DevicePolicyManagerService.java revision 792d58fbcef3da36dbde5fd8b0cf5a5b972bd12e 
1/*
2 * Copyright (C) 2010 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.devicepolicy;
18
19import static android.Manifest.permission.BIND_DEVICE_ADMIN;
20import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;
21import static android.app.ActivityManager.LOCK_TASK_MODE_NONE;
22import static android.app.ActivityManager.USER_OP_SUCCESS;
23import static android.app.admin.DeviceAdminReceiver.EXTRA_TRANSFER_OWNER_ADMIN_EXTRAS_BUNDLE;
24import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_USER;
25import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY;
26import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED;
27import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE;
28import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED;
29import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER;
30import static android.app.admin.DevicePolicyManager.CODE_HAS_PAIRED;
31import static android.app.admin.DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED;
32import static android.app.admin.DevicePolicyManager.CODE_NONSYSTEM_USER_EXISTS;
33import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER;
34import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT;
35import static android.app.admin.DevicePolicyManager.CODE_OK;
36import static android.app.admin.DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER;
37import static android.app.admin.DevicePolicyManager.CODE_SYSTEM_USER;
38import static android.app.admin.DevicePolicyManager.CODE_USER_HAS_PROFILE_OWNER;
39import static android.app.admin.DevicePolicyManager.CODE_USER_NOT_RUNNING;
40import static android.app.admin.DevicePolicyManager.CODE_USER_SETUP_COMPLETED;
41import static android.app.admin.DevicePolicyManager.DELEGATION_APP_RESTRICTIONS;
42import static android.app.admin.DevicePolicyManager.DELEGATION_BLOCK_UNINSTALL;
43import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL;
44import static android.app.admin.DevicePolicyManager.DELEGATION_ENABLE_SYSTEM_APP;
45import static android.app.admin.DevicePolicyManager.DELEGATION_INSTALL_EXISTING_PACKAGE;
46import static android.app.admin.DevicePolicyManager.DELEGATION_KEEP_UNINSTALLED_PACKAGES;
47import static android.app.admin.DevicePolicyManager.DELEGATION_PACKAGE_ACCESS;
48import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT;
49import static android.app.admin.DevicePolicyManager.ID_TYPE_BASE_INFO;
50import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI;
51import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID;
52import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL;
53import static android.app.admin.DevicePolicyManager.LEAVE_ALL_SYSTEM_APPS_ENABLED;
54import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
55import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
56import static android.app.admin.DevicePolicyManager.PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER;
57import static android.app.admin.DevicePolicyManager.WIPE_EUICC;
58import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE;
59import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA;
60import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES;
61import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB;
62import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;
63import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT;
64import static org.xmlpull.v1.XmlPullParser.END_TAG;
65import static org.xmlpull.v1.XmlPullParser.TEXT;
66
67import android.Manifest.permission;
68import android.accessibilityservice.AccessibilityServiceInfo;
69import android.accounts.Account;
70import android.accounts.AccountManager;
71import android.annotation.NonNull;
72import android.annotation.Nullable;
73import android.annotation.UserIdInt;
74import android.app.Activity;
75import android.app.ActivityManager;
76import android.app.ActivityManagerInternal;
77import android.app.ActivityThread;
78import android.app.AlarmManager;
79import android.app.AppGlobals;
80import android.app.IActivityManager;
81import android.app.IApplicationThread;
82import android.app.IServiceConnection;
83import android.app.Notification;
84import android.app.NotificationManager;
85import android.app.PendingIntent;
86import android.app.StatusBarManager;
87import android.app.admin.DeviceAdminInfo;
88import android.app.admin.DeviceAdminReceiver;
89import android.app.admin.DevicePolicyManager;
90import android.app.admin.DevicePolicyManagerInternal;
91import android.app.admin.NetworkEvent;
92import android.app.admin.PasswordMetrics;
93import android.app.admin.SecurityLog;
94import android.app.admin.SecurityLog.SecurityEvent;
95import android.app.admin.SystemUpdateInfo;
96import android.app.admin.SystemUpdatePolicy;
97import android.app.backup.IBackupManager;
98import android.app.trust.TrustManager;
99import android.app.usage.UsageStatsManagerInternal;
100import android.content.BroadcastReceiver;
101import android.content.ComponentName;
102import android.content.Context;
103import android.content.Intent;
104import android.content.IntentFilter;
105import android.content.pm.ActivityInfo;
106import android.content.pm.ApplicationInfo;
107import android.content.pm.IPackageDataObserver;
108import android.content.pm.IPackageManager;
109import android.content.pm.PackageInfo;
110import android.content.pm.PackageManager;
111import android.content.pm.PackageManagerInternal;
112import android.content.pm.PackageManager.NameNotFoundException;
113import android.content.pm.ParceledListSlice;
114import android.content.pm.PermissionInfo;
115import android.content.pm.ResolveInfo;
116import android.content.pm.ServiceInfo;
117import android.content.pm.StringParceledListSlice;
118import android.content.pm.UserInfo;
119import android.content.res.Resources;
120import android.database.ContentObserver;
121import android.graphics.Bitmap;
122import android.graphics.Color;
123import android.media.AudioManager;
124import android.media.IAudioService;
125import android.net.ConnectivityManager;
126import android.net.IIpConnectivityMetrics;
127import android.net.ProxyInfo;
128import android.net.Uri;
129import android.net.metrics.IpConnectivityLog;
130import android.net.wifi.WifiInfo;
131import android.net.wifi.WifiManager;
132import android.os.Binder;
133import android.os.Build;
134import android.os.Bundle;
135import android.os.Environment;
136import android.os.FileUtils;
137import android.os.Handler;
138import android.os.IBinder;
139import android.os.Looper;
140import android.os.ParcelFileDescriptor;
141import android.os.PersistableBundle;
142import android.os.PowerManager;
143import android.os.PowerManagerInternal;
144import android.os.Process;
145import android.os.RecoverySystem;
146import android.os.RemoteCallback;
147import android.os.RemoteException;
148import android.os.ServiceManager;
149import android.os.SystemClock;
150import android.os.SystemProperties;
151import android.os.UserHandle;
152import android.os.UserManager;
153import android.os.UserManagerInternal;
154import android.os.UserManagerInternal.UserRestrictionsListener;
155import android.os.storage.StorageManager;
156import android.provider.ContactsContract.QuickContact;
157import android.provider.ContactsInternal;
158import android.provider.Settings;
159import android.provider.Settings.Global;
160import android.security.IKeyChainAliasCallback;
161import android.security.IKeyChainService;
162import android.security.KeyChain;
163import android.security.KeyChain.KeyChainConnection;
164import android.security.keymaster.KeymasterCertificateChain;
165import android.security.keystore.KeyGenParameterSpec;
166import android.security.keystore.ParcelableKeyGenParameterSpec;
167import android.security.KeyStore;
168import android.security.keystore.AttestationUtils;
169import android.service.persistentdata.PersistentDataBlockManager;
170import android.telephony.TelephonyManager;
171import android.text.TextUtils;
172import android.util.ArrayMap;
173import android.util.ArraySet;
174import android.util.Log;
175import android.util.Pair;
176import android.util.Slog;
177import android.util.SparseArray;
178import android.util.Xml;
179import android.view.IWindowManager;
180import android.view.accessibility.AccessibilityManager;
181import android.view.accessibility.IAccessibilityManager;
182import android.view.inputmethod.InputMethodInfo;
183import android.view.inputmethod.InputMethodManager;
184
185import com.android.internal.R;
186import com.android.internal.annotations.GuardedBy;
187import com.android.internal.annotations.VisibleForTesting;
188import com.android.internal.logging.MetricsLogger;
189import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;
190import com.android.internal.notification.SystemNotificationChannels;
191import com.android.internal.os.BackgroundThread;
192import com.android.internal.statusbar.IStatusBarService;
193import com.android.internal.util.DumpUtils;
194import com.android.internal.util.FastXmlSerializer;
195import com.android.internal.util.FunctionalUtils.ThrowingRunnable;
196import com.android.internal.util.JournaledFile;
197import com.android.internal.util.Preconditions;
198import com.android.internal.util.XmlUtils;
199import com.android.internal.widget.LockPatternUtils;
200import com.android.server.LocalServices;
201import com.android.server.SystemService;
202import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo;
203import com.android.server.pm.UserRestrictionsUtils;
204
205import com.google.android.collect.Sets;
206
207import org.xmlpull.v1.XmlPullParser;
208import org.xmlpull.v1.XmlPullParserException;
209import org.xmlpull.v1.XmlSerializer;
210
211import java.io.File;
212import java.io.FileDescriptor;
213import java.io.FileInputStream;
214import java.io.FileNotFoundException;
215import java.io.FileOutputStream;
216import java.io.IOException;
217import java.io.PrintWriter;
218import java.lang.IllegalStateException;
219import java.lang.reflect.Constructor;
220import java.nio.charset.StandardCharsets;
221import java.text.DateFormat;
222import java.util.ArrayList;
223import java.util.Arrays;
224import java.util.Collection;
225import java.util.Collections;
226import java.util.Date;
227import java.util.HashMap;
228import java.util.List;
229import java.util.Map.Entry;
230import java.util.Map;
231import java.util.Objects;
232import java.util.Set;
233import java.util.concurrent.TimeUnit;
234import java.util.concurrent.atomic.AtomicBoolean;
235import java.util.function.Function;
236
237/**
238 * Implementation of the device policy APIs.
239 */
240public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
241
242    protected static final String LOG_TAG = "DevicePolicyManager";
243
244    private static final boolean VERBOSE_LOG = false; // DO NOT SUBMIT WITH TRUE
245
246    private static final String DEVICE_POLICIES_XML = "device_policies.xml";
247
248    private static final String TAG_ACCEPTED_CA_CERTIFICATES = "accepted-ca-certificate";
249
250    private static final String TAG_LOCK_TASK_COMPONENTS = "lock-task-component";
251
252    private static final String TAG_LOCK_TASK_FEATURES = "lock-task-features";
253
254    private static final String TAG_STATUS_BAR = "statusbar";
255
256    private static final String ATTR_DISABLED = "disabled";
257
258    private static final String ATTR_NAME = "name";
259
260    private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML =
261            "do-not-ask-credentials-on-boot";
262
263    private static final String TAG_AFFILIATION_ID = "affiliation-id";
264
265    private static final String TAG_LAST_SECURITY_LOG_RETRIEVAL = "last-security-log-retrieval";
266
267    private static final String TAG_LAST_BUG_REPORT_REQUEST = "last-bug-report-request";
268
269    private static final String TAG_LAST_NETWORK_LOG_RETRIEVAL = "last-network-log-retrieval";
270
271    private static final String TAG_ADMIN_BROADCAST_PENDING = "admin-broadcast-pending";
272
273    private static final String TAG_CURRENT_INPUT_METHOD_SET = "current-ime-set";
274
275    private static final String TAG_OWNER_INSTALLED_CA_CERT = "owner-installed-ca-cert";
276
277    private static final String ATTR_ID = "id";
278
279    private static final String ATTR_VALUE = "value";
280
281    private static final String ATTR_ALIAS = "alias";
282
283    private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle";
284
285    private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token";
286
287    private static final String TAG_PASSWORD_VALIDITY = "password-validity";
288
289    private static final String TAG_PRINTING_ENABLED = "printing-enabled";
290
291    private static final int REQUEST_EXPIRE_PASSWORD = 5571;
292
293    private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1);
294
295    private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms
296
297    private static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION
298            = "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION";
299
300    private static final String ATTR_PERMISSION_PROVIDER = "permission-provider";
301    private static final String ATTR_SETUP_COMPLETE = "setup-complete";
302    private static final String ATTR_PROVISIONING_STATE = "provisioning-state";
303    private static final String ATTR_PERMISSION_POLICY = "permission-policy";
304    private static final String ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED =
305            "device-provisioning-config-applied";
306    private static final String ATTR_DEVICE_PAIRED = "device-paired";
307    private static final String ATTR_DELEGATED_CERT_INSTALLER = "delegated-cert-installer";
308    private static final String ATTR_APPLICATION_RESTRICTIONS_MANAGER
309            = "application-restrictions-manager";
310
311    private static final String MANAGED_PROVISIONING_PKG = "com.android.managedprovisioning";
312
313    // Comprehensive list of delegations.
314    private static final String DELEGATIONS[] = {
315        DELEGATION_CERT_INSTALL,
316        DELEGATION_APP_RESTRICTIONS,
317        DELEGATION_BLOCK_UNINSTALL,
318        DELEGATION_ENABLE_SYSTEM_APP,
319        DELEGATION_KEEP_UNINSTALLED_PACKAGES,
320        DELEGATION_PACKAGE_ACCESS,
321        DELEGATION_PERMISSION_GRANT,
322        DELEGATION_INSTALL_EXISTING_PACKAGE,
323        DELEGATION_KEEP_UNINSTALLED_PACKAGES
324    };
325
326    /**
327     *  System property whose value is either "true" or "false", indicating whether
328     *  device owner is present.
329     */
330    private static final String PROPERTY_DEVICE_OWNER_PRESENT = "ro.device_owner";
331
332    private static final int STATUS_BAR_DISABLE_MASK =
333            StatusBarManager.DISABLE_EXPAND |
334            StatusBarManager.DISABLE_NOTIFICATION_ICONS |
335            StatusBarManager.DISABLE_NOTIFICATION_ALERTS |
336            StatusBarManager.DISABLE_SEARCH;
337
338    private static final int STATUS_BAR_DISABLE2_MASK =
339            StatusBarManager.DISABLE2_QUICK_SETTINGS;
340
341    private static final Set<String> SECURE_SETTINGS_WHITELIST;
342    private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST;
343    private static final Set<String> GLOBAL_SETTINGS_WHITELIST;
344    private static final Set<String> GLOBAL_SETTINGS_DEPRECATED;
345    private static final Set<String> SYSTEM_SETTINGS_WHITELIST;
346    static {
347        SECURE_SETTINGS_WHITELIST = new ArraySet<>();
348        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD);
349        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS);
350        SECURE_SETTINGS_WHITELIST.add(Settings.Secure.INSTALL_NON_MARKET_APPS);
351
352        SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new ArraySet<>();
353        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST);
354        SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE);
355
356        GLOBAL_SETTINGS_WHITELIST = new ArraySet<>();
357        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED);
358        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME);
359        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE);
360        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING);
361        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED);
362        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY);
363        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.STAY_ON_WHILE_PLUGGED_IN);
364        GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN);
365
366        GLOBAL_SETTINGS_DEPRECATED = new ArraySet<>();
367        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.BLUETOOTH_ON);
368        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED);
369        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.MODE_RINGER);
370        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.NETWORK_PREFERENCE);
371        GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.WIFI_ON);
372
373        SYSTEM_SETTINGS_WHITELIST = new ArraySet<>();
374        SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS);
375        SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS_MODE);
376        SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_OFF_TIMEOUT);
377    }
378
379    /**
380     * Keyguard features that when set on a profile affect the profile content or challenge only.
381     * These cannot be set on the managed profile's parent DPM instance
382     */
383    private static final int PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY =
384            DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS;
385
386    /** Keyguard features that are allowed to be set on a managed profile */
387    private static final int PROFILE_KEYGUARD_FEATURES =
388            PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER | PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY;
389
390    private static final int DEVICE_ADMIN_DEACTIVATE_TIMEOUT = 10000;
391
392    /**
393     * Minimum timeout in milliseconds after which unlocking with weak auth times out,
394     * i.e. the user has to use a strong authentication method like password, PIN or pattern.
395     */
396    private static final long MINIMUM_STRONG_AUTH_TIMEOUT_MS = TimeUnit.HOURS.toMillis(1);
397
398    /**
399     * Strings logged with {@link
400     * com.android.internal.logging.nano.MetricsProto.MetricsEvent#PROVISIONING_ENTRY_POINT_ADB}.
401     */
402    private static final String LOG_TAG_PROFILE_OWNER = "profile-owner";
403    private static final String LOG_TAG_DEVICE_OWNER = "device-owner";
404
405    final Context mContext;
406    final Injector mInjector;
407    final IPackageManager mIPackageManager;
408    final UserManager mUserManager;
409    final UserManagerInternal mUserManagerInternal;
410    final UsageStatsManagerInternal mUsageStatsManagerInternal;
411    final TelephonyManager mTelephonyManager;
412    private final LockPatternUtils mLockPatternUtils;
413    private final DevicePolicyConstants mConstants;
414    private final DeviceAdminServiceController mDeviceAdminServiceController;
415    private final OverlayPackagesProvider mOverlayPackagesProvider;
416
417    /**
418     * Contains (package-user) pairs to remove. An entry (p, u) implies that removal of package p
419     * is requested for user u.
420     */
421    private final Set<Pair<String, Integer>> mPackagesToRemove =
422            new ArraySet<Pair<String, Integer>>();
423
424    final LocalService mLocalService;
425
426    // Stores and loads state on device and profile owners.
427    @VisibleForTesting
428    final Owners mOwners;
429
430    private final Binder mToken = new Binder();
431
432    /**
433     * Whether or not device admin feature is supported. If it isn't return defaults for all
434     * public methods.
435     */
436    boolean mHasFeature;
437
438    /**
439     * Whether or not this device is a watch.
440     */
441    boolean mIsWatch;
442
443    private final CertificateMonitor mCertificateMonitor;
444    private final SecurityLogMonitor mSecurityLogMonitor;
445    private NetworkLogger mNetworkLogger;
446
447    private final AtomicBoolean mRemoteBugreportServiceIsActive = new AtomicBoolean();
448    private final AtomicBoolean mRemoteBugreportSharingAccepted = new AtomicBoolean();
449
450    private SetupContentObserver mSetupContentObserver;
451
452    private final Runnable mRemoteBugreportTimeoutRunnable = new Runnable() {
453        @Override
454        public void run() {
455            if(mRemoteBugreportServiceIsActive.get()) {
456                onBugreportFailed();
457            }
458        }
459    };
460
461    /** Listens only if mHasFeature == true. */
462    private final BroadcastReceiver mRemoteBugreportFinishedReceiver = new BroadcastReceiver() {
463
464        @Override
465        public void onReceive(Context context, Intent intent) {
466            if (DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH.equals(intent.getAction())
467                    && mRemoteBugreportServiceIsActive.get()) {
468                onBugreportFinished(intent);
469            }
470        }
471    };
472
473    /** Listens only if mHasFeature == true. */
474    private final BroadcastReceiver mRemoteBugreportConsentReceiver = new BroadcastReceiver() {
475
476        @Override
477        public void onReceive(Context context, Intent intent) {
478            String action = intent.getAction();
479            mInjector.getNotificationManager().cancel(LOG_TAG,
480                    RemoteBugreportUtils.NOTIFICATION_ID);
481            if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED.equals(action)) {
482                onBugreportSharingAccepted();
483            } else if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) {
484                onBugreportSharingDeclined();
485            }
486            mContext.unregisterReceiver(mRemoteBugreportConsentReceiver);
487        }
488    };
489
490    public static final class Lifecycle extends SystemService {
491        private BaseIDevicePolicyManager mService;
492
493        public Lifecycle(Context context) {
494            super(context);
495            String dpmsClassName = context.getResources()
496                    .getString(R.string.config_deviceSpecificDevicePolicyManagerService);
497            if (TextUtils.isEmpty(dpmsClassName)) {
498                dpmsClassName = DevicePolicyManagerService.class.getName();
499            }
500            try {
501                Class serviceClass = Class.forName(dpmsClassName);
502                Constructor constructor = serviceClass.getConstructor(Context.class);
503                mService = (BaseIDevicePolicyManager) constructor.newInstance(context);
504            } catch (Exception e) {
505                throw new IllegalStateException(
506                    "Failed to instantiate DevicePolicyManagerService with class name: "
507                    + dpmsClassName, e);
508            }
509        }
510
511        @Override
512        public void onStart() {
513            publishBinderService(Context.DEVICE_POLICY_SERVICE, mService);
514            mService.handleStart();
515        }
516
517        @Override
518        public void onBootPhase(int phase) {
519            mService.systemReady(phase);
520        }
521
522        @Override
523        public void onStartUser(int userHandle) {
524            mService.handleStartUser(userHandle);
525        }
526
527        @Override
528        public void onUnlockUser(int userHandle) {
529            mService.handleUnlockUser(userHandle);
530        }
531
532        @Override
533        public void onStopUser(int userHandle) {
534            mService.handleStopUser(userHandle);
535        }
536    }
537
538    public static class DevicePolicyData {
539        @NonNull PasswordMetrics mActivePasswordMetrics = new PasswordMetrics();
540        int mFailedPasswordAttempts = 0;
541        boolean mPasswordStateHasBeenSetSinceBoot = false;
542        boolean mPasswordValidAtLastCheckpoint = false;
543
544        int mUserHandle;
545        int mPasswordOwner = -1;
546        long mLastMaximumTimeToLock = -1;
547        boolean mUserSetupComplete = false;
548        boolean mPaired = false;
549        int mUserProvisioningState;
550        int mPermissionPolicy;
551
552        boolean mDeviceProvisioningConfigApplied = false;
553
554        final ArrayMap<ComponentName, ActiveAdmin> mAdminMap = new ArrayMap<>();
555        final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>();
556        final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>();
557
558        // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead.
559        final ArraySet<String> mAcceptedCaCertificates = new ArraySet<>();
560
561        // This is the list of component allowed to start lock task mode.
562        List<String> mLockTaskPackages = new ArrayList<>();
563
564        // Bitfield of feature flags to be enabled during LockTask mode.
565        int mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE;
566
567        boolean mStatusBarDisabled = false;
568
569        ComponentName mRestrictionsProvider;
570
571        // Map of delegate package to delegation scopes
572        final ArrayMap<String, List<String>> mDelegationMap = new ArrayMap<>();
573
574        boolean doNotAskCredentialsOnBoot = false;
575
576        Set<String> mAffiliationIds = new ArraySet<>();
577
578        long mLastSecurityLogRetrievalTime = -1;
579
580        long mLastBugReportRequestTime = -1;
581
582        long mLastNetworkLogsRetrievalTime = -1;
583
584        boolean mCurrentInputMethodSet = false;
585
586        // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead.
587        Set<String> mOwnerInstalledCaCerts = new ArraySet<>();
588
589        // Used for initialization of users created by createAndManageUser.
590        boolean mAdminBroadcastPending = false;
591        PersistableBundle mInitBundle = null;
592
593        long mPasswordTokenHandle = 0;
594
595        boolean mPrintingEnabled = true;
596
597        public DevicePolicyData(int userHandle) {
598            mUserHandle = userHandle;
599        }
600    }
601
602    final SparseArray<DevicePolicyData> mUserData = new SparseArray<>();
603
604    final Handler mHandler;
605    final Handler mBackgroundHandler;
606
607    /** Listens only if mHasFeature == true. */
608    final BroadcastReceiver mReceiver = new BroadcastReceiver() {
609        @Override
610        public void onReceive(Context context, Intent intent) {
611            final String action = intent.getAction();
612            final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE,
613                    getSendingUserId());
614
615            /*
616             * Network logging would ideally be started in setDeviceOwnerSystemPropertyLocked(),
617             * however it's too early in the boot process to register with IIpConnectivityMetrics
618             * to listen for events.
619             */
620            if (Intent.ACTION_USER_STARTED.equals(action)
621                    && userHandle == mOwners.getDeviceOwnerUserId()) {
622                synchronized (DevicePolicyManagerService.this) {
623                    if (isNetworkLoggingEnabledInternalLocked()) {
624                        setNetworkLoggingActiveInternal(true);
625                    }
626                }
627            }
628            if (Intent.ACTION_BOOT_COMPLETED.equals(action)
629                    && userHandle == mOwners.getDeviceOwnerUserId()
630                    && getDeviceOwnerRemoteBugreportUri() != null) {
631                IntentFilter filterConsent = new IntentFilter();
632                filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED);
633                filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED);
634                mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent);
635                mInjector.getNotificationManager().notifyAsUser(LOG_TAG,
636                        RemoteBugreportUtils.NOTIFICATION_ID,
637                        RemoteBugreportUtils.buildNotification(mContext,
638                                DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED),
639                                UserHandle.ALL);
640            }
641            if (Intent.ACTION_BOOT_COMPLETED.equals(action)
642                    || ACTION_EXPIRED_PASSWORD_NOTIFICATION.equals(action)) {
643                if (VERBOSE_LOG) {
644                    Slog.v(LOG_TAG, "Sending password expiration notifications for action "
645                            + action + " for user " + userHandle);
646                }
647                mHandler.post(new Runnable() {
648                    @Override
649                    public void run() {
650                        handlePasswordExpirationNotification(userHandle);
651                    }
652                });
653            }
654
655            if (Intent.ACTION_USER_ADDED.equals(action)) {
656                sendUserAddedOrRemovedCommand(DeviceAdminReceiver.ACTION_USER_ADDED, userHandle);
657                synchronized (DevicePolicyManagerService.this) {
658                    // It might take a while for the user to become affiliated. Make security
659                    // and network logging unavailable in the meantime.
660                    maybePauseDeviceWideLoggingLocked();
661                }
662            } else if (Intent.ACTION_USER_REMOVED.equals(action)) {
663                sendUserAddedOrRemovedCommand(DeviceAdminReceiver.ACTION_USER_REMOVED, userHandle);
664                synchronized (DevicePolicyManagerService.this) {
665                    // Check whether the user is affiliated, *before* removing its data.
666                    boolean isRemovedUserAffiliated = isUserAffiliatedWithDeviceLocked(userHandle);
667                    removeUserData(userHandle);
668                    if (!isRemovedUserAffiliated) {
669                        // We discard the logs when unaffiliated users are deleted (so that the
670                        // device owner cannot retrieve data about that user after it's gone).
671                        discardDeviceWideLogsLocked();
672                        // Resume logging if all remaining users are affiliated.
673                        maybeResumeDeviceWideLoggingLocked();
674                    }
675                }
676            } else if (Intent.ACTION_USER_STARTED.equals(action)) {
677                synchronized (DevicePolicyManagerService.this) {
678                    maybeSendAdminEnabledBroadcastLocked(userHandle);
679                    // Reset the policy data
680                    mUserData.remove(userHandle);
681                }
682                handlePackagesChanged(null /* check all admins */, userHandle);
683            } else if (Intent.ACTION_USER_UNLOCKED.equals(action)) {
684                synchronized (DevicePolicyManagerService.this) {
685                    maybeSendAdminEnabledBroadcastLocked(userHandle);
686                }
687            } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) {
688                handlePackagesChanged(null /* check all admins */, userHandle);
689            } else if (Intent.ACTION_PACKAGE_CHANGED.equals(action)
690                    || (Intent.ACTION_PACKAGE_ADDED.equals(action)
691                            && intent.getBooleanExtra(Intent.EXTRA_REPLACING, false))) {
692                handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle);
693            } else if (Intent.ACTION_PACKAGE_REMOVED.equals(action)
694                    && !intent.getBooleanExtra(Intent.EXTRA_REPLACING, false)) {
695                handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle);
696            } else if (Intent.ACTION_MANAGED_PROFILE_ADDED.equals(action)) {
697                clearWipeProfileNotification();
698            }
699        }
700
701        private void sendUserAddedOrRemovedCommand(String action, int userHandle) {
702            synchronized (DevicePolicyManagerService.this) {
703                ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
704                if (deviceOwner != null) {
705                    Bundle extras = new Bundle();
706                    extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle));
707                    sendAdminCommandLocked(deviceOwner, action, extras, null);
708                }
709            }
710        }
711    };
712
713    protected static class RestrictionsListener implements UserRestrictionsListener {
714        private Context mContext;
715
716        public RestrictionsListener(Context context) {
717            mContext = context;
718        }
719
720        public void onUserRestrictionsChanged(int userId, Bundle newRestrictions,
721                Bundle prevRestrictions) {
722            final boolean newlyDisallowed =
723                    newRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE);
724            final boolean previouslyDisallowed =
725                    prevRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE);
726            final boolean restrictionChanged = (newlyDisallowed != previouslyDisallowed);
727
728            if (restrictionChanged) {
729                // Notify ManagedProvisioning to update the built-in cross profile intent filters.
730                Intent intent = new Intent(
731                        DevicePolicyManager.ACTION_DATA_SHARING_RESTRICTION_CHANGED);
732                intent.setPackage(MANAGED_PROVISIONING_PKG);
733                intent.putExtra(Intent.EXTRA_USER_ID, userId);
734                intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
735                mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM);
736            }
737        }
738    }
739
740    static class ActiveAdmin {
741        private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features";
742        private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin";
743        private static final String TAG_DISABLE_CAMERA = "disable-camera";
744        private static final String TAG_DISABLE_CALLER_ID = "disable-caller-id";
745        private static final String TAG_DISABLE_CONTACTS_SEARCH = "disable-contacts-search";
746        private static final String TAG_DISABLE_BLUETOOTH_CONTACT_SHARING
747                = "disable-bt-contacts-sharing";
748        private static final String TAG_DISABLE_SCREEN_CAPTURE = "disable-screen-capture";
749        private static final String TAG_DISABLE_ACCOUNT_MANAGEMENT = "disable-account-management";
750        private static final String TAG_REQUIRE_AUTO_TIME = "require_auto_time";
751        private static final String TAG_FORCE_EPHEMERAL_USERS = "force_ephemeral_users";
752        private static final String TAG_IS_NETWORK_LOGGING_ENABLED = "is_network_logging_enabled";
753        private static final String TAG_ACCOUNT_TYPE = "account-type";
754        private static final String TAG_PERMITTED_ACCESSIBILITY_SERVICES
755                = "permitted-accessiblity-services";
756        private static final String TAG_ENCRYPTION_REQUESTED = "encryption-requested";
757        private static final String TAG_MANAGE_TRUST_AGENT_FEATURES = "manage-trust-agent-features";
758        private static final String TAG_TRUST_AGENT_COMPONENT_OPTIONS = "trust-agent-component-options";
759        private static final String TAG_TRUST_AGENT_COMPONENT = "component";
760        private static final String TAG_PASSWORD_EXPIRATION_DATE = "password-expiration-date";
761        private static final String TAG_PASSWORD_EXPIRATION_TIMEOUT = "password-expiration-timeout";
762        private static final String TAG_GLOBAL_PROXY_EXCLUSION_LIST = "global-proxy-exclusion-list";
763        private static final String TAG_GLOBAL_PROXY_SPEC = "global-proxy-spec";
764        private static final String TAG_SPECIFIES_GLOBAL_PROXY = "specifies-global-proxy";
765        private static final String TAG_PERMITTED_IMES = "permitted-imes";
766        private static final String TAG_PERMITTED_NOTIFICATION_LISTENERS =
767                "permitted-notification-listeners";
768        private static final String TAG_MAX_FAILED_PASSWORD_WIPE = "max-failed-password-wipe";
769        private static final String TAG_MAX_TIME_TO_UNLOCK = "max-time-to-unlock";
770        private static final String TAG_STRONG_AUTH_UNLOCK_TIMEOUT = "strong-auth-unlock-timeout";
771        private static final String TAG_MIN_PASSWORD_NONLETTER = "min-password-nonletter";
772        private static final String TAG_MIN_PASSWORD_SYMBOLS = "min-password-symbols";
773        private static final String TAG_MIN_PASSWORD_NUMERIC = "min-password-numeric";
774        private static final String TAG_MIN_PASSWORD_LETTERS = "min-password-letters";
775        private static final String TAG_MIN_PASSWORD_LOWERCASE = "min-password-lowercase";
776        private static final String TAG_MIN_PASSWORD_UPPERCASE = "min-password-uppercase";
777        private static final String TAG_PASSWORD_HISTORY_LENGTH = "password-history-length";
778        private static final String TAG_MIN_PASSWORD_LENGTH = "min-password-length";
779        private static final String ATTR_VALUE = "value";
780        private static final String TAG_PASSWORD_BLACKLIST = "password-blacklist";
781        private static final String TAG_PASSWORD_QUALITY = "password-quality";
782        private static final String TAG_POLICIES = "policies";
783        private static final String TAG_CROSS_PROFILE_WIDGET_PROVIDERS =
784                "cross-profile-widget-providers";
785        private static final String TAG_PROVIDER = "provider";
786        private static final String TAG_PACKAGE_LIST_ITEM  = "item";
787        private static final String TAG_KEEP_UNINSTALLED_PACKAGES  = "keep-uninstalled-packages";
788        private static final String TAG_USER_RESTRICTIONS = "user-restrictions";
789        private static final String TAG_DEFAULT_ENABLED_USER_RESTRICTIONS =
790                "default-enabled-user-restrictions";
791        private static final String TAG_RESTRICTION = "restriction";
792        private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message";
793        private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message";
794        private static final String TAG_PARENT_ADMIN = "parent-admin";
795        private static final String TAG_ORGANIZATION_COLOR = "organization-color";
796        private static final String TAG_ORGANIZATION_NAME = "organization-name";
797        private static final String ATTR_LAST_NETWORK_LOGGING_NOTIFICATION = "last-notification";
798        private static final String ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS = "num-notifications";
799        private static final String TAG_IS_LOGOUT_ENABLED = "is_logout_enabled";
800        private static final String TAG_MANDATORY_BACKUP_TRANSPORT = "mandatory_backup_transport";
801        private static final String TAG_START_USER_SESSION_MESSAGE = "start_user_session_message";
802        private static final String TAG_END_USER_SESSION_MESSAGE = "end_user_session_message";
803
804        DeviceAdminInfo info;
805
806
807        static final int DEF_PASSWORD_HISTORY_LENGTH = 0;
808        int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH;
809
810        static final int DEF_MINIMUM_PASSWORD_LENGTH = 0;
811        static final int DEF_MINIMUM_PASSWORD_LETTERS = 1;
812        static final int DEF_MINIMUM_PASSWORD_UPPER_CASE = 0;
813        static final int DEF_MINIMUM_PASSWORD_LOWER_CASE = 0;
814        static final int DEF_MINIMUM_PASSWORD_NUMERIC = 1;
815        static final int DEF_MINIMUM_PASSWORD_SYMBOLS = 1;
816        static final int DEF_MINIMUM_PASSWORD_NON_LETTER = 0;
817        @NonNull
818        PasswordMetrics minimumPasswordMetrics = new PasswordMetrics(
819                PASSWORD_QUALITY_UNSPECIFIED, DEF_MINIMUM_PASSWORD_LENGTH,
820                DEF_MINIMUM_PASSWORD_LETTERS, DEF_MINIMUM_PASSWORD_UPPER_CASE,
821                DEF_MINIMUM_PASSWORD_LOWER_CASE, DEF_MINIMUM_PASSWORD_NUMERIC,
822                DEF_MINIMUM_PASSWORD_SYMBOLS, DEF_MINIMUM_PASSWORD_NON_LETTER);
823
824        static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0;
825        long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK;
826
827        long strongAuthUnlockTimeout = 0; // admin doesn't participate by default
828
829        static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0;
830        int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE;
831
832        static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0;
833        long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT;
834
835        static final long DEF_PASSWORD_EXPIRATION_DATE = 0;
836        long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE;
837
838        static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none
839
840        int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED;
841
842        boolean encryptionRequested = false;
843        boolean testOnlyAdmin = false;
844        boolean disableCamera = false;
845        boolean disableCallerId = false;
846        boolean disableContactsSearch = false;
847        boolean disableBluetoothContactSharing = true;
848        boolean disableScreenCapture = false; // Can only be set by a device/profile owner.
849        boolean requireAutoTime = false; // Can only be set by a device owner.
850        boolean forceEphemeralUsers = false; // Can only be set by a device owner.
851        boolean isNetworkLoggingEnabled = false; // Can only be set by a device owner.
852        boolean isLogoutEnabled = false; // Can only be set by a device owner.
853
854        // one notification after enabling + one more after reboots
855        static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2;
856        int numNetworkLoggingNotifications = 0;
857        long lastNetworkLoggingNotificationTimeMs = 0; // Time in milliseconds since epoch
858
859        ActiveAdmin parentAdmin;
860        final boolean isParent;
861
862        static class TrustAgentInfo {
863            public PersistableBundle options;
864            TrustAgentInfo(PersistableBundle bundle) {
865                options = bundle;
866            }
867        }
868
869        final Set<String> accountTypesWithManagementDisabled = new ArraySet<>();
870
871        // The list of permitted accessibility services package namesas set by a profile
872        // or device owner. Null means all accessibility services are allowed, empty means
873        // none except system services are allowed.
874        List<String> permittedAccessiblityServices;
875
876        // The list of permitted input methods package names as set by a profile or device owner.
877        // Null means all input methods are allowed, empty means none except system imes are
878        // allowed.
879        List<String> permittedInputMethods;
880
881        // The list of packages allowed to use a NotificationListenerService to receive events for
882        // notifications from this user. Null means that all packages are allowed. Empty list means
883        // that only packages from the system are allowed.
884        List<String> permittedNotificationListeners;
885
886        // List of package names to keep cached.
887        List<String> keepUninstalledPackages;
888
889        // TODO: review implementation decisions with frameworks team
890        boolean specifiesGlobalProxy = false;
891        String globalProxySpec = null;
892        String globalProxyExclusionList = null;
893
894        ArrayMap<String, TrustAgentInfo> trustAgentInfos = new ArrayMap<>();
895
896        List<String> crossProfileWidgetProviders;
897
898        Bundle userRestrictions;
899
900        // User restrictions that have already been enabled by default for this admin (either when
901        // setting the device or profile owner, or during a system update if one of those "enabled
902        // by default" restrictions is newly added).
903        final Set<String> defaultEnabledRestrictionsAlreadySet = new ArraySet<>();
904
905        // Support text provided by the admin to display to the user.
906        CharSequence shortSupportMessage = null;
907        CharSequence longSupportMessage = null;
908
909        // Background color of confirm credentials screen. Default: teal.
910        static final int DEF_ORGANIZATION_COLOR = Color.parseColor("#00796B");
911        int organizationColor = DEF_ORGANIZATION_COLOR;
912
913        // Default title of confirm credentials screen
914        String organizationName = null;
915
916        // The blacklist data is stored in a file whose name is stored in the XML
917        String passwordBlacklistFile = null;
918
919        // The component name of the backup transport which has to be used if backups are mandatory
920        // or null if backups are not mandatory.
921        ComponentName mandatoryBackupTransport = null;
922
923        // Message for user switcher
924        String startUserSessionMessage = null;
925        String endUserSessionMessage = null;
926
927        ActiveAdmin(DeviceAdminInfo _info, boolean parent) {
928            info = _info;
929            isParent = parent;
930        }
931
932        ActiveAdmin getParentActiveAdmin() {
933            Preconditions.checkState(!isParent);
934
935            if (parentAdmin == null) {
936                parentAdmin = new ActiveAdmin(info, /* parent */ true);
937            }
938            return parentAdmin;
939        }
940
941        boolean hasParentActiveAdmin() {
942            return parentAdmin != null;
943        }
944
945        int getUid() { return info.getActivityInfo().applicationInfo.uid; }
946
947        public UserHandle getUserHandle() {
948            return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid));
949        }
950
951        void writeToXml(XmlSerializer out)
952                throws IllegalArgumentException, IllegalStateException, IOException {
953            out.startTag(null, TAG_POLICIES);
954            info.writePoliciesToXml(out);
955            out.endTag(null, TAG_POLICIES);
956            if (minimumPasswordMetrics.quality != PASSWORD_QUALITY_UNSPECIFIED) {
957                out.startTag(null, TAG_PASSWORD_QUALITY);
958                out.attribute(null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.quality));
959                out.endTag(null, TAG_PASSWORD_QUALITY);
960                if (minimumPasswordMetrics.length != DEF_MINIMUM_PASSWORD_LENGTH) {
961                    out.startTag(null, TAG_MIN_PASSWORD_LENGTH);
962                    out.attribute(
963                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.length));
964                    out.endTag(null, TAG_MIN_PASSWORD_LENGTH);
965                }
966                if(passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) {
967                    out.startTag(null, TAG_PASSWORD_HISTORY_LENGTH);
968                    out.attribute(null, ATTR_VALUE, Integer.toString(passwordHistoryLength));
969                    out.endTag(null, TAG_PASSWORD_HISTORY_LENGTH);
970                }
971                if (minimumPasswordMetrics.upperCase != DEF_MINIMUM_PASSWORD_UPPER_CASE) {
972                    out.startTag(null, TAG_MIN_PASSWORD_UPPERCASE);
973                    out.attribute(
974                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.upperCase));
975                    out.endTag(null, TAG_MIN_PASSWORD_UPPERCASE);
976                }
977                if (minimumPasswordMetrics.lowerCase != DEF_MINIMUM_PASSWORD_LOWER_CASE) {
978                    out.startTag(null, TAG_MIN_PASSWORD_LOWERCASE);
979                    out.attribute(
980                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.lowerCase));
981                    out.endTag(null, TAG_MIN_PASSWORD_LOWERCASE);
982                }
983                if (minimumPasswordMetrics.letters != DEF_MINIMUM_PASSWORD_LETTERS) {
984                    out.startTag(null, TAG_MIN_PASSWORD_LETTERS);
985                    out.attribute(
986                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.letters));
987                    out.endTag(null, TAG_MIN_PASSWORD_LETTERS);
988                }
989                if (minimumPasswordMetrics.numeric != DEF_MINIMUM_PASSWORD_NUMERIC) {
990                    out.startTag(null, TAG_MIN_PASSWORD_NUMERIC);
991                    out.attribute(
992                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.numeric));
993                    out.endTag(null, TAG_MIN_PASSWORD_NUMERIC);
994                }
995                if (minimumPasswordMetrics.symbols != DEF_MINIMUM_PASSWORD_SYMBOLS) {
996                    out.startTag(null, TAG_MIN_PASSWORD_SYMBOLS);
997                    out.attribute(
998                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.symbols));
999                    out.endTag(null, TAG_MIN_PASSWORD_SYMBOLS);
1000                }
1001                if (minimumPasswordMetrics.nonLetter > DEF_MINIMUM_PASSWORD_NON_LETTER) {
1002                    out.startTag(null, TAG_MIN_PASSWORD_NONLETTER);
1003                    out.attribute(
1004                            null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.nonLetter));
1005                    out.endTag(null, TAG_MIN_PASSWORD_NONLETTER);
1006                }
1007            }
1008            if (passwordBlacklistFile != null) {
1009                out.startTag(null, TAG_PASSWORD_BLACKLIST);
1010                out.attribute(null, ATTR_VALUE, passwordBlacklistFile);
1011                out.endTag(null, TAG_PASSWORD_BLACKLIST);
1012            }
1013            if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) {
1014                out.startTag(null, TAG_MAX_TIME_TO_UNLOCK);
1015                out.attribute(null, ATTR_VALUE, Long.toString(maximumTimeToUnlock));
1016                out.endTag(null, TAG_MAX_TIME_TO_UNLOCK);
1017            }
1018            if (strongAuthUnlockTimeout != DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) {
1019                out.startTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT);
1020                out.attribute(null, ATTR_VALUE, Long.toString(strongAuthUnlockTimeout));
1021                out.endTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT);
1022            }
1023            if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
1024                out.startTag(null, TAG_MAX_FAILED_PASSWORD_WIPE);
1025                out.attribute(null, ATTR_VALUE, Integer.toString(maximumFailedPasswordsForWipe));
1026                out.endTag(null, TAG_MAX_FAILED_PASSWORD_WIPE);
1027            }
1028            if (specifiesGlobalProxy) {
1029                out.startTag(null, TAG_SPECIFIES_GLOBAL_PROXY);
1030                out.attribute(null, ATTR_VALUE, Boolean.toString(specifiesGlobalProxy));
1031                out.endTag(null, TAG_SPECIFIES_GLOBAL_PROXY);
1032                if (globalProxySpec != null) {
1033                    out.startTag(null, TAG_GLOBAL_PROXY_SPEC);
1034                    out.attribute(null, ATTR_VALUE, globalProxySpec);
1035                    out.endTag(null, TAG_GLOBAL_PROXY_SPEC);
1036                }
1037                if (globalProxyExclusionList != null) {
1038                    out.startTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST);
1039                    out.attribute(null, ATTR_VALUE, globalProxyExclusionList);
1040                    out.endTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST);
1041                }
1042            }
1043            if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) {
1044                out.startTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT);
1045                out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationTimeout));
1046                out.endTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT);
1047            }
1048            if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) {
1049                out.startTag(null, TAG_PASSWORD_EXPIRATION_DATE);
1050                out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationDate));
1051                out.endTag(null, TAG_PASSWORD_EXPIRATION_DATE);
1052            }
1053            if (encryptionRequested) {
1054                out.startTag(null, TAG_ENCRYPTION_REQUESTED);
1055                out.attribute(null, ATTR_VALUE, Boolean.toString(encryptionRequested));
1056                out.endTag(null, TAG_ENCRYPTION_REQUESTED);
1057            }
1058            if (testOnlyAdmin) {
1059                out.startTag(null, TAG_TEST_ONLY_ADMIN);
1060                out.attribute(null, ATTR_VALUE, Boolean.toString(testOnlyAdmin));
1061                out.endTag(null, TAG_TEST_ONLY_ADMIN);
1062            }
1063            if (disableCamera) {
1064                out.startTag(null, TAG_DISABLE_CAMERA);
1065                out.attribute(null, ATTR_VALUE, Boolean.toString(disableCamera));
1066                out.endTag(null, TAG_DISABLE_CAMERA);
1067            }
1068            if (disableCallerId) {
1069                out.startTag(null, TAG_DISABLE_CALLER_ID);
1070                out.attribute(null, ATTR_VALUE, Boolean.toString(disableCallerId));
1071                out.endTag(null, TAG_DISABLE_CALLER_ID);
1072            }
1073            if (disableContactsSearch) {
1074                out.startTag(null, TAG_DISABLE_CONTACTS_SEARCH);
1075                out.attribute(null, ATTR_VALUE, Boolean.toString(disableContactsSearch));
1076                out.endTag(null, TAG_DISABLE_CONTACTS_SEARCH);
1077            }
1078            if (!disableBluetoothContactSharing) {
1079                out.startTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING);
1080                out.attribute(null, ATTR_VALUE,
1081                        Boolean.toString(disableBluetoothContactSharing));
1082                out.endTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING);
1083            }
1084            if (disableScreenCapture) {
1085                out.startTag(null, TAG_DISABLE_SCREEN_CAPTURE);
1086                out.attribute(null, ATTR_VALUE, Boolean.toString(disableScreenCapture));
1087                out.endTag(null, TAG_DISABLE_SCREEN_CAPTURE);
1088            }
1089            if (requireAutoTime) {
1090                out.startTag(null, TAG_REQUIRE_AUTO_TIME);
1091                out.attribute(null, ATTR_VALUE, Boolean.toString(requireAutoTime));
1092                out.endTag(null, TAG_REQUIRE_AUTO_TIME);
1093            }
1094            if (forceEphemeralUsers) {
1095                out.startTag(null, TAG_FORCE_EPHEMERAL_USERS);
1096                out.attribute(null, ATTR_VALUE, Boolean.toString(forceEphemeralUsers));
1097                out.endTag(null, TAG_FORCE_EPHEMERAL_USERS);
1098            }
1099            if (isNetworkLoggingEnabled) {
1100                out.startTag(null, TAG_IS_NETWORK_LOGGING_ENABLED);
1101                out.attribute(null, ATTR_VALUE, Boolean.toString(isNetworkLoggingEnabled));
1102                out.attribute(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS,
1103                        Integer.toString(numNetworkLoggingNotifications));
1104                out.attribute(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION,
1105                        Long.toString(lastNetworkLoggingNotificationTimeMs));
1106                out.endTag(null, TAG_IS_NETWORK_LOGGING_ENABLED);
1107            }
1108            if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) {
1109                out.startTag(null, TAG_DISABLE_KEYGUARD_FEATURES);
1110                out.attribute(null, ATTR_VALUE, Integer.toString(disabledKeyguardFeatures));
1111                out.endTag(null, TAG_DISABLE_KEYGUARD_FEATURES);
1112            }
1113            if (!accountTypesWithManagementDisabled.isEmpty()) {
1114                out.startTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT);
1115                writeAttributeValuesToXml(
1116                        out, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled);
1117                out.endTag(null,  TAG_DISABLE_ACCOUNT_MANAGEMENT);
1118            }
1119            if (!trustAgentInfos.isEmpty()) {
1120                Set<Entry<String, TrustAgentInfo>> set = trustAgentInfos.entrySet();
1121                out.startTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES);
1122                for (Entry<String, TrustAgentInfo> entry : set) {
1123                    TrustAgentInfo trustAgentInfo = entry.getValue();
1124                    out.startTag(null, TAG_TRUST_AGENT_COMPONENT);
1125                    out.attribute(null, ATTR_VALUE, entry.getKey());
1126                    if (trustAgentInfo.options != null) {
1127                        out.startTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS);
1128                        try {
1129                            trustAgentInfo.options.saveToXml(out);
1130                        } catch (XmlPullParserException e) {
1131                            Log.e(LOG_TAG, "Failed to save TrustAgent options", e);
1132                        }
1133                        out.endTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS);
1134                    }
1135                    out.endTag(null, TAG_TRUST_AGENT_COMPONENT);
1136                }
1137                out.endTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES);
1138            }
1139            if (crossProfileWidgetProviders != null && !crossProfileWidgetProviders.isEmpty()) {
1140                out.startTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS);
1141                writeAttributeValuesToXml(out, TAG_PROVIDER, crossProfileWidgetProviders);
1142                out.endTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS);
1143            }
1144            writePackageListToXml(out, TAG_PERMITTED_ACCESSIBILITY_SERVICES,
1145                    permittedAccessiblityServices);
1146            writePackageListToXml(out, TAG_PERMITTED_IMES, permittedInputMethods);
1147            writePackageListToXml(out, TAG_PERMITTED_NOTIFICATION_LISTENERS,
1148                    permittedNotificationListeners);
1149            writePackageListToXml(out, TAG_KEEP_UNINSTALLED_PACKAGES, keepUninstalledPackages);
1150            if (hasUserRestrictions()) {
1151                UserRestrictionsUtils.writeRestrictions(
1152                        out, userRestrictions, TAG_USER_RESTRICTIONS);
1153            }
1154            if (!defaultEnabledRestrictionsAlreadySet.isEmpty()) {
1155                out.startTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS);
1156                writeAttributeValuesToXml(
1157                        out, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet);
1158                out.endTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS);
1159            }
1160            if (!TextUtils.isEmpty(shortSupportMessage)) {
1161                out.startTag(null, TAG_SHORT_SUPPORT_MESSAGE);
1162                out.text(shortSupportMessage.toString());
1163                out.endTag(null, TAG_SHORT_SUPPORT_MESSAGE);
1164            }
1165            if (!TextUtils.isEmpty(longSupportMessage)) {
1166                out.startTag(null, TAG_LONG_SUPPORT_MESSAGE);
1167                out.text(longSupportMessage.toString());
1168                out.endTag(null, TAG_LONG_SUPPORT_MESSAGE);
1169            }
1170            if (parentAdmin != null) {
1171                out.startTag(null, TAG_PARENT_ADMIN);
1172                parentAdmin.writeToXml(out);
1173                out.endTag(null, TAG_PARENT_ADMIN);
1174            }
1175            if (organizationColor != DEF_ORGANIZATION_COLOR) {
1176                out.startTag(null, TAG_ORGANIZATION_COLOR);
1177                out.attribute(null, ATTR_VALUE, Integer.toString(organizationColor));
1178                out.endTag(null, TAG_ORGANIZATION_COLOR);
1179            }
1180            if (organizationName != null) {
1181                out.startTag(null, TAG_ORGANIZATION_NAME);
1182                out.text(organizationName);
1183                out.endTag(null, TAG_ORGANIZATION_NAME);
1184            }
1185            if (isLogoutEnabled) {
1186                out.startTag(null, TAG_IS_LOGOUT_ENABLED);
1187                out.attribute(null, ATTR_VALUE, Boolean.toString(isLogoutEnabled));
1188                out.endTag(null, TAG_IS_LOGOUT_ENABLED);
1189            }
1190            if (mandatoryBackupTransport != null) {
1191                out.startTag(null, TAG_MANDATORY_BACKUP_TRANSPORT);
1192                out.attribute(null, ATTR_VALUE, mandatoryBackupTransport.flattenToString());
1193                out.endTag(null, TAG_MANDATORY_BACKUP_TRANSPORT);
1194            }
1195            if (startUserSessionMessage != null) {
1196                out.startTag(null, TAG_START_USER_SESSION_MESSAGE);
1197                out.text(startUserSessionMessage);
1198                out.endTag(null, TAG_START_USER_SESSION_MESSAGE);
1199            }
1200            if (endUserSessionMessage != null) {
1201                out.startTag(null, TAG_END_USER_SESSION_MESSAGE);
1202                out.text(endUserSessionMessage);
1203                out.endTag(null, TAG_END_USER_SESSION_MESSAGE);
1204            }
1205        }
1206
1207        void writePackageListToXml(XmlSerializer out, String outerTag,
1208                List<String> packageList)
1209                throws IllegalArgumentException, IllegalStateException, IOException {
1210            if (packageList == null) {
1211                return;
1212            }
1213
1214            out.startTag(null, outerTag);
1215            writeAttributeValuesToXml(out, TAG_PACKAGE_LIST_ITEM, packageList);
1216            out.endTag(null, outerTag);
1217        }
1218
1219        void writeAttributeValuesToXml(XmlSerializer out, String tag,
1220                @NonNull Collection<String> values) throws IOException {
1221            for (String value : values) {
1222                out.startTag(null, tag);
1223                out.attribute(null, ATTR_VALUE, value);
1224                out.endTag(null, tag);
1225            }
1226        }
1227
1228        void readFromXml(XmlPullParser parser)
1229                throws XmlPullParserException, IOException {
1230            int outerDepth = parser.getDepth();
1231            int type;
1232            while ((type=parser.next()) != END_DOCUMENT
1233                   && (type != END_TAG || parser.getDepth() > outerDepth)) {
1234                if (type == END_TAG || type == TEXT) {
1235                    continue;
1236                }
1237                String tag = parser.getName();
1238                if (TAG_POLICIES.equals(tag)) {
1239                    info.readPoliciesFromXml(parser);
1240                } else if (TAG_PASSWORD_QUALITY.equals(tag)) {
1241                    minimumPasswordMetrics.quality = Integer.parseInt(
1242                            parser.getAttributeValue(null, ATTR_VALUE));
1243                } else if (TAG_MIN_PASSWORD_LENGTH.equals(tag)) {
1244                    minimumPasswordMetrics.length = Integer.parseInt(
1245                            parser.getAttributeValue(null, ATTR_VALUE));
1246                } else if (TAG_PASSWORD_HISTORY_LENGTH.equals(tag)) {
1247                    passwordHistoryLength = Integer.parseInt(
1248                            parser.getAttributeValue(null, ATTR_VALUE));
1249                } else if (TAG_MIN_PASSWORD_UPPERCASE.equals(tag)) {
1250                    minimumPasswordMetrics.upperCase = Integer.parseInt(
1251                            parser.getAttributeValue(null, ATTR_VALUE));
1252                } else if (TAG_MIN_PASSWORD_LOWERCASE.equals(tag)) {
1253                    minimumPasswordMetrics.lowerCase = Integer.parseInt(
1254                            parser.getAttributeValue(null, ATTR_VALUE));
1255                } else if (TAG_MIN_PASSWORD_LETTERS.equals(tag)) {
1256                    minimumPasswordMetrics.letters = Integer.parseInt(
1257                            parser.getAttributeValue(null, ATTR_VALUE));
1258                } else if (TAG_MIN_PASSWORD_NUMERIC.equals(tag)) {
1259                    minimumPasswordMetrics.numeric = Integer.parseInt(
1260                            parser.getAttributeValue(null, ATTR_VALUE));
1261                } else if (TAG_MIN_PASSWORD_SYMBOLS.equals(tag)) {
1262                    minimumPasswordMetrics.symbols = Integer.parseInt(
1263                            parser.getAttributeValue(null, ATTR_VALUE));
1264                } else if (TAG_MIN_PASSWORD_NONLETTER.equals(tag)) {
1265                    minimumPasswordMetrics.nonLetter = Integer.parseInt(
1266                            parser.getAttributeValue(null, ATTR_VALUE));
1267                } else if (TAG_PASSWORD_BLACKLIST.equals(tag)) {
1268                    passwordBlacklistFile = parser.getAttributeValue(null, ATTR_VALUE);
1269                }else if (TAG_MAX_TIME_TO_UNLOCK.equals(tag)) {
1270                    maximumTimeToUnlock = Long.parseLong(
1271                            parser.getAttributeValue(null, ATTR_VALUE));
1272                } else if (TAG_STRONG_AUTH_UNLOCK_TIMEOUT.equals(tag)) {
1273                    strongAuthUnlockTimeout = Long.parseLong(
1274                            parser.getAttributeValue(null, ATTR_VALUE));
1275                } else if (TAG_MAX_FAILED_PASSWORD_WIPE.equals(tag)) {
1276                    maximumFailedPasswordsForWipe = Integer.parseInt(
1277                            parser.getAttributeValue(null, ATTR_VALUE));
1278                } else if (TAG_SPECIFIES_GLOBAL_PROXY.equals(tag)) {
1279                    specifiesGlobalProxy = Boolean.parseBoolean(
1280                            parser.getAttributeValue(null, ATTR_VALUE));
1281                } else if (TAG_GLOBAL_PROXY_SPEC.equals(tag)) {
1282                    globalProxySpec =
1283                        parser.getAttributeValue(null, ATTR_VALUE);
1284                } else if (TAG_GLOBAL_PROXY_EXCLUSION_LIST.equals(tag)) {
1285                    globalProxyExclusionList =
1286                        parser.getAttributeValue(null, ATTR_VALUE);
1287                } else if (TAG_PASSWORD_EXPIRATION_TIMEOUT.equals(tag)) {
1288                    passwordExpirationTimeout = Long.parseLong(
1289                            parser.getAttributeValue(null, ATTR_VALUE));
1290                } else if (TAG_PASSWORD_EXPIRATION_DATE.equals(tag)) {
1291                    passwordExpirationDate = Long.parseLong(
1292                            parser.getAttributeValue(null, ATTR_VALUE));
1293                } else if (TAG_ENCRYPTION_REQUESTED.equals(tag)) {
1294                    encryptionRequested = Boolean.parseBoolean(
1295                            parser.getAttributeValue(null, ATTR_VALUE));
1296                } else if (TAG_TEST_ONLY_ADMIN.equals(tag)) {
1297                    testOnlyAdmin = Boolean.parseBoolean(
1298                            parser.getAttributeValue(null, ATTR_VALUE));
1299                } else if (TAG_DISABLE_CAMERA.equals(tag)) {
1300                    disableCamera = Boolean.parseBoolean(
1301                            parser.getAttributeValue(null, ATTR_VALUE));
1302                } else if (TAG_DISABLE_CALLER_ID.equals(tag)) {
1303                    disableCallerId = Boolean.parseBoolean(
1304                            parser.getAttributeValue(null, ATTR_VALUE));
1305                } else if (TAG_DISABLE_CONTACTS_SEARCH.equals(tag)) {
1306                    disableContactsSearch = Boolean.parseBoolean(
1307                            parser.getAttributeValue(null, ATTR_VALUE));
1308                } else if (TAG_DISABLE_BLUETOOTH_CONTACT_SHARING.equals(tag)) {
1309                    disableBluetoothContactSharing = Boolean.parseBoolean(parser
1310                            .getAttributeValue(null, ATTR_VALUE));
1311                } else if (TAG_DISABLE_SCREEN_CAPTURE.equals(tag)) {
1312                    disableScreenCapture = Boolean.parseBoolean(
1313                            parser.getAttributeValue(null, ATTR_VALUE));
1314                } else if (TAG_REQUIRE_AUTO_TIME.equals(tag)) {
1315                    requireAutoTime = Boolean.parseBoolean(
1316                            parser.getAttributeValue(null, ATTR_VALUE));
1317                } else if (TAG_FORCE_EPHEMERAL_USERS.equals(tag)) {
1318                    forceEphemeralUsers = Boolean.parseBoolean(
1319                            parser.getAttributeValue(null, ATTR_VALUE));
1320                } else if (TAG_IS_NETWORK_LOGGING_ENABLED.equals(tag)) {
1321                    isNetworkLoggingEnabled = Boolean.parseBoolean(
1322                            parser.getAttributeValue(null, ATTR_VALUE));
1323                    lastNetworkLoggingNotificationTimeMs = Long.parseLong(
1324                            parser.getAttributeValue(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION));
1325                    numNetworkLoggingNotifications = Integer.parseInt(
1326                            parser.getAttributeValue(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS));
1327                } else if (TAG_DISABLE_KEYGUARD_FEATURES.equals(tag)) {
1328                    disabledKeyguardFeatures = Integer.parseInt(
1329                            parser.getAttributeValue(null, ATTR_VALUE));
1330                } else if (TAG_DISABLE_ACCOUNT_MANAGEMENT.equals(tag)) {
1331                    readAttributeValues(
1332                            parser, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled);
1333                } else if (TAG_MANAGE_TRUST_AGENT_FEATURES.equals(tag)) {
1334                    trustAgentInfos = getAllTrustAgentInfos(parser, tag);
1335                } else if (TAG_CROSS_PROFILE_WIDGET_PROVIDERS.equals(tag)) {
1336                    crossProfileWidgetProviders = new ArrayList<>();
1337                    readAttributeValues(parser, TAG_PROVIDER, crossProfileWidgetProviders);
1338                } else if (TAG_PERMITTED_ACCESSIBILITY_SERVICES.equals(tag)) {
1339                    permittedAccessiblityServices = readPackageList(parser, tag);
1340                } else if (TAG_PERMITTED_IMES.equals(tag)) {
1341                    permittedInputMethods = readPackageList(parser, tag);
1342                } else if (TAG_PERMITTED_NOTIFICATION_LISTENERS.equals(tag)) {
1343                    permittedNotificationListeners = readPackageList(parser, tag);
1344                } else if (TAG_KEEP_UNINSTALLED_PACKAGES.equals(tag)) {
1345                    keepUninstalledPackages = readPackageList(parser, tag);
1346                } else if (TAG_USER_RESTRICTIONS.equals(tag)) {
1347                    userRestrictions = UserRestrictionsUtils.readRestrictions(parser);
1348                } else if (TAG_DEFAULT_ENABLED_USER_RESTRICTIONS.equals(tag)) {
1349                    readAttributeValues(
1350                            parser, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet);
1351                } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) {
1352                    type = parser.next();
1353                    if (type == XmlPullParser.TEXT) {
1354                        shortSupportMessage = parser.getText();
1355                    } else {
1356                        Log.w(LOG_TAG, "Missing text when loading short support message");
1357                    }
1358                } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) {
1359                    type = parser.next();
1360                    if (type == XmlPullParser.TEXT) {
1361                        longSupportMessage = parser.getText();
1362                    } else {
1363                        Log.w(LOG_TAG, "Missing text when loading long support message");
1364                    }
1365                } else if (TAG_PARENT_ADMIN.equals(tag)) {
1366                    Preconditions.checkState(!isParent);
1367
1368                    parentAdmin = new ActiveAdmin(info, /* parent */ true);
1369                    parentAdmin.readFromXml(parser);
1370                } else if (TAG_ORGANIZATION_COLOR.equals(tag)) {
1371                    organizationColor = Integer.parseInt(
1372                            parser.getAttributeValue(null, ATTR_VALUE));
1373                } else if (TAG_ORGANIZATION_NAME.equals(tag)) {
1374                    type = parser.next();
1375                    if (type == XmlPullParser.TEXT) {
1376                        organizationName = parser.getText();
1377                    } else {
1378                        Log.w(LOG_TAG, "Missing text when loading organization name");
1379                    }
1380                } else if (TAG_IS_LOGOUT_ENABLED.equals(tag)) {
1381                    isLogoutEnabled = Boolean.parseBoolean(
1382                            parser.getAttributeValue(null, ATTR_VALUE));
1383                } else if (TAG_MANDATORY_BACKUP_TRANSPORT.equals(tag)) {
1384                    mandatoryBackupTransport = ComponentName.unflattenFromString(
1385                            parser.getAttributeValue(null, ATTR_VALUE));
1386                } else if (TAG_START_USER_SESSION_MESSAGE.equals(tag)) {
1387                    type = parser.next();
1388                    if (type == XmlPullParser.TEXT) {
1389                        startUserSessionMessage = parser.getText();
1390                    } else {
1391                        Log.w(LOG_TAG, "Missing text when loading start session message");
1392                    }
1393                } else if (TAG_END_USER_SESSION_MESSAGE.equals(tag)) {
1394                    type = parser.next();
1395                    if (type == XmlPullParser.TEXT) {
1396                        endUserSessionMessage = parser.getText();
1397                    } else {
1398                        Log.w(LOG_TAG, "Missing text when loading end session message");
1399                    }
1400                } else {
1401                    Slog.w(LOG_TAG, "Unknown admin tag: " + tag);
1402                    XmlUtils.skipCurrentTag(parser);
1403                }
1404            }
1405        }
1406
1407        private List<String> readPackageList(XmlPullParser parser,
1408                String tag) throws XmlPullParserException, IOException {
1409            List<String> result = new ArrayList<String>();
1410            int outerDepth = parser.getDepth();
1411            int outerType;
1412            while ((outerType=parser.next()) != XmlPullParser.END_DOCUMENT
1413                    && (outerType != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1414                if (outerType == XmlPullParser.END_TAG || outerType == XmlPullParser.TEXT) {
1415                    continue;
1416                }
1417                String outerTag = parser.getName();
1418                if (TAG_PACKAGE_LIST_ITEM.equals(outerTag)) {
1419                    String packageName = parser.getAttributeValue(null, ATTR_VALUE);
1420                    if (packageName != null) {
1421                        result.add(packageName);
1422                    } else {
1423                        Slog.w(LOG_TAG, "Package name missing under " + outerTag);
1424                    }
1425                } else {
1426                    Slog.w(LOG_TAG, "Unknown tag under " + tag +  ": " + outerTag);
1427                }
1428            }
1429            return result;
1430        }
1431
1432        private void readAttributeValues(
1433                XmlPullParser parser, String tag, Collection<String> result)
1434                throws XmlPullParserException, IOException {
1435            result.clear();
1436            int outerDepthDAM = parser.getDepth();
1437            int typeDAM;
1438            while ((typeDAM=parser.next()) != END_DOCUMENT
1439                    && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1440                if (typeDAM == END_TAG || typeDAM == TEXT) {
1441                    continue;
1442                }
1443                String tagDAM = parser.getName();
1444                if (tag.equals(tagDAM)) {
1445                    result.add(parser.getAttributeValue(null, ATTR_VALUE));
1446                } else {
1447                    Slog.e(LOG_TAG, "Expected tag " + tag +  " but found " + tagDAM);
1448                }
1449            }
1450        }
1451
1452        private ArrayMap<String, TrustAgentInfo> getAllTrustAgentInfos(
1453                XmlPullParser parser, String tag) throws XmlPullParserException, IOException {
1454            int outerDepthDAM = parser.getDepth();
1455            int typeDAM;
1456            final ArrayMap<String, TrustAgentInfo> result = new ArrayMap<>();
1457            while ((typeDAM=parser.next()) != END_DOCUMENT
1458                    && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1459                if (typeDAM == END_TAG || typeDAM == TEXT) {
1460                    continue;
1461                }
1462                String tagDAM = parser.getName();
1463                if (TAG_TRUST_AGENT_COMPONENT.equals(tagDAM)) {
1464                    final String component = parser.getAttributeValue(null, ATTR_VALUE);
1465                    final TrustAgentInfo trustAgentInfo = getTrustAgentInfo(parser, tag);
1466                    result.put(component, trustAgentInfo);
1467                } else {
1468                    Slog.w(LOG_TAG, "Unknown tag under " + tag +  ": " + tagDAM);
1469                }
1470            }
1471            return result;
1472        }
1473
1474        private TrustAgentInfo getTrustAgentInfo(XmlPullParser parser, String tag)
1475                throws XmlPullParserException, IOException  {
1476            int outerDepthDAM = parser.getDepth();
1477            int typeDAM;
1478            TrustAgentInfo result = new TrustAgentInfo(null);
1479            while ((typeDAM=parser.next()) != END_DOCUMENT
1480                    && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1481                if (typeDAM == END_TAG || typeDAM == TEXT) {
1482                    continue;
1483                }
1484                String tagDAM = parser.getName();
1485                if (TAG_TRUST_AGENT_COMPONENT_OPTIONS.equals(tagDAM)) {
1486                    result.options = PersistableBundle.restoreFromXml(parser);
1487                } else {
1488                    Slog.w(LOG_TAG, "Unknown tag under " + tag +  ": " + tagDAM);
1489                }
1490            }
1491            return result;
1492        }
1493
1494        boolean hasUserRestrictions() {
1495            return userRestrictions != null && userRestrictions.size() > 0;
1496        }
1497
1498        Bundle ensureUserRestrictions() {
1499            if (userRestrictions == null) {
1500                userRestrictions = new Bundle();
1501            }
1502            return userRestrictions;
1503        }
1504
1505        public void transfer(DeviceAdminInfo deviceAdminInfo) {
1506            if (hasParentActiveAdmin()) {
1507                parentAdmin.info = deviceAdminInfo;
1508            }
1509            info = deviceAdminInfo;
1510        }
1511
1512        void dump(String prefix, PrintWriter pw) {
1513            pw.print(prefix); pw.print("uid="); pw.println(getUid());
1514            pw.print(prefix); pw.print("testOnlyAdmin=");
1515            pw.println(testOnlyAdmin);
1516            pw.print(prefix); pw.println("policies:");
1517            ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies();
1518            if (pols != null) {
1519                for (int i=0; i<pols.size(); i++) {
1520                    pw.print(prefix); pw.print("  "); pw.println(pols.get(i).tag);
1521                }
1522            }
1523            pw.print(prefix); pw.print("passwordQuality=0x");
1524                    pw.println(Integer.toHexString(minimumPasswordMetrics.quality));
1525            pw.print(prefix); pw.print("minimumPasswordLength=");
1526                    pw.println(minimumPasswordMetrics.length);
1527            pw.print(prefix); pw.print("passwordHistoryLength=");
1528                    pw.println(passwordHistoryLength);
1529            pw.print(prefix); pw.print("minimumPasswordUpperCase=");
1530                    pw.println(minimumPasswordMetrics.upperCase);
1531            pw.print(prefix); pw.print("minimumPasswordLowerCase=");
1532                    pw.println(minimumPasswordMetrics.lowerCase);
1533            pw.print(prefix); pw.print("minimumPasswordLetters=");
1534                    pw.println(minimumPasswordMetrics.letters);
1535            pw.print(prefix); pw.print("minimumPasswordNumeric=");
1536                    pw.println(minimumPasswordMetrics.numeric);
1537            pw.print(prefix); pw.print("minimumPasswordSymbols=");
1538                    pw.println(minimumPasswordMetrics.symbols);
1539            pw.print(prefix); pw.print("minimumPasswordNonLetter=");
1540                    pw.println(minimumPasswordMetrics.nonLetter);
1541            pw.print(prefix); pw.print("passwordBlacklist=");
1542                    pw.println(passwordBlacklistFile != null);
1543            pw.print(prefix); pw.print("maximumTimeToUnlock=");
1544                    pw.println(maximumTimeToUnlock);
1545            pw.print(prefix); pw.print("strongAuthUnlockTimeout=");
1546                    pw.println(strongAuthUnlockTimeout);
1547            pw.print(prefix); pw.print("maximumFailedPasswordsForWipe=");
1548                    pw.println(maximumFailedPasswordsForWipe);
1549            pw.print(prefix); pw.print("specifiesGlobalProxy=");
1550                    pw.println(specifiesGlobalProxy);
1551            pw.print(prefix); pw.print("passwordExpirationTimeout=");
1552                    pw.println(passwordExpirationTimeout);
1553            pw.print(prefix); pw.print("passwordExpirationDate=");
1554                    pw.println(passwordExpirationDate);
1555            if (globalProxySpec != null) {
1556                pw.print(prefix); pw.print("globalProxySpec=");
1557                        pw.println(globalProxySpec);
1558            }
1559            if (globalProxyExclusionList != null) {
1560                pw.print(prefix); pw.print("globalProxyEclusionList=");
1561                        pw.println(globalProxyExclusionList);
1562            }
1563            pw.print(prefix); pw.print("encryptionRequested=");
1564                    pw.println(encryptionRequested);
1565            pw.print(prefix); pw.print("disableCamera=");
1566                    pw.println(disableCamera);
1567            pw.print(prefix); pw.print("disableCallerId=");
1568                    pw.println(disableCallerId);
1569            pw.print(prefix); pw.print("disableContactsSearch=");
1570                    pw.println(disableContactsSearch);
1571            pw.print(prefix); pw.print("disableBluetoothContactSharing=");
1572                    pw.println(disableBluetoothContactSharing);
1573            pw.print(prefix); pw.print("disableScreenCapture=");
1574                    pw.println(disableScreenCapture);
1575            pw.print(prefix); pw.print("requireAutoTime=");
1576                    pw.println(requireAutoTime);
1577            pw.print(prefix); pw.print("forceEphemeralUsers=");
1578                    pw.println(forceEphemeralUsers);
1579            pw.print(prefix); pw.print("isNetworkLoggingEnabled=");
1580                    pw.println(isNetworkLoggingEnabled);
1581            pw.print(prefix); pw.print("disabledKeyguardFeatures=");
1582                    pw.println(disabledKeyguardFeatures);
1583            pw.print(prefix); pw.print("crossProfileWidgetProviders=");
1584                    pw.println(crossProfileWidgetProviders);
1585            if (permittedAccessiblityServices != null) {
1586                pw.print(prefix); pw.print("permittedAccessibilityServices=");
1587                    pw.println(permittedAccessiblityServices);
1588            }
1589            if (permittedInputMethods != null) {
1590                pw.print(prefix); pw.print("permittedInputMethods=");
1591                    pw.println(permittedInputMethods);
1592            }
1593            if (permittedNotificationListeners != null) {
1594                pw.print(prefix); pw.print("permittedNotificationListeners=");
1595                pw.println(permittedNotificationListeners);
1596            }
1597            if (keepUninstalledPackages != null) {
1598                pw.print(prefix); pw.print("keepUninstalledPackages=");
1599                    pw.println(keepUninstalledPackages);
1600            }
1601            pw.print(prefix); pw.print("organizationColor=");
1602                    pw.println(organizationColor);
1603            if (organizationName != null) {
1604                pw.print(prefix); pw.print("organizationName=");
1605                    pw.println(organizationName);
1606            }
1607            pw.print(prefix); pw.println("userRestrictions:");
1608            UserRestrictionsUtils.dumpRestrictions(pw, prefix + "  ", userRestrictions);
1609            pw.print(prefix); pw.print("defaultEnabledRestrictionsAlreadySet=");
1610                    pw.println(defaultEnabledRestrictionsAlreadySet);
1611            pw.print(prefix); pw.print("isParent=");
1612                    pw.println(isParent);
1613            if (parentAdmin != null) {
1614                pw.print(prefix);  pw.println("parentAdmin:");
1615                parentAdmin.dump(prefix + "  ", pw);
1616            }
1617        }
1618    }
1619
1620    private void handlePackagesChanged(@Nullable String packageName, int userHandle) {
1621        boolean removedAdmin = false;
1622        if (VERBOSE_LOG) {
1623            Slog.d(LOG_TAG, "Handling package changes package " + packageName
1624                    + " for user " + userHandle);
1625        }
1626        DevicePolicyData policy = getUserData(userHandle);
1627        synchronized (this) {
1628            for (int i = policy.mAdminList.size() - 1; i >= 0; i--) {
1629                ActiveAdmin aa = policy.mAdminList.get(i);
1630                try {
1631                    // If we're checking all packages or if the specific one we're checking matches,
1632                    // then check if the package and receiver still exist.
