1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.server.devicepolicy;
18 
19 import static android.app.admin.DevicePolicyManager.NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY;
20 import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE;
21 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
22 import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST;
23 import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST;
24 import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1;
25 
26 import static com.android.server.devicepolicy.DevicePolicyManagerService.LOG_TAG;
27 
28 import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT;
29 import static org.xmlpull.v1.XmlPullParser.END_TAG;
30 import static org.xmlpull.v1.XmlPullParser.TEXT;
31 
32 import android.annotation.NonNull;
33 import android.annotation.Nullable;
34 import android.app.admin.DeviceAdminInfo;
35 import android.app.admin.DevicePolicyManager;
36 import android.app.admin.FactoryResetProtectionPolicy;
37 import android.app.admin.ManagedSubscriptionsPolicy;
38 import android.app.admin.PackagePolicy;
39 import android.app.admin.PasswordPolicy;
40 import android.app.admin.PreferentialNetworkServiceConfig;
41 import android.app.admin.WifiSsidPolicy;
42 import android.graphics.Color;
43 import android.net.wifi.WifiSsid;
44 import android.os.Bundle;
45 import android.os.PersistableBundle;
46 import android.os.UserHandle;
47 import android.os.UserManager;
48 import android.text.TextUtils;
49 import android.util.ArrayMap;
50 import android.util.ArraySet;
51 import android.util.IndentingPrintWriter;
52 
53 import com.android.internal.util.Preconditions;
54 import com.android.internal.util.XmlUtils;
55 import com.android.modules.utils.TypedXmlPullParser;
56 import com.android.modules.utils.TypedXmlSerializer;
57 import com.android.server.pm.UserRestrictionsUtils;
58 import com.android.server.utils.Slogf;
59 
60 import org.xmlpull.v1.XmlPullParserException;
61 
62 import java.io.IOException;
63 import java.nio.charset.StandardCharsets;
64 import java.util.ArrayList;
65 import java.util.Collection;
66 import java.util.Collections;
67 import java.util.List;
68 import java.util.Map;
69 import java.util.Set;
70 import java.util.function.Predicate;
71 import java.util.stream.Collectors;
72 
73 class ActiveAdmin {
74 
75     private final int userId;
76     public final boolean isPermissionBased;
77 
78     private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features";
79     private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin";
80     private static final String TAG_DISABLE_CAMERA = "disable-camera";
81     private static final String TAG_DISABLE_CALLER_ID = "disable-caller-id";
82     private static final String TAG_DISABLE_CONTACTS_SEARCH = "disable-contacts-search";
83     private static final String TAG_DISABLE_BLUETOOTH_CONTACT_SHARING =
84             "disable-bt-contacts-sharing";
85     private static final String TAG_DISABLE_SCREEN_CAPTURE = "disable-screen-capture";
86     private static final String TAG_DISABLE_ACCOUNT_MANAGEMENT = "disable-account-management";
87     private static final String TAG_NEARBY_NOTIFICATION_STREAMING_POLICY =
88             "nearby-notification-streaming-policy";
89     private static final String TAG_NEARBY_APP_STREAMING_POLICY =
90             "nearby-app-streaming-policy";
91     private static final String TAG_REQUIRE_AUTO_TIME = "require_auto_time";
92     private static final String TAG_FORCE_EPHEMERAL_USERS = "force_ephemeral_users";
93     private static final String TAG_IS_NETWORK_LOGGING_ENABLED = "is_network_logging_enabled";
94     private static final String TAG_ACCOUNT_TYPE = "account-type";
95     private static final String TAG_PERMITTED_ACCESSIBILITY_SERVICES =
96             "permitted-accessiblity-services";
97     private static final String TAG_ENCRYPTION_REQUESTED = "encryption-requested";
98     private static final String TAG_MANAGE_TRUST_AGENT_FEATURES = "manage-trust-agent-features";
99     private static final String TAG_TRUST_AGENT_COMPONENT_OPTIONS = "trust-agent-component-options";
100     private static final String TAG_TRUST_AGENT_COMPONENT = "component";
101     private static final String TAG_PASSWORD_EXPIRATION_DATE = "password-expiration-date";
102     private static final String TAG_PASSWORD_EXPIRATION_TIMEOUT = "password-expiration-timeout";
103     private static final String TAG_GLOBAL_PROXY_EXCLUSION_LIST = "global-proxy-exclusion-list";
104     private static final String TAG_GLOBAL_PROXY_SPEC = "global-proxy-spec";
105     private static final String TAG_SPECIFIES_GLOBAL_PROXY = "specifies-global-proxy";
106     private static final String TAG_PERMITTED_IMES = "permitted-imes";
107     private static final String TAG_PERMITTED_NOTIFICATION_LISTENERS =
108             "permitted-notification-listeners";
109     private static final String TAG_MAX_FAILED_PASSWORD_WIPE = "max-failed-password-wipe";
110     private static final String TAG_MAX_TIME_TO_UNLOCK = "max-time-to-unlock";
111     private static final String TAG_STRONG_AUTH_UNLOCK_TIMEOUT = "strong-auth-unlock-timeout";
112     private static final String TAG_MIN_PASSWORD_NONLETTER = "min-password-nonletter";
113     private static final String TAG_MIN_PASSWORD_SYMBOLS = "min-password-symbols";
114     private static final String TAG_MIN_PASSWORD_NUMERIC = "min-password-numeric";
115     private static final String TAG_MIN_PASSWORD_LETTERS = "min-password-letters";
