new IllegalArgumentException("Bad admin: " + adminReceiver);
3536        }
3537        if (!info.getActivityInfo().applicationInfo.isInternal()) {
3538            throw new IllegalArgumentException("Only apps in internal storage can be active admin: "
3539                    + adminReceiver);
3540        }
3541        if (info.getActivityInfo().applicationInfo.isInstantApp()) {
3542            throw new IllegalArgumentException("Instant apps cannot be device admins: "
3543                    + adminReceiver);
3544        }
3545        if (policy.mRemovingAdmins.contains(adminReceiver)) {
3546            throw new IllegalArgumentException(
3547                    "Trying to set an admin which is being removed");
3548        }
3549    }
3550
3551    @Override
3552    public boolean isAdminActive(ComponentName adminReceiver, int userHandle) {
3553        if (!mHasFeature) {
3554            return false;
3555        }
3556        enforceFullCrossUsersPermission(userHandle);
3557        synchronized (this) {
3558            return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null;
3559        }
3560    }
3561
3562    @Override
3563    public boolean isRemovingAdmin(ComponentName adminReceiver, int userHandle) {
3564        if (!mHasFeature) {
3565            return false;
3566        }
3567        enforceFullCrossUsersPermission(userHandle);
3568        synchronized (this) {
3569            DevicePolicyData policyData = getUserData(userHandle);
3570            return policyData.mRemovingAdmins.contains(adminReceiver);
3571        }
3572    }
3573
3574    @Override
3575    public boolean hasGrantedPolicy(ComponentName adminReceiver, int policyId, int userHandle) {
3576        if (!mHasFeature) {
3577            return false;
3578        }
3579        enforceFullCrossUsersPermission(userHandle);
3580        synchronized (this) {
3581            ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
3582            if (administrator == null) {
3583                throw new SecurityException("No active admin " + adminReceiver);
3584            }
3585            return administrator.info.usesPolicy(policyId);
3586        }
3587    }
3588
3589    @Override
3590    @SuppressWarnings("unchecked")
3591    public List<ComponentName> getActiveAdmins(int userHandle) {
3592        if (!mHasFeature) {
3593            return Collections.EMPTY_LIST;
3594        }
3595
3596        enforceFullCrossUsersPermission(userHandle);
3597        synchronized (this) {
3598            DevicePolicyData policy = getUserData(userHandle);
3599            final int N = policy.mAdminList.size();
3600            if (N <= 0) {
3601                return null;
3602            }
3603            ArrayList<ComponentName> res = new ArrayList<ComponentName>(N);
3604            for (int i=0; i<N; i++) {
3605                res.add(policy.mAdminList.get(i).info.getComponent());
3606            }
3607            return res;
3608        }
3609    }
3610
3611    @Override
3612    public boolean packageHasActiveAdmins(String packageName, int userHandle) {
3613        if (!mHasFeature) {
3614            return false;
3615        }
3616        enforceFullCrossUsersPermission(userHandle);
3617        synchronized (this) {
3618            DevicePolicyData policy = getUserData(userHandle);
3619            final int N = policy.mAdminList.size();
3620            for (int i=0; i<N; i++) {
3621                if (policy.mAdminList.get(i).info.getPackageName().equals(packageName)) {
3622                    return true;
3623                }
3624            }
3625            return false;
3626        }
3627    }
3628
3629    @Override
3630    public void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle) {
3631        if (!mHasFeature) {
3632            return;
3633        }
3634        Preconditions.checkNotNull(adminReceiver, "ComponentName is null");
3635        enforceShell("forceRemoveActiveAdmin");
3636        long ident = mInjector.binderClearCallingIdentity();
3637        try {
3638            synchronized (this)  {
3639                if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) {
3640                    throw new SecurityException("Attempt to remove non-test admin "
3641                            + adminReceiver + " " + userHandle);
3642                }
3643
3644                // If admin is a device or profile owner tidy that up first.
3645                if (isDeviceOwner(adminReceiver, userHandle)) {
3646                    clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle);
3647                }
3648                if (isProfileOwner(adminReceiver, userHandle)) {
3649                    final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver,
3650                            userHandle, /* parent */ false);
3651                    clearProfileOwnerLocked(admin, userHandle);
3652                }
3653            }
3654            // Remove the admin skipping sending the broadcast.
3655            removeAdminArtifacts(adminReceiver, userHandle);
3656            Slog.i(LOG_TAG, "Admin " + adminReceiver + " removed from user " + userHandle);
3657        } finally {
3658            mInjector.binderRestoreCallingIdentity(ident);
3659        }
3660    }
3661
3662    private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) {
3663        // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state
3664        if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) {
3665            mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle);
3666        }
3667    }
3668
3669    /**
3670     * Return if a given package has testOnly="true", in which case we'll relax certain rules
3671     * for CTS.
3672     *
3673     * DO NOT use this method except in {@link #setActiveAdmin}.  Use {@link #isAdminTestOnlyLocked}
3674     * to check wehter an active admin is test-only or not.
3675     *
3676     * The system allows this flag to be changed when an app is updated, which is not good
3677     * for us.  So we persist the flag in {@link ActiveAdmin} when an admin is first installed,
3678     * and used the persisted version in actual checks. (See b/31382361 and b/28928996)
3679     */
3680    private boolean isPackageTestOnly(String packageName, int userHandle) {
3681        final ApplicationInfo ai;
3682        try {
3683            ai = mInjector.getIPackageManager().getApplicationInfo(packageName,
3684                    (PackageManager.MATCH_DIRECT_BOOT_AWARE
3685                            | PackageManager.MATCH_DIRECT_BOOT_UNAWARE), userHandle);
3686        } catch (RemoteException e) {
3687            throw new IllegalStateException(e);
3688        }
3689        if (ai == null) {
3690            throw new IllegalStateException("Couldn't find package: "
3691                    + packageName + " on user " + userHandle);
3692        }
3693        return (ai.flags & ApplicationInfo.FLAG_TEST_ONLY) != 0;
3694    }
3695
3696    /**
3697     * See {@link #isPackageTestOnly}.
3698     */
3699    private boolean isAdminTestOnlyLocked(ComponentName who, int userHandle) {
3700        final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
3701        return (admin != null) && admin.testOnlyAdmin;
3702    }
3703
3704    private void enforceShell(String method) {
3705        final int callingUid = mInjector.binderGetCallingUid();
3706        if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) {
3707            throw new SecurityException("Non-shell user attempted to call " + method);
3708        }
3709    }
3710
3711    @Override
3712    public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) {
3713        if (!mHasFeature) {
3714            return;
3715        }
3716        enforceFullCrossUsersPermission(userHandle);
3717        enforceUserUnlocked(userHandle);
3718        synchronized (this) {
3719            ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
3720            if (admin == null) {
3721                return;
3722            }
3723            // Active device/profile owners must remain active admins.
3724            if (isDeviceOwner(adminReceiver, userHandle)
3725                    || isProfileOwner(adminReceiver, userHandle)) {
3726                Slog.e(LOG_TAG, "Device/profile owner cannot be removed: component=" +
3727                        adminReceiver);
3728                return;
3729            }
3730            if (admin.getUid() != mInjector.binderGetCallingUid()) {
3731                mContext.enforceCallingOrSelfPermission(
3732                        android.Manifest.permission.MANAGE_DEVICE_ADMINS, null);
3733            }
3734            long ident = mInjector.binderClearCallingIdentity();
3735            try {
3736                removeActiveAdminLocked(adminReceiver, userHandle);
3737            } finally {
3738                mInjector.binderRestoreCallingIdentity(ident);
3739            }
3740        }
3741    }
3742
3743    @Override
3744    public boolean isSeparateProfileChallengeAllowed(int userHandle) {
3745        ComponentName profileOwner = getProfileOwner(userHandle);
3746        // Profile challenge is supported on N or newer release.
3747        return profileOwner != null &&
3748                getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M;
3749    }
3750
3751    @Override
3752    public void setPasswordQuality(ComponentName who, int quality, boolean parent) {
3753        if (!mHasFeature) {
3754            return;
3755        }
3756        Preconditions.checkNotNull(who, "ComponentName is null");
3757        validateQualityConstant(quality);
3758
3759        synchronized (this) {
3760            ActiveAdmin ap = getActiveAdminForCallerLocked(
3761                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
3762            if (ap.minimumPasswordMetrics.quality != quality) {
3763                ap.minimumPasswordMetrics.quality = quality;
3764                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
3765                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
3766            }
3767        }
3768    }
3769
3770    /**
3771     * Updates flag in memory that tells us whether the user's password currently satisfies the
3772     * requirements set by all of the user's active admins.  This should be called before
3773     * {@link #saveSettingsLocked} whenever the password or the admin policies have changed.
3774     */
3775    @GuardedBy("DevicePolicyManagerService.this")
3776    private void updatePasswordValidityCheckpointLocked(int userHandle) {
3777        DevicePolicyData policy = getUserData(userHandle);
3778        policy.mPasswordValidAtLastCheckpoint = isActivePasswordSufficientForUserLocked(
3779                policy, policy.mUserHandle, false);
3780    }
3781
3782    @Override
3783    public int getPasswordQuality(ComponentName who, int userHandle, boolean parent) {
3784        if (!mHasFeature) {
3785            return PASSWORD_QUALITY_UNSPECIFIED;
3786        }
3787        enforceFullCrossUsersPermission(userHandle);
3788        synchronized (this) {
3789            int mode = PASSWORD_QUALITY_UNSPECIFIED;
3790
3791            if (who != null) {
3792                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
3793                return admin != null ? admin.minimumPasswordMetrics.quality : mode;
3794            }
3795
3796            // Return the strictest policy across all participating admins.
3797            List<ActiveAdmin> admins =
3798                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
3799            final int N = admins.size();
3800            for (int i = 0; i < N; i++) {
3801                ActiveAdmin admin = admins.get(i);
3802                if (mode < admin.minimumPasswordMetrics.quality) {
3803                    mode = admin.minimumPasswordMetrics.quality;
3804                }
3805            }
3806            return mode;
3807        }
3808    }
3809
3810    private List<ActiveAdmin> getActiveAdminsForLockscreenPoliciesLocked(
3811            int userHandle, boolean parent) {
3812        if (!parent && isSeparateProfileChallengeEnabled(userHandle)) {
3813            // If this user has a separate challenge, only return its restrictions.
3814            return getUserDataUnchecked(userHandle).mAdminList;
3815        } else {
3816            // Return all admins for this user and the profiles that are visible from this
3817            // user that do not use a separate work challenge.
3818            ArrayList<ActiveAdmin> admins = new ArrayList<ActiveAdmin>();
3819            for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) {
3820                DevicePolicyData policy = getUserData(userInfo.id);
3821                if (!userInfo.isManagedProfile()) {
3822                    admins.addAll(policy.mAdminList);
3823                } else {
3824                    // For managed profiles, we always include the policies set on the parent
3825                    // profile. Additionally, we include the ones set on the managed profile
3826                    // if no separate challenge is in place.
3827                    boolean hasSeparateChallenge = isSeparateProfileChallengeEnabled(userInfo.id);
3828                    final int N = policy.mAdminList.size();
3829                    for (int i = 0; i < N; i++) {
3830                        ActiveAdmin admin = policy.mAdminList.get(i);
3831                        if (admin.hasParentActiveAdmin()) {
3832                            admins.add(admin.getParentActiveAdmin());
3833                        }
3834                        if (!hasSeparateChallenge) {
3835                            admins.add(admin);
3836                        }
3837                    }
3838                }
3839            }
3840            return admins;
3841        }
3842    }
3843
3844    private boolean isSeparateProfileChallengeEnabled(int userHandle) {
3845        long ident = mInjector.binderClearCallingIdentity();
3846        try {
3847            return mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle);
3848        } finally {
3849            mInjector.binderRestoreCallingIdentity(ident);
3850        }
3851    }
3852
3853    @Override
3854    public void setPasswordMinimumLength(ComponentName who, int length, boolean parent) {
3855        if (!mHasFeature) {
3856            return;
3857        }
3858        Preconditions.checkNotNull(who, "ComponentName is null");
3859        synchronized (this) {
3860            ActiveAdmin ap = getActiveAdminForCallerLocked(
3861                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
3862            if (ap.minimumPasswordMetrics.length != length) {
3863                ap.minimumPasswordMetrics.length = length;
3864                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
3865                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
3866            }
3867        }
3868    }
3869
3870    @Override
3871    public int getPasswordMinimumLength(ComponentName who, int userHandle, boolean parent) {
3872        return getStrictestPasswordRequirement(who, userHandle, parent,
3873                admin -> admin.minimumPasswordMetrics.length, PASSWORD_QUALITY_UNSPECIFIED);
3874    }
3875
3876    @Override
3877    public void setPasswordHistoryLength(ComponentName who, int length, boolean parent) {
3878        if (!mHasFeature) {
3879            return;
3880        }
3881        Preconditions.checkNotNull(who, "ComponentName is null");
3882        synchronized (this) {
3883            ActiveAdmin ap = getActiveAdminForCallerLocked(
3884                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
3885            if (ap.passwordHistoryLength != length) {
3886                ap.passwordHistoryLength = length;
3887                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
3888                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
3889            }
3890        }
3891    }
3892
3893    @Override
3894    public int getPasswordHistoryLength(ComponentName who, int userHandle, boolean parent) {
3895        return getStrictestPasswordRequirement(who, userHandle, parent,
3896                admin -> admin.passwordHistoryLength, PASSWORD_QUALITY_UNSPECIFIED);
3897    }
3898
3899    @Override
3900    public void setPasswordExpirationTimeout(ComponentName who, long timeout, boolean parent) {
3901        if (!mHasFeature) {
3902            return;
3903        }
3904        Preconditions.checkNotNull(who, "ComponentName is null");
3905        Preconditions.checkArgumentNonnegative(timeout, "Timeout must be >= 0 ms");
3906        final int userHandle = mInjector.userHandleGetCallingUserId();
3907        synchronized (this) {
3908            ActiveAdmin ap = getActiveAdminForCallerLocked(
3909                    who, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD, parent);
3910            // Calling this API automatically bumps the expiration date
3911            final long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;
3912            ap.passwordExpirationDate = expiration;
3913            ap.passwordExpirationTimeout = timeout;
3914            if (timeout > 0L) {
3915                Slog.w(LOG_TAG, "setPasswordExpiration(): password will expire on "
3916                        + DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT)
3917                        .format(new Date(expiration)));
3918            }
3919            saveSettingsLocked(userHandle);
3920
3921            // in case this is the first one, set the alarm on the appropriate user.
3922            setExpirationAlarmCheckLocked(mContext, userHandle, parent);
3923        }
3924    }
3925
3926    /**
3927     * Return a single admin's expiration cycle time, or the min of all cycle times.
3928     * Returns 0 if not configured.
3929     */
3930    @Override
3931    public long getPasswordExpirationTimeout(ComponentName who, int userHandle, boolean parent) {
3932        if (!mHasFeature) {
3933            return 0L;
3934        }
3935        enforceFullCrossUsersPermission(userHandle);
3936        synchronized (this) {
3937            long timeout = 0L;
3938
3939            if (who != null) {
3940                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
3941                return admin != null ? admin.passwordExpirationTimeout : timeout;
3942            }
3943
3944            // Return the strictest policy across all participating admins.
3945            List<ActiveAdmin> admins =
3946                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
3947            final int N = admins.size();
3948            for (int i = 0; i < N; i++) {
3949                ActiveAdmin admin = admins.get(i);
3950                if (timeout == 0L || (admin.passwordExpirationTimeout != 0L
3951                        && timeout > admin.passwordExpirationTimeout)) {
3952                    timeout = admin.passwordExpirationTimeout;
3953                }
3954            }
3955            return timeout;
3956        }
3957    }
3958
3959    @Override
3960    public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) {
3961        final int userId = UserHandle.getCallingUserId();
3962        List<String> changedProviders = null;
3963
3964        synchronized (this) {
3965            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
3966                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
3967            if (activeAdmin.crossProfileWidgetProviders == null) {
3968                activeAdmin.crossProfileWidgetProviders = new ArrayList<>();
3969            }
3970            List<String> providers = activeAdmin.crossProfileWidgetProviders;
3971            if (!providers.contains(packageName)) {
3972                providers.add(packageName);
3973                changedProviders = new ArrayList<>(providers);
3974                saveSettingsLocked(userId);
3975            }
3976        }
3977
3978        if (changedProviders != null) {
3979            mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders);
3980            return true;
3981        }
3982
3983        return false;
3984    }
3985
3986    @Override
3987    public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) {
3988        final int userId = UserHandle.getCallingUserId();
3989        List<String> changedProviders = null;
3990
3991        synchronized (this) {
3992            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
3993                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
3994            if (activeAdmin.crossProfileWidgetProviders == null
3995                    || activeAdmin.crossProfileWidgetProviders.isEmpty()) {
3996                return false;
3997            }
3998            List<String> providers = activeAdmin.crossProfileWidgetProviders;
3999            if (providers.remove(packageName)) {
4000                changedProviders = new ArrayList<>(providers);
4001                saveSettingsLocked(userId);
4002            }
4003        }
4004
4005        if (changedProviders != null) {
4006            mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders);
4007            return true;
4008        }
4009
4010        return false;
4011    }
4012
4013    @Override
4014    public List<String> getCrossProfileWidgetProviders(ComponentName admin) {
4015        synchronized (this) {
4016            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
4017                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
4018            if (activeAdmin.crossProfileWidgetProviders == null
4019                    || activeAdmin.crossProfileWidgetProviders.isEmpty()) {
4020                return null;
4021            }
4022            if (mInjector.binderIsCallingUidMyUid()) {
4023                return new ArrayList<>(activeAdmin.crossProfileWidgetProviders);
4024            } else {
4025                return activeAdmin.crossProfileWidgetProviders;
4026            }
4027        }
4028    }
4029
4030    /**
4031     * Return a single admin's expiration date/time, or the min (soonest) for all admins.
4032     * Returns 0 if not configured.
4033     */
4034    private long getPasswordExpirationLocked(ComponentName who, int userHandle, boolean parent) {
4035        long timeout = 0L;
4036
4037        if (who != null) {
4038            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
4039            return admin != null ? admin.passwordExpirationDate : timeout;
4040        }
4041
4042        // Return the strictest policy across all participating admins.
4043        List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
4044        final int N = admins.size();
4045        for (int i = 0; i < N; i++) {
4046            ActiveAdmin admin = admins.get(i);
4047            if (timeout == 0L || (admin.passwordExpirationDate != 0
4048                    && timeout > admin.passwordExpirationDate)) {
4049                timeout = admin.passwordExpirationDate;
4050            }
4051        }
4052        return timeout;
4053    }
4054
4055    @Override
4056    public long getPasswordExpiration(ComponentName who, int userHandle, boolean parent) {
4057        if (!mHasFeature) {
4058            return 0L;
4059        }
4060        enforceFullCrossUsersPermission(userHandle);
4061        synchronized (this) {
4062            return getPasswordExpirationLocked(who, userHandle, parent);
4063        }
4064    }
4065
4066    @Override
4067    public void setPasswordMinimumUpperCase(ComponentName who, int length, boolean parent) {
4068        if (!mHasFeature) {
4069            return;
4070        }
4071        Preconditions.checkNotNull(who, "ComponentName is null");
4072        synchronized (this) {
4073            ActiveAdmin ap = getActiveAdminForCallerLocked(
4074                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4075            if (ap.minimumPasswordMetrics.upperCase != length) {
4076                ap.minimumPasswordMetrics.upperCase = length;
4077                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4078                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4079            }
4080        }
4081    }
4082
4083    @Override
4084    public int getPasswordMinimumUpperCase(ComponentName who, int userHandle, boolean parent) {
4085        return getStrictestPasswordRequirement(who, userHandle, parent,
4086                admin -> admin.minimumPasswordMetrics.upperCase, PASSWORD_QUALITY_COMPLEX);
4087    }
4088
4089    @Override
4090    public void setPasswordMinimumLowerCase(ComponentName who, int length, boolean parent) {
4091        Preconditions.checkNotNull(who, "ComponentName is null");
4092        synchronized (this) {
4093            ActiveAdmin ap = getActiveAdminForCallerLocked(
4094                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4095            if (ap.minimumPasswordMetrics.lowerCase != length) {
4096                ap.minimumPasswordMetrics.lowerCase = length;
4097                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4098                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4099            }
4100        }
4101    }
4102
4103    @Override
4104    public int getPasswordMinimumLowerCase(ComponentName who, int userHandle, boolean parent) {
4105        return getStrictestPasswordRequirement(who, userHandle, parent,
4106                admin -> admin.minimumPasswordMetrics.lowerCase, PASSWORD_QUALITY_COMPLEX);
4107    }
4108
4109    @Override
4110    public void setPasswordMinimumLetters(ComponentName who, int length, boolean parent) {
4111        if (!mHasFeature) {
4112            return;
4113        }
4114        Preconditions.checkNotNull(who, "ComponentName is null");
4115        synchronized (this) {
4116            ActiveAdmin ap = getActiveAdminForCallerLocked(
4117                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4118            if (ap.minimumPasswordMetrics.letters != length) {
4119                ap.minimumPasswordMetrics.letters = length;
4120                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4121                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4122            }
4123        }
4124    }
4125
4126    @Override
4127    public int getPasswordMinimumLetters(ComponentName who, int userHandle, boolean parent) {
4128        return getStrictestPasswordRequirement(who, userHandle, parent,
4129                admin -> admin.minimumPasswordMetrics.letters, PASSWORD_QUALITY_COMPLEX);
4130    }
4131
4132    @Override
4133    public void setPasswordMinimumNumeric(ComponentName who, int length, boolean parent) {
4134        if (!mHasFeature) {
4135            return;
4136        }
4137        Preconditions.checkNotNull(who, "ComponentName is null");
4138        synchronized (this) {
4139            ActiveAdmin ap = getActiveAdminForCallerLocked(
4140                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4141            if (ap.minimumPasswordMetrics.numeric != length) {
4142                ap.minimumPasswordMetrics.numeric = length;
4143                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4144                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4145            }
4146        }
4147    }
4148
4149    @Override
4150    public int getPasswordMinimumNumeric(ComponentName who, int userHandle, boolean parent) {
4151        return getStrictestPasswordRequirement(who, userHandle, parent,
4152                admin -> admin.minimumPasswordMetrics.numeric, PASSWORD_QUALITY_COMPLEX);
4153   }
4154
4155    @Override
4156    public void setPasswordMinimumSymbols(ComponentName who, int length, boolean parent) {
4157        if (!mHasFeature) {
4158            return;
4159        }
4160        Preconditions.checkNotNull(who, "ComponentName is null");
4161        synchronized (this) {
4162            ActiveAdmin ap = getActiveAdminForCallerLocked(
4163                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4164            if (ap.minimumPasswordMetrics.symbols != length) {
4165                ap.minimumPasswordMetrics.symbols = length;
4166                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4167                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4168            }
4169        }
4170    }
4171
4172    @Override
4173    public int getPasswordMinimumSymbols(ComponentName who, int userHandle, boolean parent) {
4174        return getStrictestPasswordRequirement(who, userHandle, parent,
4175                admin -> admin.minimumPasswordMetrics.symbols, PASSWORD_QUALITY_COMPLEX);
4176    }
4177
4178    @Override
4179    public void setPasswordMinimumNonLetter(ComponentName who, int length, boolean parent) {
4180        if (!mHasFeature) {
4181            return;
4182        }
4183        Preconditions.checkNotNull(who, "ComponentName is null");
4184        synchronized (this) {
4185            ActiveAdmin ap = getActiveAdminForCallerLocked(
4186                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4187            if (ap.minimumPasswordMetrics.nonLetter != length) {
4188                ap.minimumPasswordMetrics.nonLetter = length;
4189                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4190                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4191            }
4192        }
4193    }
4194
4195    @Override
4196    public int getPasswordMinimumNonLetter(ComponentName who, int userHandle, boolean parent) {
4197        return getStrictestPasswordRequirement(who, userHandle, parent,
4198                admin -> admin.minimumPasswordMetrics.nonLetter, PASSWORD_QUALITY_COMPLEX);
4199    }
4200
4201    /**
4202     * Calculates strictest (maximum) value for a given password property enforced by admin[s].
4203     */
4204    private int getStrictestPasswordRequirement(ComponentName who, int userHandle,
4205            boolean parent, Function<ActiveAdmin, Integer> getter, int minimumPasswordQuality) {
4206        if (!mHasFeature) {
4207            return 0;
4208        }
4209        enforceFullCrossUsersPermission(userHandle);
4210        synchronized (this) {
4211            if (who != null) {
4212                final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
4213                return admin != null ? getter.apply(admin) : 0;
4214            }
4215
4216            int maxValue = 0;
4217            final List<ActiveAdmin> admins =
4218                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
4219            final int N = admins.size();
4220            for (int i = 0; i < N; i++) {
4221                final ActiveAdmin admin = admins.get(i);
4222                if (!isLimitPasswordAllowed(admin, minimumPasswordQuality)) {
4223                    continue;
4224                }
4225                final Integer adminValue = getter.apply(admin);
4226                if (adminValue > maxValue) {
4227                    maxValue = adminValue;
4228                }
4229            }
4230            return maxValue;
4231        }
4232    }
4233
4234    /* @return the password blacklist set by the admin or {@code null} if none. */
4235    PasswordBlacklist getAdminPasswordBlacklistLocked(@NonNull ActiveAdmin admin) {
4236        final int userId = UserHandle.getUserId(admin.getUid());
4237        return admin.passwordBlacklistFile == null ? null : new PasswordBlacklist(
4238                new File(getPolicyFileDirectory(userId), admin.passwordBlacklistFile));
4239    }
4240
4241    private static final String PASSWORD_BLACKLIST_FILE_PREFIX = "password-blacklist-";
4242    private static final String PASSWORD_BLACKLIST_FILE_SUFFIX = "";
4243
4244    @Override
4245    public boolean setPasswordBlacklist(ComponentName who, String name, List<String> blacklist,
4246            boolean parent) {
4247        if (!mHasFeature) {
4248            return false;
4249        }
4250        Preconditions.checkNotNull(who, "who is null");
4251
4252        synchronized (this) {
4253            final ActiveAdmin admin = getActiveAdminForCallerLocked(
4254                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent);
4255            final int userId = mInjector.userHandleGetCallingUserId();
4256            PasswordBlacklist adminBlacklist = getAdminPasswordBlacklistLocked(admin);
4257
4258            if (blacklist == null || blacklist.isEmpty()) {
4259                // Remove the adminBlacklist
4260                admin.passwordBlacklistFile = null;
4261                saveSettingsLocked(userId);
4262                if (adminBlacklist != null) {
4263                    adminBlacklist.delete();
4264                }
4265                return true;
4266            }
4267
4268            // Validate server side
4269            Preconditions.checkNotNull(name, "name is null");
4270            DevicePolicyManager.enforcePasswordBlacklistSize(blacklist);
4271
4272            // Blacklist is case insensitive so normalize to lower case
4273            final int blacklistSize = blacklist.size();
4274            for (int i = 0; i < blacklistSize; ++i) {
4275                blacklist.set(i, blacklist.get(i).toLowerCase());
4276            }
4277
4278            final boolean isNewBlacklist = adminBlacklist == null;
4279            if (isNewBlacklist) {
4280                // Create a new file for the blacklist. There could be multiple admins, each setting
4281                // different blacklists, to restrict a user's credential, for example a managed
4282                // profile can impose restrictions on its parent while the parent is already
4283                // restricted by its own admin. A deterministic naming scheme would be fragile if
4284                // new types of admin are introduced so we generate and save the file name instead.
4285                // This isn't a temporary file but it reuses the name generation logic
4286                final File file;
4287                try {
4288                    file = File.createTempFile(PASSWORD_BLACKLIST_FILE_PREFIX,
4289                            PASSWORD_BLACKLIST_FILE_SUFFIX, getPolicyFileDirectory(userId));
4290                } catch (IOException e) {
4291                    Slog.e(LOG_TAG, "Failed to make a file for the blacklist", e);
4292                    return false;
4293                }
4294                adminBlacklist = mInjector.newPasswordBlacklist(file);
4295            }
4296
4297            if (adminBlacklist.savePasswordBlacklist(name, blacklist)) {
4298                if (isNewBlacklist) {
4299                    // The blacklist was saved so point the admin to the file
4300                    admin.passwordBlacklistFile = adminBlacklist.getFile().getName();
4301                    saveSettingsLocked(userId);
4302                }
4303                return true;
4304            }
4305        }
4306
4307        return false;
4308    }
4309
4310    @Override
4311    public String getPasswordBlacklistName(ComponentName who, @UserIdInt int userId,
4312            boolean parent) {
4313        if (!mHasFeature) {
4314            return null;
4315        }
4316        Preconditions.checkNotNull(who, "who is null");
4317        enforceFullCrossUsersPermission(userId);
4318        synchronized (this) {
4319            final ActiveAdmin admin = getActiveAdminForCallerLocked(
4320                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent);
4321            final PasswordBlacklist blacklist = getAdminPasswordBlacklistLocked(admin);
4322            if (blacklist == null) {
4323                return null;
4324            }
4325            return blacklist.getName();
4326        }
4327    }
4328
4329    @Override
4330    public boolean isPasswordBlacklisted(@UserIdInt int userId, String password) {
4331        if (!mHasFeature) {
4332            return false;
4333        }
4334        mContext.enforceCallingOrSelfPermission(
4335                android.Manifest.permission.TEST_BLACKLISTED_PASSWORD, null);
4336        return isPasswordBlacklistedInternal(userId, password);
4337    }
4338
4339    private boolean isPasswordBlacklistedInternal(@UserIdInt int userId, String password) {
4340        Preconditions.checkNotNull(password, "Password is null");
4341        enforceFullCrossUsersPermission(userId);
4342
4343        // Normalize to lower case for case insensitive blacklist match
4344        final String lowerCasePassword = password.toLowerCase();
4345
4346        synchronized (this) {
4347            final List<ActiveAdmin> admins =
4348                    getActiveAdminsForLockscreenPoliciesLocked(userId, /* parent */ false);
4349            final int N = admins.size();
4350            for (int i = 0; i < N; i++) {
4351                final PasswordBlacklist blacklist
4352                        = getAdminPasswordBlacklistLocked(admins.get(i));
4353                if (blacklist != null) {
4354                    if (blacklist.isPasswordBlacklisted(lowerCasePassword)) {
4355                        return true;
4356                    }
4357                }
4358            }
4359        }
4360
4361        return false;
4362    }
4363
4364    @Override
4365    public boolean isActivePasswordSufficient(int userHandle, boolean parent) {
4366        if (!mHasFeature) {
4367            return true;
4368        }
4369        enforceFullCrossUsersPermission(userHandle);
4370        enforceUserUnlocked(userHandle, parent);
4371
4372        synchronized (this) {
4373            // This API can only be called by an active device admin,
4374            // so try to retrieve it to check that the caller is one.
4375            getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4376            DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent));
4377            return isActivePasswordSufficientForUserLocked(policy, userHandle, parent);
4378        }
4379    }
4380
4381    @Override
4382    public boolean isUsingUnifiedPassword(ComponentName admin) {
4383        if (!mHasFeature) {
4384            return true;
4385        }
4386        final int userId = mInjector.userHandleGetCallingUserId();
4387        enforceProfileOrDeviceOwner(admin);
4388        enforceManagedProfile(userId, "query unified challenge status");
4389        return !isSeparateProfileChallengeEnabled(userId);
4390    }
4391
4392    @Override
4393    public boolean isProfileActivePasswordSufficientForParent(int userHandle) {
4394        if (!mHasFeature) {
4395            return true;
4396        }
4397        enforceFullCrossUsersPermission(userHandle);
4398        enforceManagedProfile(userHandle, "call APIs refering to the parent profile");
4399
4400        synchronized (this) {
4401            final int targetUser = getProfileParentId(userHandle);
4402            enforceUserUnlocked(targetUser, false);
4403            DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, false));
4404            return isActivePasswordSufficientForUserLocked(policy, targetUser, false);
4405        }
4406    }
4407
4408    private boolean isActivePasswordSufficientForUserLocked(
4409            DevicePolicyData policy, int userHandle, boolean parent) {
4410        final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent);
4411        if (requiredPasswordQuality == PASSWORD_QUALITY_UNSPECIFIED) {
4412            // A special case is when there is no required password quality, then we just return
4413            // true since any password would be sufficient. This is for the scenario when a work
4414            // profile is first created so there is no information about the current password but
4415            // it should be considered sufficient as there is no password requirement either.
4416            // This is useful since it short-circuits the password checkpoint for FDE device below.
4417            return true;
4418        }
4419
4420        if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()
4421                && !policy.mPasswordStateHasBeenSetSinceBoot) {
4422            // Before user enters their password for the first time after a reboot, return the
4423            // value of this flag, which tells us whether the password was valid the last time
4424            // settings were saved.  If DPC changes password requirements on boot so that the
4425            // current password no longer meets the requirements, this value will be stale until
4426            // the next time the password is entered.
4427            return policy.mPasswordValidAtLastCheckpoint;
4428        }
4429
4430        if (policy.mActivePasswordMetrics.quality < requiredPasswordQuality) {
4431            return false;
4432        }
4433        if (requiredPasswordQuality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC
4434                && policy.mActivePasswordMetrics.length < getPasswordMinimumLength(
4435                        null, userHandle, parent)) {
4436            return false;
4437        }
4438        if (requiredPasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
4439            return true;
4440        }
4441        return policy.mActivePasswordMetrics.upperCase >= getPasswordMinimumUpperCase(
4442                    null, userHandle, parent)
4443                && policy.mActivePasswordMetrics.lowerCase >= getPasswordMinimumLowerCase(
4444                        null, userHandle, parent)
4445                && policy.mActivePasswordMetrics.letters >= getPasswordMinimumLetters(
4446                        null, userHandle, parent)
4447                && policy.mActivePasswordMetrics.numeric >= getPasswordMinimumNumeric(
4448                        null, userHandle, parent)
4449                && policy.mActivePasswordMetrics.symbols >= getPasswordMinimumSymbols(
4450                        null, userHandle, parent)
4451                && policy.mActivePasswordMetrics.nonLetter >= getPasswordMinimumNonLetter(
4452                        null, userHandle, parent);
4453    }
4454
4455    @Override
4456    public int getCurrentFailedPasswordAttempts(int userHandle, boolean parent) {
4457        enforceFullCrossUsersPermission(userHandle);
4458        synchronized (this) {
4459            if (!isCallerWithSystemUid()) {
4460                // This API can only be called by an active device admin,
4461                // so try to retrieve it to check that the caller is one.
4462                getActiveAdminForCallerLocked(
4463                        null, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent);
4464            }
4465
4466            DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent));
4467
4468            return policy.mFailedPasswordAttempts;
4469        }
4470    }
4471
4472    @Override
4473    public void setMaximumFailedPasswordsForWipe(ComponentName who, int num, boolean parent) {
4474        if (!mHasFeature) {
4475            return;
4476        }
4477        Preconditions.checkNotNull(who, "ComponentName is null");
4478        synchronized (this) {
4479            // This API can only be called by an active device admin,
4480            // so try to retrieve it to check that the caller is one.
4481            getActiveAdminForCallerLocked(
4482                    who, DeviceAdminInfo.USES_POLICY_WIPE_DATA, parent);
4483            ActiveAdmin ap = getActiveAdminForCallerLocked(
4484                    who, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent);
4485            if (ap.maximumFailedPasswordsForWipe != num) {
4486                ap.maximumFailedPasswordsForWipe = num;
4487                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4488            }
4489        }
4490    }
4491
4492    @Override
4493    public int getMaximumFailedPasswordsForWipe(ComponentName who, int userHandle, boolean parent) {
4494        if (!mHasFeature) {
4495            return 0;
4496        }
4497        enforceFullCrossUsersPermission(userHandle);
4498        synchronized (this) {
4499            ActiveAdmin admin = (who != null)
4500                    ? getActiveAdminUncheckedLocked(who, userHandle, parent)
4501                    : getAdminWithMinimumFailedPasswordsForWipeLocked(userHandle, parent);
4502            return admin != null ? admin.maximumFailedPasswordsForWipe : 0;
4503        }
4504    }
4505
4506    @Override
4507    public int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent) {
4508        if (!mHasFeature) {
4509            return UserHandle.USER_NULL;
4510        }
4511        enforceFullCrossUsersPermission(userHandle);
4512        synchronized (this) {
4513            ActiveAdmin admin = getAdminWithMinimumFailedPasswordsForWipeLocked(
4514                    userHandle, parent);
4515            return admin != null ? admin.getUserHandle().getIdentifier() : UserHandle.USER_NULL;
4516        }
4517    }
4518
4519    /**
4520     * Returns the admin with the strictest policy on maximum failed passwords for:
4521     * <ul>
4522     *   <li>this user if it has a separate profile challenge, or
4523     *   <li>this user and all profiles that don't have their own challenge otherwise.
4524     * </ul>
4525     * <p>If the policy for the primary and any other profile are equal, it returns the admin for
4526     * the primary profile.
4527     * Returns {@code null} if no participating admin has that policy set.
4528     */
4529    private ActiveAdmin getAdminWithMinimumFailedPasswordsForWipeLocked(
4530            int userHandle, boolean parent) {
4531        int count = 0;
4532        ActiveAdmin strictestAdmin = null;
4533
4534        // Return the strictest policy across all participating admins.
4535        List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
4536        final int N = admins.size();
4537        for (int i = 0; i < N; i++) {
4538            ActiveAdmin admin = admins.get(i);
4539            if (admin.maximumFailedPasswordsForWipe ==
4540                    ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
4541                continue;  // No max number of failed passwords policy set for this profile.
4542            }
4543
4544            // We always favor the primary profile if several profiles have the same value set.
4545            int userId = admin.getUserHandle().getIdentifier();
4546            if (count == 0 ||
4547                    count > admin.maximumFailedPasswordsForWipe ||
4548                    (count == admin.maximumFailedPasswordsForWipe &&
4549                            getUserInfo(userId).isPrimary())) {
4550                count = admin.maximumFailedPasswordsForWipe;
4551                strictestAdmin = admin;
4552            }
4553        }
4554        return strictestAdmin;
4555    }
4556
4557    private UserInfo getUserInfo(@UserIdInt int userId) {
4558        final long token = mInjector.binderClearCallingIdentity();
4559        try {
4560            return mUserManager.getUserInfo(userId);
4561        } finally {
4562            mInjector.binderRestoreCallingIdentity(token);
4563        }
4564    }
4565
4566    private boolean canPOorDOCallResetPassword(ActiveAdmin admin, @UserIdInt int userId) {
4567        // Only if the admins targets a pre-O SDK
4568        return getTargetSdk(admin.info.getPackageName(), userId) < Build.VERSION_CODES.O;
4569    }
4570
4571    /* PO or DO could do an untrusted reset in certain conditions. */
4572    private boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) {
4573        synchronized (this) {
4574            // An active DO or PO might be able to fo an untrusted credential reset
4575            for (final ActiveAdmin admin : getUserData(userId).mAdminList) {
4576                if (!isActiveAdminWithPolicyForUserLocked(admin,
4577                          DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, userId)) {
4578                    continue;
4579                }
4580                if (canPOorDOCallResetPassword(admin, userId)) {
4581                    return true;
4582                }
4583            }
4584            return false;
4585        }
4586    }
4587
4588    @Override
4589    public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException {
4590        final int callingUid = mInjector.binderGetCallingUid();
4591        final int userHandle = mInjector.userHandleGetCallingUserId();
4592
4593        String password = passwordOrNull != null ? passwordOrNull : "";
4594
4595        // Password resetting to empty/null is not allowed for managed profiles.
4596        if (TextUtils.isEmpty(password)) {
4597            enforceNotManagedProfile(userHandle, "clear the active password");
4598        }
4599
4600        synchronized (this) {
4601            // If caller has PO (or DO) it can change the password, so see if that's the case first.
4602            ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked(
4603                    null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid);
4604            final boolean preN;
4605            if (admin != null) {
4606                if (!canPOorDOCallResetPassword(admin, userHandle)) {
4607                    throw new SecurityException("resetPassword() is deprecated for DPC targeting O"
4608                            + " or later");
4609                }
4610                preN = getTargetSdk(admin.info.getPackageName(),
4611                        userHandle) <= android.os.Build.VERSION_CODES.M;
4612            } else {
4613                // Otherwise, make sure the caller has any active admin with the right policy.
4614                admin = getActiveAdminForCallerLocked(null,
4615                        DeviceAdminInfo.USES_POLICY_RESET_PASSWORD);
4616                preN = getTargetSdk(admin.info.getPackageName(),
4617                        userHandle) <= android.os.Build.VERSION_CODES.M;
4618
4619                // As of N, password resetting to empty/null is not allowed anymore.
4620                // TODO Should we allow DO/PO to set an empty password?
4621                if (TextUtils.isEmpty(password)) {
4622                    if (!preN) {
4623                        throw new SecurityException("Cannot call with null password");
4624                    } else {
4625                        Slog.e(LOG_TAG, "Cannot call with null password");
4626                        return false;
4627                    }
4628                }
4629                // As of N, password cannot be changed by the admin if it is already set.