1633                    final String adminPackage = aa.info.getPackageName();
1634                    if (packageName == null || packageName.equals(adminPackage)) {
1635                        if (mIPackageManager.getPackageInfo(adminPackage, 0, userHandle) == null
1636                                || mIPackageManager.getReceiverInfo(aa.info.getComponent(),
1637                                PackageManager.MATCH_DIRECT_BOOT_AWARE
1638                                        | PackageManager.MATCH_DIRECT_BOOT_UNAWARE,
1639                                userHandle) == null) {
1640                            removedAdmin = true;
1641                            policy.mAdminList.remove(i);
1642                            policy.mAdminMap.remove(aa.info.getComponent());
1643                            pushActiveAdminPackagesLocked(userHandle);
1644                        }
1645                    }
1646                } catch (RemoteException re) {
1647                    // Shouldn't happen.
1648                }
1649            }
1650            if (removedAdmin) {
1651                validatePasswordOwnerLocked(policy);
1652            }
1653
1654            boolean removedDelegate = false;
1655
1656            // Check if a delegate was removed.
1657            for (int i = policy.mDelegationMap.size() - 1; i >= 0; i--) {
1658                final String delegatePackage = policy.mDelegationMap.keyAt(i);
1659                if (isRemovedPackage(packageName, delegatePackage, userHandle)) {
1660                    policy.mDelegationMap.removeAt(i);
1661                    removedDelegate = true;
1662                }
1663            }
1664
1665            // If it's an owner package, we may need to refresh the bound connection.
1666            final ComponentName owner = getOwnerComponent(userHandle);
1667            if ((packageName != null) && (owner != null)
1668                    && (owner.getPackageName().equals(packageName))) {
1669                startOwnerService(userHandle, "package-broadcast");
1670            }
1671
1672            // Persist updates if the removed package was an admin or delegate.
1673            if (removedAdmin || removedDelegate) {
1674                saveSettingsLocked(policy.mUserHandle);
1675            }
1676        }
1677        if (removedAdmin) {
1678            // The removed admin might have disabled camera, so update user restrictions.
1679            pushUserRestrictions(userHandle);
1680        }
1681    }
1682
1683    private boolean isRemovedPackage(String changedPackage, String targetPackage, int userHandle) {
1684        try {
1685            return targetPackage != null
1686                    && (changedPackage == null || changedPackage.equals(targetPackage))
1687                    && mIPackageManager.getPackageInfo(targetPackage, 0, userHandle) == null;
1688        } catch (RemoteException e) {
1689            // Shouldn't happen
1690        }
1691
1692        return false;
1693    }
1694
1695    /**
1696     * Unit test will subclass it to inject mocks.
1697     */
1698    @VisibleForTesting
1699    static class Injector {
1700
1701        public final Context mContext;
1702
1703        Injector(Context context) {
1704            mContext = context;
1705        }
1706
1707        public boolean hasFeature() {
1708            return getPackageManager().hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN);
1709        }
1710
1711        Context createContextAsUser(UserHandle user) throws PackageManager.NameNotFoundException {
1712            final String packageName = mContext.getPackageName();
1713            return mContext.createPackageContextAsUser(packageName, 0, user);
1714        }
1715
1716        Resources getResources() {
1717            return mContext.getResources();
1718        }
1719
1720        Owners newOwners() {
1721            return new Owners(getUserManager(), getUserManagerInternal(),
1722                    getPackageManagerInternal());
1723        }
1724
1725        UserManager getUserManager() {
1726            return UserManager.get(mContext);
1727        }
1728
1729        UserManagerInternal getUserManagerInternal() {
1730            return LocalServices.getService(UserManagerInternal.class);
1731        }
1732
1733        PackageManagerInternal getPackageManagerInternal() {
1734            return LocalServices.getService(PackageManagerInternal.class);
1735        }
1736
1737        UsageStatsManagerInternal getUsageStatsManagerInternal() {
1738            return LocalServices.getService(UsageStatsManagerInternal.class);
1739        }
1740
1741        NotificationManager getNotificationManager() {
1742            return mContext.getSystemService(NotificationManager.class);
1743        }
1744
1745        IIpConnectivityMetrics getIIpConnectivityMetrics() {
1746            return (IIpConnectivityMetrics) IIpConnectivityMetrics.Stub.asInterface(
1747                ServiceManager.getService(IpConnectivityLog.SERVICE_NAME));
1748        }
1749
1750        PackageManager getPackageManager() {
1751            return mContext.getPackageManager();
1752        }
1753
1754        PowerManagerInternal getPowerManagerInternal() {
1755            return LocalServices.getService(PowerManagerInternal.class);
1756        }
1757
1758        TelephonyManager getTelephonyManager() {
1759            return TelephonyManager.from(mContext);
1760        }
1761
1762        TrustManager getTrustManager() {
1763            return (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);
1764        }
1765
1766        AlarmManager getAlarmManager() {
1767            return (AlarmManager) mContext.getSystemService(AlarmManager.class);
1768        }
1769
1770        IWindowManager getIWindowManager() {
1771            return IWindowManager.Stub
1772                    .asInterface(ServiceManager.getService(Context.WINDOW_SERVICE));
1773        }
1774
1775        IActivityManager getIActivityManager() {
1776            return ActivityManager.getService();
1777        }
1778
1779        ActivityManagerInternal getActivityManagerInternal() {
1780            return LocalServices.getService(ActivityManagerInternal.class);
1781        }
1782
1783        IPackageManager getIPackageManager() {
1784            return AppGlobals.getPackageManager();
1785        }
1786
1787        IBackupManager getIBackupManager() {
1788            return IBackupManager.Stub.asInterface(
1789                    ServiceManager.getService(Context.BACKUP_SERVICE));
1790        }
1791
1792        IAudioService getIAudioService() {
1793            return IAudioService.Stub.asInterface(ServiceManager.getService(Context.AUDIO_SERVICE));
1794        }
1795
1796        boolean isBuildDebuggable() {
1797            return Build.IS_DEBUGGABLE;
1798        }
1799
1800        LockPatternUtils newLockPatternUtils() {
1801            return new LockPatternUtils(mContext);
1802        }
1803
1804        PasswordBlacklist newPasswordBlacklist(File file) {
1805            return new PasswordBlacklist(file);
1806        }
1807
1808        boolean storageManagerIsFileBasedEncryptionEnabled() {
1809            return StorageManager.isFileEncryptedNativeOnly();
1810        }
1811
1812        boolean storageManagerIsNonDefaultBlockEncrypted() {
1813            long identity = Binder.clearCallingIdentity();
1814            try {
1815                return StorageManager.isNonDefaultBlockEncrypted();
1816            } finally {
1817                Binder.restoreCallingIdentity(identity);
1818            }
1819        }
1820
1821        boolean storageManagerIsEncrypted() {
1822            return StorageManager.isEncrypted();
1823        }
1824
1825        boolean storageManagerIsEncryptable() {
1826            return StorageManager.isEncryptable();
1827        }
1828
1829        Looper getMyLooper() {
1830            return Looper.myLooper();
1831        }
1832
1833        WifiManager getWifiManager() {
1834            return mContext.getSystemService(WifiManager.class);
1835        }
1836
1837        long binderClearCallingIdentity() {
1838            return Binder.clearCallingIdentity();
1839        }
1840
1841        void binderRestoreCallingIdentity(long token) {
1842            Binder.restoreCallingIdentity(token);
1843        }
1844
1845        int binderGetCallingUid() {
1846            return Binder.getCallingUid();
1847        }
1848
1849        int binderGetCallingPid() {
1850            return Binder.getCallingPid();
1851        }
1852
1853        UserHandle binderGetCallingUserHandle() {
1854            return Binder.getCallingUserHandle();
1855        }
1856
1857        boolean binderIsCallingUidMyUid() {
1858            return getCallingUid() == Process.myUid();
1859        }
1860
1861        void binderWithCleanCallingIdentity(@NonNull ThrowingRunnable action) {
1862             Binder.withCleanCallingIdentity(action);
1863        }
1864
1865        final int userHandleGetCallingUserId() {
1866            return UserHandle.getUserId(binderGetCallingUid());
1867        }
1868
1869        File environmentGetUserSystemDirectory(int userId) {
1870            return Environment.getUserSystemDirectory(userId);
1871        }
1872
1873        void powerManagerGoToSleep(long time, int reason, int flags) {
1874            mContext.getSystemService(PowerManager.class).goToSleep(time, reason, flags);
1875        }
1876
1877        void powerManagerReboot(String reason) {
1878            mContext.getSystemService(PowerManager.class).reboot(reason);
1879        }
1880
1881        void recoverySystemRebootWipeUserData(boolean shutdown, String reason, boolean force,
1882                boolean wipeEuicc) throws IOException {
1883            RecoverySystem.rebootWipeUserData(mContext, shutdown, reason, force, wipeEuicc);
1884        }
1885
1886        boolean systemPropertiesGetBoolean(String key, boolean def) {
1887            return SystemProperties.getBoolean(key, def);
1888        }
1889
1890        long systemPropertiesGetLong(String key, long def) {
1891            return SystemProperties.getLong(key, def);
1892        }
1893
1894        String systemPropertiesGet(String key, String def) {
1895            return SystemProperties.get(key, def);
1896        }
1897
1898        String systemPropertiesGet(String key) {
1899            return SystemProperties.get(key);
1900        }
1901
1902        void systemPropertiesSet(String key, String value) {
1903            SystemProperties.set(key, value);
1904        }
1905
1906        boolean userManagerIsSplitSystemUser() {
1907            return UserManager.isSplitSystemUser();
1908        }
1909
1910        String getDevicePolicyFilePathForSystemUser() {
1911            return "/data/system/";
1912        }
1913
1914        PendingIntent pendingIntentGetActivityAsUser(Context context, int requestCode,
1915                @NonNull Intent intent, int flags, Bundle options, UserHandle user) {
1916            return PendingIntent.getActivityAsUser(
1917                    context, requestCode, intent, flags, options, user);
1918        }
1919
1920        void registerContentObserver(Uri uri, boolean notifyForDescendents,
1921                ContentObserver observer, int userHandle) {
1922            mContext.getContentResolver().registerContentObserver(uri, notifyForDescendents,
1923                    observer, userHandle);
1924        }
1925
1926        int settingsSecureGetIntForUser(String name, int def, int userHandle) {
1927            return Settings.Secure.getIntForUser(mContext.getContentResolver(),
1928                    name, def, userHandle);
1929        }
1930
1931        String settingsSecureGetStringForUser(String name, int userHandle) {
1932            return Settings.Secure.getStringForUser(mContext.getContentResolver(), name,
1933                    userHandle);
1934        }
1935
1936        void settingsSecurePutIntForUser(String name, int value, int userHandle) {
1937            Settings.Secure.putIntForUser(mContext.getContentResolver(),
1938                    name, value, userHandle);
1939        }
1940
1941        void settingsSecurePutStringForUser(String name, String value, int userHandle) {
1942            Settings.Secure.putStringForUser(mContext.getContentResolver(),
1943                    name, value, userHandle);
1944        }
1945
1946        void settingsGlobalPutStringForUser(String name, String value, int userHandle) {
1947            Settings.Global.putStringForUser(mContext.getContentResolver(),
1948                    name, value, userHandle);
1949        }
1950
1951        void settingsSecurePutInt(String name, int value) {
1952            Settings.Secure.putInt(mContext.getContentResolver(), name, value);
1953        }
1954
1955        int settingsGlobalGetInt(String name, int def) {
1956            return Settings.Global.getInt(mContext.getContentResolver(), name, def);
1957        }
1958
1959        String settingsGlobalGetString(String name) {
1960            return Settings.Global.getString(mContext.getContentResolver(), name);
1961        }
1962
1963        void settingsGlobalPutInt(String name, int value) {
1964            Settings.Global.putInt(mContext.getContentResolver(), name, value);
1965        }
1966
1967        void settingsSecurePutString(String name, String value) {
1968            Settings.Secure.putString(mContext.getContentResolver(), name, value);
1969        }
1970
1971        void settingsGlobalPutString(String name, String value) {
1972            Settings.Global.putString(mContext.getContentResolver(), name, value);
1973        }
1974
1975        void settingsSystemPutString(String name, String value) {
1976            Settings.System.putString(mContext.getContentResolver(), name, value);
1977        }
1978
1979        void securityLogSetLoggingEnabledProperty(boolean enabled) {
1980            SecurityLog.setLoggingEnabledProperty(enabled);
1981        }
1982
1983        boolean securityLogGetLoggingEnabledProperty() {
1984            return SecurityLog.getLoggingEnabledProperty();
1985        }
1986
1987        boolean securityLogIsLoggingEnabled() {
1988            return SecurityLog.isLoggingEnabled();
1989        }
1990
1991        KeyChainConnection keyChainBindAsUser(UserHandle user) throws InterruptedException {
1992            return KeyChain.bindAsUser(mContext, user);
1993        }
1994    }
1995
1996    /**
1997     * Instantiates the service.
1998     */
1999    public DevicePolicyManagerService(Context context) {
2000        this(new Injector(context));
2001    }
2002
2003    @VisibleForTesting
2004    DevicePolicyManagerService(Injector injector) {
2005        mInjector = injector;
2006        mContext = Preconditions.checkNotNull(injector.mContext);
2007        mHandler = new Handler(Preconditions.checkNotNull(injector.getMyLooper()));
2008        mConstants = DevicePolicyConstants.loadFromString(
2009                mInjector.settingsGlobalGetString(Global.DEVICE_POLICY_CONSTANTS));
2010
2011        mOwners = Preconditions.checkNotNull(injector.newOwners());
2012
2013        mUserManager = Preconditions.checkNotNull(injector.getUserManager());
2014        mUserManagerInternal = Preconditions.checkNotNull(injector.getUserManagerInternal());
2015        mUsageStatsManagerInternal = Preconditions.checkNotNull(
2016                injector.getUsageStatsManagerInternal());
2017        mIPackageManager = Preconditions.checkNotNull(injector.getIPackageManager());
2018        mTelephonyManager = Preconditions.checkNotNull(injector.getTelephonyManager());
2019
2020        mLocalService = new LocalService();
2021        mLockPatternUtils = injector.newLockPatternUtils();
2022
2023        // TODO: why does SecurityLogMonitor need to be created even when mHasFeature == false?
2024        mSecurityLogMonitor = new SecurityLogMonitor(this);
2025
2026        mHasFeature = mInjector.hasFeature();
2027        mIsWatch = mInjector.getPackageManager()
2028                .hasSystemFeature(PackageManager.FEATURE_WATCH);
2029        mBackgroundHandler = BackgroundThread.getHandler();
2030
2031        // Needed when mHasFeature == false, because it controls the certificate warning text.
2032        mCertificateMonitor = new CertificateMonitor(this, mInjector, mBackgroundHandler);
2033
2034        mDeviceAdminServiceController = new DeviceAdminServiceController(this, mConstants);
2035
2036        mOverlayPackagesProvider = new OverlayPackagesProvider(mContext);
2037
2038        if (!mHasFeature) {
2039            // Skip the rest of the initialization
2040            return;
2041        }
2042
2043        IntentFilter filter = new IntentFilter();
2044        filter.addAction(Intent.ACTION_BOOT_COMPLETED);
2045        filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION);
2046        filter.addAction(Intent.ACTION_USER_ADDED);
2047        filter.addAction(Intent.ACTION_USER_REMOVED);
2048        filter.addAction(Intent.ACTION_USER_STARTED);
2049        filter.addAction(Intent.ACTION_USER_UNLOCKED);
2050        filter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY);
2051        mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
2052        filter = new IntentFilter();
2053        filter.addAction(Intent.ACTION_PACKAGE_CHANGED);
2054        filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
2055        filter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE);
2056        filter.addAction(Intent.ACTION_PACKAGE_ADDED);
2057        filter.addDataScheme("package");
2058        mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
2059        filter = new IntentFilter();
2060        filter.addAction(Intent.ACTION_MANAGED_PROFILE_ADDED);
2061        mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler);
2062
2063        LocalServices.addService(DevicePolicyManagerInternal.class, mLocalService);
2064
2065        mSetupContentObserver = new SetupContentObserver(mHandler);
2066
2067        mUserManagerInternal.addUserRestrictionsListener(new RestrictionsListener(mContext));
2068    }
2069
2070    /**
2071     * Creates and loads the policy data from xml.
2072     * @param userHandle the user for whom to load the policy data
2073     * @return
2074     */
2075    @NonNull
2076    DevicePolicyData getUserData(int userHandle) {
2077        synchronized (this) {
2078            DevicePolicyData policy = mUserData.get(userHandle);
2079            if (policy == null) {
2080                policy = new DevicePolicyData(userHandle);
2081                mUserData.append(userHandle, policy);
2082                loadSettingsLocked(policy, userHandle);
2083            }
2084            return policy;
2085        }
2086    }
2087
2088    /**
2089     * Creates and loads the policy data from xml for data that is shared between
2090     * various profiles of a user. In contrast to {@link #getUserData(int)}
2091     * it allows access to data of users other than the calling user.
2092     *
2093     * This function should only be used for shared data, e.g. everything regarding
2094     * passwords and should be removed once multiple screen locks are present.
2095     * @param userHandle the user for whom to load the policy data
2096     * @return
2097     */
2098    DevicePolicyData getUserDataUnchecked(int userHandle) {
2099        long ident = mInjector.binderClearCallingIdentity();
2100        try {
2101            return getUserData(userHandle);
2102        } finally {
2103            mInjector.binderRestoreCallingIdentity(ident);
2104        }
2105    }
2106
2107    void removeUserData(int userHandle) {
2108        synchronized (this) {
2109            if (userHandle == UserHandle.USER_SYSTEM) {
2110                Slog.w(LOG_TAG, "Tried to remove device policy file for user 0! Ignoring.");
2111                return;
2112            }
2113            mOwners.removeProfileOwner(userHandle);
2114            mOwners.writeProfileOwner(userHandle);
2115
2116            DevicePolicyData policy = mUserData.get(userHandle);
2117            if (policy != null) {
2118                mUserData.remove(userHandle);
2119            }
2120            File policyFile = new File(mInjector.environmentGetUserSystemDirectory(userHandle),
2121                    DEVICE_POLICIES_XML);
2122            policyFile.delete();
2123            Slog.i(LOG_TAG, "Removed device policy file " + policyFile.getAbsolutePath());
2124        }
2125        updateScreenCaptureDisabledInWindowManager(userHandle, false /* default value */);
2126    }
2127
2128    void loadOwners() {
2129        synchronized (this) {
2130            mOwners.load();
2131            setDeviceOwnerSystemPropertyLocked();
2132            findOwnerComponentIfNecessaryLocked();
2133            migrateUserRestrictionsIfNecessaryLocked();
2134            maybeSetDefaultDeviceOwnerUserRestrictionsLocked();
2135
2136            // TODO PO may not have a class name either due to b/17652534.  Address that too.
2137
2138            updateDeviceOwnerLocked();
2139        }
2140    }
2141
2142    /** Apply default restrictions that haven't been applied to device owners yet. */
2143    private void maybeSetDefaultDeviceOwnerUserRestrictionsLocked() {
2144        final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
2145        if (deviceOwner != null) {
2146            maybeSetDefaultRestrictionsForAdminLocked(mOwners.getDeviceOwnerUserId(),
2147                    deviceOwner, UserRestrictionsUtils.getDefaultEnabledForDeviceOwner());
2148        }
2149    }
2150
2151    /** Apply default restrictions that haven't been applied to profile owners yet. */
2152    private void maybeSetDefaultProfileOwnerUserRestrictions() {
2153        synchronized (this) {
2154            for (final int userId : mOwners.getProfileOwnerKeys()) {
2155                final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
2156                // The following restrictions used to be applied to managed profiles by different
2157                // means (via Settings or by disabling components). Now they are proper user
2158                // restrictions so we apply them to managed profile owners. Non-managed secondary
2159                // users didn't have those restrictions so we skip them to keep existing behavior.
2160                if (profileOwner == null || !mUserManager.isManagedProfile(userId)) {
2161                    continue;
2162                }
2163                maybeSetDefaultRestrictionsForAdminLocked(userId, profileOwner,
2164                        UserRestrictionsUtils.getDefaultEnabledForManagedProfiles());
2165                ensureUnknownSourcesRestrictionForProfileOwnerLocked(
2166                        userId, profileOwner, false /* newOwner */);
2167            }
2168        }
2169    }
2170
2171    /**
2172     * Checks whether {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES} should be added to the
2173     * set of restrictions for this profile owner.
2174     */
2175    private void ensureUnknownSourcesRestrictionForProfileOwnerLocked(int userId,
2176            ActiveAdmin profileOwner, boolean newOwner) {
2177        if (newOwner || mInjector.settingsSecureGetIntForUser(
2178                Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId) != 0) {
2179            profileOwner.ensureUserRestrictions().putBoolean(
2180                    UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true);
2181            saveUserRestrictionsLocked(userId);
2182            mInjector.settingsSecurePutIntForUser(
2183                    Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId);
2184        }
2185    }
2186
2187    /**
2188     * Apply default restrictions that haven't been applied to a given admin yet.
2189     */
2190    private void maybeSetDefaultRestrictionsForAdminLocked(
2191            int userId, ActiveAdmin admin, Set<String> defaultRestrictions) {
2192        if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) {
2193            return; // The same set of default restrictions has been already applied.
2194        }
2195        Slog.i(LOG_TAG, "New user restrictions need to be set by default for user " + userId);
2196
2197        if (VERBOSE_LOG) {
2198            Slog.d(LOG_TAG,"Default enabled restrictions: "
2199                    + defaultRestrictions
2200                    + ". Restrictions already enabled: "
2201                    + admin.defaultEnabledRestrictionsAlreadySet);
2202        }
2203
2204        final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions);
2205        restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet);
2206        if (!restrictionsToSet.isEmpty()) {
2207            for (final String restriction : restrictionsToSet) {
2208                admin.ensureUserRestrictions().putBoolean(restriction, true);
2209            }
2210            admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet);
2211            Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet);
2212            saveUserRestrictionsLocked(userId);
2213        }
2214    }
2215
2216    private void setDeviceOwnerSystemPropertyLocked() {
2217        final boolean deviceProvisioned =
2218                mInjector.settingsGlobalGetInt(Settings.Global.DEVICE_PROVISIONED, 0) != 0;
2219        final boolean hasDeviceOwner = mOwners.hasDeviceOwner();
2220        // If the device is not provisioned and there is currently no device owner, do not set the
2221        // read-only system property yet, since Device owner may still be provisioned.
2222        if (!hasDeviceOwner && !deviceProvisioned) {
2223            return;
2224        }
2225        // Still at the first stage of CryptKeeper double bounce, mOwners.hasDeviceOwner is
2226        // always false at this point.
2227        if (StorageManager.inCryptKeeperBounce()) {
2228            return;
2229        }
2230
2231        if (!mInjector.systemPropertiesGet(PROPERTY_DEVICE_OWNER_PRESENT, "").isEmpty()) {
2232            Slog.w(LOG_TAG, "Trying to set ro.device_owner, but it has already been set?");
2233        } else {
2234            final String value = Boolean.toString(hasDeviceOwner);
2235            mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, value);
2236            Slog.i(LOG_TAG, "Set ro.device_owner property to " + value);
2237
2238            if (hasDeviceOwner && mInjector.securityLogGetLoggingEnabledProperty()) {
2239                mSecurityLogMonitor.start();
2240                maybePauseDeviceWideLoggingLocked();
2241            }
2242        }
2243    }
2244
2245    private void findOwnerComponentIfNecessaryLocked() {
2246        if (!mOwners.hasDeviceOwner()) {
2247            return;
2248        }
2249        final ComponentName doComponentName = mOwners.getDeviceOwnerComponent();
2250
2251        if (!TextUtils.isEmpty(doComponentName.getClassName())) {
2252            return; // Already a full component name.
2253        }
2254
2255        final ComponentName doComponent = findAdminComponentWithPackageLocked(
2256                doComponentName.getPackageName(),
2257                mOwners.getDeviceOwnerUserId());
2258        if (doComponent == null) {
2259            Slog.e(LOG_TAG, "Device-owner isn't registered as device-admin");
2260        } else {
2261            mOwners.setDeviceOwnerWithRestrictionsMigrated(
2262                    doComponent,
2263                    mOwners.getDeviceOwnerName(),
2264                    mOwners.getDeviceOwnerUserId(),
2265                    !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration());
2266            mOwners.writeDeviceOwner();
2267            if (VERBOSE_LOG) {
2268                Log.v(LOG_TAG, "Device owner component filled in");
2269            }
2270        }
2271    }
2272
2273    /**
2274     * We didn't use to persist user restrictions for each owners but only persisted in user
2275     * manager.
2276     */
2277    private void migrateUserRestrictionsIfNecessaryLocked() {
2278        boolean migrated = false;
2279        // Migrate for the DO.  Basically all restrictions should be considered to be set by DO,
2280        // except for the "system controlled" ones.
2281        if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) {
2282            if (VERBOSE_LOG) {
2283                Log.v(LOG_TAG, "Migrating DO user restrictions");
2284            }
2285            migrated = true;
2286
2287            // Migrate user 0 restrictions to DO.
2288            final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
2289
2290            migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin,
2291                    /* exceptionList =*/ null, /* isDeviceOwner =*/ true);
2292
2293            // Push DO user restrictions to user manager.
2294            pushUserRestrictions(UserHandle.USER_SYSTEM);
2295
2296            mOwners.setDeviceOwnerUserRestrictionsMigrated();
2297        }
2298
2299        // Migrate for POs.
2300
2301        // The following restrictions can be set on secondary users by the device owner, so we
2302        // assume they're not from the PO.
2303        final Set<String> secondaryUserExceptionList = Sets.newArraySet(
2304                UserManager.DISALLOW_OUTGOING_CALLS,
2305                UserManager.DISALLOW_SMS);
2306
2307        for (UserInfo ui : mUserManager.getUsers()) {
2308            final int userId = ui.id;
2309            if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) {
2310                if (VERBOSE_LOG) {
2311                    Log.v(LOG_TAG, "Migrating PO user restrictions for user " + userId);
2312                }
2313                migrated = true;
2314
2315                final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId);
2316
2317                final Set<String> exceptionList =
2318                        (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList;
2319
2320                migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin,
2321                        exceptionList, /* isDeviceOwner =*/ false);
2322
2323                // Note if a secondary user has no PO but has a DA that disables camera, we
2324                // don't get here and won't push the camera user restriction to UserManager
2325                // here.  That's okay because we'll push user restrictions anyway when a user
2326                // starts.  But we still do it because we want to let user manager persist
2327                // upon migration.
2328                pushUserRestrictions(userId);
2329
2330                mOwners.setProfileOwnerUserRestrictionsMigrated(userId);
2331            }
2332        }
2333        if (VERBOSE_LOG && migrated) {
2334            Log.v(LOG_TAG, "User restrictions migrated.");
2335        }
2336    }
2337
2338    private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin,
2339            Set<String> exceptionList, boolean isDeviceOwner) {
2340        final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions(
2341                user.getIdentifier());
2342
2343        final Bundle newBaseRestrictions = new Bundle();
2344        final Bundle newOwnerRestrictions = new Bundle();
2345
2346        for (String key : origRestrictions.keySet()) {
2347            if (!origRestrictions.getBoolean(key)) {
2348                continue;
2349            }
2350            final boolean canOwnerChange = isDeviceOwner
2351                    ? UserRestrictionsUtils.canDeviceOwnerChange(key)
2352                    : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier());
2353
2354            if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) {
2355                newBaseRestrictions.putBoolean(key, true);
2356            } else {
2357                newOwnerRestrictions.putBoolean(key, true);
2358            }
2359        }
2360
2361        if (VERBOSE_LOG) {
2362            Log.v(LOG_TAG, "origRestrictions=" + origRestrictions);
2363            Log.v(LOG_TAG, "newBaseRestrictions=" + newBaseRestrictions);
2364            Log.v(LOG_TAG, "newOwnerRestrictions=" + newOwnerRestrictions);
2365        }
2366        mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(),
2367                newBaseRestrictions);
2368
2369        if (admin != null) {
2370            admin.ensureUserRestrictions().clear();
2371            admin.ensureUserRestrictions().putAll(newOwnerRestrictions);
2372        } else {
2373            Slog.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier());
2374        }
2375        saveSettingsLocked(user.getIdentifier());
2376    }
2377
2378    private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) {
2379        final DevicePolicyData policy = getUserData(userId);
2380        final int n = policy.mAdminList.size();
2381        ComponentName found = null;
2382        int nFound = 0;
2383        for (int i = 0; i < n; i++) {
2384            final ActiveAdmin admin = policy.mAdminList.get(i);
2385            if (packageName.equals(admin.info.getPackageName())) {
2386                // Found!
2387                if (nFound == 0) {
2388                    found = admin.info.getComponent();
2389                }
2390                nFound++;
2391            }
2392        }
2393        if (nFound > 1) {
2394            Slog.w(LOG_TAG, "Multiple DA found; assume the first one is DO.");
2395        }
2396        return found;
2397    }
2398
2399    /**
2400     * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration
2401     * reminders.  Clears alarm if no expirations are configured.
2402     */
2403    private void setExpirationAlarmCheckLocked(Context context, int userHandle, boolean parent) {
2404        final long expiration = getPasswordExpirationLocked(null, userHandle, parent);
2405        final long now = System.currentTimeMillis();
2406        final long timeToExpire = expiration - now;
2407        final long alarmTime;
2408        if (expiration == 0) {
2409            // No expirations are currently configured:  Cancel alarm.
2410            alarmTime = 0;
2411        } else if (timeToExpire <= 0) {
2412            // The password has already expired:  Repeat every 24 hours.
2413            alarmTime = now + MS_PER_DAY;
2414        } else {
2415            // Selecting the next alarm time:  Roll forward to the next 24 hour multiple before
2416            // the expiration time.
2417            long alarmInterval = timeToExpire % MS_PER_DAY;
2418            if (alarmInterval == 0) {
2419                alarmInterval = MS_PER_DAY;
2420            }
2421            alarmTime = now + alarmInterval;
2422        }
2423
2424        long token = mInjector.binderClearCallingIdentity();
2425        try {
2426            int affectedUserHandle = parent ? getProfileParentId(userHandle) : userHandle;
2427            AlarmManager am = mInjector.getAlarmManager();
2428            PendingIntent pi = PendingIntent.getBroadcastAsUser(context, REQUEST_EXPIRE_PASSWORD,
2429                    new Intent(ACTION_EXPIRED_PASSWORD_NOTIFICATION),
2430                    PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_UPDATE_CURRENT,
2431                    UserHandle.of(affectedUserHandle));
2432            am.cancel(pi);
2433            if (alarmTime != 0) {
2434                am.set(AlarmManager.RTC, alarmTime, pi);
2435            }
2436        } finally {
2437            mInjector.binderRestoreCallingIdentity(token);
2438        }
2439    }
2440
2441    ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) {
2442        ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who);
2443        if (admin != null
2444                && who.getPackageName().equals(admin.info.getActivityInfo().packageName)
2445                && who.getClassName().equals(admin.info.getActivityInfo().name)) {
2446            return admin;
2447        }
2448        return null;
2449    }
2450
2451    ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle, boolean parent) {
2452        if (parent) {
2453            enforceManagedProfile(userHandle, "call APIs on the parent profile");
2454        }
2455        ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
2456        if (admin != null && parent) {
2457            admin = admin.getParentActiveAdmin();
2458        }
2459        return admin;
2460    }
2461
2462    ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy)
2463            throws SecurityException {
2464        final int callingUid = mInjector.binderGetCallingUid();
2465
2466        ActiveAdmin result = getActiveAdminWithPolicyForUidLocked(who, reqPolicy, callingUid);
2467        if (result != null) {
2468            return result;
2469        }
2470
2471        if (who != null) {
2472            final int userId = UserHandle.getUserId(callingUid);
2473            final DevicePolicyData policy = getUserData(userId);
2474            ActiveAdmin admin = policy.mAdminMap.get(who);
2475            if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) {
2476                throw new SecurityException("Admin " + admin.info.getComponent()
2477                         + " does not own the device");
2478            }
2479            if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) {
2480                throw new SecurityException("Admin " + admin.info.getComponent()
2481                        + " does not own the profile");
2482            }
2483            throw new SecurityException("Admin " + admin.info.getComponent()
2484                    + " did not specify uses-policy for: "
2485                    + admin.info.getTagForPolicy(reqPolicy));
2486        } else {
2487            throw new SecurityException("No active admin owned by uid "
2488                    + mInjector.binderGetCallingUid() + " for policy #" + reqPolicy);
2489        }
2490    }
2491
2492    ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy, boolean parent)
2493            throws SecurityException {
2494        if (parent) {
2495            enforceManagedProfile(mInjector.userHandleGetCallingUserId(),
2496                    "call APIs on the parent profile");
2497        }
2498        ActiveAdmin admin = getActiveAdminForCallerLocked(who, reqPolicy);
2499        return parent ? admin.getParentActiveAdmin() : admin;
2500    }
2501    /**
2502     * Find the admin for the component and userId bit of the uid, then check
2503     * the admin's uid matches the uid.
2504     */
2505    private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) {
2506        final int userId = UserHandle.getUserId(uid);
2507        final DevicePolicyData policy = getUserData(userId);
2508        ActiveAdmin admin = policy.mAdminMap.get(who);
2509        if (admin == null) {
2510            throw new SecurityException("No active admin " + who);
2511        }
2512        if (admin.getUid() != uid) {
2513            throw new SecurityException("Admin " + who + " is not owned by uid " + uid);
2514        }
2515        return admin;
2516    }
2517
2518    private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy,
2519            int uid) {
2520        // Try to find an admin which can use reqPolicy
2521        final int userId = UserHandle.getUserId(uid);
2522        final DevicePolicyData policy = getUserData(userId);
2523        if (who != null) {
2524            ActiveAdmin admin = policy.mAdminMap.get(who);
2525            if (admin == null) {
2526                throw new SecurityException("No active admin " + who);
2527            }
2528            if (admin.getUid() != uid) {
2529                throw new SecurityException("Admin " + who + " is not owned by uid " + uid);
2530            }
2531            if (isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, userId)) {
2532                return admin;
2533            }
2534        } else {
2535            for (ActiveAdmin admin : policy.mAdminList) {
2536                if (admin.getUid() == uid && isActiveAdminWithPolicyForUserLocked(admin, reqPolicy,
2537                        userId)) {
2538                    return admin;
2539                }
2540            }
2541        }
2542
2543        return null;
2544    }
2545
2546    @VisibleForTesting
2547    boolean isActiveAdminWithPolicyForUserLocked(ActiveAdmin admin, int reqPolicy,
2548            int userId) {
2549        final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userId);
2550        final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userId);
2551
2552        if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) {
2553            return ownsDevice;
2554        } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) {
2555            // DO always has the PO power.
2556            return ownsDevice || ownsProfile;
2557        } else {
2558            return admin.info.usesPolicy(reqPolicy);
2559        }
2560    }
2561
2562    void sendAdminCommandLocked(ActiveAdmin admin, String action) {
2563        sendAdminCommandLocked(admin, action, null);
2564    }
2565
2566    void sendAdminCommandLocked(ActiveAdmin admin, String action, BroadcastReceiver result) {
2567        sendAdminCommandLocked(admin, action, null, result);
2568    }
2569
2570    void sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras,
2571            BroadcastReceiver result) {
2572        sendAdminCommandLocked(admin, action, adminExtras, result, false);
2573    }
2574
2575    /**
2576     * Send an update to one specific admin, get notified when that admin returns a result.
2577     *
2578     * @return whether the broadcast was successfully sent
2579     */
2580    boolean sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras,
2581            BroadcastReceiver result, boolean inForeground) {
2582        Intent intent = new Intent(action);
2583        intent.setComponent(admin.info.getComponent());
2584        if (UserManager.isDeviceInDemoMode(mContext)) {
2585            intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
2586        }
2587        if (action.equals(DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING)) {
2588            intent.putExtra("expiration", admin.passwordExpirationDate);
2589        }
2590        if (inForeground) {
2591            intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
2592        }
2593        if (adminExtras != null) {
2594            intent.putExtras(adminExtras);
2595        }
2596        if (mInjector.getPackageManager().queryBroadcastReceiversAsUser(
2597                intent,
2598                PackageManager.MATCH_DEBUG_TRIAGED_MISSING,
2599                admin.getUserHandle()).isEmpty()) {
2600            return false;
2601        }
2602        if (result != null) {
2603            mContext.sendOrderedBroadcastAsUser(intent, admin.getUserHandle(),
2604                    null, result, mHandler, Activity.RESULT_OK, null, null);
2605        } else {
2606            mContext.sendBroadcastAsUser(intent, admin.getUserHandle());
2607        }
2608        return true;
2609    }
2610
2611    /**
2612     * Send an update to all admins of a user that enforce a specified policy.
2613     */
2614    void sendAdminCommandLocked(String action, int reqPolicy, int userHandle, Bundle adminExtras) {
2615        final DevicePolicyData policy = getUserData(userHandle);
2616        final int count = policy.mAdminList.size();
2617        for (int i = 0; i < count; i++) {
2618            final ActiveAdmin admin = policy.mAdminList.get(i);
2619            if (admin.info.usesPolicy(reqPolicy)) {
2620                sendAdminCommandLocked(admin, action, adminExtras, null);
2621            }
2622        }
2623    }
2624
2625    /**
2626     * Send an update intent to all admins of a user and its profiles. Only send to admins that
2627     * enforce a specified policy.
2628     */
2629    private void sendAdminCommandToSelfAndProfilesLocked(String action, int reqPolicy,
2630            int userHandle, Bundle adminExtras) {
2631        int[] profileIds = mUserManager.getProfileIdsWithDisabled(userHandle);
2632        for (int profileId : profileIds) {
2633            sendAdminCommandLocked(action, reqPolicy, profileId, adminExtras);
2634        }
2635    }
2636
2637    /**
2638     * Sends a broadcast to each profile that share the password unlock with the given user id.
2639     */
2640    private void sendAdminCommandForLockscreenPoliciesLocked(
2641            String action, int reqPolicy, int userHandle) {
2642        final Bundle extras = new Bundle();
2643        extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle));
2644        if (isSeparateProfileChallengeEnabled(userHandle)) {
2645            sendAdminCommandLocked(action, reqPolicy, userHandle, extras);
2646        } else {
2647            sendAdminCommandToSelfAndProfilesLocked(action, reqPolicy, userHandle, extras);
2648        }
2649    }
2650
2651    void removeActiveAdminLocked(final ComponentName adminReceiver, final int userHandle) {
2652        final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
2653        DevicePolicyData policy = getUserData(userHandle);
2654        if (admin != null && !policy.mRemovingAdmins.contains(adminReceiver)) {
2655            policy.mRemovingAdmins.add(adminReceiver);
2656            sendAdminCommandLocked(admin,
2657                    DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED,
2658                    new BroadcastReceiver() {
2659                        @Override
2660                        public void onReceive(Context context, Intent intent) {
2661                            removeAdminArtifacts(adminReceiver, userHandle);
2662                            removePackageIfRequired(adminReceiver.getPackageName(), userHandle);
2663                        }
2664                    });
2665        }
2666    }
2667
2668
2669    public DeviceAdminInfo findAdmin(ComponentName adminName, int userHandle,
2670            boolean throwForMissingPermission) {
2671        if (!mHasFeature) {
2672            return null;
2673        }
2674        enforceFullCrossUsersPermission(userHandle);
2675        ActivityInfo ai = null;
2676        try {
2677            ai = mIPackageManager.getReceiverInfo(adminName,
2678                    PackageManager.GET_META_DATA |
2679                    PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS |
2680                    PackageManager.MATCH_DIRECT_BOOT_AWARE |
2681                    PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle);
2682        } catch (RemoteException e) {
2683            // shouldn't happen.
2684        }
2685        if (ai == null) {
2686            throw new IllegalArgumentException("Unknown admin: " + adminName);
2687        }
2688
2689        if (!permission.BIND_DEVICE_ADMIN.equals(ai.permission)) {
2690            final String message = "DeviceAdminReceiver " + adminName + " must be protected with "
2691                    + permission.BIND_DEVICE_ADMIN;
2692            Slog.w(LOG_TAG, message);
2693            if (throwForMissingPermission &&
2694                    ai.applicationInfo.targetSdkVersion > Build.VERSION_CODES.M) {
2695                throw new IllegalArgumentException(message);
2696            }
2697        }
2698
2699        try {
2700            return new DeviceAdminInfo(mContext, ai);
2701        } catch (XmlPullParserException | IOException e) {
2702            Slog.w(LOG_TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName,
2703                    e);
2704            return null;
2705        }
2706    }
2707
2708    private File getPolicyFileDirectory(@UserIdInt int userId) {
2709        return userId == UserHandle.USER_SYSTEM
2710                ? new File(mInjector.getDevicePolicyFilePathForSystemUser())
2711                : mInjector.environmentGetUserSystemDirectory(userId);
2712    }
2713
2714    private JournaledFile makeJournaledFile(@UserIdInt int userId) {
2715        final String base = new File(getPolicyFileDirectory(userId), DEVICE_POLICIES_XML)
2716                .getAbsolutePath();
2717        if (VERBOSE_LOG) {
2718            Log.v(LOG_TAG, "Opening " + base);
2719        }
2720        return new JournaledFile(new File(base), new File(base + ".tmp"));
2721    }
2722
2723    private void saveSettingsLocked(int userHandle) {
2724        DevicePolicyData policy = getUserData(userHandle);
2725        JournaledFile journal = makeJournaledFile(userHandle);
2726        FileOutputStream stream = null;
2727        try {
2728            stream = new FileOutputStream(journal.chooseForWrite(), false);
2729            XmlSerializer out = new FastXmlSerializer();
2730            out.setOutput(stream, StandardCharsets.UTF_8.name());
2731            out.startDocument(null, true);
2732
2733            out.startTag(null, "policies");
2734            if (policy.mRestrictionsProvider != null) {
2735                out.attribute(null, ATTR_PERMISSION_PROVIDER,
2736                        policy.mRestrictionsProvider.flattenToString());
2737            }
2738            if (policy.mUserSetupComplete) {
2739                out.attribute(null, ATTR_SETUP_COMPLETE,
2740                        Boolean.toString(true));
2741            }
2742            if (policy.mPaired) {
2743                out.attribute(null, ATTR_DEVICE_PAIRED,
2744                        Boolean.toString(true));
2745            }
2746            if (policy.mDeviceProvisioningConfigApplied) {
2747                out.attribute(null, ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED,
2748                        Boolean.toString(true));
2749            }
2750            if (policy.mUserProvisioningState != DevicePolicyManager.STATE_USER_UNMANAGED) {
2751                out.attribute(null, ATTR_PROVISIONING_STATE,
2752                        Integer.toString(policy.mUserProvisioningState));
2753            }
2754            if (policy.mPermissionPolicy != DevicePolicyManager.PERMISSION_POLICY_PROMPT) {
2755                out.attribute(null, ATTR_PERMISSION_POLICY,
2756                        Integer.toString(policy.mPermissionPolicy));
2757            }
2758
2759            // Serialize delegations.
2760            for (int i = 0; i < policy.mDelegationMap.size(); ++i) {
2761                final String delegatePackage = policy.mDelegationMap.keyAt(i);
2762                final List<String> scopes = policy.mDelegationMap.valueAt(i);
2763
2764                // Every "delegation" tag serializes the information of one delegate-scope pair.
2765                for (String scope : scopes) {
2766                    out.startTag(null, "delegation");
2767                    out.attribute(null, "delegatePackage", delegatePackage);
2768                    out.attribute(null, "scope", scope);
2769                    out.endTag(null, "delegation");
2770                }
2771            }
2772
2773            final int N = policy.mAdminList.size();
2774            for (int i=0; i<N; i++) {
2775                ActiveAdmin ap = policy.mAdminList.get(i);
2776                if (ap != null) {
2777                    out.startTag(null, "admin");
2778                    out.attribute(null, "name", ap.info.getComponent().flattenToString());
2779                    ap.writeToXml(out);
2780                    out.endTag(null, "admin");
2781                }
2782            }
2783
2784            if (policy.mPasswordOwner >= 0) {
2785                out.startTag(null, "password-owner");
2786                out.attribute(null, "value", Integer.toString(policy.mPasswordOwner));
2787                out.endTag(null, "password-owner");
2788            }
2789
2790            if (policy.mFailedPasswordAttempts != 0) {
2791                out.startTag(null, "failed-password-attempts");
2792                out.attribute(null, "value", Integer.toString(policy.mFailedPasswordAttempts));
2793                out.endTag(null, "failed-password-attempts");
2794            }
2795
2796            // For FDE devices only, we save this flag so we can report on password sufficiency
2797            // before the user enters their password for the first time after a reboot.  For
2798            // security reasons, we don't want to store the full set of active password metrics.