116     private static final String TAG_MIN_PASSWORD_LOWERCASE = "min-password-lowercase";
117     private static final String TAG_MIN_PASSWORD_UPPERCASE = "min-password-uppercase";
118     private static final String TAG_PASSWORD_HISTORY_LENGTH = "password-history-length";
119     private static final String TAG_MIN_PASSWORD_LENGTH = "min-password-length";
120     private static final String TAG_PASSWORD_QUALITY = "password-quality";
121     private static final String TAG_POLICIES = "policies";
122     private static final String TAG_CROSS_PROFILE_WIDGET_PROVIDERS =
123             "cross-profile-widget-providers";
124     private static final String TAG_PROVIDER = "provider";
125     private static final String TAG_PACKAGE_LIST_ITEM  = "item";
126     private static final String TAG_KEEP_UNINSTALLED_PACKAGES  = "keep-uninstalled-packages";
127     private static final String TAG_USER_RESTRICTIONS = "user-restrictions";
128     private static final String TAG_DEFAULT_ENABLED_USER_RESTRICTIONS =
129             "default-enabled-user-restrictions";
130     private static final String TAG_RESTRICTION = "restriction";
131     private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message";
132     private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message";
133     private static final String TAG_PARENT_ADMIN = "parent-admin";
134     private static final String TAG_ORGANIZATION_COLOR = "organization-color";
135     private static final String TAG_ORGANIZATION_NAME = "organization-name";
136     private static final String TAG_IS_LOGOUT_ENABLED = "is_logout_enabled";
137     private static final String TAG_START_USER_SESSION_MESSAGE = "start_user_session_message";
138     private static final String TAG_END_USER_SESSION_MESSAGE = "end_user_session_message";
139     private static final String TAG_METERED_DATA_DISABLED_PACKAGES =
140             "metered_data_disabled_packages";
141     private static final String TAG_CROSS_PROFILE_CALENDAR_PACKAGES =
142             "cross-profile-calendar-packages";
143     private static final String TAG_CROSS_PROFILE_CALENDAR_PACKAGES_NULL =
144             "cross-profile-calendar-packages-null";
145     private static final String TAG_CROSS_PROFILE_PACKAGES = "cross-profile-packages";
146     private static final String TAG_FACTORY_RESET_PROTECTION_POLICY =
147             "factory_reset_protection_policy";
148     private static final String TAG_SUSPEND_PERSONAL_APPS = "suspend-personal-apps";
149     private static final String TAG_PROFILE_MAXIMUM_TIME_OFF = "profile-max-time-off";
150     private static final String TAG_PROFILE_OFF_DEADLINE = "profile-off-deadline";
151     private static final String TAG_ALWAYS_ON_VPN_PACKAGE = "vpn-package";
152     private static final String TAG_ALWAYS_ON_VPN_LOCKDOWN = "vpn-lockdown";
153     private static final String TAG_COMMON_CRITERIA_MODE = "common-criteria-mode";
154     private static final String TAG_PASSWORD_COMPLEXITY = "password-complexity";
155     private static final String TAG_ORGANIZATION_ID = "organization-id";
156     private static final String TAG_ENROLLMENT_SPECIFIC_ID = "enrollment-specific-id";
157     private static final String TAG_ADMIN_CAN_GRANT_SENSORS_PERMISSIONS =
158             "admin-can-grant-sensors-permissions";
159     private static final String TAG_PREFERENTIAL_NETWORK_SERVICE_ENABLED =
160             "preferential-network-service-enabled";
161     private static final String TAG_USB_DATA_SIGNALING = "usb-data-signaling";
162     private static final String TAG_WIFI_MIN_SECURITY = "wifi-min-security";
163     private static final String TAG_SSID_ALLOWLIST = "ssid-allowlist";
164     private static final String TAG_SSID_DENYLIST = "ssid-denylist";
165     private static final String TAG_SSID = "ssid";
166     private static final String TAG_CROSS_PROFILE_CALLER_ID_POLICY = "caller-id-policy";
167     private static final String TAG_CROSS_PROFILE_CONTACTS_SEARCH_POLICY = "contacts-policy";
168     private static final String TAG_PACKAGE_POLICY_PACKAGE_NAMES = "package-policy-packages";
169     private static final String TAG_PREFERENTIAL_NETWORK_SERVICE_CONFIGS =
170             "preferential_network_service_configs";
171     private static final String TAG_PREFERENTIAL_NETWORK_SERVICE_CONFIG =
172             "preferential_network_service_config";
173     private static final String TAG_PROTECTED_PACKAGES = "protected_packages";
174     private static final String TAG_SUSPENDED_PACKAGES = "suspended-packages";
175     private static final String TAG_MTE_POLICY = "mte-policy";
176     private static final String TAG_MANAGED_SUBSCRIPTIONS_POLICY = "managed_subscriptions_policy";
177     private static final String ATTR_VALUE = "value";
178     private static final String ATTR_LAST_NETWORK_LOGGING_NOTIFICATION = "last-notification";
179     private static final String ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS = "num-notifications";
180     private static final String ATTR_PACKAGE_POLICY_MODE = "package-policy-type";
181     private static final String TAG_CREDENTIAL_MANAGER_POLICY = "credential-manager-policy";
182     private static final String TAG_DIALER_PACKAGE = "dialer_package";
183     private static final String TAG_SMS_PACKAGE = "sms_package";
184 
185     // If the ActiveAdmin is a permission-based admin, then info will be null because the
186     // permission-based admin is not mapped to a device administrator component.
