Merge "New API: DevicePolicyManager.listForegroundAffiliatedUsers()" into sc-dev
diff --git a/core/api/current.txt b/core/api/current.txt
index 376bab8..5f9743a 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -7104,6 +7104,7 @@
method public boolean isUniqueDeviceAttestationSupported();
method public boolean isUsbDataSignalingEnabled();
method public boolean isUsingUnifiedPassword(@NonNull android.content.ComponentName);
+ method @NonNull public java.util.List<android.os.UserHandle> listForegroundAffiliatedUsers();
method public void lockNow();
method public void lockNow(int);
method public int logoutUser(@NonNull android.content.ComponentName);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 28242b0..305c224 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -13357,6 +13357,7 @@
}
}
}
+
/**
* Returns true if the caller is running on a device where the admin can grant
* permissions related to device sensors.
@@ -13459,4 +13460,22 @@
}
return false;
}
+
+ /**
+ * Gets the list of {@link #isAffiliatedUser() affiliated} users running on foreground.
+ *
+ * @return list of {@link #isAffiliatedUser() affiliated} users running on foreground.
+ *
+ * @throws SecurityException if the calling application is not a device owner
+ */
+ @NonNull
+ public List<UserHandle> listForegroundAffiliatedUsers() {
+ if (mService == null) return Collections.emptyList();
+
+ try {
+ return mService.listForegroundAffiliatedUsers();
+ } catch (RemoteException re) {
+ throw re.rethrowFromSystemServer();
+ }
+ }
}
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 94388cf..91a9f3c 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -507,4 +507,6 @@
boolean isUsbDataSignalingEnabled(String callerPackage);
boolean isUsbDataSignalingEnabledForUser(int userId);
boolean canUsbDataSignalingBeDisabled();
+
+ List<UserHandle> listForegroundAffiliatedUsers();
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 59ce30a..9250894 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6453,7 +6453,7 @@
private void forceWipeUser(int userId, String wipeReasonForUser, boolean wipeSilently) {
boolean success = false;
try {
- if (getCurrentForegroundUser() == userId) {
+ if (getCurrentForegroundUserId() == userId) {
mInjector.getIActivityManager().switchUser(UserHandle.USER_SYSTEM);
}
@@ -7921,7 +7921,7 @@
Slog.i(LOG_TAG, "Device owner set: " + admin + " on user " + userId);
if (mInjector.userManagerIsHeadlessSystemUserMode()) {
- int currentForegroundUser = getCurrentForegroundUser();
+ int currentForegroundUser = getCurrentForegroundUserId();
Slog.i(LOG_TAG, "setDeviceOwner(): setting " + admin
+ " as profile owner on user " + currentForegroundUser);
// Sets profile owner on current foreground user since
@@ -9052,7 +9052,7 @@
return UserHandle.isSameApp(caller.getUid(), Process.SHELL_UID);
}
- private @UserIdInt int getCurrentForegroundUser() {
+ private @UserIdInt int getCurrentForegroundUserId() {
try {
return mInjector.getIActivityManager().getCurrentUser().id;
} catch (RemoteException e) {
@@ -9061,6 +9061,25 @@
return UserHandle.USER_NULL;
}
+ @Override
+ public List<UserHandle> listForegroundAffiliatedUsers() {
+ checkIsDeviceOwner(getCallerIdentity());
+
+ int userId = mInjector.binderWithCleanCallingIdentity(() -> getCurrentForegroundUserId());
+
+ boolean isAffiliated;
+ synchronized (getLockObject()) {
+ isAffiliated = isUserAffiliatedWithDeviceLocked(userId);
+ }
+
+ if (!isAffiliated) return Collections.emptyList();
+
+ List<UserHandle> users = new ArrayList<>(1);
+ users.add(UserHandle.of(userId));
+
+ return users;
+ }
+
protected int getProfileParentId(int userHandle) {
return mInjector.binderWithCleanCallingIdentity(() -> {
UserInfo parentUser = mUserManager.getProfileParent(userHandle);
@@ -12875,7 +12894,7 @@
return CODE_NONSYSTEM_USER_EXISTS;
}
- int currentForegroundUser = getCurrentForegroundUser();
+ int currentForegroundUser = getCurrentForegroundUserId();
if (callingUserId != currentForegroundUser
&& mInjector.userManagerIsHeadlessSystemUserMode()
&& currentForegroundUser == UserHandle.USER_SYSTEM) {
@@ -12971,6 +12990,11 @@
return CODE_OK;
}
+ private void checkIsDeviceOwner(CallerIdentity caller) {
+ Preconditions.checkCallAuthorization(isDeviceOwner(caller), caller.getUid()
+ + " is not device owner");
+ }
+
private ComponentName getOwnerComponent(String packageName, int userId) {
if (isDeviceOwnerPackage(packageName, userId)) {
return mOwners.getDeviceOwnerComponent();
@@ -15467,7 +15491,7 @@
private boolean isLockTaskFeatureEnabled(int lockTaskFeature) throws RemoteException {
//TODO(b/175285301): Explicitly get the user's identity to check.
int lockTaskFeatures =
- getUserData(getCurrentForegroundUser()).mLockTaskFeatures;
+ getUserData(getCurrentForegroundUserId()).mLockTaskFeatures;
return (lockTaskFeatures & lockTaskFeature) == lockTaskFeature;
}