Google Git
Sign in
android / platform / frameworks / base / 0be80ff96563^! / .
commit0be80ff96563b81c2302b898626c7064d418e898[log] [tgz]
authorEran Messeri <eranm@google.com>Wed Jan 13 15:31:35 2021 +0000
committerEran Messeri <eranm@google.com>Wed Jan 13 21:30:21 2021 +0000
tree68cbf396eda3463058103e306e87260e8e4e40f5
parent5664e559d91e70918c6034c39cee3b47465263af [diff]
COPE: Allow use of password quality API

Allow the Device Policy Client of a company-owned, personally-enabled
device to device-wide set password requirements using the
deprecated password quality API.

DPC of a work profile on a personal device still cannot use the
deprecated API device-wide.

Bug: 165573442
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testDevicePolicyManagerParentSupport
Change-Id: Icac0cc9028e760d8470e03f3e91386f667646c7f

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 1789b63..5fd7ee27 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java

@@ -3014,7 +3014,9 @@
      * Apps targeting {@link android.os.Build.VERSION_CODES#R} and below can call this method on the
      * {@link DevicePolicyManager} instance returned by
      * {@link #getParentProfileInstance(ComponentName)} in order to set restrictions on the parent
-     * profile. Apps targeting {@link android.os.Build.VERSION_CODES#S} and above will get a
+     * profile. Apps targeting {@link android.os.Build.VERSION_CODES#S} and above, with the
+     * exception of a profile owner on an organization-owned device (as can be identified by
+     * {@link #isOrganizationOwnedDeviceWithManagedProfile}), will get a
      * {@code IllegalArgumentException} when calling this method on the parent
      * {@link DevicePolicyManager} instance.
      *

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index c7d6d5d..1056c40 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -3391,9 +3391,10 @@
                 getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M;
     }
 
-    private boolean canSetPasswordQualityOnParent(String packageName, int userId) {
+    private boolean canSetPasswordQualityOnParent(String packageName, final CallerIdentity caller) {
         return !mInjector.isChangeEnabled(
-                PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT, packageName, userId);
+                PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT, packageName, caller.getUserId())
+            || isProfileOwnerOfOrganizationOwnedDevice(caller);
     }
 
     private boolean isPasswordLimitingAdminTargetingP(CallerIdentity caller) {
@@ -3422,7 +3423,7 @@
                 || isPasswordLimitingAdminTargetingP(caller));
 
         final boolean qualityMayApplyToParent =
-                canSetPasswordQualityOnParent(who.getPackageName(), caller.getUserId());
+                canSetPasswordQualityOnParent(who.getPackageName(), caller);
         if (!qualityMayApplyToParent) {
             Preconditions.checkCallAuthorization(!parent,
                     "Profile Owner may not apply password quality requirements device-wide");