187     DeviceAdminInfo info;
188 
189     static final int DEF_PASSWORD_HISTORY_LENGTH = 0;
190     int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH;
191 
192     @NonNull
193     PasswordPolicy mPasswordPolicy = new PasswordPolicy();
194 
195     @DevicePolicyManager.PasswordComplexity
196     int mPasswordComplexity = PASSWORD_COMPLEXITY_NONE;
197 
198     @DevicePolicyManager.NearbyStreamingPolicy
199     int mNearbyNotificationStreamingPolicy = NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY;
200 
201     @DevicePolicyManager.NearbyStreamingPolicy
202     int mNearbyAppStreamingPolicy = NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY;
203 
204     @Nullable
205     FactoryResetProtectionPolicy mFactoryResetProtectionPolicy = null;
206 
207     static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0;
208     long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK;
209 
210     long strongAuthUnlockTimeout = 0; // admin doesn't participate by default
211 
212     static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0;
213     int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE;
214 
215     static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0;
216     long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT;
217 
218     static final long DEF_PASSWORD_EXPIRATION_DATE = 0;
219     long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE;
220 
221     static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none
222 
223     int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED;
224 
225     boolean encryptionRequested = false;
226     boolean testOnlyAdmin = false;
227     boolean disableCamera = false;
228     boolean disableCallerId = false;
229     boolean disableContactsSearch = false;
230     boolean disableBluetoothContactSharing = true;
231     boolean disableScreenCapture = false;
232     boolean requireAutoTime = false;
233     boolean forceEphemeralUsers = false;
234     boolean isNetworkLoggingEnabled = false;
235     boolean isLogoutEnabled = false;
236 
237     // one notification after enabling + one more after reboots
238     static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2;
239     int numNetworkLoggingNotifications = 0;
240     long lastNetworkLoggingNotificationTimeMs = 0; // Time in milliseconds since epoch
241 
242     @DevicePolicyManager.MtePolicy int mtePolicy = DevicePolicyManager.MTE_NOT_CONTROLLED_BY_POLICY;
243 
244     ActiveAdmin parentAdmin;
245     final boolean isParent;
246 
247     static class TrustAgentInfo {
248         public PersistableBundle options;
TrustAgentInfo(PersistableBundle bundle)249         TrustAgentInfo(PersistableBundle bundle) {
250             options = bundle;
251         }
252     }
253 
254     // The list of packages which are not allowed to use metered data.
255     List<String> meteredDisabledPackages;
256 
257     final Set<String> accountTypesWithManagementDisabled = new ArraySet<>();
258 
259     // The list of permitted accessibility services package namesas set by a profile
260     // or device owner. Null means all accessibility services are allowed, empty means
261     // none except system services are allowed.
262     List<String> permittedAccessiblityServices;
263 
264     // The list of permitted input methods package names as set by a profile or device owner.
265     // Null means all input methods are allowed, empty means none except system imes are
266     // allowed.
267     List<String> permittedInputMethods;
268 
269     // The list of packages allowed to use a NotificationListenerService to receive events for
270     // notifications from this user. Null means that all packages are allowed. Empty list means
271     // that only packages from the system are allowed.
272     List<String> permittedNotificationListeners;
273 
274     // List of package names to keep cached.
275     List<String> keepUninstalledPackages;
276 
277     // List of packages for which the user cannot invoke "clear data" or "force stop".
278     List<String> protectedPackages;
279 
280     List<String> suspendedPackages;
281 
282     // Wi-Fi SSID restriction policy.
283     WifiSsidPolicy mWifiSsidPolicy;
284 
285     // Managed subscriptions policy.
286     ManagedSubscriptionsPolicy mManagedSubscriptionsPolicy;
287 
288     // TODO: review implementation decisions with frameworks team
289     boolean specifiesGlobalProxy = false;
290     String globalProxySpec = null;
291     String globalProxyExclusionList = null;
292 
293     @NonNull
294     ArrayMap<String, TrustAgentInfo> trustAgentInfos = new ArrayMap<>();
295 
296     List<String> crossProfileWidgetProviders;
297 
298     Bundle userRestrictions;
299 
300     // User restrictions that have already been enabled by default for this admin (either when
301     // setting the device or profile owner, or during a system update if one of those "enabled
302     // by default" restrictions is newly added).
303     final Set<String> defaultEnabledRestrictionsAlreadySet = new ArraySet<>();
304 
305     // Support text provided by the admin to display to the user.
306     CharSequence shortSupportMessage = null;
307     CharSequence longSupportMessage = null;
308 
309     // Background color of confirm credentials screen. Default: teal.
310     static final int DEF_ORGANIZATION_COLOR = Color.parseColor("#00796B");
311     int organizationColor = DEF_ORGANIZATION_COLOR;
312 
313     // Default title of confirm credentials screen
314     String organizationName = null;
315 
316     // Message for user switcher
317     String startUserSessionMessage = null;
318     String endUserSessionMessage = null;
319 
320     // The allow list of packages that can access cross profile calendar APIs.
321     // This allow list should be in default an empty list, which indicates that no package
322     // is allow listed.
323     List<String> mCrossProfileCalendarPackages = Collections.emptyList();
324 
325     // The allow list of packages that the admin has enabled to be able to request consent from
326     // the user to communicate cross-profile. By default, no packages are allowed, which is
327     // represented as an empty list.
328     List<String> mCrossProfilePackages = Collections.emptyList();
329 
330     // Whether the admin explicitly requires personal apps to be suspended
331     boolean mSuspendPersonalApps = false;
332     // Maximum time the profile owned by this admin can be off.
333     long mProfileMaximumTimeOffMillis = 0;
334     // Time by which the profile should be turned on according to System.currentTimeMillis().