4630                if (isLockScreenSecureUnchecked(userHandle)) {
4631                    if (!preN) {
4632                        throw new SecurityException("Admin cannot change current password");
4633                    } else {
4634                        Slog.e(LOG_TAG, "Admin cannot change current password");
4635                        return false;
4636                    }
4637                }
4638            }
4639            // Do not allow to reset password when current user has a managed profile
4640            if (!isManagedProfile(userHandle)) {
4641                for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) {
4642                    if (userInfo.isManagedProfile()) {
4643                        if (!preN) {
4644                            throw new IllegalStateException(
4645                                    "Cannot reset password on user has managed profile");
4646                        } else {
4647                            Slog.e(LOG_TAG, "Cannot reset password on user has managed profile");
4648                            return false;
4649                        }
4650                    }
4651                }
4652            }
4653            // Do not allow to reset password when user is locked
4654            if (!mUserManager.isUserUnlocked(userHandle)) {
4655                if (!preN) {
4656                    throw new IllegalStateException("Cannot reset password when user is locked");
4657                } else {
4658                    Slog.e(LOG_TAG, "Cannot reset password when user is locked");
4659                    return false;
4660                }
4661            }
4662        }
4663
4664        return resetPasswordInternal(password, 0, null, flags, callingUid, userHandle);
4665    }
4666
4667    private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token,
4668            int flags, int callingUid, int userHandle) {
4669        int quality;
4670        synchronized (this) {
4671            quality = getPasswordQuality(null, userHandle, /* parent */ false);
4672            if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) {
4673                quality = PASSWORD_QUALITY_UNSPECIFIED;
4674            }
4675            final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password);
4676            if (quality != PASSWORD_QUALITY_UNSPECIFIED) {
4677                final int realQuality = metrics.quality;
4678                if (realQuality < quality
4679                        && quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
4680                    Slog.w(LOG_TAG, "resetPassword: password quality 0x"
4681                            + Integer.toHexString(realQuality)
4682                            + " does not meet required quality 0x"
4683                            + Integer.toHexString(quality));
4684                    return false;
4685                }
4686                quality = Math.max(realQuality, quality);
4687            }
4688            int length = getPasswordMinimumLength(null, userHandle, /* parent */ false);
4689            if (password.length() < length) {
4690                Slog.w(LOG_TAG, "resetPassword: password length " + password.length()
4691                        + " does not meet required length " + length);
4692                return false;
4693            }
4694            if (quality == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
4695                int neededLetters = getPasswordMinimumLetters(null, userHandle, /* parent */ false);
4696                if(metrics.letters < neededLetters) {
4697                    Slog.w(LOG_TAG, "resetPassword: number of letters " + metrics.letters
4698                            + " does not meet required number of letters " + neededLetters);
4699                    return false;
4700                }
4701                int neededNumeric = getPasswordMinimumNumeric(null, userHandle, /* parent */ false);
4702                if (metrics.numeric < neededNumeric) {
4703                    Slog.w(LOG_TAG, "resetPassword: number of numerical digits " + metrics.numeric
4704                            + " does not meet required number of numerical digits "
4705                            + neededNumeric);
4706                    return false;
4707                }
4708                int neededLowerCase = getPasswordMinimumLowerCase(
4709                        null, userHandle, /* parent */ false);
4710                if (metrics.lowerCase < neededLowerCase) {
4711                    Slog.w(LOG_TAG, "resetPassword: number of lowercase letters "
4712                            + metrics.lowerCase
4713                            + " does not meet required number of lowercase letters "
4714                            + neededLowerCase);
4715                    return false;
4716                }
4717                int neededUpperCase = getPasswordMinimumUpperCase(
4718                        null, userHandle, /* parent */ false);
4719                if (metrics.upperCase < neededUpperCase) {
4720                    Slog.w(LOG_TAG, "resetPassword: number of uppercase letters "
4721                            + metrics.upperCase
4722                            + " does not meet required number of uppercase letters "
4723                            + neededUpperCase);
4724                    return false;
4725                }
4726                int neededSymbols = getPasswordMinimumSymbols(null, userHandle, /* parent */ false);
4727                if (metrics.symbols < neededSymbols) {
4728                    Slog.w(LOG_TAG, "resetPassword: number of special symbols " + metrics.symbols
4729                            + " does not meet required number of special symbols " + neededSymbols);
4730                    return false;
4731                }
4732                int neededNonLetter = getPasswordMinimumNonLetter(
4733                        null, userHandle, /* parent */ false);
4734                if (metrics.nonLetter < neededNonLetter) {
4735                    Slog.w(LOG_TAG, "resetPassword: number of non-letter characters "
4736                            + metrics.nonLetter
4737                            + " does not meet required number of non-letter characters "
4738                            + neededNonLetter);
4739                    return false;
4740                }
4741            }
4742
4743            if (isPasswordBlacklistedInternal(userHandle, password)) {
4744                Slog.w(LOG_TAG, "resetPassword: the password is blacklisted");
4745                return false;
4746            }
4747        }
4748
4749        DevicePolicyData policy = getUserData(userHandle);
4750        if (policy.mPasswordOwner >= 0 && policy.mPasswordOwner != callingUid) {
4751            Slog.w(LOG_TAG, "resetPassword: already set by another uid and not entered by user");
4752            return false;
4753        }
4754
4755        boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwner(callingUid);
4756        boolean doNotAskCredentialsOnBoot =
4757                (flags & DevicePolicyManager.RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0;
4758        if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) {
4759            setDoNotAskCredentialsOnBoot();
4760        }
4761
4762        // Don't do this with the lock held, because it is going to call
4763        // back in to the service.
4764        final long ident = mInjector.binderClearCallingIdentity();
4765        final boolean result;
4766        try {
4767            if (token == null) {
4768                if (!TextUtils.isEmpty(password)) {
4769                    mLockPatternUtils.saveLockPassword(password, null, quality, userHandle);
4770                } else {
4771                    mLockPatternUtils.clearLock(null, userHandle);
4772                }
4773                result = true;
4774            } else {
4775                result = mLockPatternUtils.setLockCredentialWithToken(password,
4776                        TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE
4777                                : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD,
4778                                quality, tokenHandle, token, userHandle);
4779            }
4780            boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0;
4781            if (requireEntry) {
4782                mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,
4783                        UserHandle.USER_ALL);
4784            }
4785            synchronized (this) {
4786                int newOwner = requireEntry ? callingUid : -1;
4787                if (policy.mPasswordOwner != newOwner) {
4788                    policy.mPasswordOwner = newOwner;
4789                    saveSettingsLocked(userHandle);
4790                }
4791            }
4792        } finally {
4793            mInjector.binderRestoreCallingIdentity(ident);
4794        }
4795        return result;
4796    }
4797
4798    private boolean isLockScreenSecureUnchecked(int userId) {
4799        long ident = mInjector.binderClearCallingIdentity();
4800        try {
4801            return mLockPatternUtils.isSecure(userId);
4802        } finally {
4803            mInjector.binderRestoreCallingIdentity(ident);
4804        }
4805    }
4806
4807    private void setDoNotAskCredentialsOnBoot() {
4808        synchronized (this) {
4809            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
4810            if (!policyData.doNotAskCredentialsOnBoot) {
4811                policyData.doNotAskCredentialsOnBoot = true;
4812                saveSettingsLocked(UserHandle.USER_SYSTEM);
4813            }
4814        }
4815    }
4816
4817    @Override
4818    public boolean getDoNotAskCredentialsOnBoot() {
4819        mContext.enforceCallingOrSelfPermission(
4820                android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null);
4821        synchronized (this) {
4822            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
4823            return policyData.doNotAskCredentialsOnBoot;
4824        }
4825    }
4826
4827    @Override
4828    public void setMaximumTimeToLock(ComponentName who, long timeMs, boolean parent) {
4829        if (!mHasFeature) {
4830            return;
4831        }
4832        Preconditions.checkNotNull(who, "ComponentName is null");
4833        final int userHandle = mInjector.userHandleGetCallingUserId();
4834        synchronized (this) {
4835            ActiveAdmin ap = getActiveAdminForCallerLocked(
4836                    who, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent);
4837            if (ap.maximumTimeToUnlock != timeMs) {
4838                ap.maximumTimeToUnlock = timeMs;
4839                saveSettingsLocked(userHandle);
4840                updateMaximumTimeToLockLocked(userHandle);
4841            }
4842        }
4843    }
4844
4845    private void updateMaximumTimeToLockLocked(@UserIdInt int userId) {
4846        // Update the profile's timeout
4847        if (isManagedProfile(userId)) {
4848            updateProfileLockTimeoutLocked(userId);
4849        }
4850
4851        final long timeMs;
4852        final long ident = mInjector.binderClearCallingIdentity();
4853        try {
4854            // Update the device timeout
4855            final int parentId = getProfileParentId(userId);
4856            timeMs = getMaximumTimeToLockPolicyFromAdmins(
4857                    getActiveAdminsForLockscreenPoliciesLocked(parentId, false));
4858
4859            final DevicePolicyData policy = getUserDataUnchecked(parentId);
4860            if (policy.mLastMaximumTimeToLock == timeMs) {
4861                return;
4862            }
4863            policy.mLastMaximumTimeToLock = timeMs;
4864
4865            if (policy.mLastMaximumTimeToLock != Long.MAX_VALUE) {
4866                // Make sure KEEP_SCREEN_ON is disabled, since that
4867                // would allow bypassing of the maximum time to lock.
4868                mInjector.settingsGlobalPutInt(Settings.Global.STAY_ON_WHILE_PLUGGED_IN, 0);
4869            }
4870        } finally {
4871            mInjector.binderRestoreCallingIdentity(ident);
4872        }
4873
4874        mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin(
4875                UserHandle.USER_SYSTEM, timeMs);
4876    }
4877
4878    private void updateProfileLockTimeoutLocked(@UserIdInt int userId) {
4879        final long timeMs;
4880        if (isSeparateProfileChallengeEnabled(userId)) {
4881            timeMs = getMaximumTimeToLockPolicyFromAdmins(
4882                    getActiveAdminsForLockscreenPoliciesLocked(userId, false /* parent */));
4883        } else {
4884            timeMs = Long.MAX_VALUE;
4885        }
4886
4887        final DevicePolicyData policy = getUserDataUnchecked(userId);
4888        if (policy.mLastMaximumTimeToLock == timeMs) {
4889            return;
4890        }
4891        policy.mLastMaximumTimeToLock = timeMs;
4892
4893        mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin(
4894                userId, policy.mLastMaximumTimeToLock);
4895    }
4896
4897    @Override
4898    public long getMaximumTimeToLock(ComponentName who, int userHandle, boolean parent) {
4899        if (!mHasFeature) {
4900            return 0;
4901        }
4902        enforceFullCrossUsersPermission(userHandle);
4903        synchronized (this) {
4904            if (who != null) {
4905                final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
4906                return admin != null ? admin.maximumTimeToUnlock : 0;
4907            }
4908            // Return the strictest policy across all participating admins.
4909            final List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(
4910                    userHandle, parent);
4911            final long timeMs = getMaximumTimeToLockPolicyFromAdmins(admins);
4912            return timeMs == Long.MAX_VALUE ? 0 : timeMs;
4913        }
4914    }
4915
4916    private long getMaximumTimeToLockPolicyFromAdmins(List<ActiveAdmin> admins) {
4917        long time = Long.MAX_VALUE;
4918        for (final ActiveAdmin admin : admins) {
4919            if (admin.maximumTimeToUnlock > 0 && admin.maximumTimeToUnlock < time) {
4920                time = admin.maximumTimeToUnlock;
4921            }
4922        }
4923        return time;
4924    }
4925
4926    @Override
4927    public void setRequiredStrongAuthTimeout(ComponentName who, long timeoutMs,
4928            boolean parent) {
4929        if (!mHasFeature) {
4930            return;
4931        }
4932        Preconditions.checkNotNull(who, "ComponentName is null");
4933        Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number.");
4934        // timeoutMs with value 0 means that the admin doesn't participate
4935        // timeoutMs is clamped to the interval in case the internal constants change in the future
4936        final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs();
4937        if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) {
4938            timeoutMs = minimumStrongAuthTimeout;
4939        }
4940        if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) {
4941            timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
4942        }
4943
4944        final int userHandle = mInjector.userHandleGetCallingUserId();
4945        synchronized (this) {
4946            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
4947                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent);
4948            if (ap.strongAuthUnlockTimeout != timeoutMs) {
4949                ap.strongAuthUnlockTimeout = timeoutMs;
4950                saveSettingsLocked(userHandle);
4951            }
4952        }
4953    }
4954
4955    /**
4956     * Return a single admin's strong auth unlock timeout or minimum value (strictest) of all
4957     * admins if who is null.
4958     * Returns 0 if not configured for the provided admin.
4959     */
4960    @Override
4961    public long getRequiredStrongAuthTimeout(ComponentName who, int userId, boolean parent) {
4962        if (!mHasFeature) {
4963            return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
4964        }
4965        enforceFullCrossUsersPermission(userId);
4966        synchronized (this) {
4967            if (who != null) {
4968                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent);
4969                return admin != null ? admin.strongAuthUnlockTimeout : 0;
4970            }
4971
4972            // Return the strictest policy across all participating admins.
4973            List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userId, parent);
4974
4975            long strongAuthUnlockTimeout = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
4976            for (int i = 0; i < admins.size(); i++) {
4977                final long timeout = admins.get(i).strongAuthUnlockTimeout;
4978                if (timeout != 0) { // take only participating admins into account
4979                    strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout);
4980                }
4981            }
4982            return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs());
4983        }
4984    }
4985
4986    private long getMinimumStrongAuthTimeoutMs() {
4987        if (!mInjector.isBuildDebuggable()) {
4988            return MINIMUM_STRONG_AUTH_TIMEOUT_MS;
4989        }
4990        // ideally the property was named persist.sys.min_strong_auth_timeout, but system property
4991        // name cannot be longer than 31 characters
4992        return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo",
4993                MINIMUM_STRONG_AUTH_TIMEOUT_MS),
4994                MINIMUM_STRONG_AUTH_TIMEOUT_MS);
4995    }
4996
4997    @Override
4998    public void lockNow(int flags, boolean parent) {
4999        if (!mHasFeature) {
5000            return;
5001        }
5002
5003        final int callingUserId = mInjector.userHandleGetCallingUserId();
5004        synchronized (this) {
5005            // This API can only be called by an active device admin,
5006            // so try to retrieve it to check that the caller is one.
5007            final ActiveAdmin admin = getActiveAdminForCallerLocked(
5008                    null, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent);
5009
5010            final long ident = mInjector.binderClearCallingIdentity();
5011            try {
5012                // Evict key
5013                if ((flags & DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY) != 0) {
5014                    enforceManagedProfile(
5015                            callingUserId, "set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY");
5016                    if (!isProfileOwner(admin.info.getComponent(), callingUserId)) {
5017                        throw new SecurityException("Only profile owner admins can set "
5018                                + "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY");
5019                    }
5020                    if (parent) {
5021                        throw new IllegalArgumentException(
5022                                "Cannot set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY for the parent");
5023                    }
5024                    if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
5025                        throw new UnsupportedOperationException(
5026                                "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY only applies to FBE devices");
5027                    }
5028                    mUserManager.evictCredentialEncryptionKey(callingUserId);
5029                }
5030
5031                // Lock all users unless this is a managed profile with a separate challenge
5032                final int userToLock = (parent || !isSeparateProfileChallengeEnabled(callingUserId)
5033                        ? UserHandle.USER_ALL : callingUserId);
5034                mLockPatternUtils.requireStrongAuth(
5035                        STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, userToLock);
5036
5037                // Require authentication for the device or profile
5038                if (userToLock == UserHandle.USER_ALL) {
5039                    // Power off the display
5040                    mInjector.powerManagerGoToSleep(SystemClock.uptimeMillis(),
5041                            PowerManager.GO_TO_SLEEP_REASON_DEVICE_ADMIN, 0);
5042                    mInjector.getIWindowManager().lockNow(null);
5043                } else {
5044                    mInjector.getTrustManager().setDeviceLockedForUser(userToLock, true);
5045                }
5046            } catch (RemoteException e) {
5047            } finally {
5048                mInjector.binderRestoreCallingIdentity(ident);
5049            }
5050        }
5051    }
5052
5053    @Override
5054    public void enforceCanManageCaCerts(ComponentName who, String callerPackage) {
5055        if (who == null) {
5056            if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) {
5057                mContext.enforceCallingOrSelfPermission(MANAGE_CA_CERTIFICATES, null);
5058            }
5059        } else {
5060            enforceProfileOrDeviceOwner(who);
5061        }
5062    }
5063
5064    private void enforceProfileOrDeviceOwner(ComponentName who) {
5065        synchronized (this) {
5066            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5067        }
5068    }
5069
5070    @Override
5071    public boolean approveCaCert(String alias, int userId, boolean approval) {
5072        enforceManageUsers();
5073        synchronized (this) {
5074            Set<String> certs = getUserData(userId).mAcceptedCaCertificates;
5075            boolean changed = (approval ? certs.add(alias) : certs.remove(alias));
5076            if (!changed) {
5077                return false;
5078            }
5079            saveSettingsLocked(userId);
5080        }
5081        mCertificateMonitor.onCertificateApprovalsChanged(userId);
5082        return true;
5083    }
5084
5085    @Override
5086    public boolean isCaCertApproved(String alias, int userId) {
5087        enforceManageUsers();
5088        synchronized (this) {
5089            return getUserData(userId).mAcceptedCaCertificates.contains(alias);
5090        }
5091    }
5092
5093    private void removeCaApprovalsIfNeeded(int userId) {
5094        for (UserInfo userInfo : mUserManager.getProfiles(userId)) {
5095            boolean isSecure = mLockPatternUtils.isSecure(userInfo.id);
5096            if (userInfo.isManagedProfile()){
5097                isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id));
5098            }
5099            if (!isSecure) {
5100                synchronized (this) {
5101                    getUserData(userInfo.id).mAcceptedCaCertificates.clear();
5102                    saveSettingsLocked(userInfo.id);
5103                }
5104                mCertificateMonitor.onCertificateApprovalsChanged(userId);
5105            }
5106        }
5107    }
5108
5109    @Override
5110    public boolean installCaCert(ComponentName admin, String callerPackage, byte[] certBuffer)
5111            throws RemoteException {
5112        if (!mHasFeature) {
5113            return false;
5114        }
5115        enforceCanManageCaCerts(admin, callerPackage);
5116
5117        final String alias;
5118
5119        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
5120        final long id = mInjector.binderClearCallingIdentity();
5121        try {
5122            alias = mCertificateMonitor.installCaCert(userHandle, certBuffer);
5123            if (alias == null) {
5124                Log.w(LOG_TAG, "Problem installing cert");
5125                return false;
5126            }
5127        } finally {
5128            mInjector.binderRestoreCallingIdentity(id);
5129        }
5130
5131        synchronized (this) {
5132            getUserData(userHandle.getIdentifier()).mOwnerInstalledCaCerts.add(alias);
5133            saveSettingsLocked(userHandle.getIdentifier());
5134        }
5135        return true;
5136    }
5137
5138    @Override
5139    public void uninstallCaCerts(ComponentName admin, String callerPackage, String[] aliases) {
5140        if (!mHasFeature) {
5141            return;
5142        }
5143        enforceCanManageCaCerts(admin, callerPackage);
5144
5145        final int userId = mInjector.userHandleGetCallingUserId();
5146        final long id = mInjector.binderClearCallingIdentity();
5147        try {
5148            mCertificateMonitor.uninstallCaCerts(UserHandle.of(userId), aliases);
5149        } finally {
5150            mInjector.binderRestoreCallingIdentity(id);
5151        }
5152
5153        synchronized (this) {
5154            if (getUserData(userId).mOwnerInstalledCaCerts.removeAll(Arrays.asList(aliases))) {
5155                saveSettingsLocked(userId);
5156            }
5157        }
5158    }
5159
5160    @Override
5161    public boolean installKeyPair(ComponentName who, String callerPackage, byte[] privKey,
5162            byte[] cert, byte[] chain, String alias, boolean requestAccess,
5163            boolean isUserSelectable) {
5164        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5165                DELEGATION_CERT_INSTALL);
5166
5167
5168        final int callingUid = mInjector.binderGetCallingUid();
5169        final long id = mInjector.binderClearCallingIdentity();
5170        try {
5171            final KeyChainConnection keyChainConnection =
5172                    KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid));
5173            try {
5174                IKeyChainService keyChain = keyChainConnection.getService();
5175                if (!keyChain.installKeyPair(privKey, cert, chain, alias)) {
5176                    return false;
5177                }
5178                if (requestAccess) {
5179                    keyChain.setGrant(callingUid, alias, true);
5180                }
5181                keyChain.setUserSelectable(alias, isUserSelectable);
5182                return true;
5183            } catch (RemoteException e) {
5184                Log.e(LOG_TAG, "Installing certificate", e);
5185            } finally {
5186                keyChainConnection.close();
5187            }
5188        } catch (InterruptedException e) {
5189            Log.w(LOG_TAG, "Interrupted while installing certificate", e);
5190            Thread.currentThread().interrupt();
5191        } finally {
5192            mInjector.binderRestoreCallingIdentity(id);
5193        }
5194        return false;
5195    }
5196
5197    @Override
5198    public boolean removeKeyPair(ComponentName who, String callerPackage, String alias) {
5199        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5200                DELEGATION_CERT_INSTALL);
5201
5202        final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId());
5203        final long id = Binder.clearCallingIdentity();
5204        try {
5205            final KeyChainConnection keyChainConnection = KeyChain.bindAsUser(mContext, userHandle);
5206            try {
5207                IKeyChainService keyChain = keyChainConnection.getService();
5208                return keyChain.removeKeyPair(alias);
5209            } catch (RemoteException e) {
5210                Log.e(LOG_TAG, "Removing keypair", e);
5211            } finally {
5212                keyChainConnection.close();
5213            }
5214        } catch (InterruptedException e) {
5215            Log.w(LOG_TAG, "Interrupted while removing keypair", e);
5216            Thread.currentThread().interrupt();
5217        } finally {
5218            Binder.restoreCallingIdentity(id);
5219        }
5220        return false;
5221    }
5222
5223    private void enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner(
5224            ComponentName who, String callerPackage, int callerUid) throws SecurityException {
5225        if (who == null) {
5226            if (!mOwners.hasDeviceOwner()) {
5227                throw new SecurityException("Not in Device Owner mode.");
5228            }
5229            if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) {
5230                throw new SecurityException("Caller not from device owner user");
5231            }
5232            if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) {
5233                throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() +
5234                        "has no permission to generate keys.");
5235            }
5236        } else {
5237            // Caller provided - check it is the device owner.
5238            synchronized (this) {
5239                getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
5240            }
5241        }
5242    }
5243
5244    @VisibleForTesting
5245    public static int[] translateIdAttestationFlags(
5246            int idAttestationFlags) {
5247        Map<Integer, Integer> idTypeToAttestationFlag = new HashMap();
5248        idTypeToAttestationFlag.put(ID_TYPE_SERIAL, AttestationUtils.ID_TYPE_SERIAL);
5249        idTypeToAttestationFlag.put(ID_TYPE_IMEI, AttestationUtils.ID_TYPE_IMEI);
5250        idTypeToAttestationFlag.put(ID_TYPE_MEID, AttestationUtils.ID_TYPE_MEID);
5251
5252        int numFlagsSet = Integer.bitCount(idAttestationFlags);
5253        // No flags are set - return null to indicate no device ID attestation information should
5254        // be included in the attestation record.
5255        if (numFlagsSet == 0) {
5256            return null;
5257        }
5258
5259        // If the ID_TYPE_BASE_INFO is set, make sure that a non-null array is returned, even if
5260        // no other flag is set. That will lead to inclusion of general device make data in the
5261        // attestation record, but no specific device identifiers.
5262        if ((idAttestationFlags & ID_TYPE_BASE_INFO) != 0) {
5263            numFlagsSet -= 1;
5264            idAttestationFlags = idAttestationFlags & (~ID_TYPE_BASE_INFO);
5265        }
5266
5267        int[] attestationUtilsFlags = new int[numFlagsSet];
5268        int i = 0;
5269        for (Integer idType: idTypeToAttestationFlag.keySet()) {
5270            if ((idType & idAttestationFlags) != 0) {
5271                attestationUtilsFlags[i++] = idTypeToAttestationFlag.get(idType);
5272            }
5273        }
5274
5275        return attestationUtilsFlags;
5276    }
5277
5278    @Override
5279    public boolean generateKeyPair(ComponentName who, String callerPackage, String algorithm,
5280            ParcelableKeyGenParameterSpec parcelableKeySpec,
5281            int idAttestationFlags,
5282            KeymasterCertificateChain attestationChain) {
5283        // Get attestation flags, if any.
5284        final int[] attestationUtilsFlags = translateIdAttestationFlags(idAttestationFlags);
5285        final boolean deviceIdAttestationRequired = attestationUtilsFlags != null;
5286        final int callingUid = mInjector.binderGetCallingUid();
5287
5288        if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) {
5289            enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner(who, callerPackage, callingUid);
5290        } else {
5291            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5292                    DELEGATION_CERT_INSTALL);
5293        }
5294        final KeyGenParameterSpec keySpec = parcelableKeySpec.getSpec();
5295        final String alias = keySpec.getKeystoreAlias();
5296        if (TextUtils.isEmpty(alias)) {
5297            throw new IllegalArgumentException("Empty alias provided.");
5298        }
5299        // As the caller will be granted access to the key, ensure no UID was specified, as
5300        // it will not have the desired effect.
5301        if (keySpec.getUid() != KeyStore.UID_SELF) {
5302            Log.e(LOG_TAG, "Only the caller can be granted access to the generated keypair.");
5303            return false;
5304        }
5305
5306        if (deviceIdAttestationRequired && (keySpec.getAttestationChallenge() == null)) {
5307            throw new IllegalArgumentException(
5308                    "Requested Device ID attestation but challenge is empty.");
5309        }
5310
5311        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
5312        final long id = mInjector.binderClearCallingIdentity();
5313        try {
5314            try (KeyChainConnection keyChainConnection =
5315                    KeyChain.bindAsUser(mContext, userHandle)) {
5316                IKeyChainService keyChain = keyChainConnection.getService();
5317
5318                // Copy the provided keySpec, excluding the attestation challenge, which will be
5319                // used later for requesting key attestation record.
5320                final KeyGenParameterSpec noAttestationSpec =
5321                    new KeyGenParameterSpec.Builder(keySpec)
5322                        .setAttestationChallenge(null)
5323                        .build();
5324
5325                final boolean generationResult = keyChain.generateKeyPair(algorithm,
5326                    new ParcelableKeyGenParameterSpec(noAttestationSpec));
5327                if (!generationResult) {
5328                    Log.e(LOG_TAG, "KeyChain failed to generate a keypair.");
5329                    return false;
5330                }
5331
5332                // Set a grant for the caller here so that when the client calls
5333                // requestPrivateKey, it will be able to get the key from Keystore.
5334                // Note the use of the calling  UID, since the request for the private
5335                // key will come from the client's process, so the grant has to be for
5336                // that UID.
5337                keyChain.setGrant(callingUid, alias, true);
5338
5339                final byte[] attestationChallenge = keySpec.getAttestationChallenge();
5340                if (attestationChallenge != null) {
5341                    final boolean attestationResult = keyChain.attestKey(
5342                            alias, attestationChallenge, attestationUtilsFlags, attestationChain);
5343                    if (!attestationResult) {
5344                        Log.e(LOG_TAG, String.format(
5345                                "Attestation for %s failed, deleting key.", alias));
5346                        keyChain.removeKeyPair(alias);
5347                        return false;
5348                    }
5349                }
5350                return true;
5351            }
5352        } catch (RemoteException e) {
5353            Log.e(LOG_TAG, "KeyChain error while generating a keypair", e);
5354        } catch (InterruptedException e) {
5355            Log.w(LOG_TAG, "Interrupted while generating keypair", e);
5356            Thread.currentThread().interrupt();
5357        } finally {
5358            mInjector.binderRestoreCallingIdentity(id);
5359        }
5360        return false;
5361    }
5362
5363    @Override
5364    public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias,
5365            byte[] cert, byte[] chain, boolean isUserSelectable) {
5366        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5367                DELEGATION_CERT_INSTALL);
5368
5369        final int callingUid = mInjector.binderGetCallingUid();
5370        final long id = mInjector.binderClearCallingIdentity();
5371        try (final KeyChainConnection keyChainConnection =
5372                KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid))) {
5373            IKeyChainService keyChain = keyChainConnection.getService();
5374            if (!keyChain.setKeyPairCertificate(alias, cert, chain)) {
5375                return false;
5376            }
5377            keyChain.setUserSelectable(alias, isUserSelectable);
5378            return true;
5379        } catch (InterruptedException e) {
5380            Log.w(LOG_TAG, "Interrupted while setting keypair certificate", e);
5381            Thread.currentThread().interrupt();
5382        } catch (RemoteException e) {
5383            Log.e(LOG_TAG, "Failed setting keypair certificate", e);
5384        } finally {
5385            mInjector.binderRestoreCallingIdentity(id);
5386        }
5387        return false;
5388    }
5389
5390    @Override
5391    public void choosePrivateKeyAlias(final int uid, final Uri uri, final String alias,
5392            final IBinder response) {
5393        // Caller UID needs to be trusted, so we restrict this method to SYSTEM_UID callers.
5394        if (!isCallerWithSystemUid()) {
5395            return;
5396        }
5397
5398        final UserHandle caller = mInjector.binderGetCallingUserHandle();
5399        // If there is a profile owner, redirect to that; otherwise query the device owner.
5400        ComponentName aliasChooser = getProfileOwner(caller.getIdentifier());
5401        if (aliasChooser == null && caller.isSystem()) {
5402            ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
5403            if (deviceOwnerAdmin != null) {
5404                aliasChooser = deviceOwnerAdmin.info.getComponent();
5405            }
5406        }
5407        if (aliasChooser == null) {
5408            sendPrivateKeyAliasResponse(null, response);
5409            return;
5410        }
5411
5412        Intent intent = new Intent(DeviceAdminReceiver.ACTION_CHOOSE_PRIVATE_KEY_ALIAS);
5413        intent.setComponent(aliasChooser);
5414        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, uid);
5415        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_URI, uri);
5416        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_ALIAS, alias);
5417        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE, response);
5418        intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
5419
5420        final long id = mInjector.binderClearCallingIdentity();
5421        try {
5422            mContext.sendOrderedBroadcastAsUser(intent, caller, null, new BroadcastReceiver() {
5423                @Override
5424                public void onReceive(Context context, Intent intent) {
5425                    final String chosenAlias = getResultData();
5426                    sendPrivateKeyAliasResponse(chosenAlias, response);
5427                }
5428            }, null, Activity.RESULT_OK, null, null);
5429        } finally {
5430            mInjector.binderRestoreCallingIdentity(id);
5431        }
5432    }
5433
5434    private void sendPrivateKeyAliasResponse(final String alias, final IBinder responseBinder) {
5435        final IKeyChainAliasCallback keyChainAliasResponse =
5436                IKeyChainAliasCallback.Stub.asInterface(responseBinder);
5437        // Send the response. It's OK to do this from the main thread because IKeyChainAliasCallback
5438        // is oneway, which means it won't block if the recipient lives in another process.
5439        try {
5440            keyChainAliasResponse.alias(alias);
5441        } catch (Exception e) {
5442            // Caller could throw RuntimeException or RemoteException back across processes. Catch
5443            // everything just to be sure.
5444            Log.e(LOG_TAG, "error while responding to callback", e);
5445        }
5446    }
5447
5448    /**
5449     * Determine whether DPMS should check if a delegate package is already installed before
5450     * granting it new delegations via {@link #setDelegatedScopes}.
5451     */
5452    private static boolean shouldCheckIfDelegatePackageIsInstalled(String delegatePackage,
5453            int targetSdk, List<String> scopes) {
5454        // 1) Never skip is installed check from N.
5455        if (targetSdk >= Build.VERSION_CODES.N) {
5456            return true;
5457        }
5458        // 2) Skip if DELEGATION_CERT_INSTALL is the only scope being given.
5459        if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL)) {
5460            return false;
5461        }
5462        // 3) Skip if all previously granted scopes are being cleared.
5463        if (scopes.isEmpty()) {
5464            return false;
5465        }
5466        // Otherwise it should check that delegatePackage is installed.
5467        return true;
5468    }
5469
5470    /**
5471     * Set the scopes of a device owner or profile owner delegate.
5472     *
5473     * @param who the device owner or profile owner.
5474     * @param delegatePackage the name of the delegate package.
5475     * @param scopes the list of delegation scopes to be given to the delegate package.
5476     */
5477    @Override
5478    public void setDelegatedScopes(ComponentName who, String delegatePackage,
5479            List<String> scopes) throws SecurityException {
5480        Preconditions.checkNotNull(who, "ComponentName is null");
5481        Preconditions.checkStringNotEmpty(delegatePackage, "Delegate package is null or empty");
5482        Preconditions.checkCollectionElementsNotNull(scopes, "Scopes");
5483        // Remove possible duplicates.
5484        scopes = new ArrayList(new ArraySet(scopes));
5485        // Ensure given scopes are valid.
5486        if (scopes.retainAll(Arrays.asList(DELEGATIONS))) {
5487            throw new IllegalArgumentException("Unexpected delegation scopes");
5488        }
5489
5490        // Retrieve the user ID of the calling process.
5491        final int userId = mInjector.userHandleGetCallingUserId();
5492        synchronized (this) {
5493            // Ensure calling process is device/profile owner.
5494            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5495            // Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N).
5496            if (shouldCheckIfDelegatePackageIsInstalled(delegatePackage,
5497                        getTargetSdk(who.getPackageName(), userId), scopes)) {
5498                // Throw when the delegate package is not installed.
5499                if (!isPackageInstalledForUser(delegatePackage, userId)) {
5500                    throw new IllegalArgumentException("Package " + delegatePackage
5501                            + " is not installed on the current user");
5502                }
5503            }
5504
5505            // Set the new delegate in user policies.
5506            final DevicePolicyData policy = getUserData(userId);
5507            if (!scopes.isEmpty()) {
5508                policy.mDelegationMap.put(delegatePackage, new ArrayList<>(scopes));
5509            } else {
5510                // Remove any delegation info if the given scopes list is empty.
5511                policy.mDelegationMap.remove(delegatePackage);
5512            }
5513
5514            // Notify delegate package of updates.
5515            final Intent intent = new Intent(
5516                    DevicePolicyManager.ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED);
5517            // Only call receivers registered with Context#registerReceiver (don’t wake delegate).
5518            intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
5519            // Limit components this intent resolves to to the delegate package.
5520            intent.setPackage(delegatePackage);
5521            // Include the list of delegated scopes as an extra.
5522            intent.putStringArrayListExtra(DevicePolicyManager.EXTRA_DELEGATION_SCOPES,
5523                    (ArrayList<String>) scopes);
5524            // Send the broadcast.
5525            mContext.sendBroadcastAsUser(intent, UserHandle.of(userId));
5526
5527            // Persist updates.
5528            saveSettingsLocked(userId);
5529        }
5530    }
5531
5532    /**
5533     * Get the delegation scopes given to a delegate package by a device owner or profile owner.
5534     *
5535     * A DO/PO can get the scopes of any package. A non DO/PO package can get its own scopes by
5536     * passing in {@code null} as the {@code who} parameter and its own name as the
5537     * {@code delegatepackage}.
5538     *
5539     * @param who the device owner or profile owner, or {@code null} if the caller is
5540     *            {@code delegatePackage}.
5541     * @param delegatePackage the name of the delegate package whose scopes are to be retrieved.
5542     * @return a list of the delegation scopes currently given to {@code delegatePackage}.
5543     */
5544    @Override
5545    @NonNull
5546    public List<String> getDelegatedScopes(ComponentName who,
5547            String delegatePackage) throws SecurityException {
5548        Preconditions.checkNotNull(delegatePackage, "Delegate package is null");
5549
5550        // Retrieve the user ID of the calling process.
5551        final int callingUid = mInjector.binderGetCallingUid();
5552        final int userId = UserHandle.getUserId(callingUid);
5553        synchronized (this) {
5554            // Ensure calling process is device/profile owner.
5555            if (who != null) {
5556                getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5557            // Or ensure calling process is delegatePackage itself.
5558            } else {
5559                int uid = 0;
5560                try {
5561                  uid = mInjector.getPackageManager()
5562                          .getPackageUidAsUser(delegatePackage, userId);
5563                } catch(NameNotFoundException e) {
5564                }
5565                if (uid != callingUid) {
5566                    throw new SecurityException("Caller with uid " + callingUid + " is not "
5567                            + delegatePackage);
5568                }
5569            }
5570            final DevicePolicyData policy = getUserData(userId);
5571            // Retrieve the scopes assigned to delegatePackage, or null if no scope was given.
5572            final List<String> scopes = policy.mDelegationMap.get(delegatePackage);
5573            return scopes == null ? Collections.EMPTY_LIST : scopes;
5574        }
5575    }
5576
5577    /**
5578     * Get a list of  packages that were given a specific delegation scopes by a device owner or
5579     * profile owner.
5580     *
5581     * @param who the device owner or profile owner.
5582     * @param scope the scope whose delegates are to be retrieved.
5583     * @return a list of the delegate packages currently given the {@code scope} delegation.
5584     */
5585    @NonNull
5586    public List<String> getDelegatePackages(ComponentName who, String scope)
5587            throws SecurityException {
5588        Preconditions.checkNotNull(who, "ComponentName is null");
5589        Preconditions.checkNotNull(scope, "Scope is null");
5590        if (!Arrays.asList(DELEGATIONS).contains(scope)) {
5591            throw new IllegalArgumentException("Unexpected delegation scope: " + scope);
5592        }
5593
5594        // Retrieve the user ID of the calling process.
5595        final int userId = mInjector.userHandleGetCallingUserId();
5596        synchronized (this) {
5597            // Ensure calling process is device/profile owner.
5598            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5599            final DevicePolicyData policy = getUserData(userId);
5600
5601            // Create a list to hold the resulting delegate packages.
5602            final List<String> delegatePackagesWithScope = new ArrayList<>();
5603            // Add all delegations containing scope to the result list.
5604            for (int i = 0; i < policy.mDelegationMap.size(); i++) {
5605                if (policy.mDelegationMap.valueAt(i).contains(scope)) {
5606                    delegatePackagesWithScope.add(policy.mDelegationMap.keyAt(i));
5607                }
5608            }
5609            return delegatePackagesWithScope;
5610        }
5611    }
5612
5613    /**
5614     * Check whether a caller application has been delegated a given scope via
5615     * {@link #setDelegatedScopes} to access privileged APIs on the behalf of a profile owner or
5616     * device owner.
5617     * <p>
5618     * This is done by checking that {@code callerPackage} was granted {@code scope} delegation and
5619     * then comparing the calling UID with the UID of {@code callerPackage} as reported by
5620     * {@link PackageManager#getPackageUidAsUser}.
5621     *
5622     * @param callerPackage the name of the package that is trying to invoke a function in the DPMS.
5623     * @param scope the delegation scope to be checked.
5624     * @return {@code true} if the calling process is a delegate of {@code scope}.
5625     */
5626    private boolean isCallerDelegate(String callerPackage, String scope) {
5627        Preconditions.checkNotNull(callerPackage, "callerPackage is null");
5628        if (!Arrays.asList(DELEGATIONS).contains(scope)) {
5629            throw new IllegalArgumentException("Unexpected delegation scope: " + scope);
5630        }
5631
5632        // Retrieve the UID and user ID of the calling process.
5633        final int callingUid = mInjector.binderGetCallingUid();
5634        final int userId = UserHandle.getUserId(callingUid);
5635        synchronized (this) {
5636            // Retrieve user policy data.
5637            final DevicePolicyData policy = getUserData(userId);
5638            // Retrieve the list of delegation scopes granted to callerPackage.
5639            final List<String> scopes = policy.mDelegationMap.get(callerPackage);
5640            // Check callingUid only if callerPackage has the required scope delegation.
5641            if (scopes != null && scopes.contains(scope)) {
5642                try {
5643                    // Retrieve the expected UID for callerPackage.
5644                    final int uid = mInjector.getPackageManager()
5645                            .getPackageUidAsUser(callerPackage, userId);
5646                    // Return true if the caller is actually callerPackage.
5647                    return uid == callingUid;
5648                } catch (NameNotFoundException e) {
5649                    // Ignore.
5650                }
5651            }
5652            return false;
5653        }
5654    }
5655
5656    /**
5657     * Throw a security exception if a ComponentName is given and it is not a device/profile owner
5658     * or if the calling process is not a delegate of the given scope.
5659     *
5660     * @param who the device owner of profile owner, or null if {@code callerPackage} is a
5661     *            {@code scope} delegate.
5662     * @param callerPackage the name of the calling package. Required if {@code who} is
5663     *            {@code null}.
5664     * @param reqPolicy the policy used in the API whose access permission is being checked.
5665     * @param scope the delegation scope corresponding to the API being checked.