2799            if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
2800                out.startTag(null, TAG_PASSWORD_VALIDITY);
2801                out.attribute(null, ATTR_VALUE,
2802                        Boolean.toString(policy.mPasswordValidAtLastCheckpoint));
2803                out.endTag(null, TAG_PASSWORD_VALIDITY);
2804            }
2805
2806            for (int i = 0; i < policy.mAcceptedCaCertificates.size(); i++) {
2807                out.startTag(null, TAG_ACCEPTED_CA_CERTIFICATES);
2808                out.attribute(null, ATTR_NAME, policy.mAcceptedCaCertificates.valueAt(i));
2809                out.endTag(null, TAG_ACCEPTED_CA_CERTIFICATES);
2810            }
2811
2812            for (int i=0; i<policy.mLockTaskPackages.size(); i++) {
2813                String component = policy.mLockTaskPackages.get(i);
2814                out.startTag(null, TAG_LOCK_TASK_COMPONENTS);
2815                out.attribute(null, "name", component);
2816                out.endTag(null, TAG_LOCK_TASK_COMPONENTS);
2817            }
2818
2819            if (policy.mLockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE) {
2820                out.startTag(null, TAG_LOCK_TASK_FEATURES);
2821                out.attribute(null, ATTR_VALUE, Integer.toString(policy.mLockTaskFeatures));
2822                out.endTag(null, TAG_LOCK_TASK_FEATURES);
2823            }
2824
2825            if (policy.mStatusBarDisabled) {
2826                out.startTag(null, TAG_STATUS_BAR);
2827                out.attribute(null, ATTR_DISABLED, Boolean.toString(policy.mStatusBarDisabled));
2828                out.endTag(null, TAG_STATUS_BAR);
2829            }
2830
2831            if (policy.doNotAskCredentialsOnBoot) {
2832                out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
2833                out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
2834            }
2835
2836            for (String id : policy.mAffiliationIds) {
2837                out.startTag(null, TAG_AFFILIATION_ID);
2838                out.attribute(null, ATTR_ID, id);
2839                out.endTag(null, TAG_AFFILIATION_ID);
2840            }
2841
2842            if (policy.mLastSecurityLogRetrievalTime >= 0) {
2843                out.startTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL);
2844                out.attribute(null, ATTR_VALUE,
2845                        Long.toString(policy.mLastSecurityLogRetrievalTime));
2846                out.endTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL);
2847            }
2848
2849            if (policy.mLastBugReportRequestTime >= 0) {
2850                out.startTag(null, TAG_LAST_BUG_REPORT_REQUEST);
2851                out.attribute(null, ATTR_VALUE,
2852                        Long.toString(policy.mLastBugReportRequestTime));
2853                out.endTag(null, TAG_LAST_BUG_REPORT_REQUEST);
2854            }
2855
2856            if (policy.mLastNetworkLogsRetrievalTime >= 0) {
2857                out.startTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL);
2858                out.attribute(null, ATTR_VALUE,
2859                        Long.toString(policy.mLastNetworkLogsRetrievalTime));
2860                out.endTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL);
2861            }
2862
2863            if (policy.mAdminBroadcastPending) {
2864                out.startTag(null, TAG_ADMIN_BROADCAST_PENDING);
2865                out.attribute(null, ATTR_VALUE,
2866                        Boolean.toString(policy.mAdminBroadcastPending));
2867                out.endTag(null, TAG_ADMIN_BROADCAST_PENDING);
2868            }
2869
2870            if (policy.mInitBundle != null) {
2871                out.startTag(null, TAG_INITIALIZATION_BUNDLE);
2872                policy.mInitBundle.saveToXml(out);
2873                out.endTag(null, TAG_INITIALIZATION_BUNDLE);
2874            }
2875
2876            if (policy.mPasswordTokenHandle != 0) {
2877                out.startTag(null, TAG_PASSWORD_TOKEN_HANDLE);
2878                out.attribute(null, ATTR_VALUE,
2879                        Long.toString(policy.mPasswordTokenHandle));
2880                out.endTag(null, TAG_PASSWORD_TOKEN_HANDLE);
2881            }
2882
2883            if (policy.mCurrentInputMethodSet) {
2884                out.startTag(null, TAG_CURRENT_INPUT_METHOD_SET);
2885                out.endTag(null, TAG_CURRENT_INPUT_METHOD_SET);
2886            }
2887
2888            if (!policy.mPrintingEnabled) {
2889                out.startTag(null, TAG_PRINTING_ENABLED);
2890                out.attribute(null, ATTR_VALUE, Boolean.toString(policy.mPrintingEnabled));
2891                out.endTag(null, TAG_PRINTING_ENABLED);
2892            }
2893
2894            for (final String cert : policy.mOwnerInstalledCaCerts) {
2895                out.startTag(null, TAG_OWNER_INSTALLED_CA_CERT);
2896                out.attribute(null, ATTR_ALIAS, cert);
2897                out.endTag(null, TAG_OWNER_INSTALLED_CA_CERT);
2898            }
2899
2900            out.endTag(null, "policies");
2901
2902            out.endDocument();
2903            stream.flush();
2904            FileUtils.sync(stream);
2905            stream.close();
2906            journal.commit();
2907            sendChangedNotification(userHandle);
2908        } catch (XmlPullParserException | IOException e) {
2909            Slog.w(LOG_TAG, "failed writing file", e);
2910            try {
2911                if (stream != null) {
2912                    stream.close();
2913                }
2914            } catch (IOException ex) {
2915                // Ignore
2916            }
2917            journal.rollback();
2918        }
2919    }
2920
2921    private void sendChangedNotification(int userHandle) {
2922        Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);
2923        intent.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
2924        long ident = mInjector.binderClearCallingIdentity();
2925        try {
2926            mContext.sendBroadcastAsUser(intent, new UserHandle(userHandle));
2927        } finally {
2928            mInjector.binderRestoreCallingIdentity(ident);
2929        }
2930    }
2931
2932    private void loadSettingsLocked(DevicePolicyData policy, int userHandle) {
2933        JournaledFile journal = makeJournaledFile(userHandle);
2934        FileInputStream stream = null;
2935        File file = journal.chooseForRead();
2936        boolean needsRewrite = false;
2937        try {
2938            stream = new FileInputStream(file);
2939            XmlPullParser parser = Xml.newPullParser();
2940            parser.setInput(stream, StandardCharsets.UTF_8.name());
2941
2942            int type;
2943            while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
2944                    && type != XmlPullParser.START_TAG) {
2945            }
2946            String tag = parser.getName();
2947            if (!"policies".equals(tag)) {
2948                throw new XmlPullParserException(
2949                        "Settings do not start with policies tag: found " + tag);
2950            }
2951
2952            // Extract the permission provider component name if available
2953            String permissionProvider = parser.getAttributeValue(null, ATTR_PERMISSION_PROVIDER);
2954            if (permissionProvider != null) {
2955                policy.mRestrictionsProvider = ComponentName.unflattenFromString(permissionProvider);
2956            }
2957            String userSetupComplete = parser.getAttributeValue(null, ATTR_SETUP_COMPLETE);
2958            if (userSetupComplete != null && Boolean.toString(true).equals(userSetupComplete)) {
2959                policy.mUserSetupComplete = true;
2960            }
2961            String paired = parser.getAttributeValue(null, ATTR_DEVICE_PAIRED);
2962            if (paired != null && Boolean.toString(true).equals(paired)) {
2963                policy.mPaired = true;
2964            }
2965            String deviceProvisioningConfigApplied = parser.getAttributeValue(null,
2966                    ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED);
2967            if (deviceProvisioningConfigApplied != null
2968                    && Boolean.toString(true).equals(deviceProvisioningConfigApplied)) {
2969                policy.mDeviceProvisioningConfigApplied = true;
2970            }
2971            String provisioningState = parser.getAttributeValue(null, ATTR_PROVISIONING_STATE);
2972            if (!TextUtils.isEmpty(provisioningState)) {
2973                policy.mUserProvisioningState = Integer.parseInt(provisioningState);
2974            }
2975            String permissionPolicy = parser.getAttributeValue(null, ATTR_PERMISSION_POLICY);
2976            if (!TextUtils.isEmpty(permissionPolicy)) {
2977                policy.mPermissionPolicy = Integer.parseInt(permissionPolicy);
2978            }
2979            // Check for delegation compatibility with pre-O.
2980            // TODO(edmanp) remove in P.
2981            {
2982                final String certDelegate = parser.getAttributeValue(null,
2983                        ATTR_DELEGATED_CERT_INSTALLER);
2984                if (certDelegate != null) {
2985                    List<String> scopes = policy.mDelegationMap.get(certDelegate);
2986                    if (scopes == null) {
2987                        scopes = new ArrayList<>();
2988                        policy.mDelegationMap.put(certDelegate, scopes);
2989                    }
2990                    if (!scopes.contains(DELEGATION_CERT_INSTALL)) {
2991                        scopes.add(DELEGATION_CERT_INSTALL);
2992                        needsRewrite = true;
2993                    }
2994                }
2995                final String appRestrictionsDelegate = parser.getAttributeValue(null,
2996                        ATTR_APPLICATION_RESTRICTIONS_MANAGER);
2997                if (appRestrictionsDelegate != null) {
2998                    List<String> scopes = policy.mDelegationMap.get(appRestrictionsDelegate);
2999                    if (scopes == null) {
3000                        scopes = new ArrayList<>();
3001                        policy.mDelegationMap.put(appRestrictionsDelegate, scopes);
3002                    }
3003                    if (!scopes.contains(DELEGATION_APP_RESTRICTIONS)) {
3004                        scopes.add(DELEGATION_APP_RESTRICTIONS);
3005                        needsRewrite = true;
3006                    }
3007                }
3008            }
3009
3010            type = parser.next();
3011            int outerDepth = parser.getDepth();
3012            policy.mLockTaskPackages.clear();
3013            policy.mAdminList.clear();
3014            policy.mAdminMap.clear();
3015            policy.mAffiliationIds.clear();
3016            policy.mOwnerInstalledCaCerts.clear();
3017            while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
3018                   && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
3019                if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
3020                    continue;
3021                }
3022                tag = parser.getName();
3023                if ("admin".equals(tag)) {
3024                    String name = parser.getAttributeValue(null, "name");
3025                    try {
3026                        DeviceAdminInfo dai = findAdmin(
3027                                ComponentName.unflattenFromString(name), userHandle,
3028                                /* throwForMissingPermission= */ false);
3029                        if (VERBOSE_LOG
3030                                && (UserHandle.getUserId(dai.getActivityInfo().applicationInfo.uid)
3031                                != userHandle)) {
3032                            Slog.w(LOG_TAG, "findAdmin returned an incorrect uid "
3033                                    + dai.getActivityInfo().applicationInfo.uid + " for user "
3034                                    + userHandle);
3035                        }
3036                        if (dai != null) {
3037                            ActiveAdmin ap = new ActiveAdmin(dai, /* parent */ false);
3038                            ap.readFromXml(parser);
3039                            policy.mAdminMap.put(ap.info.getComponent(), ap);
3040                        }
3041                    } catch (RuntimeException e) {
3042                        Slog.w(LOG_TAG, "Failed loading admin " + name, e);
3043                    }
3044                } else if ("delegation".equals(tag)) {
3045                    // Parse delegation info.
3046                    final String delegatePackage = parser.getAttributeValue(null,
3047                            "delegatePackage");
3048                    final String scope = parser.getAttributeValue(null, "scope");
3049
3050                    // Get a reference to the scopes list for the delegatePackage.
3051                    List<String> scopes = policy.mDelegationMap.get(delegatePackage);
3052                    // Or make a new list if none was found.
3053                    if (scopes == null) {
3054                        scopes = new ArrayList<>();
3055                        policy.mDelegationMap.put(delegatePackage, scopes);
3056                    }
3057                    // Add the new scope to the list of delegatePackage if it's not already there.
3058                    if (!scopes.contains(scope)) {
3059                        scopes.add(scope);
3060                    }
3061                } else if ("failed-password-attempts".equals(tag)) {
3062                    policy.mFailedPasswordAttempts = Integer.parseInt(
3063                            parser.getAttributeValue(null, "value"));
3064                } else if ("password-owner".equals(tag)) {
3065                    policy.mPasswordOwner = Integer.parseInt(
3066                            parser.getAttributeValue(null, "value"));
3067                } else if (TAG_ACCEPTED_CA_CERTIFICATES.equals(tag)) {
3068                    policy.mAcceptedCaCertificates.add(parser.getAttributeValue(null, ATTR_NAME));
3069                } else if (TAG_LOCK_TASK_COMPONENTS.equals(tag)) {
3070                    policy.mLockTaskPackages.add(parser.getAttributeValue(null, "name"));
3071                } else if (TAG_LOCK_TASK_FEATURES.equals(tag)) {
3072                    policy.mLockTaskFeatures = Integer.parseInt(
3073                            parser.getAttributeValue(null, ATTR_VALUE));
3074                } else if (TAG_STATUS_BAR.equals(tag)) {
3075                    policy.mStatusBarDisabled = Boolean.parseBoolean(
3076                            parser.getAttributeValue(null, ATTR_DISABLED));
3077                } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) {
3078                    policy.doNotAskCredentialsOnBoot = true;
3079                } else if (TAG_AFFILIATION_ID.equals(tag)) {
3080                    policy.mAffiliationIds.add(parser.getAttributeValue(null, ATTR_ID));
3081                } else if (TAG_LAST_SECURITY_LOG_RETRIEVAL.equals(tag)) {
3082                    policy.mLastSecurityLogRetrievalTime = Long.parseLong(
3083                            parser.getAttributeValue(null, ATTR_VALUE));
3084                } else if (TAG_LAST_BUG_REPORT_REQUEST.equals(tag)) {
3085                    policy.mLastBugReportRequestTime = Long.parseLong(
3086                            parser.getAttributeValue(null, ATTR_VALUE));
3087                } else if (TAG_LAST_NETWORK_LOG_RETRIEVAL.equals(tag)) {
3088                    policy.mLastNetworkLogsRetrievalTime = Long.parseLong(
3089                            parser.getAttributeValue(null, ATTR_VALUE));
3090                } else if (TAG_ADMIN_BROADCAST_PENDING.equals(tag)) {
3091                    String pending = parser.getAttributeValue(null, ATTR_VALUE);
3092                    policy.mAdminBroadcastPending = Boolean.toString(true).equals(pending);
3093                } else if (TAG_INITIALIZATION_BUNDLE.equals(tag)) {
3094                    policy.mInitBundle = PersistableBundle.restoreFromXml(parser);
3095                } else if ("active-password".equals(tag)) {
3096                    // Remove password metrics from saved settings, as we no longer wish to store
3097                    // these on disk
3098                    needsRewrite = true;
3099                } else if (TAG_PASSWORD_VALIDITY.equals(tag)) {
3100                    if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
3101                        // This flag is only used for FDE devices
3102                        policy.mPasswordValidAtLastCheckpoint = Boolean.parseBoolean(
3103                                parser.getAttributeValue(null, ATTR_VALUE));
3104                    }
3105                } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) {
3106                    policy.mPasswordTokenHandle = Long.parseLong(
3107                            parser.getAttributeValue(null, ATTR_VALUE));
3108                } else if (TAG_CURRENT_INPUT_METHOD_SET.equals(tag)) {
3109                    policy.mCurrentInputMethodSet = true;
3110                } else if (TAG_OWNER_INSTALLED_CA_CERT.equals(tag)) {
3111                    policy.mOwnerInstalledCaCerts.add(parser.getAttributeValue(null, ATTR_ALIAS));
3112                } else if (TAG_PRINTING_ENABLED.equals(tag)) {
3113                    String enabled = parser.getAttributeValue(null, ATTR_VALUE);
3114                    policy.mPrintingEnabled = Boolean.toString(true).equals(enabled);
3115                } else {
3116                    Slog.w(LOG_TAG, "Unknown tag: " + tag);
3117                    XmlUtils.skipCurrentTag(parser);
3118                }
3119            }
3120        } catch (FileNotFoundException e) {
3121            // Don't be noisy, this is normal if we haven't defined any policies.
3122        } catch (NullPointerException | NumberFormatException | XmlPullParserException | IOException
3123                | IndexOutOfBoundsException e) {
3124            Slog.w(LOG_TAG, "failed parsing " + file, e);
3125        }
3126        try {
3127            if (stream != null) {
3128                stream.close();
3129            }
3130        } catch (IOException e) {
3131            // Ignore
3132        }
3133
3134        // Generate a list of admins from the admin map
3135        policy.mAdminList.addAll(policy.mAdminMap.values());
3136
3137        // Might need to upgrade the file by rewriting it
3138        if (needsRewrite) {
3139            saveSettingsLocked(userHandle);
3140        }
3141
3142        validatePasswordOwnerLocked(policy);
3143        updateMaximumTimeToLockLocked(userHandle);
3144        updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle);
3145        updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle);
3146        if (policy.mStatusBarDisabled) {
3147            setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle);
3148        }
3149    }
3150
3151    private void updateLockTaskPackagesLocked(List<String> packages, int userId) {
3152        long ident = mInjector.binderClearCallingIdentity();
3153        try {
3154            mInjector.getIActivityManager()
3155                    .updateLockTaskPackages(userId, packages.toArray(new String[packages.size()]));
3156        } catch (RemoteException e) {
3157            // Not gonna happen.
3158        } finally {
3159            mInjector.binderRestoreCallingIdentity(ident);
3160        }
3161    }
3162
3163    private void updateLockTaskFeaturesLocked(int flags, int userId) {
3164        long ident = mInjector.binderClearCallingIdentity();
3165        try {
3166            mInjector.getIActivityManager()
3167                    .updateLockTaskFeatures(userId, flags);
3168        } catch (RemoteException e) {
3169            // Not gonna happen.
3170        } finally {
3171            mInjector.binderRestoreCallingIdentity(ident);
3172        }
3173    }
3174
3175    private void updateDeviceOwnerLocked() {
3176        long ident = mInjector.binderClearCallingIdentity();
3177        try {
3178            // TODO This is to prevent DO from getting "clear data"ed, but it should also check the
3179            // user id and also protect all other DAs too.
3180            final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
3181            if (deviceOwnerComponent != null) {
3182                mInjector.getIActivityManager()
3183                        .updateDeviceOwner(deviceOwnerComponent.getPackageName());
3184            }
3185        } catch (RemoteException e) {
3186            // Not gonna happen.
3187        } finally {
3188            mInjector.binderRestoreCallingIdentity(ident);
3189        }
3190    }
3191
3192    static void validateQualityConstant(int quality) {
3193        switch (quality) {
3194            case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED:
3195            case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK:
3196            case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
3197            case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
3198            case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
3199            case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC:
3200            case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
3201            case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
3202            case DevicePolicyManager.PASSWORD_QUALITY_MANAGED:
3203                return;
3204        }
3205        throw new IllegalArgumentException("Invalid quality constant: 0x"
3206                + Integer.toHexString(quality));
3207    }
3208
3209    void validatePasswordOwnerLocked(DevicePolicyData policy) {
3210        if (policy.mPasswordOwner >= 0) {
3211            boolean haveOwner = false;
3212            for (int i = policy.mAdminList.size() - 1; i >= 0; i--) {
3213                if (policy.mAdminList.get(i).getUid() == policy.mPasswordOwner) {
3214                    haveOwner = true;
3215                    break;
3216                }
3217            }
3218            if (!haveOwner) {
3219                Slog.w(LOG_TAG, "Previous password owner " + policy.mPasswordOwner
3220                        + " no longer active; disabling");
3221                policy.mPasswordOwner = -1;
3222            }
3223        }
3224    }
3225
3226    @VisibleForTesting
3227    @Override
3228    void systemReady(int phase) {
3229        if (!mHasFeature) {
3230            return;
3231        }
3232        switch (phase) {
3233            case SystemService.PHASE_LOCK_SETTINGS_READY:
3234                onLockSettingsReady();
3235                break;
3236            case SystemService.PHASE_BOOT_COMPLETED:
3237                ensureDeviceOwnerUserStarted(); // TODO Consider better place to do this.
3238                break;
3239        }
3240    }
3241
3242    private void onLockSettingsReady() {
3243        getUserData(UserHandle.USER_SYSTEM);
3244        loadOwners();
3245        cleanUpOldUsers();
3246        maybeSetDefaultProfileOwnerUserRestrictions();
3247        handleStartUser(UserHandle.USER_SYSTEM);
3248
3249        // Register an observer for watching for user setup complete and settings changes.
3250        mSetupContentObserver.register();
3251        // Initialize the user setup state, to handle the upgrade case.
3252        updateUserSetupCompleteAndPaired();
3253
3254        List<String> packageList;
3255        synchronized (this) {
3256            packageList = getKeepUninstalledPackagesLocked();
3257        }
3258        if (packageList != null) {
3259            mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList);
3260        }
3261
3262        synchronized (this) {
3263            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
3264            if (deviceOwner != null) {
3265                // Push the force-ephemeral-users policy to the user manager.
3266                mUserManagerInternal.setForceEphemeralUsers(deviceOwner.forceEphemeralUsers);
3267
3268                // Update user switcher message to activity manager.
3269                ActivityManagerInternal activityManagerInternal =
3270                        mInjector.getActivityManagerInternal();
3271                activityManagerInternal.setSwitchingFromSystemUserMessage(
3272                        deviceOwner.startUserSessionMessage);
3273                activityManagerInternal.setSwitchingToSystemUserMessage(
3274                        deviceOwner.endUserSessionMessage);
3275            }
3276        }
3277    }
3278
3279    private void ensureDeviceOwnerUserStarted() {
3280        final int userId;
3281        synchronized (this) {
3282            if (!mOwners.hasDeviceOwner()) {
3283                return;
3284            }
3285            userId = mOwners.getDeviceOwnerUserId();
3286        }
3287        if (VERBOSE_LOG) {
3288            Log.v(LOG_TAG, "Starting non-system DO user: " + userId);
3289        }
3290        if (userId != UserHandle.USER_SYSTEM) {
3291            try {
3292                mInjector.getIActivityManager().startUserInBackground(userId);
3293
3294                // STOPSHIP Prevent the DO user from being killed.
3295
3296            } catch (RemoteException e) {
3297                Slog.w(LOG_TAG, "Exception starting user", e);
3298            }
3299        }
3300    }
3301
3302    @Override
3303    void handleStart() {
3304        pushActiveAdminPackages();
3305    }
3306
3307    @Override
3308    void handleStartUser(int userId) {
3309        updateScreenCaptureDisabledInWindowManager(userId,
3310                getScreenCaptureDisabled(null, userId));
3311        pushUserRestrictions(userId);
3312
3313        startOwnerService(userId, "start-user");
3314    }
3315
3316    @Override
3317    void handleUnlockUser(int userId) {
3318        startOwnerService(userId, "unlock-user");
3319    }
3320
3321    @Override
3322    void handleStopUser(int userId) {
3323        stopOwnerService(userId, "stop-user");
3324    }
3325
3326    private void startOwnerService(int userId, String actionForLog) {
3327        final ComponentName owner = getOwnerComponent(userId);
3328        if (owner != null) {
3329            mDeviceAdminServiceController.startServiceForOwner(
3330                    owner.getPackageName(), userId, actionForLog);
3331        }
3332    }
3333
3334    private void stopOwnerService(int userId, String actionForLog) {
3335        mDeviceAdminServiceController.stopServiceForOwner(userId, actionForLog);
3336    }
3337
3338    private void cleanUpOldUsers() {
3339        // This is needed in case the broadcast {@link Intent.ACTION_USER_REMOVED} was not handled
3340        // before reboot
3341        Set<Integer> usersWithProfileOwners;
3342        Set<Integer> usersWithData;
3343        synchronized(this) {
3344            usersWithProfileOwners = mOwners.getProfileOwnerKeys();
3345            usersWithData = new ArraySet<>();
3346            for (int i = 0; i < mUserData.size(); i++) {
3347                usersWithData.add(mUserData.keyAt(i));
3348            }
3349        }
3350        List<UserInfo> allUsers = mUserManager.getUsers();
3351
3352        Set<Integer> deletedUsers = new ArraySet<>();
3353        deletedUsers.addAll(usersWithProfileOwners);
3354        deletedUsers.addAll(usersWithData);
3355        for (UserInfo userInfo : allUsers) {
3356            deletedUsers.remove(userInfo.id);
3357        }
3358        for (Integer userId : deletedUsers) {
3359            removeUserData(userId);
3360        }
3361    }
3362
3363    private void handlePasswordExpirationNotification(int userHandle) {
3364        final Bundle adminExtras = new Bundle();
3365        adminExtras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle));
3366
3367        synchronized (this) {
3368            final long now = System.currentTimeMillis();
3369
3370            List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(
3371                    userHandle, /* parent */ false);
3372            final int N = admins.size();
3373            for (int i = 0; i < N; i++) {
3374                ActiveAdmin admin = admins.get(i);
3375                if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)
3376                        && admin.passwordExpirationTimeout > 0L
3377                        && now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS
3378                        && admin.passwordExpirationDate > 0L) {
3379                    sendAdminCommandLocked(admin,
3380                            DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING, adminExtras, null);
3381                }
3382            }
3383            setExpirationAlarmCheckLocked(mContext, userHandle, /* parent */ false);
3384        }
3385    }
3386
3387    /**
3388     * Clean up internal state when the set of installed trusted CA certificates changes.
3389     *
3390     * @param userHandle user to check for. This must be a real user and not, for example,
3391     *        {@link UserHandle#ALL}.
3392     * @param installedCertificates the full set of certificate authorities currently installed for
3393     *        {@param userHandle}. After calling this function, {@code mAcceptedCaCertificates} will
3394     *        correspond to some subset of this.
3395     */
3396    protected void onInstalledCertificatesChanged(final UserHandle userHandle,
3397            final @NonNull Collection<String> installedCertificates) {
3398        if (!mHasFeature) {
3399            return;
3400        }
3401        enforceManageUsers();
3402
3403        synchronized (this) {
3404            final DevicePolicyData policy = getUserData(userHandle.getIdentifier());
3405
3406            boolean changed = false;
3407            changed |= policy.mAcceptedCaCertificates.retainAll(installedCertificates);
3408            changed |= policy.mOwnerInstalledCaCerts.retainAll(installedCertificates);
3409            if (changed) {
3410                saveSettingsLocked(userHandle.getIdentifier());
3411            }
3412        }
3413    }
3414
3415    /**
3416     * Internal method used by {@link CertificateMonitor}.
3417     */
3418    protected Set<String> getAcceptedCaCertificates(final UserHandle userHandle) {
3419        if (!mHasFeature) {
3420            return Collections.<String> emptySet();
3421        }
3422        synchronized (this) {
3423            final DevicePolicyData policy = getUserData(userHandle.getIdentifier());
3424            return policy.mAcceptedCaCertificates;
3425        }
3426    }
3427
3428    /**
3429     * @param adminReceiver The admin to add
3430     * @param refreshing true = update an active admin, no error
3431     */
3432    @Override
3433    public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) {
3434        if (!mHasFeature) {
3435            return;
3436        }
3437        setActiveAdmin(adminReceiver, refreshing, userHandle, null);
3438    }
3439
3440    private void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle,
3441            Bundle onEnableData) {
3442        mContext.enforceCallingOrSelfPermission(
3443                android.Manifest.permission.MANAGE_DEVICE_ADMINS, null);
3444        enforceFullCrossUsersPermission(userHandle);
3445
3446        DevicePolicyData policy = getUserData(userHandle);
3447        DeviceAdminInfo info = findAdmin(adminReceiver, userHandle,
3448                /* throwForMissingPermission= */ true);
3449        synchronized (this) {
3450            checkActiveAdminPrecondition(adminReceiver, info, policy);
3451            long ident = mInjector.binderClearCallingIdentity();
3452            try {
3453                final ActiveAdmin existingAdmin
3454                        = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
3455                if (!refreshing && existingAdmin != null) {
3456                    throw new IllegalArgumentException("Admin is already added");
3457                }
3458                ActiveAdmin newAdmin = new ActiveAdmin(info, /* parent */ false);
3459                newAdmin.testOnlyAdmin =
3460                        (existingAdmin != null) ? existingAdmin.testOnlyAdmin
3461                                : isPackageTestOnly(adminReceiver.getPackageName(), userHandle);
3462                policy.mAdminMap.put(adminReceiver, newAdmin);
3463                int replaceIndex = -1;
3464                final int N = policy.mAdminList.size();
3465                for (int i=0; i < N; i++) {
3466                    ActiveAdmin oldAdmin = policy.mAdminList.get(i);
3467                    if (oldAdmin.info.getComponent().equals(adminReceiver)) {
3468                        replaceIndex = i;
3469                        break;
3470                    }
3471                }
3472                if (replaceIndex == -1) {
3473                    policy.mAdminList.add(newAdmin);
3474                    enableIfNecessary(info.getPackageName(), userHandle);
3475                    mUsageStatsManagerInternal.onActiveAdminAdded(
3476                            adminReceiver.getPackageName(), userHandle);
3477                } else {
3478                    policy.mAdminList.set(replaceIndex, newAdmin);
3479                }
3480                saveSettingsLocked(userHandle);
3481                sendAdminCommandLocked(newAdmin, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED,
3482                        onEnableData, null);
3483            } finally {
3484                mInjector.binderRestoreCallingIdentity(ident);
3485            }
3486        }
3487    }
3488
3489    private void pushActiveAdminPackages() {
3490        synchronized (this) {
3491            final List<UserInfo> users = mUserManager.getUsers();
3492            for (int i = users.size() - 1; i >= 0; --i) {
3493                final int userId = users.get(i).id;
3494                mUsageStatsManagerInternal.setActiveAdminApps(
3495                        getActiveAdminPackagesLocked(userId), userId);
3496            }
3497        }
3498    }
3499
3500    private void pushActiveAdminPackagesLocked(int userId) {
3501        mUsageStatsManagerInternal.setActiveAdminApps(
3502                getActiveAdminPackagesLocked(userId), userId);
3503    }
3504
3505    private Set<String> getActiveAdminPackagesLocked(int userId) {
3506        final DevicePolicyData policy = getUserData(userId);
3507        Set<String> adminPkgs = null;
3508        for (int i = policy.mAdminList.size() - 1; i >= 0; --i) {
3509            final String pkgName = policy.mAdminList.get(i).info.getPackageName();
3510            if (adminPkgs == null) {
3511                adminPkgs = new ArraySet<>();
3512            }
3513            adminPkgs.add(pkgName);
3514        }
3515        return adminPkgs;
3516    }
3517
3518    private void transferActiveAdminUncheckedLocked(ComponentName incomingReceiver,
3519            ComponentName outgoingReceiver, int userHandle) {
3520        final DevicePolicyData policy = getUserData(userHandle);
3521        final DeviceAdminInfo incomingDeviceInfo = findAdmin(incomingReceiver, userHandle,
3522            /* throwForMissingPermission= */ true);
3523        final ActiveAdmin adminToTransfer = policy.mAdminMap.get(outgoingReceiver);
3524        final int oldAdminUid = adminToTransfer.getUid();
3525
3526        adminToTransfer.transfer(incomingDeviceInfo);
3527        policy.mAdminMap.remove(outgoingReceiver);
3528        policy.mAdminMap.put(incomingReceiver, adminToTransfer);
3529        if (policy.mPasswordOwner == oldAdminUid) {
3530            policy.mPasswordOwner = adminToTransfer.getUid();
3531        }
3532
3533        saveSettingsLocked(userHandle);
3534        //TODO: Make sure we revert back when we detect a failure.
3535        sendAdminCommandLocked(adminToTransfer, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED,
3536                null, null);
3537    }
3538
3539    private void checkActiveAdminPrecondition(ComponentName adminReceiver, DeviceAdminInfo info,
3540            DevicePolicyData policy) {
3541        if (info == null) {
3542            throw new IllegalArgumentException("Bad admin: " + adminReceiver);
3543        }
3544        if (!info.getActivityInfo().applicationInfo.isInternal()) {
3545            throw new IllegalArgumentException("Only apps in internal storage can be active admin: "
3546                    + adminReceiver);
3547        }
3548        if (info.getActivityInfo().applicationInfo.isInstantApp()) {
3549            throw new IllegalArgumentException("Instant apps cannot be device admins: "
3550                    + adminReceiver);
3551        }
3552        if (policy.mRemovingAdmins.contains(adminReceiver)) {
3553            throw new IllegalArgumentException(
3554                    "Trying to set an admin which is being removed");
3555        }
3556    }
3557
3558    @Override
3559    public boolean isAdminActive(ComponentName adminReceiver, int userHandle) {
3560        if (!mHasFeature) {
3561            return false;
3562        }
3563        enforceFullCrossUsersPermission(userHandle);
3564        synchronized (this) {
3565            return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null;
3566        }
3567    }
3568
3569    @Override
3570    public boolean isRemovingAdmin(ComponentName adminReceiver, int userHandle) {
3571        if (!mHasFeature) {
3572            return false;
3573        }
3574        enforceFullCrossUsersPermission(userHandle);
3575        synchronized (this) {
3576            DevicePolicyData policyData = getUserData(userHandle);
3577            return policyData.mRemovingAdmins.contains(adminReceiver);
3578        }
3579    }
3580
3581    @Override
3582    public boolean hasGrantedPolicy(ComponentName adminReceiver, int policyId, int userHandle) {
3583        if (!mHasFeature) {
3584            return false;
3585        }
3586        enforceFullCrossUsersPermission(userHandle);
3587        synchronized (this) {
3588            ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
3589            if (administrator == null) {
3590                throw new SecurityException("No active admin " + adminReceiver);
3591            }
3592            return administrator.info.usesPolicy(policyId);
3593        }
3594    }
3595
3596    @Override
3597    @SuppressWarnings("unchecked")
3598    public List<ComponentName> getActiveAdmins(int userHandle) {
3599        if (!mHasFeature) {
3600            return Collections.EMPTY_LIST;
3601        }
3602
3603        enforceFullCrossUsersPermission(userHandle);
3604        synchronized (this) {
3605            DevicePolicyData policy = getUserData(userHandle);
3606            final int N = policy.mAdminList.size();
3607            if (N <= 0) {
3608                return null;
3609            }
3610            ArrayList<ComponentName> res = new ArrayList<ComponentName>(N);
3611            for (int i=0; i<N; i++) {
3612                res.add(policy.mAdminList.get(i).info.getComponent());
3613            }
3614            return res;
3615        }
3616    }
3617
3618    @Override
3619    public boolean packageHasActiveAdmins(String packageName, int userHandle) {
3620        if (!mHasFeature) {
3621            return false;
3622        }
3623        enforceFullCrossUsersPermission(userHandle);
3624        synchronized (this) {
3625            DevicePolicyData policy = getUserData(userHandle);
3626            final int N = policy.mAdminList.size();
3627            for (int i=0; i<N; i++) {
3628                if (policy.mAdminList.get(i).info.getPackageName().equals(packageName)) {
3629                    return true;
3630                }
3631            }
3632            return false;
3633        }
3634    }
3635
3636    @Override
3637    public void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle) {
3638        if (!mHasFeature) {
3639            return;
3640        }
3641        Preconditions.checkNotNull(adminReceiver, "ComponentName is null");
3642        enforceShell("forceRemoveActiveAdmin");
3643        long ident = mInjector.binderClearCallingIdentity();
3644        try {
3645            synchronized (this)  {
3646                if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) {
3647                    throw new SecurityException("Attempt to remove non-test admin "
3648                            + adminReceiver + " " + userHandle);
3649                }
3650
3651                // If admin is a device or profile owner tidy that up first.
3652                if (isDeviceOwner(adminReceiver, userHandle)) {
3653                    clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle);
3654                }
3655                if (isProfileOwner(adminReceiver, userHandle)) {
3656                    final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver,
3657                            userHandle, /* parent */ false);
3658                    clearProfileOwnerLocked(admin, userHandle);
3659                }
3660            }
3661            // Remove the admin skipping sending the broadcast.
3662            removeAdminArtifacts(adminReceiver, userHandle);
3663            Slog.i(LOG_TAG, "Admin " + adminReceiver + " removed from user " + userHandle);
3664        } finally {
3665            mInjector.binderRestoreCallingIdentity(ident);
3666        }
3667    }
3668
3669    private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) {
3670        // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state
3671        if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) {
3672            mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle);
3673        }
3674    }
3675
3676    /**
3677     * Return if a given package has testOnly="true", in which case we'll relax certain rules
3678     * for CTS.
3679     *
3680     * DO NOT use this method except in {@link #setActiveAdmin}.  Use {@link #isAdminTestOnlyLocked}
3681     * to check wehter an active admin is test-only or not.
3682     *
3683     * The system allows this flag to be changed when an app is updated, which is not good
3684     * for us.  So we persist the flag in {@link ActiveAdmin} when an admin is first installed,
3685     * and used the persisted version in actual checks. (See b/31382361 and b/28928996)
3686     */
3687    private boolean isPackageTestOnly(String packageName, int userHandle) {
3688        final ApplicationInfo ai;
3689        try {
3690            ai = mInjector.getIPackageManager().getApplicationInfo(packageName,
3691                    (PackageManager.MATCH_DIRECT_BOOT_AWARE
3692                            | PackageManager.MATCH_DIRECT_BOOT_UNAWARE), userHandle);
3693        } catch (RemoteException e) {
3694            throw new IllegalStateException(e);
3695        }
3696        if (ai == null) {
3697            throw new IllegalStateException("Couldn't find package: "
3698                    + packageName + " on user " + userHandle);
3699        }
3700        return (ai.flags & ApplicationInfo.FLAG_TEST_ONLY) != 0;
3701    }
3702
3703    /**
3704     * See {@link #isPackageTestOnly}.
3705     */
3706    private boolean isAdminTestOnlyLocked(ComponentName who, int userHandle) {
3707        final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
3708        return (admin != null) && admin.testOnlyAdmin;
3709    }
3710
3711    private void enforceShell(String method) {
3712        final int callingUid = mInjector.binderGetCallingUid();
3713        if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) {
3714            throw new SecurityException("Non-shell user attempted to call " + method);
3715        }
3716    }
3717
3718    @Override
3719    public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) {
3720        if (!mHasFeature) {
3721            return;
3722        }
3723        enforceFullCrossUsersPermission(userHandle);
3724        enforceUserUnlocked(userHandle);
3725        synchronized (this) {
3726            ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
3727            if (admin == null) {
3728                return;
3729            }
3730            // Active device/profile owners must remain active admins.
3731            if (isDeviceOwner(adminReceiver, userHandle)
3732                    || isProfileOwner(adminReceiver, userHandle)) {
3733                Slog.e(LOG_TAG, "Device/profile owner cannot be removed: component=" +
3734                        adminReceiver);
3735                return;
3736            }
3737            if (admin.getUid() != mInjector.binderGetCallingUid()) {
3738                mContext.enforceCallingOrSelfPermission(
3739                        android.Manifest.permission.MANAGE_DEVICE_ADMINS, null);
3740            }
3741            long ident = mInjector.binderClearCallingIdentity();
3742            try {
3743                removeActiveAdminLocked(adminReceiver, userHandle);
3744            } finally {
3745                mInjector.binderRestoreCallingIdentity(ident);
3746            }
3747        }
3748    }
3749
3750    @Override
3751    public boolean isSeparateProfileChallengeAllowed(int userHandle) {
3752        ComponentName profileOwner = getProfileOwner(userHandle);
3753        // Profile challenge is supported on N or newer release.
3754        return profileOwner != null &&
3755                getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M;
3756    }
3757
3758    @Override
3759    public void setPasswordQuality(ComponentName who, int quality, boolean parent) {
3760        if (!mHasFeature) {
3761            return;
3762        }
3763        Preconditions.checkNotNull(who, "ComponentName is null");
3764        validateQualityConstant(quality);
3765
3766        synchronized (this) {
3767            ActiveAdmin ap = getActiveAdminForCallerLocked(
3768                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
3769            if (ap.minimumPasswordMetrics.quality != quality) {
3770                ap.minimumPasswordMetrics.quality = quality;
3771                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
3772                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
3773            }
3774        }
3775    }
3776
3777    /**
3778     * Updates flag in memory that tells us whether the user's password currently satisfies the
3779     * requirements set by all of the user's active admins.  This should be called before
3780     * {@link #saveSettingsLocked} whenever the password or the admin policies have changed.
3781     */
3782    @GuardedBy("DevicePolicyManagerService.this")
3783    private void updatePasswordValidityCheckpointLocked(int userHandle) {
3784        DevicePolicyData policy = getUserData(userHandle);
3785        policy.mPasswordValidAtLastCheckpoint = isActivePasswordSufficientForUserLocked(
3786                policy, policy.mUserHandle, false);
3787    }
3788
3789    @Override
3790    public int getPasswordQuality(ComponentName who, int userHandle, boolean parent) {
3791        if (!mHasFeature) {
3792            return PASSWORD_QUALITY_UNSPECIFIED;
3793        }
3794        enforceFullCrossUsersPermission(userHandle);
3795        synchronized (this) {
3796            int mode = PASSWORD_QUALITY_UNSPECIFIED;
3797
3798            if (who != null) {
3799                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
3800                return admin != null ? admin.minimumPasswordMetrics.quality : mode;
3801            }
3802
3803            // Return the strictest policy across all participating admins.
3804            List<ActiveAdmin> admins =
3805                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
3806            final int N = admins.size();
3807            for (int i = 0; i < N; i++) {
3808                ActiveAdmin admin = admins.get(i);
3809                if (mode < admin.minimumPasswordMetrics.quality) {
3810                    mode = admin.minimumPasswordMetrics.quality;
3811                }
3812            }
3813            return mode;
3814        }
3815    }
3816
3817    private List<ActiveAdmin> getActiveAdminsForLockscreenPoliciesLocked(
3818            int userHandle, boolean parent) {
3819        if (!parent && isSeparateProfileChallengeEnabled(userHandle)) {
3820            // If this user has a separate challenge, only return its restrictions.
3821            return getUserDataUnchecked(userHandle).mAdminList;
3822        } else {
3823            // Return all admins for this user and the profiles that are visible from this
3824            // user that do not use a separate work challenge.
3825            ArrayList<ActiveAdmin> admins = new ArrayList<ActiveAdmin>();
3826            for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) {
3827                DevicePolicyData policy = getUserData(userInfo.id);
3828                if (!userInfo.isManagedProfile()) {
3829                    admins.addAll(policy.mAdminList);
3830                } else {
3831                    // For managed profiles, we always include the policies set on the parent
3832                    // profile. Additionally, we include the ones set on the managed profile
3833                    // if no separate challenge is in place.
3834                    boolean hasSeparateChallenge = isSeparateProfileChallengeEnabled(userInfo.id);
3835                    final int N = policy.mAdminList.size();
3836                    for (int i = 0; i < N; i++) {
3837                        ActiveAdmin admin = policy.mAdminList.get(i);
3838                        if (admin.hasParentActiveAdmin()) {
3839                            admins.add(admin.getParentActiveAdmin());
3840                        }
3841                        if (!hasSeparateChallenge) {
3842                            admins.add(admin);
3843                        }
3844                    }
3845                }
3846            }
3847            return admins;
3848        }
3849    }
3850
3851    private boolean isSeparateProfileChallengeEnabled(int userHandle) {
3852        long ident = mInjector.binderClearCallingIdentity();
3853        try {
3854            return mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle);
3855        } finally {
3856            mInjector.binderRestoreCallingIdentity(ident);
3857        }
3858    }
3859
3860    @Override
3861    public void setPasswordMinimumLength(ComponentName who, int length, boolean parent) {
3862        if (!mHasFeature) {
3863            return;
3864        }
3865        Preconditions.checkNotNull(who, "ComponentName is null");
3866        synchronized (this) {
3867            ActiveAdmin ap = getActiveAdminForCallerLocked(
3868                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
3869            if (ap.minimumPasswordMetrics.length != length) {
3870                ap.minimumPasswordMetrics.length = length;
3871                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
3872                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
3873            }
3874        }
3875    }
3876
3877    @Override
3878    public int getPasswordMinimumLength(ComponentName who, int userHandle, boolean parent) {
3879        return getStrictestPasswordRequirement(who, userHandle, parent,
3880                admin -> admin.minimumPasswordMetrics.length, PASSWORD_QUALITY_UNSPECIFIED);
3881    }
3882
3883    @Override
3884    public void setPasswordHistoryLength(ComponentName who, int length, boolean parent) {
3885        if (!mHasFeature) {
3886            return;
3887        }
3888        Preconditions.checkNotNull(who, "ComponentName is null");
3889        synchronized (this) {
3890            ActiveAdmin ap = getActiveAdminForCallerLocked(
3891                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
3892            if (ap.passwordHistoryLength != length) {
3893                ap.passwordHistoryLength = length;
3894                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
3895                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
3896            }
3897        }
3898    }
3899
3900    @Override
3901    public int getPasswordHistoryLength(ComponentName who, int userHandle, boolean parent) {
3902        return getStrictestPasswordRequirement(who, userHandle, parent,
3903                admin -> admin.passwordHistoryLength, PASSWORD_QUALITY_UNSPECIFIED);
3904    }
3905
3906    @Override
3907    public void setPasswordExpirationTimeout(ComponentName who, long timeout, boolean parent) {
3908        if (!mHasFeature) {
3909            return;
3910        }
3911        Preconditions.checkNotNull(who, "ComponentName is null");
3912        Preconditions.checkArgumentNonnegative(timeout, "Timeout must be >= 0 ms");
3913        final int userHandle = mInjector.userHandleGetCallingUserId();
3914        synchronized (this) {
3915            ActiveAdmin ap = getActiveAdminForCallerLocked(
3916                    who, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD, parent);
3917            // Calling this API automatically bumps the expiration date
3918            final long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;
3919            ap.passwordExpirationDate = expiration;
3920            ap.passwordExpirationTimeout = timeout;
3921            if (timeout > 0L) {
3922                Slog.w(LOG_TAG, "setPasswordExpiration(): password will expire on "
3923                        + DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT)
3924                        .format(new Date(expiration)));
3925            }
3926            saveSettingsLocked(userHandle);
3927
3928            // in case this is the first one, set the alarm on the appropriate user.
3929            setExpirationAlarmCheckLocked(mContext, userHandle, parent);
3930        }
3931    }
3932
3933    /**
3934     * Return a single admin's expiration cycle time, or the min of all cycle times.
3935     * Returns 0 if not configured.
3936     */
3937    @Override
3938    public long getPasswordExpirationTimeout(ComponentName who, int userHandle, boolean parent) {
3939        if (!mHasFeature) {
3940            return 0L;
3941        }
3942        enforceFullCrossUsersPermission(userHandle);
3943        synchronized (this) {
3944            long timeout = 0L;
3945
3946            if (who != null) {
3947                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
3948                return admin != null ? admin.passwordExpirationTimeout : timeout;
3949            }
3950
3951            // Return the strictest policy across all participating admins.
3952            List<ActiveAdmin> admins =
3953                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
3954            final int N = admins.size();
3955            for (int i = 0; i < N; i++) {
3956                ActiveAdmin admin = admins.get(i);
3957                if (timeout == 0L || (admin.passwordExpirationTimeout != 0L
3958                        && timeout > admin.passwordExpirationTimeout)) {
3959                    timeout = admin.passwordExpirationTimeout;
3960                }
3961            }
3962            return timeout;
3963        }
3964    }
3965
3966    @Override
3967    public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) {
3968        final int userId = UserHandle.getCallingUserId();
3969        List<String> changedProviders = null;
3970
3971        synchronized (this) {
3972            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
3973                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
3974            if (activeAdmin.crossProfileWidgetProviders == null) {
3975                activeAdmin.crossProfileWidgetProviders = new ArrayList<>();
3976            }
3977            List<String> providers = activeAdmin.crossProfileWidgetProviders;
3978            if (!providers.contains(packageName)) {
3979                providers.add(packageName);
3980                changedProviders = new ArrayList<>(providers);
3981                saveSettingsLocked(userId);
3982            }
3983        }
3984
3985        if (changedProviders != null) {
3986            mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders);
3987            return true;
3988        }
3989
3990        return false;
3991    }
3992
3993    @Override
3994    public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) {
3995        final int userId = UserHandle.getCallingUserId();
3996        List<String> changedProviders = null;
3997
3998        synchronized (this) {
3999            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
4000                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
4001            if (activeAdmin.crossProfileWidgetProviders == null
4002                    || activeAdmin.crossProfileWidgetProviders.isEmpty()) {
4003                return false;
4004            }
4005            List<String> providers = activeAdmin.crossProfileWidgetProviders;
4006            if (providers.remove(packageName)) {
4007                changedProviders = new ArrayList<>(providers);
4008                saveSettingsLocked(userId);
4009            }
4010        }
4011
4012        if (changedProviders != null) {
4013            mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders);
4014            return true;
4015        }
4016
4017        return false;
4018    }
4019
4020    @Override
4021    public List<String> getCrossProfileWidgetProviders(ComponentName admin) {
4022        synchronized (this) {
4023            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
4024                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
4025            if (activeAdmin.crossProfileWidgetProviders == null
4026                    || activeAdmin.crossProfileWidgetProviders.isEmpty()) {
4027                return null;
4028            }
4029            if (mInjector.binderIsCallingUidMyUid()) {
4030                return new ArrayList<>(activeAdmin.crossProfileWidgetProviders);
4031            } else {
4032                return activeAdmin.crossProfileWidgetProviders;
4033            }
4034        }
4035    }
4036
4037    /**
4038     * Return a single admin's expiration date/time, or the min (soonest) for all admins.
4039     * Returns 0 if not configured.
4040     */
4041    private long getPasswordExpirationLocked(ComponentName who, int userHandle, boolean parent) {
4042        long timeout = 0L;
4043
4044        if (who != null) {
4045            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
4046            return admin != null ? admin.passwordExpirationDate : timeout;
4047        }
4048
4049        // Return the strictest policy across all participating admins.
4050        List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
4051        final int N = admins.size();
4052        for (int i = 0; i < N; i++) {
4053            ActiveAdmin admin = admins.get(i);
4054            if (timeout == 0L || (admin.passwordExpirationDate != 0
4055                    && timeout > admin.passwordExpirationDate)) {
4056                timeout = admin.passwordExpirationDate;
4057            }
4058        }
4059        return timeout;
4060    }
4061
4062    @Override
4063    public long getPasswordExpiration(ComponentName who, int userHandle, boolean parent) {
4064        if (!mHasFeature) {
4065            return 0L;
4066        }
4067        enforceFullCrossUsersPermission(userHandle);
4068        synchronized (this) {
4069            return getPasswordExpirationLocked(who, userHandle, parent);
4070        }
4071    }
4072
4073    @Override
4074    public void setPasswordMinimumUpperCase(ComponentName who, int length, boolean parent) {
4075        if (!mHasFeature) {
4076            return;
4077        }
4078        Preconditions.checkNotNull(who, "ComponentName is null");
4079        synchronized (this) {
4080            ActiveAdmin ap = getActiveAdminForCallerLocked(
4081                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4082            if (ap.minimumPasswordMetrics.upperCase != length) {
4083                ap.minimumPasswordMetrics.upperCase = length;
4084                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4085                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4086            }
4087        }
4088    }
4089
4090    @Override
4091    public int getPasswordMinimumUpperCase(ComponentName who, int userHandle, boolean parent) {
4092        return getStrictestPasswordRequirement(who, userHandle, parent,
4093                admin -> admin.minimumPasswordMetrics.upperCase, PASSWORD_QUALITY_COMPLEX);
4094    }
4095
4096    @Override
4097    public void setPasswordMinimumLowerCase(ComponentName who, int length, boolean parent) {
4098        Preconditions.checkNotNull(who, "ComponentName is null");
4099        synchronized (this) {
4100            ActiveAdmin ap = getActiveAdminForCallerLocked(
4101                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4102            if (ap.minimumPasswordMetrics.lowerCase != length) {
4103                ap.minimumPasswordMetrics.lowerCase = length;
4104                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4105                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4106            }
4107        }
4108    }
4109
4110    @Override
4111    public int getPasswordMinimumLowerCase(ComponentName who, int userHandle, boolean parent) {
4112        return getStrictestPasswordRequirement(who, userHandle, parent,
4113                admin -> admin.minimumPasswordMetrics.lowerCase, PASSWORD_QUALITY_COMPLEX);
4114    }
4115
4116    @Override
4117    public void setPasswordMinimumLetters(ComponentName who, int length, boolean parent) {
4118        if (!mHasFeature) {
4119            return;
4120        }
4121        Preconditions.checkNotNull(who, "ComponentName is null");
4122        synchronized (this) {
4123            ActiveAdmin ap = getActiveAdminForCallerLocked(
4124                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4125            if (ap.minimumPasswordMetrics.letters != length) {
4126                ap.minimumPasswordMetrics.letters = length;
4127                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4128                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4129            }
4130        }
4131    }
4132
4133    @Override
4134    public int getPasswordMinimumLetters(ComponentName who, int userHandle, boolean parent) {
4135        return getStrictestPasswordRequirement(who, userHandle, parent,
4136                admin -> admin.minimumPasswordMetrics.letters, PASSWORD_QUALITY_COMPLEX);
4137    }
4138
4139    @Override
4140    public void setPasswordMinimumNumeric(ComponentName who, int length, boolean parent) {
4141        if (!mHasFeature) {
4142            return;
4143        }
4144        Preconditions.checkNotNull(who, "ComponentName is null");
4145        synchronized (this) {
4146            ActiveAdmin ap = getActiveAdminForCallerLocked(
4147                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4148            if (ap.minimumPasswordMetrics.numeric != length) {
4149                ap.minimumPasswordMetrics.numeric = length;
4150                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4151                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4152            }
4153        }
4154    }
4155
4156    @Override
4157    public int getPasswordMinimumNumeric(ComponentName who, int userHandle, boolean parent) {
4158        return getStrictestPasswordRequirement(who, userHandle, parent,
4159                admin -> admin.minimumPasswordMetrics.numeric, PASSWORD_QUALITY_COMPLEX);
4160   }
4161
4162    @Override
4163    public void setPasswordMinimumSymbols(ComponentName who, int length, boolean parent) {
4164        if (!mHasFeature) {
4165            return;
4166        }
4167        Preconditions.checkNotNull(who, "ComponentName is null");
4168        synchronized (this) {
4169            ActiveAdmin ap = getActiveAdminForCallerLocked(
4170                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4171            if (ap.minimumPasswordMetrics.symbols != length) {
4172                ap.minimumPasswordMetrics.symbols = length;
4173                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4174                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4175            }
4176        }
4177    }
4178
4179    @Override
4180    public int getPasswordMinimumSymbols(ComponentName who, int userHandle, boolean parent) {
4181        return getStrictestPasswordRequirement(who, userHandle, parent,
4182                admin -> admin.minimumPasswordMetrics.symbols, PASSWORD_QUALITY_COMPLEX);
4183    }
4184
4185    @Override
4186    public void setPasswordMinimumNonLetter(ComponentName who, int length, boolean parent) {
4187        if (!mHasFeature) {
4188            return;
4189        }
4190        Preconditions.checkNotNull(who, "ComponentName is null");
4191        synchronized (this) {
4192            ActiveAdmin ap = getActiveAdminForCallerLocked(
4193                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4194            if (ap.minimumPasswordMetrics.nonLetter != length) {
4195                ap.minimumPasswordMetrics.nonLetter = length;
4196                updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId());
4197                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4198            }
4199        }
4200    }
4201
4202    @Override
4203    public int getPasswordMinimumNonLetter(ComponentName who, int userHandle, boolean parent) {
4204        return getStrictestPasswordRequirement(who, userHandle, parent,
4205                admin -> admin.minimumPasswordMetrics.nonLetter, PASSWORD_QUALITY_COMPLEX);
4206    }
4207
4208    /**
4209     * Calculates strictest (maximum) value for a given password property enforced by admin[s].
4210     */
4211    private int getStrictestPasswordRequirement(ComponentName who, int userHandle,
4212            boolean parent, Function<ActiveAdmin, Integer> getter, int minimumPasswordQuality) {
4213        if (!mHasFeature) {
4214            return 0;
4215        }
4216        enforceFullCrossUsersPermission(userHandle);
4217        synchronized (this) {
4218            if (who != null) {
4219                final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
4220                return admin != null ? getter.apply(admin) : 0;
4221            }
4222
4223            int maxValue = 0;
4224            final List<ActiveAdmin> admins =
4225                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
4226            final int N = admins.size();
4227            for (int i = 0; i < N; i++) {
4228                final ActiveAdmin admin = admins.get(i);
4229                if (!isLimitPasswordAllowed(admin, minimumPasswordQuality)) {
4230                    continue;
4231                }
4232                final Integer adminValue = getter.apply(admin);
4233                if (adminValue > maxValue) {
4234                    maxValue = adminValue;
4235                }
4236            }
4237            return maxValue;
4238        }
4239    }
4240
4241    /* @return the password blacklist set by the admin or {@code null} if none. */
4242    PasswordBlacklist getAdminPasswordBlacklistLocked(@NonNull ActiveAdmin admin) {
4243        final int userId = UserHandle.getUserId(admin.getUid());
4244        return admin.passwordBlacklistFile == null ? null : new PasswordBlacklist(
4245                new File(getPolicyFileDirectory(userId), admin.passwordBlacklistFile));
4246    }
4247
4248    private static final String PASSWORD_BLACKLIST_FILE_PREFIX = "password-blacklist-";
4249    private static final String PASSWORD_BLACKLIST_FILE_SUFFIX = "";
4250
4251    @Override
4252    public boolean setPasswordBlacklist(ComponentName who, String name, List<String> blacklist,
4253            boolean parent) {
4254        if (!mHasFeature) {
4255            return false;
4256        }
4257        Preconditions.checkNotNull(who, "who is null");
4258
4259        synchronized (this) {
4260            final ActiveAdmin admin = getActiveAdminForCallerLocked(
4261                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent);
4262            final int userId = mInjector.userHandleGetCallingUserId();
4263            PasswordBlacklist adminBlacklist = getAdminPasswordBlacklistLocked(admin);
4264
4265            if (blacklist == null || blacklist.isEmpty()) {
4266                // Remove the adminBlacklist
4267                admin.passwordBlacklistFile = null;
4268                saveSettingsLocked(userId);
4269                if (adminBlacklist != null) {
4270                    adminBlacklist.delete();
4271                }
4272                return true;
4273            }
4274
4275            // Validate server side
4276            Preconditions.checkNotNull(name, "name is null");
4277            DevicePolicyManager.enforcePasswordBlacklistSize(blacklist);
4278
4279            // Blacklist is case insensitive so normalize to lower case
4280            final int blacklistSize = blacklist.size();
4281            for (int i = 0; i < blacklistSize; ++i) {
4282                blacklist.set(i, blacklist.get(i).toLowerCase());
4283            }
4284
4285            final boolean isNewBlacklist = adminBlacklist == null;
4286            if (isNewBlacklist) {
4287                // Create a new file for the blacklist. There could be multiple admins, each setting
4288                // different blacklists, to restrict a user's credential, for example a managed
4289                // profile can impose restrictions on its parent while the parent is already
4290                // restricted by its own admin. A deterministic naming scheme would be fragile if
4291                // new types of admin are introduced so we generate and save the file name instead.
4292                // This isn't a temporary file but it reuses the name generation logic
4293                final File file;
4294                try {
4295                    file = File.createTempFile(PASSWORD_BLACKLIST_FILE_PREFIX,
4296                            PASSWORD_BLACKLIST_FILE_SUFFIX, getPolicyFileDirectory(userId));
4297                } catch (IOException e) {
4298                    Slog.e(LOG_TAG, "Failed to make a file for the blacklist", e);
4299                    return false;
4300                }
4301                adminBlacklist = mInjector.newPasswordBlacklist(file);
4302            }
4303
4304            if (adminBlacklist.savePasswordBlacklist(name, blacklist)) {
4305                if (isNewBlacklist) {
4306                    // The blacklist was saved so point the admin to the file
4307                    admin.passwordBlacklistFile = adminBlacklist.getFile().getName();
4308                    saveSettingsLocked(userId);
4309                }
4310                return true;
4311            }
4312        }
4313
4314        return false;
4315    }
4316
4317    @Override
4318    public String getPasswordBlacklistName(ComponentName who, @UserIdInt int userId,
4319            boolean parent) {
4320        if (!mHasFeature) {
4321            return null;
4322        }
4323        Preconditions.checkNotNull(who, "who is null");
4324        enforceFullCrossUsersPermission(userId);
4325        synchronized (this) {
4326            final ActiveAdmin admin = getActiveAdminForCallerLocked(
4327                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent);
4328            final PasswordBlacklist blacklist = getAdminPasswordBlacklistLocked(admin);
4329            if (blacklist == null) {
4330                return null;
4331            }
4332            return blacklist.getName();
4333        }
4334    }
4335
4336    @Override
4337    public boolean isPasswordBlacklisted(@UserIdInt int userId, String password) {
4338        if (!mHasFeature) {
4339            return false;
4340        }
4341        mContext.enforceCallingOrSelfPermission(
4342                android.Manifest.permission.TEST_BLACKLISTED_PASSWORD, null);
4343        return isPasswordBlacklistedInternal(userId, password);
4344    }
4345
4346    private boolean isPasswordBlacklistedInternal(@UserIdInt int userId, String password) {
4347        Preconditions.checkNotNull(password, "Password is null");
4348        enforceFullCrossUsersPermission(userId);
4349
4350        // Normalize to lower case for case insensitive blacklist match
4351        final String lowerCasePassword = password.toLowerCase();
4352
4353        synchronized (this) {
4354            final List<ActiveAdmin> admins =
4355                    getActiveAdminsForLockscreenPoliciesLocked(userId, /* parent */ false);
4356            final int N = admins.size();
4357            for (int i = 0; i < N; i++) {
4358                final PasswordBlacklist blacklist
4359                        = getAdminPasswordBlacklistLocked(admins.get(i));
4360                if (blacklist != null) {
4361                    if (blacklist.isPasswordBlacklisted(lowerCasePassword)) {
4362                        return true;
4363                    }
4364                }
4365            }
4366        }
4367
4368        return false;
4369    }
4370
4371    @Override
4372    public boolean isActivePasswordSufficient(int userHandle, boolean parent) {
4373        if (!mHasFeature) {
4374            return true;
4375        }
4376        enforceFullCrossUsersPermission(userHandle);
4377        enforceUserUnlocked(userHandle, parent);
4378
4379        synchronized (this) {
4380            // This API can only be called by an active device admin,
4381            // so try to retrieve it to check that the caller is one.
