Profile lock timeout.

When a managed profile has separate lock (a.k.a work challenge) and maximum screen off timeout set by admin, this timeout will only cause the profile to get locked, not the whole device. PowerManagerService now tracks some per-profile state for profiles that have lock timeout set by admin and have separate lock: 1. timeout set by admin. 2. wake lock summary 3. last activity time 4. whether the profile is considered active 5. whether the profile got locked last time it went inactive. Wake lock summaries and last activity times are updated at the same time as global wake lock summary/user activity is updated. Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 63908311 Change-Id: Ief7be4e0bf12bdbedef94a129a13d07a9f98e75c
author: Pavel Grafov <pgrafov@google.com> 2017-10-03 15:11:52 +0100
committer: Pavel Grafov <pgrafov@google.com> 2017-12-06 17:43:17 +0000
commit: 28939988f0da2f37bac87a6929a1584ad18fdeba (patch)
tree: f79197c70ae1d770faaebf8a271207ac7a95d82c /core/java/android
parent: f5cf390e416e964b915b8dcf3339230c93756547 (diff)
4 files changed, 9 insertions, 19 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index f0117f20dfeb..321be6539055 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -3049,23 +3049,6 @@ public class DevicePolicyManager {
     }
 
     /**
-     * Returns maximum time to lock that applied by all profiles in this user. We do this because we
-     * do not have a separate timeout to lock for work challenge only.
-     *
-     * @hide
-     */
-    public long getMaximumTimeToLockForUserAndProfiles(int userHandle) {
-        if (mService != null) {
-            try {
-                return mService.getMaximumTimeToLockForUserAndProfiles(userHandle);
-            } catch (RemoteException e) {
-                throw e.rethrowFromSystemServer();
-            }
-        }
-        return 0;
-    }
-
-    /**
      * Called by a device/profile owner to set the timeout after which unlocking with secondary, non
      * strong auth (e.g. fingerprint, trust agents) times out, i.e. the user has to use a strong
      * authentication method like password, pin or pattern.
diff --git a/core/java/android/app/admin/DevicePolicyManagerInternal.java b/core/java/android/app/admin/DevicePolicyManagerInternal.java
index 05f6c2a7da6d..b692ffd95e72 100644
--- a/core/java/android/app/admin/DevicePolicyManagerInternal.java
+++ b/core/java/android/app/admin/DevicePolicyManagerInternal.java
@@ -16,6 +16,7 @@
 
 package android.app.admin;
 
+import android.annotation.UserIdInt;
 import android.content.Intent;
 
 import java.util.List;
@@ -115,4 +116,11 @@ public abstract class DevicePolicyManagerInternal {
      * device owner to be affiliated with.
      */
     public abstract boolean isUserAffiliatedWithDevice(int userId);
+
+    /**
+     * Reports that a profile has changed to use a unified or separate credential.
+     *
+     * @param userId User ID of the profile.
+     */
+    public abstract void reportSeparateProfileChallengeChanged(@UserIdInt int userId);
 }
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 802d42f232ba..2627f33f698a 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -88,7 +88,6 @@ interface IDevicePolicyManager {
 
     void setMaximumTimeToLock(in ComponentName who, long timeMs, boolean parent);
     long getMaximumTimeToLock(in ComponentName who, int userHandle, boolean parent);
-    long getMaximumTimeToLockForUserAndProfiles(int userHandle);
 
     void setRequiredStrongAuthTimeout(in ComponentName who, long timeMs, boolean parent);
     long getRequiredStrongAuthTimeout(in ComponentName who, int userId, boolean parent);
diff --git a/core/java/android/os/PowerManagerInternal.java b/core/java/android/os/PowerManagerInternal.java
index 77ac26511769..3ef0961f7633 100644
--- a/core/java/android/os/PowerManagerInternal.java
+++ b/core/java/android/os/PowerManagerInternal.java
@@ -110,7 +110,7 @@ public abstract class PowerManagerInternal {
      *
      * This method must only be called by the device administration policy manager.
      */
-    public abstract void setMaximumScreenOffTimeoutFromDeviceAdmin(int timeMs);
+    public abstract void setMaximumScreenOffTimeoutFromDeviceAdmin(int userId, long timeMs);
 
     /**
      * Used by the dream manager to override certain properties while dozing.
author	Pavel Grafov <pgrafov@google.com>	2017-10-03 15:11:52 +0100
committer	Pavel Grafov <pgrafov@google.com>	2017-12-06 17:43:17 +0000
commit	28939988f0da2f37bac87a6929a1584ad18fdeba (patch)
tree	f79197c70ae1d770faaebf8a271207ac7a95d82c /core/java/android
parent	f5cf390e416e964b915b8dcf3339230c93756547 (diff)