1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.app.admin; 18 19 import android.annotation.UserIdInt; 20 import android.content.ComponentName; 21 import android.content.Intent; 22 import android.os.UserHandle; 23 24 import java.util.List; 25 import java.util.Set; 26 27 /** 28 * Device policy manager local system service interface. 29 * 30 * Maintenance note: if you need to expose information from DPMS to lower level services such as 31 * PM/UM/AM/etc, then exposing it from DevicePolicyManagerInternal is not safe because it may cause 32 * lock order inversion. Consider using {@link DevicePolicyCache} instead. 33 * 34 * @hide Only for use within the system server. 35 */ 36 public abstract class DevicePolicyManagerInternal { 37 38 /** 39 * Listener for changes in the white-listed packages to show cross-profile 40 * widgets. 41 */ 42 public interface OnCrossProfileWidgetProvidersChangeListener { 43 44 /** 45 * Called when the white-listed packages to show cross-profile widgets 46 * have changed for a given user. 47 * 48 * @param profileId The profile for which the white-listed packages changed. 49 * @param packages The white-listed packages. 50 */ onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages)51 public void onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages); 52 } 53 54 /** 55 * Gets the packages whose widget providers are white-listed to be 56 * available in the parent user. 57 * 58 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 59 * 60 * @param profileId The profile id. 61 * @return The list of packages if such or empty list if there are 62 * no white-listed packages or the profile id is not a managed 63 * profile. 64 */ getCrossProfileWidgetProviders(int profileId)65 public abstract List<String> getCrossProfileWidgetProviders(int profileId); 66 67 /** 68 * Adds a listener for changes in the white-listed packages to show 69 * cross-profile app widgets. 70 * 71 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 72 * 73 * @param listener The listener to add. 74 */ addOnCrossProfileWidgetProvidersChangeListener( OnCrossProfileWidgetProvidersChangeListener listener)75 public abstract void addOnCrossProfileWidgetProvidersChangeListener( 76 OnCrossProfileWidgetProvidersChangeListener listener); 77 78 /** 79 * Checks if an app with given uid is an active device admin of its user and has the policy 80 * specified. 81 * 82 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 83 * 84 * @param uid App uid. 85 * @param reqPolicy Required policy, for policies see {@link DevicePolicyManager}. 86 * @return true if the uid is an active admin with the given policy. 87 */ isActiveAdminWithPolicy(int uid, int reqPolicy)88 public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy); 89 90 /** 91 * Checks if an app with given uid is the active supervision admin. 92 * 93 * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. 94 * 95 * @param uid App uid. 96 * @return true if the uid is the active supervision app. 97 */ isActiveSupervisionApp(int uid)98 public abstract boolean isActiveSupervisionApp(int uid); 99 100 /** 101 * Creates an intent to show the admin support dialog to say that an action is disallowed by 102 * the device/profile owner. 103 * 104 * <p>This method does not take the DPMS lock. Safe to be called from anywhere. 105 * @param userId The user where the action is disallowed. 106 * @param useDefaultIfNoAdmin If true, a non-null intent will be returned, even if we couldn't 107 * find a profile/device owner. 108 * @return The intent to trigger the admin support dialog. 109 */ createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin)110 public abstract Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin); 111 112 /** 113 * Creates an intent to show the admin support dialog showing the admin who has set a user 114 * restriction. 115 * 116 * <p>This method does not take the DPMS lock. Safe to be called from anywhere. 117 * @param userId The user where the user restriction is set. 118 * @return The intent to trigger the admin support dialog, or null if the user restriction is 119 * not enforced by the profile/device owner. 120 */ createUserRestrictionSupportIntent(int userId, String userRestriction)121 public abstract Intent createUserRestrictionSupportIntent(int userId, String userRestriction); 122 123 /** 124 * Returns whether this user/profile is affiliated with the device. 125 * 126 * <p> 127 * By definition, the user that the device owner runs on is always affiliated with the device. 