4382            getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
4383            DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent));
4384            return isActivePasswordSufficientForUserLocked(policy, userHandle, parent);
4385        }
4386    }
4387
4388    @Override
4389    public boolean isUsingUnifiedPassword(ComponentName admin) {
4390        if (!mHasFeature) {
4391            return true;
4392        }
4393        final int userId = mInjector.userHandleGetCallingUserId();
4394        enforceProfileOrDeviceOwner(admin);
4395        enforceManagedProfile(userId, "query unified challenge status");
4396        return !isSeparateProfileChallengeEnabled(userId);
4397    }
4398
4399    @Override
4400    public boolean isProfileActivePasswordSufficientForParent(int userHandle) {
4401        if (!mHasFeature) {
4402            return true;
4403        }
4404        enforceFullCrossUsersPermission(userHandle);
4405        enforceManagedProfile(userHandle, "call APIs refering to the parent profile");
4406
4407        synchronized (this) {
4408            final int targetUser = getProfileParentId(userHandle);
4409            enforceUserUnlocked(targetUser, false);
4410            DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, false));
4411            return isActivePasswordSufficientForUserLocked(policy, targetUser, false);
4412        }
4413    }
4414
4415    private boolean isActivePasswordSufficientForUserLocked(
4416            DevicePolicyData policy, int userHandle, boolean parent) {
4417        final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent);
4418        if (requiredPasswordQuality == PASSWORD_QUALITY_UNSPECIFIED) {
4419            // A special case is when there is no required password quality, then we just return
4420            // true since any password would be sufficient. This is for the scenario when a work
4421            // profile is first created so there is no information about the current password but
4422            // it should be considered sufficient as there is no password requirement either.
4423            // This is useful since it short-circuits the password checkpoint for FDE device below.
4424            return true;
4425        }
4426
4427        if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()
4428                && !policy.mPasswordStateHasBeenSetSinceBoot) {
4429            // Before user enters their password for the first time after a reboot, return the
4430            // value of this flag, which tells us whether the password was valid the last time
4431            // settings were saved.  If DPC changes password requirements on boot so that the
4432            // current password no longer meets the requirements, this value will be stale until
4433            // the next time the password is entered.
4434            return policy.mPasswordValidAtLastCheckpoint;
4435        }
4436
4437        if (policy.mActivePasswordMetrics.quality < requiredPasswordQuality) {
4438            return false;
4439        }
4440        if (requiredPasswordQuality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC
4441                && policy.mActivePasswordMetrics.length < getPasswordMinimumLength(
4442                        null, userHandle, parent)) {
4443            return false;
4444        }
4445        if (requiredPasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
4446            return true;
4447        }
4448        return policy.mActivePasswordMetrics.upperCase >= getPasswordMinimumUpperCase(
4449                    null, userHandle, parent)
4450                && policy.mActivePasswordMetrics.lowerCase >= getPasswordMinimumLowerCase(
4451                        null, userHandle, parent)
4452                && policy.mActivePasswordMetrics.letters >= getPasswordMinimumLetters(
4453                        null, userHandle, parent)
4454                && policy.mActivePasswordMetrics.numeric >= getPasswordMinimumNumeric(
4455                        null, userHandle, parent)
4456                && policy.mActivePasswordMetrics.symbols >= getPasswordMinimumSymbols(
4457                        null, userHandle, parent)
4458                && policy.mActivePasswordMetrics.nonLetter >= getPasswordMinimumNonLetter(
4459                        null, userHandle, parent);
4460    }
4461
4462    @Override
4463    public int getCurrentFailedPasswordAttempts(int userHandle, boolean parent) {
4464        enforceFullCrossUsersPermission(userHandle);
4465        synchronized (this) {
4466            if (!isCallerWithSystemUid()) {
4467                // This API can only be called by an active device admin,
4468                // so try to retrieve it to check that the caller is one.
4469                getActiveAdminForCallerLocked(
4470                        null, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent);
4471            }
4472
4473            DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent));
4474
4475            return policy.mFailedPasswordAttempts;
4476        }
4477    }
4478
4479    @Override
4480    public void setMaximumFailedPasswordsForWipe(ComponentName who, int num, boolean parent) {
4481        if (!mHasFeature) {
4482            return;
4483        }
4484        Preconditions.checkNotNull(who, "ComponentName is null");
4485        synchronized (this) {
4486            // This API can only be called by an active device admin,
4487            // so try to retrieve it to check that the caller is one.
4488            getActiveAdminForCallerLocked(
4489                    who, DeviceAdminInfo.USES_POLICY_WIPE_DATA, parent);
4490            ActiveAdmin ap = getActiveAdminForCallerLocked(
4491                    who, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent);
4492            if (ap.maximumFailedPasswordsForWipe != num) {
4493                ap.maximumFailedPasswordsForWipe = num;
4494                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
4495            }
4496        }
4497    }
4498
4499    @Override
4500    public int getMaximumFailedPasswordsForWipe(ComponentName who, int userHandle, boolean parent) {
4501        if (!mHasFeature) {
4502            return 0;
4503        }
4504        enforceFullCrossUsersPermission(userHandle);
4505        synchronized (this) {
4506            ActiveAdmin admin = (who != null)
4507                    ? getActiveAdminUncheckedLocked(who, userHandle, parent)
4508                    : getAdminWithMinimumFailedPasswordsForWipeLocked(userHandle, parent);
4509            return admin != null ? admin.maximumFailedPasswordsForWipe : 0;
4510        }
4511    }
4512
4513    @Override
4514    public int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent) {
4515        if (!mHasFeature) {
4516            return UserHandle.USER_NULL;
4517        }
4518        enforceFullCrossUsersPermission(userHandle);
4519        synchronized (this) {
4520            ActiveAdmin admin = getAdminWithMinimumFailedPasswordsForWipeLocked(
4521                    userHandle, parent);
4522            return admin != null ? admin.getUserHandle().getIdentifier() : UserHandle.USER_NULL;
4523        }
4524    }
4525
4526    /**
4527     * Returns the admin with the strictest policy on maximum failed passwords for:
4528     * <ul>
4529     *   <li>this user if it has a separate profile challenge, or
4530     *   <li>this user and all profiles that don't have their own challenge otherwise.
4531     * </ul>
4532     * <p>If the policy for the primary and any other profile are equal, it returns the admin for
4533     * the primary profile.
4534     * Returns {@code null} if no participating admin has that policy set.
4535     */
4536    private ActiveAdmin getAdminWithMinimumFailedPasswordsForWipeLocked(
4537            int userHandle, boolean parent) {
4538        int count = 0;
4539        ActiveAdmin strictestAdmin = null;
4540
4541        // Return the strictest policy across all participating admins.
4542        List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
4543        final int N = admins.size();
4544        for (int i = 0; i < N; i++) {
4545            ActiveAdmin admin = admins.get(i);
4546            if (admin.maximumFailedPasswordsForWipe ==
4547                    ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
4548                continue;  // No max number of failed passwords policy set for this profile.
4549            }
4550
4551            // We always favor the primary profile if several profiles have the same value set.
4552            int userId = admin.getUserHandle().getIdentifier();
4553            if (count == 0 ||
4554                    count > admin.maximumFailedPasswordsForWipe ||
4555                    (count == admin.maximumFailedPasswordsForWipe &&
4556                            getUserInfo(userId).isPrimary())) {
4557                count = admin.maximumFailedPasswordsForWipe;
4558                strictestAdmin = admin;
4559            }
4560        }
4561        return strictestAdmin;
4562    }
4563
4564    private UserInfo getUserInfo(@UserIdInt int userId) {
4565        final long token = mInjector.binderClearCallingIdentity();
4566        try {
4567            return mUserManager.getUserInfo(userId);
4568        } finally {
4569            mInjector.binderRestoreCallingIdentity(token);
4570        }
4571    }
4572
4573    private boolean canPOorDOCallResetPassword(ActiveAdmin admin, @UserIdInt int userId) {
4574        // Only if the admins targets a pre-O SDK
4575        return getTargetSdk(admin.info.getPackageName(), userId) < Build.VERSION_CODES.O;
4576    }
4577
4578    /* PO or DO could do an untrusted reset in certain conditions. */
4579    private boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) {
4580        synchronized (this) {
4581            // An active DO or PO might be able to fo an untrusted credential reset
4582            for (final ActiveAdmin admin : getUserData(userId).mAdminList) {
4583                if (!isActiveAdminWithPolicyForUserLocked(admin,
4584                          DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, userId)) {
4585                    continue;
4586                }
4587                if (canPOorDOCallResetPassword(admin, userId)) {
4588                    return true;
4589                }
4590            }
4591            return false;
4592        }
4593    }
4594
4595    @Override
4596    public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException {
4597        final int callingUid = mInjector.binderGetCallingUid();
4598        final int userHandle = mInjector.userHandleGetCallingUserId();
4599
4600        String password = passwordOrNull != null ? passwordOrNull : "";
4601
4602        // Password resetting to empty/null is not allowed for managed profiles.
4603        if (TextUtils.isEmpty(password)) {
4604            enforceNotManagedProfile(userHandle, "clear the active password");
4605        }
4606
4607        synchronized (this) {
4608            // If caller has PO (or DO) it can change the password, so see if that's the case first.
4609            ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked(
4610                    null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid);
4611            final boolean preN;
4612            if (admin != null) {
4613                if (!canPOorDOCallResetPassword(admin, userHandle)) {
4614                    throw new SecurityException("resetPassword() is deprecated for DPC targeting O"
4615                            + " or later");
4616                }
4617                preN = getTargetSdk(admin.info.getPackageName(),
4618                        userHandle) <= android.os.Build.VERSION_CODES.M;
4619            } else {
4620                // Otherwise, make sure the caller has any active admin with the right policy.
4621                admin = getActiveAdminForCallerLocked(null,
4622                        DeviceAdminInfo.USES_POLICY_RESET_PASSWORD);
4623                preN = getTargetSdk(admin.info.getPackageName(),
4624                        userHandle) <= android.os.Build.VERSION_CODES.M;
4625
4626                // As of N, password resetting to empty/null is not allowed anymore.
4627                // TODO Should we allow DO/PO to set an empty password?
4628                if (TextUtils.isEmpty(password)) {
4629                    if (!preN) {
4630                        throw new SecurityException("Cannot call with null password");
4631                    } else {
4632                        Slog.e(LOG_TAG, "Cannot call with null password");
4633                        return false;
4634                    }
4635                }
4636                // As of N, password cannot be changed by the admin if it is already set.
4637                if (isLockScreenSecureUnchecked(userHandle)) {
4638                    if (!preN) {
4639                        throw new SecurityException("Admin cannot change current password");
4640                    } else {
4641                        Slog.e(LOG_TAG, "Admin cannot change current password");
4642                        return false;
4643                    }
4644                }
4645            }
4646            // Do not allow to reset password when current user has a managed profile
4647            if (!isManagedProfile(userHandle)) {
4648                for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) {
4649                    if (userInfo.isManagedProfile()) {
4650                        if (!preN) {
4651                            throw new IllegalStateException(
4652                                    "Cannot reset password on user has managed profile");
4653                        } else {
4654                            Slog.e(LOG_TAG, "Cannot reset password on user has managed profile");
4655                            return false;
4656                        }
4657                    }
4658                }
4659            }
4660            // Do not allow to reset password when user is locked
4661            if (!mUserManager.isUserUnlocked(userHandle)) {
4662                if (!preN) {
4663                    throw new IllegalStateException("Cannot reset password when user is locked");
4664                } else {
4665                    Slog.e(LOG_TAG, "Cannot reset password when user is locked");
4666                    return false;
4667                }
4668            }
4669        }
4670
4671        return resetPasswordInternal(password, 0, null, flags, callingUid, userHandle);
4672    }
4673
4674    private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token,
4675            int flags, int callingUid, int userHandle) {
4676        int quality;
4677        synchronized (this) {
4678            quality = getPasswordQuality(null, userHandle, /* parent */ false);
4679            if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) {
4680                quality = PASSWORD_QUALITY_UNSPECIFIED;
4681            }
4682            final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password);
4683            if (quality != PASSWORD_QUALITY_UNSPECIFIED) {
4684                final int realQuality = metrics.quality;
4685                if (realQuality < quality
4686                        && quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
4687                    Slog.w(LOG_TAG, "resetPassword: password quality 0x"
4688                            + Integer.toHexString(realQuality)
4689                            + " does not meet required quality 0x"
4690                            + Integer.toHexString(quality));
4691                    return false;
4692                }
4693                quality = Math.max(realQuality, quality);
4694            }
4695            int length = getPasswordMinimumLength(null, userHandle, /* parent */ false);
4696            if (password.length() < length) {
4697                Slog.w(LOG_TAG, "resetPassword: password length " + password.length()
4698                        + " does not meet required length " + length);
4699                return false;
4700            }
4701            if (quality == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {
4702                int neededLetters = getPasswordMinimumLetters(null, userHandle, /* parent */ false);
4703                if(metrics.letters < neededLetters) {
4704                    Slog.w(LOG_TAG, "resetPassword: number of letters " + metrics.letters
4705                            + " does not meet required number of letters " + neededLetters);
4706                    return false;
4707                }
4708                int neededNumeric = getPasswordMinimumNumeric(null, userHandle, /* parent */ false);
4709                if (metrics.numeric < neededNumeric) {
4710                    Slog.w(LOG_TAG, "resetPassword: number of numerical digits " + metrics.numeric
4711                            + " does not meet required number of numerical digits "
4712                            + neededNumeric);
4713                    return false;
4714                }
4715                int neededLowerCase = getPasswordMinimumLowerCase(
4716                        null, userHandle, /* parent */ false);
4717                if (metrics.lowerCase < neededLowerCase) {
4718                    Slog.w(LOG_TAG, "resetPassword: number of lowercase letters "
4719                            + metrics.lowerCase
4720                            + " does not meet required number of lowercase letters "
4721                            + neededLowerCase);
4722                    return false;
4723                }
4724                int neededUpperCase = getPasswordMinimumUpperCase(
4725                        null, userHandle, /* parent */ false);
4726                if (metrics.upperCase < neededUpperCase) {
4727                    Slog.w(LOG_TAG, "resetPassword: number of uppercase letters "
4728                            + metrics.upperCase
4729                            + " does not meet required number of uppercase letters "
4730                            + neededUpperCase);
4731                    return false;
4732                }
4733                int neededSymbols = getPasswordMinimumSymbols(null, userHandle, /* parent */ false);
4734                if (metrics.symbols < neededSymbols) {
4735                    Slog.w(LOG_TAG, "resetPassword: number of special symbols " + metrics.symbols
4736                            + " does not meet required number of special symbols " + neededSymbols);
4737                    return false;
4738                }
4739                int neededNonLetter = getPasswordMinimumNonLetter(
4740                        null, userHandle, /* parent */ false);
4741                if (metrics.nonLetter < neededNonLetter) {
4742                    Slog.w(LOG_TAG, "resetPassword: number of non-letter characters "
4743                            + metrics.nonLetter
4744                            + " does not meet required number of non-letter characters "
4745                            + neededNonLetter);
4746                    return false;
4747                }
4748            }
4749
4750            if (isPasswordBlacklistedInternal(userHandle, password)) {
4751                Slog.w(LOG_TAG, "resetPassword: the password is blacklisted");
4752                return false;
4753            }
4754        }
4755
4756        DevicePolicyData policy = getUserData(userHandle);
4757        if (policy.mPasswordOwner >= 0 && policy.mPasswordOwner != callingUid) {
4758            Slog.w(LOG_TAG, "resetPassword: already set by another uid and not entered by user");
4759            return false;
4760        }
4761
4762        boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwner(callingUid);
4763        boolean doNotAskCredentialsOnBoot =
4764                (flags & DevicePolicyManager.RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0;
4765        if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) {
4766            setDoNotAskCredentialsOnBoot();
4767        }
4768
4769        // Don't do this with the lock held, because it is going to call
4770        // back in to the service.
4771        final long ident = mInjector.binderClearCallingIdentity();
4772        final boolean result;
4773        try {
4774            if (token == null) {
4775                if (!TextUtils.isEmpty(password)) {
4776                    mLockPatternUtils.saveLockPassword(password, null, quality, userHandle);
4777                } else {
4778                    mLockPatternUtils.clearLock(null, userHandle);
4779                }
4780                result = true;
4781            } else {
4782                result = mLockPatternUtils.setLockCredentialWithToken(password,
4783                        TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE
4784                                : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD,
4785                                quality, tokenHandle, token, userHandle);
4786            }
4787            boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0;
4788            if (requireEntry) {
4789                mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,
4790                        UserHandle.USER_ALL);
4791            }
4792            synchronized (this) {
4793                int newOwner = requireEntry ? callingUid : -1;
4794                if (policy.mPasswordOwner != newOwner) {
4795                    policy.mPasswordOwner = newOwner;
4796                    saveSettingsLocked(userHandle);
4797                }
4798            }
4799        } finally {
4800            mInjector.binderRestoreCallingIdentity(ident);
4801        }
4802        return result;
4803    }
4804
4805    private boolean isLockScreenSecureUnchecked(int userId) {
4806        long ident = mInjector.binderClearCallingIdentity();
4807        try {
4808            return mLockPatternUtils.isSecure(userId);
4809        } finally {
4810            mInjector.binderRestoreCallingIdentity(ident);
4811        }
4812    }
4813
4814    private void setDoNotAskCredentialsOnBoot() {
4815        synchronized (this) {
4816            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
4817            if (!policyData.doNotAskCredentialsOnBoot) {
4818                policyData.doNotAskCredentialsOnBoot = true;
4819                saveSettingsLocked(UserHandle.USER_SYSTEM);
4820            }
4821        }
4822    }
4823
4824    @Override
4825    public boolean getDoNotAskCredentialsOnBoot() {
4826        mContext.enforceCallingOrSelfPermission(
4827                android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null);
4828        synchronized (this) {
4829            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
4830            return policyData.doNotAskCredentialsOnBoot;
4831        }
4832    }
4833
4834    @Override
4835    public void setMaximumTimeToLock(ComponentName who, long timeMs, boolean parent) {
4836        if (!mHasFeature) {
4837            return;
4838        }
4839        Preconditions.checkNotNull(who, "ComponentName is null");
4840        final int userHandle = mInjector.userHandleGetCallingUserId();
4841        synchronized (this) {
4842            ActiveAdmin ap = getActiveAdminForCallerLocked(
4843                    who, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent);
4844            if (ap.maximumTimeToUnlock != timeMs) {
4845                ap.maximumTimeToUnlock = timeMs;
4846                saveSettingsLocked(userHandle);
4847                updateMaximumTimeToLockLocked(userHandle);
4848            }
4849        }
4850    }
4851
4852    private void updateMaximumTimeToLockLocked(@UserIdInt int userId) {
4853        // Update the profile's timeout
4854        if (isManagedProfile(userId)) {
4855            updateProfileLockTimeoutLocked(userId);
4856        }
4857
4858        final long timeMs;
4859        final long ident = mInjector.binderClearCallingIdentity();
4860        try {
4861            // Update the device timeout
4862            final int parentId = getProfileParentId(userId);
4863            timeMs = getMaximumTimeToLockPolicyFromAdmins(
4864                    getActiveAdminsForLockscreenPoliciesLocked(parentId, false));
4865
4866            final DevicePolicyData policy = getUserDataUnchecked(parentId);
4867            if (policy.mLastMaximumTimeToLock == timeMs) {
4868                return;
4869            }
4870            policy.mLastMaximumTimeToLock = timeMs;
4871
4872            if (policy.mLastMaximumTimeToLock != Long.MAX_VALUE) {
4873                // Make sure KEEP_SCREEN_ON is disabled, since that
4874                // would allow bypassing of the maximum time to lock.
4875                mInjector.settingsGlobalPutInt(Settings.Global.STAY_ON_WHILE_PLUGGED_IN, 0);
4876            }
4877        } finally {
4878            mInjector.binderRestoreCallingIdentity(ident);
4879        }
4880
4881        mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin(
4882                UserHandle.USER_SYSTEM, timeMs);
4883    }
4884
4885    private void updateProfileLockTimeoutLocked(@UserIdInt int userId) {
4886        final long timeMs;
4887        if (isSeparateProfileChallengeEnabled(userId)) {
4888            timeMs = getMaximumTimeToLockPolicyFromAdmins(
4889                    getActiveAdminsForLockscreenPoliciesLocked(userId, false /* parent */));
4890        } else {
4891            timeMs = Long.MAX_VALUE;
4892        }
4893
4894        final DevicePolicyData policy = getUserDataUnchecked(userId);
4895        if (policy.mLastMaximumTimeToLock == timeMs) {
4896            return;
4897        }
4898        policy.mLastMaximumTimeToLock = timeMs;
4899
4900        mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin(
4901                userId, policy.mLastMaximumTimeToLock);
4902    }
4903
4904    @Override
4905    public long getMaximumTimeToLock(ComponentName who, int userHandle, boolean parent) {
4906        if (!mHasFeature) {
4907            return 0;
4908        }
4909        enforceFullCrossUsersPermission(userHandle);
4910        synchronized (this) {
4911            if (who != null) {
4912                final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
4913                return admin != null ? admin.maximumTimeToUnlock : 0;
4914            }
4915            // Return the strictest policy across all participating admins.
4916            final List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(
4917                    userHandle, parent);
4918            final long timeMs = getMaximumTimeToLockPolicyFromAdmins(admins);
4919            return timeMs == Long.MAX_VALUE ? 0 : timeMs;
4920        }
4921    }
4922
4923    private long getMaximumTimeToLockPolicyFromAdmins(List<ActiveAdmin> admins) {
4924        long time = Long.MAX_VALUE;
4925        for (final ActiveAdmin admin : admins) {
4926            if (admin.maximumTimeToUnlock > 0 && admin.maximumTimeToUnlock < time) {
4927                time = admin.maximumTimeToUnlock;
4928            }
4929        }
4930        return time;
4931    }
4932
4933    @Override
4934    public void setRequiredStrongAuthTimeout(ComponentName who, long timeoutMs,
4935            boolean parent) {
4936        if (!mHasFeature) {
4937            return;
4938        }
4939        Preconditions.checkNotNull(who, "ComponentName is null");
4940        Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number.");
4941        // timeoutMs with value 0 means that the admin doesn't participate
4942        // timeoutMs is clamped to the interval in case the internal constants change in the future
4943        final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs();
4944        if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) {
4945            timeoutMs = minimumStrongAuthTimeout;
4946        }
4947        if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) {
4948            timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
4949        }
4950
4951        final int userHandle = mInjector.userHandleGetCallingUserId();
4952        synchronized (this) {
4953            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
4954                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent);
4955            if (ap.strongAuthUnlockTimeout != timeoutMs) {
4956                ap.strongAuthUnlockTimeout = timeoutMs;
4957                saveSettingsLocked(userHandle);
4958            }
4959        }
4960    }
4961
4962    /**
4963     * Return a single admin's strong auth unlock timeout or minimum value (strictest) of all
4964     * admins if who is null.
4965     * Returns 0 if not configured for the provided admin.
4966     */
4967    @Override
4968    public long getRequiredStrongAuthTimeout(ComponentName who, int userId, boolean parent) {
4969        if (!mHasFeature) {
4970            return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
4971        }
4972        enforceFullCrossUsersPermission(userId);
4973        synchronized (this) {
4974            if (who != null) {
4975                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent);
4976                return admin != null ? admin.strongAuthUnlockTimeout : 0;
4977            }
4978
4979            // Return the strictest policy across all participating admins.
4980            List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userId, parent);
4981
4982            long strongAuthUnlockTimeout = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
4983            for (int i = 0; i < admins.size(); i++) {
4984                final long timeout = admins.get(i).strongAuthUnlockTimeout;
4985                if (timeout != 0) { // take only participating admins into account
4986                    strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout);
4987                }
4988            }
4989            return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs());
4990        }
4991    }
4992
4993    private long getMinimumStrongAuthTimeoutMs() {
4994        if (!mInjector.isBuildDebuggable()) {
4995            return MINIMUM_STRONG_AUTH_TIMEOUT_MS;
4996        }
4997        // ideally the property was named persist.sys.min_strong_auth_timeout, but system property
4998        // name cannot be longer than 31 characters
4999        return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo",
5000                MINIMUM_STRONG_AUTH_TIMEOUT_MS),
5001                MINIMUM_STRONG_AUTH_TIMEOUT_MS);
5002    }
5003
5004    @Override
5005    public void lockNow(int flags, boolean parent) {
5006        if (!mHasFeature) {
5007            return;
5008        }
5009
5010        final int callingUserId = mInjector.userHandleGetCallingUserId();
5011        synchronized (this) {
5012            // This API can only be called by an active device admin,
5013            // so try to retrieve it to check that the caller is one.
5014            final ActiveAdmin admin = getActiveAdminForCallerLocked(
5015                    null, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent);
5016
5017            final long ident = mInjector.binderClearCallingIdentity();
5018            try {
5019                // Evict key
5020                if ((flags & DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY) != 0) {
5021                    enforceManagedProfile(
5022                            callingUserId, "set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY");
5023                    if (!isProfileOwner(admin.info.getComponent(), callingUserId)) {
5024                        throw new SecurityException("Only profile owner admins can set "
5025                                + "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY");
5026                    }
5027                    if (parent) {
5028                        throw new IllegalArgumentException(
5029                                "Cannot set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY for the parent");
5030                    }
5031                    if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
5032                        throw new UnsupportedOperationException(
5033                                "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY only applies to FBE devices");
5034                    }
5035                    mUserManager.evictCredentialEncryptionKey(callingUserId);
5036                }
5037
5038                // Lock all users unless this is a managed profile with a separate challenge
5039                final int userToLock = (parent || !isSeparateProfileChallengeEnabled(callingUserId)
5040                        ? UserHandle.USER_ALL : callingUserId);
5041                mLockPatternUtils.requireStrongAuth(
5042                        STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, userToLock);
5043
5044                // Require authentication for the device or profile
5045                if (userToLock == UserHandle.USER_ALL) {
5046                    // Power off the display
5047                    mInjector.powerManagerGoToSleep(SystemClock.uptimeMillis(),
5048                            PowerManager.GO_TO_SLEEP_REASON_DEVICE_ADMIN, 0);
5049                    mInjector.getIWindowManager().lockNow(null);
5050                } else {
5051                    mInjector.getTrustManager().setDeviceLockedForUser(userToLock, true);
5052                }
5053            } catch (RemoteException e) {
5054            } finally {
5055                mInjector.binderRestoreCallingIdentity(ident);
5056            }
5057        }
5058    }
5059
5060    @Override
5061    public void enforceCanManageCaCerts(ComponentName who, String callerPackage) {
5062        if (who == null) {
5063            if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) {
5064                mContext.enforceCallingOrSelfPermission(MANAGE_CA_CERTIFICATES, null);
5065            }
5066        } else {
5067            enforceProfileOrDeviceOwner(who);
5068        }
5069    }
5070
5071    private void enforceProfileOrDeviceOwner(ComponentName who) {
5072        synchronized (this) {
5073            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5074        }
5075    }
5076
5077    @Override
5078    public boolean approveCaCert(String alias, int userId, boolean approval) {
5079        enforceManageUsers();
5080        synchronized (this) {
5081            Set<String> certs = getUserData(userId).mAcceptedCaCertificates;
5082            boolean changed = (approval ? certs.add(alias) : certs.remove(alias));
5083            if (!changed) {
5084                return false;
5085            }
5086            saveSettingsLocked(userId);
5087        }
5088        mCertificateMonitor.onCertificateApprovalsChanged(userId);
5089        return true;
5090    }
5091
5092    @Override
5093    public boolean isCaCertApproved(String alias, int userId) {
5094        enforceManageUsers();
5095        synchronized (this) {
5096            return getUserData(userId).mAcceptedCaCertificates.contains(alias);
5097        }
5098    }
5099
5100    private void removeCaApprovalsIfNeeded(int userId) {
5101        for (UserInfo userInfo : mUserManager.getProfiles(userId)) {
5102            boolean isSecure = mLockPatternUtils.isSecure(userInfo.id);
5103            if (userInfo.isManagedProfile()){
5104                isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id));
5105            }
5106            if (!isSecure) {
5107                synchronized (this) {
5108                    getUserData(userInfo.id).mAcceptedCaCertificates.clear();
5109                    saveSettingsLocked(userInfo.id);
5110                }
5111                mCertificateMonitor.onCertificateApprovalsChanged(userId);
5112            }
5113        }
5114    }
5115
5116    @Override
5117    public boolean installCaCert(ComponentName admin, String callerPackage, byte[] certBuffer)
5118            throws RemoteException {
5119        if (!mHasFeature) {
5120            return false;
5121        }
5122        enforceCanManageCaCerts(admin, callerPackage);
5123
5124        final String alias;
5125
5126        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
5127        final long id = mInjector.binderClearCallingIdentity();
5128        try {
5129            alias = mCertificateMonitor.installCaCert(userHandle, certBuffer);
5130            if (alias == null) {
5131                Log.w(LOG_TAG, "Problem installing cert");
5132                return false;
5133            }
5134        } finally {
5135            mInjector.binderRestoreCallingIdentity(id);
5136        }
5137
5138        synchronized (this) {
5139            getUserData(userHandle.getIdentifier()).mOwnerInstalledCaCerts.add(alias);
5140            saveSettingsLocked(userHandle.getIdentifier());
5141        }
5142        return true;
5143    }
5144
5145    @Override
5146    public void uninstallCaCerts(ComponentName admin, String callerPackage, String[] aliases) {
5147        if (!mHasFeature) {
5148            return;
5149        }
5150        enforceCanManageCaCerts(admin, callerPackage);
5151
5152        final int userId = mInjector.userHandleGetCallingUserId();
5153        final long id = mInjector.binderClearCallingIdentity();
5154        try {
5155            mCertificateMonitor.uninstallCaCerts(UserHandle.of(userId), aliases);
5156        } finally {
5157            mInjector.binderRestoreCallingIdentity(id);
5158        }
5159
5160        synchronized (this) {
5161            if (getUserData(userId).mOwnerInstalledCaCerts.removeAll(Arrays.asList(aliases))) {
5162                saveSettingsLocked(userId);
5163            }
5164        }
5165    }
5166
5167    @Override
5168    public boolean installKeyPair(ComponentName who, String callerPackage, byte[] privKey,
5169            byte[] cert, byte[] chain, String alias, boolean requestAccess,
5170            boolean isUserSelectable) {
5171        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5172                DELEGATION_CERT_INSTALL);
5173
5174
5175        final int callingUid = mInjector.binderGetCallingUid();
5176        final long id = mInjector.binderClearCallingIdentity();
5177        try {
5178            final KeyChainConnection keyChainConnection =
5179                    KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid));
5180            try {
5181                IKeyChainService keyChain = keyChainConnection.getService();
5182                if (!keyChain.installKeyPair(privKey, cert, chain, alias)) {
5183                    return false;
5184                }
5185                if (requestAccess) {
5186                    keyChain.setGrant(callingUid, alias, true);
5187                }
5188                keyChain.setUserSelectable(alias, isUserSelectable);
5189                return true;
5190            } catch (RemoteException e) {
5191                Log.e(LOG_TAG, "Installing certificate", e);
5192            } finally {
5193                keyChainConnection.close();
5194            }
5195        } catch (InterruptedException e) {
5196            Log.w(LOG_TAG, "Interrupted while installing certificate", e);
5197            Thread.currentThread().interrupt();
5198        } finally {
5199            mInjector.binderRestoreCallingIdentity(id);
5200        }
5201        return false;
5202    }
5203
5204    @Override
5205    public boolean removeKeyPair(ComponentName who, String callerPackage, String alias) {
5206        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5207                DELEGATION_CERT_INSTALL);
5208
5209        final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId());
5210        final long id = Binder.clearCallingIdentity();
5211        try {
5212            final KeyChainConnection keyChainConnection = KeyChain.bindAsUser(mContext, userHandle);
5213            try {
5214                IKeyChainService keyChain = keyChainConnection.getService();
5215                return keyChain.removeKeyPair(alias);
5216            } catch (RemoteException e) {
5217                Log.e(LOG_TAG, "Removing keypair", e);
5218            } finally {
5219                keyChainConnection.close();
5220            }
5221        } catch (InterruptedException e) {
5222            Log.w(LOG_TAG, "Interrupted while removing keypair", e);
5223            Thread.currentThread().interrupt();
5224        } finally {
5225            Binder.restoreCallingIdentity(id);
5226        }
5227        return false;
5228    }
5229
5230    private void enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner(
5231            ComponentName who, String callerPackage, int callerUid) throws SecurityException {
5232        if (who == null) {
5233            if (!mOwners.hasDeviceOwner()) {
5234                throw new SecurityException("Not in Device Owner mode.");
5235            }
5236            if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) {
5237                throw new SecurityException("Caller not from device owner user");
5238            }
5239            if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) {
5240                throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() +
5241                        "has no permission to generate keys.");
5242            }
5243        } else {
5244            // Caller provided - check it is the device owner.
5245            synchronized (this) {
5246                getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
5247            }
5248        }
5249    }
5250
5251    @VisibleForTesting
5252    public static int[] translateIdAttestationFlags(
5253            int idAttestationFlags) {
5254        Map<Integer, Integer> idTypeToAttestationFlag = new HashMap();
5255        idTypeToAttestationFlag.put(ID_TYPE_SERIAL, AttestationUtils.ID_TYPE_SERIAL);
5256        idTypeToAttestationFlag.put(ID_TYPE_IMEI, AttestationUtils.ID_TYPE_IMEI);
5257        idTypeToAttestationFlag.put(ID_TYPE_MEID, AttestationUtils.ID_TYPE_MEID);
5258
5259        int numFlagsSet = Integer.bitCount(idAttestationFlags);
5260        // No flags are set - return null to indicate no device ID attestation information should
5261        // be included in the attestation record.
5262        if (numFlagsSet == 0) {
5263            return null;
5264        }
5265
5266        // If the ID_TYPE_BASE_INFO is set, make sure that a non-null array is returned, even if
5267        // no other flag is set. That will lead to inclusion of general device make data in the
5268        // attestation record, but no specific device identifiers.
5269        if ((idAttestationFlags & ID_TYPE_BASE_INFO) != 0) {
5270            numFlagsSet -= 1;
5271            idAttestationFlags = idAttestationFlags & (~ID_TYPE_BASE_INFO);
5272        }
5273
5274        int[] attestationUtilsFlags = new int[numFlagsSet];
5275        int i = 0;
5276        for (Integer idType: idTypeToAttestationFlag.keySet()) {
5277            if ((idType & idAttestationFlags) != 0) {
5278                attestationUtilsFlags[i++] = idTypeToAttestationFlag.get(idType);
5279            }
5280        }
5281
5282        return attestationUtilsFlags;
5283    }
5284
5285    @Override
5286    public boolean generateKeyPair(ComponentName who, String callerPackage, String algorithm,
5287            ParcelableKeyGenParameterSpec parcelableKeySpec,
5288            int idAttestationFlags,
5289            KeymasterCertificateChain attestationChain) {
5290        // Get attestation flags, if any.
5291        final int[] attestationUtilsFlags = translateIdAttestationFlags(idAttestationFlags);
5292        final boolean deviceIdAttestationRequired = attestationUtilsFlags != null;
5293        final int callingUid = mInjector.binderGetCallingUid();
5294
5295        if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) {
5296            enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner(who, callerPackage, callingUid);
5297        } else {
5298            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5299                    DELEGATION_CERT_INSTALL);
5300        }
5301        final KeyGenParameterSpec keySpec = parcelableKeySpec.getSpec();
5302        final String alias = keySpec.getKeystoreAlias();
5303        if (TextUtils.isEmpty(alias)) {
5304            throw new IllegalArgumentException("Empty alias provided.");
5305        }
5306        // As the caller will be granted access to the key, ensure no UID was specified, as
5307        // it will not have the desired effect.
5308        if (keySpec.getUid() != KeyStore.UID_SELF) {
5309            Log.e(LOG_TAG, "Only the caller can be granted access to the generated keypair.");
5310            return false;
5311        }
5312
5313        if (deviceIdAttestationRequired && (keySpec.getAttestationChallenge() == null)) {
5314            throw new IllegalArgumentException(
5315                    "Requested Device ID attestation but challenge is empty.");
5316        }
5317
5318        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
5319        final long id = mInjector.binderClearCallingIdentity();
5320        try {
5321            try (KeyChainConnection keyChainConnection =
5322                    KeyChain.bindAsUser(mContext, userHandle)) {
5323                IKeyChainService keyChain = keyChainConnection.getService();
5324
5325                // Copy the provided keySpec, excluding the attestation challenge, which will be
5326                // used later for requesting key attestation record.
5327                final KeyGenParameterSpec noAttestationSpec =
5328                    new KeyGenParameterSpec.Builder(keySpec)
5329                        .setAttestationChallenge(null)
5330                        .build();
5331
5332                final boolean generationResult = keyChain.generateKeyPair(algorithm,
5333                    new ParcelableKeyGenParameterSpec(noAttestationSpec));
5334                if (!generationResult) {
5335                    Log.e(LOG_TAG, "KeyChain failed to generate a keypair.");
5336                    return false;
5337                }
5338
5339                // Set a grant for the caller here so that when the client calls
5340                // requestPrivateKey, it will be able to get the key from Keystore.
5341                // Note the use of the calling  UID, since the request for the private
5342                // key will come from the client's process, so the grant has to be for
5343                // that UID.
5344                keyChain.setGrant(callingUid, alias, true);
5345
5346                final byte[] attestationChallenge = keySpec.getAttestationChallenge();
5347                if (attestationChallenge != null) {
5348                    final boolean attestationResult = keyChain.attestKey(
5349                            alias, attestationChallenge, attestationUtilsFlags, attestationChain);
5350                    if (!attestationResult) {
5351                        Log.e(LOG_TAG, String.format(
5352                                "Attestation for %s failed, deleting key.", alias));
5353                        keyChain.removeKeyPair(alias);
5354                        return false;
5355                    }
5356                }
5357                return true;
5358            }
5359        } catch (RemoteException e) {
5360            Log.e(LOG_TAG, "KeyChain error while generating a keypair", e);
5361        } catch (InterruptedException e) {
5362            Log.w(LOG_TAG, "Interrupted while generating keypair", e);
5363            Thread.currentThread().interrupt();
5364        } finally {
5365            mInjector.binderRestoreCallingIdentity(id);
5366        }
5367        return false;
5368    }
5369
5370    @Override
5371    public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias,
5372            byte[] cert, byte[] chain, boolean isUserSelectable) {
5373        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
5374                DELEGATION_CERT_INSTALL);
5375
5376        final int callingUid = mInjector.binderGetCallingUid();
5377        final long id = mInjector.binderClearCallingIdentity();
5378        try (final KeyChainConnection keyChainConnection =
5379                KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid))) {
5380            IKeyChainService keyChain = keyChainConnection.getService();
5381            if (!keyChain.setKeyPairCertificate(alias, cert, chain)) {
5382                return false;
5383            }
5384            keyChain.setUserSelectable(alias, isUserSelectable);
5385            return true;
5386        } catch (InterruptedException e) {
5387            Log.w(LOG_TAG, "Interrupted while setting keypair certificate", e);
5388            Thread.currentThread().interrupt();
5389        } catch (RemoteException e) {
5390            Log.e(LOG_TAG, "Failed setting keypair certificate", e);
5391        } finally {
5392            mInjector.binderRestoreCallingIdentity(id);
5393        }
5394        return false;
5395    }
5396
5397    @Override
5398    public void choosePrivateKeyAlias(final int uid, final Uri uri, final String alias,
5399            final IBinder response) {
5400        // Caller UID needs to be trusted, so we restrict this method to SYSTEM_UID callers.
5401        if (!isCallerWithSystemUid()) {
5402            return;
5403        }
5404
5405        final UserHandle caller = mInjector.binderGetCallingUserHandle();
5406        // If there is a profile owner, redirect to that; otherwise query the device owner.
5407        ComponentName aliasChooser = getProfileOwner(caller.getIdentifier());
5408        if (aliasChooser == null && caller.isSystem()) {
5409            ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
5410            if (deviceOwnerAdmin != null) {
5411                aliasChooser = deviceOwnerAdmin.info.getComponent();
5412            }
5413        }
5414        if (aliasChooser == null) {
5415            sendPrivateKeyAliasResponse(null, response);
5416            return;
5417        }
5418
5419        Intent intent = new Intent(DeviceAdminReceiver.ACTION_CHOOSE_PRIVATE_KEY_ALIAS);
5420        intent.setComponent(aliasChooser);
5421        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, uid);
5422        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_URI, uri);
5423        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_ALIAS, alias);
5424        intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE, response);
5425        intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
5426
5427        final long id = mInjector.binderClearCallingIdentity();
5428        try {
5429            mContext.sendOrderedBroadcastAsUser(intent, caller, null, new BroadcastReceiver() {
5430                @Override
5431                public void onReceive(Context context, Intent intent) {
5432                    final String chosenAlias = getResultData();
5433                    sendPrivateKeyAliasResponse(chosenAlias, response);
5434                }
5435            }, null, Activity.RESULT_OK, null, null);
5436        } finally {
5437            mInjector.binderRestoreCallingIdentity(id);
5438        }
5439    }
5440
5441    private void sendPrivateKeyAliasResponse(final String alias, final IBinder responseBinder) {
5442        final IKeyChainAliasCallback keyChainAliasResponse =
5443                IKeyChainAliasCallback.Stub.asInterface(responseBinder);
5444        // Send the response. It's OK to do this from the main thread because IKeyChainAliasCallback
5445        // is oneway, which means it won't block if the recipient lives in another process.
5446        try {
5447            keyChainAliasResponse.alias(alias);
5448        } catch (Exception e) {
5449            // Caller could throw RuntimeException or RemoteException back across processes. Catch
5450            // everything just to be sure.
5451            Log.e(LOG_TAG, "error while responding to callback", e);
5452        }
5453    }
5454
5455    /**
5456     * Determine whether DPMS should check if a delegate package is already installed before
5457     * granting it new delegations via {@link #setDelegatedScopes}.
5458     */
5459    private static boolean shouldCheckIfDelegatePackageIsInstalled(String delegatePackage,
5460            int targetSdk, List<String> scopes) {
5461        // 1) Never skip is installed check from N.
5462        if (targetSdk >= Build.VERSION_CODES.N) {
5463            return true;
5464        }
5465        // 2) Skip if DELEGATION_CERT_INSTALL is the only scope being given.
5466        if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL)) {
5467            return false;
5468        }
5469        // 3) Skip if all previously granted scopes are being cleared.
5470        if (scopes.isEmpty()) {
5471            return false;
5472        }
5473        // Otherwise it should check that delegatePackage is installed.
5474        return true;
5475    }
5476
5477    /**
5478     * Set the scopes of a device owner or profile owner delegate.
5479     *
5480     * @param who the device owner or profile owner.
5481     * @param delegatePackage the name of the delegate package.
5482     * @param scopes the list of delegation scopes to be given to the delegate package.
5483     */
5484    @Override
5485    public void setDelegatedScopes(ComponentName who, String delegatePackage,
5486            List<String> scopes) throws SecurityException {
5487        Preconditions.checkNotNull(who, "ComponentName is null");
5488        Preconditions.checkStringNotEmpty(delegatePackage, "Delegate package is null or empty");
5489        Preconditions.checkCollectionElementsNotNull(scopes, "Scopes");
5490        // Remove possible duplicates.
5491        scopes = new ArrayList(new ArraySet(scopes));
5492        // Ensure given scopes are valid.
5493        if (scopes.retainAll(Arrays.asList(DELEGATIONS))) {
5494            throw new IllegalArgumentException("Unexpected delegation scopes");
5495        }
5496
5497        // Retrieve the user ID of the calling process.
5498        final int userId = mInjector.userHandleGetCallingUserId();
5499        synchronized (this) {
5500            // Ensure calling process is device/profile owner.
5501            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5502            // Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N).
5503            if (shouldCheckIfDelegatePackageIsInstalled(delegatePackage,
5504                        getTargetSdk(who.getPackageName(), userId), scopes)) {
5505                // Throw when the delegate package is not installed.
5506                if (!isPackageInstalledForUser(delegatePackage, userId)) {
5507                    throw new IllegalArgumentException("Package " + delegatePackage
5508                            + " is not installed on the current user");
5509                }
5510            }
5511
5512            // Set the new delegate in user policies.
5513            final DevicePolicyData policy = getUserData(userId);
5514            if (!scopes.isEmpty()) {
5515                policy.mDelegationMap.put(delegatePackage, new ArrayList<>(scopes));
5516            } else {
5517                // Remove any delegation info if the given scopes list is empty.
5518                policy.mDelegationMap.remove(delegatePackage);
5519            }
5520
5521            // Notify delegate package of updates.
5522            final Intent intent = new Intent(
5523                    DevicePolicyManager.ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED);
5524            // Only call receivers registered with Context#registerReceiver (don’t wake delegate).
5525            intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
5526            // Limit components this intent resolves to to the delegate package.
5527            intent.setPackage(delegatePackage);
5528            // Include the list of delegated scopes as an extra.
5529            intent.putStringArrayListExtra(DevicePolicyManager.EXTRA_DELEGATION_SCOPES,
5530                    (ArrayList<String>) scopes);
5531            // Send the broadcast.
5532            mContext.sendBroadcastAsUser(intent, UserHandle.of(userId));
5533
5534            // Persist updates.
5535            saveSettingsLocked(userId);
5536        }
5537    }
5538
5539    /**
5540     * Get the delegation scopes given to a delegate package by a device owner or profile owner.
5541     *
5542     * A DO/PO can get the scopes of any package. A non DO/PO package can get its own scopes by
5543     * passing in {@code null} as the {@code who} parameter and its own name as the
5544     * {@code delegatepackage}.
5545     *
5546     * @param who the device owner or profile owner, or {@code null} if the caller is
5547     *            {@code delegatePackage}.
5548     * @param delegatePackage the name of the delegate package whose scopes are to be retrieved.
5549     * @return a list of the delegation scopes currently given to {@code delegatePackage}.
5550     */
5551    @Override
5552    @NonNull
5553    public List<String> getDelegatedScopes(ComponentName who,
5554            String delegatePackage) throws SecurityException {
5555        Preconditions.checkNotNull(delegatePackage, "Delegate package is null");
5556
5557        // Retrieve the user ID of the calling process.
5558        final int callingUid = mInjector.binderGetCallingUid();
5559        final int userId = UserHandle.getUserId(callingUid);
5560        synchronized (this) {
5561            // Ensure calling process is device/profile owner.
5562            if (who != null) {
5563                getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5564            // Or ensure calling process is delegatePackage itself.
5565            } else {
5566                int uid = 0;
5567                try {
5568                  uid = mInjector.getPackageManager()
5569                          .getPackageUidAsUser(delegatePackage, userId);
5570                } catch(NameNotFoundException e) {
5571                }
5572                if (uid != callingUid) {
5573                    throw new SecurityException("Caller with uid " + callingUid + " is not "
5574                            + delegatePackage);
5575                }
5576            }
5577            final DevicePolicyData policy = getUserData(userId);
5578            // Retrieve the scopes assigned to delegatePackage, or null if no scope was given.
5579            final List<String> scopes = policy.mDelegationMap.get(delegatePackage);
5580            return scopes == null ? Collections.EMPTY_LIST : scopes;
5581        }
5582    }
5583
5584    /**
5585     * Get a list of  packages that were given a specific delegation scopes by a device owner or
5586     * profile owner.
5587     *
5588     * @param who the device owner or profile owner.
5589     * @param scope the scope whose delegates are to be retrieved.
5590     * @return a list of the delegate packages currently given the {@code scope} delegation.
5591     */
5592    @NonNull
5593    public List<String> getDelegatePackages(ComponentName who, String scope)
5594            throws SecurityException {
5595        Preconditions.checkNotNull(who, "ComponentName is null");
5596        Preconditions.checkNotNull(scope, "Scope is null");
5597        if (!Arrays.asList(DELEGATIONS).contains(scope)) {
5598            throw new IllegalArgumentException("Unexpected delegation scope: " + scope);
5599        }
5600
5601        // Retrieve the user ID of the calling process.
5602        final int userId = mInjector.userHandleGetCallingUserId();
5603        synchronized (this) {
5604            // Ensure calling process is device/profile owner.
5605            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5606            final DevicePolicyData policy = getUserData(userId);
5607
5608            // Create a list to hold the resulting delegate packages.
5609            final List<String> delegatePackagesWithScope = new ArrayList<>();
5610            // Add all delegations containing scope to the result list.
5611            for (int i = 0; i < policy.mDelegationMap.size(); i++) {
5612                if (policy.mDelegationMap.valueAt(i).contains(scope)) {
5613                    delegatePackagesWithScope.add(policy.mDelegationMap.keyAt(i));
5614                }
5615            }
5616            return delegatePackagesWithScope;
5617        }
5618    }
5619
5620    /**
5621     * Check whether a caller application has been delegated a given scope via
5622     * {@link #setDelegatedScopes} to access privileged APIs on the behalf of a profile owner or
5623     * device owner.
5624     * <p>
5625     * This is done by checking that {@code callerPackage} was granted {@code scope} delegation and
5626     * then comparing the calling UID with the UID of {@code callerPackage} as reported by
5627     * {@link PackageManager#getPackageUidAsUser}.
5628     *
5629     * @param callerPackage the name of the package that is trying to invoke a function in the DPMS.
5630     * @param scope the delegation scope to be checked.
5631     * @return {@code true} if the calling process is a delegate of {@code scope}.
5632     */
5633    private boolean isCallerDelegate(String callerPackage, String scope) {
5634        Preconditions.checkNotNull(callerPackage, "callerPackage is null");
5635        if (!Arrays.asList(DELEGATIONS).contains(scope)) {
5636            throw new IllegalArgumentException("Unexpected delegation scope: " + scope);
5637        }
5638
5639        // Retrieve the UID and user ID of the calling process.
5640        final int callingUid = mInjector.binderGetCallingUid();
5641        final int userId = UserHandle.getUserId(callingUid);
5642        synchronized (this) {
5643            // Retrieve user policy data.
5644            final DevicePolicyData policy = getUserData(userId);
5645            // Retrieve the list of delegation scopes granted to callerPackage.
5646            final List<String> scopes = policy.mDelegationMap.get(callerPackage);
5647            // Check callingUid only if callerPackage has the required scope delegation.
5648            if (scopes != null && scopes.contains(scope)) {
5649                try {
5650                    // Retrieve the expected UID for callerPackage.
5651                    final int uid = mInjector.getPackageManager()
5652                            .getPackageUidAsUser(callerPackage, userId);
5653                    // Return true if the caller is actually callerPackage.
5654                    return uid == callingUid;
5655                } catch (NameNotFoundException e) {
5656                    // Ignore.
5657                }
5658            }
5659            return false;
5660        }
5661    }
5662
5663    /**
5664     * Throw a security exception if a ComponentName is given and it is not a device/profile owner
5665     * or if the calling process is not a delegate of the given scope.
5666     *
5667     * @param who the device owner of profile owner, or null if {@code callerPackage} is a
5668     *            {@code scope} delegate.
5669     * @param callerPackage the name of the calling package. Required if {@code who} is
5670     *            {@code null}.
5671     * @param reqPolicy the policy used in the API whose access permission is being checked.
5672     * @param scope the delegation scope corresponding to the API being checked.
5673     * @throws SecurityException if {@code who} is given and is not an owner for {@code reqPolicy};
5674     *            or when {@code who} is {@code null} and {@code callerPackage} is not a delegate
5675     *            of {@code scope}.
5676     */
5677    private void enforceCanManageScope(ComponentName who, String callerPackage, int reqPolicy,
5678            String scope) {
5679        // If a ComponentName is given ensure it is a device or profile owner according to policy.
5680        if (who != null) {
5681            synchronized (this) {
5682                getActiveAdminForCallerLocked(who, reqPolicy);
5683            }
5684        // If no ComponentName is given ensure calling process has scope delegation.
5685        } else if (!isCallerDelegate(callerPackage, scope)) {
5686            throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid()
5687                    + " is not a delegate of scope " + scope + ".");
5688        }
5689    }
5690
5691    /**
5692     * Helper function to preserve delegation behavior pre-O when using the deprecated functions
5693     * {@code #setCertInstallerPackage} and {@code #setApplicationRestrictionsManagingPackage}.
5694     */
5695    private void setDelegatedScopePreO(ComponentName who,
5696            String delegatePackage, String scope) {
5697        Preconditions.checkNotNull(who, "ComponentName is null");
5698
5699        final int userId = mInjector.userHandleGetCallingUserId();
5700        synchronized(this) {
5701            // Ensure calling process is device/profile owner.
5702            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
5703            final DevicePolicyData policy = getUserData(userId);
5704
5705            if (delegatePackage != null) {
5706                // Set package as a delegate for scope if it is not already one.
5707                List<String> scopes = policy.mDelegationMap.get(delegatePackage);
5708                if (scopes == null) {
5709                    scopes = new ArrayList<>();
5710                }
5711                if (!scopes.contains(scope)) {
5712                    scopes.add(scope);
5713                    setDelegatedScopes(who, delegatePackage, scopes);
5714                }
5715            }
5716
5717            // Clear any existing scope delegates.
5718            for (int i = 0; i < policy.mDelegationMap.size(); i++) {
5719                final String currentPackage = policy.mDelegationMap.keyAt(i);
5720                final List<String> currentScopes = policy.mDelegationMap.valueAt(i);
5721
5722                if (!currentPackage.equals(delegatePackage) && currentScopes.contains(scope)) {
5723                    final List<String> newScopes = new ArrayList(currentScopes);
5724                    newScopes.remove(scope);
5725                    setDelegatedScopes(who, currentPackage, newScopes);
5726                }
5727            }
5728        }
5729    }
5730
5731    @Override
5732    public void setCertInstallerPackage(ComponentName who, String installerPackage)
5733            throws SecurityException {
5734        setDelegatedScopePreO(who, installerPackage, DELEGATION_CERT_INSTALL);
5735    }
5736
5737    @Override
5738    public String getCertInstallerPackage(ComponentName who) throws SecurityException {
5739        final List<String> delegatePackages = getDelegatePackages(who, DELEGATION_CERT_INSTALL);
5740        return delegatePackages.size() > 0 ? delegatePackages.get(0) : null;
5741    }
5742
5743    /**
5744     * @return {@code true} if the package is installed and set as always-on, {@code false} if it is
5745     * not installed and therefore not available.
5746     *
5747     * @throws SecurityException if the caller is not a profile or device owner.
5748     * @throws UnsupportedOperationException if the package does not support being set as always-on.
5749     */
5750    @Override
5751    public boolean setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdown)
5752            throws SecurityException {
5753        enforceProfileOrDeviceOwner(admin);
5754
5755        final int userId = mInjector.userHandleGetCallingUserId();
5756        final long token = mInjector.binderClearCallingIdentity();
5757        try {
5758            if (vpnPackage != null && !isPackageInstalledForUser(vpnPackage, userId)) {
5759                return false;
5760            }
5761            ConnectivityManager connectivityManager = (ConnectivityManager)
5762                    mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
5763            if (!connectivityManager.setAlwaysOnVpnPackageForUser(userId, vpnPackage, lockdown)) {
5764                throw new UnsupportedOperationException();
5765            }
5766        } finally {
5767            mInjector.binderRestoreCallingIdentity(token);
5768        }
5769        return true;
5770    }
5771
5772    @Override
5773    public String getAlwaysOnVpnPackage(ComponentName admin)
5774            throws SecurityException {
5775        enforceProfileOrDeviceOwner(admin);
5776
5777        final int userId = mInjector.userHandleGetCallingUserId();
5778        final long token = mInjector.binderClearCallingIdentity();
5779        try{
5780            ConnectivityManager connectivityManager = (ConnectivityManager)
5781                    mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
5782            return connectivityManager.getAlwaysOnVpnPackageForUser(userId);
5783        } finally {
5784            mInjector.binderRestoreCallingIdentity(token);
5785        }
5786    }
5787
5788    private void forceWipeDeviceNoLock(boolean wipeExtRequested, String reason, boolean wipeEuicc) {
5789        wtfIfInLock();
5790
5791        if (wipeExtRequested) {
5792            StorageManager sm = (StorageManager) mContext.getSystemService(
5793                    Context.STORAGE_SERVICE);
5794            sm.wipeAdoptableDisks();
5795        }
5796        try {
5797            mInjector.recoverySystemRebootWipeUserData(
5798                    /*shutdown=*/ false, reason, /*force=*/ true, /*wipeEuicc=*/ wipeEuicc);
5799        } catch (IOException | SecurityException e) {
5800            Slog.w(LOG_TAG, "Failed requesting data wipe", e);
5801        }
5802    }
5803
5804    private void forceWipeUser(int userId, String wipeReasonForUser) {
5805        try {
5806            IActivityManager am = mInjector.getIActivityManager();
5807            if (am.getCurrentUser().id == userId) {
5808                am.switchUser(UserHandle.USER_SYSTEM);
5809            }
5810
5811            boolean userRemoved = mUserManagerInternal.removeUserEvenWhenDisallowed(userId);
5812            if (!userRemoved) {
5813                Slog.w(LOG_TAG, "Couldn't remove user " + userId);
5814            } else if (isManagedProfile(userId)) {
5815                sendWipeProfileNotification(wipeReasonForUser);
5816            }
5817        } catch (RemoteException re) {
5818            // Shouldn't happen
5819        }
5820    }
5821
5822    @Override
5823    public void wipeDataWithReason(int flags, String wipeReasonForUser) {
5824        if (!mHasFeature) {
5825            return;
5826        }
5827        Preconditions.checkStringNotEmpty(wipeReasonForUser, "wipeReasonForUser is null or empty");
5828        enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId());
5829
5830        final ActiveAdmin admin;
5831        synchronized (this) {
5832            admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA);
5833        }
5834        String internalReason = "DevicePolicyManager.wipeDataWithReason() from "
5835                + admin.info.getComponent().flattenToShortString();
5836        wipeDataNoLock(
5837                admin.info.getComponent(), flags, internalReason, wipeReasonForUser,
5838                admin.getUserHandle().getIdentifier());
5839    }
5840
5841    private void wipeDataNoLock(ComponentName admin, int flags, String internalReason,
5842                                String wipeReasonForUser, int userId) {
5843        wtfIfInLock();
5844
5845        long ident = mInjector.binderClearCallingIdentity();
5846        try {
5847            // First check whether the admin is allowed to wipe the device/user/profile.
5848            final String restriction;
5849            if (userId == UserHandle.USER_SYSTEM) {
5850                restriction = UserManager.DISALLOW_FACTORY_RESET;
5851            } else if (isManagedProfile(userId)) {
5852                restriction = UserManager.DISALLOW_REMOVE_MANAGED_PROFILE;
5853            } else {
5854                restriction = UserManager.DISALLOW_REMOVE_USER;
5855            }
5856            if (isAdminAffectedByRestriction(admin, restriction, userId)) {
5857                throw new SecurityException("Cannot wipe data. " + restriction
5858                        + " restriction is set for user " + userId);
5859            }
5860
5861            if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) {
5862                if (!isDeviceOwner(admin, userId)) {
5863                    throw new SecurityException(
5864                            "Only device owner admins can set WIPE_RESET_PROTECTION_DATA");
5865                }
5866                PersistentDataBlockManager manager = (PersistentDataBlockManager)
5867                        mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
5868                if (manager != null) {
5869                    manager.wipe();
5870                }
5871            }
5872
5873            // TODO If split user is enabled and the device owner is set in the primary user
5874            // (rather than system), we should probably trigger factory reset. Current code just
5875            // removes that user (but still clears FRP...)
