1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.app.admin;
18 
19 import android.annotation.UserIdInt;
20 import android.content.Intent;
21 
22 import java.util.List;
23 
24 /**
25  * Device policy manager local system service interface.
26  *
27  * @hide Only for use within the system server.
28  */
29 public abstract class DevicePolicyManagerInternal {
30 
31     /**
32      * Listener for changes in the white-listed packages to show cross-profile
33      * widgets.
34      */
35     public interface OnCrossProfileWidgetProvidersChangeListener {
36 
37         /**
38          * Called when the white-listed packages to show cross-profile widgets
39          * have changed for a given user.
40          *
41          * @param profileId The profile for which the white-listed packages changed.
42          * @param packages The white-listed packages.
43          */
onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages)44         public void onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages);
45     }
46 
47     /**
48      * Gets the packages whose widget providers are white-listed to be
49      * available in the parent user.
50      *
51      * <p>This takes the DPMS lock.  DO NOT call from PM/UM/AM with their lock held.
52      *
53      * @param profileId The profile id.
54      * @return The list of packages if such or empty list if there are
55      *    no white-listed packages or the profile id is not a managed
56      *    profile.
57      */
getCrossProfileWidgetProviders(int profileId)58     public abstract List<String> getCrossProfileWidgetProviders(int profileId);
59 
60     /**
61      * Adds a listener for changes in the white-listed packages to show
62      * cross-profile app widgets.
63      *
64      * <p>This takes the DPMS lock.  DO NOT call from PM/UM/AM with their lock held.
65      *
66      * @param listener The listener to add.
67      */
addOnCrossProfileWidgetProvidersChangeListener( OnCrossProfileWidgetProvidersChangeListener listener)68     public abstract void addOnCrossProfileWidgetProvidersChangeListener(
69             OnCrossProfileWidgetProvidersChangeListener listener);
70 
71     /**
72      * Checks if an app with given uid is an active device admin of its user and has the policy
73      * specified.
74      *
75      * <p>This takes the DPMS lock.  DO NOT call from PM/UM/AM with their lock held.
76      *
77      * @param uid App uid.
78      * @param reqPolicy Required policy, for policies see {@link DevicePolicyManager}.
79      * @return true if the uid is an active admin with the given policy.
80      */
isActiveAdminWithPolicy(int uid, int reqPolicy)81     public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy);
82 
83     /**
84      * Creates an intent to show the admin support dialog to say that an action is disallowed by
85      * the device/profile owner.
86      *
87      * <p>This method does not take the DPMS lock.  Safe to be called from anywhere.
88      * @param userId The user where the action is disallowed.
89      * @param useDefaultIfNoAdmin If true, a non-null intent will be returned, even if we couldn't
90      * find a profile/device owner.
91      * @return The intent to trigger the admin support dialog.
92      */
createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin)93     public abstract Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin);
94 
95     /**
96      * Creates an intent to show the admin support dialog showing the admin who has set a user
97      * restriction.
98      *
99      * <p>This method does not take the DPMS lock. Safe to be called from anywhere.
100      * @param userId The user where the user restriction is set.
101      * @return The intent to trigger the admin support dialog, or null if the user restriction is
102      * not enforced by the profile/device owner.
103      */
createUserRestrictionSupportIntent(int userId, String userRestriction)104     public abstract Intent createUserRestrictionSupportIntent(int userId, String userRestriction);
105 
106     /**
107      * Returns whether this user/profile is affiliated with the device.
108      *
109      * <p>
110      * By definition, the user that the device owner runs on is always affiliated with the device.
111      * Any other user/profile is considered affiliated with the device if the set specified by its
112      * profile owner via {@link DevicePolicyManager#setAffiliationIds} intersects with the device
113      * owner's.
114      * <p>
115      * Profile owner on the primary user will never be considered as affiliated as there is no
116      * device owner to be affiliated with.
117      */
isUserAffiliatedWithDevice(int userId)118     public abstract boolean isUserAffiliatedWithDevice(int userId);
119 
120     /**
121      * Returns whether the calling package can install or uninstall packages without user
122      * interaction.
123      */
canSilentlyInstallPackage(String callerPackage, int callerUid)124     public abstract boolean canSilentlyInstallPackage(String callerPackage, int callerUid);
125 
126     /**
127      * Reports that a profile has changed to use a unified or separate credential.
128      *
129      * @param userId User ID of the profile.
130      */
reportSeparateProfileChallengeChanged(@serIdInt int userId)131     public abstract void reportSeparateProfileChallengeChanged(@UserIdInt int userId);
132 
133     /**
134      * Check whether the user could have their password reset in an untrusted manor due to there
135      * being an admin which can call {@link #resetPassword} to reset the password without knowledge
136      * of the previous password.
137      *
138      * @param userId The user in question
139      */
canUserHaveUntrustedCredentialReset(@serIdInt int userId)140     public abstract boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId);
141 
142     /**
143      * Return text of error message if printing is disabled.
144      * Called by Print Service when printing is disabled by PO or DO when printing is attempted.
145      *
146      * @param userId The user in question
147      * @return localized error message
148      */
getPrintingDisabledReasonForUser(@serIdInt int userId)149     public abstract CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId);
150 
151     /**
152      * @return cached version of DPM policies that can be accessed without risking deadlocks.
153      * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead.
154      */
getDevicePolicyCache()155     protected abstract DevicePolicyCache getDevicePolicyCache();
156 }
157