commit e05fb429bf0c64578c4aa16999ba9c0f1a17e6d5
author Alex Johnston <acjohnston@google.com> Thu Oct 24 14:27:13 2024 +0000
committer Alex Johnston <acjohnston@google.com> Mon Nov 18 16:21:04 2024 +0000
tree 0ece54ee5cb8dcd91d072df0c616254d1df2009b
parent c319a30b5959af12369518757261476ae27857b9

Allow the device policy management role to migrate accounts

Update copyAccountToUser to a SystemAPI

This is part of the work to split up the DevicePolicyManager
API createAndProvisionManagedProfile. The only caller of this
copyAccountToUser hidden SystemAPI will be the device policy
management role holder

Add permissions to gate the copyAccountToUser API and the
removeAccount API to allow the device policy management
role holder to call these APIs

Bug: 375382324
Test: atest AccountMigrationTest
Test: Manual testing by calling this SystemAPI in CloudDPC
 CTS tests will be added as a follow-up
Flag: android.app.admin.flags.split_create_managed_profile_enabled
Change-Id: I243f7ce53c6b8c8db1b946981895782f9d1c59dd

packages/Shell/AndroidManifest.xml

diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 526320d..0b5dfb3 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -242,6 +242,8 @@
     <uses-permission android:name="android.permission.READ_LOWPAN_CREDENTIAL" />
     <uses-permission android:name="android.permission.BLUETOOTH_STACK" />
     <uses-permission android:name="android.permission.GET_ACCOUNTS" />
+    <uses-permission android:name="android.permission.COPY_ACCOUNTS" />
+    <uses-permission android:name="android.permission.REMOVE_ACCOUNTS" />
     <uses-permission android:name="android.permission.RETRIEVE_WINDOW_TOKEN" />
     <uses-permission android:name="android.permission.FRAME_STATS" />
     <uses-permission android:name="android.permission.BIND_APPWIDGET" />