Add Device Lock service to system server.
Bug: b/241442337
Bug: b/228907574
Test: service successfully starts
Test: atest DeviceLockUnitTests
Test: cts-tradefed run cts -m CtsDeviceLockTestCases
Change-Id: I928d697c4040168955090712547c973a9e7ff61c
diff --git a/api/Android.bp b/api/Android.bp
index 9306671..a3e64a5 100644
--- a/api/Android.bp
+++ b/api/Android.bp
@@ -98,6 +98,7 @@
"framework-configinfrastructure",
"framework-connectivity",
"framework-connectivity-t",
+ "framework-devicelock",
"framework-federatedcompute",
"framework-graphics",
"framework-healthconnect",
diff --git a/boot/Android.bp b/boot/Android.bp
index 9fdb9bc..7839918 100644
--- a/boot/Android.bp
+++ b/boot/Android.bp
@@ -72,6 +72,10 @@
module: "com.android.conscrypt-bootclasspath-fragment",
},
{
+ apex: "com.android.devicelock",
+ module: "com.android.devicelock-bootclasspath-fragment",
+ },
+ {
apex: "com.android.federatedcompute",
module: "com.android.federatedcompute-bootclasspath-fragment",
},
diff --git a/core/api/current.txt b/core/api/current.txt
index 8d032fe..8059a86 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -107,6 +107,7 @@
field public static final String LAUNCH_MULTI_PANE_SETTINGS_DEEP_LINK = "android.permission.LAUNCH_MULTI_PANE_SETTINGS_DEEP_LINK";
field public static final String LOADER_USAGE_STATS = "android.permission.LOADER_USAGE_STATS";
field public static final String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";
+ field public static final String MANAGE_DEVICE_LOCK_STATE = "android.permission.MANAGE_DEVICE_LOCK_STATE";
field public static final String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";
field public static final String MANAGE_EXTERNAL_STORAGE = "android.permission.MANAGE_EXTERNAL_STORAGE";
field public static final String MANAGE_MEDIA = "android.permission.MANAGE_MEDIA";
@@ -9845,6 +9846,7 @@
field public static final int CONTEXT_RESTRICTED = 4; // 0x4
field public static final String CREDENTIAL_SERVICE = "credential";
field public static final String CROSS_PROFILE_APPS_SERVICE = "crossprofileapps";
+ field public static final String DEVICE_LOCK_SERVICE = "device_lock";
field public static final String DEVICE_POLICY_SERVICE = "device_policy";
field public static final String DISPLAY_HASH_SERVICE = "display_hash";
field public static final String DISPLAY_SERVICE = "display";
@@ -11991,6 +11993,7 @@
field public static final String FEATURE_CONTROLS = "android.software.controls";
field public static final String FEATURE_CREDENTIALS = "android.software.credentials";
field public static final String FEATURE_DEVICE_ADMIN = "android.software.device_admin";
+ field public static final String FEATURE_DEVICE_LOCK = "android.software.device_lock";
field public static final String FEATURE_EMBEDDED = "android.hardware.type.embedded";
field public static final String FEATURE_ETHERNET = "android.hardware.ethernet";
field public static final String FEATURE_EXPANDED_PICTURE_IN_PICTURE = "android.software.expanded_picture_in_picture";
diff --git a/core/java/android/app/SystemServiceRegistry.java b/core/java/android/app/SystemServiceRegistry.java
index 4ddfdb6..08a6b8c 100644
--- a/core/java/android/app/SystemServiceRegistry.java
+++ b/core/java/android/app/SystemServiceRegistry.java
@@ -85,6 +85,7 @@
import android.credentials.ICredentialManager;
import android.debug.AdbManager;
import android.debug.IAdbManager;
+import android.devicelock.DeviceLockFrameworkInitializer;
import android.graphics.fonts.FontManager;
import android.hardware.ConsumerIrManager;
import android.hardware.ISerialManager;
@@ -1555,6 +1556,7 @@
ConnectivityFrameworkInitializerTiramisu.registerServiceWrappers();
NearbyFrameworkInitializer.registerServiceWrappers();
OnDevicePersonalizationFrameworkInitializer.registerServiceWrappers();
+ DeviceLockFrameworkInitializer.registerServiceWrappers();
} finally {
// If any of the above code throws, we're in a pretty bad shape and the process
// will likely crash, but we'll reset it just in case there's an exception handler...
diff --git a/core/java/android/content/Context.java b/core/java/android/content/Context.java
index 753c936..d65210b 100644
--- a/core/java/android/content/Context.java
+++ b/core/java/android/content/Context.java
@@ -3938,6 +3938,7 @@
//@hide: SAFETY_CENTER_SERVICE,
DISPLAY_HASH_SERVICE,
CREDENTIAL_SERVICE,
+ DEVICE_LOCK_SERVICE,
})
@Retention(RetentionPolicy.SOURCE)
public @interface ServiceName {}
@@ -6073,6 +6074,14 @@
public static final String CREDENTIAL_SERVICE = "credential";
/**
+ * Use with {@link #getSystemService(String)} to retrieve a
+ * {@link android.devicelock.DeviceLockManager}.
+ *
+ * @see #getSystemService(String)
+ */
+ public static final String DEVICE_LOCK_SERVICE = "device_lock";
+
+ /**
* Determine whether the given permission is allowed for a particular
* process and user ID running in the system.
*
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index db991dc..823c142 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -4194,6 +4194,14 @@
@SdkConstant(SdkConstantType.FEATURE)
public static final String FEATURE_CREDENTIALS = "android.software.credentials";
+ /**
+ * Feature for {@link #getSystemAvailableFeatures} and {@link #hasSystemFeature}:
+ * The device supports locking (for example, by a financing provider in case of a missed
+ * payment).
+ */
+ @SdkConstant(SdkConstantType.FEATURE)
+ public static final String FEATURE_DEVICE_LOCK = "android.software.device_lock";
+
/** @hide */
public static final boolean APP_ENUMERATION_ENABLED_BY_DEFAULT = true;
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index de1a7f9..eb54abf 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -6577,6 +6577,13 @@
android:protectionLevel="signature" />
<uses-permission android:name="android.permission.HANDLE_QUERY_PACKAGE_RESTART" />
+ <!-- Allows financed device kiosk apps to perform actions on the Device Lock service
+ <p>Protection level: internal|role
+ <p>Intended for use by the FINANCED_DEVICE_KIOSK role only.
+ -->
+ <permission android:name="android.permission.MANAGE_DEVICE_LOCK_STATE"
+ android:protectionLevel="internal|role" />
+
<!-- Attribution for Geofencing service. -->
<attribution android:tag="GeofencingService" android:label="@string/geofencing_service"/>
<!-- Attribution for Country Detector. -->
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index fecf124..8acc3e7 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -715,6 +715,9 @@
<!-- Permission required for CTS test - ActivityPermissionRationaleTest -->
<uses-permission android:name="android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY" />
+ <!-- Permission required for CTS test - CtsDeviceLockTestCases -->
+ <uses-permission android:name="android.permission.MANAGE_DEVICE_LOCK_STATE" />
+
<application android:label="@string/app_label"
android:theme="@android:style/Theme.DeviceDefault.DayNight"
android:defaultToDeviceProtectedStorage="true"