5876            if (userId == UserHandle.USER_SYSTEM) {
5877                forceWipeDeviceNoLock(/*wipeExtRequested=*/ (
5878                        flags & WIPE_EXTERNAL_STORAGE) != 0,
5879                        internalReason,
5880                        /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0);
5881            } else {
5882                forceWipeUser(userId, wipeReasonForUser);
5883            }
5884        } finally {
5885            mInjector.binderRestoreCallingIdentity(ident);
5886        }
5887    }
5888
5889    private void sendWipeProfileNotification(String wipeReasonForUser) {
5890        Notification notification =
5891                new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN)
5892                        .setSmallIcon(android.R.drawable.stat_sys_warning)
5893                        .setContentTitle(mContext.getString(R.string.work_profile_deleted))
5894                        .setContentText(wipeReasonForUser)
5895                        .setColor(mContext.getColor(R.color.system_notification_accent_color))
5896                        .setStyle(new Notification.BigTextStyle().bigText(wipeReasonForUser))
5897                        .build();
5898        mInjector.getNotificationManager().notify(SystemMessage.NOTE_PROFILE_WIPED, notification);
5899    }
5900
5901    private void clearWipeProfileNotification() {
5902        mInjector.getNotificationManager().cancel(SystemMessage.NOTE_PROFILE_WIPED);
5903    }
5904
5905    @Override
5906    public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) {
5907        if (!mHasFeature) {
5908            return;
5909        }
5910        enforceFullCrossUsersPermission(userHandle);
5911        mContext.enforceCallingOrSelfPermission(
5912                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
5913
5914        synchronized (this) {
5915            ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle);
5916            if (admin == null) {
5917                result.sendResult(null);
5918                return;
5919            }
5920            Intent intent = new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED);
5921            intent.setFlags(Intent.FLAG_RECEIVER_FOREGROUND);
5922            intent.setComponent(admin.info.getComponent());
5923            mContext.sendOrderedBroadcastAsUser(intent, new UserHandle(userHandle),
5924                    null, new BroadcastReceiver() {
5925                @Override
5926                public void onReceive(Context context, Intent intent) {
5927                    result.sendResult(getResultExtras(false));
5928                }
5929            }, null, Activity.RESULT_OK, null, null);
5930        }
5931    }
5932
5933    /**
5934     * Notify DPMS regarding the metric of the current password. This happens when the user changes
5935     * the password, but also when the user just unlocks the keyguard. In comparison,
5936     * reportPasswordChanged() is only called when the user changes the password.
5937     */
5938    @Override
5939    public void setActivePasswordState(PasswordMetrics metrics, int userHandle) {
5940        if (!mHasFeature) {
5941            return;
5942        }
5943        enforceFullCrossUsersPermission(userHandle);
5944        mContext.enforceCallingOrSelfPermission(
5945                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
5946
5947        // If the managed profile doesn't have a separate password, set the metrics to default
5948        if (isManagedProfile(userHandle) && !isSeparateProfileChallengeEnabled(userHandle)) {
5949            metrics = new PasswordMetrics();
5950        }
5951
5952        validateQualityConstant(metrics.quality);
5953        DevicePolicyData policy = getUserData(userHandle);
5954        synchronized (this) {
5955            policy.mActivePasswordMetrics = metrics;
5956            policy.mPasswordStateHasBeenSetSinceBoot = true;
5957        }
5958    }
5959
5960    @Override
5961    public void reportPasswordChanged(@UserIdInt int userId) {
5962        if (!mHasFeature) {
5963            return;
5964        }
5965        enforceFullCrossUsersPermission(userId);
5966
5967        // Managed Profile password can only be changed when it has a separate challenge.
5968        if (!isSeparateProfileChallengeEnabled(userId)) {
5969            enforceNotManagedProfile(userId, "set the active password");
5970        }
5971
5972        mContext.enforceCallingOrSelfPermission(
5973                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
5974
5975        DevicePolicyData policy = getUserData(userId);
5976
5977        long ident = mInjector.binderClearCallingIdentity();
5978        try {
5979            synchronized (this) {
5980                policy.mFailedPasswordAttempts = 0;
5981                updatePasswordValidityCheckpointLocked(userId);
5982                saveSettingsLocked(userId);
5983                updatePasswordExpirationsLocked(userId);
5984                setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false);
5985
5986                // Send a broadcast to each profile using this password as its primary unlock.
5987                sendAdminCommandForLockscreenPoliciesLocked(
5988                        DeviceAdminReceiver.ACTION_PASSWORD_CHANGED,
5989                        DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userId);
5990            }
5991            removeCaApprovalsIfNeeded(userId);
5992        } finally {
5993            mInjector.binderRestoreCallingIdentity(ident);
5994        }
5995    }
5996
5997    /**
5998     * Called any time the device password is updated. Resets all password expiration clocks.
5999     */
6000    private void updatePasswordExpirationsLocked(int userHandle) {
6001        ArraySet<Integer> affectedUserIds = new ArraySet<Integer>();
6002        List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(
6003                userHandle, /* parent */ false);
6004        final int N = admins.size();
6005        for (int i = 0; i < N; i++) {
6006            ActiveAdmin admin = admins.get(i);
6007            if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
6008                affectedUserIds.add(admin.getUserHandle().getIdentifier());
6009                long timeout = admin.passwordExpirationTimeout;
6010                long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L;
6011                admin.passwordExpirationDate = expiration;
6012            }
6013        }
6014        for (int affectedUserId : affectedUserIds) {
6015            saveSettingsLocked(affectedUserId);
6016        }
6017    }
6018
6019    @Override
6020    public void reportFailedPasswordAttempt(int userHandle) {
6021        enforceFullCrossUsersPermission(userHandle);
6022        if (!isSeparateProfileChallengeEnabled(userHandle)) {
6023            enforceNotManagedProfile(userHandle,
6024                    "report failed password attempt if separate profile challenge is not in place");
6025        }
6026        mContext.enforceCallingOrSelfPermission(
6027                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6028
6029        boolean wipeData = false;
6030        ActiveAdmin strictestAdmin = null;
6031        final long ident = mInjector.binderClearCallingIdentity();
6032        try {
6033            synchronized (this) {
6034                DevicePolicyData policy = getUserData(userHandle);
6035                policy.mFailedPasswordAttempts++;
6036                saveSettingsLocked(userHandle);
6037                if (mHasFeature) {
6038                    strictestAdmin = getAdminWithMinimumFailedPasswordsForWipeLocked(
6039                            userHandle, /* parent */ false);
6040                    int max = strictestAdmin != null
6041                            ? strictestAdmin.maximumFailedPasswordsForWipe : 0;
6042                    if (max > 0 && policy.mFailedPasswordAttempts >= max) {
6043                        wipeData = true;
6044                    }
6045
6046                    sendAdminCommandForLockscreenPoliciesLocked(
6047                            DeviceAdminReceiver.ACTION_PASSWORD_FAILED,
6048                            DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);
6049                }
6050            }
6051        } finally {
6052            mInjector.binderRestoreCallingIdentity(ident);
6053        }
6054
6055        if (wipeData && strictestAdmin != null) {
6056            final int userId = strictestAdmin.getUserHandle().getIdentifier();
6057            Slog.i(LOG_TAG, "Max failed password attempts policy reached for admin: "
6058                    + strictestAdmin.info.getComponent().flattenToShortString()
6059                    + ". Calling wipeData for user " + userId);
6060
6061            // Attempt to wipe the device/user/profile associated with the admin, as if the
6062            // admin had called wipeData(). That way we can check whether the admin is actually
6063            // allowed to wipe the device (e.g. a regular device admin shouldn't be able to wipe the
6064            // device if the device owner has set DISALLOW_FACTORY_RESET, but the DO should be
6065            // able to do so).
6066            // IMPORTANT: Call without holding the lock to prevent deadlock.
6067            try {
6068                String wipeReasonForUser = mContext.getString(
6069                        R.string.work_profile_deleted_reason_maximum_password_failure);
6070                wipeDataNoLock(strictestAdmin.info.getComponent(),
6071                        /*flags=*/ 0,
6072                        /*reason=*/ "reportFailedPasswordAttempt()",
6073                        wipeReasonForUser,
6074                        userId);
6075            } catch (SecurityException e) {
6076                Slog.w(LOG_TAG, "Failed to wipe user " + userId
6077                        + " after max failed password attempts reached.", e);
6078            }
6079        }
6080
6081        if (mInjector.securityLogIsLoggingEnabled()) {
6082            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT,
6083                    /*result*/ 0,
6084                    /*method strength*/ 1);
6085        }
6086    }
6087
6088    @Override
6089    public void reportSuccessfulPasswordAttempt(int userHandle) {
6090        enforceFullCrossUsersPermission(userHandle);
6091        mContext.enforceCallingOrSelfPermission(
6092                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6093
6094        synchronized (this) {
6095            DevicePolicyData policy = getUserData(userHandle);
6096            if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) {
6097                long ident = mInjector.binderClearCallingIdentity();
6098                try {
6099                    policy.mFailedPasswordAttempts = 0;
6100                    policy.mPasswordOwner = -1;
6101                    saveSettingsLocked(userHandle);
6102                    if (mHasFeature) {
6103                        sendAdminCommandForLockscreenPoliciesLocked(
6104                                DeviceAdminReceiver.ACTION_PASSWORD_SUCCEEDED,
6105                                DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle);
6106                    }
6107                } finally {
6108                    mInjector.binderRestoreCallingIdentity(ident);
6109                }
6110            }
6111        }
6112
6113        if (mInjector.securityLogIsLoggingEnabled()) {
6114            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1,
6115                    /*method strength*/ 1);
6116        }
6117    }
6118
6119    @Override
6120    public void reportFailedFingerprintAttempt(int userHandle) {
6121        enforceFullCrossUsersPermission(userHandle);
6122        mContext.enforceCallingOrSelfPermission(
6123                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6124        if (mInjector.securityLogIsLoggingEnabled()) {
6125            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0,
6126                    /*method strength*/ 0);
6127        }
6128    }
6129
6130    @Override
6131    public void reportSuccessfulFingerprintAttempt(int userHandle) {
6132        enforceFullCrossUsersPermission(userHandle);
6133        mContext.enforceCallingOrSelfPermission(
6134                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6135        if (mInjector.securityLogIsLoggingEnabled()) {
6136            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1,
6137                    /*method strength*/ 0);
6138        }
6139    }
6140
6141    @Override
6142    public void reportKeyguardDismissed(int userHandle) {
6143        enforceFullCrossUsersPermission(userHandle);
6144        mContext.enforceCallingOrSelfPermission(
6145                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6146
6147        if (mInjector.securityLogIsLoggingEnabled()) {
6148            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED);
6149        }
6150    }
6151
6152    @Override
6153    public void reportKeyguardSecured(int userHandle) {
6154        enforceFullCrossUsersPermission(userHandle);
6155        mContext.enforceCallingOrSelfPermission(
6156                android.Manifest.permission.BIND_DEVICE_ADMIN, null);
6157
6158        if (mInjector.securityLogIsLoggingEnabled()) {
6159            SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED);
6160        }
6161    }
6162
6163    @Override
6164    public ComponentName setGlobalProxy(ComponentName who, String proxySpec,
6165            String exclusionList) {
6166        if (!mHasFeature) {
6167            return null;
6168        }
6169        synchronized(this) {
6170            Preconditions.checkNotNull(who, "ComponentName is null");
6171
6172            // Only check if system user has set global proxy. We don't allow other users to set it.
6173            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
6174            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
6175                    DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY);
6176
6177            // Scan through active admins and find if anyone has already
6178            // set the global proxy.
6179            Set<ComponentName> compSet = policy.mAdminMap.keySet();
6180            for (ComponentName component : compSet) {
6181                ActiveAdmin ap = policy.mAdminMap.get(component);
6182                if ((ap.specifiesGlobalProxy) && (!component.equals(who))) {
6183                    // Another admin already sets the global proxy
6184                    // Return it to the caller.
6185                    return component;
6186                }
6187            }
6188
6189            // If the user is not system, don't set the global proxy. Fail silently.
6190            if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) {
6191                Slog.w(LOG_TAG, "Only the owner is allowed to set the global proxy. User "
6192                        + UserHandle.getCallingUserId() + " is not permitted.");
6193                return null;
6194            }
6195            if (proxySpec == null) {
6196                admin.specifiesGlobalProxy = false;
6197                admin.globalProxySpec = null;
6198                admin.globalProxyExclusionList = null;
6199            } else {
6200
6201                admin.specifiesGlobalProxy = true;
6202                admin.globalProxySpec = proxySpec;
6203                admin.globalProxyExclusionList = exclusionList;
6204            }
6205
6206            // Reset the global proxy accordingly
6207            // Do this using system permissions, as apps cannot write to secure settings
6208            long origId = mInjector.binderClearCallingIdentity();
6209            try {
6210                resetGlobalProxyLocked(policy);
6211            } finally {
6212                mInjector.binderRestoreCallingIdentity(origId);
6213            }
6214            return null;
6215        }
6216    }
6217
6218    @Override
6219    public ComponentName getGlobalProxyAdmin(int userHandle) {
6220        if (!mHasFeature) {
6221            return null;
6222        }
6223        enforceFullCrossUsersPermission(userHandle);
6224        synchronized(this) {
6225            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
6226            // Scan through active admins and find if anyone has already
6227            // set the global proxy.
6228            final int N = policy.mAdminList.size();
6229            for (int i = 0; i < N; i++) {
6230                ActiveAdmin ap = policy.mAdminList.get(i);
6231                if (ap.specifiesGlobalProxy) {
6232                    // Device admin sets the global proxy
6233                    // Return it to the caller.
6234                    return ap.info.getComponent();
6235                }
6236            }
6237        }
6238        // No device admin sets the global proxy.
6239        return null;
6240    }
6241
6242    @Override
6243    public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) {
6244        synchronized (this) {
6245            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6246        }
6247        long token = mInjector.binderClearCallingIdentity();
6248        try {
6249            ConnectivityManager connectivityManager = (ConnectivityManager)
6250                    mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
6251            connectivityManager.setGlobalProxy(proxyInfo);
6252        } finally {
6253            mInjector.binderRestoreCallingIdentity(token);
6254        }
6255    }
6256
6257    private void resetGlobalProxyLocked(DevicePolicyData policy) {
6258        final int N = policy.mAdminList.size();
6259        for (int i = 0; i < N; i++) {
6260            ActiveAdmin ap = policy.mAdminList.get(i);
6261            if (ap.specifiesGlobalProxy) {
6262                saveGlobalProxyLocked(ap.globalProxySpec, ap.globalProxyExclusionList);
6263                return;
6264            }
6265        }
6266        // No device admins defining global proxies - reset global proxy settings to none
6267        saveGlobalProxyLocked(null, null);
6268    }
6269
6270    private void saveGlobalProxyLocked(String proxySpec, String exclusionList) {
6271        if (exclusionList == null) {
6272            exclusionList = "";
6273        }
6274        if (proxySpec == null) {
6275            proxySpec = "";
6276        }
6277        // Remove white spaces
6278        proxySpec = proxySpec.trim();
6279        String data[] = proxySpec.split(":");
6280        int proxyPort = 8080;
6281        if (data.length > 1) {
6282            try {
6283                proxyPort = Integer.parseInt(data[1]);
6284            } catch (NumberFormatException e) {}
6285        }
6286        exclusionList = exclusionList.trim();
6287
6288        ProxyInfo proxyProperties = new ProxyInfo(data[0], proxyPort, exclusionList);
6289        if (!proxyProperties.isValid()) {
6290            Slog.e(LOG_TAG, "Invalid proxy properties, ignoring: " + proxyProperties.toString());
6291            return;
6292        }
6293        mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_HOST, data[0]);
6294        mInjector.settingsGlobalPutInt(Settings.Global.GLOBAL_HTTP_PROXY_PORT, proxyPort);
6295        mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_EXCLUSION_LIST,
6296                exclusionList);
6297    }
6298
6299    /**
6300     * Set the storage encryption request for a single admin.  Returns the new total request
6301     * status (for all admins).
6302     */
6303    @Override
6304    public int setStorageEncryption(ComponentName who, boolean encrypt) {
6305        if (!mHasFeature) {
6306            return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6307        }
6308        Preconditions.checkNotNull(who, "ComponentName is null");
6309        final int userHandle = UserHandle.getCallingUserId();
6310        synchronized (this) {
6311            // Check for permissions
6312            // Only system user can set storage encryption
6313            if (userHandle != UserHandle.USER_SYSTEM) {
6314                Slog.w(LOG_TAG, "Only owner/system user is allowed to set storage encryption. User "
6315                        + UserHandle.getCallingUserId() + " is not permitted.");
6316                return 0;
6317            }
6318
6319            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
6320                    DeviceAdminInfo.USES_ENCRYPTED_STORAGE);
6321
6322            // Quick exit:  If the filesystem does not support encryption, we can exit early.
6323            if (!isEncryptionSupported()) {
6324                return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6325            }
6326
6327            // (1) Record the value for the admin so it's sticky
6328            if (ap.encryptionRequested != encrypt) {
6329                ap.encryptionRequested = encrypt;
6330                saveSettingsLocked(userHandle);
6331            }
6332
6333            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
6334            // (2) Compute "max" for all admins
6335            boolean newRequested = false;
6336            final int N = policy.mAdminList.size();
6337            for (int i = 0; i < N; i++) {
6338                newRequested |= policy.mAdminList.get(i).encryptionRequested;
6339            }
6340
6341            // Notify OS of new request
6342            setEncryptionRequested(newRequested);
6343
6344            // Return the new global request status
6345            return newRequested
6346                    ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
6347                    : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
6348        }
6349    }
6350
6351    /**
6352     * Get the current storage encryption request status for a given admin, or aggregate of all
6353     * active admins.
6354     */
6355    @Override
6356    public boolean getStorageEncryption(ComponentName who, int userHandle) {
6357        if (!mHasFeature) {
6358            return false;
6359        }
6360        enforceFullCrossUsersPermission(userHandle);
6361        synchronized (this) {
6362            // Check for permissions if a particular caller is specified
6363            if (who != null) {
6364                // When checking for a single caller, status is based on caller's request
6365                ActiveAdmin ap = getActiveAdminUncheckedLocked(who, userHandle);
6366                return ap != null ? ap.encryptionRequested : false;
6367            }
6368
6369            // If no particular caller is specified, return the aggregate set of requests.
6370            // This is short circuited by returning true on the first hit.
6371            DevicePolicyData policy = getUserData(userHandle);
6372            final int N = policy.mAdminList.size();
6373            for (int i = 0; i < N; i++) {
6374                if (policy.mAdminList.get(i).encryptionRequested) {
6375                    return true;
6376                }
6377            }
6378            return false;
6379        }
6380    }
6381
6382    /**
6383     * Get the current encryption status of the device.
6384     */
6385    @Override
6386    public int getStorageEncryptionStatus(@Nullable String callerPackage, int userHandle) {
6387        if (!mHasFeature) {
6388            // Ok to return current status.
6389        }
6390        enforceFullCrossUsersPermission(userHandle);
6391
6392        // It's not critical here, but let's make sure the package name is correct, in case
6393        // we start using it for different purposes.
6394        ensureCallerPackage(callerPackage);
6395
6396        final ApplicationInfo ai;
6397        try {
6398            ai = mIPackageManager.getApplicationInfo(callerPackage, 0, userHandle);
6399        } catch (RemoteException e) {
6400            throw new SecurityException(e);
6401        }
6402
6403        boolean legacyApp = false;
6404        if (ai.targetSdkVersion <= Build.VERSION_CODES.M) {
6405            legacyApp = true;
6406        }
6407
6408        final int rawStatus = getEncryptionStatus();
6409        if ((rawStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER) && legacyApp) {
6410            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
6411        }
6412        return rawStatus;
6413    }
6414
6415    /**
6416     * Hook to low-levels:  This should report if the filesystem supports encrypted storage.
6417     */
6418    private boolean isEncryptionSupported() {
6419        // Note, this can be implemented as
6420        //   return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6421        // But is provided as a separate internal method if there's a faster way to do a
6422        // simple check for supported-or-not.
6423        return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6424    }
6425
6426    /**
6427     * Hook to low-levels:  Reporting the current status of encryption.
6428     * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED},
6429     * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE},
6430     * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY},
6431     * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER}, or
6432     * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}.
6433     */
6434    private int getEncryptionStatus() {
6435        if (mInjector.storageManagerIsFileBasedEncryptionEnabled()) {
6436            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER;
6437        } else if (mInjector.storageManagerIsNonDefaultBlockEncrypted()) {
6438            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE;
6439        } else if (mInjector.storageManagerIsEncrypted()) {
6440            return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY;
6441        } else if (mInjector.storageManagerIsEncryptable()) {
6442            return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE;
6443        } else {
6444            return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
6445        }
6446    }
6447
6448    /**
6449     * Hook to low-levels:  If needed, record the new admin setting for encryption.
6450     */
6451    private void setEncryptionRequested(boolean encrypt) {
6452    }
6453
6454    /**
6455     * Set whether the screen capture is disabled for the user managed by the specified admin.
6456     */
6457    @Override
6458    public void setScreenCaptureDisabled(ComponentName who, boolean disabled) {
6459        if (!mHasFeature) {
6460            return;
6461        }
6462        Preconditions.checkNotNull(who, "ComponentName is null");
6463        final int userHandle = UserHandle.getCallingUserId();
6464        synchronized (this) {
6465            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
6466                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
6467            if (ap.disableScreenCapture != disabled) {
6468                ap.disableScreenCapture = disabled;
6469                saveSettingsLocked(userHandle);
6470                updateScreenCaptureDisabledInWindowManager(userHandle, disabled);
6471            }
6472        }
6473    }
6474
6475    /**
6476     * Returns whether or not screen capture is disabled for a given admin, or disabled for any
6477     * active admin (if given admin is null).
6478     */
6479    @Override
6480    public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) {
6481        if (!mHasFeature) {
6482            return false;
6483        }
6484        synchronized (this) {
6485            if (who != null) {
6486                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
6487                return (admin != null) ? admin.disableScreenCapture : false;
6488            }
6489
6490            DevicePolicyData policy = getUserData(userHandle);
6491            final int N = policy.mAdminList.size();
6492            for (int i = 0; i < N; i++) {
6493                ActiveAdmin admin = policy.mAdminList.get(i);
6494                if (admin.disableScreenCapture) {
6495                    return true;
6496                }
6497            }
6498            return false;
6499        }
6500    }
6501
6502    private void updateScreenCaptureDisabledInWindowManager(final int userHandle,
6503            final boolean disabled) {
6504        mHandler.post(new Runnable() {
6505            @Override
6506            public void run() {
6507                try {
6508                    mInjector.getIWindowManager().setScreenCaptureDisabled(userHandle, disabled);
6509                } catch (RemoteException e) {
6510                    Log.w(LOG_TAG, "Unable to notify WindowManager.", e);
6511                }
6512            }
6513        });
6514    }
6515
6516    /**
6517     * Set whether auto time is required by the specified admin (must be device or profile owner).
6518     */
6519    @Override
6520    public void setAutoTimeRequired(ComponentName who, boolean required) {
6521        if (!mHasFeature) {
6522            return;
6523        }
6524        Preconditions.checkNotNull(who, "ComponentName is null");
6525        final int userHandle = UserHandle.getCallingUserId();
6526        synchronized (this) {
6527            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
6528                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
6529            if (admin.requireAutoTime != required) {
6530                admin.requireAutoTime = required;
6531                saveSettingsLocked(userHandle);
6532            }
6533        }
6534
6535        // Turn AUTO_TIME on in settings if it is required
6536        if (required) {
6537            long ident = mInjector.binderClearCallingIdentity();
6538            try {
6539                mInjector.settingsGlobalPutInt(Settings.Global.AUTO_TIME, 1 /* AUTO_TIME on */);
6540            } finally {
6541                mInjector.binderRestoreCallingIdentity(ident);
6542            }
6543        }
6544    }
6545
6546    /**
6547     * Returns whether or not auto time is required by the device owner or any profile owner.
6548     */
6549    @Override
6550    public boolean getAutoTimeRequired() {
6551        if (!mHasFeature) {
6552            return false;
6553        }
6554        synchronized (this) {
6555            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
6556            if (deviceOwner != null && deviceOwner.requireAutoTime) {
6557                // If the device owner enforces auto time, we don't need to check the PO's
6558                return true;
6559            }
6560
6561            // Now check to see if any profile owner on any user enforces auto time
6562            for (Integer userId : mOwners.getProfileOwnerKeys()) {
6563                ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
6564                if (profileOwner != null && profileOwner.requireAutoTime) {
6565                    return true;
6566                }
6567            }
6568
6569            return false;
6570        }
6571    }
6572
6573    @Override
6574    public void setForceEphemeralUsers(ComponentName who, boolean forceEphemeralUsers) {
6575        if (!mHasFeature) {
6576            return;
6577        }
6578        Preconditions.checkNotNull(who, "ComponentName is null");
6579        // Allow setting this policy to true only if there is a split system user.
6580        if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) {
6581            throw new UnsupportedOperationException(
6582                    "Cannot force ephemeral users on systems without split system user.");
6583        }
6584        boolean removeAllUsers = false;
6585        synchronized (this) {
6586            final ActiveAdmin deviceOwner =
6587                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6588            if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) {
6589                deviceOwner.forceEphemeralUsers = forceEphemeralUsers;
6590                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
6591                mUserManagerInternal.setForceEphemeralUsers(forceEphemeralUsers);
6592                removeAllUsers = forceEphemeralUsers;
6593            }
6594        }
6595        if (removeAllUsers) {
6596            long identitity = mInjector.binderClearCallingIdentity();
6597            try {
6598                mUserManagerInternal.removeAllUsers();
6599            } finally {
6600                mInjector.binderRestoreCallingIdentity(identitity);
6601            }
6602        }
6603    }
6604
6605    @Override
6606    public boolean getForceEphemeralUsers(ComponentName who) {
6607        if (!mHasFeature) {
6608            return false;
6609        }
6610        Preconditions.checkNotNull(who, "ComponentName is null");
6611        synchronized (this) {
6612            final ActiveAdmin deviceOwner =
6613                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6614            return deviceOwner.forceEphemeralUsers;
6615        }
6616    }
6617
6618    private void ensureDeviceOwnerAndAllUsersAffiliated(ComponentName who) throws SecurityException {
6619        synchronized (this) {
6620            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
6621            if (!areAllUsersAffiliatedWithDeviceLocked()) {
6622                throw new SecurityException("Not all users are affiliated.");
6623            }
6624        }
6625    }
6626
6627    @Override
6628    public boolean requestBugreport(ComponentName who) {
6629        if (!mHasFeature) {
6630            return false;
6631        }
6632        Preconditions.checkNotNull(who, "ComponentName is null");
6633
6634        // TODO: If an unaffiliated user is removed, the admin will be able to request a bugreport
6635        // which could still contain data related to that user. Should we disallow that, e.g. until
6636        // next boot? Might not be needed given that this still requires user consent.
6637        ensureDeviceOwnerAndAllUsersAffiliated(who);
6638
6639        if (mRemoteBugreportServiceIsActive.get()
6640                || (getDeviceOwnerRemoteBugreportUri() != null)) {
6641            Slog.d(LOG_TAG, "Remote bugreport wasn't started because there's already one running.");
6642            return false;
6643        }
6644
6645        final long currentTime = System.currentTimeMillis();
6646        synchronized (this) {
6647            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
6648            if (currentTime > policyData.mLastBugReportRequestTime) {
6649                policyData.mLastBugReportRequestTime = currentTime;
6650                saveSettingsLocked(UserHandle.USER_SYSTEM);
6651            }
6652        }
6653
6654        final long callingIdentity = mInjector.binderClearCallingIdentity();
6655        try {
6656            mInjector.getIActivityManager().requestBugReport(
6657                    ActivityManager.BUGREPORT_OPTION_REMOTE);
6658
6659            mRemoteBugreportServiceIsActive.set(true);
6660            mRemoteBugreportSharingAccepted.set(false);
6661            registerRemoteBugreportReceivers();
6662            mInjector.getNotificationManager().notifyAsUser(LOG_TAG,
6663                    RemoteBugreportUtils.NOTIFICATION_ID,
6664                    RemoteBugreportUtils.buildNotification(mContext,
6665                            DevicePolicyManager.NOTIFICATION_BUGREPORT_STARTED), UserHandle.ALL);
6666            mHandler.postDelayed(mRemoteBugreportTimeoutRunnable,
6667                    RemoteBugreportUtils.REMOTE_BUGREPORT_TIMEOUT_MILLIS);
6668            return true;
6669        } catch (RemoteException re) {
6670            // should never happen
6671            Slog.e(LOG_TAG, "Failed to make remote calls to start bugreportremote service", re);
6672            return false;
6673        } finally {
6674            mInjector.binderRestoreCallingIdentity(callingIdentity);
6675        }
6676    }
6677
6678    void sendDeviceOwnerCommand(String action, Bundle extras) {
6679        int deviceOwnerUserId;
6680        ComponentName deviceOwnerComponent;
6681        synchronized (this) {
6682            deviceOwnerUserId = mOwners.getDeviceOwnerUserId();
6683            deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
6684        }
6685        sendActiveAdminCommand(action, extras, deviceOwnerUserId,
6686                deviceOwnerComponent);
6687    }
6688
6689    private void sendProfileOwnerCommand(String action, Bundle extras, int userHandle) {
6690        sendActiveAdminCommand(action, extras, userHandle,
6691                mOwners.getProfileOwnerComponent(userHandle));
6692    }
6693
6694    private void sendActiveAdminCommand(String action, Bundle extras,
6695            int userHandle, ComponentName receiverComponent) {
6696        final Intent intent = new Intent(action);
6697        intent.setComponent(receiverComponent);
6698        if (extras != null) {
6699            intent.putExtras(extras);
6700        }
6701        mContext.sendBroadcastAsUser(intent, UserHandle.of(userHandle));
6702    }
6703
6704    private void sendOwnerChangedBroadcast(String broadcast, int userId) {
6705        final Intent intent = new Intent(broadcast)
6706                .addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
6707        mContext.sendBroadcastAsUser(intent, UserHandle.of(userId));
6708    }
6709
6710    private synchronized String getDeviceOwnerRemoteBugreportUri() {
6711        return mOwners.getDeviceOwnerRemoteBugreportUri();
6712    }
6713
6714    private synchronized void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri,
6715            String bugreportHash) {
6716        mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash);
6717    }
6718
6719    private void registerRemoteBugreportReceivers() {
6720        try {
6721            IntentFilter filterFinished = new IntentFilter(
6722                    DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH,
6723                    RemoteBugreportUtils.BUGREPORT_MIMETYPE);
6724            mContext.registerReceiver(mRemoteBugreportFinishedReceiver, filterFinished);
6725        } catch (IntentFilter.MalformedMimeTypeException e) {
6726            // should never happen, as setting a constant
6727            Slog.w(LOG_TAG, "Failed to set type " + RemoteBugreportUtils.BUGREPORT_MIMETYPE, e);
6728        }
6729        IntentFilter filterConsent = new IntentFilter();
6730        filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED);
6731        filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED);
6732        mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent);
6733    }
6734
6735    private void onBugreportFinished(Intent intent) {
6736        mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable);
6737        mRemoteBugreportServiceIsActive.set(false);
6738        Uri bugreportUri = intent.getData();
6739        String bugreportUriString = null;
6740        if (bugreportUri != null) {
6741            bugreportUriString = bugreportUri.toString();
6742        }
6743        String bugreportHash = intent.getStringExtra(
6744                DevicePolicyManager.EXTRA_REMOTE_BUGREPORT_HASH);
6745        if (mRemoteBugreportSharingAccepted.get()) {
6746            shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash);
6747            mInjector.getNotificationManager().cancel(LOG_TAG,
6748                    RemoteBugreportUtils.NOTIFICATION_ID);
6749        } else {
6750            setDeviceOwnerRemoteBugreportUriAndHash(bugreportUriString, bugreportHash);
6751            mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID,
6752                    RemoteBugreportUtils.buildNotification(mContext,
6753                            DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED),
6754                            UserHandle.ALL);
6755        }
6756        mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver);
6757    }
6758
6759    private void onBugreportFailed() {
6760        mRemoteBugreportServiceIsActive.set(false);
6761        mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP,
6762                RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE);
6763        mRemoteBugreportSharingAccepted.set(false);
6764        setDeviceOwnerRemoteBugreportUriAndHash(null, null);
6765        mInjector.getNotificationManager().cancel(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID);
6766        Bundle extras = new Bundle();
6767        extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON,
6768                DeviceAdminReceiver.BUGREPORT_FAILURE_FAILED_COMPLETING);
6769        sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras);
6770        mContext.unregisterReceiver(mRemoteBugreportConsentReceiver);
6771        mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver);
6772    }
6773
6774    private void onBugreportSharingAccepted() {
6775        mRemoteBugreportSharingAccepted.set(true);
6776        String bugreportUriString = null;
6777        String bugreportHash = null;
6778        synchronized (this) {
6779            bugreportUriString = getDeviceOwnerRemoteBugreportUri();
6780            bugreportHash = mOwners.getDeviceOwnerRemoteBugreportHash();
6781        }
6782        if (bugreportUriString != null) {
6783            shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash);
6784        } else if (mRemoteBugreportServiceIsActive.get()) {
6785            mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID,
6786                    RemoteBugreportUtils.buildNotification(mContext,
6787                            DevicePolicyManager.NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED),
6788                            UserHandle.ALL);
6789        }
6790    }
6791
6792    private void onBugreportSharingDeclined() {
6793        if (mRemoteBugreportServiceIsActive.get()) {
6794            mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP,
6795                    RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE);
6796            mRemoteBugreportServiceIsActive.set(false);
6797            mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable);
6798            mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver);
6799        }
6800        mRemoteBugreportSharingAccepted.set(false);
6801        setDeviceOwnerRemoteBugreportUriAndHash(null, null);
6802        sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_SHARING_DECLINED, null);
6803    }
6804
6805    private void shareBugreportWithDeviceOwnerIfExists(String bugreportUriString,
6806            String bugreportHash) {
6807        ParcelFileDescriptor pfd = null;
6808        try {
6809            if (bugreportUriString == null) {
6810                throw new FileNotFoundException();
6811            }
6812            Uri bugreportUri = Uri.parse(bugreportUriString);
6813            pfd = mContext.getContentResolver().openFileDescriptor(bugreportUri, "r");
6814
6815            synchronized (this) {
6816                Intent intent = new Intent(DeviceAdminReceiver.ACTION_BUGREPORT_SHARE);
6817                intent.setComponent(mOwners.getDeviceOwnerComponent());
6818                intent.setDataAndType(bugreportUri, RemoteBugreportUtils.BUGREPORT_MIMETYPE);
6819                intent.putExtra(DeviceAdminReceiver.EXTRA_BUGREPORT_HASH, bugreportHash);
6820                intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
6821
6822                LocalServices.getService(ActivityManagerInternal.class)
6823                        .grantUriPermissionFromIntent(Process.SHELL_UID,
6824                                mOwners.getDeviceOwnerComponent().getPackageName(),
6825                                intent, mOwners.getDeviceOwnerUserId());
6826                mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId()));
6827            }
6828        } catch (FileNotFoundException e) {
6829            Bundle extras = new Bundle();
6830            extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON,
6831                    DeviceAdminReceiver.BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE);
6832            sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras);
6833        } finally {
6834            try {
6835                if (pfd != null) {
6836                    pfd.close();
6837                }
6838            } catch (IOException ex) {
6839                // Ignore
6840            }
6841            mRemoteBugreportSharingAccepted.set(false);
6842            setDeviceOwnerRemoteBugreportUriAndHash(null, null);
6843        }
6844    }
6845
6846    /**
6847     * Disables all device cameras according to the specified admin.
6848     */
6849    @Override
6850    public void setCameraDisabled(ComponentName who, boolean disabled) {
6851        if (!mHasFeature) {
6852            return;
6853        }
6854        Preconditions.checkNotNull(who, "ComponentName is null");
6855        final int userHandle = mInjector.userHandleGetCallingUserId();
6856        synchronized (this) {
6857            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
6858                    DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA);
6859            if (ap.disableCamera != disabled) {
6860                ap.disableCamera = disabled;
6861                saveSettingsLocked(userHandle);
6862            }
6863        }
6864        // Tell the user manager that the restrictions have changed.
6865        pushUserRestrictions(userHandle);
6866    }
6867
6868    /**
6869     * Gets whether or not all device cameras are disabled for a given admin, or disabled for any
6870     * active admins.
6871     */
6872    @Override
6873    public boolean getCameraDisabled(ComponentName who, int userHandle) {
6874        return getCameraDisabled(who, userHandle, /* mergeDeviceOwnerRestriction= */ true);
6875    }
6876
6877    private boolean getCameraDisabled(ComponentName who, int userHandle,
6878            boolean mergeDeviceOwnerRestriction) {
6879        if (!mHasFeature) {
6880            return false;
6881        }
6882        synchronized (this) {
6883            if (who != null) {
6884                ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
6885                return (admin != null) ? admin.disableCamera : false;
6886            }
6887            // First, see if DO has set it.  If so, it's device-wide.
6888            if (mergeDeviceOwnerRestriction) {
6889                final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
6890                if (deviceOwner != null && deviceOwner.disableCamera) {
6891                    return true;
6892                }
6893            }
6894
6895            // Then check each device admin on the user.
6896            DevicePolicyData policy = getUserData(userHandle);
6897            // Determine whether or not the device camera is disabled for any active admins.
6898            final int N = policy.mAdminList.size();
6899            for (int i = 0; i < N; i++) {
6900                ActiveAdmin admin = policy.mAdminList.get(i);
6901                if (admin.disableCamera) {
6902                    return true;
6903                }
6904            }
6905            return false;
6906        }
6907    }
6908
6909    @Override
6910    public void setKeyguardDisabledFeatures(ComponentName who, int which, boolean parent) {
6911        if (!mHasFeature) {
6912            return;
6913        }
6914        Preconditions.checkNotNull(who, "ComponentName is null");
6915        final int userHandle = mInjector.userHandleGetCallingUserId();
6916        if (isManagedProfile(userHandle)) {
6917            if (parent) {
6918                which = which & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER;
6919            } else {
6920                which = which & PROFILE_KEYGUARD_FEATURES;
6921            }
6922        }
6923        synchronized (this) {
6924            ActiveAdmin ap = getActiveAdminForCallerLocked(
6925                    who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent);
6926            if (ap.disabledKeyguardFeatures != which) {
6927                ap.disabledKeyguardFeatures = which;
6928                saveSettingsLocked(userHandle);
6929            }
6930        }
6931    }
6932
6933    /**
6934     * Gets the disabled state for features in keyguard for the given admin,
6935     * or the aggregate of all active admins if who is null.
6936     */
6937    @Override
6938    public int getKeyguardDisabledFeatures(ComponentName who, int userHandle, boolean parent) {
6939        if (!mHasFeature) {
6940            return 0;
6941        }
6942        enforceFullCrossUsersPermission(userHandle);
6943        final long ident = mInjector.binderClearCallingIdentity();
6944        try {
6945            synchronized (this) {
6946                if (who != null) {
6947                    ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
6948                    return (admin != null) ? admin.disabledKeyguardFeatures : 0;
6949                }
6950
6951                final List<ActiveAdmin> admins;
6952                if (!parent && isManagedProfile(userHandle)) {
6953                    // If we are being asked about a managed profile, just return keyguard features
6954                    // disabled by admins in the profile.
6955                    admins = getUserDataUnchecked(userHandle).mAdminList;
6956                } else {
6957                    // Otherwise return those set by admins in the user and its profiles.
6958                    admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
6959                }
6960
6961                int which = DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE;
6962                final int N = admins.size();
6963                for (int i = 0; i < N; i++) {
6964                    ActiveAdmin admin = admins.get(i);
6965                    int userId = admin.getUserHandle().getIdentifier();
6966                    boolean isRequestedUser = !parent && (userId == userHandle);
6967                    if (isRequestedUser || !isManagedProfile(userId)) {
6968                        // If we are being asked explicitly about this user
6969                        // return all disabled features even if its a managed profile.
6970                        which |= admin.disabledKeyguardFeatures;
6971                    } else {
6972                        // Otherwise a managed profile is only allowed to disable
6973                        // some features on the parent user.
6974                        which |= (admin.disabledKeyguardFeatures
6975                                & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER);
6976                    }
6977                }
6978                return which;
6979            }
6980        } finally {
6981            mInjector.binderRestoreCallingIdentity(ident);
6982        }
6983    }
6984
6985    @Override
6986    public void setKeepUninstalledPackages(ComponentName who, String callerPackage,
6987            List<String> packageList) {
6988        if (!mHasFeature) {
6989            return;
6990        }
6991        Preconditions.checkNotNull(packageList, "packageList is null");
6992        final int userHandle = UserHandle.getCallingUserId();
6993        synchronized (this) {
6994            // Ensure the caller is a DO or a keep uninstalled packages delegate.
6995            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
6996                    DELEGATION_KEEP_UNINSTALLED_PACKAGES);
6997            // Get the device owner
6998            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
6999            // Set list of packages to be kept even if uninstalled.
7000            deviceOwner.keepUninstalledPackages = packageList;
7001            // Save settings.
7002            saveSettingsLocked(userHandle);
7003            // Notify package manager.
7004            mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList);
7005        }
7006    }
7007
7008    @Override
7009    public List<String> getKeepUninstalledPackages(ComponentName who, String callerPackage) {
7010        if (!mHasFeature) {
7011            return null;
7012        }
7013        // TODO In split system user mode, allow apps on user 0 to query the list
7014        synchronized (this) {
7015            // Ensure the caller is a DO or a keep uninstalled packages delegate.
7016            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
7017                    DELEGATION_KEEP_UNINSTALLED_PACKAGES);
7018            return getKeepUninstalledPackagesLocked();
7019        }
7020    }
7021
7022    private List<String> getKeepUninstalledPackagesLocked() {
7023        ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
7024        return (deviceOwner != null) ? deviceOwner.keepUninstalledPackages : null;
7025    }
7026
7027    @Override
7028    public boolean setDeviceOwner(ComponentName admin, String ownerName, int userId) {
7029        if (!mHasFeature) {
7030            return false;
7031        }
7032        if (admin == null
7033                || !isPackageInstalledForUser(admin.getPackageName(), userId)) {
7034            throw new IllegalArgumentException("Invalid component " + admin
7035                    + " for device owner");
7036        }
7037        final boolean hasIncompatibleAccountsOrNonAdb =
7038                hasIncompatibleAccountsOrNonAdbNoLock(userId, admin);
7039        synchronized (this) {
7040            enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb);
7041            final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId);
7042            if (activeAdmin == null
7043                    || getUserData(userId).mRemovingAdmins.contains(admin)) {
7044                throw new IllegalArgumentException("Not active admin: " + admin);
7045            }
7046
7047            // Shutting down backup manager service permanently.
7048            long ident = mInjector.binderClearCallingIdentity();
7049            try {
7050                if (mInjector.getIBackupManager() != null) {
7051                    mInjector.getIBackupManager()
7052                            .setBackupServiceActive(UserHandle.USER_SYSTEM, false);
7053                }
7054            } catch (RemoteException e) {
7055                throw new IllegalStateException("Failed deactivating backup service.", e);
7056            } finally {
7057                mInjector.binderRestoreCallingIdentity(ident);
7058            }
7059
7060            if (isAdb()) {
7061                // Log device owner provisioning was started using adb.
7062                MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_DEVICE_OWNER);
7063            }
7064
7065            mOwners.setDeviceOwner(admin, ownerName, userId);
7066            mOwners.writeDeviceOwner();
7067            updateDeviceOwnerLocked();
7068            setDeviceOwnerSystemPropertyLocked();
7069
7070            final Set<String> restrictions =
7071                    UserRestrictionsUtils.getDefaultEnabledForDeviceOwner();
7072            if (!restrictions.isEmpty()) {
7073                for (String restriction : restrictions) {
7074                    activeAdmin.ensureUserRestrictions().putBoolean(restriction, true);
7075                }
7076                activeAdmin.defaultEnabledRestrictionsAlreadySet.addAll(restrictions);
7077                Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictions);
7078
7079                saveUserRestrictionsLocked(userId);
7080            }
7081
7082            ident = mInjector.binderClearCallingIdentity();
7083            try {
7084                // TODO Send to system too?
7085                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId);
7086            } finally {
7087                mInjector.binderRestoreCallingIdentity(ident);
7088            }
7089            mDeviceAdminServiceController.startServiceForOwner(
7090                    admin.getPackageName(), userId, "set-device-owner");
7091
7092            Slog.i(LOG_TAG, "Device owner set: " + admin + " on user " + userId);
7093            return true;
7094        }
7095    }
7096
7097    @Override
7098    public boolean hasDeviceOwner() {
7099        enforceDeviceOwnerOrManageUsers();
7100        return mOwners.hasDeviceOwner();
7101    }
7102
7103    boolean isDeviceOwner(ActiveAdmin admin) {
7104        return isDeviceOwner(admin.info.getComponent(), admin.getUserHandle().getIdentifier());
7105    }
7106
7107    public boolean isDeviceOwner(ComponentName who, int userId) {
7108        synchronized (this) {
7109            return mOwners.hasDeviceOwner()
7110                    && mOwners.getDeviceOwnerUserId() == userId
7111                    && mOwners.getDeviceOwnerComponent().equals(who);
7112        }
7113    }
7114
7115    private boolean isDeviceOwnerPackage(String packageName, int userId) {
7116        synchronized (this) {
7117            return mOwners.hasDeviceOwner()
7118                    && mOwners.getDeviceOwnerUserId() == userId
7119                    && mOwners.getDeviceOwnerPackageName().equals(packageName);
7120        }
7121    }
7122
7123    private boolean isProfileOwnerPackage(String packageName, int userId) {
7124        synchronized (this) {
7125            return mOwners.hasProfileOwner(userId)
7126                    && mOwners.getProfileOwnerPackage(userId).equals(packageName);
7127        }
7128    }
7129
7130    public boolean isProfileOwner(ComponentName who, int userId) {
7131        final ComponentName profileOwner = getProfileOwner(userId);
7132        return who != null && who.equals(profileOwner);
7133    }
7134
7135    @Override
7136    public ComponentName getDeviceOwnerComponent(boolean callingUserOnly) {
7137        if (!mHasFeature) {
7138            return null;
7139        }
7140        if (!callingUserOnly) {
7141            enforceManageUsers();
7142        }
7143        synchronized (this) {
7144            if (!mOwners.hasDeviceOwner()) {
7145                return null;
7146            }
7147            if (callingUserOnly && mInjector.userHandleGetCallingUserId() !=
7148                    mOwners.getDeviceOwnerUserId()) {
7149                return null;
7150            }
7151            return mOwners.getDeviceOwnerComponent();
7152        }
7153    }
7154
7155    @Override
7156    public int getDeviceOwnerUserId() {
7157        if (!mHasFeature) {
7158            return UserHandle.USER_NULL;
7159        }
7160        enforceManageUsers();
7161        synchronized (this) {
7162            return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL;
7163        }
7164    }
7165
7166    /**
7167     * Returns the "name" of the device owner.  It'll work for non-DO users too, but requires
7168     * MANAGE_USERS.
7169     */
7170    @Override
7171    public String getDeviceOwnerName() {
7172        if (!mHasFeature) {
7173            return null;
7174        }
7175        enforceManageUsers();
7176        synchronized (this) {
7177            if (!mOwners.hasDeviceOwner()) {
7178                return null;
7179            }
7180            // TODO This totally ignores the name passed to setDeviceOwner (change for b/20679292)
7181            // Should setDeviceOwner/ProfileOwner still take a name?
7182            String deviceOwnerPackage = mOwners.getDeviceOwnerPackageName();
7183            return getApplicationLabel(deviceOwnerPackage, UserHandle.USER_SYSTEM);
7184        }
7185    }
7186
7187    /** Returns the active device owner or {@code null} if there is no device owner. */
7188    @VisibleForTesting
7189    ActiveAdmin getDeviceOwnerAdminLocked() {
7190        ComponentName component = mOwners.getDeviceOwnerComponent();
7191        if (component == null) {
7192            return null;
7193        }
7194
7195        DevicePolicyData policy = getUserData(mOwners.getDeviceOwnerUserId());
7196        final int n = policy.mAdminList.size();
7197        for (int i = 0; i < n; i++) {
7198            ActiveAdmin admin = policy.mAdminList.get(i);
7199            if (component.equals(admin.info.getComponent())) {
7200                return admin;
7201            }
7202        }
7203        Slog.wtf(LOG_TAG, "Active admin for device owner not found. component=" + component);
7204        return null;
7205    }
7206
7207    @Override
7208    public void clearDeviceOwner(String packageName) {
7209        Preconditions.checkNotNull(packageName, "packageName is null");
7210        final int callingUid = mInjector.binderGetCallingUid();
7211        try {
7212            int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName,
7213                    UserHandle.getUserId(callingUid));
7214            if (uid != callingUid) {
7215                throw new SecurityException("Invalid packageName");
7216            }
7217        } catch (NameNotFoundException e) {
7218            throw new SecurityException(e);
7219        }
7220        synchronized (this) {
7221            final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
7222            final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId();
7223            if (!mOwners.hasDeviceOwner()
7224                    || !deviceOwnerComponent.getPackageName().equals(packageName)
7225                    || (deviceOwnerUserId != UserHandle.getUserId(callingUid))) {
7226                throw new SecurityException(
7227                        "clearDeviceOwner can only be called by the device owner");
7228            }
7229            enforceUserUnlocked(deviceOwnerUserId);
7230
7231            final ActiveAdmin admin = getDeviceOwnerAdminLocked();
7232            long ident = mInjector.binderClearCallingIdentity();
7233            try {
7234                clearDeviceOwnerLocked(admin, deviceOwnerUserId);
7235                removeActiveAdminLocked(deviceOwnerComponent, deviceOwnerUserId);
7236                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED,
7237                        deviceOwnerUserId);
7238            } finally {
7239                mInjector.binderRestoreCallingIdentity(ident);
7240            }
7241            Slog.i(LOG_TAG, "Device owner removed: " + deviceOwnerComponent);
7242        }
7243    }
7244
7245    private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {
7246        mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner");
7247
7248        if (admin != null) {
7249            admin.disableCamera = false;
7250            admin.userRestrictions = null;
7251            admin.defaultEnabledRestrictionsAlreadySet.clear();
7252            admin.forceEphemeralUsers = false;
7253            admin.isNetworkLoggingEnabled = false;
7254            mUserManagerInternal.setForceEphemeralUsers(admin.forceEphemeralUsers);
7255        }
7256        final DevicePolicyData policyData = getUserData(userId);
7257        policyData.mCurrentInputMethodSet = false;
7258        saveSettingsLocked(userId);
7259        final DevicePolicyData systemPolicyData = getUserData(UserHandle.USER_SYSTEM);
7260        systemPolicyData.mLastSecurityLogRetrievalTime = -1;
7261        systemPolicyData.mLastBugReportRequestTime = -1;
7262        systemPolicyData.mLastNetworkLogsRetrievalTime = -1;
7263        saveSettingsLocked(UserHandle.USER_SYSTEM);
7264        clearUserPoliciesLocked(userId);
7265
7266        mOwners.clearDeviceOwner();
7267        mOwners.writeDeviceOwner();
7268        updateDeviceOwnerLocked();
7269
7270        clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId));
7271        mInjector.securityLogSetLoggingEnabledProperty(false);
7272        mSecurityLogMonitor.stop();
7273        setNetworkLoggingActiveInternal(false);
7274
7275        try {
7276            if (mInjector.getIBackupManager() != null) {
7277                // Reactivate backup service.
7278                mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true);
7279            }
7280        } catch (RemoteException e) {
7281            throw new IllegalStateException("Failed reactivating backup service.", e);
7282        }
7283    }
7284
7285    @Override
7286    public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) {
7287        if (!mHasFeature) {
7288            return false;
7289        }
7290        if (who == null
7291                || !isPackageInstalledForUser(who.getPackageName(), userHandle)) {
7292            throw new IllegalArgumentException("Component " + who
7293                    + " not installed for userId:" + userHandle);
7294        }
7295        final boolean hasIncompatibleAccountsOrNonAdb =
7296                hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who);
7297        synchronized (this) {
7298            enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb);
7299
7300            final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
7301            if (admin == null || getUserData(userHandle).mRemovingAdmins.contains(who)) {
7302                throw new IllegalArgumentException("Not active admin: " + who);
7303            }
7304
7305            if (isAdb()) {
7306                // Log profile owner provisioning was started using adb.
7307                MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER);
7308            }
7309
7310            mOwners.setProfileOwner(who, ownerName, userHandle);
7311            mOwners.writeProfileOwner(userHandle);
7312            Slog.i(LOG_TAG, "Profile owner set: " + who + " on user " + userHandle);
7313
7314            final long id = mInjector.binderClearCallingIdentity();
7315            try {
7316                if (mUserManager.isManagedProfile(userHandle)) {
7317                    maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin,
7318                            UserRestrictionsUtils.getDefaultEnabledForManagedProfiles());
7319                    ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin,
7320                            true /* newOwner */);
7321                }
7322                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
7323                        userHandle);
7324            } finally {
7325                mInjector.binderRestoreCallingIdentity(id);
7326            }
7327            mDeviceAdminServiceController.startServiceForOwner(
7328                    who.getPackageName(), userHandle, "set-profile-owner");
7329            return true;
7330        }
7331    }
7332
7333    @Override
7334    public void clearProfileOwner(ComponentName who) {
7335        if (!mHasFeature) {
7336            return;
7337        }
7338        Preconditions.checkNotNull(who, "ComponentName is null");
7339
7340        final int userId = mInjector.userHandleGetCallingUserId();
7341        enforceNotManagedProfile(userId, "clear profile owner");
7342        enforceUserUnlocked(userId);
7343        synchronized (this) {
7344            // Check if this is the profile owner who is calling
7345            final ActiveAdmin admin =
7346                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7347
7348            final long ident = mInjector.binderClearCallingIdentity();
7349            try {
7350                clearProfileOwnerLocked(admin, userId);
7351                removeActiveAdminLocked(who, userId);
7352                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
7353                        userId);
7354            } finally {
7355                mInjector.binderRestoreCallingIdentity(ident);
7356            }
7357            Slog.i(LOG_TAG, "Profile owner " + who + " removed from user " + userId);
7358        }
7359    }
7360
7361    public void clearProfileOwnerLocked(ActiveAdmin admin, int userId) {
7362        mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-profile-owner");
7363
7364        if (admin != null) {
7365            admin.disableCamera = false;
7366            admin.userRestrictions = null;
7367            admin.defaultEnabledRestrictionsAlreadySet.clear();
7368        }
7369        final DevicePolicyData policyData = getUserData(userId);
7370        policyData.mCurrentInputMethodSet = false;
7371        policyData.mOwnerInstalledCaCerts.clear();
7372        saveSettingsLocked(userId);
7373        clearUserPoliciesLocked(userId);
7374        mOwners.removeProfileOwner(userId);
7375        mOwners.writeProfileOwner(userId);
7376    }
7377
7378    @Override
7379    public void setDeviceOwnerLockScreenInfo(ComponentName who, CharSequence info) {
7380        Preconditions.checkNotNull(who, "ComponentName is null");
7381        if (!mHasFeature) {
7382            return;
7383        }
7384
7385        synchronized (this) {
7386            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
7387            long token = mInjector.binderClearCallingIdentity();
7388            try {
7389                mLockPatternUtils.setDeviceOwnerInfo(info != null ? info.toString() : null);
7390            } finally {
7391                mInjector.binderRestoreCallingIdentity(token);
7392            }
7393        }
7394    }
7395
7396    @Override
7397    public CharSequence getDeviceOwnerLockScreenInfo() {
7398        return mLockPatternUtils.getDeviceOwnerInfo();
7399    }
7400
7401    private void clearUserPoliciesLocked(int userId) {
7402        // Reset some of the user-specific policies.
7403        final DevicePolicyData policy = getUserData(userId);
7404        policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT;
7405        // Clear delegations.
7406        policy.mDelegationMap.clear();
7407        policy.mStatusBarDisabled = false;
7408        policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED;
7409        policy.mAffiliationIds.clear();
7410        policy.mLockTaskPackages.clear();
7411        updateLockTaskPackagesLocked(policy.mLockTaskPackages, userId);
7412        policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE;
7413        saveSettingsLocked(userId);
7414
7415        try {
7416            mIPackageManager.updatePermissionFlagsForAllApps(
7417                    PackageManager.FLAG_PERMISSION_POLICY_FIXED,
7418                    0  /* flagValues */, userId);
7419            pushUserRestrictions(userId);
7420        } catch (RemoteException re) {
7421            // Shouldn't happen.
7422        }
7423    }
7424
7425    @Override
7426    public boolean hasUserSetupCompleted() {
7427        return hasUserSetupCompleted(UserHandle.getCallingUserId());
7428    }
7429
7430    // This checks only if the Setup Wizard has run.  Since Wear devices pair before
7431    // completing Setup Wizard, and pairing involves transferring user data, calling
7432    // logic may want to check mIsWatch or mPaired in addition to hasUserSetupCompleted().
7433    private boolean hasUserSetupCompleted(int userHandle) {
7434        if (!mHasFeature) {
7435            return true;
7436        }
7437        return getUserData(userHandle).mUserSetupComplete;
7438    }
7439
7440    private boolean hasPaired(int userHandle) {
7441        if (!mHasFeature) {
7442            return true;
7443        }
7444        return getUserData(userHandle).mPaired;
7445    }
7446
7447    @Override
7448    public int getUserProvisioningState() {
7449        if (!mHasFeature) {
7450            return DevicePolicyManager.STATE_USER_UNMANAGED;
7451        }
7452        int userHandle = mInjector.userHandleGetCallingUserId();
7453        return getUserProvisioningState(userHandle);
7454    }
7455
7456    private int getUserProvisioningState(int userHandle) {
7457        return getUserData(userHandle).mUserProvisioningState;
7458    }
7459
7460    @Override
7461    public void setUserProvisioningState(int newState, int userHandle) {
7462        if (!mHasFeature) {
7463            return;
7464        }
7465
7466        if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle)
7467                && getManagedUserId(userHandle) == -1) {
7468            // No managed device, user or profile, so setting provisioning state makes no sense.
7469            throw new IllegalStateException("Not allowed to change provisioning state unless a "
7470                      + "device or profile owner is set.");
7471        }
7472
7473        synchronized (this) {
7474            boolean transitionCheckNeeded = true;
7475
7476            // Calling identity/permission checks.
7477            if (isAdb()) {
7478                // ADB shell can only move directly from un-managed to finalized as part of directly
7479                // setting profile-owner or device-owner.
7480                if (getUserProvisioningState(userHandle) !=
7481                        DevicePolicyManager.STATE_USER_UNMANAGED
7482                        || newState != DevicePolicyManager.STATE_USER_SETUP_FINALIZED) {
7483                    throw new IllegalStateException("Not allowed to change provisioning state "
7484                            + "unless current provisioning state is unmanaged, and new state is "
7485                            + "finalized.");
7486                }
7487                transitionCheckNeeded = false;
7488            } else {
7489                // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS.
7490                enforceCanManageProfileAndDeviceOwners();
7491            }
7492
7493            final DevicePolicyData policyData = getUserData(userHandle);
7494            if (transitionCheckNeeded) {
7495                // Optional state transition check for non-ADB case.
7496                checkUserProvisioningStateTransition(policyData.mUserProvisioningState, newState);
7497            }
7498            policyData.mUserProvisioningState = newState;
7499            saveSettingsLocked(userHandle);
7500        }
7501    }
7502
7503    private void checkUserProvisioningStateTransition(int currentState, int newState) {
7504        // Valid transitions for normal use-cases.
7505        switch (currentState) {
7506            case DevicePolicyManager.STATE_USER_UNMANAGED:
7507                // Can move to any state from unmanaged (except itself as an edge case)..
