COPE: Allow use of password quality API
Allow the Device Policy Client of a company-owned, personally-enabled
device to device-wide set password requirements using the
deprecated password quality API.
DPC of a work profile on a personal device still cannot use the
deprecated API device-wide.
Bug: 165573442
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testDevicePolicyManagerParentSupport
Change-Id: Icac0cc9028e760d8470e03f3e91386f667646c7f
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 1789b63..5fd7ee27 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -3014,7 +3014,9 @@
* Apps targeting {@link android.os.Build.VERSION_CODES#R} and below can call this method on the
* {@link DevicePolicyManager} instance returned by
* {@link #getParentProfileInstance(ComponentName)} in order to set restrictions on the parent
- * profile. Apps targeting {@link android.os.Build.VERSION_CODES#S} and above will get a
+ * profile. Apps targeting {@link android.os.Build.VERSION_CODES#S} and above, with the
+ * exception of a profile owner on an organization-owned device (as can be identified by
+ * {@link #isOrganizationOwnedDeviceWithManagedProfile}), will get a
* {@code IllegalArgumentException} when calling this method on the parent
* {@link DevicePolicyManager} instance.
*
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index c7d6d5d..1056c40 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3391,9 +3391,10 @@
getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M;
}
- private boolean canSetPasswordQualityOnParent(String packageName, int userId) {
+ private boolean canSetPasswordQualityOnParent(String packageName, final CallerIdentity caller) {
return !mInjector.isChangeEnabled(
- PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT, packageName, userId);
+ PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT, packageName, caller.getUserId())
+ || isProfileOwnerOfOrganizationOwnedDevice(caller);
}
private boolean isPasswordLimitingAdminTargetingP(CallerIdentity caller) {
@@ -3422,7 +3423,7 @@
|| isPasswordLimitingAdminTargetingP(caller));
final boolean qualityMayApplyToParent =
- canSetPasswordQualityOnParent(who.getPackageName(), caller.getUserId());
+ canSetPasswordQualityOnParent(who.getPackageName(), caller);
if (!qualityMayApplyToParent) {
Preconditions.checkCallAuthorization(!parent,
"Profile Owner may not apply password quality requirements device-wide");