335     long mProfileOffDeadline = 0;
336 
337     // The package policy for Cross Profile Contacts Search
338     PackagePolicy mManagedProfileCallerIdAccess = null;
339 
340     // The package policy for Cross Profile Contacts Search
341     PackagePolicy mManagedProfileContactsAccess = null;
342 
343     // The package policy for Credential Manager
344     PackagePolicy mCredentialManagerPolicy = null;
345 
346     public String mAlwaysOnVpnPackage;
347     public boolean mAlwaysOnVpnLockdown;
348     boolean mCommonCriteriaMode;
349     public String mOrganizationId;
350     public String mEnrollmentSpecificId;
351     public boolean mAdminCanGrantSensorsPermissions;
352     public List<PreferentialNetworkServiceConfig> mPreferentialNetworkServiceConfigs =
353             List.of(PreferentialNetworkServiceConfig.DEFAULT);
354 
355     private static final boolean USB_DATA_SIGNALING_ENABLED_DEFAULT = true;
356     boolean mUsbDataSignalingEnabled = USB_DATA_SIGNALING_ENABLED_DEFAULT;
357 
358     int mWifiMinimumSecurityLevel = DevicePolicyManager.WIFI_SECURITY_OPEN;
359     String mDialerPackage;
360     String mSmsPackage;
361 
ActiveAdmin(DeviceAdminInfo info, boolean isParent)362     ActiveAdmin(DeviceAdminInfo info, boolean isParent) {
363         this.userId = -1;
364         this.info = info;
365         this.isParent = isParent;
366         this.isPermissionBased = false;
367     }
368 
ActiveAdmin(int userId, boolean permissionBased)369     ActiveAdmin(int userId, boolean permissionBased) {
370         if (permissionBased == false) {
371             throw new IllegalArgumentException("Can only pass true for permissionBased admin");
372         }
373         this.userId = userId;
374         this.isPermissionBased = permissionBased;
375         this.isParent = false;
376         this.info = null;
377     }
378 
getParentActiveAdmin()379     ActiveAdmin getParentActiveAdmin() {
380         Preconditions.checkState(!isParent);
381 
382         if (parentAdmin == null) {
383             parentAdmin = new ActiveAdmin(info, /* parent */ true);
384         }
385         return parentAdmin;
386     }
387 
hasParentActiveAdmin()388     boolean hasParentActiveAdmin() {
389         return parentAdmin != null;
390     }
391 
getUid()392     int getUid() {
393         if (isPermissionBased) {
394             return -1;
395         }
396         return info.getActivityInfo().applicationInfo.uid;
397     }
398 
getUserHandle()399     public UserHandle getUserHandle() {
400         if (isPermissionBased) {
401             return UserHandle.of(userId);
402         }
403         return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid));
404     }
405 
writeToXml(TypedXmlSerializer out)406     void writeToXml(TypedXmlSerializer out)
407             throws IllegalArgumentException, IllegalStateException, IOException {
408         if (info != null) {
409             out.startTag(null, TAG_POLICIES);
410             info.writePoliciesToXml(out);
411             out.endTag(null, TAG_POLICIES);
412         }
413         if (mPasswordPolicy.quality != PASSWORD_QUALITY_UNSPECIFIED) {
414             writeAttributeValueToXml(
415                     out, TAG_PASSWORD_QUALITY, mPasswordPolicy.quality);
416             if (mPasswordPolicy.length != PasswordPolicy.DEF_MINIMUM_LENGTH) {
417                 writeAttributeValueToXml(
418                         out, TAG_MIN_PASSWORD_LENGTH, mPasswordPolicy.length);
419             }
420             if (mPasswordPolicy.upperCase != PasswordPolicy.DEF_MINIMUM_UPPER_CASE) {
421                 writeAttributeValueToXml(
422                         out, TAG_MIN_PASSWORD_UPPERCASE, mPasswordPolicy.upperCase);
423             }
424             if (mPasswordPolicy.lowerCase != PasswordPolicy.DEF_MINIMUM_LOWER_CASE) {
425                 writeAttributeValueToXml(
426                         out, TAG_MIN_PASSWORD_LOWERCASE, mPasswordPolicy.lowerCase);
427             }
428             if (mPasswordPolicy.letters != PasswordPolicy.DEF_MINIMUM_LETTERS) {
429                 writeAttributeValueToXml(
430                         out, TAG_MIN_PASSWORD_LETTERS, mPasswordPolicy.letters);
431             }
432             if (mPasswordPolicy.numeric != PasswordPolicy.DEF_MINIMUM_NUMERIC) {
433                 writeAttributeValueToXml(
434                         out, TAG_MIN_PASSWORD_NUMERIC, mPasswordPolicy.numeric);
435             }
436             if (mPasswordPolicy.symbols != PasswordPolicy.DEF_MINIMUM_SYMBOLS) {
437                 writeAttributeValueToXml(
438                         out, TAG_MIN_PASSWORD_SYMBOLS, mPasswordPolicy.symbols);
439             }
440             if (mPasswordPolicy.nonLetter > PasswordPolicy.DEF_MINIMUM_NON_LETTER) {
441                 writeAttributeValueToXml(
442                         out, TAG_MIN_PASSWORD_NONLETTER, mPasswordPolicy.nonLetter);
443             }
444         }
445         if (passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) {
446             writeAttributeValueToXml(
447                     out, TAG_PASSWORD_HISTORY_LENGTH, passwordHistoryLength);
448         }
449         if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) {
450             writeAttributeValueToXml(
451                     out, TAG_MAX_TIME_TO_UNLOCK, maximumTimeToUnlock);
452         }