128 * Any other user/profile is considered affiliated with the device if the set specified by its 129 * profile owner via {@link DevicePolicyManager#setAffiliationIds} intersects with the device 130 * owner's. 131 * <p> 132 * Profile owner on the primary user will never be considered as affiliated as there is no 133 * device owner to be affiliated with. 134 */ isUserAffiliatedWithDevice(int userId)135 public abstract boolean isUserAffiliatedWithDevice(int userId); 136 137 /** 138 * Returns whether the calling package can install or uninstall packages without user 139 * interaction. 140 */ canSilentlyInstallPackage(String callerPackage, int callerUid)141 public abstract boolean canSilentlyInstallPackage(String callerPackage, int callerUid); 142 143 /** 144 * Reports that a profile has changed to use a unified or separate credential. 145 * 146 * @param userId User ID of the profile. 147 */ reportSeparateProfileChallengeChanged(@serIdInt int userId)148 public abstract void reportSeparateProfileChallengeChanged(@UserIdInt int userId); 149 150 /** 151 * Return text of error message if printing is disabled. 152 * Called by Print Service when printing is disabled by PO or DO when printing is attempted. 153 * 154 * @param userId The user in question 155 * @return localized error message 156 */ getPrintingDisabledReasonForUser(@serIdInt int userId)157 public abstract CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId); 158 159 /** 160 * @return cached version of DPM policies that can be accessed without risking deadlocks. 161 * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. 162 */ getDevicePolicyCache()163 protected abstract DevicePolicyCache getDevicePolicyCache(); 164 165 /** 166 * @return cached version of device state related to DPM that can be accessed without risking 167 * deadlocks. 168 * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. 169 */ getDeviceStateCache()170 protected abstract DeviceStateCache getDeviceStateCache(); 171 172 /** 173 * Returns the combined set of the following: 174 * <ul> 175 * <li>The package names that the admin has previously set as allowed to request user consent 176 * for cross-profile communication, via {@link 177 * DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)}.</li> 178 * <li>The default package names that are allowed to request user consent for cross-profile 179 * communication without being explicitly enabled by the admin, via 180 * {@link com.android.internal.R.array#cross_profile_apps} and 181 * {@link com.android.internal.R.array#vendor_cross_profile_apps}.</li> 182 * </ul> 183 * 184 * @return the combined set of whitelisted package names set via 185 * {@link DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)} and 186 * {@link com.android.internal.R.array#cross_profile_apps} and 187 * {@link com.android.internal.R.array#vendor_cross_profile_apps} 188 * 189 * @hide 190 */ getAllCrossProfilePackages()191 public abstract List<String> getAllCrossProfilePackages(); 192 193 /** 194 * Returns the default package names set by the OEM that are allowed to request user consent for 195 * cross-profile communication without being explicitly enabled by the admin, via 196 * {@link com.android.internal.R.array#cross_profile_apps} and 197 * {@link com.android.internal.R.array#vendor_cross_profile_apps}. 198 * 199 * @hide 200 */ getDefaultCrossProfilePackages()201 public abstract List<String> getDefaultCrossProfilePackages(); 202 203 /** 204 * Sends the {@code intent} to the packages with cross profile capabilities. 205 * 206 * <p>This means the application must have the {@code crossProfile} property and the 207 * corresponding permissions, defined by 208 * {@link 209 * android.content.pm.CrossProfileAppsInternal#verifyPackageHasInteractAcrossProfilePermission}. 210 * 211 * <p>Note: This method doesn't modify {@code intent} but copies it before use. 212 * 213 * @param intent Template for the intent sent to the package. 214 * @param parentHandle Handle of the user that will receive the intents. 215 * @param requiresPermission If false, all packages with the {@code crossProfile} property 216 * will receive the intent. 217 */ broadcastIntentToCrossProfileManifestReceiversAsUser(Intent intent, UserHandle parentHandle, boolean requiresPermission)218 public abstract void broadcastIntentToCrossProfileManifestReceiversAsUser(Intent intent, 219 UserHandle parentHandle, boolean requiresPermission); 220 221 /** 222 * Returns the profile owner component for the given user, or {@code null} if there is not one. 223 */ getProfileOwnerAsUser(int userHandle)224 public abstract ComponentName getProfileOwnerAsUser(int userHandle); 225 } 226