5666     * @throws SecurityException if {@code who} is given and is not an owner for {@code reqPolicy};
5667     *            or when {@code who} is {@code null} and {@code callerPackage} is not a delegate
5668     *            of {@code scope}.
5669     */
5670    private void enforceCanManageScope(ComponentName who, String callerPackage, int reqPolicy,
5671            String scope) {
5672        // If a ComponentName is given ensure it is a device or profile owner according to policy.
5673        if (who != null) {
5674            synchronized (this) {
5675                getActiveAdminForCallerLocked(who, reqPolicy);
5676            }
5677        // If no ComponentName is given ensure calling process has scope delegation.
5678        } else if (!isCallerDelegate(callerPackage, scope)) {
5679            throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid()
5680                    + " is not a delegate of scope " + scope + ".");
5681        }
5682    }
5683
5684    /**
5685     * Helper function to preserve delegation behavior pre-O when using the deprecated functions
5686     * {@code #setCertInstallerPackage} and {@code #setApplicationRestrictionsManagingPackage}.
5687     */
5688    private void setDelegatedScopePreO(ComponentName who,
5689            String delegatePackage, String scope) {
5690        Preconditions.checkNotNull(who, "ComponentName is null");
5691
5692        final int userId = mInjector.userHandleGetCallingUserId();
5693        synchronized(this) {
5694            // Ensure calling process is device/profile owner.
5695            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5696            final DevicePolicyData policy = getUserData(userId);
5697
5698            if (delegatePackage != null) {
5699                // Set package as a delegate for scope if it is not already one.
5700                List<String> scopes = policy.mDelegationMap.get(delegatePackage);
5701                if (scopes == null) {
5702                    scopes = new ArrayList<>();
5703                }
5704                if (!scopes.contains(scope)) {
5705                    scopes.add(scope);
5706                    setDelegatedScopes(who, delegatePackage, scopes);
5707                }
5708            }
5709
5710            // Clear any existing scope delegates.
5711            for (int i = 0; i < policy.mDelegationMap.size(); i++) {
5712                final String currentPackage = policy.mDelegationMap.keyAt(i);
5713                final List<String> currentScopes = policy.mDelegationMap.valueAt(i);
5714
5715                if (!currentPackage.equals(delegatePackage) && currentScopes.contains(scope)) {
5716                    final List<String> newScopes = new ArrayList(currentScopes);
5717                    newScopes.remove(scope);
5718                    setDelegatedScopes(who, currentPackage, newScopes);
5719                }
5720            }
5721        }
5722    }
5723
5724    @Override
5725    public void setCertInstallerPackage(ComponentName who, String installerPackage)
5726            throws SecurityException {
5727        setDelegatedScopePreO(who, installerPackage, DELEGATION_CERT_INSTALL);
5728    }
5729
5730    @Override
5731    public String getCertInstallerPackage(ComponentName who) throws SecurityException {
5732        final List<String> delegatePackages = getDelegatePackages(who, DELEGATION_CERT_INSTALL);
5733        return delegatePackages.size() > 0 ? delegatePackages.get(0) : null;
5734    }
5735
5736    /**
5737     * @return {@code true} if the package is installed and set as always-on, {@code false} if it is
5738     * not installed and therefore not available.
5739     *
5740     * @throws SecurityException if the caller is not a profile or device owner.
5741     * @throws UnsupportedOperationException if the package does not support being set as always-on.
5742     */
5743    @Override
5744    public boolean setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdown)
5745            throws SecurityException {
5746        enforceProfileOrDeviceOwner(admin);
5747
5748        final int userId = mInjector.userHandleGetCallingUserId();
5749        final long token = mInjector.binderClearCallingIdentity();
5750        try {
5751            if (vpnPackage != null && !isPackageInstalledForUser(vpnPackage, userId)) {
5752                return false;
5753            }
5754            ConnectivityManager connectivityManager = (ConnectivityManager)
5755                    mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
5756            if (!connectivityManager.setAlwaysOnVpnPackageForUser(userId, vpnPackage, lockdown)) {
5757                throw new UnsupportedOperationException();
5758            }
5759        } finally {
5760            mInjector.binderRestoreCallingIdentity(token);
5761        }
5762        return true;
5763    }
5764
5765    @Override
5766    public String getAlwaysOnVpnPackage(ComponentName admin)
5767            throws SecurityException {
5768        enforceProfileOrDeviceOwner(admin);
5769
5770        final int userId = mInjector.userHandleGetCallingUserId();
5771        final long token = mInjector.binderClearCallingIdentity();
5772        try{
5773            ConnectivityManager connectivityManager = (ConnectivityManager)
5774                    mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
5775            return connectivityManager.getAlwaysOnVpnPackageForUser(userId);
5776        } finally {
5777            mInjector.binderRestoreCallingIdentity(token);
5778        }
5779    }
5780
5781    private void forceWipeDeviceNoLock(boolean wipeExtRequested, String reason, boolean wipeEuicc) {
5782        wtfIfInLock();
5783
5784        if (wipeExtRequested) {
5785            StorageManager sm = (StorageManager) mContext.getSystemService(
5786                    Context.STORAGE_SERVICE);
5787            sm.wipeAdoptableDisks();
5788        }
5789        try {
5790            mInjector.recoverySystemRebootWipeUserData(
5791                    /*shutdown=*/ false, reason, /*force=*/ true, /*wipeEuicc=*/ wipeEuicc);
5792        } catch (IOException | SecurityException e) {
5793            Slog.w(LOG_TAG, "Failed requesting data wipe", e);
5794        }
5795    }
5796
5797    private void forceWipeUser(int userId, String wipeReasonForUser) {
5798        try {
5799            IActivityManager am = mInjector.getIActivityManager();
5800            if (am.getCurrentUser().id == userId) {
5801                am.switchUser(UserHandle.USER_SYSTEM);
5802            }
5803
5804            boolean userRemoved = mUserManagerInternal.removeUserEvenWhenDisallowed(userId);
5805            if (!userRemoved) {
5806                Slog.w(LOG_TAG, "Couldn't remove user " + userId);
5807            } else if (isManagedProfile(userId)) {
5808                sendWipeProfileNotification(wipeReasonForUser);
5809            }
5810        } catch (RemoteException re) {
5811            // Shouldn't happen
5812        }
5813    }
5814
5815    @Override
5816    public void wipeDataWithReason(int flags, String wipeReasonForUser) {
5817        if (!mHasFeature) {
5818            return;
5819        }
5820        Preconditions.checkStringNotEmpty(wipeReasonForUser, "wipeReasonForUser is null or empty");
5821        enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId());
5822
5823        final ActiveAdmin admin;
5824        synchronized (this) {
5825            admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA);
5826        }
5827        String internalReason = "DevicePolicyManager.wipeDataWithReason() from "
5828                + admin.info.getComponent().flattenToShortString();
5829        wipeDataNoLock(
5830                admin.info.getComponent(), flags, internalReason, wipeReasonForUser,
5831                admin.getUserHandle().getIdentifier());
5832    }
5833
5834    private void wipeDataNoLock(ComponentName admin, int flags, String internalReason,
5835                                String wipeReasonForUser, int userId) {
5836        wtfIfInLock();
5837
5838        long ident = mInjector.binderClearCallingIdentity();
5839        try {
5840            // First check whether the admin is allowed to wipe the device/user/profile.
5841            final String restriction;
5842            if (userId == UserHandle.USER_SYSTEM) {
5843                restriction = UserManager.DISALLOW_FACTORY_RESET;
5844            } else if (isManagedProfile(userId)) {
5845                restriction = UserManager.DISALLOW_REMOVE_MANAGED_PROFILE;
5846            } else {
5847                restriction = UserManager.DISALLOW_REMOVE_USER;
5848            }
5849            if (isAdminAffectedByRestriction(admin, restriction, userId)) {
5850                throw new SecurityException("Cannot wipe data. " + restriction
5851                        + " restriction is set for user " + userId);
5852            }
5853
5854            if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) {
5855                if (!isDeviceOwner(admin, userId)) {
5856                    throw new SecurityException(
5857                            "Only device owner admins can set WIPE_RESET_PROTECTION_DATA");
5858                }
5859                PersistentDataBlockManager manager = (PersistentDataBlockManager)
5860                        mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
5861                if (manager != null) {
5862                    manager.wipe();
5863                }
5864            }
5865
5866            // TODO If split user is enabled and the device owner is set in the primary user
5867            // (rather than system), we should probably trigger factory reset. Current code just
5868            // removes that user (but still clears FRP...)
5869            if (userId == UserHandle.USER_SYSTEM) {
5870                forceWipeDeviceNoLock(/*wipeExtRequested=*/ (
5871                        flags & WIPE_EXTERNAL_STORAGE) != 0,
5872                        internalReason,
5873                        /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0);
5874            } else {
5875                forceWipeUser(userId, wipeReasonForUser);
5876            }
5877        } finally {
5878            mInjector.binderRestoreCallingIdentity(ident);
5879        }
5880    }
5881
5882    private void sendWipeProfileNotification(String wipeReasonForUser) {
5883        Notification notification =
5884                new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN)
5885                        .setSmallIcon(android.R.drawable.stat_sys_warning)
5886                        .setContentTitle(mContext.getString(R.string.work_profile_deleted))
5887                        .setContentText(wipeReasonForUser)
5888                        .setColor(mContext.getColor(R.color.system_notification_accent_color))
5889                        .setStyle(new Notification.BigTextStyle().bigText(wipeReasonForUser))
5890                        .build();
5891        mInjector.getNotificationManager().notify(SystemMessage.NOTE_PROFILE_WIPED, notification);
5892    }
5893
5894    private void clearWipeProfileNotification() {
5895        mInjector.getNotificationManager().cancel(SystemMessage.NOTE_PROFILE_WIPED);
5896    }
5897
5898    @Override
5899    public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) {
5900        if (!mHasFeature) {
5901            return;
5902        }
5903        enforceFullCrossUsersPermission(userHandle);
5904        mContext.enforceCallingOrSelfPermission(
5905                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
5906
5907        synchronized (this) {
5908            ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle);
5909            if (admin == null) {
5910                result.sendResult(null);
5911                return;
5912            }
5913            Intent intent = new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED);
5914            intent.setFlags(Intent.FLAG_RECEIVER_FOREGROUND);
5915            intent.setComponent(admin.info.getComponent());
5916            mContext.sendOrderedBroadcastAsUser(intent, new UserHandle(userHandle),
5917                    null, new BroadcastReceiver() {
5918                @Override
5919                public void onReceive(Context context, Intent intent) {
5920                    result.sendResult(getResultExtras(false));
5921                }
5922            }, null, Activity.RESULT_OK, null, null);
5923        }
5924    }
5925
5926    /**
5927     * Notify DPMS regarding the metric of the current password. This happens when the user changes
5928     * the password, but also when the user just unlocks the keyguard. In comparison,
5929     * reportPasswordChanged() is only called when the user changes the password.
5930     */
5931    @Override
5932    public void setActivePasswordState(PasswordMetrics metrics, int userHandle) {
5933        if (!mHasFeature) {
5934            return;
5935        }
5936        enforceFullCrossUsersPermission(userHandle);
5937        mContext.enforceCallingOrSelfPermission(
5938                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
5939
5940        // If the managed profile doesn't have a separate password, set the metrics to default
5941        if (isManagedProfile(userHandle) && !isSeparateProfileChallengeEnabled(userHandle)) {
5942            metrics = new PasswordMetrics();
5943        }
5944
5945        validateQualityConstant(metrics.quality);
5946        DevicePolicyData policy = getUserData(userHandle);
5947        synchronized (this) {
5948            policy.mActivePasswordMetrics = metrics;
5949            policy.mPasswordStateHasBeenSetSinceBoot = true;
5950        }
5951    }
5952
5953    @Override
5954    public void reportPasswordChanged(@UserIdInt int userId) {
5955        if (!mHasFeature) {
5956            return;
5957        }
5958        enforceFullCrossUsersPermission(userId);
5959
5960        // Managed Profile password can only be changed when it has a separate challenge.
5961        if (!isSeparateProfileChallengeEnabled(userId)) {
5962            enforceNotManagedProfile(userId, "set the active password");
5963        }
5964
5965        mContext.enforceCallingOrSelfPermission(
5966                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
5967
5968        DevicePolicyData policy = getUserData(userId);
5969
5970        long ident = mInjector.binderClearCallingIdentity();
5971        try {
5972            synchronized (this) {
5973                policy.mFailedPasswordAttempts = 0;
5974                updatePasswordValidityCheckpointLocked(userId);
5975                saveSettingsLocked(userId);
5976                updatePasswordExpirationsLocked(userId);
5977                setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false);
5978
5979                // Send a broadcast to each profile using this password as its primary unlock.
5980                sendAdminCommandForLockscreenPoliciesLocked(
5981                        DeviceAdminReceiver.ACTION_PASSWORD_CHANGED,
5982                        DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userId);
5983            }
5984            removeCaApprovalsIfNeeded(userId);
5985        } finally {
5986            mInjector.binderRestoreCallingIdentity(ident);
5987        }
5988    }
5989
5990    /**
5991     * Called any time the device password is updated. Resets all password expiration clocks.
5992     */
5993    private void updatePasswordExpirationsLocked(int userHandle) {
5994        ArraySet<Integer> affectedUserIds = new ArraySet<Integer>();
5995        List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(
5996                userHandle, /* parent */ false);
5997        final int N = admins.size();
5998        for (int i = 0; i < N; i++) {
5999            ActiveAdmin admin = admins.get(i);
6000            if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
6001                affectedUserIds.add(admin.getUserHandle().getIdentifier());
6002                long timeout = admin.passwordExpirationTimeout;
6003                long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;
6004                admin.passwordExpirationDate = expiration;
6005            }
6006        }
6007        for (int affectedUserId : affectedUserIds) {
6008            saveSettingsLocked(affectedUserId);
6009        }
6010    }
6011
6012    @Override
6013    public void reportFailedPasswordAttempt(int userHandle) {
6014        enforceFullCrossUsersPermission(userHandle);
6015        if (!isSeparateProfileChallengeEnabled(userHandle)) {
6016            enforceNotManagedProfile(userHandle,
6017                    "report failed password attempt if separate profile challenge is not in place");
6018        }
6019        mContext.enforceCallingOrSelfPermission(
6020                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6021
6022        boolean wipeData = false;
6023        ActiveAdmin strictestAdmin = null;
6024        final long ident = mInjector.binderClearCallingIdentity();
6025        try {
6026            synchronized (this) {
6027                DevicePolicyData policy = getUserData(userHandle);
6028                policy.mFailedPasswordAttempts++;
6029                saveSettingsLocked(userHandle);
6030                if (mHasFeature) {
6031                    strictestAdmin = getAdminWithMinimumFailedPasswordsForWipeLocked(
6032                            userHandle, /* parent */ false);
6033                    int max = strictestAdmin != null
6034                            ? strictestAdmin.maximumFailedPasswordsForWipe : 0;
6035                    if (max > 0 && policy.mFailedPasswordAttempts >= max) {
6036                        wipeData = true;
6037                    }
6038
6039                    sendAdminCommandForLockscreenPoliciesLocked(
6040                            DeviceAdminReceiver.ACTION_PASSWORD_FAILED,
6041                            DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);
6042                }
6043            }
6044        } finally {
6045            mInjector.binderRestoreCallingIdentity(ident);
6046        }
6047
6048        if (wipeData && strictestAdmin != null) {
6049            final int userId = strictestAdmin.getUserHandle().getIdentifier();
6050            Slog.i(LOG_TAG, "Max failed password attempts policy reached for admin: "
6051                    + strictestAdmin.info.getComponent().flattenToShortString()
6052                    + ". Calling wipeData for user " + userId);
6053
6054            // Attempt to wipe the device/user/profile associated with the admin, as if the
6055            // admin had called wipeData(). That way we can check whether the admin is actually
6056            // allowed to wipe the device (e.g. a regular device admin shouldn't be able to wipe the
6057            // device if the device owner has set DISALLOW_FACTORY_RESET, but the DO should be
6058            // able to do so).
6059            // IMPORTANT: Call without holding the lock to prevent deadlock.
6060            try {
6061                String wipeReasonForUser = mContext.getString(
6062                        R.string.work_profile_deleted_reason_maximum_password_failure);
6063                wipeDataNoLock(strictestAdmin.info.getComponent(),
6064                        /*flags=*/ 0,
6065                        /*reason=*/ "reportFailedPasswordAttempt()",
6066                        wipeReasonForUser,
6067                        userId);
6068            } catch (SecurityException e) {
6069                Slog.w(LOG_TAG, "Failed to wipe user " + userId
6070                        + " after max failed password attempts reached.", e);
6071            }
6072        }
6073
6074        if (mInjector.securityLogIsLoggingEnabled()) {
6075            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT,
6076                    /*result*/ 0,
6077                    /*method strength*/ 1);
6078        }
6079    }
6080
6081    @Override
6082    public void reportSuccessfulPasswordAttempt(int userHandle) {
6083        enforceFullCrossUsersPermission(userHandle);
6084        mContext.enforceCallingOrSelfPermission(
6085                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6086
6087        synchronized (this) {
6088            DevicePolicyData policy = getUserData(userHandle);
6089            if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) {
6090                long ident = mInjector.binderClearCallingIdentity();
6091                try {
6092                    policy.mFailedPasswordAttempts = 0;
6093                    policy.mPasswordOwner = -1;
6094                    saveSettingsLocked(userHandle);
6095                    if (mHasFeature) {
6096                        sendAdminCommandForLockscreenPoliciesLocked(
6097                                DeviceAdminReceiver.ACTION_PASSWORD_SUCCEEDED,
6098                                DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);
6099                    }
6100                } finally {
6101                    mInjector.binderRestoreCallingIdentity(ident);
6102                }
6103            }
6104        }
6105
6106        if (mInjector.securityLogIsLoggingEnabled()) {
6107            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1,
6108                    /*method strength*/ 1);
6109        }
6110    }
6111
6112    @Override
6113    public void reportFailedFingerprintAttempt(int userHandle) {
6114        enforceFullCrossUsersPermission(userHandle);
6115        mContext.enforceCallingOrSelfPermission(
6116                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6117        if (mInjector.securityLogIsLoggingEnabled()) {
6118            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0,
6119                    /*method strength*/ 0);
6120        }
6121    }
6122
6123    @Override
6124    public void reportSuccessfulFingerprintAttempt(int userHandle) {
6125        enforceFullCrossUsersPermission(userHandle);
6126        mContext.enforceCallingOrSelfPermission(
6127                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6128        if (mInjector.securityLogIsLoggingEnabled()) {
6129            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1,
6130                    /*method strength*/ 0);
6131        }
6132    }
6133
6134    @Override
6135    public void reportKeyguardDismissed(int userHandle) {
6136        enforceFullCrossUsersPermission(userHandle);
6137        mContext.enforceCallingOrSelfPermission(
6138                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6139
6140        if (mInjector.securityLogIsLoggingEnabled()) {
6141            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED);
6142        }
6143    }
6144
6145    @Override
6146    public void reportKeyguardSecured(int userHandle) {
6147        enforceFullCrossUsersPermission(userHandle);
6148        mContext.enforceCallingOrSelfPermission(
6149                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6150
6151        if (mInjector.securityLogIsLoggingEnabled()) {
6152            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED);
6153        }
6154    }
6155
6156    @Override
6157    public ComponentName setGlobalProxy(ComponentName who, String proxySpec,
6158            String exclusionList) {
6159        if (!mHasFeature) {
6160            return null;
6161        }
6162        synchronized(this) {
6163            Preconditions.checkNotNull(who, "ComponentName is null");
6164
6165            // Only check if system user has set global proxy. We don't allow other users to set it.
6166            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
6167            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
6168                    DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY);
6169
6170            // Scan through active admins and find if anyone has already
6171            // set the global proxy.
6172            Set<ComponentName> compSet = policy.mAdminMap.keySet();
6173            for (ComponentName component : compSet) {
6174                ActiveAdmin ap = policy.mAdminMap.get(component);
6175                if ((ap.specifiesGlobalProxy) && (!component.equals(who))) {
6176                    // Another admin already sets the global proxy
6177                    // Return it to the caller.
6178                    return component;
6179                }
6180            }
6181
6182            // If the user is not system, don't set the global proxy. Fail silently.
6183            if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) {
6184                Slog.w(LOG_TAG, "Only the owner is allowed to set the global proxy. User "
6185                        + UserHandle.getCallingUserId() + " is not permitted.");
6186                return null;
6187            }
6188            if (proxySpec == null) {
6189                admin.specifiesGlobalProxy = false;
6190                admin.globalProxySpec = null;
6191                admin.globalProxyExclusionList = null;
6192            } else {
6193
6194                admin.specifiesGlobalProxy = true;
6195                admin.globalProxySpec = proxySpec;
6196                admin.globalProxyExclusionList = exclusionList;
6197            }
6198
6199            // Reset the global proxy accordingly
6200            // Do this using system permissions, as apps cannot write to secure settings
6201            long origId = mInjector.binderClearCallingIdentity();
6202            try {
6203                resetGlobalProxyLocked(policy);
6204            } finally {
6205                mInjector.binderRestoreCallingIdentity(origId);
6206            }
6207            return null;
6208        }
6209    }
6210
6211    @Override
6212    public ComponentName getGlobalProxyAdmin(int userHandle) {
6213        if (!mHasFeature) {
6214            return null;
6215        }
6216        enforceFullCrossUsersPermission(userHandle);
6217        synchronized(this) {
6218            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
6219            // Scan through active admins and find if anyone has already
6220            // set the global proxy.
6221            final int N = policy.mAdminList.size();
6222            for (int i = 0; i < N; i++) {
6223                ActiveAdmin ap = policy.mAdminList.get(i);
6224                if (ap.specifiesGlobalProxy) {
6225                    // Device admin sets the global proxy
6226                    // Return it to the caller.
6227                    return ap.info.getComponent();
6228                }
6229            }
6230        }
6231        // No device admin sets the global proxy.
6232        return null;
6233    }
6234
6235    @Override
6236    public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) {
6237        synchronized (this) {
6238            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6239        }
6240        long token = mInjector.binderClearCallingIdentity();
6241        try {
6242            ConnectivityManager connectivityManager = (ConnectivityManager)
6243                    mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
6244            connectivityManager.setGlobalProxy(proxyInfo);
6245        } finally {
6246            mInjector.binderRestoreCallingIdentity(token);
6247        }
6248    }
6249
6250    private void resetGlobalProxyLocked(DevicePolicyData policy) {
6251        final int N = policy.mAdminList.size();
6252        for (int i = 0; i < N; i++) {
6253            ActiveAdmin ap = policy.mAdminList.get(i);
6254            if (ap.specifiesGlobalProxy) {
6255                saveGlobalProxyLocked(ap.globalProxySpec, ap.globalProxyExclusionList);
6256                return;
6257            }
6258        }
6259        // No device admins defining global proxies - reset global proxy settings to none
6260        saveGlobalProxyLocked(null, null);
6261    }
6262
6263    private void saveGlobalProxyLocked(String proxySpec, String exclusionList) {
6264        if (exclusionList == null) {
6265            exclusionList = "";
6266        }
6267        if (proxySpec == null) {
6268            proxySpec = "";
6269        }
6270        // Remove white spaces
6271        proxySpec = proxySpec.trim();
6272        String data[] = proxySpec.split(":");
6273        int proxyPort = 8080;
6274        if (data.length > 1) {
6275            try {
6276                proxyPort = Integer.parseInt(data[1]);
6277            } catch (NumberFormatException e) {}
6278        }
6279        exclusionList = exclusionList.trim();
6280
6281        ProxyInfo proxyProperties = new ProxyInfo(data[0], proxyPort, exclusionList);
6282        if (!proxyProperties.isValid()) {
6283            Slog.e(LOG_TAG, "Invalid proxy properties, ignoring: " + proxyProperties.toString());
6284            return;
6285        }
6286        mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_HOST, data[0]);
6287        mInjector.settingsGlobalPutInt(Settings.Global.GLOBAL_HTTP_PROXY_PORT, proxyPort);
6288        mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_EXCLUSION_LIST,
6289                exclusionList);
6290    }
6291
6292    /**
6293     * Set the storage encryption request for a single admin.  Returns the new total request
6294     * status (for all admins).
6295     */
6296    @Override
6297    public int setStorageEncryption(ComponentName who, boolean encrypt) {
6298        if (!mHasFeature) {
6299            return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6300        }
6301        Preconditions.checkNotNull(who, "ComponentName is null");
6302        final int userHandle = UserHandle.getCallingUserId();
6303        synchronized (this) {
6304            // Check for permissions
6305            // Only system user can set storage encryption
6306            if (userHandle != UserHandle.USER_SYSTEM) {
6307                Slog.w(LOG_TAG, "Only owner/system user is allowed to set storage encryption. User "
6308                        + UserHandle.getCallingUserId() + " is not permitted.");
6309                return 0;
6310            }
6311
6312            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
6313                    DeviceAdminInfo.USES_ENCRYPTED_STORAGE);
6314
6315            // Quick exit:  If the filesystem does not support encryption, we can exit early.
6316            if (!isEncryptionSupported()) {
6317                return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6318            }
6319
6320            // (1) Record the value for the admin so it's sticky
6321            if (ap.encryptionRequested != encrypt) {
6322                ap.encryptionRequested = encrypt;
6323                saveSettingsLocked(userHandle);
6324            }
6325
6326            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
6327            // (2) Compute "max" for all admins
6328            boolean newRequested = false;
6329            final int N = policy.mAdminList.size();
6330            for (int i = 0; i < N; i++) {
6331                newRequested |= policy.mAdminList.get(i).encryptionRequested;
6332            }
6333
6334            // Notify OS of new request
6335            setEncryptionRequested(newRequested);
6336
6337            // Return the new global request status
6338            return newRequested
6339                    ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
6340                    : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
6341        }
6342    }
6343
6344    /**
6345     * Get the current storage encryption request status for a given admin, or aggregate of all
6346     * active admins.
6347     */
6348    @Override
6349    public boolean getStorageEncryption(ComponentName who, int userHandle) {
6350        if (!mHasFeature) {
6351            return false;
6352        }
6353        enforceFullCrossUsersPermission(userHandle);
6354        synchronized (this) {
6355            // Check for permissions if a particular caller is specified
6356            if (who != null) {
6357                // When checking for a single caller, status is based on caller's request
6358                ActiveAdmin ap = getActiveAdminUncheckedLocked(who, userHandle);
6359                return ap != null ? ap.encryptionRequested : false;
6360            }
6361
6362            // If no particular caller is specified, return the aggregate set of requests.
6363            // This is short circuited by returning true on the first hit.
6364            DevicePolicyData policy = getUserData(userHandle);
6365            final int N = policy.mAdminList.size();
6366            for (int i = 0; i < N; i++) {
6367                if (policy.mAdminList.get(i).encryptionRequested) {
6368                    return true;
6369                }
6370            }
6371            return false;
6372        }
6373    }
6374
6375    /**
6376     * Get the current encryption status of the device.
6377     */
6378    @Override
6379    public int getStorageEncryptionStatus(@Nullable String callerPackage, int userHandle) {
6380        if (!mHasFeature) {
6381            // Ok to return current status.
6382        }
6383        enforceFullCrossUsersPermission(userHandle);
6384
6385        // It's not critical here, but let's make sure the package name is correct, in case
6386        // we start using it for different purposes.
6387        ensureCallerPackage(callerPackage);
6388
6389        final ApplicationInfo ai;
6390        try {
6391            ai = mIPackageManager.getApplicationInfo(callerPackage, 0, userHandle);
6392        } catch (RemoteException e) {
6393            throw new SecurityException(e);
6394        }
6395
6396        boolean legacyApp = false;
6397        if (ai.targetSdkVersion <= Build.VERSION_CODES.M) {
6398            legacyApp = true;
6399        }
6400
6401        final int rawStatus = getEncryptionStatus();
6402        if ((rawStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER) && legacyApp) {
6403            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
6404        }
6405        return rawStatus;
6406    }
6407
6408    /**
6409     * Hook to low-levels:  This should report if the filesystem supports encrypted storage.
6410     */
6411    private boolean isEncryptionSupported() {
6412        // Note, this can be implemented as
6413        //   return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6414        // But is provided as a separate internal method if there's a faster way to do a
6415        // simple check for supported-or-not.
6416        return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6417    }
6418
6419    /**
6420     * Hook to low-levels:  Reporting the current status of encryption.
6421     * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED},
6422     * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE},
6423     * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY},
6424     * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER}, or
6425     * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}.
6426     */
6427    private int getEncryptionStatus() {
6428        if (mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
6429            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER;
6430        } else if (mInjector.storageManagerIsNonDefaultBlockEncrypted()) {
6431            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
6432        } else if (mInjector.storageManagerIsEncrypted()) {
6433            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY;
6434        } else if (mInjector.storageManagerIsEncryptable()) {
6435            return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
6436        } else {
6437            return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6438        }
6439    }
6440
6441    /**
6442     * Hook to low-levels:  If needed, record the new admin setting for encryption.
6443     */
6444    private void setEncryptionRequested(boolean encrypt) {
6445    }
6446
6447    /**
6448     * Set whether the screen capture is disabled for the user managed by the specified admin.
6449     */
6450    @Override
6451    public void setScreenCaptureDisabled(ComponentName who, boolean disabled) {
6452        if (!mHasFeature) {
6453            return;
6454        }
6455        Preconditions.checkNotNull(who, "ComponentName is null");
6456        final int userHandle = UserHandle.getCallingUserId();
6457        synchronized (this) {
6458            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
6459                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
6460            if (ap.disableScreenCapture != disabled) {
6461                ap.disableScreenCapture = disabled;
6462                saveSettingsLocked(userHandle);
6463                updateScreenCaptureDisabledInWindowManager(userHandle, disabled);
6464            }
6465        }
6466    }
6467
6468    /**
6469     * Returns whether or not screen capture is disabled for a given admin, or disabled for any
6470     * active admin (if given admin is null).
6471     */
6472    @Override
6473    public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) {
6474        if (!mHasFeature) {
6475            return false;
6476        }
6477        synchronized (this) {
6478            if (who != null) {
6479                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
6480                return (admin != null) ? admin.disableScreenCapture : false;
6481            }
6482
6483            DevicePolicyData policy = getUserData(userHandle);
6484            final int N = policy.mAdminList.size();
6485            for (int i = 0; i < N; i++) {
6486                ActiveAdmin admin = policy.mAdminList.get(i);
6487                if (admin.disableScreenCapture) {
6488                    return true;
6489                }
6490            }
6491            return false;
6492        }
6493    }
6494
6495    private void updateScreenCaptureDisabledInWindowManager(final int userHandle,
6496            final boolean disabled) {
6497        mHandler.post(new Runnable() {
6498            @Override
6499            public void run() {
6500                try {
6501                    mInjector.getIWindowManager().setScreenCaptureDisabled(userHandle, disabled);
6502                } catch (RemoteException e) {
6503                    Log.w(LOG_TAG, "Unable to notify WindowManager.", e);
6504                }
6505            }
6506        });
6507    }
6508
6509    /**
6510     * Set whether auto time is required by the specified admin (must be device or profile owner).
6511     */
6512    @Override
6513    public void setAutoTimeRequired(ComponentName who, boolean required) {
6514        if (!mHasFeature) {
6515            return;
6516        }
6517        Preconditions.checkNotNull(who, "ComponentName is null");
6518        final int userHandle = UserHandle.getCallingUserId();
6519        synchronized (this) {
6520            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
6521                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
6522            if (admin.requireAutoTime != required) {
6523                admin.requireAutoTime = required;
6524                saveSettingsLocked(userHandle);
6525            }
6526        }
6527
6528        // Turn AUTO_TIME on in settings if it is required
6529        if (required) {
6530            long ident = mInjector.binderClearCallingIdentity();
6531            try {
6532                mInjector.settingsGlobalPutInt(Settings.Global.AUTO_TIME, 1 /* AUTO_TIME on */);
6533            } finally {
6534                mInjector.binderRestoreCallingIdentity(ident);
6535            }
6536        }
6537    }
6538
6539    /**
6540     * Returns whether or not auto time is required by the device owner or any profile owner.
6541     */
6542    @Override
6543    public boolean getAutoTimeRequired() {
6544        if (!mHasFeature) {
6545            return false;
6546        }
6547        synchronized (this) {
6548            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
6549            if (deviceOwner != null && deviceOwner.requireAutoTime) {
6550                // If the device owner enforces auto time, we don't need to check the PO's
6551                return true;
6552            }
6553
6554            // Now check to see if any profile owner on any user enforces auto time
6555            for (Integer userId : mOwners.getProfileOwnerKeys()) {
6556                ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
6557                if (profileOwner != null && profileOwner.requireAutoTime) {
6558                    return true;
6559                }
6560            }
6561
6562            return false;
6563        }
6564    }
6565
6566    @Override
6567    public void setForceEphemeralUsers(ComponentName who, boolean forceEphemeralUsers) {
6568        if (!mHasFeature) {
6569            return;
6570        }
6571        Preconditions.checkNotNull(who, "ComponentName is null");
6572        // Allow setting this policy to true only if there is a split system user.
6573        if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) {
6574            throw new UnsupportedOperationException(
6575                    "Cannot force ephemeral users on systems without split system user.");
6576        }
6577        boolean removeAllUsers = false;
6578        synchronized (this) {
6579            final ActiveAdmin deviceOwner =
6580                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6581            if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) {
6582                deviceOwner.forceEphemeralUsers = forceEphemeralUsers;
6583                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
6584                mUserManagerInternal.setForceEphemeralUsers(forceEphemeralUsers);
6585                removeAllUsers = forceEphemeralUsers;
6586            }
6587        }
6588        if (removeAllUsers) {
6589            long identitity = mInjector.binderClearCallingIdentity();
6590            try {
6591                mUserManagerInternal.removeAllUsers();
6592            } finally {
6593                mInjector.binderRestoreCallingIdentity(identitity);
6594            }
6595        }
6596    }
6597
6598    @Override
6599    public boolean getForceEphemeralUsers(ComponentName who) {
6600        if (!mHasFeature) {
6601            return false;
6602        }
6603        Preconditions.checkNotNull(who, "ComponentName is null");
6604        synchronized (this) {
6605            final ActiveAdmin deviceOwner =
6606                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6607            return deviceOwner.forceEphemeralUsers;
6608        }
6609    }
6610
6611    private void ensureDeviceOwnerAndAllUsersAffiliated(ComponentName who) throws SecurityException {
6612        synchronized (this) {
6613            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6614            if (!areAllUsersAffiliatedWithDeviceLocked()) {
6615                throw new SecurityException("Not all users are affiliated.");
6616            }
6617        }
6618    }
6619
6620    @Override
6621    public boolean requestBugreport(ComponentName who) {
6622        if (!mHasFeature) {
6623            return false;
6624        }
6625        Preconditions.checkNotNull(who, "ComponentName is null");
6626
6627        // TODO: If an unaffiliated user is removed, the admin will be able to request a bugreport
6628        // which could still contain data related to that user. Should we disallow that, e.g. until
6629        // next boot? Might not be needed given that this still requires user consent.
6630        ensureDeviceOwnerAndAllUsersAffiliated(who);
6631
6632        if (mRemoteBugreportServiceIsActive.get()
6633                || (getDeviceOwnerRemoteBugreportUri() != null)) {
6634            Slog.d(LOG_TAG, "Remote bugreport wasn't started because there's already one running.");
6635            return false;
6636        }
6637
6638        final long currentTime = System.currentTimeMillis();
6639        synchronized (this) {
6640            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
6641            if (currentTime > policyData.mLastBugReportRequestTime) {
6642                policyData.mLastBugReportRequestTime = currentTime;
6643                saveSettingsLocked(UserHandle.USER_SYSTEM);
6644            }
6645        }
6646
6647        final long callingIdentity = mInjector.binderClearCallingIdentity();
6648        try {
6649            mInjector.getIActivityManager().requestBugReport(
6650                    ActivityManager.BUGREPORT_OPTION_REMOTE);
6651
6652            mRemoteBugreportServiceIsActive.set(true);
6653            mRemoteBugreportSharingAccepted.set(false);
6654            registerRemoteBugreportReceivers();
6655            mInjector.getNotificationManager().notifyAsUser(LOG_TAG,
6656                    RemoteBugreportUtils.NOTIFICATION_ID,
6657                    RemoteBugreportUtils.buildNotification(mContext,
6658                            DevicePolicyManager.NOTIFICATION_BUGREPORT_STARTED), UserHandle.ALL);
6659            mHandler.postDelayed(mRemoteBugreportTimeoutRunnable,
6660                    RemoteBugreportUtils.REMOTE_BUGREPORT_TIMEOUT_MILLIS);
6661            return true;
6662        } catch (RemoteException re) {
6663            // should never happen
6664            Slog.e(LOG_TAG, "Failed to make remote calls to start bugreportremote service", re);
6665            return false;
6666        } finally {
6667            mInjector.binderRestoreCallingIdentity(callingIdentity);
6668        }
6669    }
6670
6671    void sendDeviceOwnerCommand(String action, Bundle extras) {
6672        int deviceOwnerUserId;
6673        ComponentName deviceOwnerComponent;
6674        synchronized (this) {
6675            deviceOwnerUserId = mOwners.getDeviceOwnerUserId();
6676            deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
6677        }
6678        sendActiveAdminCommand(action, extras, deviceOwnerUserId,
6679                deviceOwnerComponent);
6680    }
6681
6682    private void sendProfileOwnerCommand(String action, Bundle extras, int userHandle) {
6683        sendActiveAdminCommand(action, extras, userHandle,
6684                mOwners.getProfileOwnerComponent(userHandle));
6685    }
6686
6687    private void sendActiveAdminCommand(String action, Bundle extras,
6688            int userHandle, ComponentName receiverComponent) {
6689        final Intent intent = new Intent(action);
6690        intent.setComponent(receiverComponent);
6691        if (extras != null) {
6692            intent.putExtras(extras);
6693        }
6694        mContext.sendBroadcastAsUser(intent, UserHandle.of(userHandle));
6695    }
6696
6697    private void sendOwnerChangedBroadcast(String broadcast, int userId) {
6698        final Intent intent = new Intent(broadcast)
6699                .addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
6700        mContext.sendBroadcastAsUser(intent, UserHandle.of(userId));
6701    }
6702
6703    private synchronized String getDeviceOwnerRemoteBugreportUri() {
6704        return mOwners.getDeviceOwnerRemoteBugreportUri();
6705    }
6706
6707    private synchronized void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri,
6708            String bugreportHash) {
6709        mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash);
6710    }
6711
6712    private void registerRemoteBugreportReceivers() {
6713        try {
6714            IntentFilter filterFinished = new IntentFilter(
6715                    DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH,
6716                    RemoteBugreportUtils.BUGREPORT_MIMETYPE);
6717            mContext.registerReceiver(mRemoteBugreportFinishedReceiver, filterFinished);
6718        } catch (IntentFilter.MalformedMimeTypeException e) {
6719            // should never happen, as setting a constant
6720            Slog.w(LOG_TAG, "Failed to set type " + RemoteBugreportUtils.BUGREPORT_MIMETYPE, e);
6721        }
6722        IntentFilter filterConsent = new IntentFilter();
6723        filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED);
6724        filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED);
6725        mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent);
6726    }
6727
6728    private void onBugreportFinished(Intent intent) {
6729        mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable);
6730        mRemoteBugreportServiceIsActive.set(false);
6731        Uri bugreportUri = intent.getData();
6732        String bugreportUriString = null;
6733        if (bugreportUri != null) {
6734            bugreportUriString = bugreportUri.toString();
6735        }
6736        String bugreportHash = intent.getStringExtra(
6737                DevicePolicyManager.EXTRA_REMOTE_BUGREPORT_HASH);
6738        if (mRemoteBugreportSharingAccepted.get()) {
6739            shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash);
6740            mInjector.getNotificationManager().cancel(LOG_TAG,
6741                    RemoteBugreportUtils.NOTIFICATION_ID);
6742        } else {
6743            setDeviceOwnerRemoteBugreportUriAndHash(bugreportUriString, bugreportHash);
6744            mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID,
6745                    RemoteBugreportUtils.buildNotification(mContext,
6746                            DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED),
6747                            UserHandle.ALL);
6748        }
6749        mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver);
6750    }
6751
6752    private void onBugreportFailed() {
6753        mRemoteBugreportServiceIsActive.set(false);
6754        mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP,
6755                RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE);
6756        mRemoteBugreportSharingAccepted.set(false);
6757        setDeviceOwnerRemoteBugreportUriAndHash(null, null);
6758        mInjector.getNotificationManager().cancel(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID);
6759        Bundle extras = new Bundle();
6760        extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON,
6761                DeviceAdminReceiver.BUGREPORT_FAILURE_FAILED_COMPLETING);
6762        sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras);
6763        mContext.unregisterReceiver(mRemoteBugreportConsentReceiver);
6764        mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver);
6765    }
6766
6767    private void onBugreportSharingAccepted() {
6768        mRemoteBugreportSharingAccepted.set(true);
6769        String bugreportUriString = null;
6770        String bugreportHash = null;
6771        synchronized (this) {
6772            bugreportUriString = getDeviceOwnerRemoteBugreportUri();
6773            bugreportHash = mOwners.getDeviceOwnerRemoteBugreportHash();
6774        }
6775        if (bugreportUriString != null) {
6776            shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash);
6777        } else if (mRemoteBugreportServiceIsActive.get()) {
6778            mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID,
6779                    RemoteBugreportUtils.buildNotification(mContext,
6780                            DevicePolicyManager.NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED),
6781                            UserHandle.ALL);
6782        }
6783    }
6784
6785    private void onBugreportSharingDeclined() {
6786        if (mRemoteBugreportServiceIsActive.get()) {
6787            mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP,
6788                    RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE);
6789            mRemoteBugreportServiceIsActive.set(false);
6790            mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable);
6791            mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver);
6792        }
6793        mRemoteBugreportSharingAccepted.set(false);
6794        setDeviceOwnerRemoteBugreportUriAndHash(null, null);
6795        sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_SHARING_DECLINED, null);
6796    }
6797
6798    private void shareBugreportWithDeviceOwnerIfExists(String bugreportUriString,
6799            String bugreportHash) {
6800        ParcelFileDescriptor pfd = null;
6801        try {
6802            if (bugreportUriString == null) {
6803                throw new FileNotFoundException();
6804            }
6805            Uri bugreportUri = Uri.parse(bugreportUriString);
6806            pfd = mContext.getContentResolver().openFileDescriptor(bugreportUri, "r");
6807
6808            synchronized (this) {
6809                Intent intent = new Intent(DeviceAdminReceiver.ACTION_BUGREPORT_SHARE);
6810                intent.setComponent(mOwners.getDeviceOwnerComponent());
6811                intent.setDataAndType(bugreportUri, RemoteBugreportUtils.BUGREPORT_MIMETYPE);
6812                intent.putExtra(DeviceAdminReceiver.EXTRA_BUGREPORT_HASH, bugreportHash);
6813                intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
6814
6815                LocalServices.getService(ActivityManagerInternal.class)
6816                        .grantUriPermissionFromIntent(Process.SHELL_UID,
6817                                mOwners.getDeviceOwnerComponent().getPackageName(),
6818                                intent, mOwners.getDeviceOwnerUserId());
6819                mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId()));
6820            }
6821        } catch (FileNotFoundException e) {
6822            Bundle extras = new Bundle();
6823            extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON,
6824                    DeviceAdminReceiver.BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE);
6825            sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras);
6826        } finally {
6827            try {
6828                if (pfd != null) {
6829                    pfd.close();
6830                }
6831            } catch (IOException ex) {
6832                // Ignore
6833            }
6834            mRemoteBugreportSharingAccepted.set(false);
6835            setDeviceOwnerRemoteBugreportUriAndHash(null, null);
6836        }
6837    }
6838
6839    /**
6840     * Disables all device cameras according to the specified admin.