453         if (strongAuthUnlockTimeout != DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) {
454             writeAttributeValueToXml(
455                     out, TAG_STRONG_AUTH_UNLOCK_TIMEOUT, strongAuthUnlockTimeout);
456         }
457         if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) {
458             writeAttributeValueToXml(
459                     out, TAG_MAX_FAILED_PASSWORD_WIPE, maximumFailedPasswordsForWipe);
460         }
461         if (specifiesGlobalProxy) {
462             writeAttributeValueToXml(
463                     out, TAG_SPECIFIES_GLOBAL_PROXY, specifiesGlobalProxy);
464             if (globalProxySpec != null) {
465                 writeAttributeValueToXml(out, TAG_GLOBAL_PROXY_SPEC, globalProxySpec);
466             }
467             if (globalProxyExclusionList != null) {
468                 writeAttributeValueToXml(
469                         out, TAG_GLOBAL_PROXY_EXCLUSION_LIST, globalProxyExclusionList);
470             }
471         }
472         if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) {
473             writeAttributeValueToXml(
474                     out, TAG_PASSWORD_EXPIRATION_TIMEOUT, passwordExpirationTimeout);
475         }
476         if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) {
477             writeAttributeValueToXml(
478                     out, TAG_PASSWORD_EXPIRATION_DATE, passwordExpirationDate);
479         }
480         if (encryptionRequested) {
481             writeAttributeValueToXml(
482                     out, TAG_ENCRYPTION_REQUESTED, encryptionRequested);
483         }
484         if (testOnlyAdmin) {
485             writeAttributeValueToXml(
486                     out, TAG_TEST_ONLY_ADMIN, testOnlyAdmin);
487         }
488         if (disableCamera) {
489             writeAttributeValueToXml(
490                     out, TAG_DISABLE_CAMERA, disableCamera);
491         }
492         if (disableCallerId) {
493             writeAttributeValueToXml(
494                     out, TAG_DISABLE_CALLER_ID, disableCallerId);
495         }
496         if (disableContactsSearch) {
497             writeAttributeValueToXml(
498                     out, TAG_DISABLE_CONTACTS_SEARCH, disableContactsSearch);
499         }
500         if (!disableBluetoothContactSharing) {
501             writeAttributeValueToXml(
502                     out, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING, disableBluetoothContactSharing);
503         }
504         if (disableScreenCapture) {
505             writeAttributeValueToXml(
506                     out, TAG_DISABLE_SCREEN_CAPTURE, disableScreenCapture);
507         }
508         if (requireAutoTime) {
509             writeAttributeValueToXml(
510                     out, TAG_REQUIRE_AUTO_TIME, requireAutoTime);
511         }
512         if (forceEphemeralUsers) {
513             writeAttributeValueToXml(
514                     out, TAG_FORCE_EPHEMERAL_USERS, forceEphemeralUsers);
515         }
516         if (isNetworkLoggingEnabled) {
517             out.startTag(null, TAG_IS_NETWORK_LOGGING_ENABLED);
518             out.attributeBoolean(null, ATTR_VALUE, isNetworkLoggingEnabled);
519             out.attributeInt(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS,
520                     numNetworkLoggingNotifications);
521             out.attributeLong(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION,
522                     lastNetworkLoggingNotificationTimeMs);
523             out.endTag(null, TAG_IS_NETWORK_LOGGING_ENABLED);
524         }
525         if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) {
526             writeAttributeValueToXml(
527                     out, TAG_DISABLE_KEYGUARD_FEATURES, disabledKeyguardFeatures);
528         }
529         if (!accountTypesWithManagementDisabled.isEmpty()) {
530             writeAttributeValuesToXml(
531                     out, TAG_DISABLE_ACCOUNT_MANAGEMENT, TAG_ACCOUNT_TYPE,
532                     accountTypesWithManagementDisabled);
533         }
534         if (!trustAgentInfos.isEmpty()) {
535             Set<Map.Entry<String, TrustAgentInfo>> set = trustAgentInfos.entrySet();
536             out.startTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES);
537             for (Map.Entry<String, TrustAgentInfo> entry : set) {
538                 TrustAgentInfo trustAgentInfo = entry.getValue();
539                 out.startTag(null, TAG_TRUST_AGENT_COMPONENT);
540                 out.attribute(null, ATTR_VALUE, entry.getKey());
541                 if (trustAgentInfo.options != null) {
542                     out.startTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS);
543                     try {
544                         trustAgentInfo.options.saveToXml(out);
545                     } catch (XmlPullParserException e) {
546                         Slogf.e(LOG_TAG, e, "Failed to save TrustAgent options");
547                     }
548                     out.endTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS);
549                 }
550                 out.endTag(null, TAG_TRUST_AGENT_COMPONENT);
551             }
552             out.endTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES);
553         }
554         if (crossProfileWidgetProviders != null && !crossProfileWidgetProviders.isEmpty()) {
555             writeAttributeValuesToXml(