7508                if (newState != DevicePolicyManager.STATE_USER_UNMANAGED) {
7509                    return;
7510                }
7511                break;
7512            case DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE:
7513            case DevicePolicyManager.STATE_USER_SETUP_COMPLETE:
7514                // Can only move to finalized from these states.
7515                if (newState == DevicePolicyManager.STATE_USER_SETUP_FINALIZED) {
7516                    return;
7517                }
7518                break;
7519            case DevicePolicyManager.STATE_USER_PROFILE_COMPLETE:
7520                // Current user has a managed-profile, but current user is not managed, so
7521                // rather than moving to finalized state, go back to unmanaged once
7522                // profile provisioning is complete.
7523                if (newState == DevicePolicyManager.STATE_USER_UNMANAGED) {
7524                    return;
7525                }
7526                break;
7527            case DevicePolicyManager.STATE_USER_SETUP_FINALIZED:
7528                // Cannot transition out of finalized.
7529                break;
7530        }
7531
7532        // Didn't meet any of the accepted state transition checks above, throw appropriate error.
7533        throw new IllegalStateException("Cannot move to user provisioning state [" + newState + "] "
7534                + "from state [" + currentState + "]");
7535    }
7536
7537    @Override
7538    public void setProfileEnabled(ComponentName who) {
7539        if (!mHasFeature) {
7540            return;
7541        }
7542        Preconditions.checkNotNull(who, "ComponentName is null");
7543        synchronized (this) {
7544            // Check if this is the profile owner who is calling
7545            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7546            final int userId = UserHandle.getCallingUserId();
7547            enforceManagedProfile(userId, "enable the profile");
7548            // Check if the profile is already enabled.
7549            UserInfo managedProfile = getUserInfo(userId);
7550            if (managedProfile.isEnabled()) {
7551                Slog.e(LOG_TAG,
7552                        "setProfileEnabled is called when the profile is already enabled");
7553                return;
7554            }
7555            long id = mInjector.binderClearCallingIdentity();
7556            try {
7557                mUserManager.setUserEnabled(userId);
7558                UserInfo parent = mUserManager.getProfileParent(userId);
7559                Intent intent = new Intent(Intent.ACTION_MANAGED_PROFILE_ADDED);
7560                intent.putExtra(Intent.EXTRA_USER, new UserHandle(userId));
7561                intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY |
7562                        Intent.FLAG_RECEIVER_FOREGROUND);
7563                mContext.sendBroadcastAsUser(intent, new UserHandle(parent.id));
7564            } finally {
7565                mInjector.binderRestoreCallingIdentity(id);
7566            }
7567        }
7568    }
7569
7570    @Override
7571    public void setProfileName(ComponentName who, String profileName) {
7572        Preconditions.checkNotNull(who, "ComponentName is null");
7573        int userId = UserHandle.getCallingUserId();
7574        // Check if this is the profile owner (includes device owner).
7575        getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7576
7577        long id = mInjector.binderClearCallingIdentity();
7578        try {
7579            mUserManager.setUserName(userId, profileName);
7580        } finally {
7581            mInjector.binderRestoreCallingIdentity(id);
7582        }
7583    }
7584
7585    @Override
7586    public ComponentName getProfileOwner(int userHandle) {
7587        if (!mHasFeature) {
7588            return null;
7589        }
7590
7591        synchronized (this) {
7592            return mOwners.getProfileOwnerComponent(userHandle);
7593        }
7594    }
7595
7596    // Returns the active profile owner for this user or null if the current user has no
7597    // profile owner.
7598    @VisibleForTesting
7599    ActiveAdmin getProfileOwnerAdminLocked(int userHandle) {
7600        ComponentName profileOwner = mOwners.getProfileOwnerComponent(userHandle);
7601        if (profileOwner == null) {
7602            return null;
7603        }
7604        DevicePolicyData policy = getUserData(userHandle);
7605        final int n = policy.mAdminList.size();
7606        for (int i = 0; i < n; i++) {
7607            ActiveAdmin admin = policy.mAdminList.get(i);
7608            if (profileOwner.equals(admin.info.getComponent())) {
7609                return admin;
7610            }
7611        }
7612        return null;
7613    }
7614
7615    @Override
7616    public String getProfileOwnerName(int userHandle) {
7617        if (!mHasFeature) {
7618            return null;
7619        }
7620        enforceManageUsers();
7621        ComponentName profileOwner = getProfileOwner(userHandle);
7622        if (profileOwner == null) {
7623            return null;
7624        }
7625        return getApplicationLabel(profileOwner.getPackageName(), userHandle);
7626    }
7627
7628    /**
7629     * Canonical name for a given package.
7630     */
7631    private String getApplicationLabel(String packageName, int userHandle) {
7632        long token = mInjector.binderClearCallingIdentity();
7633        try {
7634            final Context userContext;
7635            try {
7636                UserHandle handle = new UserHandle(userHandle);
7637                userContext = mContext.createPackageContextAsUser(packageName, 0, handle);
7638            } catch (PackageManager.NameNotFoundException nnfe) {
7639                Log.w(LOG_TAG, packageName + " is not installed for user " + userHandle, nnfe);
7640                return null;
7641            }
7642            ApplicationInfo appInfo = userContext.getApplicationInfo();
7643            CharSequence result = null;
7644            if (appInfo != null) {
7645                PackageManager pm = userContext.getPackageManager();
7646                result = pm.getApplicationLabel(appInfo);
7647            }
7648            return result != null ? result.toString() : null;
7649        } finally {
7650            mInjector.binderRestoreCallingIdentity(token);
7651        }
7652    }
7653
7654    /**
7655     * Calls wtfStack() if called with the DPMS lock held.
7656     */
7657    private void wtfIfInLock() {
7658        if (Thread.holdsLock(this)) {
7659            Slog.wtfStack(LOG_TAG, "Shouldn't be called with DPMS lock held");
7660        }
7661    }
7662
7663    /**
7664     * The profile owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS
7665     * permission.
7666     * The profile owner can only be set before the user setup phase has completed,
7667     * except for:
7668     * - SYSTEM_UID
7669     * - adb unless hasIncompatibleAccountsOrNonAdb is true.
7670     */
7671    private void enforceCanSetProfileOwnerLocked(@Nullable ComponentName owner, int userHandle,
7672            boolean hasIncompatibleAccountsOrNonAdb) {
7673        UserInfo info = getUserInfo(userHandle);
7674        if (info == null) {
7675            // User doesn't exist.
7676            throw new IllegalArgumentException(
7677                    "Attempted to set profile owner for invalid userId: " + userHandle);
7678        }
7679        if (info.isGuest()) {
7680            throw new IllegalStateException("Cannot set a profile owner on a guest");
7681        }
7682        if (mOwners.hasProfileOwner(userHandle)) {
7683            throw new IllegalStateException("Trying to set the profile owner, but profile owner "
7684                    + "is already set.");
7685        }
7686        if (mOwners.hasDeviceOwner() && mOwners.getDeviceOwnerUserId() == userHandle) {
7687            throw new IllegalStateException("Trying to set the profile owner, but the user "
7688                    + "already has a device owner.");
7689        }
7690        if (isAdb()) {
7691            if ((mIsWatch || hasUserSetupCompleted(userHandle))
7692                    && hasIncompatibleAccountsOrNonAdb) {
7693                throw new IllegalStateException("Not allowed to set the profile owner because "
7694                        + "there are already some accounts on the profile");
7695            }
7696            return;
7697        }
7698        enforceCanManageProfileAndDeviceOwners();
7699        if ((mIsWatch || hasUserSetupCompleted(userHandle)) && !isCallerWithSystemUid()) {
7700            throw new IllegalStateException("Cannot set the profile owner on a user which is "
7701                    + "already set-up");
7702        }
7703    }
7704
7705    /**
7706     * The Device owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS
7707     * permission.
7708     */
7709    private void enforceCanSetDeviceOwnerLocked(@Nullable ComponentName owner, int userId,
7710            boolean hasIncompatibleAccountsOrNonAdb) {
7711        if (!isAdb()) {
7712            enforceCanManageProfileAndDeviceOwners();
7713        }
7714
7715        final int code = checkDeviceOwnerProvisioningPreConditionLocked(
7716                owner, userId, isAdb(), hasIncompatibleAccountsOrNonAdb);
7717        switch (code) {
7718            case CODE_OK:
7719                return;
7720            case CODE_HAS_DEVICE_OWNER:
7721                throw new IllegalStateException(
7722                        "Trying to set the device owner, but device owner is already set.");
7723            case CODE_USER_HAS_PROFILE_OWNER:
7724                throw new IllegalStateException("Trying to set the device owner, but the user "
7725                        + "already has a profile owner.");
7726            case CODE_USER_NOT_RUNNING:
7727                throw new IllegalStateException("User not running: " + userId);
7728            case CODE_NOT_SYSTEM_USER:
7729                throw new IllegalStateException("User is not system user");
7730            case CODE_USER_SETUP_COMPLETED:
7731                throw new IllegalStateException(
7732                        "Cannot set the device owner if the device is already set-up");
7733            case CODE_NONSYSTEM_USER_EXISTS:
7734                throw new IllegalStateException("Not allowed to set the device owner because there "
7735                        + "are already several users on the device");
7736            case CODE_ACCOUNTS_NOT_EMPTY:
7737                throw new IllegalStateException("Not allowed to set the device owner because there "
7738                        + "are already some accounts on the device");
7739            case CODE_HAS_PAIRED:
7740                throw new IllegalStateException("Not allowed to set the device owner because this "
7741                        + "device has already paired");
7742            default:
7743                throw new IllegalStateException("Unexpected @ProvisioningPreCondition " + code);
7744        }
7745    }
7746
7747    private void enforceUserUnlocked(int userId) {
7748        // Since we're doing this operation on behalf of an app, we only
7749        // want to use the actual "unlocked" state.
7750        Preconditions.checkState(mUserManager.isUserUnlocked(userId),
7751                "User must be running and unlocked");
7752    }
7753
7754    private void enforceUserUnlocked(@UserIdInt int userId, boolean parent) {
7755        if (parent) {
7756            enforceUserUnlocked(getProfileParentId(userId));
7757        } else {
7758            enforceUserUnlocked(userId);
7759        }
7760    }
7761
7762    private void enforceManageUsers() {
7763        final int callingUid = mInjector.binderGetCallingUid();
7764        if (!(isCallerWithSystemUid() || callingUid == Process.ROOT_UID)) {
7765            mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
7766        }
7767    }
7768
7769    private void enforceFullCrossUsersPermission(int userHandle) {
7770        enforceSystemUserOrPermissionIfCrossUser(userHandle,
7771                android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);
7772    }
7773
7774    private void enforceCrossUsersPermission(int userHandle) {
7775        enforceSystemUserOrPermissionIfCrossUser(userHandle,
7776                android.Manifest.permission.INTERACT_ACROSS_USERS);
7777    }
7778
7779    private void enforceSystemUserOrPermission(String permission) {
7780        if (!(isCallerWithSystemUid() || mInjector.binderGetCallingUid() == Process.ROOT_UID)) {
7781            mContext.enforceCallingOrSelfPermission(permission,
7782                    "Must be system or have " + permission + " permission");
7783        }
7784    }
7785
7786    private void enforceSystemUserOrPermissionIfCrossUser(int userHandle, String permission) {
7787        if (userHandle < 0) {
7788            throw new IllegalArgumentException("Invalid userId " + userHandle);
7789        }
7790        if (userHandle == mInjector.userHandleGetCallingUserId()) {
7791            return;
7792        }
7793        enforceSystemUserOrPermission(permission);
7794    }
7795
7796    private void enforceManagedProfile(int userHandle, String message) {
7797        if(!isManagedProfile(userHandle)) {
7798            throw new SecurityException("You can not " + message + " outside a managed profile.");
7799        }
7800    }
7801
7802    private void enforceNotManagedProfile(int userHandle, String message) {
7803        if(isManagedProfile(userHandle)) {
7804            throw new SecurityException("You can not " + message + " for a managed profile.");
7805        }
7806    }
7807
7808    private void enforceDeviceOwnerOrManageUsers() {
7809        synchronized (this) {
7810            if (getActiveAdminWithPolicyForUidLocked(null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
7811                    mInjector.binderGetCallingUid()) != null) {
7812                return;
7813            }
7814        }
7815        enforceManageUsers();
7816    }
7817
7818    private void enforceProfileOwnerOrSystemUser() {
7819        synchronized (this) {
7820            if (getActiveAdminWithPolicyForUidLocked(null,
7821                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid())
7822                            != null) {
7823                return;
7824            }
7825        }
7826        Preconditions.checkState(isCallerWithSystemUid(),
7827                "Only profile owner, device owner and system may call this method.");
7828    }
7829
7830    private void enforceProfileOwnerOrFullCrossUsersPermission(int userId) {
7831        if (userId == mInjector.userHandleGetCallingUserId()) {
7832            synchronized (this) {
7833                if (getActiveAdminWithPolicyForUidLocked(null,
7834                        DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid())
7835                                != null) {
7836                    // Device Owner/Profile Owner may access the user it runs on.
7837                    return;
7838                }
7839            }
7840        }
7841        // Otherwise, INTERACT_ACROSS_USERS_FULL permission, system UID or root UID is required.
7842        enforceSystemUserOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);
7843    }
7844
7845    private void ensureCallerPackage(@Nullable String packageName) {
7846        if (packageName == null) {
7847            Preconditions.checkState(isCallerWithSystemUid(),
7848                    "Only caller can omit package name");
7849        } else {
7850            final int callingUid = mInjector.binderGetCallingUid();
7851            final int userId = mInjector.userHandleGetCallingUserId();
7852            try {
7853                final ApplicationInfo ai = mIPackageManager.getApplicationInfo(
7854                        packageName, 0, userId);
7855                Preconditions.checkState(ai.uid == callingUid, "Unmatching package name");
7856            } catch (RemoteException e) {
7857                // Shouldn't happen
7858            }
7859        }
7860    }
7861
7862    private boolean isCallerWithSystemUid() {
7863        return UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID);
7864    }
7865
7866    protected int getProfileParentId(int userHandle) {
7867        final long ident = mInjector.binderClearCallingIdentity();
7868        try {
7869            UserInfo parentUser = mUserManager.getProfileParent(userHandle);
7870            return parentUser != null ? parentUser.id : userHandle;
7871        } finally {
7872            mInjector.binderRestoreCallingIdentity(ident);
7873        }
7874    }
7875
7876    private int getCredentialOwner(int userHandle, boolean parent) {
7877        final long ident = mInjector.binderClearCallingIdentity();
7878        try {
7879            if (parent) {
7880                UserInfo parentProfile = mUserManager.getProfileParent(userHandle);
7881                if (parentProfile != null) {
7882                    userHandle = parentProfile.id;
7883                }
7884            }
7885            return mUserManager.getCredentialOwnerProfile(userHandle);
7886        } finally {
7887            mInjector.binderRestoreCallingIdentity(ident);
7888        }
7889    }
7890
7891    private boolean isManagedProfile(int userHandle) {
7892        final UserInfo user = getUserInfo(userHandle);
7893        return user != null && user.isManagedProfile();
7894    }
7895
7896    private void enableIfNecessary(String packageName, int userId) {
7897        try {
7898            final ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName,
7899                    PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, userId);
7900            if (ai.enabledSetting
7901                    == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) {
7902                mIPackageManager.setApplicationEnabledSetting(packageName,
7903                        PackageManager.COMPONENT_ENABLED_STATE_DEFAULT,
7904                        PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager");
7905            }
7906        } catch (RemoteException e) {
7907        }
7908    }
7909
7910    @Override
7911    protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
7912        if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return;
7913
7914        synchronized (this) {
7915            pw.println("Current Device Policy Manager state:");
7916
7917            mOwners.dump("  ", pw);
7918            mDeviceAdminServiceController.dump("  ", pw);
7919            int userCount = mUserData.size();
7920            for (int u = 0; u < userCount; u++) {
7921                DevicePolicyData policy = getUserData(mUserData.keyAt(u));
7922                pw.println();
7923                pw.println("  Enabled Device Admins (User " + policy.mUserHandle
7924                        + ", provisioningState: " + policy.mUserProvisioningState + "):");
7925                final int N = policy.mAdminList.size();
7926                for (int i=0; i<N; i++) {
7927                    ActiveAdmin ap = policy.mAdminList.get(i);
7928                    if (ap != null) {
7929                        pw.print("    "); pw.print(ap.info.getComponent().flattenToShortString());
7930                                pw.println(":");
7931                        ap.dump("      ", pw);
7932                    }
7933                }
7934                if (!policy.mRemovingAdmins.isEmpty()) {
7935                    pw.println("    Removing Device Admins (User " + policy.mUserHandle + "): "
7936                            + policy.mRemovingAdmins);
7937                }
7938
7939                pw.println(" ");
7940                pw.print("    mPasswordOwner="); pw.println(policy.mPasswordOwner);
7941            }
7942            pw.println();
7943            mConstants.dump("  ", pw);
7944            pw.println();
7945            pw.println("  Encryption Status: " + getEncryptionStatusName(getEncryptionStatus()));
7946        }
7947    }
7948
7949    private String getEncryptionStatusName(int encryptionStatus) {
7950        switch (encryptionStatus) {
7951            case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
7952                return "inactive";
7953            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY:
7954                return "block default key";
7955            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
7956                return "block";
7957            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER:
7958                return "per-user";
7959            case DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED:
7960                return "unsupported";
7961            case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING:
7962                return "activating";
7963            default:
7964                return "unknown";
7965        }
7966    }
7967
7968    @Override
7969    public void addPersistentPreferredActivity(ComponentName who, IntentFilter filter,
7970            ComponentName activity) {
7971        Preconditions.checkNotNull(who, "ComponentName is null");
7972        final int userHandle = UserHandle.getCallingUserId();
7973        synchronized (this) {
7974            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7975
7976            long id = mInjector.binderClearCallingIdentity();
7977            try {
7978                mIPackageManager.addPersistentPreferredActivity(filter, activity, userHandle);
7979                mIPackageManager.flushPackageRestrictionsAsUser(userHandle);
7980            } catch (RemoteException re) {
7981                // Shouldn't happen
7982            } finally {
7983                mInjector.binderRestoreCallingIdentity(id);
7984            }
7985        }
7986    }
7987
7988    @Override
7989    public void clearPackagePersistentPreferredActivities(ComponentName who, String packageName) {
7990        Preconditions.checkNotNull(who, "ComponentName is null");
7991        final int userHandle = UserHandle.getCallingUserId();
7992        synchronized (this) {
7993            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
7994
7995            long id = mInjector.binderClearCallingIdentity();
7996            try {
7997                mIPackageManager.clearPackagePersistentPreferredActivities(packageName, userHandle);
7998                mIPackageManager.flushPackageRestrictionsAsUser(userHandle);
7999            } catch (RemoteException re) {
8000                // Shouldn't happen
8001            } finally {
8002                mInjector.binderRestoreCallingIdentity(id);
8003            }
8004        }
8005    }
8006
8007    @Override
8008    public boolean setApplicationRestrictionsManagingPackage(ComponentName admin,
8009            String packageName) {
8010        try {
8011            setDelegatedScopePreO(admin, packageName, DELEGATION_APP_RESTRICTIONS);
8012        } catch (IllegalArgumentException e) {
8013            return false;
8014        }
8015        return true;
8016    }
8017
8018    @Override
8019    public String getApplicationRestrictionsManagingPackage(ComponentName admin) {
8020        final List<String> delegatePackages = getDelegatePackages(admin,
8021                DELEGATION_APP_RESTRICTIONS);
8022        return delegatePackages.size() > 0 ? delegatePackages.get(0) : null;
8023    }
8024
8025    @Override
8026    public boolean isCallerApplicationRestrictionsManagingPackage(String callerPackage) {
8027        return isCallerDelegate(callerPackage, DELEGATION_APP_RESTRICTIONS);
8028    }
8029
8030    @Override
8031    public void setApplicationRestrictions(ComponentName who, String callerPackage,
8032            String packageName, Bundle settings) {
8033        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8034                DELEGATION_APP_RESTRICTIONS);
8035
8036        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
8037        final long id = mInjector.binderClearCallingIdentity();
8038        try {
8039            mUserManager.setApplicationRestrictions(packageName, settings, userHandle);
8040        } finally {
8041            mInjector.binderRestoreCallingIdentity(id);
8042        }
8043    }
8044
8045    @Override
8046    public void setTrustAgentConfiguration(ComponentName admin, ComponentName agent,
8047            PersistableBundle args, boolean parent) {
8048        if (!mHasFeature) {
8049            return;
8050        }
8051        Preconditions.checkNotNull(admin, "admin is null");
8052        Preconditions.checkNotNull(agent, "agent is null");
8053        final int userHandle = UserHandle.getCallingUserId();
8054        synchronized (this) {
8055            ActiveAdmin ap = getActiveAdminForCallerLocked(admin,
8056                    DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent);
8057            ap.trustAgentInfos.put(agent.flattenToString(), new TrustAgentInfo(args));
8058            saveSettingsLocked(userHandle);
8059        }
8060    }
8061
8062    @Override
8063    public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin,
8064            ComponentName agent, int userHandle, boolean parent) {
8065        if (!mHasFeature) {
8066            return null;
8067        }
8068        Preconditions.checkNotNull(agent, "agent null");
8069        enforceFullCrossUsersPermission(userHandle);
8070
8071        synchronized (this) {
8072            final String componentName = agent.flattenToString();
8073            if (admin != null) {
8074                final ActiveAdmin ap = getActiveAdminUncheckedLocked(admin, userHandle, parent);
8075                if (ap == null) return null;
8076                TrustAgentInfo trustAgentInfo = ap.trustAgentInfos.get(componentName);
8077                if (trustAgentInfo == null || trustAgentInfo.options == null) return null;
8078                List<PersistableBundle> result = new ArrayList<>();
8079                result.add(trustAgentInfo.options);
8080                return result;
8081            }
8082
8083            // Return strictest policy for this user and profiles that are visible from this user.
8084            List<PersistableBundle> result = null;
8085            // Search through all admins that use KEYGUARD_DISABLE_TRUST_AGENTS and keep track
8086            // of the options. If any admin doesn't have options, discard options for the rest
8087            // and return null.
8088            List<ActiveAdmin> admins =
8089                    getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent);
8090            boolean allAdminsHaveOptions = true;
8091            final int N = admins.size();
8092            for (int i = 0; i < N; i++) {
8093                final ActiveAdmin active = admins.get(i);
8094
8095                final boolean disablesTrust = (active.disabledKeyguardFeatures
8096                        & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
8097                final TrustAgentInfo info = active.trustAgentInfos.get(componentName);
8098                if (info != null && info.options != null && !info.options.isEmpty()) {
8099                    if (disablesTrust) {
8100                        if (result == null) {
8101                            result = new ArrayList<>();
8102                        }
8103                        result.add(info.options);
8104                    } else {
8105                        Log.w(LOG_TAG, "Ignoring admin " + active.info
8106                                + " because it has trust options but doesn't declare "
8107                                + "KEYGUARD_DISABLE_TRUST_AGENTS");
8108                    }
8109                } else if (disablesTrust) {
8110                    allAdminsHaveOptions = false;
8111                    break;
8112                }
8113            }
8114            return allAdminsHaveOptions ? result : null;
8115        }
8116    }
8117
8118    @Override
8119    public void setRestrictionsProvider(ComponentName who, ComponentName permissionProvider) {
8120        Preconditions.checkNotNull(who, "ComponentName is null");
8121        synchronized (this) {
8122            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8123
8124            int userHandle = UserHandle.getCallingUserId();
8125            DevicePolicyData userData = getUserData(userHandle);
8126            userData.mRestrictionsProvider = permissionProvider;
8127            saveSettingsLocked(userHandle);
8128        }
8129    }
8130
8131    @Override
8132    public ComponentName getRestrictionsProvider(int userHandle) {
8133        synchronized (this) {
8134            if (!isCallerWithSystemUid()) {
8135                throw new SecurityException("Only the system can query the permission provider");
8136            }
8137            DevicePolicyData userData = getUserData(userHandle);
8138            return userData != null ? userData.mRestrictionsProvider : null;
8139        }
8140    }
8141
8142    @Override
8143    public void addCrossProfileIntentFilter(ComponentName who, IntentFilter filter, int flags) {
8144        Preconditions.checkNotNull(who, "ComponentName is null");
8145        int callingUserId = UserHandle.getCallingUserId();
8146        synchronized (this) {
8147            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8148
8149            long id = mInjector.binderClearCallingIdentity();
8150            try {
8151                UserInfo parent = mUserManager.getProfileParent(callingUserId);
8152                if (parent == null) {
8153                    Slog.e(LOG_TAG, "Cannot call addCrossProfileIntentFilter if there is no "
8154                            + "parent");
8155                    return;
8156                }
8157                if ((flags & DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED) != 0) {
8158                    mIPackageManager.addCrossProfileIntentFilter(
8159                            filter, who.getPackageName(), callingUserId, parent.id, 0);
8160                }
8161                if ((flags & DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT) != 0) {
8162                    mIPackageManager.addCrossProfileIntentFilter(filter, who.getPackageName(),
8163                            parent.id, callingUserId, 0);
8164                }
8165            } catch (RemoteException re) {
8166                // Shouldn't happen
8167            } finally {
8168                mInjector.binderRestoreCallingIdentity(id);
8169            }
8170        }
8171    }
8172
8173    @Override
8174    public void clearCrossProfileIntentFilters(ComponentName who) {
8175        Preconditions.checkNotNull(who, "ComponentName is null");
8176        int callingUserId = UserHandle.getCallingUserId();
8177        synchronized (this) {
8178            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8179            long id = mInjector.binderClearCallingIdentity();
8180            try {
8181                UserInfo parent = mUserManager.getProfileParent(callingUserId);
8182                if (parent == null) {
8183                    Slog.e(LOG_TAG, "Cannot call clearCrossProfileIntentFilter if there is no "
8184                            + "parent");
8185                    return;
8186                }
8187                // Removing those that go from the managed profile to the parent.
8188                mIPackageManager.clearCrossProfileIntentFilters(
8189                        callingUserId, who.getPackageName());
8190                // And those that go from the parent to the managed profile.
8191                // If we want to support multiple managed profiles, we will have to only remove
8192                // those that have callingUserId as their target.
8193                mIPackageManager.clearCrossProfileIntentFilters(parent.id, who.getPackageName());
8194            } catch (RemoteException re) {
8195                // Shouldn't happen
8196            } finally {
8197                mInjector.binderRestoreCallingIdentity(id);
8198            }
8199        }
8200    }
8201
8202    /**
8203     * @return true if all packages in enabledPackages are either in the list
8204     * permittedList or are a system app.
8205     */
8206    private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages,
8207            List<String> permittedList, int userIdToCheck) {
8208        long id = mInjector.binderClearCallingIdentity();
8209        try {
8210            // If we have an enabled packages list for a managed profile the packages
8211            // we should check are installed for the parent user.
8212            UserInfo user = getUserInfo(userIdToCheck);
8213            if (user.isManagedProfile()) {
8214                userIdToCheck = user.profileGroupId;
8215            }
8216
8217            for (String enabledPackage : enabledPackages) {
8218                boolean systemService = false;
8219                try {
8220                    ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo(
8221                            enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES,
8222                            userIdToCheck);
8223                    systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
8224                } catch (RemoteException e) {
8225                    Log.i(LOG_TAG, "Can't talk to package managed", e);
8226                }
8227                if (!systemService && !permittedList.contains(enabledPackage)) {
8228                    return false;
8229                }
8230            }
8231        } finally {
8232            mInjector.binderRestoreCallingIdentity(id);
8233        }
8234        return true;
8235    }
8236
8237    private AccessibilityManager getAccessibilityManagerForUser(int userId) {
8238        // Not using AccessibilityManager.getInstance because that guesses
8239        // at the user you require based on callingUid and caches for a given
8240        // process.
8241        IBinder iBinder = ServiceManager.getService(Context.ACCESSIBILITY_SERVICE);
8242        IAccessibilityManager service = iBinder == null
8243                ? null : IAccessibilityManager.Stub.asInterface(iBinder);
8244        return new AccessibilityManager(mContext, service, userId);
8245    }
8246
8247    @Override
8248    public boolean setPermittedAccessibilityServices(ComponentName who, List packageList) {
8249        if (!mHasFeature) {
8250            return false;
8251        }
8252        Preconditions.checkNotNull(who, "ComponentName is null");
8253
8254        if (packageList != null) {
8255            int userId = UserHandle.getCallingUserId();
8256            List<AccessibilityServiceInfo> enabledServices = null;
8257            long id = mInjector.binderClearCallingIdentity();
8258            try {
8259                UserInfo user = getUserInfo(userId);
8260                if (user.isManagedProfile()) {
8261                    userId = user.profileGroupId;
8262                }
8263                AccessibilityManager accessibilityManager = getAccessibilityManagerForUser(userId);
8264                enabledServices = accessibilityManager.getEnabledAccessibilityServiceList(
8265                        AccessibilityServiceInfo.FEEDBACK_ALL_MASK);
8266            } finally {
8267                mInjector.binderRestoreCallingIdentity(id);
8268            }
8269
8270            if (enabledServices != null) {
8271                List<String> enabledPackages = new ArrayList<String>();
8272                for (AccessibilityServiceInfo service : enabledServices) {
8273                    enabledPackages.add(service.getResolveInfo().serviceInfo.packageName);
8274                }
8275                if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList,
8276                        userId)) {
8277                    Slog.e(LOG_TAG, "Cannot set permitted accessibility services, "
8278                            + "because it contains already enabled accesibility services.");
8279                    return false;
8280                }
8281            }
8282        }
8283
8284        synchronized (this) {
8285            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8286                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8287            admin.permittedAccessiblityServices = packageList;
8288            saveSettingsLocked(UserHandle.getCallingUserId());
8289        }
8290        return true;
8291    }
8292
8293    @Override
8294    public List getPermittedAccessibilityServices(ComponentName who) {
8295        if (!mHasFeature) {
8296            return null;
8297        }
8298        Preconditions.checkNotNull(who, "ComponentName is null");
8299
8300        synchronized (this) {
8301            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8302                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8303            return admin.permittedAccessiblityServices;
8304        }
8305    }
8306
8307    @Override
8308    public List getPermittedAccessibilityServicesForUser(int userId) {
8309        if (!mHasFeature) {
8310            return null;
8311        }
8312        synchronized (this) {
8313            List<String> result = null;
8314            // If we have multiple profiles we return the intersection of the
8315            // permitted lists. This can happen in cases where we have a device
8316            // and profile owner.
8317            int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId);
8318            for (int profileId : profileIds) {
8319                // Just loop though all admins, only device or profiles
8320                // owners can have permitted lists set.
8321                DevicePolicyData policy = getUserDataUnchecked(profileId);
8322                final int N = policy.mAdminList.size();
8323                for (int j = 0; j < N; j++) {
8324                    ActiveAdmin admin = policy.mAdminList.get(j);
8325                    List<String> fromAdmin = admin.permittedAccessiblityServices;
8326                    if (fromAdmin != null) {
8327                        if (result == null) {
8328                            result = new ArrayList<>(fromAdmin);
8329                        } else {
8330                            result.retainAll(fromAdmin);
8331                        }
8332                    }
8333                }
8334            }
8335
8336            // If we have a permitted list add all system accessibility services.
8337            if (result != null) {
8338                long id = mInjector.binderClearCallingIdentity();
8339                try {
8340                    UserInfo user = getUserInfo(userId);
8341                    if (user.isManagedProfile()) {
8342                        userId = user.profileGroupId;
8343                    }
8344                    AccessibilityManager accessibilityManager =
8345                            getAccessibilityManagerForUser(userId);
8346                    List<AccessibilityServiceInfo> installedServices =
8347                            accessibilityManager.getInstalledAccessibilityServiceList();
8348
8349                    if (installedServices != null) {
8350                        for (AccessibilityServiceInfo service : installedServices) {
8351                            ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo;
8352                            ApplicationInfo applicationInfo = serviceInfo.applicationInfo;
8353                            if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
8354                                result.add(serviceInfo.packageName);
8355                            }
8356                        }
8357                    }
8358                } finally {
8359                    mInjector.binderRestoreCallingIdentity(id);
8360                }
8361            }
8362
8363            return result;
8364        }
8365    }
8366
8367    @Override
8368    public boolean isAccessibilityServicePermittedByAdmin(ComponentName who, String packageName,
8369            int userHandle) {
8370        if (!mHasFeature) {
8371            return true;
8372        }
8373        Preconditions.checkNotNull(who, "ComponentName is null");
8374        Preconditions.checkStringNotEmpty(packageName, "packageName is null");
8375        if (!isCallerWithSystemUid()){
8376            throw new SecurityException(
8377                    "Only the system can query if an accessibility service is disabled by admin");
8378        }
8379        synchronized (this) {
8380            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
8381            if (admin == null) {
8382                return false;
8383            }
8384            if (admin.permittedAccessiblityServices == null) {
8385                return true;
8386            }
8387            return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName),
8388                    admin.permittedAccessiblityServices, userHandle);
8389        }
8390    }
8391
8392    private boolean checkCallerIsCurrentUserOrProfile() {
8393        final int callingUserId = UserHandle.getCallingUserId();
8394        final long token = mInjector.binderClearCallingIdentity();
8395        try {
8396            UserInfo currentUser;
8397            UserInfo callingUser = getUserInfo(callingUserId);
8398            try {
8399                currentUser = mInjector.getIActivityManager().getCurrentUser();
8400            } catch (RemoteException e) {
8401                Slog.e(LOG_TAG, "Failed to talk to activity managed.", e);
8402                return false;
8403            }
8404
8405            if (callingUser.isManagedProfile() && callingUser.profileGroupId != currentUser.id) {
8406                Slog.e(LOG_TAG, "Cannot set permitted input methods for managed profile "
8407                        + "of a user that isn't the foreground user.");
8408                return false;
8409            }
8410            if (!callingUser.isManagedProfile() && callingUserId != currentUser.id ) {
8411                Slog.e(LOG_TAG, "Cannot set permitted input methods "
8412                        + "of a user that isn't the foreground user.");
8413                return false;
8414            }
8415        } finally {
8416            mInjector.binderRestoreCallingIdentity(token);
8417        }
8418        return true;
8419    }
8420
8421    @Override
8422    public boolean setPermittedInputMethods(ComponentName who, List packageList) {
8423        if (!mHasFeature) {
8424            return false;
8425        }
8426        Preconditions.checkNotNull(who, "ComponentName is null");
8427
8428        // TODO When InputMethodManager supports per user calls remove
8429        //      this restriction.
8430        if (!checkCallerIsCurrentUserOrProfile()) {
8431            return false;
8432        }
8433
8434        final int callingUserId = mInjector.userHandleGetCallingUserId();
8435        if (packageList != null) {
8436            // InputMethodManager fetches input methods for current user.
8437            // So this can only be set when calling user is the current user
8438            // or parent is current user in case of managed profiles.
8439            InputMethodManager inputMethodManager =
8440                    mContext.getSystemService(InputMethodManager.class);
8441            List<InputMethodInfo> enabledImes = inputMethodManager.getEnabledInputMethodList();
8442
8443            if (enabledImes != null) {
8444                List<String> enabledPackages = new ArrayList<String>();
8445                for (InputMethodInfo ime : enabledImes) {
8446                    enabledPackages.add(ime.getPackageName());
8447                }
8448                if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList,
8449                        callingUserId)) {
8450                    Slog.e(LOG_TAG, "Cannot set permitted input methods, "
8451                            + "because it contains already enabled input method.");
8452                    return false;
8453                }
8454            }
8455        }
8456
8457        synchronized (this) {
8458            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8459                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8460            admin.permittedInputMethods = packageList;
8461            saveSettingsLocked(callingUserId);
8462        }
8463        return true;
8464    }
8465
8466    @Override
8467    public List getPermittedInputMethods(ComponentName who) {
8468        if (!mHasFeature) {
8469            return null;
8470        }
8471        Preconditions.checkNotNull(who, "ComponentName is null");
8472
8473        synchronized (this) {
8474            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
8475                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8476            return admin.permittedInputMethods;
8477        }
8478    }
8479
8480    @Override
8481    public List getPermittedInputMethodsForCurrentUser() {
8482        UserInfo currentUser;
8483        try {
8484            currentUser = mInjector.getIActivityManager().getCurrentUser();
8485        } catch (RemoteException e) {
8486            Slog.e(LOG_TAG, "Failed to make remote calls to get current user", e);
8487            // Activity managed is dead, just allow all IMEs
8488            return null;
8489        }
8490
8491        int userId = currentUser.id;
8492        synchronized (this) {
8493            List<String> result = null;
8494            // If we have multiple profiles we return the intersection of the
8495            // permitted lists. This can happen in cases where we have a device
8496            // and profile owner.
8497            int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId);
8498            for (int profileId : profileIds) {
8499                // Just loop though all admins, only device or profiles
8500                // owners can have permitted lists set.
8501                DevicePolicyData policy = getUserDataUnchecked(profileId);
8502                final int N = policy.mAdminList.size();
8503                for (int j = 0; j < N; j++) {
8504                    ActiveAdmin admin = policy.mAdminList.get(j);
8505                    List<String> fromAdmin = admin.permittedInputMethods;
8506                    if (fromAdmin != null) {
8507                        if (result == null) {
8508                            result = new ArrayList<String>(fromAdmin);
8509                        } else {
8510                            result.retainAll(fromAdmin);
8511                        }
8512                    }
8513                }
8514            }
8515
8516            // If we have a permitted list add all system input methods.
8517            if (result != null) {
8518                InputMethodManager inputMethodManager =
8519                        mContext.getSystemService(InputMethodManager.class);
8520                List<InputMethodInfo> imes = inputMethodManager.getInputMethodList();
8521                long id = mInjector.binderClearCallingIdentity();
8522                try {
8523                    if (imes != null) {
8524                        for (InputMethodInfo ime : imes) {
8525                            ServiceInfo serviceInfo = ime.getServiceInfo();
8526                            ApplicationInfo applicationInfo = serviceInfo.applicationInfo;
8527                            if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
8528                                result.add(serviceInfo.packageName);
8529                            }
8530                        }
8531                    }
8532                } finally {
8533                    mInjector.binderRestoreCallingIdentity(id);
8534                }
8535            }
8536            return result;
8537        }
8538    }
8539
8540    @Override
8541    public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName,
8542            int userHandle) {
8543        if (!mHasFeature) {
8544            return true;
8545        }
8546        Preconditions.checkNotNull(who, "ComponentName is null");
8547        Preconditions.checkStringNotEmpty(packageName, "packageName is null");
8548        if (!isCallerWithSystemUid()) {
8549            throw new SecurityException(
8550                    "Only the system can query if an input method is disabled by admin");
8551        }
8552        synchronized (this) {
8553            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
8554            if (admin == null) {
8555                return false;
8556            }
8557            if (admin.permittedInputMethods == null) {
8558                return true;
8559            }
8560            return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName),
8561                    admin.permittedInputMethods, userHandle);
8562        }
8563    }
8564
8565    @Override
8566    public boolean setPermittedCrossProfileNotificationListeners(
8567            ComponentName who, List<String> packageList) {
8568        if (!mHasFeature) {
8569            return false;
8570        }
8571        Preconditions.checkNotNull(who, "ComponentName is null");
8572
8573        final int callingUserId = mInjector.userHandleGetCallingUserId();
8574        if (!isManagedProfile(callingUserId)) {
8575            return false;
8576        }
8577
8578        synchronized (this) {
8579            ActiveAdmin admin = getActiveAdminForCallerLocked(
8580                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8581            admin.permittedNotificationListeners = packageList;
8582            saveSettingsLocked(callingUserId);
8583        }
8584        return true;
8585    }
8586
8587    @Override
8588    public List<String> getPermittedCrossProfileNotificationListeners(ComponentName who) {
8589        if (!mHasFeature) {
8590            return null;
8591        }
8592        Preconditions.checkNotNull(who, "ComponentName is null");
8593
8594        synchronized (this) {
8595            ActiveAdmin admin = getActiveAdminForCallerLocked(
8596                    who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8597            return admin.permittedNotificationListeners;
8598        }
8599    }
8600
8601    @Override
8602    public boolean isNotificationListenerServicePermitted(String packageName, int userId) {
8603        if (!mHasFeature) {
8604            return true;
8605        }
8606
8607        Preconditions.checkStringNotEmpty(packageName, "packageName is null or empty");
8608        if (!isCallerWithSystemUid()) {
8609            throw new SecurityException(
8610                    "Only the system can query if a notification listener service is permitted");
8611        }
8612        synchronized (this) {
8613            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
8614            if (profileOwner == null || profileOwner.permittedNotificationListeners == null) {
8615                return true;
8616            }
8617            return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName),
8618                    profileOwner.permittedNotificationListeners, userId);
8619
8620        }
8621    }
8622
8623    private void maybeSendAdminEnabledBroadcastLocked(int userHandle) {
8624        DevicePolicyData policyData = getUserData(userHandle);
8625        if (policyData.mAdminBroadcastPending) {
8626            // Send the initialization data to profile owner and delete the data
8627            ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle);
8628            boolean clearInitBundle = true;
8629            if (admin != null) {
8630                PersistableBundle initBundle = policyData.mInitBundle;
8631                clearInitBundle = sendAdminCommandLocked(admin,
8632                        DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED,
8633                        initBundle == null ? null : new Bundle(initBundle),
8634                        null /* result receiver */,
8635                        true /* send in foreground */);
8636            }
8637            if (clearInitBundle) {
8638                // If there's no admin or we've successfully called the admin, clear the init bundle
8639                // otherwise, keep it around
8640                policyData.mInitBundle = null;
8641                policyData.mAdminBroadcastPending = false;
8642                saveSettingsLocked(userHandle);
8643            }
8644        }
8645    }
8646
8647    @Override
8648    public UserHandle createAndManageUser(ComponentName admin, String name,
8649            ComponentName profileOwner, PersistableBundle adminExtras, int flags) {
8650        Preconditions.checkNotNull(admin, "admin is null");
8651        Preconditions.checkNotNull(profileOwner, "profileOwner is null");
8652        if (!admin.getPackageName().equals(profileOwner.getPackageName())) {
8653            throw new IllegalArgumentException("profileOwner " + profileOwner + " and admin "
8654                    + admin + " are not in the same package");
8655        }
8656        // Only allow the system user to use this method
8657        if (!mInjector.binderGetCallingUserHandle().isSystem()) {
8658            throw new SecurityException("createAndManageUser was called from non-system user");
8659        }
8660        final boolean ephemeral = (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0;
8661        final boolean demo = (flags & DevicePolicyManager.MAKE_USER_DEMO) != 0
8662                && UserManager.isDeviceInDemoMode(mContext);
8663        final boolean leaveAllSystemAppsEnabled = (flags & LEAVE_ALL_SYSTEM_APPS_ENABLED) != 0;
8664        // Create user.
8665        UserHandle user = null;
8666        synchronized (this) {
8667            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8668
8669            final long id = mInjector.binderClearCallingIdentity();
8670            try {
8671                int userInfoFlags = 0;
8672                if (ephemeral) {
8673                    userInfoFlags |= UserInfo.FLAG_EPHEMERAL;
8674                }
8675                if (demo) {
8676                    userInfoFlags |= UserInfo.FLAG_DEMO;
8677                }
8678                String[] disallowedPackages = null;
8679                if (!leaveAllSystemAppsEnabled) {
8680                    disallowedPackages = mOverlayPackagesProvider.getNonRequiredApps(admin,
8681                            UserHandle.myUserId(), ACTION_PROVISION_MANAGED_USER).toArray(
8682                            new String[0]);
8683                }
8684                UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name,
8685                        userInfoFlags, disallowedPackages);
8686                if (userInfo != null) {
8687                    user = userInfo.getUserHandle();
8688                }
8689            } finally {
8690                mInjector.binderRestoreCallingIdentity(id);
8691            }
8692        }
8693        if (user == null) {
8694            return null;
8695        }
8696
8697        final int userHandle = user.getIdentifier();
8698        final Intent intent = new Intent(DevicePolicyManager.ACTION_MANAGED_USER_CREATED)
8699                .putExtra(Intent.EXTRA_USER_HANDLE, userHandle)
8700                .putExtra(
8701                        DevicePolicyManager.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED,
8702                        leaveAllSystemAppsEnabled)
8703                .setPackage(MANAGED_PROVISIONING_PKG)
8704                .addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
8705        mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM);
8706
8707        final long id = mInjector.binderClearCallingIdentity();
8708        try {
8709            final String adminPkg = admin.getPackageName();
8710            try {
8711                // Install the profile owner if not present.
8712                if (!mIPackageManager.isPackageAvailable(adminPkg, userHandle)) {
8713                    mIPackageManager.installExistingPackageAsUser(adminPkg, userHandle,
8714                            0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY);
8715                }
8716            } catch (RemoteException e) {
8717                // Does not happen, same process
8718            }
8719
8720            // Set admin.
8721            setActiveAdmin(profileOwner, true, userHandle);
8722            final String ownerName = getProfileOwnerName(Process.myUserHandle().getIdentifier());
8723            setProfileOwner(profileOwner, ownerName, userHandle);
8724
8725            synchronized (this) {
8726                DevicePolicyData policyData = getUserData(userHandle);
8727                policyData.mInitBundle = adminExtras;
8728                policyData.mAdminBroadcastPending = true;
8729                saveSettingsLocked(userHandle);
8730            }
8731
8732            if ((flags & DevicePolicyManager.SKIP_SETUP_WIZARD) != 0) {
8733                Settings.Secure.putIntForUser(mContext.getContentResolver(),
8734                        Settings.Secure.USER_SETUP_COMPLETE, 1, userHandle);
8735            }
8736
8737            return user;
8738        } catch (Throwable re) {
8739            mUserManager.removeUser(userHandle);
8740            return null;
8741        } finally {
8742            mInjector.binderRestoreCallingIdentity(id);
8743        }
8744    }
8745
8746    @Override
8747    public boolean removeUser(ComponentName who, UserHandle userHandle) {
8748        Preconditions.checkNotNull(who, "ComponentName is null");
8749        Preconditions.checkNotNull(userHandle, "UserHandle is null");
8750
8751        synchronized (this) {
8752            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8753        }
8754
8755        final int callingUserId = mInjector.userHandleGetCallingUserId();
8756        final long id = mInjector.binderClearCallingIdentity();
8757        try {
8758            String restriction = isManagedProfile(userHandle.getIdentifier())
8759                    ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE
8760                    : UserManager.DISALLOW_REMOVE_USER;
8761            if (isAdminAffectedByRestriction(who, restriction, callingUserId)) {
8762                Log.w(LOG_TAG, "The device owner cannot remove a user because "
8763                        + restriction + " is enabled, and was not set by the device owner");
8764                return false;
8765            }
8766            return mUserManagerInternal.removeUserEvenWhenDisallowed(userHandle.getIdentifier());
8767        } finally {
8768            mInjector.binderRestoreCallingIdentity(id);
8769        }
8770    }
8771
8772    private boolean isAdminAffectedByRestriction(
8773            ComponentName admin, String userRestriction, int userId) {
8774        switch(mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId))) {
8775            case UserManager.RESTRICTION_NOT_SET:
8776                return false;
8777            case UserManager.RESTRICTION_SOURCE_DEVICE_OWNER:
8778                return !isDeviceOwner(admin, userId);
8779            case UserManager.RESTRICTION_SOURCE_PROFILE_OWNER:
8780                return !isProfileOwner(admin, userId);
8781            default:
8782                return true;
8783        }
8784    }
8785
8786    @Override
8787    public boolean switchUser(ComponentName who, UserHandle userHandle) {
8788        Preconditions.checkNotNull(who, "ComponentName is null");
8789
8790        synchronized (this) {
8791            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8792
8793            long id = mInjector.binderClearCallingIdentity();
8794            try {
8795                int userId = UserHandle.USER_SYSTEM;
8796                if (userHandle != null) {
8797                    userId = userHandle.getIdentifier();
8798                }
8799                return mInjector.getIActivityManager().switchUser(userId);
8800            } catch (RemoteException e) {
8801                Log.e(LOG_TAG, "Couldn't switch user", e);
8802                return false;
8803            } finally {
8804                mInjector.binderRestoreCallingIdentity(id);
8805            }
8806        }
8807    }
8808
8809    @Override
8810    public boolean startUserInBackground(ComponentName who, UserHandle userHandle) {
8811        Preconditions.checkNotNull(who, "ComponentName is null");
8812        Preconditions.checkNotNull(userHandle, "UserHandle is null");
8813
8814        synchronized (this) {
8815            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8816        }
8817
8818        final int userId = userHandle.getIdentifier();
8819        if (isManagedProfile(userId)) {
8820            Log.w(LOG_TAG, "Managed profile cannot be started in background");
8821            return false;
8822        }
8823
8824        final long id = mInjector.binderClearCallingIdentity();
8825        try {
8826            if (!mInjector.getActivityManagerInternal().canStartMoreUsers()) {
8827                Log.w(LOG_TAG, "Cannot start more users in background");
8828                return false;
8829            }
8830
8831            return mInjector.getIActivityManager().startUserInBackground(userId);
8832        } catch (RemoteException e) {
8833            // Same process, should not happen.
8834            return false;
8835        } finally {
8836            mInjector.binderRestoreCallingIdentity(id);
8837        }
8838    }
8839
8840    @Override
8841    public boolean stopUser(ComponentName who, UserHandle userHandle) {
8842        Preconditions.checkNotNull(who, "ComponentName is null");
8843        Preconditions.checkNotNull(userHandle, "UserHandle is null");
8844
8845        synchronized (this) {
8846            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8847        }
8848
8849        final int userId = userHandle.getIdentifier();
8850        if (isManagedProfile(userId)) {
8851            Log.w(LOG_TAG, "Managed profile cannot be stopped");
8852            return false;
8853        }
8854
8855        final long id = mInjector.binderClearCallingIdentity();
8856        try {
8857            return mInjector.getIActivityManager().stopUser(userId, true /*force*/, null)
8858                    == USER_OP_SUCCESS;
8859        } catch (RemoteException e) {
8860            // Same process, should not happen.
8861            return false;
8862        } finally {
8863            mInjector.binderRestoreCallingIdentity(id);
8864        }
8865    }
8866
8867    @Override
8868    public boolean logoutUser(ComponentName who) {
8869        Preconditions.checkNotNull(who, "ComponentName is null");
8870
8871        final int callingUserId = mInjector.userHandleGetCallingUserId();
8872        synchronized (this) {
8873            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8874            if (!isUserAffiliatedWithDeviceLocked(callingUserId)) {
8875                throw new SecurityException("Admin " + who +
8876                        " is neither the device owner or affiliated user's profile owner.");
8877            }
8878        }
8879
8880        if (isManagedProfile(callingUserId)) {
8881            Log.w(LOG_TAG, "Managed profile cannot be logout");
8882            return false;
8883        }
8884
8885        final long id = mInjector.binderClearCallingIdentity();
8886        try {
8887            if (!mInjector.getIActivityManager().switchUser(UserHandle.USER_SYSTEM)) {
8888                Log.w(LOG_TAG, "Failed to switch to primary user");
8889                return false;
8890            }
8891            return mInjector.getIActivityManager().stopUser(callingUserId, true /*force*/, null)
8892                    == USER_OP_SUCCESS;
8893        } catch (RemoteException e) {
8894            // Same process, should not happen.
8895            return false;
8896        } finally {
8897            mInjector.binderRestoreCallingIdentity(id);
8898        }
8899    }
8900
8901    @Override
8902    public List<UserHandle> getSecondaryUsers(ComponentName who) {
8903        Preconditions.checkNotNull(who, "ComponentName is null");
8904        synchronized (this) {
8905            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
8906        }
8907
8908        final long id = mInjector.binderClearCallingIdentity();
8909        try {
8910            final List<UserInfo> userInfos = mInjector.getUserManager().getUsers(true
8911                    /*excludeDying*/);
8912            final List<UserHandle> userHandles = new ArrayList<>();
8913            for (UserInfo userInfo : userInfos) {
8914                UserHandle userHandle = userInfo.getUserHandle();
8915                if (!userHandle.isSystem() && !isManagedProfile(userHandle.getIdentifier())) {
8916                    userHandles.add(userInfo.getUserHandle());
8917                }
8918            }
8919            return userHandles;
8920        } finally {
8921            mInjector.binderRestoreCallingIdentity(id);
8922        }
8923    }
8924
8925    @Override
8926    public boolean isEphemeralUser(ComponentName who) {
8927        Preconditions.checkNotNull(who, "ComponentName is null");
8928        synchronized (this) {
8929            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
8930        }
8931
8932        final int callingUserId = mInjector.userHandleGetCallingUserId();
8933        final long id = mInjector.binderClearCallingIdentity();
8934        try {
8935            return mInjector.getUserManager().isUserEphemeral(callingUserId);
8936        } finally {
8937            mInjector.binderRestoreCallingIdentity(id);
8938        }
8939    }
8940
8941    @Override
8942    public Bundle getApplicationRestrictions(ComponentName who, String callerPackage,
8943            String packageName) {
8944        enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8945                DELEGATION_APP_RESTRICTIONS);
8946
8947        final UserHandle userHandle = mInjector.binderGetCallingUserHandle();
8948        final long id = mInjector.binderClearCallingIdentity();
8949        try {
8950           Bundle bundle = mUserManager.getApplicationRestrictions(packageName, userHandle);
8951           // if no restrictions were saved, mUserManager.getApplicationRestrictions
8952           // returns null, but DPM method should return an empty Bundle as per JavaDoc
8953           return bundle != null ? bundle : Bundle.EMPTY;
8954        } finally {
8955            mInjector.binderRestoreCallingIdentity(id);
8956        }
8957    }
8958
8959    @Override
8960    public String[] setPackagesSuspended(ComponentName who, String callerPackage,
8961            String[] packageNames, boolean suspended) {
8962        int callingUserId = UserHandle.getCallingUserId();
8963        synchronized (this) {
8964            // Ensure the caller is a DO/PO or a package access delegate.
8965            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8966                    DELEGATION_PACKAGE_ACCESS);
8967
8968            long id = mInjector.binderClearCallingIdentity();
8969            try {
8970                return mIPackageManager.setPackagesSuspendedAsUser(
8971                        packageNames, suspended, callingUserId);
8972            } catch (RemoteException re) {
8973                // Shouldn't happen.
8974                Slog.e(LOG_TAG, "Failed talking to the package manager", re);
8975            } finally {
8976                mInjector.binderRestoreCallingIdentity(id);
8977            }
8978            return packageNames;
8979        }
8980    }
8981
8982    @Override
8983    public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) {
8984        int callingUserId = UserHandle.getCallingUserId();
8985        synchronized (this) {
8986            // Ensure the caller is a DO/PO or a package access delegate.
8987            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
8988                    DELEGATION_PACKAGE_ACCESS);
8989
8990            long id = mInjector.binderClearCallingIdentity();
8991            try {
8992                return mIPackageManager.isPackageSuspendedForUser(packageName, callingUserId);
8993            } catch (RemoteException re) {
8994                // Shouldn't happen.
8995                Slog.e(LOG_TAG, "Failed talking to the package manager", re);
8996            } finally {
8997                mInjector.binderRestoreCallingIdentity(id);
8998            }
8999            return false;
9000        }
9001    }
9002
9003    @Override
9004    public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) {
9005        Preconditions.checkNotNull(who, "ComponentName is null");
9006        if (!UserRestrictionsUtils.isValidRestriction(key)) {
9007            return;
9008        }
9009
9010        final int userHandle = mInjector.userHandleGetCallingUserId();
9011        synchronized (this) {
9012            final ActiveAdmin activeAdmin =
9013                    getActiveAdminForCallerLocked(who,
9014                            DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9015            final boolean isDeviceOwner = isDeviceOwner(who, userHandle);
9016            if (isDeviceOwner) {
9017                if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) {
9018                    throw new SecurityException("Device owner cannot set user restriction " + key);
9019                }
9020            } else { // profile owner
9021                if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) {
9022                    throw new SecurityException("Profile owner cannot set user restriction " + key);
9023                }
9024            }
9025
9026            // Save the restriction to ActiveAdmin.
9027            final Bundle restrictions = activeAdmin.ensureUserRestrictions();
9028            if (enabledFromThisOwner) {
9029                restrictions.putBoolean(key, true);
9030            } else {
9031                restrictions.remove(key);
9032            }
9033            saveUserRestrictionsLocked(userHandle);
9034        }
9035    }
9036
9037    private void saveUserRestrictionsLocked(int userId) {
9038        saveSettingsLocked(userId);
9039        pushUserRestrictions(userId);
9040        sendChangedNotification(userId);
9041    }
9042
9043    private void pushUserRestrictions(int userId) {
9044        synchronized (this) {
9045            final boolean isDeviceOwner = mOwners.isDeviceOwnerUserId(userId);
9046            final Bundle userRestrictions;
9047            // Whether device owner enforces camera restriction.
9048            boolean disallowCameraGlobally = false;
9049
9050            if (isDeviceOwner) {
9051                final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
9052                if (deviceOwner == null) {
9053                    return; // Shouldn't happen.
9054                }
9055                userRestrictions = deviceOwner.userRestrictions;
9056                // DO can disable camera globally.
9057                disallowCameraGlobally = deviceOwner.disableCamera;
9058            } else {
9059                final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
9060                userRestrictions = profileOwner != null ? profileOwner.userRestrictions : null;
9061            }
9062
9063            // Whether any admin enforces camera restriction.
9064            final int cameraRestrictionScope =
9065                    getCameraRestrictionScopeLocked(userId, disallowCameraGlobally);
9066
9067            mUserManagerInternal.setDevicePolicyUserRestrictions(userId, userRestrictions,
9068                    isDeviceOwner, cameraRestrictionScope);
9069        }
9070    }
9071
9072    /**
9073     * Get the scope of camera restriction for a given user if any.
9074     */
9075    private int getCameraRestrictionScopeLocked(int userId, boolean disallowCameraGlobally) {
9076        if (disallowCameraGlobally) {
9077            return UserManagerInternal.CAMERA_DISABLED_GLOBALLY;
9078        } else if (getCameraDisabled(
9079                /* who= */ null, userId, /* mergeDeviceOwnerRestriction= */ false)) {
9080            return UserManagerInternal.CAMERA_DISABLED_LOCALLY;
9081        }
9082        return UserManagerInternal.CAMERA_NOT_DISABLED;
9083    }
9084
9085    @Override
9086    public Bundle getUserRestrictions(ComponentName who) {
9087        if (!mHasFeature) {
9088            return null;
9089        }
9090        Preconditions.checkNotNull(who, "ComponentName is null");
9091        synchronized (this) {
9092            final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who,
9093                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9094            return activeAdmin.userRestrictions;
9095        }
9096    }
9097
9098    @Override
9099    public boolean setApplicationHidden(ComponentName who, String callerPackage, String packageName,
9100            boolean hidden) {
9101        int callingUserId = UserHandle.getCallingUserId();
9102        synchronized (this) {
9103            // Ensure the caller is a DO/PO or a package access delegate.
9104            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9105                    DELEGATION_PACKAGE_ACCESS);
9106
9107            long id = mInjector.binderClearCallingIdentity();
9108            try {
9109                return mIPackageManager.setApplicationHiddenSettingAsUser(
9110                        packageName, hidden, callingUserId);
9111            } catch (RemoteException re) {
9112                // shouldn't happen
9113                Slog.e(LOG_TAG, "Failed to setApplicationHiddenSetting", re);
9114            } finally {
9115                mInjector.binderRestoreCallingIdentity(id);
9116            }
9117            return false;
9118        }
9119    }
9120
9121    @Override
9122    public boolean isApplicationHidden(ComponentName who, String callerPackage,
9123            String packageName) {
9124        int callingUserId = UserHandle.getCallingUserId();
9125        synchronized (this) {
9126            // Ensure the caller is a DO/PO or a package access delegate.
9127            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9128                    DELEGATION_PACKAGE_ACCESS);
9129
9130            long id = mInjector.binderClearCallingIdentity();
9131            try {
9132                return mIPackageManager.getApplicationHiddenSettingAsUser(
9133                        packageName, callingUserId);
9134            } catch (RemoteException re) {
9135                // shouldn't happen
9136                Slog.e(LOG_TAG, "Failed to getApplicationHiddenSettingAsUser", re);
9137            } finally {
9138                mInjector.binderRestoreCallingIdentity(id);
9139            }
9140            return false;
9141        }
9142    }
9143
9144    @Override
9145    public void enableSystemApp(ComponentName who, String callerPackage, String packageName) {
9146        synchronized (this) {
9147            // Ensure the caller is a DO/PO or an enable system app delegate.