6841     */
6842    @Override
6843    public void setCameraDisabled(ComponentName who, boolean disabled) {
6844        if (!mHasFeature) {
6845            return;
6846        }
6847        Preconditions.checkNotNull(who, "ComponentName is null");
6848        final int userHandle = mInjector.userHandleGetCallingUserId();
6849        synchronized (this) {
6850            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
6851                    DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA);
6852            if (ap.disableCamera != disabled) {
6853                ap.disableCamera = disabled;
6854                saveSettingsLocked(userHandle);
6855            }
6856        }
6857        // Tell the user manager that the restrictions have changed.
6858        pushUserRestrictions(userHandle);
6859    }
6860
6861    /**
6862     * Gets whether or not all device cameras are disabled for a given admin, or disabled for any
6863     * active admins.
6864     */
6865    @Override
6866    public boolean getCameraDisabled(ComponentName who, int userHandle) {
6867        return getCameraDisabled(who, userHandle, /* mergeDeviceOwnerRestriction= */ true);
6868    }
6869
6870    private boolean getCameraDisabled(ComponentName who, int userHandle,
6871            boolean mergeDeviceOwnerRestriction) {
6872        if (!mHasFeature) {
6873            return false;
6874        }
6875        synchronized (this) {
6876            if (who != null) {
6877                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
6878                return (admin != null) ? admin.disableCamera : false;
6879            }
6880            // First, see if DO has set it.  If so, it's device-wide.
6881            if (mergeDeviceOwnerRestriction) {
6882                final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
6883                if (deviceOwner != null && deviceOwner.disableCamera) {
6884                    return true;
6885                }
6886            }
6887
6888            // Then check each device admin on the user.
6889            DevicePolicyData policy = getUserData(userHandle);
6890            // Determine whether or not the device camera is disabled for any active admins.
6891            final int N = policy.mAdminList.size();
6892            for (int i = 0; i < N; i++) {
6893                ActiveAdmin admin = policy.mAdminList.get(i);
6894                if (admin.disableCamera) {
6895                    return true;
6896                }
6897            }
6898            return false;
6899        }
6900    }
6901
6902    @Override
6903    public void setKeyguardDisabledFeatures(ComponentName who, int which, boolean parent) {
6904        if (!mHasFeature) {
6905            return;
6906        }
6907        Preconditions.checkNotNull(who, "ComponentName is null");
6908        final int userHandle = mInjector.userHandleGetCallingUserId();
6909        if (isManagedProfile(userHandle)) {
6910            if (parent) {
6911                which = which & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER;
6912            } else {
6913                which = which & PROFILE_KEYGUARD_FEATURES;
6914            }
6915        }
6916        synchronized (this) {
6917            ActiveAdmin ap = getActiveAdminForCallerLocked(
6918                    who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent);
6919            if (ap.disabledKeyguardFeatures != which) {
6920                ap.disabledKeyguardFeatures = which;
6921                saveSettingsLocked(userHandle);
6922            }
6923        }
6924    }
6925
6926    /**
6927     * Gets the disabled state for features in keyguard for the given admin,
6928     * or the aggregate of all active admins if who is null.
6929     */
6930    @Override
6931    public int getKeyguardDisabledFeatures(ComponentName who, int userHandle, boolean parent) {
6932        if (!mHasFeature) {
6933            return 0;
6934        }
6935        enforceFullCrossUsersPermission(userHandle);
6936        final long ident = mInjector.binderClearCallingIdentity();
6937        try {
6938            synchronized (this) {
6939                if (who != null) {
6940                    ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
6941                    return (admin != null) ? admin.disabledKeyguardFeatures : 0;
6942                }
6943
6944                final List<ActiveAdmin> admins;
6945                if (!parent && isManagedProfile(userHandle)) {
6946                    // If we are being asked about a managed profile, just return keyguard features
6947                    // disabled by admins in the profile.
6948                    admins = getUserDataUnchecked(userHandle).mAdminList;
6949                } else {
6950                    // Otherwise return those set by admins in the user and its profiles.
6951                    admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
6952                }
6953
6954                int which = DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE;
6955                final int N = admins.size();
6956                for (int i = 0; i < N; i++) {
6957                    ActiveAdmin admin = admins.get(i);
6958                    int userId = admin.getUserHandle().getIdentifier();
6959                    boolean isRequestedUser = !parent && (userId == userHandle);
6960                    if (isRequestedUser || !isManagedProfile(userId)) {
6961                        // If we are being asked explicitly about this user
6962                        // return all disabled features even if its a managed profile.
6963                        which |= admin.disabledKeyguardFeatures;
6964                    } else {
6965                        // Otherwise a managed profile is only allowed to disable
6966                        // some features on the parent user.
6967                        which |= (admin.disabledKeyguardFeatures
6968                                & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER);
6969                    }
6970                }
6971                return which;
6972            }
6973        } finally {
6974            mInjector.binderRestoreCallingIdentity(ident);
6975        }
6976    }
6977
6978    @Override
6979    public void setKeepUninstalledPackages(ComponentName who, String callerPackage,
6980            List<String> packageList) {
6981        if (!mHasFeature) {
6982            return;
6983        }
6984        Preconditions.checkNotNull(packageList, "packageList is null");
6985        final int userHandle = UserHandle.getCallingUserId();
6986        synchronized (this) {
6987            // Ensure the caller is a DO or a keep uninstalled packages delegate.
6988            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
6989                    DELEGATION_KEEP_UNINSTALLED_PACKAGES);
6990            // Get the device owner
6991            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
6992            // Set list of packages to be kept even if uninstalled.
6993            deviceOwner.keepUninstalledPackages = packageList;
6994            // Save settings.
6995            saveSettingsLocked(userHandle);
6996            // Notify package manager.
6997            mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList);
6998        }
6999    }
7000
7001    @Override
7002    public List<String> getKeepUninstalledPackages(ComponentName who, String callerPackage) {
7003        if (!mHasFeature) {
7004            return null;
7005        }
7006        // TODO In split system user mode, allow apps on user 0 to query the list
7007        synchronized (this) {
7008            // Ensure the caller is a DO or a keep uninstalled packages delegate.
7009            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
7010                    DELEGATION_KEEP_UNINSTALLED_PACKAGES);
7011            return getKeepUninstalledPackagesLocked();
7012        }
7013    }
7014
7015    private List<String> getKeepUninstalledPackagesLocked() {
7016        ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
7017        return (deviceOwner != null) ? deviceOwner.keepUninstalledPackages : null;
7018    }
7019
7020    @Override
7021    public boolean setDeviceOwner(ComponentName admin, String ownerName, int userId) {
7022        if (!mHasFeature) {
7023            return false;
7024        }
7025        if (admin == null
7026                || !isPackageInstalledForUser(admin.getPackageName(), userId)) {
7027            throw new IllegalArgumentException("Invalid component " + admin
7028                    + " for device owner");
7029        }
7030        final boolean hasIncompatibleAccountsOrNonAdb =
7031                hasIncompatibleAccountsOrNonAdbNoLock(userId, admin);
7032        synchronized (this) {
7033            enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb);
7034            final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId);
7035            if (activeAdmin == null
7036                    || getUserData(userId).mRemovingAdmins.contains(admin)) {
7037                throw new IllegalArgumentException("Not active admin: " + admin);
7038            }
7039
7040            // Shutting down backup manager service permanently.
7041            long ident = mInjector.binderClearCallingIdentity();
7042            try {
7043                if (mInjector.getIBackupManager() != null) {
7044                    mInjector.getIBackupManager()
7045                            .setBackupServiceActive(UserHandle.USER_SYSTEM, false);
7046                }
7047            } catch (RemoteException e) {
7048                throw new IllegalStateException("Failed deactivating backup service.", e);
7049            } finally {
7050                mInjector.binderRestoreCallingIdentity(ident);
7051            }
7052
7053            if (isAdb()) {
7054                // Log device owner provisioning was started using adb.
7055                MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_DEVICE_OWNER);
7056            }
7057
7058            mOwners.setDeviceOwner(admin, ownerName, userId);
7059            mOwners.writeDeviceOwner();
7060            updateDeviceOwnerLocked();
7061            setDeviceOwnerSystemPropertyLocked();
7062
7063            final Set<String> restrictions =
7064                    UserRestrictionsUtils.getDefaultEnabledForDeviceOwner();
7065            if (!restrictions.isEmpty()) {
7066                for (String restriction : restrictions) {
7067                    activeAdmin.ensureUserRestrictions().putBoolean(restriction, true);
7068                }
7069                activeAdmin.defaultEnabledRestrictionsAlreadySet.addAll(restrictions);
7070                Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictions);
7071
7072                saveUserRestrictionsLocked(userId);
7073            }
7074
7075            ident = mInjector.binderClearCallingIdentity();
7076            try {
7077                // TODO Send to system too?
7078                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId);
7079            } finally {
7080                mInjector.binderRestoreCallingIdentity(ident);
7081            }
7082            mDeviceAdminServiceController.startServiceForOwner(
7083                    admin.getPackageName(), userId, "set-device-owner");
7084
7085            Slog.i(LOG_TAG, "Device owner set: " + admin + " on user " + userId);
7086            return true;
7087        }
7088    }
7089
7090    @Override
7091    public boolean hasDeviceOwner() {
7092        enforceDeviceOwnerOrManageUsers();
7093        return mOwners.hasDeviceOwner();
7094    }
7095
7096    boolean isDeviceOwner(ActiveAdmin admin) {
7097        return isDeviceOwner(admin.info.getComponent(), admin.getUserHandle().getIdentifier());
7098    }
7099
7100    public boolean isDeviceOwner(ComponentName who, int userId) {
7101        synchronized (this) {
7102            return mOwners.hasDeviceOwner()
7103                    && mOwners.getDeviceOwnerUserId() == userId
7104                    && mOwners.getDeviceOwnerComponent().equals(who);
7105        }
7106    }
7107
7108    private boolean isDeviceOwnerPackage(String packageName, int userId) {
7109        synchronized (this) {
7110            return mOwners.hasDeviceOwner()
7111                    && mOwners.getDeviceOwnerUserId() == userId
7112                    && mOwners.getDeviceOwnerPackageName().equals(packageName);
7113        }
7114    }
7115
7116    private boolean isProfileOwnerPackage(String packageName, int userId) {
7117        synchronized (this) {
7118            return mOwners.hasProfileOwner(userId)
7119                    && mOwners.getProfileOwnerPackage(userId).equals(packageName);
7120        }
7121    }
7122
7123    public boolean isProfileOwner(ComponentName who, int userId) {
7124        final ComponentName profileOwner = getProfileOwner(userId);
7125        return who != null && who.equals(profileOwner);
7126    }
7127
7128    @Override
7129    public ComponentName getDeviceOwnerComponent(boolean callingUserOnly) {
7130        if (!mHasFeature) {
7131            return null;
7132        }
7133        if (!callingUserOnly) {
7134            enforceManageUsers();
7135        }
7136        synchronized (this) {
7137            if (!mOwners.hasDeviceOwner()) {
7138                return null;
7139            }
7140            if (callingUserOnly && mInjector.userHandleGetCallingUserId() !=
7141                    mOwners.getDeviceOwnerUserId()) {
7142                return null;
7143            }
7144            return mOwners.getDeviceOwnerComponent();
7145        }
7146    }
7147
7148    @Override
7149    public int getDeviceOwnerUserId() {
7150        if (!mHasFeature) {
7151            return UserHandle.USER_NULL;
7152        }
7153        enforceManageUsers();
7154        synchronized (this) {
7155            return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL;
7156        }
7157    }
7158
7159    /**
7160     * Returns the "name" of the device owner.  It'll work for non-DO users too, but requires
7161     * MANAGE_USERS.
7162     */
7163    @Override
7164    public String getDeviceOwnerName() {
7165        if (!mHasFeature) {
7166            return null;
7167        }
7168        enforceManageUsers();
7169        synchronized (this) {
7170            if (!mOwners.hasDeviceOwner()) {
7171                return null;
7172            }
7173            // TODO This totally ignores the name passed to setDeviceOwner (change for b/20679292)
7174            // Should setDeviceOwner/ProfileOwner still take a name?
7175            String deviceOwnerPackage = mOwners.getDeviceOwnerPackageName();
7176            return getApplicationLabel(deviceOwnerPackage, UserHandle.USER_SYSTEM);
7177        }
7178    }
7179
7180    /** Returns the active device owner or {@code null} if there is no device owner. */
7181    @VisibleForTesting
7182    ActiveAdmin getDeviceOwnerAdminLocked() {
7183        ComponentName component = mOwners.getDeviceOwnerComponent();
7184        if (component == null) {
7185            return null;
7186        }
7187
7188        DevicePolicyData policy = getUserData(mOwners.getDeviceOwnerUserId());
7189        final int n = policy.mAdminList.size();
7190        for (int i = 0; i < n; i++) {
7191            ActiveAdmin admin = policy.mAdminList.get(i);
7192            if (component.equals(admin.info.getComponent())) {
7193                return admin;
7194            }
7195        }
7196        Slog.wtf(LOG_TAG, "Active admin for device owner not found. component=" + component);
7197        return null;
7198    }
7199
7200    @Override
7201    public void clearDeviceOwner(String packageName) {
7202        Preconditions.checkNotNull(packageName, "packageName is null");
7203        final int callingUid = mInjector.binderGetCallingUid();
7204        try {
7205            int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName,
7206                    UserHandle.getUserId(callingUid));
7207            if (uid != callingUid) {
7208                throw new SecurityException("Invalid packageName");
7209            }
7210        } catch (NameNotFoundException e) {
7211            throw new SecurityException(e);
7212        }
7213        synchronized (this) {
7214            final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
7215            final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId();
7216            if (!mOwners.hasDeviceOwner()
7217                    || !deviceOwnerComponent.getPackageName().equals(packageName)
7218                    || (deviceOwnerUserId != UserHandle.getUserId(callingUid))) {
7219                throw new SecurityException(
7220                        "clearDeviceOwner can only be called by the device owner");
7221            }
7222            enforceUserUnlocked(deviceOwnerUserId);
7223
7224            final ActiveAdmin admin = getDeviceOwnerAdminLocked();
7225            long ident = mInjector.binderClearCallingIdentity();
7226            try {
7227                clearDeviceOwnerLocked(admin, deviceOwnerUserId);
7228                removeActiveAdminLocked(deviceOwnerComponent, deviceOwnerUserId);
7229                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED,
7230                        deviceOwnerUserId);
7231            } finally {
7232                mInjector.binderRestoreCallingIdentity(ident);
7233            }
7234            Slog.i(LOG_TAG, "Device owner removed: " + deviceOwnerComponent);
7235        }
7236    }
7237
7238    private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {
7239        mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner");
7240
7241        if (admin != null) {
7242            admin.disableCamera = false;
7243            admin.userRestrictions = null;
7244            admin.defaultEnabledRestrictionsAlreadySet.clear();
7245            admin.forceEphemeralUsers = false;
7246            admin.isNetworkLoggingEnabled = false;
7247            mUserManagerInternal.setForceEphemeralUsers(admin.forceEphemeralUsers);
7248        }
7249        final DevicePolicyData policyData = getUserData(userId);
7250        policyData.mCurrentInputMethodSet = false;
7251        saveSettingsLocked(userId);
7252        final DevicePolicyData systemPolicyData = getUserData(UserHandle.USER_SYSTEM);
7253        systemPolicyData.mLastSecurityLogRetrievalTime = -1;
7254        systemPolicyData.mLastBugReportRequestTime = -1;
7255        systemPolicyData.mLastNetworkLogsRetrievalTime = -1;
7256        saveSettingsLocked(UserHandle.USER_SYSTEM);
7257        clearUserPoliciesLocked(userId);
7258
7259        mOwners.clearDeviceOwner();
7260        mOwners.writeDeviceOwner();
7261        updateDeviceOwnerLocked();
7262
7263        clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId));
7264        mInjector.securityLogSetLoggingEnabledProperty(false);
7265        mSecurityLogMonitor.stop();
7266        setNetworkLoggingActiveInternal(false);
7267
7268        try {
7269            if (mInjector.getIBackupManager() != null) {
7270                // Reactivate backup service.
7271                mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true);
7272            }
7273        } catch (RemoteException e) {
7274            throw new IllegalStateException("Failed reactivating backup service.", e);
7275        }
7276    }
7277
7278    @Override
7279    public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) {
7280        if (!mHasFeature) {
7281            return false;
7282        }
7283        if (who == null
7284                || !isPackageInstalledForUser(who.getPackageName(), userHandle)) {
7285            throw new IllegalArgumentException("Component " + who
7286                    + " not installed for userId:" + userHandle);
7287        }
7288        final boolean hasIncompatibleAccountsOrNonAdb =
7289                hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who);
7290        synchronized (this) {
7291            enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb);
7292
7293            final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
7294            if (admin == null || getUserData(userHandle).mRemovingAdmins.contains(who)) {
7295                throw new IllegalArgumentException("Not active admin: " + who);
7296            }
7297
7298            if (isAdb()) {
7299                // Log profile owner provisioning was started using adb.
7300                MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER);
7301            }
7302
7303            mOwners.setProfileOwner(who, ownerName, userHandle);
7304            mOwners.writeProfileOwner(userHandle);
7305            Slog.i(LOG_TAG, "Profile owner set: " + who + " on user " + userHandle);
7306
7307            final long id = mInjector.binderClearCallingIdentity();
7308            try {
7309                if (mUserManager.isManagedProfile(userHandle)) {
7310                    maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin,
7311                            UserRestrictionsUtils.getDefaultEnabledForManagedProfiles());
7312                    ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin,
7313                            true /* newOwner */);
7314                }
7315                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
7316                        userHandle);
7317            } finally {
7318                mInjector.binderRestoreCallingIdentity(id);
7319            }
7320            mDeviceAdminServiceController.startServiceForOwner(
7321                    who.getPackageName(), userHandle, "set-profile-owner");
7322            return true;
7323        }
7324    }
7325
7326    @Override
7327    public void clearProfileOwner(ComponentName who) {
7328        if (!mHasFeature) {
7329            return;
7330        }
7331        Preconditions.checkNotNull(who, "ComponentName is null");
7332
7333        final int userId = mInjector.userHandleGetCallingUserId();
7334        enforceNotManagedProfile(userId, "clear profile owner");
7335        enforceUserUnlocked(userId);
7336        synchronized (this) {
7337            // Check if this is the profile owner who is calling
7338            final ActiveAdmin admin =
7339                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7340
7341            final long ident = mInjector.binderClearCallingIdentity();
7342            try {
7343                clearProfileOwnerLocked(admin, userId);
7344                removeActiveAdminLocked(who, userId);
7345                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
7346                        userId);
7347            } finally {
7348                mInjector.binderRestoreCallingIdentity(ident);
7349            }
7350            Slog.i(LOG_TAG, "Profile owner " + who + " removed from user " + userId);
7351        }
7352    }
7353
7354    public void clearProfileOwnerLocked(ActiveAdmin admin, int userId) {
7355        mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-profile-owner");
7356
7357        if (admin != null) {
7358            admin.disableCamera = false;
7359            admin.userRestrictions = null;
7360            admin.defaultEnabledRestrictionsAlreadySet.clear();
7361        }
7362        final DevicePolicyData policyData = getUserData(userId);
7363        policyData.mCurrentInputMethodSet = false;
7364        policyData.mOwnerInstalledCaCerts.clear();
7365        saveSettingsLocked(userId);
7366        clearUserPoliciesLocked(userId);
7367        mOwners.removeProfileOwner(userId);
7368        mOwners.writeProfileOwner(userId);
7369    }
7370
7371    @Override
7372    public void setDeviceOwnerLockScreenInfo(ComponentName who, CharSequence info) {
7373        Preconditions.checkNotNull(who, "ComponentName is null");
7374        if (!mHasFeature) {
7375            return;
7376        }
7377
7378        synchronized (this) {
7379            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
7380            long token = mInjector.binderClearCallingIdentity();
7381            try {
7382                mLockPatternUtils.setDeviceOwnerInfo(info != null ? info.toString() : null);
7383            } finally {
7384                mInjector.binderRestoreCallingIdentity(token);
7385            }
7386        }
7387    }
7388
7389    @Override
7390    public CharSequence getDeviceOwnerLockScreenInfo() {
7391        return mLockPatternUtils.getDeviceOwnerInfo();
7392    }
7393
7394    private void clearUserPoliciesLocked(int userId) {
7395        // Reset some of the user-specific policies.
7396        final DevicePolicyData policy = getUserData(userId);
7397        policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT;
7398        // Clear delegations.
7399        policy.mDelegationMap.clear();
7400        policy.mStatusBarDisabled = false;
7401        policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED;
7402        policy.mAffiliationIds.clear();
7403        policy.mLockTaskPackages.clear();
7404        updateLockTaskPackagesLocked(policy.mLockTaskPackages, userId);
7405        policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE;
7406        saveSettingsLocked(userId);
7407
7408        try {
7409            mIPackageManager.updatePermissionFlagsForAllApps(
7410                    PackageManager.FLAG_PERMISSION_POLICY_FIXED,
7411                    0  /* flagValues */, userId);
7412            pushUserRestrictions(userId);
7413        } catch (RemoteException re) {
7414            // Shouldn't happen.
7415        }
7416    }
7417
7418    @Override
7419    public boolean hasUserSetupCompleted() {
7420        return hasUserSetupCompleted(UserHandle.getCallingUserId());
7421    }
7422
7423    // This checks only if the Setup Wizard has run.  Since Wear devices pair before
7424    // completing Setup Wizard, and pairing involves transferring user data, calling
7425    // logic may want to check mIsWatch or mPaired in addition to hasUserSetupCompleted().
7426    private boolean hasUserSetupCompleted(int userHandle) {
7427        if (!mHasFeature) {
7428            return true;
7429        }
7430        return getUserData(userHandle).mUserSetupComplete;
7431    }
7432
7433    private boolean hasPaired(int userHandle) {
7434        if (!mHasFeature) {
7435            return true;
7436        }
7437        return getUserData(userHandle).mPaired;
7438    }
7439
7440    @Override
7441    public int getUserProvisioningState() {
7442        if (!mHasFeature) {
7443            return DevicePolicyManager.STATE_USER_UNMANAGED;
7444        }
7445        int userHandle = mInjector.userHandleGetCallingUserId();
7446        return getUserProvisioningState(userHandle);
7447    }
7448
7449    private int getUserProvisioningState(int userHandle) {
7450        return getUserData(userHandle).mUserProvisioningState;
7451    }
7452
7453    @Override
7454    public void setUserProvisioningState(int newState, int userHandle) {
7455        if (!mHasFeature) {
7456            return;
7457        }
7458
7459        if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle)
7460                && getManagedUserId(userHandle) == -1) {
7461            // No managed device, user or profile, so setting provisioning state makes no sense.
7462            throw new IllegalStateException("Not allowed to change provisioning state unless a "
7463                      + "device or profile owner is set.");
7464        }
7465
7466        synchronized (this) {
7467            boolean transitionCheckNeeded = true;
7468
7469            // Calling identity/permission checks.
7470            if (isAdb()) {
7471                // ADB shell can only move directly from un-managed to finalized as part of directly
7472                // setting profile-owner or device-owner.
7473                if (getUserProvisioningState(userHandle) !=
7474                        DevicePolicyManager.STATE_USER_UNMANAGED
7475                        || newState != DevicePolicyManager.STATE_USER_SETUP_FINALIZED) {
7476                    throw new IllegalStateException("Not allowed to change provisioning state "
7477                            + "unless current provisioning state is unmanaged, and new state is "
7478                            + "finalized.");
7479                }
7480                transitionCheckNeeded = false;
7481            } else {
7482                // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS.
7483                enforceCanManageProfileAndDeviceOwners();
7484            }
7485
7486            final DevicePolicyData policyData = getUserData(userHandle);
7487            if (transitionCheckNeeded) {
7488                // Optional state transition check for non-ADB case.
7489                checkUserProvisioningStateTransition(policyData.mUserProvisioningState, newState);
7490            }
7491            policyData.mUserProvisioningState = newState;
7492            saveSettingsLocked(userHandle);
7493        }
7494    }
7495
7496    private void checkUserProvisioningStateTransition(int currentState, int newState) {
7497        // Valid transitions for normal use-cases.
7498        switch (currentState) {
7499            case DevicePolicyManager.STATE_USER_UNMANAGED:
7500                // Can move to any state from unmanaged (except itself as an edge case)..
7501                if (newState != DevicePolicyManager.STATE_USER_UNMANAGED) {
7502                    return;
7503                }
7504                break;
7505            case DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE:
7506            case DevicePolicyManager.STATE_USER_SETUP_COMPLETE:
7507                // Can only move to finalized from these states.
7508                if (newState == DevicePolicyManager.STATE_USER_SETUP_FINALIZED) {
7509                    return;
7510                }
7511                break;
7512            case DevicePolicyManager.STATE_USER_PROFILE_COMPLETE:
7513                // Current user has a managed-profile, but current user is not managed, so
7514                // rather than moving to finalized state, go back to unmanaged once
7515                // profile provisioning is complete.
7516                if (newState == DevicePolicyManager.STATE_USER_UNMANAGED) {
7517                    return;
7518                }
7519                break;
7520            case DevicePolicyManager.STATE_USER_SETUP_FINALIZED:
7521                // Cannot transition out of finalized.
7522                break;
7523        }
7524
7525        // Didn't meet any of the accepted state transition checks above, throw appropriate error.
7526        throw new IllegalStateException("Cannot move to user provisioning state [" + newState + "] "
7527                + "from state [" + currentState + "]");
7528    }
7529
7530    @Override
7531    public void setProfileEnabled(ComponentName who) {
7532        if (!mHasFeature) {
7533            return;
7534        }
7535        Preconditions.checkNotNull(who, "ComponentName is null");
7536        synchronized (this) {
7537            // Check if this is the profile owner who is calling
7538            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7539            final int userId = UserHandle.getCallingUserId();
7540            enforceManagedProfile(userId, "enable the profile");
7541            // Check if the profile is already enabled.
7542            UserInfo managedProfile = getUserInfo(userId);
7543            if (managedProfile.isEnabled()) {
7544                Slog.e(LOG_TAG,
7545                        "setProfileEnabled is called when the profile is already enabled");
7546                return;
7547            }
7548            long id = mInjector.binderClearCallingIdentity();
7549            try {
7550                mUserManager.setUserEnabled(userId);
7551                UserInfo parent = mUserManager.getProfileParent(userId);
7552                Intent intent = new Intent(Intent.ACTION_MANAGED_PROFILE_ADDED);
7553                intent.putExtra(Intent.EXTRA_USER, new UserHandle(userId));
7554                intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY |
7555                        Intent.FLAG_RECEIVER_FOREGROUND);
7556                mContext.sendBroadcastAsUser(intent, new UserHandle(parent.id));
7557            } finally {
7558                mInjector.binderRestoreCallingIdentity(id);
7559            }
7560        }
7561    }
7562
7563    @Override
7564    public void setProfileName(ComponentName who, String profileName) {
7565        Preconditions.checkNotNull(who, "ComponentName is null");
7566        int userId = UserHandle.getCallingUserId();
7567        // Check if this is the profile owner (includes device owner).
7568        getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7569
7570        long id = mInjector.binderClearCallingIdentity();
7571        try {
7572            mUserManager.setUserName(userId, profileName);
7573        } finally {
7574            mInjector.binderRestoreCallingIdentity(id);
7575        }
7576    }
7577
7578    @Override
7579    public ComponentName getProfileOwner(int userHandle) {
7580        if (!mHasFeature) {
7581            return null;
7582        }
7583
7584        synchronized (this) {
7585            return mOwners.getProfileOwnerComponent(userHandle);
7586        }
7587    }
7588
7589    // Returns the active profile owner for this user or null if the current user has no
7590    // profile owner.
7591    @VisibleForTesting
7592    ActiveAdmin getProfileOwnerAdminLocked(int userHandle) {
7593        ComponentName profileOwner = mOwners.getProfileOwnerComponent(userHandle);
7594        if (profileOwner == null) {
7595            return null;
7596        }
7597        DevicePolicyData policy = getUserData(userHandle);
7598        final int n = policy.mAdminList.size();
7599        for (int i = 0; i < n; i++) {
7600            ActiveAdmin admin = policy.mAdminList.get(i);
7601            if (profileOwner.equals(admin.info.getComponent())) {
7602                return admin;
7603            }
7604        }
7605        return null;
7606    }
7607
7608    @Override
7609    public String getProfileOwnerName(int userHandle) {
7610        if (!mHasFeature) {
7611            return null;
7612        }
7613        enforceManageUsers();
7614        ComponentName profileOwner = getProfileOwner(userHandle);
7615        if (profileOwner == null) {
7616            return null;
7617        }
7618        return getApplicationLabel(profileOwner.getPackageName(), userHandle);
7619    }
7620
7621    /**
7622     * Canonical name for a given package.
7623     */
7624    private String getApplicationLabel(String packageName, int userHandle) {
7625        long token = mInjector.binderClearCallingIdentity();
7626        try {
7627            final Context userContext;
7628            try {
7629                UserHandle handle = new UserHandle(userHandle);
7630                userContext = mContext.createPackageContextAsUser(packageName, 0, handle);
7631            } catch (PackageManager.NameNotFoundException nnfe) {
7632                Log.w(LOG_TAG, packageName + " is not installed for user " + userHandle, nnfe);
7633                return null;
7634            }
7635            ApplicationInfo appInfo = userContext.getApplicationInfo();
7636            CharSequence result = null;
7637            if (appInfo != null) {
7638                PackageManager pm = userContext.getPackageManager();
7639                result = pm.getApplicationLabel(appInfo);
7640            }
7641            return result != null ? result.toString() : null;
7642        } finally {
7643            mInjector.binderRestoreCallingIdentity(token);
7644        }
7645    }
7646
7647    /**
7648     * Calls wtfStack() if called with the DPMS lock held.
7649     */
7650    private void wtfIfInLock() {
7651        if (Thread.holdsLock(this)) {
7652            Slog.wtfStack(LOG_TAG, "Shouldn't be called with DPMS lock held");
7653        }
7654    }
7655
7656    /**
7657     * The profile owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS
7658     * permission.
7659     * The profile owner can only be set before the user setup phase has completed,
7660     * except for:
7661     * - SYSTEM_UID
7662     * - adb unless hasIncompatibleAccountsOrNonAdb is true.
7663     */
7664    private void enforceCanSetProfileOwnerLocked(@Nullable ComponentName owner, int userHandle,
7665            boolean hasIncompatibleAccountsOrNonAdb) {
7666        UserInfo info = getUserInfo(userHandle);
7667        if (info == null) {
7668            // User doesn't exist.
7669            throw new IllegalArgumentException(
7670                    "Attempted to set profile owner for invalid userId: " + userHandle);
7671        }
7672        if (info.isGuest()) {
7673            throw new IllegalStateException("Cannot set a profile owner on a guest");
7674        }
7675        if (mOwners.hasProfileOwner(userHandle)) {
7676            throw new IllegalStateException("Trying to set the profile owner, but profile owner "
7677                    + "is already set.");
7678        }
7679        if (mOwners.hasDeviceOwner() && mOwners.getDeviceOwnerUserId() == userHandle) {
7680            throw new IllegalStateException("Trying to set the profile owner, but the user "
7681                    + "already has a device owner.");
7682        }
7683        if (isAdb()) {
7684            if ((mIsWatch || hasUserSetupCompleted(userHandle))
7685                    && hasIncompatibleAccountsOrNonAdb) {
7686                throw new IllegalStateException("Not allowed to set the profile owner because "
7687                        + "there are already some accounts on the profile");
7688            }
7689            return;
7690        }
7691        enforceCanManageProfileAndDeviceOwners();
7692        if ((mIsWatch || hasUserSetupCompleted(userHandle)) && !isCallerWithSystemUid()) {
7693            throw new IllegalStateException("Cannot set the profile owner on a user which is "
7694                    + "already set-up");
7695        }
7696    }
7697
7698    /**
7699     * The Device owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS
7700     * permission.
7701     */
7702    private void enforceCanSetDeviceOwnerLocked(@Nullable ComponentName owner, int userId,
7703            boolean hasIncompatibleAccountsOrNonAdb) {
7704        if (!isAdb()) {
7705            enforceCanManageProfileAndDeviceOwners();
7706        }
7707
7708        final int code = checkDeviceOwnerProvisioningPreConditionLocked(
7709                owner, userId, isAdb(), hasIncompatibleAccountsOrNonAdb);
7710        switch (code) {
7711            case CODE_OK:
7712                return;
7713            case CODE_HAS_DEVICE_OWNER:
7714                throw new IllegalStateException(
7715                        "Trying to set the device owner, but device owner is already set.");
7716            case CODE_USER_HAS_PROFILE_OWNER:
7717                throw new IllegalStateException("Trying to set the device owner, but the user "
7718                        + "already has a profile owner.");
7719            case CODE_USER_NOT_RUNNING:
7720                throw new IllegalStateException("User not running: " + userId);
7721            case CODE_NOT_SYSTEM_USER:
7722                throw new IllegalStateException("User is not system user");
7723            case CODE_USER_SETUP_COMPLETED:
7724                throw new IllegalStateException(
7725                        "Cannot set the device owner if the device is already set-up");
7726            case CODE_NONSYSTEM_USER_EXISTS:
7727                throw new IllegalStateException("Not allowed to set the device owner because there "
7728                        + "are already several users on the device");
7729            case CODE_ACCOUNTS_NOT_EMPTY:
7730                throw new IllegalStateException("Not allowed to set the device owner because there "
7731                        + "are already some accounts on the device");
7732            case CODE_HAS_PAIRED:
7733                throw new IllegalStateException("Not allowed to set the device owner because this "
7734                        + "device has already paired");
7735            default:
7736                throw new IllegalStateException("Unexpected @ProvisioningPreCondition " + code);
7737        }
7738    }
7739
7740    private void enforceUserUnlocked(int userId) {
7741        // Since we're doing this operation on behalf of an app, we only
7742        // want to use the actual "unlocked" state.
7743        Preconditions.checkState(mUserManager.isUserUnlocked(userId),
7744                "User must be running and unlocked");
7745    }
7746
7747    private void enforceUserUnlocked(@UserIdInt int userId, boolean parent) {
7748        if (parent) {
7749            enforceUserUnlocked(getProfileParentId(userId));
7750        } else {
7751            enforceUserUnlocked(userId);
7752        }
7753    }
7754
7755    private void enforceManageUsers() {
7756        final int callingUid = mInjector.binderGetCallingUid();
7757        if (!(isCallerWithSystemUid() || callingUid == Process.ROOT_UID)) {
7758            mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
7759        }
7760    }
7761
7762    private void enforceFullCrossUsersPermission(int userHandle) {
7763        enforceSystemUserOrPermissionIfCrossUser(userHandle,
7764                android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);
7765    }
7766
7767    private void enforceCrossUsersPermission(int userHandle) {
7768        enforceSystemUserOrPermissionIfCrossUser(userHandle,
7769                android.Manifest.permission.INTERACT_ACROSS_USERS);
7770    }
7771
7772    private void enforceSystemUserOrPermission(String permission) {
7773        if (!(isCallerWithSystemUid() || mInjector.binderGetCallingUid() == Process.ROOT_UID)) {
7774            mContext.enforceCallingOrSelfPermission(permission,
7775                    "Must be system or have " + permission + " permission");
7776        }
7777    }
7778
7779    private void enforceSystemUserOrPermissionIfCrossUser(int userHandle, String permission) {
7780        if (userHandle < 0) {
7781            throw new IllegalArgumentException("Invalid userId " + userHandle);
7782        }
7783        if (userHandle == mInjector.userHandleGetCallingUserId()) {
7784            return;
7785        }
7786        enforceSystemUserOrPermission(permission);
7787    }
7788
7789    private void enforceManagedProfile(int userHandle, String message) {
7790        if(!isManagedProfile(userHandle)) {
7791            throw new SecurityException("You can not " + message + " outside a managed profile.");
7792        }
7793    }
7794
7795    private void enforceNotManagedProfile(int userHandle, String message) {
7796        if(isManagedProfile(userHandle)) {
7797            throw new SecurityException("You can not " + message + " for a managed profile.");
7798        }
7799    }
7800
7801    private void enforceDeviceOwnerOrManageUsers() {
7802        synchronized (this) {
7803            if (getActiveAdminWithPolicyForUidLocked(null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
7804                    mInjector.binderGetCallingUid()) != null) {
7805                return;
7806            }
7807        }
7808        enforceManageUsers();
7809    }
7810
7811    private void enforceProfileOwnerOrSystemUser() {
7812        synchronized (this) {
7813            if (getActiveAdminWithPolicyForUidLocked(null,
7814                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid())
7815                            != null) {
7816                return;
7817            }
7818        }
7819        Preconditions.checkState(isCallerWithSystemUid(),
7820                "Only profile owner, device owner and system may call this method.");
7821    }
7822
7823    private void enforceProfileOwnerOrFullCrossUsersPermission(int userId) {
7824        if (userId == mInjector.userHandleGetCallingUserId()) {
7825            synchronized (this) {
7826                if (getActiveAdminWithPolicyForUidLocked(null,
7827                        DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid())
7828                                != null) {
7829                    // Device Owner/Profile Owner may access the user it runs on.
7830                    return;
7831                }
7832            }
7833        }
7834        // Otherwise, INTERACT_ACROSS_USERS_FULL permission, system UID or root UID is required.