556                     out, TAG_CROSS_PROFILE_WIDGET_PROVIDERS, TAG_PROVIDER,
557                     crossProfileWidgetProviders);
558         }
559         writePackageListToXml(out, TAG_PERMITTED_ACCESSIBILITY_SERVICES,
560                 permittedAccessiblityServices);
561         writePackageListToXml(out, TAG_PERMITTED_IMES, permittedInputMethods);
562         writePackageListToXml(out, TAG_PERMITTED_NOTIFICATION_LISTENERS,
563                 permittedNotificationListeners);
564         writePackageListToXml(out, TAG_KEEP_UNINSTALLED_PACKAGES, keepUninstalledPackages);
565         writePackageListToXml(out, TAG_METERED_DATA_DISABLED_PACKAGES, meteredDisabledPackages);
566         writePackageListToXml(out, TAG_PROTECTED_PACKAGES, protectedPackages);
567         writePackageListToXml(out, TAG_SUSPENDED_PACKAGES, suspendedPackages);
568         if (hasUserRestrictions()) {
569             UserRestrictionsUtils.writeRestrictions(
570                     out, userRestrictions, TAG_USER_RESTRICTIONS);
571         }
572         if (!defaultEnabledRestrictionsAlreadySet.isEmpty()) {
573             writeAttributeValuesToXml(out, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS,
574                     TAG_RESTRICTION,
575                     defaultEnabledRestrictionsAlreadySet);
576         }
577         if (!TextUtils.isEmpty(shortSupportMessage)) {
578             writeTextToXml(out, TAG_SHORT_SUPPORT_MESSAGE, shortSupportMessage.toString());
579         }
580         if (!TextUtils.isEmpty(longSupportMessage)) {
581             writeTextToXml(out, TAG_LONG_SUPPORT_MESSAGE, longSupportMessage.toString());
582         }
583         if (parentAdmin != null) {
584             out.startTag(null, TAG_PARENT_ADMIN);
585             parentAdmin.writeToXml(out);
586             out.endTag(null, TAG_PARENT_ADMIN);
587         }
588         if (organizationColor != DEF_ORGANIZATION_COLOR) {
589             writeAttributeValueToXml(out, TAG_ORGANIZATION_COLOR, organizationColor);
590         }
591         if (organizationName != null) {
592             writeTextToXml(out, TAG_ORGANIZATION_NAME, organizationName);
593         }
594         if (isLogoutEnabled) {
595             writeAttributeValueToXml(out, TAG_IS_LOGOUT_ENABLED, isLogoutEnabled);
596         }
597         if (startUserSessionMessage != null) {
598             writeTextToXml(out, TAG_START_USER_SESSION_MESSAGE, startUserSessionMessage);
599         }
600         if (endUserSessionMessage != null) {
601             writeTextToXml(out, TAG_END_USER_SESSION_MESSAGE, endUserSessionMessage);
602         }
603         if (mCrossProfileCalendarPackages == null) {
604             out.startTag(null, TAG_CROSS_PROFILE_CALENDAR_PACKAGES_NULL);
605             out.endTag(null, TAG_CROSS_PROFILE_CALENDAR_PACKAGES_NULL);
606         } else {
607             writePackageListToXml(out, TAG_CROSS_PROFILE_CALENDAR_PACKAGES,
608                     mCrossProfileCalendarPackages);
609         }
610         writePackageListToXml(out, TAG_CROSS_PROFILE_PACKAGES, mCrossProfilePackages);
611         if (mFactoryResetProtectionPolicy != null) {
612             out.startTag(null, TAG_FACTORY_RESET_PROTECTION_POLICY);
613             mFactoryResetProtectionPolicy.writeToXml(out);
614             out.endTag(null, TAG_FACTORY_RESET_PROTECTION_POLICY);
615         }
616         if (mSuspendPersonalApps) {
617             writeAttributeValueToXml(out, TAG_SUSPEND_PERSONAL_APPS, mSuspendPersonalApps);
618         }
619         if (mProfileMaximumTimeOffMillis != 0) {
620             writeAttributeValueToXml(out, TAG_PROFILE_MAXIMUM_TIME_OFF,
621                     mProfileMaximumTimeOffMillis);
622         }
623         if (mProfileMaximumTimeOffMillis != 0) {
624             writeAttributeValueToXml(out, TAG_PROFILE_OFF_DEADLINE, mProfileOffDeadline);
625         }
626         if (!TextUtils.isEmpty(mAlwaysOnVpnPackage)) {
627             writeAttributeValueToXml(out, TAG_ALWAYS_ON_VPN_PACKAGE, mAlwaysOnVpnPackage);
628         }
629         if (mAlwaysOnVpnLockdown) {
630             writeAttributeValueToXml(out, TAG_ALWAYS_ON_VPN_LOCKDOWN, mAlwaysOnVpnLockdown);
631         }
632         if (mCommonCriteriaMode) {
633             writeAttributeValueToXml(out, TAG_COMMON_CRITERIA_MODE, mCommonCriteriaMode);
634         }
635 
636         if (mPasswordComplexity != PASSWORD_COMPLEXITY_NONE) {
637             writeAttributeValueToXml(out, TAG_PASSWORD_COMPLEXITY, mPasswordComplexity);
638         }
639         if (mNearbyNotificationStreamingPolicy != NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY) {
640             writeAttributeValueToXml(out, TAG_NEARBY_NOTIFICATION_STREAMING_POLICY,
641                     mNearbyNotificationStreamingPolicy);
642         }
643         if (mNearbyAppStreamingPolicy != NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY) {
644             writeAttributeValueToXml(out, TAG_NEARBY_APP_STREAMING_POLICY,
645                     mNearbyAppStreamingPolicy);
646         }
647         if (!TextUtils.isEmpty(mOrganizationId)) {
648             writeTextToXml(out, TAG_ORGANIZATION_ID, mOrganizationId);
649         }
650         if (!TextUtils.isEmpty(mEnrollmentSpecificId)) {
651             writeTextToXml(out, TAG_ENROLLMENT_SPECIFIC_ID, mEnrollmentSpecificId);
652         }