9148            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9149                    DELEGATION_ENABLE_SYSTEM_APP);
9150
9151            final boolean isDemo = isCurrentUserDemo();
9152
9153            int userId = UserHandle.getCallingUserId();
9154            long id = mInjector.binderClearCallingIdentity();
9155
9156            try {
9157                if (VERBOSE_LOG) {
9158                    Slog.v(LOG_TAG, "installing " + packageName + " for "
9159                            + userId);
9160                }
9161
9162                int parentUserId = getProfileParentId(userId);
9163                if (!isDemo && !isSystemApp(mIPackageManager, packageName, parentUserId)) {
9164                    throw new IllegalArgumentException("Only system apps can be enabled this way.");
9165                }
9166
9167                // Install the app.
9168                mIPackageManager.installExistingPackageAsUser(packageName, userId,
9169                        0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY);
9170                if (isDemo) {
9171                    // Ensure the app is also ENABLED for demo users.
9172                    mIPackageManager.setApplicationEnabledSetting(packageName,
9173                            PackageManager.COMPONENT_ENABLED_STATE_ENABLED,
9174                            PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager");
9175                }
9176            } catch (RemoteException re) {
9177                // shouldn't happen
9178                Slog.wtf(LOG_TAG, "Failed to install " + packageName, re);
9179            } finally {
9180                mInjector.binderRestoreCallingIdentity(id);
9181            }
9182        }
9183    }
9184
9185    @Override
9186    public int enableSystemAppWithIntent(ComponentName who, String callerPackage, Intent intent) {
9187        synchronized (this) {
9188            // Ensure the caller is a DO/PO or an enable system app delegate.
9189            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9190                    DELEGATION_ENABLE_SYSTEM_APP);
9191
9192            int userId = UserHandle.getCallingUserId();
9193            long id = mInjector.binderClearCallingIdentity();
9194
9195            try {
9196                int parentUserId = getProfileParentId(userId);
9197                List<ResolveInfo> activitiesToEnable = mIPackageManager
9198                        .queryIntentActivities(intent,
9199                                intent.resolveTypeIfNeeded(mContext.getContentResolver()),
9200                                PackageManager.MATCH_DIRECT_BOOT_AWARE
9201                                        | PackageManager.MATCH_DIRECT_BOOT_UNAWARE,
9202                                parentUserId)
9203                        .getList();
9204
9205                if (VERBOSE_LOG) {
9206                    Slog.d(LOG_TAG, "Enabling system activities: " + activitiesToEnable);
9207                }
9208                int numberOfAppsInstalled = 0;
9209                if (activitiesToEnable != null) {
9210                    for (ResolveInfo info : activitiesToEnable) {
9211                        if (info.activityInfo != null) {
9212                            String packageName = info.activityInfo.packageName;
9213                            if (isSystemApp(mIPackageManager, packageName, parentUserId)) {
9214                                numberOfAppsInstalled++;
9215                                mIPackageManager.installExistingPackageAsUser(packageName, userId,
9216                                        0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY);
9217                            } else {
9218                                Slog.d(LOG_TAG, "Not enabling " + packageName + " since is not a"
9219                                        + " system app");
9220                            }
9221                        }
9222                    }
9223                }
9224                return numberOfAppsInstalled;
9225            } catch (RemoteException e) {
9226                // shouldn't happen
9227                Slog.wtf(LOG_TAG, "Failed to resolve intent for: " + intent);
9228                return 0;
9229            } finally {
9230                mInjector.binderRestoreCallingIdentity(id);
9231            }
9232        }
9233    }
9234
9235    private boolean isSystemApp(IPackageManager pm, String packageName, int userId)
9236            throws RemoteException {
9237        ApplicationInfo appInfo = pm.getApplicationInfo(packageName, MATCH_UNINSTALLED_PACKAGES,
9238                userId);
9239        if (appInfo == null) {
9240            throw new IllegalArgumentException("The application " + packageName +
9241                    " is not present on this device");
9242        }
9243        return (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
9244    }
9245
9246    @Override
9247    public boolean installExistingPackage(ComponentName who, String callerPackage,
9248            String packageName) {
9249        synchronized (this) {
9250            // Ensure the caller is a PO or an install existing package delegate
9251            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9252                    DELEGATION_INSTALL_EXISTING_PACKAGE);
9253            final int callingUserId = mInjector.userHandleGetCallingUserId();
9254            if (!isUserAffiliatedWithDeviceLocked(callingUserId)) {
9255                throw new SecurityException("Admin " + who +
9256                        " is neither the device owner or affiliated user's profile owner.");
9257            }
9258
9259            final long id = mInjector.binderClearCallingIdentity();
9260            try {
9261                if (VERBOSE_LOG) {
9262                    Slog.v(LOG_TAG, "installing " + packageName + " for "
9263                            + callingUserId);
9264                }
9265
9266                // Install the package.
9267                return mIPackageManager.installExistingPackageAsUser(packageName, callingUserId,
9268                        0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY)
9269                        == PackageManager.INSTALL_SUCCEEDED;
9270            } catch (RemoteException re) {
9271                // shouldn't happen
9272                return false;
9273            } finally {
9274                mInjector.binderRestoreCallingIdentity(id);
9275            }
9276        }
9277    }
9278
9279    @Override
9280    public void setAccountManagementDisabled(ComponentName who, String accountType,
9281            boolean disabled) {
9282        if (!mHasFeature) {
9283            return;
9284        }
9285        Preconditions.checkNotNull(who, "ComponentName is null");
9286        synchronized (this) {
9287            ActiveAdmin ap = getActiveAdminForCallerLocked(who,
9288                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9289            if (disabled) {
9290                ap.accountTypesWithManagementDisabled.add(accountType);
9291            } else {
9292                ap.accountTypesWithManagementDisabled.remove(accountType);
9293            }
9294            saveSettingsLocked(UserHandle.getCallingUserId());
9295        }
9296    }
9297
9298    @Override
9299    public String[] getAccountTypesWithManagementDisabled() {
9300        return getAccountTypesWithManagementDisabledAsUser(UserHandle.getCallingUserId());
9301    }
9302
9303    @Override
9304    public String[] getAccountTypesWithManagementDisabledAsUser(int userId) {
9305        enforceFullCrossUsersPermission(userId);
9306        if (!mHasFeature) {
9307            return null;
9308        }
9309        synchronized (this) {
9310            DevicePolicyData policy = getUserData(userId);
9311            final int N = policy.mAdminList.size();
9312            ArraySet<String> resultSet = new ArraySet<>();
9313            for (int i = 0; i < N; i++) {
9314                ActiveAdmin admin = policy.mAdminList.get(i);
9315                resultSet.addAll(admin.accountTypesWithManagementDisabled);
9316            }
9317            return resultSet.toArray(new String[resultSet.size()]);
9318        }
9319    }
9320
9321    @Override
9322    public void setUninstallBlocked(ComponentName who, String callerPackage, String packageName,
9323            boolean uninstallBlocked) {
9324        final int userId = UserHandle.getCallingUserId();
9325        synchronized (this) {
9326            // Ensure the caller is a DO/PO or a block uninstall delegate
9327            enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
9328                    DELEGATION_BLOCK_UNINSTALL);
9329
9330            long id = mInjector.binderClearCallingIdentity();
9331            try {
9332                mIPackageManager.setBlockUninstallForUser(packageName, uninstallBlocked, userId);
9333            } catch (RemoteException re) {
9334                // Shouldn't happen.
9335                Slog.e(LOG_TAG, "Failed to setBlockUninstallForUser", re);
9336            } finally {
9337                mInjector.binderRestoreCallingIdentity(id);
9338            }
9339        }
9340    }
9341
9342    @Override
9343    public boolean isUninstallBlocked(ComponentName who, String packageName) {
9344        // This function should return true if and only if the package is blocked by
9345        // setUninstallBlocked(). It should still return false for other cases of blocks, such as
9346        // when the package is a system app, or when it is an active device admin.
9347        final int userId = UserHandle.getCallingUserId();
9348
9349        synchronized (this) {
9350            if (who != null) {
9351                getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9352            }
9353
9354            long id = mInjector.binderClearCallingIdentity();
9355            try {
9356                return mIPackageManager.getBlockUninstallForUser(packageName, userId);
9357            } catch (RemoteException re) {
9358                // Shouldn't happen.
9359                Slog.e(LOG_TAG, "Failed to getBlockUninstallForUser", re);
9360            } finally {
9361                mInjector.binderRestoreCallingIdentity(id);
9362            }
9363        }
9364        return false;
9365    }
9366
9367    @Override
9368    public void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled) {
9369        if (!mHasFeature) {
9370            return;
9371        }
9372        Preconditions.checkNotNull(who, "ComponentName is null");
9373        synchronized (this) {
9374            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9375                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9376            if (admin.disableCallerId != disabled) {
9377                admin.disableCallerId = disabled;
9378                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
9379            }
9380        }
9381    }
9382
9383    @Override
9384    public boolean getCrossProfileCallerIdDisabled(ComponentName who) {
9385        if (!mHasFeature) {
9386            return false;
9387        }
9388        Preconditions.checkNotNull(who, "ComponentName is null");
9389        synchronized (this) {
9390            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9391                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9392            return admin.disableCallerId;
9393        }
9394    }
9395
9396    @Override
9397    public boolean getCrossProfileCallerIdDisabledForUser(int userId) {
9398        enforceCrossUsersPermission(userId);
9399        synchronized (this) {
9400            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
9401            return (admin != null) ? admin.disableCallerId : false;
9402        }
9403    }
9404
9405    @Override
9406    public void setCrossProfileContactsSearchDisabled(ComponentName who, boolean disabled) {
9407        if (!mHasFeature) {
9408            return;
9409        }
9410        Preconditions.checkNotNull(who, "ComponentName is null");
9411        synchronized (this) {
9412            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9413                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9414            if (admin.disableContactsSearch != disabled) {
9415                admin.disableContactsSearch = disabled;
9416                saveSettingsLocked(mInjector.userHandleGetCallingUserId());
9417            }
9418        }
9419    }
9420
9421    @Override
9422    public boolean getCrossProfileContactsSearchDisabled(ComponentName who) {
9423        if (!mHasFeature) {
9424            return false;
9425        }
9426        Preconditions.checkNotNull(who, "ComponentName is null");
9427        synchronized (this) {
9428            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9429                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9430            return admin.disableContactsSearch;
9431        }
9432    }
9433
9434    @Override
9435    public boolean getCrossProfileContactsSearchDisabledForUser(int userId) {
9436        enforceCrossUsersPermission(userId);
9437        synchronized (this) {
9438            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
9439            return (admin != null) ? admin.disableContactsSearch : false;
9440        }
9441    }
9442
9443    @Override
9444    public void startManagedQuickContact(String actualLookupKey, long actualContactId,
9445            boolean isContactIdIgnored, long actualDirectoryId, Intent originalIntent) {
9446        final Intent intent = QuickContact.rebuildManagedQuickContactsIntent(actualLookupKey,
9447                actualContactId, isContactIdIgnored, actualDirectoryId, originalIntent);
9448        final int callingUserId = UserHandle.getCallingUserId();
9449
9450        final long ident = mInjector.binderClearCallingIdentity();
9451        try {
9452            synchronized (this) {
9453                final int managedUserId = getManagedUserId(callingUserId);
9454                if (managedUserId < 0) {
9455                    return;
9456                }
9457                if (isCrossProfileQuickContactDisabled(managedUserId)) {
9458                    if (VERBOSE_LOG) {
9459                        Log.v(LOG_TAG,
9460                                "Cross-profile contacts access disabled for user " + managedUserId);
9461                    }
9462                    return;
9463                }
9464                ContactsInternal.startQuickContactWithErrorToastForUser(
9465                        mContext, intent, new UserHandle(managedUserId));
9466            }
9467        } finally {
9468            mInjector.binderRestoreCallingIdentity(ident);
9469        }
9470    }
9471
9472    /**
9473     * @return true if cross-profile QuickContact is disabled
9474     */
9475    private boolean isCrossProfileQuickContactDisabled(int userId) {
9476        return getCrossProfileCallerIdDisabledForUser(userId)
9477                && getCrossProfileContactsSearchDisabledForUser(userId);
9478    }
9479
9480    /**
9481     * @return the user ID of the managed user that is linked to the current user, if any.
9482     * Otherwise -1.
9483     */
9484    public int getManagedUserId(int callingUserId) {
9485        if (VERBOSE_LOG) {
9486            Log.v(LOG_TAG, "getManagedUserId: callingUserId=" + callingUserId);
9487        }
9488
9489        for (UserInfo ui : mUserManager.getProfiles(callingUserId)) {
9490            if (ui.id == callingUserId || !ui.isManagedProfile()) {
9491                continue; // Caller user self, or not a managed profile.  Skip.
9492            }
9493            if (VERBOSE_LOG) {
9494                Log.v(LOG_TAG, "Managed user=" + ui.id);
9495            }
9496            return ui.id;
9497        }
9498        if (VERBOSE_LOG) {
9499            Log.v(LOG_TAG, "Managed user not found.");
9500        }
9501        return -1;
9502    }
9503
9504    @Override
9505    public void setBluetoothContactSharingDisabled(ComponentName who, boolean disabled) {
9506        if (!mHasFeature) {
9507            return;
9508        }
9509        Preconditions.checkNotNull(who, "ComponentName is null");
9510        synchronized (this) {
9511            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9512                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9513            if (admin.disableBluetoothContactSharing != disabled) {
9514                admin.disableBluetoothContactSharing = disabled;
9515                saveSettingsLocked(UserHandle.getCallingUserId());
9516            }
9517        }
9518    }
9519
9520    @Override
9521    public boolean getBluetoothContactSharingDisabled(ComponentName who) {
9522        if (!mHasFeature) {
9523            return false;
9524        }
9525        Preconditions.checkNotNull(who, "ComponentName is null");
9526        synchronized (this) {
9527            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
9528                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9529            return admin.disableBluetoothContactSharing;
9530        }
9531    }
9532
9533    @Override
9534    public boolean getBluetoothContactSharingDisabledForUser(int userId) {
9535        // TODO: Should there be a check to make sure this relationship is
9536        // within a profile group?
9537        // enforceSystemProcess("getCrossProfileCallerIdDisabled can only be called by system");
9538        synchronized (this) {
9539            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
9540            return (admin != null) ? admin.disableBluetoothContactSharing : false;
9541        }
9542    }
9543
9544    @Override
9545    public void setLockTaskPackages(ComponentName who, String[] packages)
9546            throws SecurityException {
9547        Preconditions.checkNotNull(who, "ComponentName is null");
9548        Preconditions.checkNotNull(packages, "packages is null");
9549
9550        synchronized (this) {
9551            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9552            final int userHandle = mInjector.userHandleGetCallingUserId();
9553            if (isUserAffiliatedWithDeviceLocked(userHandle)) {
9554                setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages)));
9555            } else {
9556                throw new SecurityException("Admin " + who +
9557                    " is neither the device owner or affiliated user's profile owner.");
9558            }
9559        }
9560    }
9561
9562    private void setLockTaskPackagesLocked(int userHandle, List<String> packages) {
9563        DevicePolicyData policy = getUserData(userHandle);
9564        policy.mLockTaskPackages = packages;
9565
9566        // Store the settings persistently.
9567        saveSettingsLocked(userHandle);
9568        updateLockTaskPackagesLocked(packages, userHandle);
9569    }
9570
9571    @Override
9572    public String[] getLockTaskPackages(ComponentName who) {
9573        Preconditions.checkNotNull(who, "ComponentName is null");
9574
9575        final int userHandle = mInjector.binderGetCallingUserHandle().getIdentifier();
9576        synchronized (this) {
9577            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9578            if (!isUserAffiliatedWithDeviceLocked(userHandle)) {
9579                throw new SecurityException("Admin " + who +
9580                    " is neither the device owner or affiliated user's profile owner.");
9581            }
9582
9583            final List<String> packages = getUserData(userHandle).mLockTaskPackages;
9584            return packages.toArray(new String[packages.size()]);
9585        }
9586    }
9587
9588    @Override
9589    public boolean isLockTaskPermitted(String pkg) {
9590        final int userHandle = mInjector.userHandleGetCallingUserId();
9591        synchronized (this) {
9592            return getUserData(userHandle).mLockTaskPackages.contains(pkg);
9593        }
9594    }
9595
9596    @Override
9597    public void setLockTaskFeatures(ComponentName who, int flags) {
9598        Preconditions.checkNotNull(who, "ComponentName is null");
9599        final int userHandle = mInjector.userHandleGetCallingUserId();
9600        synchronized (this) {
9601            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9602            if (!isUserAffiliatedWithDeviceLocked(userHandle)) {
9603                throw new SecurityException("Admin " + who +
9604                        " is neither the device owner or affiliated user's profile owner.");
9605            }
9606            setLockTaskFeaturesLocked(userHandle, flags);
9607        }
9608    }
9609
9610    private void setLockTaskFeaturesLocked(int userHandle, int flags) {
9611        DevicePolicyData policy = getUserData(userHandle);
9612        policy.mLockTaskFeatures = flags;
9613        saveSettingsLocked(userHandle);
9614        updateLockTaskFeaturesLocked(flags, userHandle);
9615    }
9616
9617    @Override
9618    public int getLockTaskFeatures(ComponentName who) {
9619        Preconditions.checkNotNull(who, "ComponentName is null");
9620        final int userHandle = mInjector.userHandleGetCallingUserId();
9621        synchronized (this) {
9622            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9623            if (!isUserAffiliatedWithDeviceLocked(userHandle)) {
9624                throw new SecurityException("Admin " + who +
9625                        " is neither the device owner or affiliated user's profile owner.");
9626            }
9627            return getUserData(userHandle).mLockTaskFeatures;
9628        }
9629    }
9630
9631    private void maybeClearLockTaskPolicyLocked() {
9632        final long ident = mInjector.binderClearCallingIdentity();
9633        try {
9634            final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true);
9635            for (int i = userInfos.size() - 1; i >= 0; i--) {
9636                int userId = userInfos.get(i).id;
9637                if (isUserAffiliatedWithDeviceLocked(userId)) {
9638                    continue;
9639                }
9640
9641                final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages;
9642                if (!lockTaskPackages.isEmpty()) {
9643                    Slog.d(LOG_TAG,
9644                            "User id " + userId + " not affiliated. Clearing lock task packages");
9645                    setLockTaskPackagesLocked(userId, Collections.<String>emptyList());
9646                }
9647                final int lockTaskFeatures = getUserData(userId).mLockTaskFeatures;
9648                if (lockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE){
9649                    Slog.d(LOG_TAG,
9650                            "User id " + userId + " not affiliated. Clearing lock task features");
9651                    setLockTaskFeaturesLocked(userId, DevicePolicyManager.LOCK_TASK_FEATURE_NONE);
9652                }
9653            }
9654        } finally {
9655            mInjector.binderRestoreCallingIdentity(ident);
9656        }
9657    }
9658
9659    @Override
9660    public void notifyLockTaskModeChanged(boolean isEnabled, String pkg, int userHandle) {
9661        if (!isCallerWithSystemUid()) {
9662            throw new SecurityException("notifyLockTaskModeChanged can only be called by system");
9663        }
9664        synchronized (this) {
9665            final DevicePolicyData policy = getUserData(userHandle);
9666
9667            if (policy.mStatusBarDisabled) {
9668                // Status bar is managed by LockTaskController during LockTask, so we cancel this
9669                // policy when LockTask starts, and reapply it when LockTask ends
9670                setStatusBarDisabledInternal(!isEnabled, userHandle);
9671            }
9672
9673            Bundle adminExtras = new Bundle();
9674            adminExtras.putString(DeviceAdminReceiver.EXTRA_LOCK_TASK_PACKAGE, pkg);
9675            for (ActiveAdmin admin : policy.mAdminList) {
9676                final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userHandle);
9677                final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userHandle);
9678                if (ownsDevice || ownsProfile) {
9679                    if (isEnabled) {
9680                        sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_ENTERING,
9681                                adminExtras, null);
9682                    } else {
9683                        sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_EXITING);
9684                    }
9685                }
9686            }
9687        }
9688    }
9689
9690    @Override
9691    public void setGlobalSetting(ComponentName who, String setting, String value) {
9692        Preconditions.checkNotNull(who, "ComponentName is null");
9693
9694        synchronized (this) {
9695            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9696
9697            // Some settings are no supported any more. However we do not want to throw a
9698            // SecurityException to avoid breaking apps.
9699            if (GLOBAL_SETTINGS_DEPRECATED.contains(setting)) {
9700                Log.i(LOG_TAG, "Global setting no longer supported: " + setting);
9701                return;
9702            }
9703
9704            if (!GLOBAL_SETTINGS_WHITELIST.contains(setting)
9705                    && !UserManager.isDeviceInDemoMode(mContext)) {
9706                throw new SecurityException(String.format(
9707                        "Permission denial: device owners cannot update %1$s", setting));
9708            }
9709
9710            if (Settings.Global.STAY_ON_WHILE_PLUGGED_IN.equals(setting)) {
9711                // ignore if it contradicts an existing policy
9712                long timeMs = getMaximumTimeToLock(
9713                        who, mInjector.userHandleGetCallingUserId(), /* parent */ false);
9714                if (timeMs > 0 && timeMs < Long.MAX_VALUE) {
9715                    return;
9716                }
9717            }
9718
9719            long id = mInjector.binderClearCallingIdentity();
9720            try {
9721                mInjector.settingsGlobalPutString(setting, value);
9722            } finally {
9723                mInjector.binderRestoreCallingIdentity(id);
9724            }
9725        }
9726    }
9727
9728    @Override
9729    public void setSystemSetting(ComponentName who, String setting, String value) {
9730        Preconditions.checkNotNull(who, "ComponentName is null");
9731        Preconditions.checkStringNotEmpty(setting, "String setting is null or empty");
9732
9733        synchronized (this) {
9734            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9735
9736            if (!SYSTEM_SETTINGS_WHITELIST.contains(setting)) {
9737                throw new SecurityException(String.format(
9738                        "Permission denial: device owners cannot update %1$s", setting));
9739            }
9740
9741            mInjector.binderWithCleanCallingIdentity(() -> mInjector.settingsSystemPutString(
9742                    setting, value));
9743        }
9744    }
9745
9746    @Override
9747    public boolean setTime(ComponentName who, long millis) {
9748        Preconditions.checkNotNull(who, "ComponentName is null in setTime");
9749        getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9750        // Don't allow set time when auto time is on.
9751        if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME, 0) == 1) {
9752            return false;
9753        }
9754        mInjector.binderWithCleanCallingIdentity(() -> mInjector.getAlarmManager().setTime(millis));
9755        return true;
9756    }
9757
9758    @Override
9759    public boolean setTimeZone(ComponentName who, String timeZone) {
9760        Preconditions.checkNotNull(who, "ComponentName is null in setTimeZone");
9761        getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
9762        // Don't allow set timezone when auto timezone is on.
9763        if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME_ZONE, 0) == 1) {
9764            return false;
9765        }
9766        mInjector.binderWithCleanCallingIdentity(() ->
9767            mInjector.getAlarmManager().setTimeZone(timeZone));
9768        return true;
9769    }
9770
9771    @Override
9772    public void setSecureSetting(ComponentName who, String setting, String value) {
9773        Preconditions.checkNotNull(who, "ComponentName is null");
9774        int callingUserId = mInjector.userHandleGetCallingUserId();
9775
9776        synchronized (this) {
9777            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9778
9779            if (isDeviceOwner(who, callingUserId)) {
9780                if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting)
9781                        && !isCurrentUserDemo()) {
9782                    throw new SecurityException(String.format(
9783                            "Permission denial: Device owners cannot update %1$s", setting));
9784                }
9785            } else if (!SECURE_SETTINGS_WHITELIST.contains(setting) && !isCurrentUserDemo()) {
9786                throw new SecurityException(String.format(
9787                        "Permission denial: Profile owners cannot update %1$s", setting));
9788            }
9789            if (setting.equals(Settings.Secure.INSTALL_NON_MARKET_APPS)) {
9790                if (getTargetSdk(who.getPackageName(), callingUserId) >= Build.VERSION_CODES.O) {
9791                    throw new UnsupportedOperationException(Settings.Secure.INSTALL_NON_MARKET_APPS
9792                            + " is deprecated. Please use the user restriction "
9793                            + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES + " instead.");
9794                }
9795                if (!mUserManager.isManagedProfile(callingUserId)) {
9796                    Slog.e(LOG_TAG, "Ignoring setSecureSetting request for "
9797                            + setting + ". User restriction "
9798                            + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES
9799                            + " should be used instead.");
9800                } else {
9801                    try {
9802                        setUserRestriction(who, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
9803                                (Integer.parseInt(value) == 0) ? true : false);
9804                    } catch (NumberFormatException exc) {
9805                        Slog.e(LOG_TAG, "Invalid value: " + value + " for setting " + setting);
9806                    }
9807                }
9808                return;
9809            }
9810            long id = mInjector.binderClearCallingIdentity();
9811            try {
9812                if (Settings.Secure.DEFAULT_INPUT_METHOD.equals(setting)) {
9813                    final String currentValue = mInjector.settingsSecureGetStringForUser(
9814                            Settings.Secure.DEFAULT_INPUT_METHOD, callingUserId);
9815                    if (!TextUtils.equals(currentValue, value)) {
9816                        // Tell the content observer that the next change will be due to the owner
9817                        // changing the value. There is a small race condition here that we cannot
9818                        // avoid: Change notifications are sent asynchronously, so it is possible
9819                        // that there are prior notifications queued up before the one we are about
9820                        // to trigger. This is a corner case that will have no impact in practice.
9821                        mSetupContentObserver.addPendingChangeByOwnerLocked(callingUserId);
9822                    }
9823                    getUserData(callingUserId).mCurrentInputMethodSet = true;
9824                    saveSettingsLocked(callingUserId);
9825                }
9826                mInjector.settingsSecurePutStringForUser(setting, value, callingUserId);
9827            } finally {
9828                mInjector.binderRestoreCallingIdentity(id);
9829            }
9830        }
9831    }
9832
9833    @Override
9834    public void setMasterVolumeMuted(ComponentName who, boolean on) {
9835        Preconditions.checkNotNull(who, "ComponentName is null");
9836        synchronized (this) {
9837            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9838            setUserRestriction(who, UserManager.DISALLOW_UNMUTE_DEVICE, on);
9839        }
9840    }
9841
9842    @Override
9843    public boolean isMasterVolumeMuted(ComponentName who) {
9844        Preconditions.checkNotNull(who, "ComponentName is null");
9845        synchronized (this) {
9846            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9847
9848            AudioManager audioManager =
9849                    (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);
9850            return audioManager.isMasterMute();
9851        }
9852    }
9853
9854    @Override
9855    public void setUserIcon(ComponentName who, Bitmap icon) {
9856        synchronized (this) {
9857            Preconditions.checkNotNull(who, "ComponentName is null");
9858            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9859
9860            int userId = UserHandle.getCallingUserId();
9861            long id = mInjector.binderClearCallingIdentity();
9862            try {
9863                mUserManagerInternal.setUserIcon(userId, icon);
9864            } finally {
9865                mInjector.binderRestoreCallingIdentity(id);
9866            }
9867        }
9868    }
9869
9870    @Override
9871    public boolean setKeyguardDisabled(ComponentName who, boolean disabled) {
9872        Preconditions.checkNotNull(who, "ComponentName is null");
9873        final int userId = mInjector.userHandleGetCallingUserId();
9874        synchronized (this) {
9875            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9876            if (!isUserAffiliatedWithDeviceLocked(userId)) {
9877                throw new SecurityException("Admin " + who +
9878                        " is neither the device owner or affiliated user's profile owner.");
9879            }
9880        }
9881        if (isManagedProfile(userId)) {
9882            throw new SecurityException("Managed profile cannot disable keyguard");
9883        }
9884
9885        long ident = mInjector.binderClearCallingIdentity();
9886        try {
9887            // disallow disabling the keyguard if a password is currently set
9888            if (disabled && mLockPatternUtils.isSecure(userId)) {
9889                return false;
9890            }
9891            mLockPatternUtils.setLockScreenDisabled(disabled, userId);
9892            mInjector.getIWindowManager().dismissKeyguard(null /* callback */, null /* message */);
9893        } catch (RemoteException e) {
9894            // Same process, does not happen.
9895        } finally {
9896            mInjector.binderRestoreCallingIdentity(ident);
9897        }
9898        return true;
9899    }
9900
9901    @Override
9902    public boolean setStatusBarDisabled(ComponentName who, boolean disabled) {
9903        int userId = UserHandle.getCallingUserId();
9904        synchronized (this) {
9905            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
9906            if (!isUserAffiliatedWithDeviceLocked(userId)) {
9907                throw new SecurityException("Admin " + who +
9908                        " is neither the device owner or affiliated user's profile owner.");
9909            }
9910            if (isManagedProfile(userId)) {
9911                throw new SecurityException("Managed profile cannot disable status bar");
9912            }
9913            DevicePolicyData policy = getUserData(userId);
9914            if (policy.mStatusBarDisabled != disabled) {
9915                boolean isLockTaskMode = false;
9916                try {
9917                    isLockTaskMode = mInjector.getIActivityManager().getLockTaskModeState()
9918                            != LOCK_TASK_MODE_NONE;
9919                } catch (RemoteException e) {
9920                    Slog.e(LOG_TAG, "Failed to get LockTask mode");
9921                }
9922                if (!isLockTaskMode) {
9923                    if (!setStatusBarDisabledInternal(disabled, userId)) {
9924                        return false;
9925                    }
9926                }
9927                policy.mStatusBarDisabled = disabled;
9928                saveSettingsLocked(userId);
9929            }
9930        }
9931        return true;
9932    }
9933
9934    private boolean setStatusBarDisabledInternal(boolean disabled, int userId) {
9935        long ident = mInjector.binderClearCallingIdentity();
9936        try {
9937            IStatusBarService statusBarService = IStatusBarService.Stub.asInterface(
9938                    ServiceManager.checkService(Context.STATUS_BAR_SERVICE));
9939            if (statusBarService != null) {
9940                int flags1 = disabled ? STATUS_BAR_DISABLE_MASK : StatusBarManager.DISABLE_NONE;
9941                int flags2 = disabled ? STATUS_BAR_DISABLE2_MASK : StatusBarManager.DISABLE2_NONE;
9942                statusBarService.disableForUser(flags1, mToken, mContext.getPackageName(), userId);
9943                statusBarService.disable2ForUser(flags2, mToken, mContext.getPackageName(), userId);
9944                return true;
9945            }
9946        } catch (RemoteException e) {
9947            Slog.e(LOG_TAG, "Failed to disable the status bar", e);
9948        } finally {
9949            mInjector.binderRestoreCallingIdentity(ident);
9950        }
9951        return false;
9952    }
9953
9954    /**
9955     * We need to update the internal state of whether a user has completed setup or a
9956     * device has paired once. After that, we ignore any changes that reset the
9957     * Settings.Secure.USER_SETUP_COMPLETE or Settings.Secure.DEVICE_PAIRED change
9958     * as we don't trust any apps that might try to reset them.
9959     * <p>
9960     * Unfortunately, we don't know which user's setup state was changed, so we write all of
9961     * them.
9962     */
9963    void updateUserSetupCompleteAndPaired() {
9964        List<UserInfo> users = mUserManager.getUsers(true);
9965        final int N = users.size();
9966        for (int i = 0; i < N; i++) {
9967            int userHandle = users.get(i).id;
9968            if (mInjector.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0,
9969                    userHandle) != 0) {
9970                DevicePolicyData policy = getUserData(userHandle);
9971                if (!policy.mUserSetupComplete) {
9972                    policy.mUserSetupComplete = true;
9973                    synchronized (this) {
9974                        saveSettingsLocked(userHandle);
9975                    }
9976                }
9977            }
9978            if (mIsWatch && mInjector.settingsSecureGetIntForUser(Settings.Secure.DEVICE_PAIRED, 0,
9979                    userHandle) != 0) {
9980                DevicePolicyData policy = getUserData(userHandle);
9981                if (!policy.mPaired) {
9982                    policy.mPaired = true;
9983                    synchronized (this) {
9984                        saveSettingsLocked(userHandle);
9985                    }
9986                }
9987            }
9988        }
9989    }
9990
9991    private class SetupContentObserver extends ContentObserver {
9992        private final Uri mUserSetupComplete = Settings.Secure.getUriFor(
9993                Settings.Secure.USER_SETUP_COMPLETE);
9994        private final Uri mDeviceProvisioned = Settings.Global.getUriFor(
9995                Settings.Global.DEVICE_PROVISIONED);
9996        private final Uri mPaired = Settings.Secure.getUriFor(Settings.Secure.DEVICE_PAIRED);
9997        private final Uri mDefaultImeChanged = Settings.Secure.getUriFor(
9998                Settings.Secure.DEFAULT_INPUT_METHOD);
9999
10000        @GuardedBy("DevicePolicyManagerService.this")
10001        private Set<Integer> mUserIdsWithPendingChangesByOwner = new ArraySet<>();
10002
10003        public SetupContentObserver(Handler handler) {
10004            super(handler);
10005        }
10006
10007        void register() {
10008            mInjector.registerContentObserver(mUserSetupComplete, false, this, UserHandle.USER_ALL);
10009            mInjector.registerContentObserver(mDeviceProvisioned, false, this, UserHandle.USER_ALL);
10010            if (mIsWatch) {
10011                mInjector.registerContentObserver(mPaired, false, this, UserHandle.USER_ALL);
10012            }
10013            mInjector.registerContentObserver(mDefaultImeChanged, false, this, UserHandle.USER_ALL);
10014        }
10015
10016        private void addPendingChangeByOwnerLocked(int userId) {
10017            mUserIdsWithPendingChangesByOwner.add(userId);
10018        }
10019
10020        @Override
10021        public void onChange(boolean selfChange, Uri uri, int userId) {
10022            if (mUserSetupComplete.equals(uri) || (mIsWatch && mPaired.equals(uri))) {
10023                updateUserSetupCompleteAndPaired();
10024            } else if (mDeviceProvisioned.equals(uri)) {
10025                synchronized (DevicePolicyManagerService.this) {
10026                    // Set PROPERTY_DEVICE_OWNER_PRESENT, for the SUW case where setting the property
10027                    // is delayed until device is marked as provisioned.
10028                    setDeviceOwnerSystemPropertyLocked();
10029                }
10030            } else if (mDefaultImeChanged.equals(uri)) {
10031                synchronized (DevicePolicyManagerService.this) {
10032                    if (mUserIdsWithPendingChangesByOwner.contains(userId)) {
10033                        // This change notification was triggered by the owner changing the current
10034                        // IME. Ignore it.
10035                        mUserIdsWithPendingChangesByOwner.remove(userId);
10036                    } else {
10037                        // This change notification was triggered by the user manually changing the
10038                        // current IME.
10039                        getUserData(userId).mCurrentInputMethodSet = false;
10040                        saveSettingsLocked(userId);
10041                    }
10042                }
10043            }
10044        }
10045    }
10046
10047    @VisibleForTesting
10048    final class LocalService extends DevicePolicyManagerInternal {
10049        private List<OnCrossProfileWidgetProvidersChangeListener> mWidgetProviderListeners;
10050
10051        @Override
10052        public List<String> getCrossProfileWidgetProviders(int profileId) {
10053            synchronized (DevicePolicyManagerService.this) {
10054                if (mOwners == null) {
10055                    return Collections.emptyList();
10056                }
10057                ComponentName ownerComponent = mOwners.getProfileOwnerComponent(profileId);
10058                if (ownerComponent == null) {
10059                    return Collections.emptyList();
10060                }
10061
10062                DevicePolicyData policy = getUserDataUnchecked(profileId);
10063                ActiveAdmin admin = policy.mAdminMap.get(ownerComponent);
10064
10065                if (admin == null || admin.crossProfileWidgetProviders == null
10066                        || admin.crossProfileWidgetProviders.isEmpty()) {
10067                    return Collections.emptyList();
10068                }
10069
10070                return admin.crossProfileWidgetProviders;
10071            }
10072        }
10073
10074        @Override
10075        public void addOnCrossProfileWidgetProvidersChangeListener(
10076                OnCrossProfileWidgetProvidersChangeListener listener) {
10077            synchronized (DevicePolicyManagerService.this) {
10078                if (mWidgetProviderListeners == null) {
10079                    mWidgetProviderListeners = new ArrayList<>();
10080                }
10081                if (!mWidgetProviderListeners.contains(listener)) {
10082                    mWidgetProviderListeners.add(listener);
10083                }
10084            }
10085        }
10086
10087        @Override
10088        public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) {
10089            synchronized(DevicePolicyManagerService.this) {
10090                return getActiveAdminWithPolicyForUidLocked(null, reqPolicy, uid) != null;
10091            }
10092        }
10093
10094        private void notifyCrossProfileProvidersChanged(int userId, List<String> packages) {
10095            final List<OnCrossProfileWidgetProvidersChangeListener> listeners;
10096            synchronized (DevicePolicyManagerService.this) {
10097                listeners = new ArrayList<>(mWidgetProviderListeners);
10098            }
10099            final int listenerCount = listeners.size();
10100            for (int i = 0; i < listenerCount; i++) {
10101                OnCrossProfileWidgetProvidersChangeListener listener = listeners.get(i);
10102                listener.onCrossProfileWidgetProvidersChanged(userId, packages);
10103            }
10104        }
10105
10106        @Override
10107        public Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin) {
10108            // This method is called from AM with its lock held, so don't take the DPMS lock.
10109            // b/29242568
10110
10111            ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId);
10112            if (profileOwner != null) {
10113                return DevicePolicyManagerService.this
10114                        .createShowAdminSupportIntent(profileOwner, userId);
10115            }
10116
10117            final Pair<Integer, ComponentName> deviceOwner =
10118                    mOwners.getDeviceOwnerUserIdAndComponent();
10119            if (deviceOwner != null && deviceOwner.first == userId) {
10120                return DevicePolicyManagerService.this
10121                        .createShowAdminSupportIntent(deviceOwner.second, userId);
10122            }
10123
10124            // We're not specifying the device admin because there isn't one.
10125            if (useDefaultIfNoAdmin) {
10126                return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId);
10127            }
10128            return null;
10129        }
10130
10131        @Override
10132        public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) {
10133            int source;
10134            long ident = mInjector.binderClearCallingIdentity();
10135            try {
10136                source = mUserManager.getUserRestrictionSource(userRestriction,
10137                        UserHandle.of(userId));
10138            } finally {
10139                mInjector.binderRestoreCallingIdentity(ident);
10140            }
10141            if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
10142                /*
10143                 * In this case, the user restriction is enforced by the system.
10144                 * So we won't show an admin support intent, even if it is also
10145                 * enforced by a profile/device owner.
10146                 */
10147                return null;
10148            }
10149            boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0;
10150            boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0;
10151            if (enforcedByDo && enforcedByPo) {
10152                // In this case, we'll show an admin support dialog that does not
10153                // specify the admin.
10154                return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId);
10155            } else if (enforcedByPo) {
10156                final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId);
10157                if (profileOwner != null) {
10158                    return DevicePolicyManagerService.this
10159                            .createShowAdminSupportIntent(profileOwner, userId);
10160                }
10161                // This could happen if another thread has changed the profile owner since we called
10162                // getUserRestrictionSource
10163                return null;
10164            } else if (enforcedByDo) {
10165                final Pair<Integer, ComponentName> deviceOwner
10166                        = mOwners.getDeviceOwnerUserIdAndComponent();
10167                if (deviceOwner != null) {
10168                    return DevicePolicyManagerService.this
10169                            .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first);
10170                }
10171                // This could happen if another thread has changed the device owner since we called
10172                // getUserRestrictionSource
10173                return null;
10174            }
10175            return null;
10176        }
10177
10178        @Override
10179        public boolean isUserAffiliatedWithDevice(int userId) {
10180            return DevicePolicyManagerService.this.isUserAffiliatedWithDeviceLocked(userId);
10181        }
10182
10183        @Override
10184        public void reportSeparateProfileChallengeChanged(@UserIdInt int userId) {
10185            synchronized (DevicePolicyManagerService.this) {
10186                updateMaximumTimeToLockLocked(userId);
10187            }
10188        }
10189
10190        @Override
10191        public boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) {
10192            return DevicePolicyManagerService.this.canUserHaveUntrustedCredentialReset(userId);
10193        }
10194    }
10195
10196    private Intent createShowAdminSupportIntent(ComponentName admin, int userId) {
10197        // This method is called with AMS lock held, so don't take DPMS lock
10198        final Intent intent = new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS);
10199        intent.putExtra(Intent.EXTRA_USER_ID, userId);
10200        intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, admin);
10201        intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
10202        return intent;
10203    }
10204
10205    @Override
10206    public Intent createAdminSupportIntent(String restriction) {
10207        Preconditions.checkNotNull(restriction);
10208        final int uid = mInjector.binderGetCallingUid();
10209        final int userId = UserHandle.getUserId(uid);
10210        Intent intent = null;
10211        if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction) ||
10212                DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction)) {
10213            synchronized(this) {
10214                final DevicePolicyData policy = getUserData(userId);
10215                final int N = policy.mAdminList.size();
10216                for (int i = 0; i < N; i++) {
10217                    final ActiveAdmin admin = policy.mAdminList.get(i);
10218                    if ((admin.disableCamera &&
10219                                DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) ||
10220                        (admin.disableScreenCapture && DevicePolicyManager
10221                                .POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction))) {
10222                        intent = createShowAdminSupportIntent(admin.info.getComponent(), userId);
10223                        break;
10224                    }
10225                }
10226                // For the camera, a device owner on a different user can disable it globally,
10227                // so we need an additional check.
10228                if (intent == null
10229                        && DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) {
10230                    final ActiveAdmin admin = getDeviceOwnerAdminLocked();
10231                    if (admin != null && admin.disableCamera) {
10232                        intent = createShowAdminSupportIntent(admin.info.getComponent(),
10233                                mOwners.getDeviceOwnerUserId());
10234                    }
10235                }
10236            }
10237        } else {
10238            // if valid, |restriction| can only be a user restriction
10239            intent = mLocalService.createUserRestrictionSupportIntent(userId, restriction);
10240        }
10241        if (intent != null) {
10242            intent.putExtra(DevicePolicyManager.EXTRA_RESTRICTION, restriction);
10243        }
10244        return intent;
10245    }
10246
10247    /**
10248     * Returns true if specified admin is allowed to limit passwords and has a
10249     * {@code minimumPasswordMetrics.quality} of at least {@code minPasswordQuality}
10250     */
10251    private static boolean isLimitPasswordAllowed(ActiveAdmin admin, int minPasswordQuality) {
10252        if (admin.minimumPasswordMetrics.quality < minPasswordQuality) {
10253            return false;
10254        }
10255        return admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
10256    }
10257
10258    @Override
10259    public void setSystemUpdatePolicy(ComponentName who, SystemUpdatePolicy policy) {
10260        if (policy != null && !policy.isValid()) {
10261            throw new IllegalArgumentException("Invalid system update policy.");
10262        }
10263        synchronized (this) {
10264            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10265            if (policy == null) {
10266                mOwners.clearSystemUpdatePolicy();
10267            } else {
10268                mOwners.setSystemUpdatePolicy(policy);
10269            }
10270            mOwners.writeDeviceOwner();
10271        }
10272        mContext.sendBroadcastAsUser(
10273                new Intent(DevicePolicyManager.ACTION_SYSTEM_UPDATE_POLICY_CHANGED),
10274                UserHandle.SYSTEM);
10275    }
10276
10277    @Override
10278    public SystemUpdatePolicy getSystemUpdatePolicy() {
10279        synchronized (this) {
10280            SystemUpdatePolicy policy =  mOwners.getSystemUpdatePolicy();
10281            if (policy != null && !policy.isValid()) {
10282                Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead.");
10283                return null;
10284            }
10285            return policy;
10286        }
10287    }
10288
10289    /**
10290     * Checks if the caller of the method is the device owner app.
10291     *
10292     * @param callerUid UID of the caller.
10293     * @return true if the caller is the device owner app
10294     */
10295    @VisibleForTesting
10296    boolean isCallerDeviceOwner(int callerUid) {
10297        synchronized (this) {
10298            if (!mOwners.hasDeviceOwner()) {
10299                return false;
10300            }
10301            if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) {
10302                return false;
10303            }
10304            final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent()
10305                    .getPackageName();
10306                try {
10307                    String[] pkgs = mInjector.getIPackageManager().getPackagesForUid(callerUid);
10308                    for (String pkg : pkgs) {
10309                        if (deviceOwnerPackageName.equals(pkg)) {
10310                            return true;
10311                        }
10312                    }
10313                } catch (RemoteException e) {
10314                    return false;
10315                }
10316        }
10317
10318        return false;
10319    }
10320
10321    @Override
10322    public void notifyPendingSystemUpdate(@Nullable SystemUpdateInfo info) {
10323        mContext.enforceCallingOrSelfPermission(permission.NOTIFY_PENDING_SYSTEM_UPDATE,
10324                "Only the system update service can broadcast update information");
10325
10326        if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) {
10327            Slog.w(LOG_TAG, "Only the system update service in the system user " +
10328                    "can broadcast update information.");
10329            return;
10330        }
10331
10332        if (!mOwners.saveSystemUpdateInfo(info)) {
10333            // Pending system update hasn't changed, don't send duplicate notification.
10334            return;
10335        }
10336
10337        final Intent intent = new Intent(DeviceAdminReceiver.ACTION_NOTIFY_PENDING_SYSTEM_UPDATE)
10338                .putExtra(DeviceAdminReceiver.EXTRA_SYSTEM_UPDATE_RECEIVED_TIME,
10339                        info == null ? -1 : info.getReceivedTime());
10340
10341        final long ident = mInjector.binderClearCallingIdentity();
10342        try {
10343            synchronized (this) {
10344                // Broadcast to device owner first if there is one.
10345                if (mOwners.hasDeviceOwner()) {
10346                    final UserHandle deviceOwnerUser =
10347                            UserHandle.of(mOwners.getDeviceOwnerUserId());
10348                    intent.setComponent(mOwners.getDeviceOwnerComponent());
10349                    mContext.sendBroadcastAsUser(intent, deviceOwnerUser);
10350                }
10351            }
10352            // Get running users.
10353            final int runningUserIds[];
10354            try {
10355                runningUserIds = mInjector.getIActivityManager().getRunningUserIds();
10356            } catch (RemoteException e) {
10357                // Shouldn't happen.
10358                Log.e(LOG_TAG, "Could not retrieve the list of running users", e);
10359                return;
10360            }
10361            // Send broadcasts to corresponding profile owners if any.
10362            for (final int userId : runningUserIds) {
10363                synchronized (this) {
10364                    final ComponentName profileOwnerPackage =
10365                            mOwners.getProfileOwnerComponent(userId);
10366                    if (profileOwnerPackage != null) {
10367                        intent.setComponent(profileOwnerPackage);
10368                        mContext.sendBroadcastAsUser(intent, UserHandle.of(userId));
10369                    }
10370                }
10371            }
10372        } finally {
10373            mInjector.binderRestoreCallingIdentity(ident);
10374        }
10375    }
10376
10377    @Override
10378    public SystemUpdateInfo getPendingSystemUpdate(ComponentName admin) {
10379        Preconditions.checkNotNull(admin, "ComponentName is null");
10380        enforceProfileOrDeviceOwner(admin);
10381
10382        return mOwners.getSystemUpdateInfo();
10383    }
10384
10385    @Override
10386    public void setPermissionPolicy(ComponentName admin, String callerPackage, int policy)
10387            throws RemoteException {
10388        int userId = UserHandle.getCallingUserId();
10389        synchronized (this) {
10390            // Ensure the caller is a DO/PO or a permission grant state delegate.
10391            enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
10392                    DELEGATION_PERMISSION_GRANT);
10393            DevicePolicyData userPolicy = getUserData(userId);
10394            if (userPolicy.mPermissionPolicy != policy) {
10395                userPolicy.mPermissionPolicy = policy;
10396                saveSettingsLocked(userId);
10397            }
10398        }
10399    }
10400
10401    @Override
10402    public int getPermissionPolicy(ComponentName admin) throws RemoteException {
10403        int userId = UserHandle.getCallingUserId();
10404        synchronized (this) {
10405            DevicePolicyData userPolicy = getUserData(userId);
10406            return userPolicy.mPermissionPolicy;
10407        }
10408    }
10409
10410    @Override
10411    public boolean setPermissionGrantState(ComponentName admin, String callerPackage,
10412            String packageName, String permission, int grantState) throws RemoteException {
10413        UserHandle user = mInjector.binderGetCallingUserHandle();
10414        synchronized (this) {
10415            // Ensure the caller is a DO/PO or a permission grant state delegate.
10416            enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
10417                    DELEGATION_PERMISSION_GRANT);
10418            long ident = mInjector.binderClearCallingIdentity();
10419            try {
10420                if (getTargetSdk(packageName, user.getIdentifier())
10421                        < android.os.Build.VERSION_CODES.M) {
10422                    return false;
10423                }
10424                if (!isRuntimePermission(permission)) {
10425                    return false;
10426                }
10427                final PackageManager packageManager = mInjector.getPackageManager();
10428                switch (grantState) {
10429                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
10430                        mInjector.getPackageManagerInternal().grantRuntimePermission(packageName,
10431                                permission, user.getIdentifier(), true /* override policy */);
10432                        packageManager.updatePermissionFlags(permission, packageName,
10433                                PackageManager.FLAG_PERMISSION_POLICY_FIXED,
10434                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
10435                    } break;
10436
10437                    case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: {
10438                        mInjector.getPackageManagerInternal().revokeRuntimePermission(packageName,
10439                                permission, user.getIdentifier(), true /* override policy */);
10440                        packageManager.updatePermissionFlags(permission, packageName,
10441                                PackageManager.FLAG_PERMISSION_POLICY_FIXED,
10442                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
10443                    } break;
10444
10445                    case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: {
10446                        packageManager.updatePermissionFlags(permission, packageName,
10447                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user);
10448                    } break;
10449                }
10450                return true;
10451            } catch (SecurityException se) {
10452                return false;
10453            } catch (NameNotFoundException e) {
10454                return false;
10455            } finally {
10456                mInjector.binderRestoreCallingIdentity(ident);
10457            }
10458        }
10459    }
10460
10461    @Override
10462    public int getPermissionGrantState(ComponentName admin, String callerPackage,
10463            String packageName, String permission) throws RemoteException {
10464        PackageManager packageManager = mInjector.getPackageManager();
10465
10466        UserHandle user = mInjector.binderGetCallingUserHandle();
10467        if (!isCallerWithSystemUid()) {
10468            // Ensure the caller is a DO/PO or a permission grant state delegate.
10469            enforceCanManageScope(admin, callerPackage,
10470                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT);
10471        }
10472        synchronized (this) {
10473            long ident = mInjector.binderClearCallingIdentity();
10474            try {
10475                int granted = mIPackageManager.checkPermission(permission,
10476                        packageName, user.getIdentifier());
10477                int permFlags = packageManager.getPermissionFlags(permission, packageName, user);
10478                if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED)
10479                        != PackageManager.FLAG_PERMISSION_POLICY_FIXED) {
10480                    // Not controlled by policy
10481                    return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT;
10482                } else {
10483                    // Policy controlled so return result based on permission grant state
10484                    return granted == PackageManager.PERMISSION_GRANTED
10485                            ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED
10486                            : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED;
10487                }
10488            } finally {
10489                mInjector.binderRestoreCallingIdentity(ident);
10490            }
10491        }
10492    }
10493
10494    boolean isPackageInstalledForUser(String packageName, int userHandle) {
10495        try {
10496            PackageInfo pi = mInjector.getIPackageManager().getPackageInfo(packageName, 0,
10497                    userHandle);
10498            return (pi != null) && (pi.applicationInfo.flags != 0);
10499        } catch (RemoteException re) {
10500            throw new RuntimeException("Package manager has died", re);
10501        }
10502    }
10503
10504    public boolean isRuntimePermission(String permissionName) throws NameNotFoundException {
10505        final PackageManager packageManager = mInjector.getPackageManager();
10506        PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0);
10507        return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
10508                == PermissionInfo.PROTECTION_DANGEROUS;
10509    }
10510
10511    @Override
10512    public boolean isProvisioningAllowed(String action, String packageName) {
10513        Preconditions.checkNotNull(packageName);
10514
10515        final int callingUid = mInjector.binderGetCallingUid();
10516        final long ident = mInjector.binderClearCallingIdentity();
10517        try {
10518            final int uidForPackage = mInjector.getPackageManager().getPackageUidAsUser(
10519                    packageName, UserHandle.getUserId(callingUid));
10520            Preconditions.checkArgument(callingUid == uidForPackage,
10521                    "Caller uid doesn't match the one for the provided package.");
10522        } catch (NameNotFoundException e) {
10523            throw new IllegalArgumentException("Invalid package provided " + packageName, e);
10524        } finally {
10525            mInjector.binderRestoreCallingIdentity(ident);
10526        }
10527
10528        return checkProvisioningPreConditionSkipPermission(action, packageName) == CODE_OK;
10529    }
10530
10531    @Override
10532    public int checkProvisioningPreCondition(String action, String packageName) {
10533        Preconditions.checkNotNull(packageName);
10534        enforceCanManageProfileAndDeviceOwners();
10535        return checkProvisioningPreConditionSkipPermission(action, packageName);
10536    }
10537
10538    private int checkProvisioningPreConditionSkipPermission(String action, String packageName) {
10539        if (!mHasFeature) {
10540            return CODE_DEVICE_ADMIN_NOT_SUPPORTED;
10541        }
10542
10543        final int callingUserId = mInjector.userHandleGetCallingUserId();
10544        if (action != null) {
10545            switch (action) {
10546                case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE:
10547                    return checkManagedProfileProvisioningPreCondition(packageName, callingUserId);
10548                case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE:
10549                    return checkDeviceOwnerProvisioningPreCondition(callingUserId);
10550                case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER:
10551                    return checkManagedUserProvisioningPreCondition(callingUserId);
10552                case DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE:
10553                    return checkManagedShareableDeviceProvisioningPreCondition(callingUserId);
10554            }
10555        }
10556        throw new IllegalArgumentException("Unknown provisioning action " + action);
10557    }
10558
10559    /**
10560     * The device owner can only be set before the setup phase of the primary user has completed,
10561     * except for adb command if no accounts or additional users are present on the device.
10562     */
10563    private int checkDeviceOwnerProvisioningPreConditionLocked(@Nullable ComponentName owner,
10564            int deviceOwnerUserId, boolean isAdb, boolean hasIncompatibleAccountsOrNonAdb) {
10565        if (mOwners.hasDeviceOwner()) {
10566            return CODE_HAS_DEVICE_OWNER;
10567        }
10568        if (mOwners.hasProfileOwner(deviceOwnerUserId)) {
10569            return CODE_USER_HAS_PROFILE_OWNER;
10570        }
10571        if (!mUserManager.isUserRunning(new UserHandle(deviceOwnerUserId))) {
10572            return CODE_USER_NOT_RUNNING;
10573        }
10574        if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) {
10575            return CODE_HAS_PAIRED;
10576        }
10577        if (isAdb) {
10578            // if shell command runs after user setup completed check device status. Otherwise, OK.
10579            if (mIsWatch || hasUserSetupCompleted(UserHandle.USER_SYSTEM)) {
10580                if (!mInjector.userManagerIsSplitSystemUser()) {
10581                    if (mUserManager.getUserCount() > 1) {
10582                        return CODE_NONSYSTEM_USER_EXISTS;
10583                    }
10584                    if (hasIncompatibleAccountsOrNonAdb) {
10585                        return CODE_ACCOUNTS_NOT_EMPTY;
10586                    }
10587                } else {
10588                    // STOPSHIP Do proper check in split user mode
10589                }
10590            }
10591            return CODE_OK;
10592        } else {
10593            if (!mInjector.userManagerIsSplitSystemUser()) {
10594                // In non-split user mode, DO has to be user 0
10595                if (deviceOwnerUserId != UserHandle.USER_SYSTEM) {
10596                    return CODE_NOT_SYSTEM_USER;
10597                }
10598                // In non-split user mode, only provision DO before setup wizard completes
10599                if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) {
10600                    return CODE_USER_SETUP_COMPLETED;
10601                }
10602            } else {
10603                // STOPSHIP Do proper check in split user mode
10604            }
10605            return CODE_OK;
10606        }
10607    }
10608
10609    private int checkDeviceOwnerProvisioningPreCondition(int deviceOwnerUserId) {
10610        synchronized (this) {
10611            // hasIncompatibleAccountsOrNonAdb doesn't matter since the caller is not adb.
10612            return checkDeviceOwnerProvisioningPreConditionLocked(/* owner unknown */ null,
10613                    deviceOwnerUserId, /* isAdb= */ false,
10614                    /* hasIncompatibleAccountsOrNonAdb=*/ true);
10615        }
10616    }
10617
10618    private int checkManagedProfileProvisioningPreCondition(String packageName, int callingUserId) {
10619        if (!hasFeatureManagedUsers()) {
10620            return CODE_MANAGED_USERS_NOT_SUPPORTED;
10621        }
10622        if (callingUserId == UserHandle.USER_SYSTEM
10623                && mInjector.userManagerIsSplitSystemUser()) {
10624            // Managed-profiles cannot be setup on the system user.
10625            return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER;
10626        }
10627        if (getProfileOwner(callingUserId) != null) {
10628            // Managed user cannot have a managed profile.
10629            return CODE_USER_HAS_PROFILE_OWNER;
10630        }
10631
10632        final long ident = mInjector.binderClearCallingIdentity();
10633        try {
10634            final UserHandle callingUserHandle = UserHandle.of(callingUserId);
10635            final ComponentName ownerAdmin = getOwnerComponent(packageName, callingUserId);
10636            if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE,
10637                    callingUserHandle)) {
10638                // An admin can initiate provisioning if it has set the restriction.
10639                if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin,
10640                        UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) {
10641                    return CODE_ADD_MANAGED_PROFILE_DISALLOWED;
10642                }
10643            }
10644            boolean canRemoveProfile = true;
10645            if (mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
10646                    callingUserHandle)) {
10647                // We can remove a profile if the admin itself has set the restriction.
10648                if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin,
10649                        UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
10650                        callingUserId)) {
10651                    canRemoveProfile = false;
10652                }
10653            }
10654            if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) {
10655                return CODE_CANNOT_ADD_MANAGED_PROFILE;
10656            }
10657        } finally {
10658            mInjector.binderRestoreCallingIdentity(ident);
10659        }
10660        return CODE_OK;
10661    }
10662
10663    private ComponentName getOwnerComponent(String packageName, int userId) {
10664        if (isDeviceOwnerPackage(packageName, userId)) {
10665            return mOwners.getDeviceOwnerComponent();
10666        }
10667        if (isProfileOwnerPackage(packageName, userId)) {
10668            return mOwners.getProfileOwnerComponent(userId);
10669        }
10670        return null;
10671    }
10672
10673    /**
10674     * Return device owner or profile owner set on a given user.
10675     */
10676    private @Nullable ComponentName getOwnerComponent(int userId) {
10677        synchronized (this) {
10678            if (mOwners.getDeviceOwnerUserId() == userId) {
10679                return mOwners.getDeviceOwnerComponent();
10680            }
10681            if (mOwners.hasProfileOwner(userId)) {
10682                return mOwners.getProfileOwnerComponent(userId);
10683            }
10684        }
10685        return null;
10686    }
10687
10688    private int checkManagedUserProvisioningPreCondition(int callingUserId) {
10689        if (!hasFeatureManagedUsers()) {
10690            return CODE_MANAGED_USERS_NOT_SUPPORTED;
10691        }
10692        if (!mInjector.userManagerIsSplitSystemUser()) {
10693            // ACTION_PROVISION_MANAGED_USER only supported on split-user systems.
10694            return CODE_NOT_SYSTEM_USER_SPLIT;
10695        }
10696        if (callingUserId == UserHandle.USER_SYSTEM) {
10697            // System user cannot be a managed user.
10698            return CODE_SYSTEM_USER;
10699        }
10700        if (hasUserSetupCompleted(callingUserId)) {
10701            return CODE_USER_SETUP_COMPLETED;
10702        }
10703        if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) {
10704            return CODE_HAS_PAIRED;
10705        }
10706        return CODE_OK;
10707    }
10708
10709    private int checkManagedShareableDeviceProvisioningPreCondition(int callingUserId) {
10710        if (!mInjector.userManagerIsSplitSystemUser()) {
10711            // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems.