7835        enforceSystemUserOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);
7836    }
7837
7838    private void ensureCallerPackage(@Nullable String packageName) {
7839        if (packageName == null) {
7840            Preconditions.checkState(isCallerWithSystemUid(),
7841                    "Only caller can omit package name");
7842        } else {
7843            final int callingUid = mInjector.binderGetCallingUid();
7844            final int userId = mInjector.userHandleGetCallingUserId();
7845            try {
7846                final ApplicationInfo ai = mIPackageManager.getApplicationInfo(
7847                        packageName, 0, userId);
7848                Preconditions.checkState(ai.uid == callingUid, "Unmatching package name");
7849            } catch (RemoteException e) {
7850                // Shouldn't happen
7851            }
7852        }
7853    }
7854
7855    private boolean isCallerWithSystemUid() {
7856        return UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID);
7857    }
7858
7859    protected int getProfileParentId(int userHandle) {
7860        final long ident = mInjector.binderClearCallingIdentity();
7861        try {
7862            UserInfo parentUser = mUserManager.getProfileParent(userHandle);
7863            return parentUser != null ? parentUser.id : userHandle;
7864        } finally {
7865            mInjector.binderRestoreCallingIdentity(ident);
7866        }
7867    }
7868
7869    private int getCredentialOwner(int userHandle, boolean parent) {
7870        final long ident = mInjector.binderClearCallingIdentity();
7871        try {
7872            if (parent) {
7873                UserInfo parentProfile = mUserManager.getProfileParent(userHandle);
7874                if (parentProfile != null) {
7875                    userHandle = parentProfile.id;
7876                }
7877            }
7878            return mUserManager.getCredentialOwnerProfile(userHandle);
7879        } finally {
7880            mInjector.binderRestoreCallingIdentity(ident);
7881        }
7882    }
7883
7884    private boolean isManagedProfile(int userHandle) {
7885        final UserInfo user = getUserInfo(userHandle);
7886        return user != null && user.isManagedProfile();
7887    }
7888
7889    private void enableIfNecessary(String packageName, int userId) {
7890        try {
7891            final ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName,
7892                    PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, userId);
7893            if (ai.enabledSetting
7894                    == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) {
7895                mIPackageManager.setApplicationEnabledSetting(packageName,
7896                        PackageManager.COMPONENT_ENABLED_STATE_DEFAULT,
7897                        PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager");
7898            }
7899        } catch (RemoteException e) {
7900        }
7901    }
7902
7903    @Override
7904    protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
7905        if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return;
7906
7907        synchronized (this) {
7908            pw.println("Current Device Policy Manager state:");
7909
7910            mOwners.dump("  ", pw);
7911            mDeviceAdminServiceController.dump("  ", pw);
7912            int userCount = mUserData.size();
7913            for (int u = 0; u < userCount; u++) {
7914                DevicePolicyData policy = getUserData(mUserData.keyAt(u));
7915                pw.println();
7916                pw.println("  Enabled Device Admins (User " + policy.mUserHandle
7917                        + ", provisioningState: " + policy.mUserProvisioningState + "):");
7918                final int N = policy.mAdminList.size();
7919                for (int i=0; i<N; i++) {
7920                    ActiveAdmin ap = policy.mAdminList.get(i);
7921                    if (ap != null) {
7922                        pw.print("    "); pw.print(ap.info.getComponent().flattenToShortString());
7923                                pw.println(":");
7924                        ap.dump("      ", pw);
7925                    }
7926                }
7927                if (!policy.mRemovingAdmins.isEmpty()) {
7928                    pw.println("    Removing Device Admins (User " + policy.mUserHandle + "): "
7929                            + policy.mRemovingAdmins);
7930                }
7931
7932                pw.println(" ");
7933                pw.print("    mPasswordOwner="); pw.println(policy.mPasswordOwner);
7934            }
7935            pw.println();
7936            mConstants.dump("  ", pw);
7937            pw.println();
7938            pw.println("  Encryption Status: " + getEncryptionStatusName(getEncryptionStatus()));
7939        }
7940    }
7941
7942    private String getEncryptionStatusName(int encryptionStatus) {
7943        switch (encryptionStatus) {
7944            case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
7945                return "inactive";
7946            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY:
7947                return "block default key";
7948            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
7949                return "block";
7950            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER:
7951                return "per-user";
7952            case DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED:
7953                return "unsupported";
7954            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING:
7955                return "activating";
7956            default:
7957                return "unknown";
7958        }
7959    }
7960
7961    @Override
7962    public void addPersistentPreferredActivity(ComponentName who, IntentFilter filter,
7963            ComponentName activity) {
7964        Preconditions.checkNotNull(who, "ComponentName is null");
7965        final int userHandle = UserHandle.getCallingUserId();
7966        synchronized (this) {
7967            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7968
7969            long id = mInjector.binderClearCallingIdentity();
7970            try {
7971                mIPackageManager.addPersistentPreferredActivity(filter, activity, userHandle);
7972                mIPackageManager.flushPackageRestrictionsAsUser(userHandle);
7973            } catch (RemoteException re) {
7974                // Shouldn't happen
7975            } finally {
7976                mInjector.binderRestoreCallingIdentity(id);
7977            }
7978        }
7979    }
7980
7981    @Override
7982    public void clearPackagePersistentPreferredActivities(ComponentName who, String packageName) {
7983        Preconditions.checkNotNull(who, "ComponentName is null");
7984        final int userHandle = UserHandle.getCallingUserId();
7985        synchronized (this) {
7986            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7987
7988            long id = mInjector.binderClearCallingIdentity();
7989            try {
7990                mIPackageManager.clearPackagePersistentPreferredActivities(packageName, userHandle);
7991                mIPackageManager.flushPackageRestrictionsAsUser(userHandle);
7992            } catch (RemoteException re) {
7993                // Shouldn't happen
7994            } finally {
7995                mInjector.binderRestoreCallingIdentity(id);
7996            }
7997        }
7998    }
7999
8000    @Override
8001    public boolean setApplicationRestrictionsManagingPackage(ComponentName admin,
8002            String packageName) {
8003        try {
8004            setDelegatedScopePreO(admin, packageName, DELEGATION_APP_RESTRICTIONS);
8005        } catch (IllegalArgumentException e) {
8006            return false;
8007        }
8008        return true;
8009    }
8010
8011    @Override
8012    public String getApplicationRestrictionsManagingPackage(ComponentName admin) {
8013        final List<String> delegatePackages = getDelegatePackages(admin,
8014                DELEGATION_APP_RESTRICTIONS);
8015        return delegatePackages.size() > 0 ? delegatePackages.get(0) : null;
8016    }
8017
8018    @Override
8019    public boolean isCallerApplicationRestrictionsManagingPackage(String callerPackage) {
8020        return isCallerDelegate(callerPackage, DELEGATION_APP_RESTRICTIONS);
8021    }
8022
8023    @Override
8024    public void setApplicationRestrictions(ComponentName who, String callerPackage,
8025            String packageName, Bundle settings) {
8026        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8027                DELEGATION_APP_RESTRICTIONS);
8028
8029        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
8030        final long id = mInjector.binderClearCallingIdentity();
8031        try {
8032            mUserManager.setApplicationRestrictions(packageName, settings, userHandle);
8033        } finally {
8034            mInjector.binderRestoreCallingIdentity(id);
8035        }
8036    }
8037
8038    @Override
8039    public void setTrustAgentConfiguration(ComponentName admin, ComponentName agent,
8040            PersistableBundle args, boolean parent) {
8041        if (!mHasFeature) {
8042            return;
8043        }
8044        Preconditions.checkNotNull(admin, "admin is null");
8045        Preconditions.checkNotNull(agent, "agent is null");
8046        final int userHandle = UserHandle.getCallingUserId();
8047        synchronized (this) {
8048            ActiveAdmin ap = getActiveAdminForCallerLocked(admin,
8049                    DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent);
8050            ap.trustAgentInfos.put(agent.flattenToString(), new TrustAgentInfo(args));
8051            saveSettingsLocked(userHandle);
8052        }
8053    }
8054
8055    @Override
8056    public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin,
8057            ComponentName agent, int userHandle, boolean parent) {
8058        if (!mHasFeature) {
8059            return null;
8060        }
8061        Preconditions.checkNotNull(agent, "agent null");
8062        enforceFullCrossUsersPermission(userHandle);
8063
8064        synchronized (this) {
8065            final String componentName = agent.flattenToString();
8066            if (admin != null) {
8067                final ActiveAdmin ap = getActiveAdminUncheckedLocked(admin, userHandle, parent);
8068                if (ap == null) return null;
8069                TrustAgentInfo trustAgentInfo = ap.trustAgentInfos.get(componentName);
8070                if (trustAgentInfo == null || trustAgentInfo.options == null) return null;
8071                List<PersistableBundle> result = new ArrayList<>();
8072                result.add(trustAgentInfo.options);
8073                return result;
8074            }
8075
8076            // Return strictest policy for this user and profiles that are visible from this user.
8077            List<PersistableBundle> result = null;
8078            // Search through all admins that use KEYGUARD_DISABLE_TRUST_AGENTS and keep track
8079            // of the options. If any admin doesn't have options, discard options for the rest
8080            // and return null.
8081            List<ActiveAdmin> admins =
8082                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
8083            boolean allAdminsHaveOptions = true;
8084            final int N = admins.size();
8085            for (int i = 0; i < N; i++) {
8086                final ActiveAdmin active = admins.get(i);
8087
8088                final boolean disablesTrust = (active.disabledKeyguardFeatures
8089                        & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
8090                final TrustAgentInfo info = active.trustAgentInfos.get(componentName);
8091                if (info != null && info.options != null && !info.options.isEmpty()) {
8092                    if (disablesTrust) {
8093                        if (result == null) {
8094                            result = new ArrayList<>();
8095                        }
8096                        result.add(info.options);
8097                    } else {
8098                        Log.w(LOG_TAG, "Ignoring admin " + active.info
8099                                + " because it has trust options but doesn't declare "
8100                                + "KEYGUARD_DISABLE_TRUST_AGENTS");
8101                    }
8102                } else if (disablesTrust) {
8103                    allAdminsHaveOptions = false;
8104                    break;
8105                }
8106            }
8107            return allAdminsHaveOptions ? result : null;
8108        }
8109    }
8110
8111    @Override
8112    public void setRestrictionsProvider(ComponentName who, ComponentName permissionProvider) {
8113        Preconditions.checkNotNull(who, "ComponentName is null");
8114        synchronized (this) {
8115            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8116
8117            int userHandle = UserHandle.getCallingUserId();
8118            DevicePolicyData userData = getUserData(userHandle);
8119            userData.mRestrictionsProvider = permissionProvider;
8120            saveSettingsLocked(userHandle);
8121        }
8122    }
8123
8124    @Override
8125    public ComponentName getRestrictionsProvider(int userHandle) {
8126        synchronized (this) {
8127            if (!isCallerWithSystemUid()) {
8128                throw new SecurityException("Only the system can query the permission provider");
8129            }
8130            DevicePolicyData userData = getUserData(userHandle);
8131            return userData != null ? userData.mRestrictionsProvider : null;
8132        }
8133    }
8134
8135    @Override
8136    public void addCrossProfileIntentFilter(ComponentName who, IntentFilter filter, int flags) {
8137        Preconditions.checkNotNull(who, "ComponentName is null");
8138        int callingUserId = UserHandle.getCallingUserId();
8139        synchronized (this) {
8140            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8141
8142            long id = mInjector.binderClearCallingIdentity();
8143            try {
8144                UserInfo parent = mUserManager.getProfileParent(callingUserId);
8145                if (parent == null) {
8146                    Slog.e(LOG_TAG, "Cannot call addCrossProfileIntentFilter if there is no "
8147                            + "parent");
8148                    return;
8149                }
8150                if ((flags & DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED) != 0) {
8151                    mIPackageManager.addCrossProfileIntentFilter(
8152                            filter, who.getPackageName(), callingUserId, parent.id, 0);
8153                }
8154                if ((flags & DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT) != 0) {
8155                    mIPackageManager.addCrossProfileIntentFilter(filter, who.getPackageName(),
8156                            parent.id, callingUserId, 0);
8157                }
8158            } catch (RemoteException re) {
8159                // Shouldn't happen
8160            } finally {
8161                mInjector.binderRestoreCallingIdentity(id);
8162            }
8163        }
8164    }
8165
8166    @Override
8167    public void clearCrossProfileIntentFilters(ComponentName who) {
8168        Preconditions.checkNotNull(who, "ComponentName is null");
8169        int callingUserId = UserHandle.getCallingUserId();
8170        synchronized (this) {
8171            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8172            long id = mInjector.binderClearCallingIdentity();
8173            try {
8174                UserInfo parent = mUserManager.getProfileParent(callingUserId);
8175                if (parent == null) {
8176                    Slog.e(LOG_TAG, "Cannot call clearCrossProfileIntentFilter if there is no "
8177                            + "parent");
8178                    return;
8179                }
8180                // Removing those that go from the managed profile to the parent.
8181                mIPackageManager.clearCrossProfileIntentFilters(
8182                        callingUserId, who.getPackageName());
8183                // And those that go from the parent to the managed profile.
8184                // If we want to support multiple managed profiles, we will have to only remove
8185                // those that have callingUserId as their target.
8186                mIPackageManager.clearCrossProfileIntentFilters(parent.id, who.getPackageName());
8187            } catch (RemoteException re) {
8188                // Shouldn't happen
8189            } finally {
8190                mInjector.binderRestoreCallingIdentity(id);
8191            }
8192        }
8193    }
8194
8195    /**
8196     * @return true if all packages in enabledPackages are either in the list
8197     * permittedList or are a system app.
8198     */
8199    private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages,
8200            List<String> permittedList, int userIdToCheck) {
8201        long id = mInjector.binderClearCallingIdentity();
8202        try {
8203            // If we have an enabled packages list for a managed profile the packages
8204            // we should check are installed for the parent user.
8205            UserInfo user = getUserInfo(userIdToCheck);
8206            if (user.isManagedProfile()) {
8207                userIdToCheck = user.profileGroupId;
8208            }
8209
8210            for (String enabledPackage : enabledPackages) {
8211                boolean systemService = false;
8212                try {
8213                    ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo(
8214                            enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES,
8215                            userIdToCheck);
8216                    systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
8217                } catch (RemoteException e) {
8218                    Log.i(LOG_TAG, "Can't talk to package managed", e);
8219                }
8220                if (!systemService && !permittedList.contains(enabledPackage)) {
8221                    return false;
8222                }
8223            }
8224        } finally {
8225            mInjector.binderRestoreCallingIdentity(id);
8226        }
8227        return true;
8228    }
8229
8230    private AccessibilityManager getAccessibilityManagerForUser(int userId) {
8231        // Not using AccessibilityManager.getInstance because that guesses
8232        // at the user you require based on callingUid and caches for a given
8233        // process.
8234        IBinder iBinder = ServiceManager.getService(Context.ACCESSIBILITY_SERVICE);
8235        IAccessibilityManager service = iBinder == null
8236                ? null : IAccessibilityManager.Stub.asInterface(iBinder);
8237        return new AccessibilityManager(mContext, service, userId);
8238    }
8239
8240    @Override
8241    public boolean setPermittedAccessibilityServices(ComponentName who, List packageList) {
8242        if (!mHasFeature) {
8243            return false;
8244        }
8245        Preconditions.checkNotNull(who, "ComponentName is null");
8246
8247        if (packageList != null) {
8248            int userId = UserHandle.getCallingUserId();
8249            List<AccessibilityServiceInfo> enabledServices = null;
8250            long id = mInjector.binderClearCallingIdentity();
8251            try {
8252                UserInfo user = getUserInfo(userId);
8253                if (user.isManagedProfile()) {
8254                    userId = user.profileGroupId;
8255                }
8256                AccessibilityManager accessibilityManager = getAccessibilityManagerForUser(userId);
8257                enabledServices = accessibilityManager.getEnabledAccessibilityServiceList(
8258                        AccessibilityServiceInfo.FEEDBACK_ALL_MASK);
8259            } finally {
8260                mInjector.binderRestoreCallingIdentity(id);
8261            }
8262
8263            if (enabledServices != null) {
8264                List<String> enabledPackages = new ArrayList<String>();
8265                for (AccessibilityServiceInfo service : enabledServices) {
8266                    enabledPackages.add(service.getResolveInfo().serviceInfo.packageName);
8267                }
8268                if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList,
8269                        userId)) {
8270                    Slog.e(LOG_TAG, "Cannot set permitted accessibility services, "
8271                            + "because it contains already enabled accesibility services.");
8272                    return false;
8273                }
8274            }
8275        }
8276
8277        synchronized (this) {
8278            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8279                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8280            admin.permittedAccessiblityServices = packageList;
8281            saveSettingsLocked(UserHandle.getCallingUserId());
8282        }
8283        return true;
8284    }
8285
8286    @Override
8287    public List getPermittedAccessibilityServices(ComponentName who) {
8288        if (!mHasFeature) {
8289            return null;
8290        }
8291        Preconditions.checkNotNull(who, "ComponentName is null");
8292
8293        synchronized (this) {
8294            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8295                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8296            return admin.permittedAccessiblityServices;
8297        }
8298    }
8299
8300    @Override
8301    public List getPermittedAccessibilityServicesForUser(int userId) {
8302        if (!mHasFeature) {
8303            return null;
8304        }
8305        synchronized (this) {
8306            List<String> result = null;
8307            // If we have multiple profiles we return the intersection of the
8308            // permitted lists. This can happen in cases where we have a device
8309            // and profile owner.
8310            int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId);
8311            for (int profileId : profileIds) {
8312                // Just loop though all admins, only device or profiles
8313                // owners can have permitted lists set.
8314                DevicePolicyData policy = getUserDataUnchecked(profileId);
8315                final int N = policy.mAdminList.size();
8316                for (int j = 0; j < N; j++) {
8317                    ActiveAdmin admin = policy.mAdminList.get(j);
8318                    List<String> fromAdmin = admin.permittedAccessiblityServices;
8319                    if (fromAdmin != null) {
8320                        if (result == null) {
8321                            result = new ArrayList<>(fromAdmin);
8322                        } else {
8323                            result.retainAll(fromAdmin);
8324                        }
8325                    }
8326                }
8327            }
8328
8329            // If we have a permitted list add all system accessibility services.
8330            if (result != null) {
8331                long id = mInjector.binderClearCallingIdentity();
8332                try {
8333                    UserInfo user = getUserInfo(userId);
8334                    if (user.isManagedProfile()) {
8335                        userId = user.profileGroupId;
8336                    }
8337                    AccessibilityManager accessibilityManager =
8338                            getAccessibilityManagerForUser(userId);
8339                    List<AccessibilityServiceInfo> installedServices =
8340                            accessibilityManager.getInstalledAccessibilityServiceList();
8341
8342                    if (installedServices != null) {
8343                        for (AccessibilityServiceInfo service : installedServices) {
8344                            ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo;
8345                            ApplicationInfo applicationInfo = serviceInfo.applicationInfo;
8346                            if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
8347                                result.add(serviceInfo.packageName);
8348                            }
8349                        }
8350                    }
8351                } finally {
8352                    mInjector.binderRestoreCallingIdentity(id);
8353                }
8354            }
8355
8356            return result;
8357        }
8358    }
8359
8360    @Override
8361    public boolean isAccessibilityServicePermittedByAdmin(ComponentName who, String packageName,
8362            int userHandle) {
8363        if (!mHasFeature) {
8364            return true;
8365        }
8366        Preconditions.checkNotNull(who, "ComponentName is null");
8367        Preconditions.checkStringNotEmpty(packageName, "packageName is null");
8368        if (!isCallerWithSystemUid()){
8369            throw new SecurityException(
8370                    "Only the system can query if an accessibility service is disabled by admin");
8371        }
8372        synchronized (this) {
8373            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
8374            if (admin == null) {
8375                return false;
8376            }
8377            if (admin.permittedAccessiblityServices == null) {
8378                return true;
8379            }
8380            return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName),
8381                    admin.permittedAccessiblityServices, userHandle);
8382        }
8383    }
8384
8385    private boolean checkCallerIsCurrentUserOrProfile() {
8386        final int callingUserId = UserHandle.getCallingUserId();
8387        final long token = mInjector.binderClearCallingIdentity();
8388        try {
8389            UserInfo currentUser;
8390            UserInfo callingUser = getUserInfo(callingUserId);
8391            try {
8392                currentUser = mInjector.getIActivityManager().getCurrentUser();
8393            } catch (RemoteException e) {
8394                Slog.e(LOG_TAG, "Failed to talk to activity managed.", e);
8395                return false;
8396            }
8397
8398            if (callingUser.isManagedProfile() && callingUser.profileGroupId != currentUser.id) {
8399                Slog.e(LOG_TAG, "Cannot set permitted input methods for managed profile "
8400                        + "of a user that isn't the foreground user.");
8401                return false;
8402            }
8403            if (!callingUser.isManagedProfile() && callingUserId != currentUser.id ) {
8404                Slog.e(LOG_TAG, "Cannot set permitted input methods "
8405                        + "of a user that isn't the foreground user.");
8406                return false;
8407            }
8408        } finally {
8409            mInjector.binderRestoreCallingIdentity(token);
8410        }
8411        return true;
8412    }
8413
8414    @Override
8415    public boolean setPermittedInputMethods(ComponentName who, List packageList) {
8416        if (!mHasFeature) {
8417            return false;
8418        }
8419        Preconditions.checkNotNull(who, "ComponentName is null");
8420
8421        // TODO When InputMethodManager supports per user calls remove
8422        //      this restriction.
8423        if (!checkCallerIsCurrentUserOrProfile()) {
8424            return false;
8425        }
8426
8427        final int callingUserId = mInjector.userHandleGetCallingUserId();
8428        if (packageList != null) {
8429            // InputMethodManager fetches input methods for current user.
8430            // So this can only be set when calling user is the current user
8431            // or parent is current user in case of managed profiles.
8432            InputMethodManager inputMethodManager =
8433                    mContext.getSystemService(InputMethodManager.class);
8434            List<InputMethodInfo> enabledImes = inputMethodManager.getEnabledInputMethodList();
8435
8436            if (enabledImes != null) {
8437                List<String> enabledPackages = new ArrayList<String>();
8438                for (InputMethodInfo ime : enabledImes) {
8439                    enabledPackages.add(ime.getPackageName());
8440                }
8441                if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList,
8442                        callingUserId)) {
8443                    Slog.e(LOG_TAG, "Cannot set permitted input methods, "
8444                            + "because it contains already enabled input method.");
8445                    return false;
8446                }
8447            }
8448        }
8449
8450        synchronized (this) {
8451            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8452                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8453            admin.permittedInputMethods = packageList;
8454            saveSettingsLocked(callingUserId);
8455        }
8456        return true;
8457    }
8458
8459    @Override
8460    public List getPermittedInputMethods(ComponentName who) {
8461        if (!mHasFeature) {
8462            return null;
8463        }
8464        Preconditions.checkNotNull(who, "ComponentName is null");
8465
8466        synchronized (this) {
8467            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8468                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8469            return admin.permittedInputMethods;
8470        }
8471    }
8472
8473    @Override
8474    public List getPermittedInputMethodsForCurrentUser() {
8475        UserInfo currentUser;
8476        try {
8477            currentUser = mInjector.getIActivityManager().getCurrentUser();
8478        } catch (RemoteException e) {
8479            Slog.e(LOG_TAG, "Failed to make remote calls to get current user", e);
8480            // Activity managed is dead, just allow all IMEs
8481            return null;
8482        }
8483
8484        int userId = currentUser.id;
8485        synchronized (this) {
8486            List<String> result = null;
8487            // If we have multiple profiles we return the intersection of the
8488            // permitted lists. This can happen in cases where we have a device
8489            // and profile owner.
8490            int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId);
8491            for (int profileId : profileIds) {
8492                // Just loop though all admins, only device or profiles
8493                // owners can have permitted lists set.
8494                DevicePolicyData policy = getUserDataUnchecked(profileId);
8495                final int N = policy.mAdminList.size();
8496                for (int j = 0; j < N; j++) {
8497                    ActiveAdmin admin = policy.mAdminList.get(j);
8498                    List<String> fromAdmin = admin.permittedInputMethods;
8499                    if (fromAdmin != null) {
8500                        if (result == null) {
8501                            result = new ArrayList<String>(fromAdmin);
8502                        } else {
8503                            result.retainAll(fromAdmin);
8504                        }
8505                    }
8506                }
8507            }
8508
8509            // If we have a permitted list add all system input methods.
8510            if (result != null) {
8511                InputMethodManager inputMethodManager =
8512                        mContext.getSystemService(InputMethodManager.class);
8513                List<InputMethodInfo> imes = inputMethodManager.getInputMethodList();
8514                long id = mInjector.binderClearCallingIdentity();
8515                try {
8516                    if (imes != null) {
8517                        for (InputMethodInfo ime : imes) {
8518                            ServiceInfo serviceInfo = ime.getServiceInfo();
8519                            ApplicationInfo applicationInfo = serviceInfo.applicationInfo;
8520                            if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
8521                                result.add(serviceInfo.packageName);
8522                            }
8523                        }
8524                    }
8525                } finally {
8526                    mInjector.binderRestoreCallingIdentity(id);
8527                }
8528            }
8529            return result;
8530        }
8531    }
8532
8533    @Override
8534    public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName,
8535            int userHandle) {
8536        if (!mHasFeature) {
8537            return true;
8538        }
8539        Preconditions.checkNotNull(who, "ComponentName is null");
8540        Preconditions.checkStringNotEmpty(packageName, "packageName is null");
8541        if (!isCallerWithSystemUid()) {
8542            throw new SecurityException(
8543                    "Only the system can query if an input method is disabled by admin");
8544        }
8545        synchronized (this) {
8546            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
8547            if (admin == null) {
8548                return false;
8549            }
8550            if (admin.permittedInputMethods == null) {
8551                return true;
8552            }
8553            return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName),
8554                    admin.permittedInputMethods, userHandle);
8555        }
8556    }
8557
8558    @Override
8559    public boolean setPermittedCrossProfileNotificationListeners(
8560            ComponentName who, List<String> packageList) {
8561        if (!mHasFeature) {
8562            return false;
8563        }
8564        Preconditions.checkNotNull(who, "ComponentName is null");
8565
8566        final int callingUserId = mInjector.userHandleGetCallingUserId();
8567        if (!isManagedProfile(callingUserId)) {
8568            return false;
8569        }
8570
8571        synchronized (this) {
8572            ActiveAdmin admin = getActiveAdminForCallerLocked(
8573                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8574            admin.permittedNotificationListeners = packageList;
8575            saveSettingsLocked(callingUserId);
8576        }
8577        return true;
8578    }
8579
8580    @Override
8581    public List<String> getPermittedCrossProfileNotificationListeners(ComponentName who) {
8582        if (!mHasFeature) {
8583            return null;
8584        }
8585        Preconditions.checkNotNull(who, "ComponentName is null");
8586
8587        synchronized (this) {
8588            ActiveAdmin admin = getActiveAdminForCallerLocked(
8589                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8590            return admin.permittedNotificationListeners;
8591        }
8592    }
8593
8594    @Override
8595    public boolean isNotificationListenerServicePermitted(String packageName, int userId) {
8596        if (!mHasFeature) {
8597            return true;
8598        }
8599
8600        Preconditions.checkStringNotEmpty(packageName, "packageName is null or empty");
8601        if (!isCallerWithSystemUid()) {
8602            throw new SecurityException(
8603                    "Only the system can query if a notification listener service is permitted");
8604        }
8605        synchronized (this) {
8606            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
8607            if (profileOwner == null || profileOwner.permittedNotificationListeners == null) {
8608                return true;
8609            }
8610            return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName),
8611                    profileOwner.permittedNotificationListeners, userId);
8612
8613        }
8614    }
8615
8616    private void maybeSendAdminEnabledBroadcastLocked(int userHandle) {
8617        DevicePolicyData policyData = getUserData(userHandle);
8618        if (policyData.mAdminBroadcastPending) {
8619            // Send the initialization data to profile owner and delete the data
8620            ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle);
8621            boolean clearInitBundle = true;
8622            if (admin != null) {
8623                PersistableBundle initBundle = policyData.mInitBundle;
8624                clearInitBundle = sendAdminCommandLocked(admin,
8625                        DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED,
8626                        initBundle == null ? null : new Bundle(initBundle),
8627                        null /* result receiver */,
8628                        true /* send in foreground */);
8629            }
8630            if (clearInitBundle) {
8631                // If there's no admin or we've successfully called the admin, clear the init bundle
8632                // otherwise, keep it around
8633                policyData.mInitBundle = null;
8634                policyData.mAdminBroadcastPending = false;
8635                saveSettingsLocked(userHandle);
8636            }
8637        }
8638    }
8639
8640    @Override
8641    public UserHandle createAndManageUser(ComponentName admin, String name,
8642            ComponentName profileOwner, PersistableBundle adminExtras, int flags) {
8643        Preconditions.checkNotNull(admin, "admin is null");
8644        Preconditions.checkNotNull(profileOwner, "profileOwner is null");
8645        if (!admin.getPackageName().equals(profileOwner.getPackageName())) {
8646            throw new IllegalArgumentException("profileOwner " + profileOwner + " and admin "
8647                    + admin + " are not in the same package");
8648        }
8649        // Only allow the system user to use this method
8650        if (!mInjector.binderGetCallingUserHandle().isSystem()) {
8651            throw new SecurityException("createAndManageUser was called from non-system user");
8652        }
8653        final boolean ephemeral = (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0;
8654        final boolean demo = (flags & DevicePolicyManager.MAKE_USER_DEMO) != 0
8655                && UserManager.isDeviceInDemoMode(mContext);
8656        final boolean leaveAllSystemAppsEnabled = (flags & LEAVE_ALL_SYSTEM_APPS_ENABLED) != 0;
8657        // Create user.
8658        UserHandle user = null;
8659        synchronized (this) {
8660            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8661
8662            final long id = mInjector.binderClearCallingIdentity();
8663            try {
8664                int userInfoFlags = 0;
8665                if (ephemeral) {
8666                    userInfoFlags |= UserInfo.FLAG_EPHEMERAL;
8667                }
8668                if (demo) {
8669                    userInfoFlags |= UserInfo.FLAG_DEMO;
8670                }
8671                String[] disallowedPackages = null;
8672                if (!leaveAllSystemAppsEnabled) {
8673                    disallowedPackages = mOverlayPackagesProvider.getNonRequiredApps(admin,
8674                            UserHandle.myUserId(), ACTION_PROVISION_MANAGED_USER).toArray(
8675                            new String[0]);
8676                }
8677                UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name,
8678                        userInfoFlags, disallowedPackages);
8679                if (userInfo != null) {
8680                    user = userInfo.getUserHandle();
8681                }
8682            } finally {
8683                mInjector.binderRestoreCallingIdentity(id);
8684            }
8685        }
8686        if (user == null) {
8687            return null;
8688        }
8689
8690        final int userHandle = user.getIdentifier();
8691        final Intent intent = new Intent(DevicePolicyManager.ACTION_MANAGED_USER_CREATED)
8692                .putExtra(Intent.EXTRA_USER_HANDLE, userHandle)
8693                .putExtra(
8694                        DevicePolicyManager.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED,
8695                        leaveAllSystemAppsEnabled)
8696                .setPackage(MANAGED_PROVISIONING_PKG)
8697                .addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
8698        mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM);
8699
8700        final long id = mInjector.binderClearCallingIdentity();
8701        try {
8702            final String adminPkg = admin.getPackageName();
8703            try {
8704                // Install the profile owner if not present.
8705                if (!mIPackageManager.isPackageAvailable(adminPkg, userHandle)) {
8706                    mIPackageManager.installExistingPackageAsUser(adminPkg, userHandle,
8707                            0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY);
8708                }
8709            } catch (RemoteException e) {
8710                // Does not happen, same process
8711            }
8712
8713            // Set admin.
8714            setActiveAdmin(profileOwner, true, userHandle);
8715            final String ownerName = getProfileOwnerName(Process.myUserHandle().getIdentifier());
8716            setProfileOwner(profileOwner, ownerName, userHandle);
8717
8718            synchronized (this) {
8719                DevicePolicyData policyData = getUserData(userHandle);
8720                policyData.mInitBundle = adminExtras;
8721                policyData.mAdminBroadcastPending = true;
8722                saveSettingsLocked(userHandle);
8723            }
8724
8725            if ((flags & DevicePolicyManager.SKIP_SETUP_WIZARD) != 0) {
8726                Settings.Secure.putIntForUser(mContext.getContentResolver(),
8727                        Settings.Secure.USER_SETUP_COMPLETE, 1, userHandle);
8728            }
8729
8730            return user;
8731        } catch (Throwable re) {
8732            mUserManager.removeUser(userHandle);
8733            return null;
8734        } finally {
8735            mInjector.binderRestoreCallingIdentity(id);
8736        }
8737    }
8738
8739    @Override
8740    public boolean removeUser(ComponentName who, UserHandle userHandle) {
8741        Preconditions.checkNotNull(who, "ComponentName is null");
8742        Preconditions.checkNotNull(userHandle, "UserHandle is null");
8743
8744        synchronized (this) {
8745            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8746        }
8747
8748        final int callingUserId = mInjector.userHandleGetCallingUserId();
8749        final long id = mInjector.binderClearCallingIdentity();
8750        try {
8751            String restriction = isManagedProfile(userHandle.getIdentifier())
8752                    ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE
8753                    : UserManager.DISALLOW_REMOVE_USER;
8754            if (isAdminAffectedByRestriction(who, restriction, callingUserId)) {
8755                Log.w(LOG_TAG, "The device owner cannot remove a user because "
8756                        + restriction + " is enabled, and was not set by the device owner");
8757                return false;
8758            }
8759            return mUserManagerInternal.removeUserEvenWhenDisallowed(userHandle.getIdentifier());
8760        } finally {
8761            mInjector.binderRestoreCallingIdentity(id);
8762        }
8763    }
8764
8765    private boolean isAdminAffectedByRestriction(
8766            ComponentName admin, String userRestriction, int userId) {
8767        switch(mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId))) {
8768            case UserManager.RESTRICTION_NOT_SET:
8769                return false;
8770            case UserManager.RESTRICTION_SOURCE_DEVICE_OWNER:
8771                return !isDeviceOwner(admin, userId);
8772            case UserManager.RESTRICTION_SOURCE_PROFILE_OWNER:
8773                return !isProfileOwner(admin, userId);
8774            default:
8775                return true;
8776        }
8777    }
8778
8779    @Override
8780    public boolean switchUser(ComponentName who, UserHandle userHandle) {
8781        Preconditions.checkNotNull(who, "ComponentName is null");
8782
8783        synchronized (this) {
8784            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8785
8786            long id = mInjector.binderClearCallingIdentity();
8787            try {
8788                int userId = UserHandle.USER_SYSTEM;
8789                if (userHandle != null) {
8790                    userId = userHandle.getIdentifier();
8791                }
8792                return mInjector.getIActivityManager().switchUser(userId);
8793            } catch (RemoteException e) {
8794                Log.e(LOG_TAG, "Couldn't switch user", e);
8795                return false;
8796            } finally {
8797                mInjector.binderRestoreCallingIdentity(id);
8798            }
8799        }
8800    }
8801
8802    @Override
8803    public boolean startUserInBackground(ComponentName who, UserHandle userHandle) {
8804        Preconditions.checkNotNull(who, "ComponentName is null");
8805        Preconditions.checkNotNull(userHandle, "UserHandle is null");
8806
8807        synchronized (this) {
8808            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8809        }
8810
8811        final int userId = userHandle.getIdentifier();
8812        if (isManagedProfile(userId)) {
8813            Log.w(LOG_TAG, "Managed profile cannot be started in background");
8814            return false;
8815        }
8816
8817        final long id = mInjector.binderClearCallingIdentity();
8818        try {
8819            if (!mInjector.getActivityManagerInternal().canStartMoreUsers()) {
8820                Log.w(LOG_TAG, "Cannot start more users in background");
8821                return false;
8822            }
8823
8824            return mInjector.getIActivityManager().startUserInBackground(userId);
8825        } catch (RemoteException e) {
8826            // Same process, should not happen.
8827            return false;
8828        } finally {
8829            mInjector.binderRestoreCallingIdentity(id);
8830        }
8831    }
8832
8833    @Override
8834    public boolean stopUser(ComponentName who, UserHandle userHandle) {
8835        Preconditions.checkNotNull(who, "ComponentName is null");
8836        Preconditions.checkNotNull(userHandle, "UserHandle is null");
8837
8838        synchronized (this) {
8839            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8840        }
8841
8842        final int userId = userHandle.getIdentifier();
8843        if (isManagedProfile(userId)) {
8844            Log.w(LOG_TAG, "Managed profile cannot be stopped");
8845            return false;
8846        }
8847
8848        final long id = mInjector.binderClearCallingIdentity();
8849        try {
8850            return mInjector.getIActivityManager().stopUser(userId, true /*force*/, null)
8851                    == USER_OP_SUCCESS;
8852        } catch (RemoteException e) {
8853            // Same process, should not happen.
8854            return false;
8855        } finally {
8856            mInjector.binderRestoreCallingIdentity(id);
8857        }
8858    }
8859
8860    @Override
8861    public boolean logoutUser(ComponentName who) {
8862        Preconditions.checkNotNull(who, "ComponentName is null");
8863
8864        final int callingUserId = mInjector.userHandleGetCallingUserId();
8865        synchronized (this) {
8866            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8867            if (!isUserAffiliatedWithDeviceLocked(callingUserId)) {
8868                throw new SecurityException("Admin " + who +
8869                        " is neither the device owner or affiliated user's profile owner.");
8870            }
8871        }
8872
8873        if (isManagedProfile(callingUserId)) {
8874            Log.w(LOG_TAG, "Managed profile cannot be logout");
8875            return false;
8876        }
8877
8878        final long id = mInjector.binderClearCallingIdentity();
8879        try {
8880            if (!mInjector.getIActivityManager().switchUser(UserHandle.USER_SYSTEM)) {
8881                Log.w(LOG_TAG, "Failed to switch to primary user");
8882                return false;
8883            }
8884            return mInjector.getIActivityManager().stopUser(callingUserId, true /*force*/, null)
8885                    == USER_OP_SUCCESS;
8886        } catch (RemoteException e) {
8887            // Same process, should not happen.
8888            return false;
8889        } finally {
8890            mInjector.binderRestoreCallingIdentity(id);
8891        }
8892    }
8893
8894    @Override
8895    public List<UserHandle> getSecondaryUsers(ComponentName who) {
8896        Preconditions.checkNotNull(who, "ComponentName is null");
8897        synchronized (this) {
8898            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8899        }
8900
8901        final long id = mInjector.binderClearCallingIdentity();
8902        try {
8903            final List<UserInfo> userInfos = mInjector.getUserManager().getUsers(true
8904                    /*excludeDying*/);
8905            final List<UserHandle> userHandles = new ArrayList<>();
8906            for (UserInfo userInfo : userInfos) {
8907                UserHandle userHandle = userInfo.getUserHandle();
8908                if (!userHandle.isSystem() && !isManagedProfile(userHandle.getIdentifier())) {
8909                    userHandles.add(userInfo.getUserHandle());
8910                }
8911            }
8912            return userHandles;
8913        } finally {
8914            mInjector.binderRestoreCallingIdentity(id);
8915        }
8916    }
8917
8918    @Override
8919    public boolean isEphemeralUser(ComponentName who) {
8920        Preconditions.checkNotNull(who, "ComponentName is null");
8921        synchronized (this) {
8922            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8923        }
8924
8925        final int callingUserId = mInjector.userHandleGetCallingUserId();
8926        final long id = mInjector.binderClearCallingIdentity();
8927        try {
8928            return mInjector.getUserManager().isUserEphemeral(callingUserId);
8929        } finally {
8930            mInjector.binderRestoreCallingIdentity(id);
8931        }
8932    }
8933
8934    @Override
8935    public Bundle getApplicationRestrictions(ComponentName who, String callerPackage,
8936            String packageName) {
8937        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8938                DELEGATION_APP_RESTRICTIONS);
8939
8940        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
8941        final long id = mInjector.binderClearCallingIdentity();
8942        try {
8943           Bundle bundle = mUserManager.getApplicationRestrictions(packageName, userHandle);
8944           // if no restrictions were saved, mUserManager.getApplicationRestrictions
8945           // returns null, but DPM method should return an empty Bundle as per JavaDoc
8946           return bundle != null ? bundle : Bundle.EMPTY;
8947        } finally {
8948            mInjector.binderRestoreCallingIdentity(id);
8949        }
8950    }
8951
8952    @Override
8953    public String[] setPackagesSuspended(ComponentName who, String callerPackage,
8954            String[] packageNames, boolean suspended) {
8955        int callingUserId = UserHandle.getCallingUserId();
8956        synchronized (this) {
8957            // Ensure the caller is a DO/PO or a package access delegate.
8958            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8959                    DELEGATION_PACKAGE_ACCESS);
8960
8961            long id = mInjector.binderClearCallingIdentity();
8962            try {
8963                return mIPackageManager.setPackagesSuspendedAsUser(
8964                        packageNames, suspended, callingUserId);
8965            } catch (RemoteException re) {
8966                // Shouldn't happen.
8967                Slog.e(LOG_TAG, "Failed talking to the package manager", re);
8968            } finally {
8969                mInjector.binderRestoreCallingIdentity(id);
8970            }
8971            return packageNames;
8972        }
8973    }
8974
8975    @Override
8976    public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) {
8977        int callingUserId = UserHandle.getCallingUserId();
8978        synchronized (this) {
8979            // Ensure the caller is a DO/PO or a package access delegate.
8980            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8981                    DELEGATION_PACKAGE_ACCESS);
8982
8983            long id = mInjector.binderClearCallingIdentity();
8984            try {
8985                return mIPackageManager.isPackageSuspendedForUser(packageName, callingUserId);
8986            } catch (RemoteException re) {
8987                // Shouldn't happen.