653         writeAttributeValueToXml(out, TAG_ADMIN_CAN_GRANT_SENSORS_PERMISSIONS,
654                 mAdminCanGrantSensorsPermissions);
655         if (mUsbDataSignalingEnabled != USB_DATA_SIGNALING_ENABLED_DEFAULT) {
656             writeAttributeValueToXml(out, TAG_USB_DATA_SIGNALING, mUsbDataSignalingEnabled);
657         }
658         if (mWifiMinimumSecurityLevel != DevicePolicyManager.WIFI_SECURITY_OPEN) {
659             writeAttributeValueToXml(out, TAG_WIFI_MIN_SECURITY, mWifiMinimumSecurityLevel);
660         }
661         if (mWifiSsidPolicy != null) {
662             List<String> ssids = ssidsToStrings(mWifiSsidPolicy.getSsids());
663             if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) {
664                 writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, ssids);
665             } else if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_DENYLIST) {
666                 writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, ssids);
667             }
668         }
669         if (!mPreferentialNetworkServiceConfigs.isEmpty()) {
670             out.startTag(null, TAG_PREFERENTIAL_NETWORK_SERVICE_CONFIGS);
671             for (PreferentialNetworkServiceConfig config : mPreferentialNetworkServiceConfigs) {
672                 config.writeToXml(out);
673             }
674             out.endTag(null, TAG_PREFERENTIAL_NETWORK_SERVICE_CONFIGS);
675         }
676         if (mtePolicy != DevicePolicyManager.MTE_NOT_CONTROLLED_BY_POLICY) {
677             writeAttributeValueToXml(out, TAG_MTE_POLICY, mtePolicy);
678         }
679         writePackagePolicy(out, TAG_CROSS_PROFILE_CALLER_ID_POLICY,
680                 mManagedProfileCallerIdAccess);
681         writePackagePolicy(out, TAG_CROSS_PROFILE_CONTACTS_SEARCH_POLICY,
682                 mManagedProfileContactsAccess);
683         writePackagePolicy(out, TAG_CREDENTIAL_MANAGER_POLICY,
684                 mCredentialManagerPolicy);
685         if (mManagedSubscriptionsPolicy != null) {
686             out.startTag(null, TAG_MANAGED_SUBSCRIPTIONS_POLICY);
687             mManagedSubscriptionsPolicy.saveToXml(out);
688             out.endTag(null, TAG_MANAGED_SUBSCRIPTIONS_POLICY);
689         }
690         if (!TextUtils.isEmpty(mDialerPackage)) {
691             writeAttributeValueToXml(out, TAG_DIALER_PACKAGE, mDialerPackage);
692         }
693         if (!TextUtils.isEmpty(mSmsPackage)) {
694             writeAttributeValueToXml(out, TAG_SMS_PACKAGE, mSmsPackage);
695         }
696     }
697 
writePackagePolicy(TypedXmlSerializer out, String tag, PackagePolicy packagePolicy)698     private void writePackagePolicy(TypedXmlSerializer out, String tag,
699             PackagePolicy packagePolicy) throws IOException {
700         if (packagePolicy == null) {
701             return;
702         }
703         out.startTag(null, tag);
704         out.attributeInt(null, ATTR_PACKAGE_POLICY_MODE, packagePolicy.getPolicyType());
705         writePackageListToXml(out, TAG_PACKAGE_POLICY_PACKAGE_NAMES,
706                 new ArrayList<>(packagePolicy.getPackageNames()));
707         out.endTag(null, tag);
708     }
709 
ssidsToStrings(Set<WifiSsid> ssids)710     private List<String> ssidsToStrings(Set<WifiSsid> ssids) {
711         return ssids.stream()
712                 .map(ssid -> new String(ssid.getBytes(), StandardCharsets.UTF_8))
713                 .collect(Collectors.toList());
714     }
715 
writeTextToXml(TypedXmlSerializer out, String tag, String text)716     void writeTextToXml(TypedXmlSerializer out, String tag, String text) throws IOException {
717         out.startTag(null, tag);
718         out.text(text);
719         out.endTag(null, tag);
720     }
721 
writePackageListToXml(TypedXmlSerializer out, String outerTag, List<String> packageList)722     void writePackageListToXml(TypedXmlSerializer out, String outerTag,
723             List<String> packageList)
724             throws IllegalArgumentException, IllegalStateException, IOException {
725         if (packageList == null) {
726             return;
727         }
728         writeAttributeValuesToXml(out, outerTag, TAG_PACKAGE_LIST_ITEM, packageList);
729     }
730 
writeAttributeValueToXml(TypedXmlSerializer out, String tag, String value)731     void writeAttributeValueToXml(TypedXmlSerializer out, String tag, String value)
732             throws IOException {
733         out.startTag(null, tag);
734         out.attribute(null, ATTR_VALUE, value);
735         out.endTag(null, tag);
736     }
737 
writeAttributeValueToXml(TypedXmlSerializer out, String tag, int value)738     void writeAttributeValueToXml(TypedXmlSerializer out, String tag, int value)
739             throws IOException {
740         out.startTag(null, tag);
741         out.attributeInt(null, ATTR_VALUE, value);
742         out.endTag(null, tag);
743     }
744 
writeAttributeValueToXml(TypedXmlSerializer out, String tag, long value)745     void writeAttributeValueToXml(TypedXmlSerializer out, String tag, long value)
746             throws IOException {
747         out.startTag(null, tag);
748         out.attributeLong(null, ATTR_VALUE, value);
749         out.endTag(null, tag);
750     }
751 
writeAttributeValueToXml(TypedXmlSerializer out, String tag, boolean value)752     void writeAttributeValueToXml(TypedXmlSerializer out, String tag, boolean value)