10712            return CODE_NOT_SYSTEM_USER_SPLIT;
10713        }
10714        return checkDeviceOwnerProvisioningPreCondition(callingUserId);
10715    }
10716
10717    private boolean hasFeatureManagedUsers() {
10718        try {
10719            return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0);
10720        } catch (RemoteException e) {
10721            return false;
10722        }
10723    }
10724
10725    @Override
10726    public String getWifiMacAddress(ComponentName admin) {
10727        // Make sure caller has DO.
10728        synchronized (this) {
10729            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10730        }
10731
10732        final long ident = mInjector.binderClearCallingIdentity();
10733        try {
10734            final WifiInfo wifiInfo = mInjector.getWifiManager().getConnectionInfo();
10735            if (wifiInfo == null) {
10736                return null;
10737            }
10738            return wifiInfo.hasRealMacAddress() ? wifiInfo.getMacAddress() : null;
10739        } finally {
10740            mInjector.binderRestoreCallingIdentity(ident);
10741        }
10742    }
10743
10744    /**
10745     * Returns the target sdk version number that the given packageName was built for
10746     * in the given user.
10747     */
10748    private int getTargetSdk(String packageName, int userId) {
10749        final ApplicationInfo ai;
10750        try {
10751            ai = mIPackageManager.getApplicationInfo(packageName, 0, userId);
10752            final int targetSdkVersion = ai == null ? 0 : ai.targetSdkVersion;
10753            return targetSdkVersion;
10754        } catch (RemoteException e) {
10755            // Shouldn't happen
10756            return 0;
10757        }
10758    }
10759
10760    @Override
10761    public boolean isManagedProfile(ComponentName admin) {
10762        enforceProfileOrDeviceOwner(admin);
10763        return isManagedProfile(mInjector.userHandleGetCallingUserId());
10764    }
10765
10766    @Override
10767    public boolean isSystemOnlyUser(ComponentName admin) {
10768        synchronized (this) {
10769            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10770        }
10771        final int callingUserId = mInjector.userHandleGetCallingUserId();
10772        return UserManager.isSplitSystemUser() && callingUserId == UserHandle.USER_SYSTEM;
10773    }
10774
10775    @Override
10776    public void reboot(ComponentName admin) {
10777        Preconditions.checkNotNull(admin);
10778        // Make sure caller has DO.
10779        synchronized (this) {
10780            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
10781        }
10782        long ident = mInjector.binderClearCallingIdentity();
10783        try {
10784            // Make sure there are no ongoing calls on the device.
10785            if (mTelephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE) {
10786                throw new IllegalStateException("Cannot be called with ongoing call on the device");
10787            }
10788            mInjector.powerManagerReboot(PowerManager.REBOOT_REQUESTED_BY_DEVICE_OWNER);
10789        } finally {
10790            mInjector.binderRestoreCallingIdentity(ident);
10791        }
10792    }
10793
10794    @Override
10795    public void setShortSupportMessage(@NonNull ComponentName who, CharSequence message) {
10796        if (!mHasFeature) {
10797            return;
10798        }
10799        Preconditions.checkNotNull(who, "ComponentName is null");
10800        final int userHandle = mInjector.userHandleGetCallingUserId();
10801        synchronized (this) {
10802            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10803                    mInjector.binderGetCallingUid());
10804            if (!TextUtils.equals(admin.shortSupportMessage, message)) {
10805                admin.shortSupportMessage = message;
10806                saveSettingsLocked(userHandle);
10807            }
10808        }
10809    }
10810
10811    @Override
10812    public CharSequence getShortSupportMessage(@NonNull ComponentName who) {
10813        if (!mHasFeature) {
10814            return null;
10815        }
10816        Preconditions.checkNotNull(who, "ComponentName is null");
10817        synchronized (this) {
10818            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10819                    mInjector.binderGetCallingUid());
10820            return admin.shortSupportMessage;
10821        }
10822    }
10823
10824    @Override
10825    public void setLongSupportMessage(@NonNull ComponentName who, CharSequence message) {
10826        if (!mHasFeature) {
10827            return;
10828        }
10829        Preconditions.checkNotNull(who, "ComponentName is null");
10830        final int userHandle = mInjector.userHandleGetCallingUserId();
10831        synchronized (this) {
10832            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10833                    mInjector.binderGetCallingUid());
10834            if (!TextUtils.equals(admin.longSupportMessage, message)) {
10835                admin.longSupportMessage = message;
10836                saveSettingsLocked(userHandle);
10837            }
10838        }
10839    }
10840
10841    @Override
10842    public CharSequence getLongSupportMessage(@NonNull ComponentName who) {
10843        if (!mHasFeature) {
10844            return null;
10845        }
10846        Preconditions.checkNotNull(who, "ComponentName is null");
10847        synchronized (this) {
10848            ActiveAdmin admin = getActiveAdminForUidLocked(who,
10849                    mInjector.binderGetCallingUid());
10850            return admin.longSupportMessage;
10851        }
10852    }
10853
10854    @Override
10855    public CharSequence getShortSupportMessageForUser(@NonNull ComponentName who, int userHandle) {
10856        if (!mHasFeature) {
10857            return null;
10858        }
10859        Preconditions.checkNotNull(who, "ComponentName is null");
10860        if (!isCallerWithSystemUid()) {
10861            throw new SecurityException("Only the system can query support message for user");
10862        }
10863        synchronized (this) {
10864            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
10865            if (admin != null) {
10866                return admin.shortSupportMessage;
10867            }
10868        }
10869        return null;
10870    }
10871
10872    @Override
10873    public CharSequence getLongSupportMessageForUser(@NonNull ComponentName who, int userHandle) {
10874        if (!mHasFeature) {
10875            return null;
10876        }
10877        Preconditions.checkNotNull(who, "ComponentName is null");
10878        if (!isCallerWithSystemUid()) {
10879            throw new SecurityException("Only the system can query support message for user");
10880        }
10881        synchronized (this) {
10882            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
10883            if (admin != null) {
10884                return admin.longSupportMessage;
10885            }
10886        }
10887        return null;
10888    }
10889
10890    @Override
10891    public void setOrganizationColor(@NonNull ComponentName who, int color) {
10892        if (!mHasFeature) {
10893            return;
10894        }
10895        Preconditions.checkNotNull(who, "ComponentName is null");
10896        final int userHandle = mInjector.userHandleGetCallingUserId();
10897        enforceManagedProfile(userHandle, "set organization color");
10898        synchronized (this) {
10899            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10900                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10901            admin.organizationColor = color;
10902            saveSettingsLocked(userHandle);
10903        }
10904    }
10905
10906    @Override
10907    public void setOrganizationColorForUser(int color, int userId) {
10908        if (!mHasFeature) {
10909            return;
10910        }
10911        enforceFullCrossUsersPermission(userId);
10912        enforceManageUsers();
10913        enforceManagedProfile(userId, "set organization color");
10914        synchronized (this) {
10915            ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
10916            admin.organizationColor = color;
10917            saveSettingsLocked(userId);
10918        }
10919    }
10920
10921    @Override
10922    public int getOrganizationColor(@NonNull ComponentName who) {
10923        if (!mHasFeature) {
10924            return ActiveAdmin.DEF_ORGANIZATION_COLOR;
10925        }
10926        Preconditions.checkNotNull(who, "ComponentName is null");
10927        enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization color");
10928        synchronized (this) {
10929            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10930                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10931            return admin.organizationColor;
10932        }
10933    }
10934
10935    @Override
10936    public int getOrganizationColorForUser(int userHandle) {
10937        if (!mHasFeature) {
10938            return ActiveAdmin.DEF_ORGANIZATION_COLOR;
10939        }
10940        enforceFullCrossUsersPermission(userHandle);
10941        enforceManagedProfile(userHandle, "get organization color");
10942        synchronized (this) {
10943            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle);
10944            return (profileOwner != null)
10945                    ? profileOwner.organizationColor
10946                    : ActiveAdmin.DEF_ORGANIZATION_COLOR;
10947        }
10948    }
10949
10950    @Override
10951    public void setOrganizationName(@NonNull ComponentName who, CharSequence text) {
10952        if (!mHasFeature) {
10953            return;
10954        }
10955        Preconditions.checkNotNull(who, "ComponentName is null");
10956        final int userHandle = mInjector.userHandleGetCallingUserId();
10957
10958        synchronized (this) {
10959            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10960                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10961            if (!TextUtils.equals(admin.organizationName, text)) {
10962                admin.organizationName = (text == null || text.length() == 0)
10963                        ? null : text.toString();
10964                saveSettingsLocked(userHandle);
10965            }
10966        }
10967    }
10968
10969    @Override
10970    public CharSequence getOrganizationName(@NonNull ComponentName who) {
10971        if (!mHasFeature) {
10972            return null;
10973        }
10974        Preconditions.checkNotNull(who, "ComponentName is null");
10975        enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization name");
10976        synchronized(this) {
10977            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
10978                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
10979            return admin.organizationName;
10980        }
10981    }
10982
10983    @Override
10984    public CharSequence getDeviceOwnerOrganizationName() {
10985        if (!mHasFeature) {
10986            return null;
10987        }
10988        enforceDeviceOwnerOrManageUsers();
10989        synchronized(this) {
10990            final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
10991            return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName;
10992        }
10993    }
10994
10995    @Override
10996    public CharSequence getOrganizationNameForUser(int userHandle) {
10997        if (!mHasFeature) {
10998            return null;
10999        }
11000        enforceFullCrossUsersPermission(userHandle);
11001        enforceManagedProfile(userHandle, "get organization name");
11002        synchronized (this) {
11003            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle);
11004            return (profileOwner != null)
11005                    ? profileOwner.organizationName
11006                    : null;
11007        }
11008    }
11009
11010    @Override
11011    public void setAffiliationIds(ComponentName admin, List<String> ids) {
11012        if (!mHasFeature) {
11013            return;
11014        }
11015        if (ids == null) {
11016            throw new IllegalArgumentException("ids must not be null");
11017        }
11018        for (String id : ids) {
11019            if (TextUtils.isEmpty(id)) {
11020                throw new IllegalArgumentException("ids must not contain empty string");
11021            }
11022        }
11023
11024        final Set<String> affiliationIds = new ArraySet<>(ids);
11025        final int callingUserId = mInjector.userHandleGetCallingUserId();
11026        synchronized (this) {
11027            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11028            getUserData(callingUserId).mAffiliationIds = affiliationIds;
11029            saveSettingsLocked(callingUserId);
11030            if (callingUserId != UserHandle.USER_SYSTEM && isDeviceOwner(admin, callingUserId)) {
11031                // Affiliation ids specified by the device owner are additionally stored in
11032                // UserHandle.USER_SYSTEM's DevicePolicyData.
11033                getUserData(UserHandle.USER_SYSTEM).mAffiliationIds = affiliationIds;
11034                saveSettingsLocked(UserHandle.USER_SYSTEM);
11035            }
11036
11037            // Affiliation status for any user, not just the calling user, might have changed.
11038            // The device owner user will still be affiliated after changing its affiliation ids,
11039            // but as a result of that other users might become affiliated or un-affiliated.
11040            maybePauseDeviceWideLoggingLocked();
11041            maybeResumeDeviceWideLoggingLocked();
11042            maybeClearLockTaskPolicyLocked();
11043        }
11044    }
11045
11046    @Override
11047    public List<String> getAffiliationIds(ComponentName admin) {
11048        if (!mHasFeature) {
11049            return Collections.emptyList();
11050        }
11051
11052        Preconditions.checkNotNull(admin);
11053        synchronized (this) {
11054            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11055            return new ArrayList<String>(
11056                    getUserData(mInjector.userHandleGetCallingUserId()).mAffiliationIds);
11057        }
11058    }
11059
11060    @Override
11061    public boolean isAffiliatedUser() {
11062        if (!mHasFeature) {
11063            return false;
11064        }
11065
11066        synchronized (this) {
11067            return isUserAffiliatedWithDeviceLocked(mInjector.userHandleGetCallingUserId());
11068        }
11069    }
11070
11071    private boolean isUserAffiliatedWithDeviceLocked(int userId) {
11072        if (!mOwners.hasDeviceOwner()) {
11073            return false;
11074        }
11075        if (userId == mOwners.getDeviceOwnerUserId()) {
11076            // The user that the DO is installed on is always affiliated with the device.
11077            return true;
11078        }
11079        if (userId == UserHandle.USER_SYSTEM) {
11080            // The system user is always affiliated in a DO device, even if the DO is set on a
11081            // different user. This could be the case if the DO is set in the primary user
11082            // of a split user device.
11083            return true;
11084        }
11085        final ComponentName profileOwner = getProfileOwner(userId);
11086        if (profileOwner == null) {
11087            return false;
11088        }
11089        final Set<String> userAffiliationIds = getUserData(userId).mAffiliationIds;
11090        final Set<String> deviceAffiliationIds =
11091                getUserData(UserHandle.USER_SYSTEM).mAffiliationIds;
11092        for (String id : userAffiliationIds) {
11093            if (deviceAffiliationIds.contains(id)) {
11094                return true;
11095            }
11096        }
11097        return false;
11098    }
11099
11100    private boolean areAllUsersAffiliatedWithDeviceLocked() {
11101        final long ident = mInjector.binderClearCallingIdentity();
11102        try {
11103            final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true);
11104            for (int i = 0; i < userInfos.size(); i++) {
11105                int userId = userInfos.get(i).id;
11106                if (!isUserAffiliatedWithDeviceLocked(userId)) {
11107                    Slog.d(LOG_TAG, "User id " + userId + " not affiliated.");
11108                    return false;
11109                }
11110            }
11111        } finally {
11112            mInjector.binderRestoreCallingIdentity(ident);
11113        }
11114
11115        return true;
11116    }
11117
11118    @Override
11119    public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled) {
11120        if (!mHasFeature) {
11121            return;
11122        }
11123        Preconditions.checkNotNull(admin);
11124
11125        synchronized (this) {
11126            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11127            if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) {
11128                return;
11129            }
11130            mInjector.securityLogSetLoggingEnabledProperty(enabled);
11131            if (enabled) {
11132                mSecurityLogMonitor.start();
11133                maybePauseDeviceWideLoggingLocked();
11134            } else {
11135                mSecurityLogMonitor.stop();
11136            }
11137        }
11138    }
11139
11140    @Override
11141    public boolean isSecurityLoggingEnabled(ComponentName admin) {
11142        if (!mHasFeature) {
11143            return false;
11144        }
11145
11146        synchronized (this) {
11147            if (!isCallerWithSystemUid()) {
11148                Preconditions.checkNotNull(admin);
11149                getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11150            }
11151            return mInjector.securityLogGetLoggingEnabledProperty();
11152        }
11153    }
11154
11155    private synchronized void recordSecurityLogRetrievalTime() {
11156        final long currentTime = System.currentTimeMillis();
11157        DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
11158        if (currentTime > policyData.mLastSecurityLogRetrievalTime) {
11159            policyData.mLastSecurityLogRetrievalTime = currentTime;
11160            saveSettingsLocked(UserHandle.USER_SYSTEM);
11161        }
11162    }
11163
11164    @Override
11165    public ParceledListSlice<SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin) {
11166        if (!mHasFeature) {
11167            return null;
11168        }
11169
11170        Preconditions.checkNotNull(admin);
11171        ensureDeviceOwnerAndAllUsersAffiliated(admin);
11172
11173        if (!mContext.getResources().getBoolean(R.bool.config_supportPreRebootSecurityLogs)
11174                || !mInjector.securityLogGetLoggingEnabledProperty()) {
11175            return null;
11176        }
11177
11178        recordSecurityLogRetrievalTime();
11179
11180        ArrayList<SecurityEvent> output = new ArrayList<SecurityEvent>();
11181        try {
11182            SecurityLog.readPreviousEvents(output);
11183            return new ParceledListSlice<SecurityEvent>(output);
11184        } catch (IOException e) {
11185            Slog.w(LOG_TAG, "Fail to read previous events" , e);
11186            return new ParceledListSlice<SecurityEvent>(Collections.<SecurityEvent>emptyList());
11187        }
11188    }
11189
11190    @Override
11191    public ParceledListSlice<SecurityEvent> retrieveSecurityLogs(ComponentName admin) {
11192        if (!mHasFeature) {
11193            return null;
11194        }
11195
11196        Preconditions.checkNotNull(admin);
11197        ensureDeviceOwnerAndAllUsersAffiliated(admin);
11198
11199        if (!mInjector.securityLogGetLoggingEnabledProperty()) {
11200            return null;
11201        }
11202
11203        recordSecurityLogRetrievalTime();
11204
11205        List<SecurityEvent> logs = mSecurityLogMonitor.retrieveLogs();
11206        return logs != null ? new ParceledListSlice<SecurityEvent>(logs) : null;
11207    }
11208
11209    private void enforceCanManageDeviceAdmin() {
11210        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS,
11211                null);
11212    }
11213
11214    private void enforceCanManageProfileAndDeviceOwners() {
11215        mContext.enforceCallingOrSelfPermission(
11216                android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);
11217    }
11218
11219    private void enforceCallerSystemUserHandle() {
11220        final int callingUid = mInjector.binderGetCallingUid();
11221        final int userId = UserHandle.getUserId(callingUid);
11222        if (userId != UserHandle.USER_SYSTEM) {
11223            throw new SecurityException("Caller has to be in user 0");
11224        }
11225    }
11226
11227    @Override
11228    public boolean isUninstallInQueue(final String packageName) {
11229        enforceCanManageDeviceAdmin();
11230        final int userId = mInjector.userHandleGetCallingUserId();
11231        Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
11232        synchronized (this) {
11233            return mPackagesToRemove.contains(packageUserPair);
11234        }
11235    }
11236
11237    @Override
11238    public void uninstallPackageWithActiveAdmins(final String packageName) {
11239        enforceCanManageDeviceAdmin();
11240        Preconditions.checkArgument(!TextUtils.isEmpty(packageName));
11241
11242        final int userId = mInjector.userHandleGetCallingUserId();
11243
11244        enforceUserUnlocked(userId);
11245
11246        final ComponentName profileOwner = getProfileOwner(userId);
11247        if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) {
11248            throw new IllegalArgumentException("Cannot uninstall a package with a profile owner");
11249        }
11250
11251        final ComponentName deviceOwner = getDeviceOwnerComponent(/* callingUserOnly= */ false);
11252        if (getDeviceOwnerUserId() == userId && deviceOwner != null
11253                && packageName.equals(deviceOwner.getPackageName())) {
11254            throw new IllegalArgumentException("Cannot uninstall a package with a device owner");
11255        }
11256
11257        final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
11258        synchronized (this) {
11259            mPackagesToRemove.add(packageUserPair);
11260        }
11261
11262        // All active admins on the user.
11263        final List<ComponentName> allActiveAdmins = getActiveAdmins(userId);
11264
11265        // Active admins in the target package.
11266        final List<ComponentName> packageActiveAdmins = new ArrayList<>();
11267        if (allActiveAdmins != null) {
11268            for (ComponentName activeAdmin : allActiveAdmins) {
11269                if (packageName.equals(activeAdmin.getPackageName())) {
11270                    packageActiveAdmins.add(activeAdmin);
11271                    removeActiveAdmin(activeAdmin, userId);
11272                }
11273            }
11274        }
11275        if (packageActiveAdmins.size() == 0) {
11276            startUninstallIntent(packageName, userId);
11277        } else {
11278            mHandler.postDelayed(new Runnable() {
11279                @Override
11280                public void run() {
11281                    for (ComponentName activeAdmin : packageActiveAdmins) {
11282                        removeAdminArtifacts(activeAdmin, userId);
11283                    }
11284                    startUninstallIntent(packageName, userId);
11285                }
11286            }, DEVICE_ADMIN_DEACTIVATE_TIMEOUT); // Start uninstall after timeout anyway.
11287        }
11288    }
11289
11290    @Override
11291    public boolean isDeviceProvisioned() {
11292        synchronized (this) {
11293            return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete;
11294        }
11295    }
11296
11297    private boolean isCurrentUserDemo() {
11298        if (UserManager.isDeviceInDemoMode(mContext)) {
11299            final int userId = mInjector.userHandleGetCallingUserId();
11300            final long callingIdentity = mInjector.binderClearCallingIdentity();
11301            try {
11302                return mUserManager.getUserInfo(userId).isDemo();
11303            } finally {
11304                mInjector.binderRestoreCallingIdentity(callingIdentity);
11305            }
11306        }
11307        return false;
11308    }
11309
11310    private void removePackageIfRequired(final String packageName, final int userId) {
11311        if (!packageHasActiveAdmins(packageName, userId)) {
11312            // Will not do anything if uninstall was not requested or was already started.
11313            startUninstallIntent(packageName, userId);
11314        }
11315    }
11316
11317    private void startUninstallIntent(final String packageName, final int userId) {
11318        final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
11319        synchronized (this) {
11320            if (!mPackagesToRemove.contains(packageUserPair)) {
11321                // Do nothing if uninstall was not requested or was already started.
11322                return;
11323            }
11324            mPackagesToRemove.remove(packageUserPair);
11325        }
11326        try {
11327            if (mInjector.getIPackageManager().getPackageInfo(packageName, 0, userId) == null) {
11328                // Package does not exist. Nothing to do.
11329                return;
11330            }
11331        } catch (RemoteException re) {
11332            Log.e(LOG_TAG, "Failure talking to PackageManager while getting package info");
11333        }
11334
11335        try { // force stop the package before uninstalling
11336            mInjector.getIActivityManager().forceStopPackage(packageName, userId);
11337        } catch (RemoteException re) {
11338            Log.e(LOG_TAG, "Failure talking to ActivityManager while force stopping package");
11339        }
11340        final Uri packageURI = Uri.parse("package:" + packageName);
11341        final Intent uninstallIntent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageURI);
11342        uninstallIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
11343        mContext.startActivityAsUser(uninstallIntent, UserHandle.of(userId));
11344    }
11345
11346    /**
11347     * Removes the admin from the policy. Ideally called after the admin's
11348     * {@link DeviceAdminReceiver#onDisabled(Context, Intent)} has been successfully completed.
11349     *
11350     * @param adminReceiver The admin to remove
11351     * @param userHandle The user for which this admin has to be removed.
11352     */
11353    private void removeAdminArtifacts(final ComponentName adminReceiver, final int userHandle) {
11354        synchronized (this) {
11355            final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
11356            if (admin == null) {
11357                return;
11358            }
11359            final DevicePolicyData policy = getUserData(userHandle);
11360            final boolean doProxyCleanup = admin.info.usesPolicy(
11361                    DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY);
11362            policy.mAdminList.remove(admin);
11363            policy.mAdminMap.remove(adminReceiver);
11364            validatePasswordOwnerLocked(policy);
11365            if (doProxyCleanup) {
11366                resetGlobalProxyLocked(policy);
11367            }
11368            pushActiveAdminPackagesLocked(userHandle);
11369            saveSettingsLocked(userHandle);
11370            updateMaximumTimeToLockLocked(userHandle);
11371            policy.mRemovingAdmins.remove(adminReceiver);
11372
11373            Slog.i(LOG_TAG, "Device admin " + adminReceiver + " removed from user " + userHandle);
11374        }
11375        // The removed admin might have disabled camera, so update user
11376        // restrictions.
11377        pushUserRestrictions(userHandle);
11378    }
11379
11380    @Override
11381    public void setDeviceProvisioningConfigApplied() {
11382        enforceManageUsers();
11383        synchronized (this) {
11384            DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
11385            policy.mDeviceProvisioningConfigApplied = true;
11386            saveSettingsLocked(UserHandle.USER_SYSTEM);
11387        }
11388    }
11389
11390    @Override
11391    public boolean isDeviceProvisioningConfigApplied() {
11392        enforceManageUsers();
11393        synchronized (this) {
11394            final DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
11395            return policy.mDeviceProvisioningConfigApplied;
11396        }
11397    }
11398
11399    /**
11400     * Force update internal persistent state from Settings.Secure.USER_SETUP_COMPLETE.
11401     *
11402     * It's added for testing only. Please use this API carefully if it's used by other system app
11403     * and bare in mind Settings.Secure.USER_SETUP_COMPLETE can be modified by user and other system
11404     * apps.
11405     */
11406    @Override
11407    public void forceUpdateUserSetupComplete() {
11408        enforceCanManageProfileAndDeviceOwners();
11409        enforceCallerSystemUserHandle();
11410        // no effect if it's called from user build
11411        if (!mInjector.isBuildDebuggable()) {
11412            return;
11413        }
11414        final int userId = UserHandle.USER_SYSTEM;
11415        boolean isUserCompleted = mInjector.settingsSecureGetIntForUser(
11416                Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0;
11417        DevicePolicyData policy = getUserData(userId);
11418        policy.mUserSetupComplete = isUserCompleted;
11419        synchronized (this) {
11420            saveSettingsLocked(userId);
11421        }
11422    }
11423
11424    // TODO(b/22388012): When backup is available for secondary users and profiles, consider
11425    // whether there are any privacy/security implications of enabling the backup service here
11426    // if there are other users or profiles unmanaged or managed by a different entity (i.e. not
11427    // affiliated).
11428    @Override
11429    public void setBackupServiceEnabled(ComponentName admin, boolean enabled) {
11430        if (!mHasFeature) {
11431            return;
11432        }
11433        Preconditions.checkNotNull(admin);
11434        synchronized (this) {
11435            ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(
11436                    admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11437            if (!enabled) {
11438                activeAdmin.mandatoryBackupTransport = null;
11439                saveSettingsLocked(UserHandle.USER_SYSTEM);
11440            }
11441        }
11442
11443        final long ident = mInjector.binderClearCallingIdentity();
11444        try {
11445            IBackupManager ibm = mInjector.getIBackupManager();
11446            if (ibm != null) {
11447                ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled);
11448            }
11449        } catch (RemoteException e) {
11450            throw new IllegalStateException(
11451                "Failed " + (enabled ? "" : "de") + "activating backup service.", e);
11452        } finally {
11453            mInjector.binderRestoreCallingIdentity(ident);
11454        }
11455    }
11456
11457    @Override
11458    public boolean isBackupServiceEnabled(ComponentName admin) {
11459        Preconditions.checkNotNull(admin);
11460        if (!mHasFeature) {
11461            return true;
11462        }
11463        synchronized (this) {
11464            try {
11465                getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11466                IBackupManager ibm = mInjector.getIBackupManager();
11467                return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM);
11468            } catch (RemoteException e) {
11469                throw new IllegalStateException("Failed requesting backup service state.", e);
11470            }
11471        }
11472    }
11473
11474    @Override
11475    public void setMandatoryBackupTransport(
11476            ComponentName admin, ComponentName backupTransportComponent) {
11477        if (!mHasFeature) {
11478            return;
11479        }
11480        Preconditions.checkNotNull(admin);
11481        synchronized (this) {
11482            ActiveAdmin activeAdmin =
11483                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11484            if (!Objects.equals(backupTransportComponent, activeAdmin.mandatoryBackupTransport)) {
11485                activeAdmin.mandatoryBackupTransport = backupTransportComponent;
11486                saveSettingsLocked(UserHandle.USER_SYSTEM);
11487            }
11488        }
11489        final long identity = mInjector.binderClearCallingIdentity();
11490        try {
11491            IBackupManager ibm = mInjector.getIBackupManager();
11492            if (ibm != null && backupTransportComponent != null) {
11493                if (!ibm.isBackupServiceActive(UserHandle.USER_SYSTEM)) {
11494                    ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, true);
11495                }
11496                ibm.selectBackupTransportAsync(backupTransportComponent, null);
11497                ibm.setBackupEnabled(true);
11498            }
11499        } catch (RemoteException e) {
11500            throw new IllegalStateException("Failed to set mandatory backup transport.", e);
11501        } finally {
11502            mInjector.binderRestoreCallingIdentity(identity);
11503        }
11504    }
11505
11506    @Override
11507    public ComponentName getMandatoryBackupTransport() {
11508        if (!mHasFeature) {
11509            return null;
11510        }
11511        synchronized (this) {
11512            ActiveAdmin activeAdmin = getDeviceOwnerAdminLocked();
11513            return activeAdmin == null ? null : activeAdmin.mandatoryBackupTransport;
11514        }
11515    }
11516
11517
11518    @Override
11519    public boolean bindDeviceAdminServiceAsUser(
11520            @NonNull ComponentName admin, @NonNull IApplicationThread caller,
11521            @Nullable IBinder activtiyToken, @NonNull Intent serviceIntent,
11522            @NonNull IServiceConnection connection, int flags, @UserIdInt int targetUserId) {
11523        if (!mHasFeature) {
11524            return false;
11525        }
11526        Preconditions.checkNotNull(admin);
11527        Preconditions.checkNotNull(caller);
11528        Preconditions.checkNotNull(serviceIntent);
11529        Preconditions.checkArgument(
11530                serviceIntent.getComponent() != null || serviceIntent.getPackage() != null,
11531                "Service intent must be explicit (with a package name or component): "
11532                        + serviceIntent);
11533        Preconditions.checkNotNull(connection);
11534        Preconditions.checkArgument(mInjector.userHandleGetCallingUserId() != targetUserId,
11535                "target user id must be different from the calling user id");
11536
11537        if (!getBindDeviceAdminTargetUsers(admin).contains(UserHandle.of(targetUserId))) {
11538            throw new SecurityException("Not allowed to bind to target user id");
11539        }
11540
11541        final String targetPackage;
11542        synchronized (this) {
11543            targetPackage = getOwnerPackageNameForUserLocked(targetUserId);
11544        }
11545
11546        final long callingIdentity = mInjector.binderClearCallingIdentity();
11547        try {
11548            // Validate and sanitize the incoming service intent.
11549            final Intent sanitizedIntent =
11550                    createCrossUserServiceIntent(serviceIntent, targetPackage, targetUserId);
11551            if (sanitizedIntent == null) {
11552                // Fail, cannot lookup the target service.
11553                return false;
11554            }
11555            // Ask ActivityManager to bind it. Notice that we are binding the service with the
11556            // caller app instead of DevicePolicyManagerService.
11557            return mInjector.getIActivityManager().bindService(
11558                    caller, activtiyToken, serviceIntent,
11559                    serviceIntent.resolveTypeIfNeeded(mContext.getContentResolver()),
11560                    connection, flags, mContext.getOpPackageName(),
11561                    targetUserId) != 0;
11562        } catch (RemoteException ex) {
11563            // Same process, should not happen.
11564        } finally {
11565            mInjector.binderRestoreCallingIdentity(callingIdentity);
11566        }
11567
11568        // Failed to bind.
11569        return false;
11570    }
11571
11572    @Override
11573    public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) {
11574        if (!mHasFeature) {
11575            return Collections.emptyList();
11576        }
11577        Preconditions.checkNotNull(admin);
11578
11579        synchronized (this) {
11580            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11581
11582            final int callingUserId = mInjector.userHandleGetCallingUserId();
11583            final long callingIdentity = mInjector.binderClearCallingIdentity();
11584            try {
11585                ArrayList<UserHandle> targetUsers = new ArrayList<>();
11586                if (!isDeviceOwner(admin, callingUserId)) {
11587                    // Profile owners can only bind to the device owner.
11588                    if (canUserBindToDeviceOwnerLocked(callingUserId)) {
11589                        targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId()));
11590                    }
11591                } else {
11592                    // Caller is the device owner: Look for profile owners that it can bind to.
11593                    final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true);
11594                    for (int i = 0; i < userInfos.size(); i++) {
11595                        final int userId = userInfos.get(i).id;
11596                        if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) {
11597                            targetUsers.add(UserHandle.of(userId));
11598                        }
11599                    }
11600                }
11601
11602                return targetUsers;
11603            } finally {
11604                mInjector.binderRestoreCallingIdentity(callingIdentity);
11605            }
11606        }
11607    }
11608
11609    private boolean canUserBindToDeviceOwnerLocked(int userId) {
11610        // There has to be a device owner, under another user id.
11611        if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) {
11612            return false;
11613        }
11614
11615        // The user must have a profile owner that belongs to the same package as the device owner.
11616        if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals(
11617                mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) {
11618            return false;
11619        }
11620
11621        // The user must be affiliated.
11622        return isUserAffiliatedWithDeviceLocked(userId);
11623    }
11624
11625    /**
11626     * Return true if a given user has any accounts that'll prevent installing a device or profile
11627     * owner {@code owner}.
11628     * - If the user has no accounts, then return false.
11629     * - Otherwise, if the owner is unknown (== null), or is not test-only, then return true.
11630     * - Otherwise, if there's any account that does not have ..._ALLOWED, or does have
11631     *   ..._DISALLOWED, return true.
11632     * - Otherwise return false.
11633     *
11634     * If the caller is *not* ADB, it also returns true.  The returned value shouldn't be used
11635     * when the caller is not ADB.
11636     *
11637     * DO NOT CALL IT WITH THE DPMS LOCK HELD.
11638     */
11639    private boolean hasIncompatibleAccountsOrNonAdbNoLock(
11640            int userId, @Nullable ComponentName owner) {
11641        if (!isAdb()) {
11642            return true;
11643        }
11644        wtfIfInLock();
11645
11646        final long token = mInjector.binderClearCallingIdentity();
11647        try {
11648            final AccountManager am = AccountManager.get(mContext);
11649            final Account accounts[] = am.getAccountsAsUser(userId);
11650            if (accounts.length == 0) {
11651                return false;
11652            }
11653            synchronized (this) {
11654                if (owner == null || !isAdminTestOnlyLocked(owner, userId)) {
11655                    Log.w(LOG_TAG,
11656                            "Non test-only owner can't be installed with existing accounts.");
11657                    return true;
11658                }
11659            }
11660
11661            final String[] feature_allow =
11662                    { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED };
11663            final String[] feature_disallow =
11664                    { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED };
11665
11666            boolean compatible = true;
11667            for (Account account : accounts) {
11668                if (hasAccountFeatures(am, account, feature_disallow)) {
11669                    Log.e(LOG_TAG, account + " has " + feature_disallow[0]);
11670                    compatible = false;
11671                    break;
11672                }
11673                if (!hasAccountFeatures(am, account, feature_allow)) {
11674                    Log.e(LOG_TAG, account + " doesn't have " + feature_allow[0]);
11675                    compatible = false;
11676                    break;
11677                }
11678            }
11679            if (compatible) {
11680                Log.w(LOG_TAG, "All accounts are compatible");
11681            } else {
11682                Log.e(LOG_TAG, "Found incompatible accounts");
11683            }
11684            return !compatible;
11685        } finally {
11686            mInjector.binderRestoreCallingIdentity(token);
11687        }
11688    }
11689
11690    private boolean hasAccountFeatures(AccountManager am, Account account, String[] features) {
11691        try {
11692            return am.hasFeatures(account, features, null, null).getResult();
11693        } catch (Exception e) {
11694            Log.w(LOG_TAG, "Failed to get account feature", e);
11695            return false;
11696        }
11697    }
11698
11699    private boolean isAdb() {
11700        final int callingUid = mInjector.binderGetCallingUid();
11701        return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
11702    }
11703
11704    @Override
11705    public synchronized void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) {
11706        if (!mHasFeature) {
11707            return;
11708        }
11709        Preconditions.checkNotNull(admin);
11710        getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
11711
11712        if (enabled == isNetworkLoggingEnabledInternalLocked()) {
11713            // already in the requested state
11714            return;
11715        }
11716        ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
11717        deviceOwner.isNetworkLoggingEnabled = enabled;
11718        if (!enabled) {
11719            deviceOwner.numNetworkLoggingNotifications = 0;
11720            deviceOwner.lastNetworkLoggingNotificationTimeMs = 0;
11721        }
11722        saveSettingsLocked(mInjector.userHandleGetCallingUserId());
11723
11724        setNetworkLoggingActiveInternal(enabled);
11725    }
11726
11727    private synchronized void setNetworkLoggingActiveInternal(boolean active) {
11728        final long callingIdentity = mInjector.binderClearCallingIdentity();
11729        try {
11730            if (active) {
11731                mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal());
11732                if (!mNetworkLogger.startNetworkLogging()) {
11733                    mNetworkLogger = null;
11734                    Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging"
11735                            + " service not being available yet.");
11736                }
11737                maybePauseDeviceWideLoggingLocked();
11738                sendNetworkLoggingNotificationLocked();
11739            } else {
11740                if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) {
11741                    Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging"
11742                            + " service not being available yet.");
11743                }
11744                mNetworkLogger = null;
11745                mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING);
11746            }
11747        } finally {
11748            mInjector.binderRestoreCallingIdentity(callingIdentity);
11749        }
11750    }
11751
11752    /** Pauses security and network logging if there are unaffiliated users on the device */
11753    private void maybePauseDeviceWideLoggingLocked() {
11754        if (!areAllUsersAffiliatedWithDeviceLocked()) {
11755            Slog.i(LOG_TAG, "There are unaffiliated users, security and network logging will be "
11756                    + "paused if enabled.");
11757            mSecurityLogMonitor.pause();
11758            if (mNetworkLogger != null) {
11759                mNetworkLogger.pause();
11760            }
11761        }
11762    }
11763
11764    /** Resumes security and network logging (if they are enabled) if all users are affiliated */
11765    private void maybeResumeDeviceWideLoggingLocked() {
11766        if (areAllUsersAffiliatedWithDeviceLocked()) {
11767            final long ident = mInjector.binderClearCallingIdentity();
11768            try {
11769                mSecurityLogMonitor.resume();
11770                if (mNetworkLogger != null) {
11771                    mNetworkLogger.resume();
11772                }
11773            } finally {
11774                mInjector.binderRestoreCallingIdentity(ident);
11775            }
11776        }
11777    }
11778
11779    /** Deletes any security and network logs that might have been collected so far */
11780    private void discardDeviceWideLogsLocked() {
11781        mSecurityLogMonitor.discardLogs();
11782        if (mNetworkLogger != null) {
11783            mNetworkLogger.discardLogs();
11784        }
11785        // TODO: We should discard pre-boot security logs here too, as otherwise those
11786        // logs (which might contain data from the user just removed) will be
11787        // available after next boot.
11788    }
11789
11790    @Override
11791    public boolean isNetworkLoggingEnabled(ComponentName admin) {
11792        if (!mHasFeature) {
11793            return false;
11794        }
11795        synchronized (this) {
11796            enforceDeviceOwnerOrManageUsers();
11797            return isNetworkLoggingEnabledInternalLocked();
11798        }
11799    }
11800
11801    private boolean isNetworkLoggingEnabledInternalLocked() {
11802        ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
11803        return (deviceOwner != null) && deviceOwner.isNetworkLoggingEnabled;
11804    }
11805
11806    /*
11807     * A maximum of 1200 events are returned, and the total marshalled size is in the order of
11808     * 100kB, so returning a List instead of ParceledListSlice is acceptable.
11809     * Ideally this would be done with ParceledList, however it only supports homogeneous types.
11810     *
11811     * @see NetworkLoggingHandler#MAX_EVENTS_PER_BATCH
11812     */
11813    @Override
11814    public List<NetworkEvent> retrieveNetworkLogs(ComponentName admin, long batchToken) {
11815        if (!mHasFeature) {
11816            return null;
11817        }
11818        Preconditions.checkNotNull(admin);
11819        ensureDeviceOwnerAndAllUsersAffiliated(admin);
11820
11821        synchronized (this) {
11822            if (mNetworkLogger == null
11823                    || !isNetworkLoggingEnabledInternalLocked()) {
11824                return null;
11825            }
11826
11827            final long currentTime = System.currentTimeMillis();
11828            DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
11829            if (currentTime > policyData.mLastNetworkLogsRetrievalTime) {
11830                policyData.mLastNetworkLogsRetrievalTime = currentTime;
11831                saveSettingsLocked(UserHandle.USER_SYSTEM);
11832            }
11833            return mNetworkLogger.retrieveLogs(batchToken);
11834        }
11835    }
11836
11837    private void sendNetworkLoggingNotificationLocked() {
11838        final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
11839        if (deviceOwner == null || !deviceOwner.isNetworkLoggingEnabled) {
11840            return;
11841        }
11842        if (deviceOwner.numNetworkLoggingNotifications >=
11843                ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) {
11844            return;
11845        }
11846        final long now = System.currentTimeMillis();
11847        if (now - deviceOwner.lastNetworkLoggingNotificationTimeMs < MS_PER_DAY) {
11848            return;
11849        }
11850        deviceOwner.numNetworkLoggingNotifications++;
11851        if (deviceOwner.numNetworkLoggingNotifications
11852                >= ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) {
11853            deviceOwner.lastNetworkLoggingNotificationTimeMs = 0;
11854        } else {
11855            deviceOwner.lastNetworkLoggingNotificationTimeMs = now;
11856        }
11857        final Intent intent = new Intent(DevicePolicyManager.ACTION_SHOW_DEVICE_MONITORING_DIALOG);
11858        intent.setPackage("com.android.systemui");
11859        final PendingIntent pendingIntent = PendingIntent.getBroadcastAsUser(mContext, 0, intent, 0,
11860                UserHandle.CURRENT);
11861        Notification notification =
11862                new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN)
11863                .setSmallIcon(R.drawable.ic_info_outline)
11864                .setContentTitle(mContext.getString(R.string.network_logging_notification_title))
11865                .setContentText(mContext.getString(R.string.network_logging_notification_text))
11866                .setTicker(mContext.getString(R.string.network_logging_notification_title))
11867                .setShowWhen(true)
11868                .setContentIntent(pendingIntent)
11869                .setStyle(new Notification.BigTextStyle()
11870                        .bigText(mContext.getString(R.string.network_logging_notification_text)))
11871                .build();
11872        mInjector.getNotificationManager().notify(SystemMessage.NOTE_NETWORK_LOGGING, notification);
11873        saveSettingsLocked(mOwners.getDeviceOwnerUserId());
11874    }
11875
11876    /**
11877     * Return the package name of owner in a given user.
11878     */
11879    private String getOwnerPackageNameForUserLocked(int userId) {
11880        return mOwners.getDeviceOwnerUserId() == userId
11881                ? mOwners.getDeviceOwnerPackageName()
11882                : mOwners.getProfileOwnerPackage(userId);
11883    }
11884
11885    /**
11886     * @param rawIntent Original service intent specified by caller. It must be explicit.
11887     * @param expectedPackageName The expected package name of the resolved service.
11888     * @return Intent that have component explicitly set. {@code null} if no service is resolved
11889     *     with the given intent.
11890     * @throws SecurityException if the intent is resolved to an invalid service.
11891     */
11892    private Intent createCrossUserServiceIntent(
11893            @NonNull Intent rawIntent, @NonNull String expectedPackageName,
11894            @UserIdInt int targetUserId) throws RemoteException, SecurityException {
11895        ResolveInfo info = mIPackageManager.resolveService(
11896                rawIntent,
11897                rawIntent.resolveTypeIfNeeded(mContext.getContentResolver()),
11898                0,  // flags
11899                targetUserId);
11900        if (info == null || info.serviceInfo == null) {
11901            Log.e(LOG_TAG, "Fail to look up the service: " + rawIntent
11902                    + " or user " + targetUserId + " is not running");
11903            return null;
11904        }
11905        if (!expectedPackageName.equals(info.serviceInfo.packageName)) {
11906            throw new SecurityException("Only allow to bind service in " + expectedPackageName);
11907        }
11908        // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release.
11909        if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) {
11910            throw new SecurityException(
11911                    "Service must be protected by BIND_DEVICE_ADMIN permission");
11912        }
11913        // It is the system server to bind the service, it would be extremely dangerous if it
11914        // can be exploited to bind any service. Set the component explicitly to make sure we
11915        // do not bind anything accidentally.
11916        rawIntent.setComponent(info.serviceInfo.getComponentName());
11917        return rawIntent;
11918    }
11919
11920    @Override
11921    public long getLastSecurityLogRetrievalTime() {
11922        enforceDeviceOwnerOrManageUsers();
11923        return getUserData(UserHandle.USER_SYSTEM).mLastSecurityLogRetrievalTime;
11924     }
11925
11926    @Override
11927    public long getLastBugReportRequestTime() {
11928        enforceDeviceOwnerOrManageUsers();
11929        return getUserData(UserHandle.USER_SYSTEM).mLastBugReportRequestTime;
11930     }
11931
11932    @Override
11933    public long getLastNetworkLogRetrievalTime() {
11934        enforceDeviceOwnerOrManageUsers();
11935        return getUserData(UserHandle.USER_SYSTEM).mLastNetworkLogsRetrievalTime;
11936    }
11937
11938    @Override
11939    public boolean setResetPasswordToken(ComponentName admin, byte[] token) {
11940        if (!mHasFeature) {
11941            return false;
11942        }
11943        if (token == null || token.length < 32) {
11944            throw new IllegalArgumentException("token must be at least 32-byte long");
11945        }
11946        synchronized (this) {
11947            final int userHandle = mInjector.userHandleGetCallingUserId();
11948            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11949
11950            DevicePolicyData policy = getUserData(userHandle);
11951            long ident = mInjector.binderClearCallingIdentity();
11952            try {
11953                if (policy.mPasswordTokenHandle != 0) {
11954                    mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, userHandle);
11955                }
11956
11957                policy.mPasswordTokenHandle = mLockPatternUtils.addEscrowToken(token, userHandle);
11958                saveSettingsLocked(userHandle);
11959                return policy.mPasswordTokenHandle != 0;
11960            } finally {
11961                mInjector.binderRestoreCallingIdentity(ident);
11962            }
11963        }
11964    }
11965
11966    @Override
11967    public boolean clearResetPasswordToken(ComponentName admin) {
11968        if (!mHasFeature) {
11969            return false;
11970        }
11971        synchronized (this) {
11972            final int userHandle = mInjector.userHandleGetCallingUserId();
11973            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11974
11975            DevicePolicyData policy = getUserData(userHandle);
11976            if (policy.mPasswordTokenHandle != 0) {
11977                long ident = mInjector.binderClearCallingIdentity();
11978                try {
11979                    boolean result = mLockPatternUtils.removeEscrowToken(
11980                            policy.mPasswordTokenHandle, userHandle);
11981                    policy.mPasswordTokenHandle = 0;
11982                    saveSettingsLocked(userHandle);
11983                    return result;
11984                } finally {
11985                    mInjector.binderRestoreCallingIdentity(ident);
11986                }
11987            }
11988        }
11989        return false;
11990    }
11991
11992    @Override
11993    public boolean isResetPasswordTokenActive(ComponentName admin) {
11994        synchronized (this) {
11995            final int userHandle = mInjector.userHandleGetCallingUserId();
11996            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
11997
11998            DevicePolicyData policy = getUserData(userHandle);
11999            if (policy.mPasswordTokenHandle != 0) {
12000                long ident = mInjector.binderClearCallingIdentity();
12001                try {
12002                    return mLockPatternUtils.isEscrowTokenActive(policy.mPasswordTokenHandle,
12003                            userHandle);
12004                } finally {
12005                    mInjector.binderRestoreCallingIdentity(ident);
12006                }
12007            }
12008        }
12009        return false;
12010    }
12011
12012    @Override
12013    public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token,
12014            int flags) {
12015        Preconditions.checkNotNull(token);
12016        synchronized (this) {
12017            final int userHandle = mInjector.userHandleGetCallingUserId();
12018            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
12019
12020            DevicePolicyData policy = getUserData(userHandle);
12021            if (policy.mPasswordTokenHandle != 0) {
12022                final String password = passwordOrNull != null ? passwordOrNull : "";
12023                return resetPasswordInternal(password, policy.mPasswordTokenHandle, token,
12024                        flags, mInjector.binderGetCallingUid(), userHandle);
12025            } else {
12026                Slog.w(LOG_TAG, "No saved token handle");
12027            }
12028        }
12029        return false;
12030    }
12031
12032    @Override
12033    public boolean isCurrentInputMethodSetByOwner() {
12034        enforceProfileOwnerOrSystemUser();
12035        return getUserData(mInjector.userHandleGetCallingUserId()).mCurrentInputMethodSet;
12036    }
12037
12038    @Override
12039    public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) {
12040        final int userId = user.getIdentifier();
12041        enforceProfileOwnerOrFullCrossUsersPermission(userId);
12042        synchronized (this) {
12043            return new StringParceledListSlice(
12044                    new ArrayList<>(getUserData(userId).mOwnerInstalledCaCerts));
12045        }
12046    }
12047
12048    @Override
12049    public boolean clearApplicationUserData(ComponentName admin, String packageName,
12050            IPackageDataObserver callback) {
12051        Preconditions.checkNotNull(admin, "ComponentName is null");
12052        synchronized (this) {
12053            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
12054        }
12055        final int userId = UserHandle.getCallingUserId();
12056
12057        long ident = mInjector.binderClearCallingIdentity();
12058        try {
12059            return ActivityManager.getService().clearApplicationUserData(packageName, false,
12060                    callback, userId);
12061        } catch(RemoteException re) {
12062            // Same process, should not happen.
12063        } catch (SecurityException se) {
12064            // This can happen e.g. for device admin packages, do not throw out the exception,
12065            // because callers have no means to know beforehand for which packages this might
12066            // happen.
12067            Slog.w(LOG_TAG, "Not allowed to clear application user data for package " + packageName,
12068                    se);
12069        } finally {
12070            mInjector.binderRestoreCallingIdentity(ident);
12071        }
12072
12073        if (callback != null) {
12074            try {
12075                // If there was a throw above, we send back that removal failed
12076                callback.onRemoveCompleted(packageName, false);
12077            } catch (RemoteException re) {
12078                // Caller is no longer available, ignore
12079            }
12080        }
12081        return false;
12082    }
12083
12084    @Override
12085    public synchronized void setLogoutEnabled(ComponentName admin, boolean enabled) {
12086        if (!mHasFeature) {
12087            return;
12088        }
12089        Preconditions.checkNotNull(admin);
12090
12091        synchronized (this) {
12092            ActiveAdmin deviceOwner =
12093                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12094
12095            if (deviceOwner.isLogoutEnabled == enabled) {
12096                // already in the requested state
12097                return;
12098            }
12099            deviceOwner.isLogoutEnabled = enabled;
12100            saveSettingsLocked(mInjector.userHandleGetCallingUserId());
12101        }
12102    }
12103
12104    @Override
12105    public boolean isLogoutEnabled() {
12106        if (!mHasFeature) {
12107            return false;
12108        }
12109        synchronized (this) {
12110            ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
12111            return (deviceOwner != null) && deviceOwner.isLogoutEnabled;
12112        }
12113    }
12114
12115    @Override
12116    public List<String> getDisallowedSystemApps(ComponentName admin, int userId,
12117            String provisioningAction) throws RemoteException {
12118        enforceCanManageProfileAndDeviceOwners();
12119        return new ArrayList<>(
12120                mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction));
12121    }
12122
12123    //TODO: Add callback information to the javadoc once it is completed.
12124    //TODO: Make transferOwnership atomic.
12125    @Override
12126    public void transferOwnership(ComponentName admin, ComponentName target, PersistableBundle bundle) {
12127        if (!mHasFeature) {
12128            return;
12129        }
12130
12131        Preconditions.checkNotNull(admin, "Admin cannot be null.");
12132        Preconditions.checkNotNull(target, "Target cannot be null.");
12133
12134        enforceProfileOrDeviceOwner(admin);
12135
12136        if (admin.equals(target)) {
12137            throw new IllegalArgumentException("Provided administrator and target are "
12138                    + "the same object.");
12139        }
12140
12141        if (admin.getPackageName().equals(target.getPackageName())) {
12142            throw new IllegalArgumentException("Provided administrator and target have "
12143                    + "the same package name.");
12144        }
12145
12146        final int callingUserId = mInjector.userHandleGetCallingUserId();
12147        final DevicePolicyData policy = getUserData(callingUserId);
12148        final DeviceAdminInfo incomingDeviceInfo = findAdmin(target, callingUserId,
12149                /* throwForMissingPermission= */ true);
12150        checkActiveAdminPrecondition(target, incomingDeviceInfo, policy);
12151        if (!incomingDeviceInfo.getActivityInfo().metaData
12152                .getBoolean(DeviceAdminReceiver.SUPPORT_TRANSFER_OWNERSHIP_META_DATA, false)) {
12153            throw new IllegalArgumentException("Provided target does not support "
12154                    + "ownership transfer.");
12155        }
12156
12157        final long id = mInjector.binderClearCallingIdentity();
12158        try {
12159            //STOPSHIP add support for COMP, edge cases when device is rebooted/work mode off
12160            synchronized (this) {
12161                if (isProfileOwner(admin, callingUserId)) {
12162                    transferProfileOwnerLocked(admin, target, callingUserId, bundle);
12163                } else if (isDeviceOwner(admin, callingUserId)) {
12164                    transferDeviceOwnerLocked(admin, target, callingUserId, bundle);
12165                }
12166            }
12167        } finally {
12168            mInjector.binderRestoreCallingIdentity(id);
12169        }
12170    }
12171
12172    /**
12173     * Transfers the profile owner for user with id profileOwnerUserId from admin to target.
12174     */
12175    private void transferProfileOwnerLocked(ComponentName admin, ComponentName target,
12176            int profileOwnerUserId, PersistableBundle bundle) {
12177        transferActiveAdminUncheckedLocked(target, admin, profileOwnerUserId);
12178        mOwners.transferProfileOwner(target, profileOwnerUserId);
12179        Slog.i(LOG_TAG, "Profile owner set: " + target + " on user " + profileOwnerUserId);
12180        mOwners.writeProfileOwner(profileOwnerUserId);
12181        mDeviceAdminServiceController.startServiceForOwner(
12182                target.getPackageName(), profileOwnerUserId, "transfer-profile-owner");
12183        sendProfileOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE,
12184                getTransferOwnerAdminExtras(bundle), profileOwnerUserId);
12185        sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,
12186                profileOwnerUserId);
12187    }
12188
12189    /**
12190     * Transfers the device owner for user with id userId from admin to target.
12191     */
12192    private void transferDeviceOwnerLocked(ComponentName admin, ComponentName target, int userId,
12193            PersistableBundle bundle) {
12194        transferActiveAdminUncheckedLocked(target, admin, userId);
12195        mOwners.transferDeviceOwner(target);
12196        Slog.i(LOG_TAG, "Device owner set: " + target + " on user " + userId);
12197        mOwners.writeDeviceOwner();
12198        mDeviceAdminServiceController.startServiceForOwner(
12199                target.getPackageName(), userId, "transfer-device-owner");
12200        sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE,
12201                getTransferOwnerAdminExtras(bundle));
12202        sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId);
12203    }
12204
12205    private Bundle getTransferOwnerAdminExtras(PersistableBundle bundle) {
12206        Bundle extras = new Bundle();
12207        if (bundle != null) {
12208            extras.putParcelable(EXTRA_TRANSFER_OWNER_ADMIN_EXTRAS_BUNDLE, bundle);
12209        }
12210        return extras;
12211    }
12212
12213    @Override
12214    public void setStartUserSessionMessage(
12215            ComponentName admin, CharSequence startUserSessionMessage) {
12216        if (!mHasFeature) {
12217            return;
12218        }
12219        Preconditions.checkNotNull(admin);
12220
12221        final String startUserSessionMessageString =
12222                startUserSessionMessage != null ? startUserSessionMessage.toString() : null;
12223
12224        synchronized (this) {
12225            final ActiveAdmin deviceOwner =
12226                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12227
12228            if (TextUtils.equals(deviceOwner.startUserSessionMessage, startUserSessionMessage)) {
12229                return;
12230            }
12231            deviceOwner.startUserSessionMessage = startUserSessionMessageString;
12232            saveSettingsLocked(mInjector.userHandleGetCallingUserId());
12233        }
12234
12235        mInjector.getActivityManagerInternal()
12236                .setSwitchingFromSystemUserMessage(startUserSessionMessageString);
12237    }
12238
12239    @Override
12240    public void setEndUserSessionMessage(ComponentName admin, CharSequence endUserSessionMessage) {
12241        if (!mHasFeature) {
12242            return;
12243        }
12244        Preconditions.checkNotNull(admin);
12245
12246        final String endUserSessionMessageString =
12247                endUserSessionMessage != null ? endUserSessionMessage.toString() : null;
12248
12249        synchronized (this) {
12250            final ActiveAdmin deviceOwner =
12251                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12252
12253            if (TextUtils.equals(deviceOwner.endUserSessionMessage, endUserSessionMessage)) {
12254                return;
12255            }
12256            deviceOwner.endUserSessionMessage = endUserSessionMessageString;
12257            saveSettingsLocked(mInjector.userHandleGetCallingUserId());
12258        }
12259
12260        mInjector.getActivityManagerInternal()
12261                .setSwitchingToSystemUserMessage(endUserSessionMessageString);
12262    }
12263
12264    @Override
12265    public String getStartUserSessionMessage(ComponentName admin) {
12266        if (!mHasFeature) {
12267            return null;
12268        }
12269        Preconditions.checkNotNull(admin);
12270
12271        synchronized (this) {
12272            final ActiveAdmin deviceOwner =
12273                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12274            return deviceOwner.startUserSessionMessage;
12275        }
12276    }
12277
12278    @Override
12279    public String getEndUserSessionMessage(ComponentName admin) {
12280        if (!mHasFeature) {
12281            return null;
12282        }
12283        Preconditions.checkNotNull(admin);
12284
12285        synchronized (this) {
12286            final ActiveAdmin deviceOwner =
12287                    getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
12288            return deviceOwner.endUserSessionMessage;
12289        }
12290    }
12291
12292    private boolean hasPrinting() {
12293        return mInjector.getPackageManager().hasSystemFeature(PackageManager.FEATURE_PRINTING);
12294    }
12295
12296    @Override
12297    public void setPrintingEnabled(ComponentName admin, boolean enabled) {
12298        if (!mHasFeature || !hasPrinting()) {
12299            return;
12300        }
12301        Preconditions.checkNotNull(admin, "Admin cannot be null.");
12302        enforceProfileOrDeviceOwner(admin);
12303        synchronized (this) {
12304            final int userHandle = mInjector.userHandleGetCallingUserId();
12305            DevicePolicyData policy = getUserData(userHandle);
12306            if (policy.mPrintingEnabled != enabled) {
12307                policy.mPrintingEnabled = enabled;
12308                saveSettingsLocked(userHandle);
12309            }
12310        }
12311    }
12312
12313    /**
12314     * Returns whether printing is enabled for current user.
12315     * @hide
12316     */
12317    @Override
12318    public boolean isPrintingEnabled() {
12319        if (!hasPrinting()) {
12320            return false;
12321        }
12322        if (!mHasFeature) {
12323            return true;
12324        }
12325        synchronized (this) {
12326            final int userHandle = mInjector.userHandleGetCallingUserId();
12327            DevicePolicyData policy = getUserData(userHandle);
12328            return policy.mPrintingEnabled;
12329        }
12330    }
12331
12332    /**
12333     * Returns text of error message if printing is disabled.
12334     * Only to be called by Print Service.
12335     * @hide
12336     */
12337    @Override
12338    public CharSequence getPrintingDisabledReason() {
12339        if (!hasPrinting() || !mHasFeature) {
12340            Log.e(LOG_TAG, "no printing or no management");
12341            return null;
12342        }
12343        synchronized (this) {
12344            final int userHandle = mInjector.userHandleGetCallingUserId();
12345            DevicePolicyData policy = getUserData(userHandle);
12346            if (policy.mPrintingEnabled) {
12347                Log.e(LOG_TAG, "printing is enabled");
12348                return null;
12349            }
12350            String ownerPackage = mOwners.getProfileOwnerPackage(userHandle);
12351            if (ownerPackage == null) {
12352                ownerPackage = mOwners.getDeviceOwnerPackageName();
12353            }
12354            PackageManager pm = mInjector.getPackageManager();
12355            PackageInfo packageInfo;
12356            try {
12357                packageInfo = pm.getPackageInfo(ownerPackage, 0);
12358            } catch (NameNotFoundException e) {
12359                Log.e(LOG_TAG, "getPackageInfo error", e);
12360                return null;
12361            }
12362            if (packageInfo == null) {
12363                Log.e(LOG_TAG, "packageInfo is inexplicably null");
12364                return null;
12365            }
12366            ApplicationInfo appInfo = packageInfo.applicationInfo;
12367            if (appInfo == null) {
12368                Log.e(LOG_TAG, "appInfo is inexplicably null");
12369                return null;
12370            }
12371            CharSequence appLabel = pm.getApplicationLabel(appInfo);
12372            if (appLabel == null) {
12373                Log.e(LOG_TAG, "appLabel is inexplicably null");
12374                return null;
12375            }
12376            return ((Context) ActivityThread.currentActivityThread().getSystemUiContext())
12377                    .getResources().getString(R.string.printing_disabled_by, appLabel);
12378        }
12379    }
12380}
12381