8988                Slog.e(LOG_TAG, "Failed talking to the package manager", re);
8989            } finally {
8990                mInjector.binderRestoreCallingIdentity(id);
8991            }
8992            return false;
8993        }
8994    }
8995
8996    @Override
8997    public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) {
8998        Preconditions.checkNotNull(who, "ComponentName is null");
8999        if (!UserRestrictionsUtils.isValidRestriction(key)) {
9000            return;
9001        }
9002
9003        final int userHandle = mInjector.userHandleGetCallingUserId();
9004        synchronized (this) {
9005            final ActiveAdmin activeAdmin =
9006                    getActiveAdminForCallerLocked(who,
9007                            DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9008            final boolean isDeviceOwner = isDeviceOwner(who, userHandle);
9009            if (isDeviceOwner) {
9010                if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) {
9011                    throw new SecurityException("Device owner cannot set user restriction " + key);
9012                }
9013            } else { // profile owner
9014                if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) {
9015                    throw new SecurityException("Profile owner cannot set user restriction " + key);
9016                }
9017            }
9018
9019            // Save the restriction to ActiveAdmin.
9020            final Bundle restrictions = activeAdmin.ensureUserRestrictions();
9021            if (enabledFromThisOwner) {
9022                restrictions.putBoolean(key, true);
9023            } else {
9024                restrictions.remove(key);
9025            }
9026            saveUserRestrictionsLocked(userHandle);
9027        }
9028    }
9029
9030    private void saveUserRestrictionsLocked(int userId) {
9031        saveSettingsLocked(userId);
9032        pushUserRestrictions(userId);
9033        sendChangedNotification(userId);
9034    }
9035
9036    private void pushUserRestrictions(int userId) {
9037        synchronized (this) {
9038            final boolean isDeviceOwner = mOwners.isDeviceOwnerUserId(userId);
9039            final Bundle userRestrictions;
9040            // Whether device owner enforces camera restriction.
9041            boolean disallowCameraGlobally = false;
9042
9043            if (isDeviceOwner) {
9044                final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
9045                if (deviceOwner == null) {
9046                    return; // Shouldn't happen.
9047                }
9048                userRestrictions = deviceOwner.userRestrictions;
9049                // DO can disable camera globally.
9050                disallowCameraGlobally = deviceOwner.disableCamera;
9051            } else {
9052                final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
9053                userRestrictions = profileOwner != null ? profileOwner.userRestrictions : null;
9054            }
9055
9056            // Whether any admin enforces camera restriction.
9057            final int cameraRestrictionScope =
9058                    getCameraRestrictionScopeLocked(userId, disallowCameraGlobally);
9059
9060            mUserManagerInternal.setDevicePolicyUserRestrictions(userId, userRestrictions,
9061                    isDeviceOwner, cameraRestrictionScope);
9062        }
9063    }
9064
9065    /**
9066     * Get the scope of camera restriction for a given user if any.
9067     */
9068    private int getCameraRestrictionScopeLocked(int userId, boolean disallowCameraGlobally) {
9069        if (disallowCameraGlobally) {
9070            return UserManagerInternal.CAMERA_DISABLED_GLOBALLY;
9071        } else if (getCameraDisabled(
9072                /* who= */ null, userId, /* mergeDeviceOwnerRestriction= */ false)) {
9073            return UserManagerInternal.CAMERA_DISABLED_LOCALLY;
9074        }
9075        return UserManagerInternal.CAMERA_NOT_DISABLED;
9076    }
9077
9078    @Override
9079    public Bundle getUserRestrictions(ComponentName who) {
9080        if (!mHasFeature) {
9081            return null;
9082        }
9083        Preconditions.checkNotNull(who, "ComponentName is null");
9084        synchronized (this) {
9085            final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who,
9086                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9087            return activeAdmin.userRestrictions;
9088        }
9089    }
9090
9091    @Override
9092    public boolean setApplicationHidden(ComponentName who, String callerPackage, String packageName,
9093            boolean hidden) {
9094        int callingUserId = UserHandle.getCallingUserId();
9095        synchronized (this) {
9096            // Ensure the caller is a DO/PO or a package access delegate.
9097            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9098                    DELEGATION_PACKAGE_ACCESS);
9099
9100            long id = mInjector.binderClearCallingIdentity();
9101            try {
9102                return mIPackageManager.setApplicationHiddenSettingAsUser(
9103                        packageName, hidden, callingUserId);
9104            } catch (RemoteException re) {
9105                // shouldn't happen
9106                Slog.e(LOG_TAG, "Failed to setApplicationHiddenSetting", re);
9107            } finally {
9108                mInjector.binderRestoreCallingIdentity(id);
9109            }
9110            return false;
9111        }
9112    }
9113
9114    @Override
9115    public boolean isApplicationHidden(ComponentName who, String callerPackage,
9116            String packageName) {
9117        int callingUserId = UserHandle.getCallingUserId();
9118        synchronized (this) {
9119            // Ensure the caller is a DO/PO or a package access delegate.
9120            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9121                    DELEGATION_PACKAGE_ACCESS);
9122
9123            long id = mInjector.binderClearCallingIdentity();
9124            try {
9125                return mIPackageManager.getApplicationHiddenSettingAsUser(
9126                        packageName, callingUserId);
9127            } catch (RemoteException re) {
9128                // shouldn't happen
9129                Slog.e(LOG_TAG, "Failed to getApplicationHiddenSettingAsUser", re);
9130            } finally {
9131                mInjector.binderRestoreCallingIdentity(id);
9132            }
9133            return false;
9134        }
9135    }
9136
9137    @Override
9138    public void enableSystemApp(ComponentName who, String callerPackage, String packageName) {
9139        synchronized (this) {
9140            // Ensure the caller is a DO/PO or an enable system app delegate.
9141            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9142                    DELEGATION_ENABLE_SYSTEM_APP);
9143
9144            final boolean isDemo = isCurrentUserDemo();
9145
9146            int userId = UserHandle.getCallingUserId();
9147            long id = mInjector.binderClearCallingIdentity();
9148
9149            try {
9150                if (VERBOSE_LOG) {
9151                    Slog.v(LOG_TAG, "installing " + packageName + " for "
9152                            + userId);
9153                }
9154
9155                int parentUserId = getProfileParentId(userId);
9156                if (!isDemo && !isSystemApp(mIPackageManager, packageName, parentUserId)) {
9157                    throw new IllegalArgumentException("Only system apps can be enabled this way.");
9158                }
9159
9160                // Install the app.
9161                mIPackageManager.installExistingPackageAsUser(packageName, userId,
9162                        0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY);
9163                if (isDemo) {
9164                    // Ensure the app is also ENABLED for demo users.
9165                    mIPackageManager.setApplicationEnabledSetting(packageName,
9166                            PackageManager.COMPONENT_ENABLED_STATE_ENABLED,
9167                            PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager");
9168                }
9169            } catch (RemoteException re) {
9170                // shouldn't happen
9171                Slog.wtf(LOG_TAG, "Failed to install " + packageName, re);
9172            } finally {
9173                mInjector.binderRestoreCallingIdentity(id);
9174            }
9175        }
9176    }
9177
9178    @Override
9179    public int enableSystemAppWithIntent(ComponentName who, String callerPackage, Intent intent) {
9180        synchronized (this) {
9181            // Ensure the caller is a DO/PO or an enable system app delegate.
9182            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9183                    DELEGATION_ENABLE_SYSTEM_APP);
9184
9185            int userId = UserHandle.getCallingUserId();
9186            long id = mInjector.binderClearCallingIdentity();
9187
9188            try {
9189                int parentUserId = getProfileParentId(userId);
9190                List<ResolveInfo> activitiesToEnable = mIPackageManager
9191                        .queryIntentActivities(intent,
9192                                intent.resolveTypeIfNeeded(mContext.getContentResolver()),
9193                                PackageManager.MATCH_DIRECT_BOOT_AWARE
9194                                        | PackageManager.MATCH_DIRECT_BOOT_UNAWARE,
9195                                parentUserId)
9196                        .getList();
9197
9198                if (VERBOSE_LOG) {
9199                    Slog.d(LOG_TAG, "Enabling system activities: " + activitiesToEnable);
9200                }
9201                int numberOfAppsInstalled = 0;
9202                if (activitiesToEnable != null) {
9203                    for (ResolveInfo info : activitiesToEnable) {
9204                        if (info.activityInfo != null) {
9205                            String packageName = info.activityInfo.packageName;
9206                            if (isSystemApp(mIPackageManager, packageName, parentUserId)) {
9207                                numberOfAppsInstalled++;
9208                                mIPackageManager.installExistingPackageAsUser(packageName, userId,
9209                                        0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY);
9210                            } else {
9211                                Slog.d(LOG_TAG, "Not enabling " + packageName + " since is not a"
9212                                        + " system app");
9213                            }
9214                        }
9215                    }
9216                }
9217                return numberOfAppsInstalled;
9218            } catch (RemoteException e) {
9219                // shouldn't happen
9220                Slog.wtf(LOG_TAG, "Failed to resolve intent for: " + intent);
9221                return 0;
9222            } finally {
9223                mInjector.binderRestoreCallingIdentity(id);
9224            }
9225        }
9226    }
9227
9228    private boolean isSystemApp(IPackageManager pm, String packageName, int userId)
9229            throws RemoteException {
9230        ApplicationInfo appInfo = pm.getApplicationInfo(packageName, MATCH_UNINSTALLED_PACKAGES,
9231                userId);
9232        if (appInfo == null) {
9233            throw new IllegalArgumentException("The application " + packageName +
9234                    " is not present on this device");
9235        }
9236        return (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
9237    }
9238
9239    @Override
9240    public boolean installExistingPackage(ComponentName who, String callerPackage,
9241            String packageName) {
9242        synchronized (this) {
9243            // Ensure the caller is a PO or an install existing package delegate
9244            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9245                    DELEGATION_INSTALL_EXISTING_PACKAGE);
9246            final int callingUserId = mInjector.userHandleGetCallingUserId();
9247            if (!isUserAffiliatedWithDeviceLocked(callingUserId)) {
9248                throw new SecurityException("Admin " + who +
9249                        " is neither the device owner or affiliated user's profile owner.");
9250            }
9251
9252            final long id = mInjector.binderClearCallingIdentity();
9253            try {
9254                if (VERBOSE_LOG) {
9255                    Slog.v(LOG_TAG, "installing " + packageName + " for "
9256                            + callingUserId);
9257                }
9258
9259                // Install the package.
9260                return mIPackageManager.installExistingPackageAsUser(packageName, callingUserId,
9261                        0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY)
9262                        == PackageManager.INSTALL_SUCCEEDED;
9263            } catch (RemoteException re) {
9264                // shouldn't happen
9265                return false;
9266            } finally {
9267                mInjector.binderRestoreCallingIdentity(id);
9268            }
9269        }
9270    }
9271
9272    @Override
9273    public void setAccountManagementDisabled(ComponentName who, String accountType,
9274            boolean disabled) {
9275        if (!mHasFeature) {
9276            return;
9277        }
9278        Preconditions.checkNotNull(who, "ComponentName is null");
9279        synchronized (this) {
9280            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
9281                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9282            if (disabled) {
9283                ap.accountTypesWithManagementDisabled.add(accountType);
9284            } else {
9285                ap.accountTypesWithManagementDisabled.remove(accountType);
9286            }
9287            saveSettingsLocked(UserHandle.getCallingUserId());
9288        }
9289    }
9290
9291    @Override
9292    public String[] getAccountTypesWithManagementDisabled() {
9293        return getAccountTypesWithManagementDisabledAsUser(UserHandle.getCallingUserId());
9294    }
9295
9296    @Override
9297    public String[] getAccountTypesWithManagementDisabledAsUser(int userId) {
9298        enforceFullCrossUsersPermission(userId);
9299        if (!mHasFeature) {
9300            return null;
9301        }
9302        synchronized (this) {
9303            DevicePolicyData policy = getUserData(userId);
9304            final int N = policy.mAdminList.size();
9305            ArraySet<String> resultSet = new ArraySet<>();
9306            for (int i = 0; i < N; i++) {
9307                ActiveAdmin admin = policy.mAdminList.get(i);
9308                resultSet.addAll(admin.accountTypesWithManagementDisabled);
9309            }
9310            return resultSet.toArray(new String[resultSet.size()]);
9311        }
9312    }
9313
9314    @Override
9315    public void setUninstallBlocked(ComponentName who, String callerPackage, String packageName,
9316            boolean uninstallBlocked) {
9317        final int userId = UserHandle.getCallingUserId();
9318        synchronized (this) {
9319            // Ensure the caller is a DO/PO or a block uninstall delegate
9320            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9321                    DELEGATION_BLOCK_UNINSTALL);
9322
9323            long id = mInjector.binderClearCallingIdentity();
9324            try {
9325                mIPackageManager.setBlockUninstallForUser(packageName, uninstallBlocked, userId);
9326            } catch (RemoteException re) {
9327                // Shouldn't happen.
9328                Slog.e(LOG_TAG, "Failed to setBlockUninstallForUser", re);
9329            } finally {
9330                mInjector.binderRestoreCallingIdentity(id);
9331            }
9332        }
9333    }
9334
9335    @Override
9336    public boolean isUninstallBlocked(ComponentName who, String packageName) {
9337        // This function should return true if and only if the package is blocked by
9338        // setUninstallBlocked(). It should still return false for other cases of blocks, such as
9339        // when the package is a system app, or when it is an active device admin.
9340        final int userId = UserHandle.getCallingUserId();
9341
9342        synchronized (this) {
9343            if (who != null) {
9344                getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9345            }
9346
9347            long id = mInjector.binderClearCallingIdentity();
9348            try {
9349                return mIPackageManager.getBlockUninstallForUser(packageName, userId);
9350            } catch (RemoteException re) {
9351                // Shouldn't happen.
9352                Slog.e(LOG_TAG, "Failed to getBlockUninstallForUser", re);
9353            } finally {
9354                mInjector.binderRestoreCallingIdentity(id);
9355            }
9356        }
9357        return false;
9358    }
9359
9360    @Override
9361    public void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled) {
9362        if (!mHasFeature) {
9363            return;
9364        }
9365        Preconditions.checkNotNull(who, "ComponentName is null");
9366        synchronized (this) {
9367            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9368                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9369            if (admin.disableCallerId != disabled) {
9370                admin.disableCallerId = disabled;
9371                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
9372            }
9373        }
9374    }
9375
9376    @Override
9377    public boolean getCrossProfileCallerIdDisabled(ComponentName who) {
9378        if (!mHasFeature) {
9379            return false;
9380        }
9381        Preconditions.checkNotNull(who, "ComponentName is null");
9382        synchronized (this) {
9383            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9384                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9385            return admin.disableCallerId;
9386        }
9387    }
9388
9389    @Override
9390    public boolean getCrossProfileCallerIdDisabledForUser(int userId) {
9391        enforceCrossUsersPermission(userId);
9392        synchronized (this) {
9393            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
9394            return (admin != null) ? admin.disableCallerId : false;
9395        }
9396    }
9397
9398    @Override
9399    public void setCrossProfileContactsSearchDisabled(ComponentName who, boolean disabled) {
9400        if (!mHasFeature) {
9401            return;
9402        }
9403        Preconditions.checkNotNull(who, "ComponentName is null");
9404        synchronized (this) {
9405            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9406                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9407            if (admin.disableContactsSearch != disabled) {
9408                admin.disableContactsSearch = disabled;
9409                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
9410            }
9411        }
9412    }
9413
9414    @Override
9415    public boolean getCrossProfileContactsSearchDisabled(ComponentName who) {
9416        if (!mHasFeature) {
9417            return false;
9418        }
9419        Preconditions.checkNotNull(who, "ComponentName is null");
9420        synchronized (this) {
9421            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9422                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9423            return admin.disableContactsSearch;
9424        }
9425    }
9426
9427    @Override
9428    public boolean getCrossProfileContactsSearchDisabledForUser(int userId) {
9429        enforceCrossUsersPermission(userId);
9430        synchronized (this) {
9431            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
9432            return (admin != null) ? admin.disableContactsSearch : false;
9433        }
9434    }
9435
9436    @Override
9437    public void startManagedQuickContact(String actualLookupKey, long actualContactId,
9438            boolean isContactIdIgnored, long actualDirectoryId, Intent originalIntent) {
9439        final Intent intent = QuickContact.rebuildManagedQuickContactsIntent(actualLookupKey,
9440                actualContactId, isContactIdIgnored, actualDirectoryId, originalIntent);
9441        final int callingUserId = UserHandle.getCallingUserId();
9442
9443        final long ident = mInjector.binderClearCallingIdentity();
9444        try {
9445            synchronized (this) {
9446                final int managedUserId = getManagedUserId(callingUserId);
9447                if (managedUserId < 0) {
9448                    return;
9449                }
9450                if (isCrossProfileQuickContactDisabled(managedUserId)) {
9451                    if (VERBOSE_LOG) {
9452                        Log.v(LOG_TAG,
9453                                "Cross-profile contacts access disabled for user " + managedUserId);
9454                    }
9455                    return;
9456                }
9457                ContactsInternal.startQuickContactWithErrorToastForUser(
9458                        mContext, intent, new UserHandle(managedUserId));
9459            }
9460        } finally {
9461            mInjector.binderRestoreCallingIdentity(ident);
9462        }
9463    }
9464
9465    /**
9466     * @return true if cross-profile QuickContact is disabled
9467     */
9468    private boolean isCrossProfileQuickContactDisabled(int userId) {
9469        return getCrossProfileCallerIdDisabledForUser(userId)
9470                && getCrossProfileContactsSearchDisabledForUser(userId);
9471    }
9472
9473    /**
9474     * @return the user ID of the managed user that is linked to the current user, if any.
9475     * Otherwise -1.
9476     */
9477    public int getManagedUserId(int callingUserId) {
9478        if (VERBOSE_LOG) {
9479            Log.v(LOG_TAG, "getManagedUserId: callingUserId=" + callingUserId);
9480        }
9481
9482        for (UserInfo ui : mUserManager.getProfiles(callingUserId)) {
9483            if (ui.id == callingUserId || !ui.isManagedProfile()) {
9484                continue; // Caller user self, or not a managed profile.  Skip.
9485            }
9486            if (VERBOSE_LOG) {
9487                Log.v(LOG_TAG, "Managed user=" + ui.id);
9488            }
9489            return ui.id;
9490        }
9491        if (VERBOSE_LOG) {
9492            Log.v(LOG_TAG, "Managed user not found.");
9493        }
9494        return -1;
9495    }
9496
9497    @Override
9498    public void setBluetoothContactSharingDisabled(ComponentName who, boolean disabled) {
9499        if (!mHasFeature) {
9500            return;
9501        }
9502        Preconditions.checkNotNull(who, "ComponentName is null");
9503        synchronized (this) {
9504            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9505                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9506            if (admin.disableBluetoothContactSharing != disabled) {
9507                admin.disableBluetoothContactSharing = disabled;
9508                saveSettingsLocked(UserHandle.getCallingUserId());
9509            }
9510        }
9511    }
9512
9513    @Override
9514    public boolean getBluetoothContactSharingDisabled(ComponentName who) {
9515        if (!mHasFeature) {
9516            return false;
9517        }
9518        Preconditions.checkNotNull(who, "ComponentName is null");
9519        synchronized (this) {
9520            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9521                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9522            return admin.disableBluetoothContactSharing;
9523        }
9524    }
9525
9526    @Override
9527    public boolean getBluetoothContactSharingDisabledForUser(int userId) {
9528        // TODO: Should there be a check to make sure this relationship is
9529        // within a profile group?
9530        // enforceSystemProcess("getCrossProfileCallerIdDisabled can only be called by system");
9531        synchronized (this) {
9532            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
9533            return (admin != null) ? admin.disableBluetoothContactSharing : false;
9534        }
9535    }
9536
9537    @Override
9538    public void setLockTaskPackages(ComponentName who, String[] packages)
9539            throws SecurityException {
9540        Preconditions.checkNotNull(who, "ComponentName is null");
9541        Preconditions.checkNotNull(packages, "packages is null");
9542
9543        synchronized (this) {
9544            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9545            final int userHandle = mInjector.userHandleGetCallingUserId();
9546            if (isUserAffiliatedWithDeviceLocked(userHandle)) {
9547                setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages)));
9548            } else {
9549                throw new SecurityException("Admin " + who +
9550                    " is neither the device owner or affiliated user's profile owner.");
9551            }
9552        }
9553    }
9554
9555    private void setLockTaskPackagesLocked(int userHandle, List<String> packages) {
9556        DevicePolicyData policy = getUserData(userHandle);
9557        policy.mLockTaskPackages = packages;
9558
9559        // Store the settings persistently.
9560        saveSettingsLocked(userHandle);
9561        updateLockTaskPackagesLocked(packages, userHandle);
9562    }
9563
9564    @Override
9565    public String[] getLockTaskPackages(ComponentName who) {
9566        Preconditions.checkNotNull(who, "ComponentName is null");
9567
9568        final int userHandle = mInjector.binderGetCallingUserHandle().getIdentifier();
9569        synchronized (this) {
9570            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9571            if (!isUserAffiliatedWithDeviceLocked(userHandle)) {
9572                throw new SecurityException("Admin " + who +
9573                    " is neither the device owner or affiliated user's profile owner.");
9574            }
9575
9576            final List<String> packages = getUserData(userHandle).mLockTaskPackages;
9577            return packages.toArray(new String[packages.size()]);
9578        }
9579    }
9580
9581    @Override
9582    public boolean isLockTaskPermitted(String pkg) {
9583        final int userHandle = mInjector.userHandleGetCallingUserId();
9584        synchronized (this) {
9585            return getUserData(userHandle).mLockTaskPackages.contains(pkg);
9586        }
9587    }
9588
9589    @Override
9590    public void setLockTaskFeatures(ComponentName who, int flags) {
9591        Preconditions.checkNotNull(who, "ComponentName is null");
9592        final int userHandle = mInjector.userHandleGetCallingUserId();
9593        synchronized (this) {
9594            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9595            if (!isUserAffiliatedWithDeviceLocked(userHandle)) {
9596                throw new SecurityException("Admin " + who +
9597                        " is neither the device owner or affiliated user's profile owner.");
9598            }
9599            setLockTaskFeaturesLocked(userHandle, flags);
9600        }
9601    }
9602
9603    private void setLockTaskFeaturesLocked(int userHandle, int flags) {
9604        DevicePolicyData policy = getUserData(userHandle);
9605        policy.mLockTaskFeatures = flags;
9606        saveSettingsLocked(userHandle);
9607        updateLockTaskFeaturesLocked(flags, userHandle);
9608    }
9609
9610    @Override
9611    public int getLockTaskFeatures(ComponentName who) {
9612        Preconditions.checkNotNull(who, "ComponentName is null");
9613        final int userHandle = mInjector.userHandleGetCallingUserId();
9614        synchronized (this) {
9615            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9616            if (!isUserAffiliatedWithDeviceLocked(userHandle)) {
9617                throw new SecurityException("Admin " + who +
9618                        " is neither the device owner or affiliated user's profile owner.");
9619            }
9620            return getUserData(userHandle).mLockTaskFeatures;
9621        }
9622    }
9623
9624    private void maybeClearLockTaskPolicyLocked() {
9625        final long ident = mInjector.binderClearCallingIdentity();
9626        try {
9627            final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true);
9628            for (int i = userInfos.size() - 1; i >= 0; i--) {
9629                int userId = userInfos.get(i).id;
9630                if (isUserAffiliatedWithDeviceLocked(userId)) {
9631                    continue;
9632                }
9633
9634                final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages;
9635                if (!lockTaskPackages.isEmpty()) {
9636                    Slog.d(LOG_TAG,
9637                            "User id " + userId + " not affiliated. Clearing lock task packages");
9638                    setLockTaskPackagesLocked(userId, Collections.<String>emptyList());
9639                }
9640                final int lockTaskFeatures = getUserData(userId).mLockTaskFeatures;
9641                if (lockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE){
9642                    Slog.d(LOG_TAG,
9643                            "User id " + userId + " not affiliated. Clearing lock task features");
9644                    setLockTaskFeaturesLocked(userId, DevicePolicyManager.LOCK_TASK_FEATURE_NONE);
9645                }
9646            }
9647        } finally {
9648            mInjector.binderRestoreCallingIdentity(ident);
9649        }
9650    }
9651
9652    @Override
9653    public void notifyLockTaskModeChanged(boolean isEnabled, String pkg, int userHandle) {
9654        if (!isCallerWithSystemUid()) {
9655            throw new SecurityException("notifyLockTaskModeChanged can only be called by system");
9656        }
9657        synchronized (this) {
9658            final DevicePolicyData policy = getUserData(userHandle);
9659
9660            if (policy.mStatusBarDisabled) {
9661                // Status bar is managed by LockTaskController during LockTask, so we cancel this
9662                // policy when LockTask starts, and reapply it when LockTask ends
9663                setStatusBarDisabledInternal(!isEnabled, userHandle);
9664            }
9665
9666            Bundle adminExtras = new Bundle();
9667            adminExtras.putString(DeviceAdminReceiver.EXTRA_LOCK_TASK_PACKAGE, pkg);
9668            for (ActiveAdmin admin : policy.mAdminList) {
9669                final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userHandle);
9670                final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userHandle);
9671                if (ownsDevice || ownsProfile) {
9672                    if (isEnabled) {
9673                        sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_ENTERING,
9674                                adminExtras, null);
9675                    } else {
9676                        sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_EXITING);
9677                    }
9678                }
9679            }
9680        }
9681    }
9682
9683    @Override
9684    public void setGlobalSetting(ComponentName who, String setting, String value) {
9685        Preconditions.checkNotNull(who, "ComponentName is null");
9686
9687        synchronized (this) {
9688            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9689
9690            // Some settings are no supported any more. However we do not want to throw a
9691            // SecurityException to avoid breaking apps.
9692            if (GLOBAL_SETTINGS_DEPRECATED.contains(setting)) {
9693                Log.i(LOG_TAG, "Global setting no longer supported: " + setting);
9694                return;
9695            }
9696
9697            if (!GLOBAL_SETTINGS_WHITELIST.contains(setting)
9698                    && !UserManager.isDeviceInDemoMode(mContext)) {
9699                throw new SecurityException(String.format(
9700                        "Permission denial: device owners cannot update %1$s", setting));
9701            }
9702
9703            if (Settings.Global.STAY_ON_WHILE_PLUGGED_IN.equals(setting)) {
9704                // ignore if it contradicts an existing policy
9705                long timeMs = getMaximumTimeToLock(
9706                        who, mInjector.userHandleGetCallingUserId(), /* parent */ false);
9707                if (timeMs > 0 && timeMs < Long.MAX_VALUE) {
9708                    return;
9709                }
9710            }
9711
9712            long id = mInjector.binderClearCallingIdentity();
9713            try {
9714                mInjector.settingsGlobalPutString(setting, value);
9715            } finally {
9716                mInjector.binderRestoreCallingIdentity(id);
9717            }
9718        }
9719    }
9720
9721    @Override
9722    public void setSystemSetting(ComponentName who, String setting, String value) {
9723        Preconditions.checkNotNull(who, "ComponentName is null");
9724        Preconditions.checkStringNotEmpty(setting, "String setting is null or empty");
9725
9726        synchronized (this) {
9727            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9728
9729            if (!SYSTEM_SETTINGS_WHITELIST.contains(setting)) {
9730                throw new SecurityException(String.format(
9731                        "Permission denial: device owners cannot update %1$s", setting));
9732            }
9733
9734            mInjector.binderWithCleanCallingIdentity(() -> mInjector.settingsSystemPutString(
9735                    setting, value));
9736        }
9737    }
9738
9739    @Override
9740    public boolean setTime(ComponentName who, long millis) {
9741        Preconditions.checkNotNull(who, "ComponentName is null in setTime");
9742        getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9743        // Don't allow set time when auto time is on.
9744        if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME, 0) == 1) {
9745            return false;
9746        }
9747        mInjector.binderWithCleanCallingIdentity(() -> mInjector.getAlarmManager().setTime(millis));
9748        return true;
9749    }
9750
9751    @Override
9752    public boolean setTimeZone(ComponentName who, String timeZone) {
9753        Preconditions.checkNotNull(who, "ComponentName is null in setTimeZone");
9754        getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9755        // Don't allow set timezone when auto timezone is on.
9756        if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME_ZONE, 0) == 1) {
9757            return false;
9758        }
9759        mInjector.binderWithCleanCallingIdentity(() ->
9760            mInjector.getAlarmManager().setTimeZone(timeZone));
9761        return true;
9762    }
9763
9764    @Override
9765    public void setSecureSetting(ComponentName who, String setting, String value) {
9766        Preconditions.checkNotNull(who, "ComponentName is null");
9767        int callingUserId = mInjector.userHandleGetCallingUserId();
9768
9769        synchronized (this) {
9770            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9771
9772            if (isDeviceOwner(who, callingUserId)) {
9773                if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting)
9774                        && !isCurrentUserDemo()) {
9775                    throw new SecurityException(String.format(
9776                            "Permission denial: Device owners cannot update %1$s", setting));
9777                }
9778            } else if (!SECURE_SETTINGS_WHITELIST.contains(setting) && !isCurrentUserDemo()) {
9779                throw new SecurityException(String.format(
9780                        "Permission denial: Profile owners cannot update %1$s", setting));
9781            }
9782            if (setting.equals(Settings.Secure.INSTALL_NON_MARKET_APPS)) {
9783                if (getTargetSdk(who.getPackageName(), callingUserId) >= Build.VERSION_CODES.O) {
9784                    throw new UnsupportedOperationException(Settings.Secure.INSTALL_NON_MARKET_APPS
9785                            + " is deprecated. Please use the user restriction "
9786                            + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES + " instead.");
9787                }
9788                if (!mUserManager.isManagedProfile(callingUserId)) {
9789                    Slog.e(LOG_TAG, "Ignoring setSecureSetting request for "
9790                            + setting + ". User restriction "
9791                            + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES
9792                            + " should be used instead.");
9793                } else {
9794                    try {
9795                        setUserRestriction(who, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
9796                                (Integer.parseInt(value) == 0) ? true : false);
9797                    } catch (NumberFormatException exc) {
9798                        Slog.e(LOG_TAG, "Invalid value: " + value + " for setting " + setting);
9799                    }
9800                }
9801                return;
9802            }
9803            long id = mInjector.binderClearCallingIdentity();
9804            try {
9805                if (Settings.Secure.DEFAULT_INPUT_METHOD.equals(setting)) {
9806                    final String currentValue = mInjector.settingsSecureGetStringForUser(
9807                            Settings.Secure.DEFAULT_INPUT_METHOD, callingUserId);
9808                    if (!TextUtils.equals(currentValue, value)) {
9809                        // Tell the content observer that the next change will be due to the owner
9810                        // changing the value. There is a small race condition here that we cannot
9811                        // avoid: Change notifications are sent asynchronously, so it is possible
9812                        // that there are prior notifications queued up before the one we are about
9813                        // to trigger. This is a corner case that will have no impact in practice.
9814                        mSetupContentObserver.addPendingChangeByOwnerLocked(callingUserId);
9815                    }
9816                    getUserData(callingUserId).mCurrentInputMethodSet = true;
9817                    saveSettingsLocked(callingUserId);
9818                }
9819                mInjector.settingsSecurePutStringForUser(setting, value, callingUserId);
9820            } finally {
9821                mInjector.binderRestoreCallingIdentity(id);
9822            }
9823        }
9824    }
9825
9826    @Override
9827    public void setMasterVolumeMuted(ComponentName who, boolean on) {
9828        Preconditions.checkNotNull(who, "ComponentName is null");
9829        synchronized (this) {
9830            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9831            setUserRestriction(who, UserManager.DISALLOW_UNMUTE_DEVICE, on);
9832        }
9833    }
9834
9835    @Override
9836    public boolean isMasterVolumeMuted(ComponentName who) {
9837        Preconditions.checkNotNull(who, "ComponentName is null");
9838        synchronized (this) {
9839            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9840
9841            AudioManager audioManager =
9842                    (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);
9843            return audioManager.isMasterMute();
9844        }
9845    }
9846
9847    @Override
9848    public void setUserIcon(ComponentName who, Bitmap icon) {
9849        synchronized (this) {
9850            Preconditions.checkNotNull(who, "ComponentName is null");
9851            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9852
9853            int userId = UserHandle.getCallingUserId();
9854            long id = mInjector.binderClearCallingIdentity();
9855            try {
9856                mUserManagerInternal.setUserIcon(userId, icon);
9857            } finally {
9858                mInjector.binderRestoreCallingIdentity(id);
9859            }
9860        }
9861    }
9862
9863    @Override
9864    public boolean setKeyguardDisabled(ComponentName who, boolean disabled) {
9865        Preconditions.checkNotNull(who, "ComponentName is null");
9866        final int userId = mInjector.userHandleGetCallingUserId();
9867        synchronized (this) {
9868            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9869            if (!isUserAffiliatedWithDeviceLocked(userId)) {
9870                throw new SecurityException("Admin " + who +
9871                        " is neither the device owner or affiliated user's profile owner.");
9872            }
9873        }
9874        if (isManagedProfile(userId)) {
9875            throw new SecurityException("Managed profile cannot disable keyguard");
9876        }
9877
9878        long ident = mInjector.binderClearCallingIdentity();
9879        try {
9880            // disallow disabling the keyguard if a password is currently set
9881            if (disabled && mLockPatternUtils.isSecure(userId)) {
9882                return false;
9883            }
9884            mLockPatternUtils.setLockScreenDisabled(disabled, userId);
9885            mInjector.getIWindowManager().dismissKeyguard(null /* callback */, null /* message */);
9886        } catch (RemoteException e) {
9887            // Same process, does not happen.
9888        } finally {
9889            mInjector.binderRestoreCallingIdentity(ident);
9890        }
9891        return true;
9892    }
9893
9894    @Override
9895    public boolean setStatusBarDisabled(ComponentName who, boolean disabled) {
9896        int userId = UserHandle.getCallingUserId();
9897        synchronized (this) {
9898            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9899            if (!isUserAffiliatedWithDeviceLocked(userId)) {
9900                throw new SecurityException("Admin " + who +
9901                        " is neither the device owner or affiliated user's profile owner.");
9902            }
9903            if (isManagedProfile(userId)) {
9904                throw new SecurityException("Managed profile cannot disable status bar");
9905            }
9906            DevicePolicyData policy = getUserData(userId);
9907            if (policy.mStatusBarDisabled != disabled) {
9908                boolean isLockTaskMode = false;
9909                try {
9910                    isLockTaskMode = mInjector.getIActivityManager().getLockTaskModeState()
9911                            != LOCK_TASK_MODE_NONE;
9912                } catch (RemoteException e) {
9913                    Slog.e(LOG_TAG, "Failed to get LockTask mode");
9914                }
9915                if (!isLockTaskMode) {
9916                    if (!setStatusBarDisabledInternal(disabled, userId)) {
9917                        return false;
9918                    }
9919                }
9920                policy.mStatusBarDisabled = disabled;
9921                saveSettingsLocked(userId);
9922            }
9923        }
9924        return true;
9925    }
9926
9927    private boolean setStatusBarDisabledInternal(boolean disabled, int userId) {
9928        long ident = mInjector.binderClearCallingIdentity();
9929        try {
9930            IStatusBarService statusBarService = IStatusBarService.Stub.asInterface(
9931                    ServiceManager.checkService(Context.STATUS_BAR_SERVICE));
9932            if (statusBarService != null) {
9933                int flags1 = disabled ? STATUS_BAR_DISABLE_MASK : StatusBarManager.DISABLE_NONE;
9934                int flags2 = disabled ? STATUS_BAR_DISABLE2_MASK : StatusBarManager.DISABLE2_NONE;
9935                statusBarService.disableForUser(flags1, mToken, mContext.getPackageName(), userId);
9936                statusBarService.disable2ForUser(flags2, mToken, mContext.getPackageName(), userId);
9937                return true;
9938            }
9939        } catch (RemoteException e) {
9940            Slog.e(LOG_TAG, "Failed to disable the status bar", e);
9941        } finally {
9942            mInjector.binderRestoreCallingIdentity(ident);
9943        }
9944        return false;
9945    }
9946
9947    /**
9948     * We need to update the internal state of whether a user has completed setup or a
9949     * device has paired once. After that, we ignore any changes that reset the
9950     * Settings.Secure.USER_SETUP_COMPLETE or Settings.Secure.DEVICE_PAIRED change
9951     * as we don't trust any apps that might try to reset them.
9952     * <p>
9953     * Unfortunately, we don't know which user's setup state was changed, so we write all of
9954     * them.
9955     */
9956    void updateUserSetupCompleteAndPaired() {
9957        List<UserInfo> users = mUserManager.getUsers(true);
9958        final int N = users.size();
9959        for (int i = 0; i < N; i++) {
9960            int userHandle = users.get(i).id;
9961            if (mInjector.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0,
9962                    userHandle) != 0) {
9963                DevicePolicyData policy = getUserData(userHandle);
9964                if (!policy.mUserSetupComplete) {
9965                    policy.mUserSetupComplete = true;
9966                    synchronized (this) {
9967                        saveSettingsLocked(userHandle);
9968                    }
9969                }
9970            }
9971            if (mIsWatch && mInjector.settingsSecureGetIntForUser(Settings.Secure.DEVICE_PAIRED, 0,
9972                    userHandle) != 0) {
9973                DevicePolicyData policy = getUserData(userHandle);
9974                if (!policy.mPaired) {
9975                    policy.mPaired = true;
9976                    synchronized (this) {
9977                        saveSettingsLocked(userHandle);
9978                    }
9979                }
9980            }
9981        }
9982    }
9983
9984    private class SetupContentObserver extends ContentObserver {
9985        private final Uri mUserSetupComplete = Settings.Secure.getUriFor(
9986                Settings.Secure.USER_SETUP_COMPLETE);
9987        private final Uri mDeviceProvisioned = Settings.Global.getUriFor(
9988                Settings.Global.DEVICE_PROVISIONED);
9989        private final Uri mPaired = Settings.Secure.getUriFor(Settings.Secure.DEVICE_PAIRED);
9990        private final Uri mDefaultImeChanged = Settings.Secure.getUriFor(
9991                Settings.Secure.DEFAULT_INPUT_METHOD);
9992
9993        @GuardedBy("DevicePolicyManagerService.this")
9994        private Set<Integer> mUserIdsWithPendingChangesByOwner = new ArraySet<>();
9995
9996        public SetupContentObserver(Handler handler) {
9997            super(handler);
9998        }
9999
10000        void register() {
10001            mInjector.registerContentObserver(mUserSetupComplete, false, this, UserHandle.USER_ALL);
10002            mInjector.registerContentObserver(mDeviceProvisioned, false, this, UserHandle.USER_ALL);
10003            if (mIsWatch) {
10004                mInjector.registerContentObserver(mPaired, false, this, UserHandle.USER_ALL);
10005            }
10006            mInjector.registerContentObserver(mDefaultImeChanged, false, this, UserHandle.USER_ALL);
10007        }
10008
10009        private void addPendingChangeByOwnerLocked(int userId) {
10010            mUserIdsWithPendingChangesByOwner.add(userId);
10011        }
10012
10013        @Override
10014        public void onChange(boolean selfChange, Uri uri, int userId) {
10015            if (mUserSetupComplete.equals(uri) || (mIsWatch && mPaired.equals(uri))) {
10016                updateUserSetupCompleteAndPaired();
10017            } else if (mDeviceProvisioned.equals(uri)) {
10018                synchronized (DevicePolicyManagerService.this) {
10019                    // Set PROPERTY_DEVICE_OWNER_PRESENT, for the SUW case where setting the property
10020                    // is delayed until device is marked as provisioned.
10021                    setDeviceOwnerSystemPropertyLocked();
10022                }
10023            } else if (mDefaultImeChanged.equals(uri)) {
10024                synchronized (DevicePolicyManagerService.this) {
10025                    if (mUserIdsWithPendingChangesByOwner.contains(userId)) {
10026                        // This change notification was triggered by the owner changing the current
10027                        // IME. Ignore it.
10028                        mUserIdsWithPendingChangesByOwner.remove(userId);
10029                    } else {
10030                        // This change notification was triggered by the user manually changing the
10031                        // current IME.
10032                        getUserData(userId).mCurrentInputMethodSet = false;
10033                        saveSettingsLocked(userId);
10034                    }
10035                }
10036            }
10037        }
10038    }
10039
10040    @VisibleForTesting
10041    final class LocalService extends DevicePolicyManagerInternal {
10042        private List<OnCrossProfileWidgetProvidersChangeListener> mWidgetProviderListeners;
10043
10044        @Override
10045        public List<String> getCrossProfileWidgetProviders(int profileId) {
10046            synchronized (DevicePolicyManagerService.this) {
10047                if (mOwners == null) {
10048                    return Collections.emptyList();
10049                }
10050                ComponentName ownerComponent = mOwners.getProfileOwnerComponent(profileId);
10051                if (ownerComponent == null) {
10052                    return Collections.emptyList();
10053                }
10054
10055                DevicePolicyData policy = getUserDataUnchecked(profileId);
10056                ActiveAdmin admin = policy.mAdminMap.get(ownerComponent);
10057
10058                if (admin == null || admin.crossProfileWidgetProviders == null
10059                        || admin.crossProfileWidgetProviders.isEmpty()) {
10060                    return Collections.emptyList();
10061                }
10062
10063                return admin.crossProfileWidgetProviders;
10064            }
10065        }
10066
10067        @Override
10068        public void addOnCrossProfileWidgetProvidersChangeListener(
10069                OnCrossProfileWidgetProvidersChangeListener listener) {
10070            synchronized (DevicePolicyManagerService.this) {
10071                if (mWidgetProviderListeners == null) {
10072                    mWidgetProviderListeners = new ArrayList<>();
10073                }
10074                if (!mWidgetProviderListeners.contains(listener)) {
10075                    mWidgetProviderListeners.add(listener);
10076                }
10077            }
10078        }
10079
10080        @Override
10081        public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) {
10082            synchronized(DevicePolicyManagerService.this) {
10083                return getActiveAdminWithPolicyForUidLocked(null, reqPolicy, uid) != null;
10084            }
10085        }
10086
10087        private void notifyCrossProfileProvidersChanged(int userId, List<String> packages) {
10088            final List<OnCrossProfileWidgetProvidersChangeListener> listeners;
10089            synchronized (DevicePolicyManagerService.this) {
10090                listeners = new ArrayList<>(mWidgetProviderListeners);
10091            }
10092            final int listenerCount = listeners.size();
10093            for (int i = 0; i < listenerCount; i++) {
10094                OnCrossProfileWidgetProvidersChangeListener listener = listeners.get(i);
10095                listener.onCrossProfileWidgetProvidersChanged(userId, packages);
10096            }
10097        }
10098
10099        @Override
10100        public Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin) {
10101            // This method is called from AM with its lock held, so don't take the DPMS lock.
10102            // b/29242568
10103
10104            ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId);
10105            if (profileOwner != null) {
10106                return DevicePolicyManagerService.this
10107                        .createShowAdminSupportIntent(profileOwner, userId);
10108            }
10109
10110            final Pair<Integer, ComponentName> deviceOwner =
10111                    mOwners.getDeviceOwnerUserIdAndComponent();
10112            if (deviceOwner != null && deviceOwner.first == userId) {
10113                return DevicePolicyManagerService.this
10114                        .createShowAdminSupportIntent(deviceOwner.second, userId);
10115            }
10116
10117            // We're not specifying the device admin because there isn't one.
10118            if (useDefaultIfNoAdmin) {
10119                return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId);
10120            }
10121            return null;
10122        }
10123
10124        @Override
10125        public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) {
10126            int source;
10127            long ident = mInjector.binderClearCallingIdentity();
10128            try {
10129                source = mUserManager.getUserRestrictionSource(userRestriction,
10130                        UserHandle.of(userId));
10131            } finally {
10132                mInjector.binderRestoreCallingIdentity(ident);
10133            }
10134            if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
10135                /*
10136                 * In this case, the user restriction is enforced by the system.
10137                 * So we won't show an admin support intent, even if it is also
10138                 * enforced by a profile/device owner.
10139                 */
10140                return null;
10141            }
10142            boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0;
10143            boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0;
10144            if (enforcedByDo && enforcedByPo) {
10145                // In this case, we'll show an admin support dialog that does not
10146                // specify the admin.
10147                return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId);
10148            } else if (enforcedByPo) {
10149                final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId);
10150                if (profileOwner != null) {
10151                    return DevicePolicyManagerService.this
10152                            .createShowAdminSupportIntent(profileOwner, userId);
10153                }
10154                // This could happen if another thread has changed the profile owner since we called
10155                // getUserRestrictionSource
10156                return null;
10157            } else if (enforcedByDo) {
10158                final Pair<Integer, ComponentName> deviceOwner
10159                        = mOwners.getDeviceOwnerUserIdAndComponent();
10160                if (deviceOwner != null) {
10161                    return DevicePolicyManagerService.this
10162                            .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first);
10163                }
10164                // This could happen if another thread has changed the device owner since we called
10165                // getUserRestrictionSource
10166                return null;
10167            }
10168            return null;
10169        }
10170
10171        @Override
10172        public boolean isUserAffiliatedWithDevice(int userId) {
10173            return DevicePolicyManagerService.this.isUserAffiliatedWithDeviceLocked(userId);
10174        }
10175
10176        @Override
10177        public void reportSeparateProfileChallengeChanged(@UserIdInt int userId) {
10178            synchronized (DevicePolicyManagerService.this) {
10179                updateMaximumTimeToLockLocked(userId);
10180            }
10181        }
10182
10183        @Override
10184        public boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) {
10185            return DevicePolicyManagerService.this.canUserHaveUntrustedCredentialReset(userId);
10186        }
10187    }
10188
10189    private Intent createShowAdminSupportIntent(ComponentName admin, int userId) {
10190        // This method is called with AMS lock held, so don't take DPMS lock
10191        final Intent intent = new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS);
10192        intent.putExtra(Intent.EXTRA_USER_ID, userId);
10193        intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, admin);
10194        intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
10195        return intent;
10196    }
10197
10198    @Override
10199    public Intent createAdminSupportIntent(String restriction) {
10200        Preconditions.checkNotNull(restriction);
10201        final int uid = mInjector.binderGetCallingUid();
10202        final int userId = UserHandle.getUserId(uid);
10203        Intent intent = null;
10204        if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction) ||
10205                DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction)) {
10206            synchronized(this) {
10207                final DevicePolicyData policy = getUserData(userId);
10208                final int N = policy.mAdminList.size();
10209                for (int i = 0; i < N; i++) {
10210                    final ActiveAdmin admin = policy.mAdminList.get(i);
10211                    if ((admin.disableCamera &&
10212                                DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) ||
10213                        (admin.disableScreenCapture && DevicePolicyManager
10214                                .POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction))) {
10215                        intent = createShowAdminSupportIntent(admin.info.getComponent(), userId);
10216                        break;
10217                    }
10218                }
10219                // For the camera, a device owner on a different user can disable it globally,
10220                // so we need an additional check.
10221                if (intent == null
10222                        && DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) {
10223                    final ActiveAdmin admin = getDeviceOwnerAdminLocked();
10224                    if (admin != null && admin.disableCamera) {
10225                        intent = createShowAdminSupportIntent(admin.info.getComponent(),
10226                                mOwners.getDeviceOwnerUserId());
10227                    }
10228                }
10229            }
10230        } else {
10231            // if valid, |restriction| can only be a user restriction
10232            intent = mLocalService.createUserRestrictionSupportIntent(userId, restriction);
10233        }
10234        if (intent != null) {
10235            intent.putExtra(DevicePolicyManager.EXTRA_RESTRICTION, restriction);
10236        }
10237        return intent;
10238    }
10239
10240    /**
10241     * Returns true if specified admin is allowed to limit passwords and has a
10242     * {@code minimumPasswordMetrics.quality} of at least {@code minPasswordQuality}
10243     */
10244    private static boolean isLimitPasswordAllowed(ActiveAdmin admin, int minPasswordQuality) {
10245        if (admin.minimumPasswordMetrics.quality < minPasswordQuality) {
10246            return false;
10247        }
10248        return admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
10249    }
10250
10251    @Override
10252    public void setSystemUpdatePolicy(ComponentName who, SystemUpdatePolicy policy) {
10253        if (policy != null && !policy.isValid()) {
10254            throw new IllegalArgumentException("Invalid system update policy.");
10255        }
10256        synchronized (this) {
10257            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10258            if (policy == null) {
10259                mOwners.clearSystemUpdatePolicy();
10260            } else {
10261                mOwners.setSystemUpdatePolicy(policy);
10262            }
10263            mOwners.writeDeviceOwner();
10264        }
10265        mContext.sendBroadcastAsUser(
10266                new Intent(DevicePolicyManager.ACTION_SYSTEM_UPDATE_POLICY_CHANGED),
10267                UserHandle.SYSTEM);
10268    }
10269
10270    @Override
10271    public SystemUpdatePolicy getSystemUpdatePolicy() {
10272        synchronized (this) {
10273            SystemUpdatePolicy policy =  mOwners.getSystemUpdatePolicy();
10274            if (policy != null && !policy.isValid()) {
10275                Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead.");
10276                return null;
10277            }
10278            return policy;
10279        }
10280    }
10281
10282    /**
10283     * Checks if the caller of the method is the device owner app.
10284     *
10285     * @param callerUid UID of the caller.
10286     * @return true if the caller is the device owner app
10287     */
10288    @VisibleForTesting
10289    boolean isCallerDeviceOwner(int callerUid) {
10290        synchronized (this) {
10291            if (!mOwners.hasDeviceOwner()) {
10292                return false;
10293            }
10294            if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) {
10295                return false;
10296            }
10297            final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent()
10298                    .getPackageName();
10299                try {
10300                    String[] pkgs = mInjector.getIPackageManager().getPackagesForUid(callerUid);
10301                    for (String pkg : pkgs) {
10302                        if (deviceOwnerPackageName.equals(pkg)) {
10303                            return true;
10304                        }
10305                    }
10306                } catch (RemoteException e) {
10307                    return false;
10308                }
10309        }
10310
10311        return false;
10312    }
10313
10314    @Override
10315    public void notifyPendingSystemUpdate(@Nullable SystemUpdateInfo info) {
10316        mContext.enforceCallingOrSelfPermission(permission.NOTIFY_PENDING_SYSTEM_UPDATE,
10317                "Only the system update service can broadcast update information");
10318
10319        if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) {
10320            Slog.w(LOG_TAG, "Only the system update service in the system user " +
10321                    "can broadcast update information.");
10322            return;
10323        }
10324
10325        if (!mOwners.saveSystemUpdateInfo(info)) {
10326            // Pending system update hasn't changed, don't send duplicate notification.
10327            return;
10328        }
10329
10330        final Intent intent = new Intent(DeviceAdminReceiver.ACTION_NOTIFY_PENDING_SYSTEM_UPDATE)
10331                .putExtra(DeviceAdminReceiver.EXTRA_SYSTEM_UPDATE_RECEIVED_TIME,
10332                        info == null ? -1 : info.getReceivedTime());
10333
10334        final long ident = mInjector.binderClearCallingIdentity();
10335        try {
10336            synchronized (this) {
10337                // Broadcast to device owner first if there is one.
10338                if (mOwners.hasDeviceOwner()) {
10339                    final UserHandle deviceOwnerUser =
10340                            UserHandle.of(mOwners.getDeviceOwnerUserId());
10341                    intent.setComponent(mOwners.getDeviceOwnerComponent());
10342                    mContext.sendBroadcastAsUser(intent, deviceOwnerUser);
10343                }
10344            }
10345            // Get running users.
10346            final int runningUserIds[];
10347            try {
10348                runningUserIds = mInjector.getIActivityManager().getRunningUserIds();
10349            } catch (RemoteException e) {
10350                // Shouldn't happen.
10351                Log.e(LOG_TAG, "Could not retrieve the list of running users", e);
10352                return;
10353            }
10354            // Send broadcasts to corresponding profile owners if any.
10355            for (final int userId : runningUserIds) {
10356                synchronized (this) {
10357                    final ComponentName profileOwnerPackage =
10358                            mOwners.getProfileOwnerComponent(userId);
10359                    if (profileOwnerPackage != null) {
10360                        intent.setComponent(profileOwnerPackage);
10361                        mContext.sendBroadcastAsUser(intent, UserHandle.of(userId));
10362                    }
10363                }
10364            }
10365        } finally {
10366            mInjector.binderRestoreCallingIdentity(ident);
10367        }
10368    }
10369
10370    @Override
10371    public SystemUpdateInfo getPendingSystemUpdate(ComponentName admin) {
10372        Preconditions.checkNotNull(admin, "ComponentName is null");
10373        enforceProfileOrDeviceOwner(admin);
10374
10375        return mOwners.getSystemUpdateInfo();
10376    }
10377
10378    @Override
10379    public void setPermissionPolicy(ComponentName admin, String callerPackage, int policy)
10380            throws RemoteException {
10381        int userId = UserHandle.getCallingUserId();
10382        synchronized (this) {
10383            // Ensure the caller is a DO/PO or a permission grant state delegate.
10384            enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
10385                    DELEGATION_PERMISSION_GRANT);
10386            DevicePolicyData userPolicy = getUserData(userId);
10387            if (userPolicy.mPermissionPolicy != policy) {
10388                userPolicy.mPermissionPolicy = policy;
10389                saveSettingsLocked(userId);
10390            }
10391        }
10392    }
10393
10394    @Override
10395    public int getPermissionPolicy(ComponentName admin) throws RemoteException {
10396        int userId = UserHandle.getCallingUserId();
10397        synchronized (this) {
10398            DevicePolicyData userPolicy = getUserData(userId);
10399            return userPolicy.mPermissionPolicy;
10400        }
10401    }
10402
10403    @Override
10404    public boolean setPermissionGrantState(ComponentName admin, String callerPackage,
10405            String packageName, String permission, int grantState) throws RemoteException {
10406        UserHandle user = mInjector.binderGetCallingUserHandle();
10407        synchronized (this) {
10408            // Ensure the caller is a DO/PO or a permission grant state delegate.
10409            enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
10410                    DELEGATION_PERMISSION_GRANT);
10411            long ident = mInjector.binderClearCallingIdentity();
10412            try {
10413                if (getTargetSdk(packageName, user.getIdentifier())
10414                        < android.os.Build.VERSION_CODES.M) {
10415                    return false;
10416                }
10417                if (!isRuntimePermission(permission)) {
10418                    return false;
10419                }
10420                final PackageManager packageManager = mInjector.getPackageManager();
10421                switch (grantState) {
10422                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
10423                        mInjector.getPackageManagerInternal().grantRuntimePermission(packageName,
10424                                permission, user.getIdentifier(), true /* override policy */);
10425                        packageManager.updatePermissionFlags(permission, packageName,
10426                                PackageManager.FLAG_PERMISSION_POLICY_FIXED,
10427                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
10428                    } break;
10429
10430                    case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: {
10431                        mInjector.getPackageManagerInternal().revokeRuntimePermission(packageName,
10432                                permission, user.getIdentifier(), true /* override policy */);
10433                        packageManager.updatePermissionFlags(permission, packageName,
10434                                PackageManager.FLAG_PERMISSION_POLICY_FIXED,
10435                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
10436                    } break;
10437
10438                    case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: {
10439                        packageManager.updatePermissionFlags(permission, packageName,
10440                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user);
10441                    } break;
10442                }
10443                return true;
10444            } catch (SecurityException se) {
10445                return false;
10446            } catch (NameNotFoundException e) {
10447                return false;
10448            } finally {
10449                mInjector.binderRestoreCallingIdentity(ident);
10450            }
10451        }
10452    }
10453
10454    @Override
10455    public int getPermissionGrantState(ComponentName admin, String callerPackage,
10456            String packageName, String permission) throws RemoteException {
10457        PackageManager packageManager = mInjector.getPackageManager();
10458
10459        UserHandle user = mInjector.binderGetCallingUserHandle();
10460        if (!isCallerWithSystemUid()) {
10461            // Ensure the caller is a DO/PO or a permission grant state delegate.
10462            enforceCanManageScope(admin, callerPackage,
10463                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT);
10464        }
10465        synchronized (this) {
10466            long ident = mInjector.binderClearCallingIdentity();
10467            try {
10468                int granted = mIPackageManager.checkPermission(permission,
10469                        packageName, user.getIdentifier());
10470                int permFlags = packageManager.getPermissionFlags(permission, packageName, user);
10471                if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED)
10472                        != PackageManager.FLAG_PERMISSION_POLICY_FIXED) {
10473                    // Not controlled by policy
10474                    return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT;
10475                } else {
10476                    // Policy controlled so return result based on permission grant state
10477                    return granted == PackageManager.PERMISSION_GRANTED
10478                            ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED
10479                            : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED;
10480                }
10481            } finally {
10482                mInjector.binderRestoreCallingIdentity(ident);
10483            }
10484        }
10485    }
10486
10487    boolean isPackageInstalledForUser(String packageName, int userHandle) {
10488        try {
10489            PackageInfo pi = mInjector.getIPackageManager().getPackageInfo(packageName, 0,
10490                    userHandle);
10491            return (pi != null) && (pi.applicationInfo.flags != 0);
10492        } catch (RemoteException re) {
10493            throw new RuntimeException("Package manager has died", re);
10494        }
10495    }
10496
10497    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {
10498        final PackageManager packageManager = mInjector.getPackageManager();
10499        PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);
10500        return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
10501                == PermissionInfo.PROTECTION_DANGEROUS;
10502    }
10503
10504    @Override
10505    public boolean isProvisioningAllowed(String action, String packageName) {
10506        Preconditions.checkNotNull(packageName);
10507
10508        final int callingUid = mInjector.binderGetCallingUid();
10509        final long ident = mInjector.binderClearCallingIdentity();
10510        try {
10511            final int uidForPackage = mInjector.getPackageManager().getPackageUidAsUser(
10512                    packageName, UserHandle.getUserId(callingUid));
10513            Preconditions.checkArgument(callingUid == uidForPackage,
10514                    "Caller uid doesn't match the one for the provided package.");
10515        } catch (NameNotFoundException e) {
10516            throw new IllegalArgumentException("Invalid package provided " + packageName, e);
10517        } finally {
10518            mInjector.binderRestoreCallingIdentity(ident);
10519        }
10520
10521        return checkProvisioningPreConditionSkipPermission(action, packageName) == CODE_OK;
10522    }
10523
10524    @Override
10525    public int checkProvisioningPreCondition(String action, String packageName) {
10526        Preconditions.checkNotNull(packageName);
10527        enforceCanManageProfileAndDeviceOwners();
10528        return checkProvisioningPreConditionSkipPermission(action, packageName);
10529    }
10530
10531    private int checkProvisioningPreConditionSkipPermission(String action, String packageName) {
10532        if (!mHasFeature) {
10533            return CODE_DEVICE_ADMIN_NOT_SUPPORTED;
10534        }
10535
10536        final int callingUserId = mInjector.userHandleGetCallingUserId();
10537        if (action != null) {
10538            switch (action) {
10539                case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE:
10540                    return checkManagedProfileProvisioningPreCondition(packageName, callingUserId);
10541                case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE:
10542                    return checkDeviceOwnerProvisioningPreCondition(callingUserId);
10543                case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER:
10544                    return checkManagedUserProvisioningPreCondition(callingUserId);
10545                case DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE:
10546                    return checkManagedShareableDeviceProvisioningPreCondition(callingUserId);
10547            }
10548        }
10549        throw new IllegalArgumentException("Unknown provisioning action " + action);
10550    }
10551
10552    /**
10553     * The device owner can only be set before the setup phase of the primary user has completed,
10554     * except for adb command if no accounts or additional users are present on the device.
10555     */
10556    private int checkDeviceOwnerProvisioningPreConditionLocked(@Nullable ComponentName owner,
10557            int deviceOwnerUserId, boolean isAdb, boolean hasIncompatibleAccountsOrNonAdb) {
10558        if (mOwners.hasDeviceOwner()) {
10559            return CODE_HAS_DEVICE_OWNER;
10560        }
10561        if (mOwners.hasProfileOwner(deviceOwnerUserId)) {
10562            return CODE_USER_HAS_PROFILE_OWNER;
10563        }
10564        if (!mUserManager.isUserRunning(new UserHandle(deviceOwnerUserId))) {
10565            return CODE_USER_NOT_RUNNING;
10566        }
10567        if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) {
10568            return CODE_HAS_PAIRED;
10569        }
10570        if (isAdb) {
10571            // if shell command runs after user setup completed check device status. Otherwise, OK.
10572            if (mIsWatch || hasUserSetupCompleted(UserHandle.USER_SYSTEM)) {
10573                if (!mInjector.userManagerIsSplitSystemUser()) {
10574                    if (mUserManager.getUserCount() > 1) {
10575                        return CODE_NONSYSTEM_USER_EXISTS;
10576                    }
10577                    if (hasIncompatibleAccountsOrNonAdb) {
10578                        return CODE_ACCOUNTS_NOT_EMPTY;
10579                    }
10580                } else {
10581                    // STOPSHIP Do proper check in split user mode
10582                }
10583            }
10584            return CODE_OK;
10585        } else {
10586            if (!mInjector.userManagerIsSplitSystemUser()) {
10587                // In non-split user mode, DO has to be user 0
10588                if (deviceOwnerUserId != UserHandle.USER_SYSTEM) {
10589                    return CODE_NOT_SYSTEM_USER;
10590                }
10591                // In non-split user mode, only provision DO before setup wizard completes
10592                if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) {
10593                    return CODE_USER_SETUP_COMPLETED;
10594                }
10595            } else {
10596                // STOPSHIP Do proper check in split user mode
10597            }
10598            return CODE_OK;
10599        }
10600    }
10601
10602    private int checkDeviceOwnerProvisioningPreCondition(int deviceOwnerUserId) {
10603        synchronized (this) {
10604            // hasIncompatibleAccountsOrNonAdb doesn't matter since the caller is not adb.
10605            return checkDeviceOwnerProvisioningPreConditionLocked(/* owner unknown */ null,
10606                    deviceOwnerUserId, /* isAdb= */ false,
10607                    /* hasIncompatibleAccountsOrNonAdb=*/ true);
10608        }
10609    }
10610
10611    private int checkManagedProfileProvisioningPreCondition(String packageName, int callingUserId) {
10612        if (!hasFeatureManagedUsers()) {
10613            return CODE_MANAGED_USERS_NOT_SUPPORTED;
10614        }
10615        if (callingUserId == UserHandle.USER_SYSTEM
10616                && mInjector.userManagerIsSplitSystemUser()) {
10617            // Managed-profiles cannot be setup on the system user.
10618            return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER;
10619        }
10620        if (getProfileOwner(callingUserId) != null) {
10621            // Managed user cannot have a managed profile.
10622            return CODE_USER_HAS_PROFILE_OWNER;
10623        }
10624
10625        final long ident = mInjector.binderClearCallingIdentity();
10626        try {
10627            final UserHandle callingUserHandle = UserHandle.of(callingUserId);
10628            final ComponentName ownerAdmin = getOwnerComponent(packageName, callingUserId);
10629            if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE,
10630                    callingUserHandle)) {
10631                // An admin can initiate provisioning if it has set the restriction.
10632                if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin,
10633                        UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) {
10634                    return CODE_ADD_MANAGED_PROFILE_DISALLOWED;
10635                }
10636            }
10637            boolean canRemoveProfile = true;
10638            if (mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
10639                    callingUserHandle)) {
10640                // We can remove a profile if the admin itself has set the restriction.
10641                if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin,
10642                        UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
10643                        callingUserId)) {
10644                    canRemoveProfile = false;
10645                }
10646            }
10647            if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) {
10648                return CODE_CANNOT_ADD_MANAGED_PROFILE;
10649            }
10650        } finally {
10651            mInjector.binderRestoreCallingIdentity(ident);
10652        }
10653        return CODE_OK;
10654    }
10655
10656    private ComponentName getOwnerComponent(String packageName, int userId) {
10657        if (isDeviceOwnerPackage(packageName, userId)) {
10658            return mOwners.getDeviceOwnerComponent();
10659        }
10660        if (isProfileOwnerPackage(packageName, userId)) {
10661            return mOwners.getProfileOwnerComponent(userId);
10662        }
10663        return null;
10664    }
10665
10666    /**
10667     * Return device owner or profile owner set on a given user.
10668     */
10669    private @Nullable ComponentName getOwnerComponent(int userId) {
10670        synchronized (this) {
10671            if (mOwners.getDeviceOwnerUserId() == userId) {
10672                return mOwners.getDeviceOwnerComponent();
10673            }
10674            if (mOwners.hasProfileOwner(userId)) {
10675                return mOwners.getProfileOwnerComponent(userId);
10676            }
10677        }
10678        return null;
10679    }
10680
10681    private int checkManagedUserProvisioningPreCondition(int callingUserId) {
10682        if (!hasFeatureManagedUsers()) {
10683            return CODE_MANAGED_USERS_NOT_SUPPORTED;
10684        }
10685        if (!mInjector.userManagerIsSplitSystemUser()) {
10686            // ACTION_PROVISION_MANAGED_USER only supported on split-user systems.
10687            return CODE_NOT_SYSTEM_USER_SPLIT;
10688        }
10689        if (callingUserId == UserHandle.USER_SYSTEM) {
10690            // System user cannot be a managed user.
10691            return CODE_SYSTEM_USER;
10692        }
10693        if (hasUserSetupCompleted(callingUserId)) {
10694            return CODE_USER_SETUP_COMPLETED;
10695        }
10696        if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) {
10697            return CODE_HAS_PAIRED;
10698        }
10699        return CODE_OK;
10700    }
10701
10702    private int checkManagedShareableDeviceProvisioningPreCondition(int callingUserId) {
10703        if (!mInjector.userManagerIsSplitSystemUser()) {
10704            // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems.
10705            return CODE_NOT_SYSTEM_USER_SPLIT;
10706        }
10707        return checkDeviceOwnerProvisioningPreCondition(callingUserId);
10708    }
10709
10710    private boolean hasFeatureManagedUsers() {
10711        try {
10712            return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0);
10713        } catch (RemoteException e) {
10714            return false;
10715        }
10716    }
10717
10718    @Override
10719    public String getWifiMacAddress(ComponentName admin) {
10720        // Make sure caller has DO.
10721        synchronized (this) {
10722            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10723        }
10724
10725        final long ident = mInjector.binderClearCallingIdentity();
10726        try {
10727            final WifiInfo wifiInfo = mInjector.getWifiManager().getConnectionInfo();
10728            if (wifiInfo == null) {
10729                return null;
10730            }
10731            return wifiInfo.hasRealMacAddress() ? wifiInfo.getMacAddress() : null;
10732        } finally {
10733            mInjector.binderRestoreCallingIdentity(ident);
10734        }
10735    }
10736
10737    /**
10738     * Returns the target sdk version number that the given packageName was built for
10739     * in the given user.
10740     */
10741    private int getTargetSdk(String packageName, int userId) {
10742        final ApplicationInfo ai;
10743        try {
10744            ai = mIPackageManager.getApplicationInfo(packageName, 0, userId);
10745            final int targetSdkVersion = ai == null ? 0 : ai.targetSdkVersion;
10746            return targetSdkVersion;
10747        } catch (RemoteException e) {
10748            // Shouldn't happen
10749            return 0;
10750        }
10751    }
10752
10753    @Override
10754    public boolean isManagedProfile(ComponentName admin) {
10755        enforceProfileOrDeviceOwner(admin);
10756        return isManagedProfile(mInjector.userHandleGetCallingUserId());
10757    }
10758
10759    @Override
10760    public boolean isSystemOnlyUser(ComponentName admin) {
10761        synchronized (this) {
10762            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10763        }
10764        final int callingUserId = mInjector.userHandleGetCallingUserId();
10765        return UserManager.isSplitSystemUser() && callingUserId == UserHandle.USER_SYSTEM;
10766    }
10767
10768    @Override
10769    public void reboot(ComponentName admin) {
10770        Preconditions.checkNotNull(admin);
10771        // Make sure caller has DO.
10772        synchronized (this) {
10773            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10774        }
10775        long ident = mInjector.binderClearCallingIdentity();
10776        try {
10777            // Make sure there are no ongoing calls on the device.
10778            if (mTelephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE) {
10779                throw new IllegalStateException("Cannot be called with ongoing call on the device");
10780            }
10781            mInjector.powerManagerReboot(PowerManager.REBOOT_REQUESTED_BY_DEVICE_OWNER);
10782        } finally {
10783            mInjector.binderRestoreCallingIdentity(ident);
10784        }
10785    }
10786
10787    @Override
10788    public void setShortSupportMessage(@NonNull ComponentName who, CharSequence message) {
10789        if (!mHasFeature) {
10790            return;
10791        }
10792        Preconditions.checkNotNull(who, "ComponentName is null");
10793        final int userHandle = mInjector.userHandleGetCallingUserId();
10794        synchronized (this) {
10795            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10796                    mInjector.binderGetCallingUid());
10797            if (!TextUtils.equals(admin.shortSupportMessage, message)) {
10798                admin.shortSupportMessage = message;
10799                saveSettingsLocked(userHandle);
10800            }
10801        }
10802    }
10803
10804    @Override
10805    public CharSequence getShortSupportMessage(@NonNull ComponentName who) {
10806        if (!mHasFeature) {
10807            return null;
10808        }
10809        Preconditions.checkNotNull(who, "ComponentName is null");
10810        synchronized (this) {
10811            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10812                    mInjector.binderGetCallingUid());
10813            return admin.shortSupportMessage;
10814        }
10815    }
10816
10817    @Override
10818    public void setLongSupportMessage(@NonNull ComponentName who, CharSequence message) {
10819        if (!mHasFeature) {
10820            return;
10821        }
10822        Preconditions.checkNotNull(who, "ComponentName is null");
10823        final int userHandle = mInjector.userHandleGetCallingUserId();
10824        synchronized (this) {
10825            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10826                    mInjector.binderGetCallingUid());
10827            if (!TextUtils.equals(admin.longSupportMessage, message)) {
10828                admin.longSupportMessage = message;
10829                saveSettingsLocked(userHandle);
10830            }
10831        }
10832    }
10833
10834    @Override
10835    public CharSequence getLongSupportMessage(@NonNull ComponentName who) {
10836        if (!mHasFeature) {
10837            return null;
10838        }
10839        Preconditions.checkNotNull(who, "ComponentName is null");
10840        synchronized (this) {
10841            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10842                    mInjector.binderGetCallingUid());
10843            return admin.longSupportMessage;
10844        }
10845    }
10846
10847    @Override
10848    public CharSequence getShortSupportMessageForUser(@NonNull ComponentName who, int userHandle) {
10849        if (!mHasFeature) {
10850            return null;
10851        }
10852        Preconditions.checkNotNull(who, "ComponentName is null");
10853        if (!isCallerWithSystemUid()) {
10854            throw new SecurityException("Only the system can query support message for user");
10855        }
10856        synchronized (this) {
10857            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
10858            if (admin != null) {
10859                return admin.shortSupportMessage;
10860            }
10861        }
10862        return null;
10863    }
10864
10865    @Override
10866    public CharSequence getLongSupportMessageForUser(@NonNull ComponentName who, int userHandle) {
10867        if (!mHasFeature) {
10868            return null;
10869        }
10870        Preconditions.checkNotNull(who, "ComponentName is null");
10871        if (!isCallerWithSystemUid()) {
10872            throw new SecurityException("Only the system can query support message for user");
10873        }
10874        synchronized (this) {
10875            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
10876            if (admin != null) {
10877                return admin.longSupportMessage;
10878            }
10879        }
10880        return null;
10881    }
10882
10883    @Override
10884    public void setOrganizationColor(@NonNull ComponentName who, int color) {
10885        if (!mHasFeature) {
10886            return;
10887        }
10888        Preconditions.checkNotNull(who, "ComponentName is null");
10889        final int userHandle = mInjector.userHandleGetCallingUserId();
10890        enforceManagedProfile(userHandle, "set organization color");
10891        synchronized (this) {
10892            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10893                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10894            admin.organizationColor = color;
10895            saveSettingsLocked(userHandle);
10896        }
10897    }
10898
10899    @Override
10900    public void setOrganizationColorForUser(int color, int userId) {
10901        if (!mHasFeature) {
10902            return;
10903        }
10904        enforceFullCrossUsersPermission(userId);
10905        enforceManageUsers();
10906        enforceManagedProfile(userId, "set organization color");
10907        synchronized (this) {
10908            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
10909            admin.organizationColor = color;
10910            saveSettingsLocked(userId);
10911        }
10912    }
10913
10914    @Override
10915    public int getOrganizationColor(@NonNull ComponentName who) {
10916        if (!mHasFeature) {
10917            return ActiveAdmin.DEF_ORGANIZATION_COLOR;
10918        }
10919        Preconditions.checkNotNull(who, "ComponentName is null");
10920        enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization color");
10921        synchronized (this) {
10922            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10923                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10924            return admin.organizationColor;
10925        }
10926    }
10927
10928    @Override
10929    public int getOrganizationColorForUser(int userHandle) {
10930        if (!mHasFeature) {
10931            return ActiveAdmin.DEF_ORGANIZATION_COLOR;
10932        }
10933        enforceFullCrossUsersPermission(userHandle);
10934        enforceManagedProfile(userHandle, "get organization color");
10935        synchronized (this) {
10936            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle);
10937            return (profileOwner != null)
10938                    ? profileOwner.organizationColor
10939                    : ActiveAdmin.DEF_ORGANIZATION_COLOR;
10940        }
10941    }
10942
10943    @Override
10944    public void setOrganizationName(@NonNull ComponentName who, CharSequence text) {
10945        if (!mHasFeature) {
10946            return;
10947        }
10948        Preconditions.checkNotNull(who, "ComponentName is null");
10949        final int userHandle = mInjector.userHandleGetCallingUserId();
10950
10951        synchronized (this) {
10952            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10953                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10954            if (!TextUtils.equals(admin.organizationName, text)) {
10955                admin.organizationName = (text == null || text.length() == 0)
10956                        ? null : text.toString();
10957                saveSettingsLocked(userHandle);
10958            }
10959        }
10960    }
10961
10962    @Override
10963    public CharSequence getOrganizationName(@NonNull ComponentName who) {
10964        if (!mHasFeature) {
10965            return null;
10966        }
10967        Preconditions.checkNotNull(who, "ComponentName is null");
10968        enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization name");
10969        synchronized(this) {
10970            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10971                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10972            return admin.organizationName;
10973        }
10974    }
10975
10976    @Override
10977    public CharSequence getDeviceOwnerOrganizationName() {
10978        if (!mHasFeature) {
10979            return null;
10980        }
10981        enforceDeviceOwnerOrManageUsers();
10982        synchronized(this) {
10983            final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
10984            return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName;
10985        }
10986    }
10987
10988    @Override
10989    public CharSequence getOrganizationNameForUser(int userHandle) {
10990        if (!mHasFeature) {
10991            return null;
10992        }
10993        enforceFullCrossUsersPermission(userHandle);
10994        enforceManagedProfile(userHandle, "get organization name");
10995        synchronized (this) {
10996            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle);
10997            return (profileOwner != null)
10998                    ? profileOwner.organizationName
10999                    : null;
11000        }
11001    }
11002
11003    @Override
11004    public void setAffiliationIds(ComponentName admin, List<String> ids) {
11005        if (!mHasFeature) {
11006            return;
11007        }
11008        if (ids == null) {
11009            throw new IllegalArgumentException("ids must not be null");
11010        }
11011        for (String id : ids) {
11012            if (TextUtils.isEmpty(id)) {
11013                throw new IllegalArgumentException("ids must not contain empty string");
11014            }
11015        }
11016
11017        final Set<String> affiliationIds = new ArraySet<>(ids);
11018        final int callingUserId = mInjector.userHandleGetCallingUserId();
11019        synchronized (this) {
11020            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11021            getUserData(callingUserId).mAffiliationIds = affiliationIds;
11022            saveSettingsLocked(callingUserId);
11023            if (callingUserId != UserHandle.USER_SYSTEM && isDeviceOwner(admin, callingUserId)) {
11024                // Affiliation ids specified by the device owner are additionally stored in
11025                // UserHandle.USER_SYSTEM's DevicePolicyData.
11026                getUserData(UserHandle.USER_SYSTEM).mAffiliationIds = affiliationIds;
11027                saveSettingsLocked(UserHandle.USER_SYSTEM);
11028            }
11029
11030            // Affiliation status for any user, not just the calling user, might have changed.
11031            // The device owner user will still be affiliated after changing its affiliation ids,
11032            // but as a result of that other users might become affiliated or un-affiliated.
11033            maybePauseDeviceWideLoggingLocked();
11034            maybeResumeDeviceWideLoggingLocked();
11035            maybeClearLockTaskPolicyLocked();
11036        }
11037    }
11038
11039    @Override
11040    public List<String> getAffiliationIds(ComponentName admin) {
11041        if (!mHasFeature) {
11042            return Collections.emptyList();
11043        }
11044
11045        Preconditions.checkNotNull(admin);
11046        synchronized (this) {
11047            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11048            return new ArrayList<String>(
11049                    getUserData(mInjector.userHandleGetCallingUserId()).mAffiliationIds);
11050        }
11051    }
11052
11053    @Override
11054    public boolean isAffiliatedUser() {
11055        if (!mHasFeature) {
11056            return false;
11057        }
11058
11059        synchronized (this) {
11060            return isUserAffiliatedWithDeviceLocked(mInjector.userHandleGetCallingUserId());
11061        }
11062    }
11063
11064    private boolean isUserAffiliatedWithDeviceLocked(int userId) {
11065        if (!mOwners.hasDeviceOwner()) {
11066            return false;
11067        }
11068        if (userId == mOwners.getDeviceOwnerUserId()) {
11069            // The user that the DO is installed on is always affiliated with the device.
11070            return true;
11071        }
11072        if (userId == UserHandle.USER_SYSTEM) {
11073            // The system user is always affiliated in a DO device, even if the DO is set on a
11074            // different user. This could be the case if the DO is set in the primary user
11075            // of a split user device.
11076            return true;
11077        }
11078        final ComponentName profileOwner = getProfileOwner(userId);
11079        if (profileOwner == null) {
11080            return false;
11081        }
11082        final Set<String> userAffiliationIds = getUserData(userId).mAffiliationIds;
11083        final Set<String> deviceAffiliationIds =
11084                getUserData(UserHandle.USER_SYSTEM).mAffiliationIds;
11085        for (String id : userAffiliationIds) {
11086            if (deviceAffiliationIds.contains(id)) {
11087                return true;
11088            }
11089        }
11090        return false;
11091    }
11092
11093    private boolean areAllUsersAffiliatedWithDeviceLocked() {
11094        final long ident = mInjector.binderClearCallingIdentity();
11095        try {
11096            final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true);
11097            for (int i = 0; i < userInfos.size(); i++) {
11098                int userId = userInfos.get(i).id;
11099                if (!isUserAffiliatedWithDeviceLocked(userId)) {
11100                    Slog.d(LOG_TAG, "User id " + userId + " not affiliated.");
11101                    return false;
11102                }
11103            }
11104        } finally {
11105            mInjector.binderRestoreCallingIdentity(ident);
11106        }
11107
11108        return true;
11109    }
11110
11111    @Override
11112    public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled) {
11113        if (!mHasFeature) {
11114            return;
11115        }
11116        Preconditions.checkNotNull(admin);
11117
11118        synchronized (this) {
11119            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11120            if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) {
11121                return;
11122            }
11123            mInjector.securityLogSetLoggingEnabledProperty(enabled);
11124            if (enabled) {
11125                mSecurityLogMonitor.start();
11126                maybePauseDeviceWideLoggingLocked();
11127            } else {
11128                mSecurityLogMonitor.stop();
11129            }
11130        }
11131    }
11132
11133    @Override
11134    public boolean isSecurityLoggingEnabled(ComponentName admin) {
11135        if (!mHasFeature) {
11136            return false;
11137        }
11138
11139        synchronized (this) {
11140            if (!isCallerWithSystemUid()) {
11141                Preconditions.checkNotNull(admin);
11142                getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11143            }
11144            return mInjector.securityLogGetLoggingEnabledProperty();
11145        }
11146    }
11147
11148    private synchronized void recordSecurityLogRetrievalTime() {
11149        final long currentTime = System.currentTimeMillis();
11150        DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
11151        if (currentTime > policyData.mLastSecurityLogRetrievalTime) {
11152            policyData.mLastSecurityLogRetrievalTime = currentTime;
11153            saveSettingsLocked(UserHandle.USER_SYSTEM);
11154        }
11155    }
11156
11157    @Override
11158    public ParceledListSlice<SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin) {
11159        if (!mHasFeature) {
11160            return null;
11161        }
11162
11163        Preconditions.checkNotNull(admin);
11164        ensureDeviceOwnerAndAllUsersAffiliated(admin);
11165
11166        if (!mContext.getResources().getBoolean(R.bool.config_supportPreRebootSecurityLogs)
11167                || !mInjector.securityLogGetLoggingEnabledProperty()) {
11168            return null;
11169        }
11170
11171        recordSecurityLogRetrievalTime();
11172
11173        ArrayList<SecurityEvent> output = new ArrayList<SecurityEvent>();
11174        try {
11175            SecurityLog.readPreviousEvents(output);
11176            return new ParceledListSlice<SecurityEvent>(output);
11177        } catch (IOException e) {
11178            Slog.w(LOG_TAG, "Fail to read previous events" , e);
11179            return new ParceledListSlice<SecurityEvent>(Collections.<SecurityEvent>emptyList());
11180        }
11181    }
11182
11183    @Override
11184    public ParceledListSlice<SecurityEvent> retrieveSecurityLogs(ComponentName admin) {
11185        if (!mHasFeature) {
11186            return null;
11187        }
11188
11189        Preconditions.checkNotNull(admin);
11190        ensureDeviceOwnerAndAllUsersAffiliated(admin);
11191
11192        if (!mInjector.securityLogGetLoggingEnabledProperty()) {
11193            return null;
11194        }
11195
11196        recordSecurityLogRetrievalTime();
11197
11198        List<SecurityEvent> logs = mSecurityLogMonitor.retrieveLogs();
11199        return logs != null ? new ParceledListSlice<SecurityEvent>(logs) : null;
11200    }
11201
11202    private void enforceCanManageDeviceAdmin() {
11203        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS,
11204                null);
11205    }
11206
11207    private void enforceCanManageProfileAndDeviceOwners() {
11208        mContext.enforceCallingOrSelfPermission(
11209                android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);
11210    }
11211
11212    private void enforceCallerSystemUserHandle() {
11213        final int callingUid = mInjector.binderGetCallingUid();
11214        final int userId = UserHandle.getUserId(callingUid);
11215        if (userId != UserHandle.USER_SYSTEM) {
11216            throw new SecurityException("Caller has to be in user 0");
11217        }
11218    }
11219
11220    @Override
11221    public boolean isUninstallInQueue(final String packageName) {
11222        enforceCanManageDeviceAdmin();
11223        final int userId = mInjector.userHandleGetCallingUserId();
11224        Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
11225        synchronized (this) {
11226            return mPackagesToRemove.contains(packageUserPair);
11227        }
11228    }
11229
11230    @Override
11231    public void uninstallPackageWithActiveAdmins(final String packageName) {
11232        enforceCanManageDeviceAdmin();
11233        Preconditions.checkArgument(!TextUtils.isEmpty(packageName));
11234
11235        final int userId = mInjector.userHandleGetCallingUserId();
11236
11237        enforceUserUnlocked(userId);
11238
11239        final ComponentName profileOwner = getProfileOwner(userId);
11240        if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) {
11241            throw new IllegalArgumentException("Cannot uninstall a package with a profile owner");
11242        }
11243
11244        final ComponentName deviceOwner = getDeviceOwnerComponent(/* callingUserOnly= */ false);
11245        if (getDeviceOwnerUserId() == userId && deviceOwner != null
11246                && packageName.equals(deviceOwner.getPackageName())) {
11247            throw new IllegalArgumentException("Cannot uninstall a package with a device owner");
11248        }
11249
11250        final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
11251        synchronized (this) {
11252            mPackagesToRemove.add(packageUserPair);
11253        }
11254
11255        // All active admins on the user.
11256        final List<ComponentName> allActiveAdmins = getActiveAdmins(userId);
11257
11258        // Active admins in the target package.
11259        final List<ComponentName> packageActiveAdmins = new ArrayList<>();
11260        if (allActiveAdmins != null) {
11261            for (ComponentName activeAdmin : allActiveAdmins) {
11262                if (packageName.equals(activeAdmin.getPackageName())) {
11263                    packageActiveAdmins.add(activeAdmin);
11264                    removeActiveAdmin(activeAdmin, userId);
11265                }
11266            }
11267        }
11268        if (packageActiveAdmins.size() == 0) {
11269            startUninstallIntent(packageName, userId);
11270        } else {
11271            mHandler.postDelayed(new Runnable() {
11272                @Override
11273                public void run() {
11274                    for (ComponentName activeAdmin : packageActiveAdmins) {
11275                        removeAdminArtifacts(activeAdmin, userId);
11276                    }
11277                    startUninstallIntent(packageName, userId);
11278                }
11279            }, DEVICE_ADMIN_DEACTIVATE_TIMEOUT); // Start uninstall after timeout anyway.
11280        }
11281    }
11282
11283    @Override
11284    public boolean isDeviceProvisioned() {
11285        synchronized (this) {
11286            return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete;
11287        }
11288    }
11289
11290    private boolean isCurrentUserDemo() {
11291        if (UserManager.isDeviceInDemoMode(mContext)) {
11292            final int userId = mInjector.userHandleGetCallingUserId();
11293            final long callingIdentity = mInjector.binderClearCallingIdentity();
11294            try {
11295                return mUserManager.getUserInfo(userId).isDemo();
11296            } finally {
11297                mInjector.binderRestoreCallingIdentity(callingIdentity);
11298            }
11299        }
11300        return false;
11301    }
11302
11303    private void removePackageIfRequired(final String packageName, final int userId) {
11304        if (!packageHasActiveAdmins(packageName, userId)) {
11305            // Will not do anything if uninstall was not requested or was already started.
11306            startUninstallIntent(packageName, userId);
11307        }
11308    }
11309
11310    private void startUninstallIntent(final String packageName, final int userId) {
11311        final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
11312        synchronized (this) {
11313            if (!mPackagesToRemove.contains(packageUserPair)) {
11314                // Do nothing if uninstall was not requested or was already started.
11315                return;
11316            }
11317            mPackagesToRemove.remove(packageUserPair);
11318        }
11319        try {
11320            if (mInjector.getIPackageManager().getPackageInfo(packageName, 0, userId) == null) {
11321                // Package does not exist. Nothing to do.
11322                return;
11323            }
11324        } catch (RemoteException re) {
11325            Log.e(LOG_TAG, "Failure talking to PackageManager while getting package info");
11326        }
11327
11328        try { // force stop the package before uninstalling
11329            mInjector.getIActivityManager().forceStopPackage(packageName, userId);
11330        } catch (RemoteException re) {
11331            Log.e(LOG_TAG, "Failure talking to ActivityManager while force stopping package");
11332        }
11333        final Uri packageURI = Uri.parse("package:" + packageName);
11334        final Intent uninstallIntent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageURI);
11335        uninstallIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
11336        mContext.startActivityAsUser(uninstallIntent, UserHandle.of(userId));
11337    }
11338
11339    /**
11340     * Removes the admin from the policy. Ideally called after the admin's
11341     * {@link DeviceAdminReceiver#onDisabled(Context, Intent)} has been successfully completed.
11342     *
11343     * @param adminReceiver The admin to remove
11344     * @param userHandle The user for which this admin has to be removed.
11345     */
11346    private void removeAdminArtifacts(final ComponentName adminReceiver, final int userHandle) {
11347        synchronized (this) {
11348            final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
11349            if (admin == null) {
11350                return;
11351            }
11352            final DevicePolicyData policy = getUserData(userHandle);
11353            final boolean doProxyCleanup = admin.info.usesPolicy(
11354                    DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY);
11355            policy.mAdminList.remove(admin);
11356            policy.mAdminMap.remove(adminReceiver);
11357            validatePasswordOwnerLocked(policy);
11358            if (doProxyCleanup) {
11359                resetGlobalProxyLocked(policy);
11360            }
11361            pushActiveAdminPackagesLocked(userHandle);
11362            saveSettingsLocked(userHandle);
11363            updateMaximumTimeToLockLocked(userHandle);
11364            policy.mRemovingAdmins.remove(adminReceiver);
11365
11366            Slog.i(LOG_TAG, "Device admin " + adminReceiver + " removed from user " + userHandle);
11367        }
11368        // The removed admin might have disabled camera, so update user
11369        // restrictions.
11370        pushUserRestrictions(userHandle);
11371    }
11372
11373    @Override
11374    public void setDeviceProvisioningConfigApplied() {
11375        enforceManageUsers();
11376        synchronized (this) {
11377            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
11378            policy.mDeviceProvisioningConfigApplied = true;
11379            saveSettingsLocked(UserHandle.USER_SYSTEM);
11380        }
11381    }
11382
11383    @Override
11384    public boolean isDeviceProvisioningConfigApplied() {
11385        enforceManageUsers();
11386        synchronized (this) {
11387            final DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
11388            return policy.mDeviceProvisioningConfigApplied;
11389        }
11390    }
11391
11392    /**
11393     * Force update internal persistent state from Settings.Secure.USER_SETUP_COMPLETE.
11394     *
11395     * It's added for testing only. Please use this API carefully if it's used by other system app
11396     * and bare in mind Settings.Secure.USER_SETUP_COMPLETE can be modified by user and other system
11397     * apps.
11398     */
11399    @Override
11400    public void forceUpdateUserSetupComplete() {
11401        enforceCanManageProfileAndDeviceOwners();
11402        enforceCallerSystemUserHandle();
11403        // no effect if it's called from user build
11404        if (!mInjector.isBuildDebuggable()) {
11405            return;
11406        }
11407        final int userId = UserHandle.USER_SYSTEM;
11408        boolean isUserCompleted = mInjector.settingsSecureGetIntForUser(
11409                Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0;
11410        DevicePolicyData policy = getUserData(userId);
11411        policy.mUserSetupComplete = isUserCompleted;
11412        synchronized (this) {
11413            saveSettingsLocked(userId);
11414        }
11415    }
11416
11417    // TODO(b/22388012): When backup is available for secondary users and profiles, consider
11418    // whether there are any privacy/security implications of enabling the backup service here
11419    // if there are other users or profiles unmanaged or managed by a different entity (i.e. not
11420    // affiliated).
11421    @Override
11422    public void setBackupServiceEnabled(ComponentName admin, boolean enabled) {
11423        if (!mHasFeature) {
11424            return;
11425        }
11426        Preconditions.checkNotNull(admin);
11427        synchronized (this) {
11428            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(
11429                    admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11430            if (!enabled) {
11431                activeAdmin.mandatoryBackupTransport = null;
11432                saveSettingsLocked(UserHandle.USER_SYSTEM);
11433            }
11434        }
11435
11436        final long ident = mInjector.binderClearCallingIdentity();
11437        try {
11438            IBackupManager ibm = mInjector.getIBackupManager();
11439            if (ibm != null) {
11440                ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled);
11441            }
11442        } catch (RemoteException e) {
11443            throw new IllegalStateException(
11444                "Failed " + (enabled ? "" : "de") + "activating backup service.", e);
11445        } finally {
11446            mInjector.binderRestoreCallingIdentity(ident);
11447        }
11448    }
11449
11450    @Override
11451    public boolean isBackupServiceEnabled(ComponentName admin) {
11452        Preconditions.checkNotNull(admin);
11453        if (!mHasFeature) {
11454            return true;
11455        }
11456        synchronized (this) {
11457            try {
11458                getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11459                IBackupManager ibm = mInjector.getIBackupManager();
11460                return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM);
11461            } catch (RemoteException e) {
11462                throw new IllegalStateException("Failed requesting backup service state.", e);
11463            }
11464        }
11465    }
11466
11467    @Override
11468    public void setMandatoryBackupTransport(
11469            ComponentName admin, ComponentName backupTransportComponent) {
11470        if (!mHasFeature) {
11471            return;
11472        }
11473        Preconditions.checkNotNull(admin);
11474        synchronized (this) {
11475            ActiveAdmin activeAdmin =
11476                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11477            if (!Objects.equals(backupTransportComponent, activeAdmin.mandatoryBackupTransport)) {
11478                activeAdmin.mandatoryBackupTransport = backupTransportComponent;
11479                saveSettingsLocked(UserHandle.USER_SYSTEM);
11480            }
11481        }
11482        final long identity = mInjector.binderClearCallingIdentity();
11483        try {
11484            IBackupManager ibm = mInjector.getIBackupManager();
11485            if (ibm != null && backupTransportComponent != null) {
11486                if (!ibm.isBackupServiceActive(UserHandle.USER_SYSTEM)) {
11487                    ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, true);
11488                }
11489                ibm.selectBackupTransportAsync(backupTransportComponent, null);
11490                ibm.setBackupEnabled(true);
11491            }
11492        } catch (RemoteException e) {
11493            throw new IllegalStateException("Failed to set mandatory backup transport.", e);
11494        } finally {
11495            mInjector.binderRestoreCallingIdentity(identity);
11496        }
11497    }
11498
11499    @Override
11500    public ComponentName getMandatoryBackupTransport() {
11501        if (!mHasFeature) {
11502            return null;
11503        }
11504        synchronized (this) {
11505            ActiveAdmin activeAdmin = getDeviceOwnerAdminLocked();
11506            return activeAdmin == null ? null : activeAdmin.mandatoryBackupTransport;
11507        }
11508    }
11509
11510
11511    @Override
11512    public boolean bindDeviceAdminServiceAsUser(
11513            @NonNull ComponentName admin, @NonNull IApplicationThread caller,
11514            @Nullable IBinder activtiyToken, @NonNull Intent serviceIntent,
11515            @NonNull IServiceConnection connection, int flags, @UserIdInt int targetUserId) {
11516        if (!mHasFeature) {
11517            return false;
11518        }
11519        Preconditions.checkNotNull(admin);
11520        Preconditions.checkNotNull(caller);
11521        Preconditions.checkNotNull(serviceIntent);
11522        Preconditions.checkArgument(
11523                serviceIntent.getComponent() != null || serviceIntent.getPackage() != null,
11524                "Service intent must be explicit (with a package name or component): "
11525                        + serviceIntent);
11526        Preconditions.checkNotNull(connection);
11527        Preconditions.checkArgument(mInjector.userHandleGetCallingUserId() != targetUserId,
11528                "target user id must be different from the calling user id");
11529
11530        if (!getBindDeviceAdminTargetUsers(admin).contains(UserHandle.of(targetUserId))) {
11531            throw new SecurityException("Not allowed to bind to target user id");
11532        }
11533
11534        final String targetPackage;
11535        synchronized (this) {
11536            targetPackage = getOwnerPackageNameForUserLocked(targetUserId);
11537        }
11538
11539        final long callingIdentity = mInjector.binderClearCallingIdentity();
11540        try {
11541            // Validate and sanitize the incoming service intent.
11542            final Intent sanitizedIntent =
11543                    createCrossUserServiceIntent(serviceIntent, targetPackage, targetUserId);
11544            if (sanitizedIntent == null) {
11545                // Fail, cannot lookup the target service.
11546                return false;
11547            }
11548            // Ask ActivityManager to bind it. Notice that we are binding the service with the
11549            // caller app instead of DevicePolicyManagerService.
11550            return mInjector.getIActivityManager().bindService(
11551                    caller, activtiyToken, serviceIntent,
11552                    serviceIntent.resolveTypeIfNeeded(mContext.getContentResolver()),
11553                    connection, flags, mContext.getOpPackageName(),
11554                    targetUserId) != 0;
11555        } catch (RemoteException ex) {
11556            // Same process, should not happen.
11557        } finally {
11558            mInjector.binderRestoreCallingIdentity(callingIdentity);
11559        }
11560
11561        // Failed to bind.
11562        return false;
11563    }
11564
11565    @Override
11566    public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) {
11567        if (!mHasFeature) {
11568            return Collections.emptyList();
11569        }
11570        Preconditions.checkNotNull(admin);
11571
11572        synchronized (this) {
11573            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11574
11575            final int callingUserId = mInjector.userHandleGetCallingUserId();
11576            final long callingIdentity = mInjector.binderClearCallingIdentity();
11577            try {
11578                ArrayList<UserHandle> targetUsers = new ArrayList<>();
11579                if (!isDeviceOwner(admin, callingUserId)) {
11580                    // Profile owners can only bind to the device owner.
11581                    if (canUserBindToDeviceOwnerLocked(callingUserId)) {
11582                        targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId()));
11583                    }
11584                } else {
11585                    // Caller is the device owner: Look for profile owners that it can bind to.
11586                    final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true);
11587                    for (int i = 0; i < userInfos.size(); i++) {
11588                        final int userId = userInfos.get(i).id;
11589                        if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) {
11590                            targetUsers.add(UserHandle.of(userId));
11591                        }
11592                    }
11593                }
11594
11595                return targetUsers;
11596            } finally {
11597                mInjector.binderRestoreCallingIdentity(callingIdentity);
11598            }
11599        }
11600    }
11601
11602    private boolean canUserBindToDeviceOwnerLocked(int userId) {
11603        // There has to be a device owner, under another user id.
11604        if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) {
11605            return false;
11606        }
11607
11608        // The user must have a profile owner that belongs to the same package as the device owner.
11609        if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals(
11610                mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) {
11611            return false;
11612        }
11613
11614        // The user must be affiliated.
11615        return isUserAffiliatedWithDeviceLocked(userId);
11616    }
11617
11618    /**
11619     * Return true if a given user has any accounts that'll prevent installing a device or profile
11620     * owner {@code owner}.
11621     * - If the user has no accounts, then return false.
11622     * - Otherwise, if the owner is unknown (== null), or is not test-only, then return true.
11623     * - Otherwise, if there's any account that does not have ..._ALLOWED, or does have
11624     *   ..._DISALLOWED, return true.
11625     * - Otherwise return false.
11626     *
11627     * If the caller is *not* ADB, it also returns true.  The returned value shouldn't be used
11628     * when the caller is not ADB.
11629     *
11630     * DO NOT CALL IT WITH THE DPMS LOCK HELD.
11631     */
11632    private boolean hasIncompatibleAccountsOrNonAdbNoLock(
11633            int userId, @Nullable ComponentName owner) {
11634        if (!isAdb()) {
11635            return true;
11636        }
11637        wtfIfInLock();
11638
11639        final long token = mInjector.binderClearCallingIdentity();
11640        try {
11641            final AccountManager am = AccountManager.get(mContext);
11642            final Account accounts[] = am.getAccountsAsUser(userId);
11643            if (accounts.length == 0) {
11644                return false;
11645            }
11646            synchronized (this) {
11647                if (owner == null || !isAdminTestOnlyLocked(owner, userId)) {
11648                    Log.w(LOG_TAG,
11649                            "Non test-only owner can't be installed with existing accounts.");
11650                    return true;
11651                }
11652            }
11653
11654            final String[] feature_allow =
11655                    { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED };
11656            final String[] feature_disallow =
11657                    { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED };
11658
11659            boolean compatible = true;
11660            for (Account account : accounts) {
11661                if (hasAccountFeatures(am, account, feature_disallow)) {
11662                    Log.e(LOG_TAG, account + " has " + feature_disallow[0]);
11663                    compatible = false;
11664                    break;
11665                }
11666                if (!hasAccountFeatures(am, account, feature_allow)) {
11667                    Log.e(LOG_TAG, account + " doesn't have " + feature_allow[0]);
11668                    compatible = false;
11669                    break;
11670                }
11671            }
11672            if (compatible) {
11673                Log.w(LOG_TAG, "All accounts are compatible");
11674            } else {
11675                Log.e(LOG_TAG, "Found incompatible accounts");
11676            }
11677            return !compatible;
11678        } finally {
11679            mInjector.binderRestoreCallingIdentity(token);
11680        }
11681    }
11682
11683    private boolean hasAccountFeatures(AccountManager am, Account account, String[] features) {
11684        try {
11685            return am.hasFeatures(account, features, null, null).getResult();
11686        } catch (Exception e) {
11687            Log.w(LOG_TAG, "Failed to get account feature", e);
11688            return false;
11689        }
11690    }
11691
11692    private boolean isAdb() {
11693        final int callingUid = mInjector.binderGetCallingUid();
11694        return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
11695    }
11696
11697    @Override
11698    public synchronized void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) {
11699        if (!mHasFeature) {
11700            return;
11701        }
11702        Preconditions.checkNotNull(admin);
11703        getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11704
11705        if (enabled == isNetworkLoggingEnabledInternalLocked()) {
11706            // already in the requested state
11707            return;
11708        }
11709        ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
11710        deviceOwner.isNetworkLoggingEnabled = enabled;
11711        if (!enabled) {
11712            deviceOwner.numNetworkLoggingNotifications = 0;
11713            deviceOwner.lastNetworkLoggingNotificationTimeMs = 0;
11714        }
11715        saveSettingsLocked(mInjector.userHandleGetCallingUserId());
11716
11717        setNetworkLoggingActiveInternal(enabled);
11718    }
11719
11720    private synchronized void setNetworkLoggingActiveInternal(boolean active) {
11721        final long callingIdentity = mInjector.binderClearCallingIdentity();
11722        try {
11723            if (active) {
11724                mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal());
11725                if (!mNetworkLogger.startNetworkLogging()) {
11726                    mNetworkLogger = null;
11727                    Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging"
11728                            + " service not being available yet.");
11729                }
11730                maybePauseDeviceWideLoggingLocked();
11731                sendNetworkLoggingNotificationLocked();
11732            } else {
11733                if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) {
11734                    Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging"
11735                            + " service not being available yet.");
11736                }
11737                mNetworkLogger = null;
11738                mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING);
11739            }
11740        } finally {
11741            mInjector.binderRestoreCallingIdentity(callingIdentity);
11742        }
11743    }
11744
11745    /** Pauses security and network logging if there are unaffiliated users on the device */
11746    private void maybePauseDeviceWideLoggingLocked() {
11747        if (!areAllUsersAffiliatedWithDeviceLocked()) {
11748            Slog.i(LOG_TAG, "There are unaffiliated users, security and network logging will be "
11749                    + "paused if enabled.");
11750            mSecurityLogMonitor.pause();
11751            if (mNetworkLogger != null) {
11752                mNetworkLogger.pause();
11753            }
11754        }
11755    }
11756
11757    /** Resumes security and network logging (if they are enabled) if all users are affiliated */
11758    private void maybeResumeDeviceWideLoggingLocked() {
11759        if (areAllUsersAffiliatedWithDeviceLocked()) {
11760            final long ident = mInjector.binderClearCallingIdentity();
11761            try {
11762                mSecurityLogMonitor.resume();
11763                if (mNetworkLogger != null) {
11764                    mNetworkLogger.resume();
11765                }
11766            } finally {
11767                mInjector.binderRestoreCallingIdentity(ident);
11768            }
11769        }
11770    }
11771
11772    /** Deletes any security and network logs that might have been collected so far */
11773    private void discardDeviceWideLogsLocked() {
11774        mSecurityLogMonitor.discardLogs();
11775        if (mNetworkLogger != null) {
11776            mNetworkLogger.discardLogs();
11777        }
11778        // TODO: We should discard pre-boot security logs here too, as otherwise those
11779        // logs (which might contain data from the user just removed) will be
11780        // available after next boot.
11781    }
11782
11783    @Override
11784    public boolean isNetworkLoggingEnabled(ComponentName admin) {
11785        if (!mHasFeature) {
11786            return false;
11787        }
11788        synchronized (this) {
11789            enforceDeviceOwnerOrManageUsers();
11790            return isNetworkLoggingEnabledInternalLocked();
11791        }
11792    }
11793
11794    private boolean isNetworkLoggingEnabledInternalLocked() {
11795        ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
11796        return (deviceOwner != null) && deviceOwner.isNetworkLoggingEnabled;
11797    }
11798
11799    /*
11800     * A maximum of 1200 events are returned, and the total marshalled size is in the order of
11801     * 100kB, so returning a List instead of ParceledListSlice is acceptable.
11802     * Ideally this would be done with ParceledList, however it only supports homogeneous types.
11803     *
11804     * @see NetworkLoggingHandler#MAX_EVENTS_PER_BATCH
11805     */
11806    @Override
11807    public List<NetworkEvent> retrieveNetworkLogs(ComponentName admin, long batchToken) {
11808        if (!mHasFeature) {
11809            return null;
11810        }
11811        Preconditions.checkNotNull(admin);
11812        ensureDeviceOwnerAndAllUsersAffiliated(admin);
11813
11814        synchronized (this) {
11815            if (mNetworkLogger == null
11816                    || !isNetworkLoggingEnabledInternalLocked()) {
11817                return null;
11818            }
11819
11820            final long currentTime = System.currentTimeMillis();
11821            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
11822            if (currentTime > policyData.mLastNetworkLogsRetrievalTime) {
11823                policyData.mLastNetworkLogsRetrievalTime = currentTime;
11824                saveSettingsLocked(UserHandle.USER_SYSTEM);
11825            }
11826            return mNetworkLogger.retrieveLogs(batchToken);
11827        }
11828    }
11829
11830    private void sendNetworkLoggingNotificationLocked() {
11831        final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
11832        if (deviceOwner == null || !deviceOwner.isNetworkLoggingEnabled) {
11833            return;
11834        }
11835        if (deviceOwner.numNetworkLoggingNotifications >=
11836                ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) {
11837            return;
11838        }
11839        final long now = System.currentTimeMillis();
11840        if (now - deviceOwner.lastNetworkLoggingNotificationTimeMs < MS_PER_DAY) {
11841            return;
11842        }
11843        deviceOwner.numNetworkLoggingNotifications++;
11844        if (deviceOwner.numNetworkLoggingNotifications
11845                >= ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) {
11846            deviceOwner.lastNetworkLoggingNotificationTimeMs = 0;
11847        } else {
11848            deviceOwner.lastNetworkLoggingNotificationTimeMs = now;
11849        }
11850        final Intent intent = new Intent(DevicePolicyManager.ACTION_SHOW_DEVICE_MONITORING_DIALOG);
11851        intent.setPackage("com.android.systemui");
11852        final PendingIntent pendingIntent = PendingIntent.getBroadcastAsUser(mContext, 0, intent, 0,
11853                UserHandle.CURRENT);
11854        Notification notification =
11855                new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN)
11856                .setSmallIcon(R.drawable.ic_info_outline)
11857                .setContentTitle(mContext.getString(R.string.network_logging_notification_title))
11858                .setContentText(mContext.getString(R.string.network_logging_notification_text))
11859                .setTicker(mContext.getString(R.string.network_logging_notification_title))
11860                .setShowWhen(true)
11861                .setContentIntent(pendingIntent)
11862                .setStyle(new Notification.BigTextStyle()
11863                        .bigText(mContext.getString(R.string.network_logging_notification_text)))
11864                .build();
11865        mInjector.getNotificationManager().notify(SystemMessage.NOTE_NETWORK_LOGGING, notification);
11866        saveSettingsLocked(mOwners.getDeviceOwnerUserId());
11867    }
11868
11869    /**
11870     * Return the package name of owner in a given user.
11871     */
11872    private String getOwnerPackageNameForUserLocked(int userId) {
11873        return mOwners.getDeviceOwnerUserId() == userId
11874                ? mOwners.getDeviceOwnerPackageName()
11875                : mOwners.getProfileOwnerPackage(userId);
11876    }
11877
11878    /**
11879     * @param rawIntent Original service intent specified by caller. It must be explicit.
11880     * @param expectedPackageName The expected package name of the resolved service.
11881     * @return Intent that have component explicitly set. {@code null} if no service is resolved
11882     *     with the given intent.
11883     * @throws SecurityException if the intent is resolved to an invalid service.
11884     */
11885    private Intent createCrossUserServiceIntent(
11886            @NonNull Intent rawIntent, @NonNull String expectedPackageName,
11887            @UserIdInt int targetUserId) throws RemoteException, SecurityException {
11888        ResolveInfo info = mIPackageManager.resolveService(
11889                rawIntent,
11890                rawIntent.resolveTypeIfNeeded(mContext.getContentResolver()),
11891                0,  // flags
11892                targetUserId);
11893        if (info == null || info.serviceInfo == null) {
11894            Log.e(LOG_TAG, "Fail to look up the service: " + rawIntent
11895                    + " or user " + targetUserId + " is not running");
11896            return null;
11897        }
11898        if (!expectedPackageName.equals(info.serviceInfo.packageName)) {
11899            throw new SecurityException("Only allow to bind service in " + expectedPackageName);
11900        }
11901        // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release.
11902        if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) {
11903            throw new SecurityException(
11904                    "Service must be protected by BIND_DEVICE_ADMIN permission");
11905        }
11906        // It is the system server to bind the service, it would be extremely dangerous if it
11907        // can be exploited to bind any service. Set the component explicitly to make sure we
11908        // do not bind anything accidentally.
11909        rawIntent.setComponent(info.serviceInfo.getComponentName());
11910        return rawIntent;
11911    }
11912
11913    @Override
11914    public long getLastSecurityLogRetrievalTime() {
11915        enforceDeviceOwnerOrManageUsers();
11916        return getUserData(UserHandle.USER_SYSTEM).mLastSecurityLogRetrievalTime;
11917     }
11918
11919    @Override
11920    public long getLastBugReportRequestTime() {
11921        enforceDeviceOwnerOrManageUsers();
11922        return getUserData(UserHandle.USER_SYSTEM).mLastBugReportRequestTime;
11923     }
11924
11925    @Override
11926    public long getLastNetworkLogRetrievalTime() {
11927        enforceDeviceOwnerOrManageUsers();
11928        return getUserData(UserHandle.USER_SYSTEM).mLastNetworkLogsRetrievalTime;
11929    }
11930
11931    @Override
11932    public boolean setResetPasswordToken(ComponentName admin, byte[] token) {
11933        if (!mHasFeature) {
11934            return false;
11935        }
11936        if (token == null || token.length < 32) {
11937            throw new IllegalArgumentException("token must be at least 32-byte long");
11938        }
11939        synchronized (this) {
11940            final int userHandle = mInjector.userHandleGetCallingUserId();
11941            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11942
11943            DevicePolicyData policy = getUserData(userHandle);
11944            long ident = mInjector.binderClearCallingIdentity();
11945            try {
11946                if (policy.mPasswordTokenHandle != 0) {
11947                    mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, userHandle);
11948                }
11949
11950                policy.mPasswordTokenHandle = mLockPatternUtils.addEscrowToken(token, userHandle);
11951                saveSettingsLocked(userHandle);
11952                return policy.mPasswordTokenHandle != 0;
11953            } finally {
11954                mInjector.binderRestoreCallingIdentity(ident);
11955            }
11956        }
11957    }
11958
11959    @Override
11960    public boolean clearResetPasswordToken(ComponentName admin) {
11961        if (!mHasFeature) {
11962            return false;
11963        }
11964        synchronized (this) {
11965            final int userHandle = mInjector.userHandleGetCallingUserId();
11966            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11967
11968            DevicePolicyData policy = getUserData(userHandle);
11969            if (policy.mPasswordTokenHandle != 0) {
11970                long ident = mInjector.binderClearCallingIdentity();
11971                try {
11972                    boolean result = mLockPatternUtils.removeEscrowToken(
11973                            policy.mPasswordTokenHandle, userHandle);
11974                    policy.mPasswordTokenHandle = 0;
11975                    saveSettingsLocked(userHandle);
11976                    return result;
11977                } finally {
11978                    mInjector.binderRestoreCallingIdentity(ident);
11979                }
11980            }
11981        }
11982        return false;
11983    }
11984
11985    @Override
11986    public boolean isResetPasswordTokenActive(ComponentName admin) {
11987        synchronized (this) {
11988            final int userHandle = mInjector.userHandleGetCallingUserId();
11989            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11990
11991            DevicePolicyData policy = getUserData(userHandle);
11992            if (policy.mPasswordTokenHandle != 0) {
11993                long ident = mInjector.binderClearCallingIdentity();
11994                try {
11995                    return mLockPatternUtils.isEscrowTokenActive(policy.mPasswordTokenHandle,
11996                            userHandle);
11997                } finally {
11998                    mInjector.binderRestoreCallingIdentity(ident);
11999                }
12000            }
12001        }
12002        return false;
12003    }
12004
12005    @Override
12006    public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token,
12007            int flags) {
12008        Preconditions.checkNotNull(token);
12009        synchronized (this) {
12010            final int userHandle = mInjector.userHandleGetCallingUserId();
12011            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
12012
12013            DevicePolicyData policy = getUserData(userHandle);
12014            if (policy.mPasswordTokenHandle != 0) {
12015                final String password = passwordOrNull != null ? passwordOrNull : "";
12016                return resetPasswordInternal(password, policy.mPasswordTokenHandle, token,
12017                        flags, mInjector.binderGetCallingUid(), userHandle);
12018            } else {
12019                Slog.w(LOG_TAG, "No saved token handle");
12020            }
12021        }
12022        return false;
12023    }
12024
12025    @Override
12026    public boolean isCurrentInputMethodSetByOwner() {
12027        enforceProfileOwnerOrSystemUser();
12028        return getUserData(mInjector.userHandleGetCallingUserId()).mCurrentInputMethodSet;
12029    }
12030
12031    @Override
12032    public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) {
12033        final int userId = user.getIdentifier();
12034        enforceProfileOwnerOrFullCrossUsersPermission(userId);
12035        synchronized (this) {
12036            return new StringParceledListSlice(
12037                    new ArrayList<>(getUserData(userId).mOwnerInstalledCaCerts));
12038        }
12039    }
12040
12041    @Override
12042    public boolean clearApplicationUserData(ComponentName admin, String packageName,
12043            IPackageDataObserver callback) {
12044        Preconditions.checkNotNull(admin, "ComponentName is null");
12045        synchronized (this) {
12046            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
12047        }
12048        final int userId = UserHandle.getCallingUserId();
12049
12050        long ident = mInjector.binderClearCallingIdentity();
12051        try {
12052            return ActivityManager.getService().clearApplicationUserData(packageName, false,
12053                    callback, userId);
12054        } catch(RemoteException re) {
12055            // Same process, should not happen.
12056        } catch (SecurityException se) {
12057            // This can happen e.g. for device admin packages, do not throw out the exception,
12058            // because callers have no means to know beforehand for which packages this might
12059            // happen.
12060            Slog.w(LOG_TAG, "Not allowed to clear application user data for package " + packageName,
12061                    se);
12062        } finally {
12063            mInjector.binderRestoreCallingIdentity(ident);
12064        }
12065
12066        if (callback != null) {
12067            try {
12068                // If there was a throw above, we send back that removal failed
12069                callback.onRemoveCompleted(packageName, false);
12070            } catch (RemoteException re) {
12071                // Caller is no longer available, ignore
12072            }
12073        }
12074        return false;
12075    }
12076
12077    @Override
12078    public synchronized void setLogoutEnabled(ComponentName admin, boolean enabled) {
12079        if (!mHasFeature) {
12080            return;
12081        }
12082        Preconditions.checkNotNull(admin);
12083
12084        synchronized (this) {
12085            ActiveAdmin deviceOwner =
12086                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12087
12088            if (deviceOwner.isLogoutEnabled == enabled) {
12089                // already in the requested state
12090                return;
12091            }
12092            deviceOwner.isLogoutEnabled = enabled;
12093            saveSettingsLocked(mInjector.userHandleGetCallingUserId());
12094        }
12095    }
12096
12097    @Override
12098    public boolean isLogoutEnabled() {
12099        if (!mHasFeature) {
12100            return false;
12101        }
12102        synchronized (this) {
12103            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
12104            return (deviceOwner != null) && deviceOwner.isLogoutEnabled;
12105        }
12106    }
12107
12108    @Override
12109    public List<String> getDisallowedSystemApps(ComponentName admin, int userId,
12110            String provisioningAction) throws RemoteException {
12111        enforceCanManageProfileAndDeviceOwners();
12112        return new ArrayList<>(
12113                mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction));
12114    }
12115
12116    //TODO: Add callback information to the javadoc once it is completed.
12117    //TODO: Make transferOwnership atomic.
12118    @Override
12119    public void transferOwnership(ComponentName admin, ComponentName target, PersistableBundle bundle) {
12120        if (!mHasFeature) {
12121            return;
12122        }
12123
12124        Preconditions.checkNotNull(admin, "Admin cannot be null.");
12125        Preconditions.checkNotNull(target, "Target cannot be null.");
12126
12127        enforceProfileOrDeviceOwner(admin);
12128
12129        if (admin.equals(target)) {
12130            throw new IllegalArgumentException("Provided administrator and target are "
12131                    + "the same object.");
12132        }
12133
12134        if (admin.getPackageName().equals(target.getPackageName())) {
12135            throw new IllegalArgumentException("Provided administrator and target have "
12136                    + "the same package name.");
12137        }
12138
12139        final int callingUserId = mInjector.userHandleGetCallingUserId();
12140        final DevicePolicyData policy = getUserData(callingUserId);
12141        final DeviceAdminInfo incomingDeviceInfo = findAdmin(target, callingUserId,
12142                /* throwForMissingPermission= */ true);
12143        checkActiveAdminPrecondition(target, incomingDeviceInfo, policy);
12144        if (!incomingDeviceInfo.getActivityInfo().metaData
12145                .getBoolean(DeviceAdminReceiver.SUPPORT_TRANSFER_OWNERSHIP_META_DATA, false)) {
12146            throw new IllegalArgumentException("Provided target does not support "
12147                    + "ownership transfer.");
12148        }
12149
12150        final long id = mInjector.binderClearCallingIdentity();
12151        try {
12152            //STOPSHIP add support for COMP, edge cases when device is rebooted/work mode off
12153            synchronized (this) {
12154                if (isProfileOwner(admin, callingUserId)) {
12155                    transferProfileOwnerLocked(admin, target, callingUserId, bundle);
12156                } else if (isDeviceOwner(admin, callingUserId)) {
12157                    transferDeviceOwnerLocked(admin, target, callingUserId, bundle);
12158                }
12159            }
12160        } finally {
12161            mInjector.binderRestoreCallingIdentity(id);
12162        }
12163    }
12164
12165    /**
12166     * Transfers the profile owner for user with id profileOwnerUserId from admin to target.
12167     */
12168    private void transferProfileOwnerLocked(ComponentName admin, ComponentName target,
12169            int profileOwnerUserId, PersistableBundle bundle) {
12170        transferActiveAdminUncheckedLocked(target, admin, profileOwnerUserId);
12171        mOwners.transferProfileOwner(target, profileOwnerUserId);
12172        Slog.i(LOG_TAG, "Profile owner set: " + target + " on user " + profileOwnerUserId);
12173        mOwners.writeProfileOwner(profileOwnerUserId);
12174        mDeviceAdminServiceController.startServiceForOwner(
12175                target.getPackageName(), profileOwnerUserId, "transfer-profile-owner");
12176        sendProfileOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE,
12177                getTransferOwnerAdminExtras(bundle), profileOwnerUserId);
12178        sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
12179                profileOwnerUserId);
12180    }
12181
12182    /**
12183     * Transfers the device owner for user with id userId from admin to target.
12184     */
12185    private void transferDeviceOwnerLocked(ComponentName admin, ComponentName target, int userId,
12186            PersistableBundle bundle) {
12187        transferActiveAdminUncheckedLocked(target, admin, userId);
12188        mOwners.transferDeviceOwner(target);
12189        Slog.i(LOG_TAG, "Device owner set: " + target + " on user " + userId);
12190        mOwners.writeDeviceOwner();
12191        mDeviceAdminServiceController.startServiceForOwner(
12192                target.getPackageName(), userId, "transfer-device-owner");
12193        sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE,
12194                getTransferOwnerAdminExtras(bundle));
12195        sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId);
12196    }
12197
12198    private Bundle getTransferOwnerAdminExtras(PersistableBundle bundle) {
12199        Bundle extras = new Bundle();
12200        if (bundle != null) {
12201            extras.putParcelable(EXTRA_TRANSFER_OWNER_ADMIN_EXTRAS_BUNDLE, bundle);
12202        }
12203        return extras;
12204    }
12205
12206    @Override
12207    public void setStartUserSessionMessage(
12208            ComponentName admin, CharSequence startUserSessionMessage) {
12209        if (!mHasFeature) {
12210            return;
12211        }
12212        Preconditions.checkNotNull(admin);
12213
12214        final String startUserSessionMessageString =
12215                startUserSessionMessage != null ? startUserSessionMessage.toString() : null;
12216
12217        synchronized (this) {
12218            final ActiveAdmin deviceOwner =
12219                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12220
12221            if (TextUtils.equals(deviceOwner.startUserSessionMessage, startUserSessionMessage)) {
12222                return;
12223            }
12224            deviceOwner.startUserSessionMessage = startUserSessionMessageString;
12225            saveSettingsLocked(mInjector.userHandleGetCallingUserId());
12226        }
12227
12228        mInjector.getActivityManagerInternal()
12229                .setSwitchingFromSystemUserMessage(startUserSessionMessageString);
12230    }
12231
12232    @Override
12233    public void setEndUserSessionMessage(ComponentName admin, CharSequence endUserSessionMessage) {
12234        if (!mHasFeature) {
12235            return;
12236        }
12237        Preconditions.checkNotNull(admin);
12238
12239        final String endUserSessionMessageString =
12240                endUserSessionMessage != null ? endUserSessionMessage.toString() : null;
12241
12242        synchronized (this) {
12243            final ActiveAdmin deviceOwner =
12244                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12245
12246            if (TextUtils.equals(deviceOwner.endUserSessionMessage, endUserSessionMessage)) {
12247                return;
12248            }
12249            deviceOwner.endUserSessionMessage = endUserSessionMessageString;
12250            saveSettingsLocked(mInjector.userHandleGetCallingUserId());
12251        }
12252
12253        mInjector.getActivityManagerInternal()
12254                .setSwitchingToSystemUserMessage(endUserSessionMessageString);
12255    }
12256
12257    @Override
12258    public String getStartUserSessionMessage(ComponentName admin) {
12259        if (!mHasFeature) {
12260            return null;
12261        }
12262        Preconditions.checkNotNull(admin);
12263
12264        synchronized (this) {
12265            final ActiveAdmin deviceOwner =
12266                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12267            return deviceOwner.startUserSessionMessage;
12268        }
12269    }
12270
12271    @Override
12272    public String getEndUserSessionMessage(ComponentName admin) {
12273        if (!mHasFeature) {
12274            return null;
12275        }
12276        Preconditions.checkNotNull(admin);
12277
12278        synchronized (this) {
12279            final ActiveAdmin deviceOwner =
12280                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12281            return deviceOwner.endUserSessionMessage;
12282        }
12283    }
12284}
12285