753             throws IOException {
754         out.startTag(null, tag);
755         out.attributeBoolean(null, ATTR_VALUE, value);
756         out.endTag(null, tag);
757     }
758 
writeAttributeValuesToXml(TypedXmlSerializer out, String outerTag, String innerTag, @NonNull Collection<String> values)759     void writeAttributeValuesToXml(TypedXmlSerializer out, String outerTag, String innerTag,
760             @NonNull Collection<String> values) throws IOException {
761         out.startTag(null, outerTag);
762         for (String value : values) {
763             out.startTag(null, innerTag);
764             out.attribute(null, ATTR_VALUE, value);
765             out.endTag(null, innerTag);
766         }
767         out.endTag(null, outerTag);
768     }
769 
readFromXml(TypedXmlPullParser parser, boolean shouldOverridePolicies)770     void readFromXml(TypedXmlPullParser parser, boolean shouldOverridePolicies)
771             throws XmlPullParserException, IOException {
772         int outerDepth = parser.getDepth();
773         int type;
774         while ((type = parser.next()) != END_DOCUMENT
775                && (type != END_TAG || parser.getDepth() > outerDepth)) {
776             if (type == END_TAG || type == TEXT) {
777                 continue;
778             }
779             String tag = parser.getName();
780             if (TAG_POLICIES.equals(tag)) {
781                 if (shouldOverridePolicies) {
782                     Slogf.d(LOG_TAG, "Overriding device admin policies from XML.");
783                     info.readPoliciesFromXml(parser);
784                 }
785             } else if (TAG_PASSWORD_QUALITY.equals(tag)) {
786                 mPasswordPolicy.quality = parser.getAttributeInt(null, ATTR_VALUE);
787             } else if (TAG_MIN_PASSWORD_LENGTH.equals(tag)) {
788                 mPasswordPolicy.length = parser.getAttributeInt(null, ATTR_VALUE);
789             } else if (TAG_PASSWORD_HISTORY_LENGTH.equals(tag)) {
790                 passwordHistoryLength = parser.getAttributeInt(null, ATTR_VALUE);
791             } else if (TAG_MIN_PASSWORD_UPPERCASE.equals(tag)) {
792                 mPasswordPolicy.upperCase = parser.getAttributeInt(null, ATTR_VALUE);
793             } else if (TAG_MIN_PASSWORD_LOWERCASE.equals(tag)) {
794                 mPasswordPolicy.lowerCase = parser.getAttributeInt(null, ATTR_VALUE);
795             } else if (TAG_MIN_PASSWORD_LETTERS.equals(tag)) {
796                 mPasswordPolicy.letters = parser.getAttributeInt(null, ATTR_VALUE);
797             } else if (TAG_MIN_PASSWORD_NUMERIC.equals(tag)) {
798                 mPasswordPolicy.numeric = parser.getAttributeInt(null, ATTR_VALUE);
799             } else if (TAG_MIN_PASSWORD_SYMBOLS.equals(tag)) {
800                 mPasswordPolicy.symbols = parser.getAttributeInt(null, ATTR_VALUE);
801             } else if (TAG_MIN_PASSWORD_NONLETTER.equals(tag)) {
802                 mPasswordPolicy.nonLetter = parser.getAttributeInt(null, ATTR_VALUE);
803             } else if (TAG_MAX_TIME_TO_UNLOCK.equals(tag)) {
804                 maximumTimeToUnlock = parser.getAttributeLong(null, ATTR_VALUE);
805             } else if (TAG_STRONG_AUTH_UNLOCK_TIMEOUT.equals(tag)) {
806                 strongAuthUnlockTimeout = parser.getAttributeLong(null, ATTR_VALUE);
807             } else if (TAG_MAX_FAILED_PASSWORD_WIPE.equals(tag)) {
808                 maximumFailedPasswordsForWipe = parser.getAttributeInt(null, ATTR_VALUE);
809             } else if (TAG_SPECIFIES_GLOBAL_PROXY.equals(tag)) {
810                 specifiesGlobalProxy = parser.getAttributeBoolean(null, ATTR_VALUE, false);
811             } else if (TAG_GLOBAL_PROXY_SPEC.equals(tag)) {
812                 globalProxySpec =
813                     parser.getAttributeValue(null, ATTR_VALUE);
814             } else if (TAG_GLOBAL_PROXY_EXCLUSION_LIST.equals(tag)) {
815                 globalProxyExclusionList =
816                     parser.getAttributeValue(null, ATTR_VALUE);
817             } else if (TAG_PASSWORD_EXPIRATION_TIMEOUT.equals(tag)) {
818                 passwordExpirationTimeout = parser.getAttributeLong(null, ATTR_VALUE);
819             } else if (TAG_PASSWORD_EXPIRATION_DATE.equals(tag)) {
820                 passwordExpirationDate = parser.getAttributeLong(null, ATTR_VALUE);
821             } else if (TAG_ENCRYPTION_REQUESTED.equals(tag)) {
822                 encryptionRequested = parser.getAttributeBoolean(null, ATTR_VALUE, false);
823             } else if (TAG_TEST_ONLY_ADMIN.equals(tag)) {
824                 testOnlyAdmin = parser.getAttributeBoolean(null, ATTR_VALUE, false);
825             } else if (TAG_DISABLE_CAMERA.equals(tag)) {
826                 disableCamera = parser.getAttributeBoolean(null, ATTR_VALUE, false);
827             } else if (TAG_DISABLE_CALLER_ID.equals(tag)) {
828                 disableCallerId = parser.getAttributeBoolean(null, ATTR_VALUE, false);
829             } else if (TAG_DISABLE_CONTACTS_SEARCH.equals(tag)) {
830                 disableContactsSearch = parser.getAttributeBoolean(null, ATTR_VALUE, false);
831             } else if (TAG_DISABLE_BLUETOOTH_CONTACT_SHARING.equals(tag)) {
832                 disableBluetoothContactSharing =
833                         parser.getAttributeBoolean(null, ATTR_VALUE, false);
834             } else if (TAG_DISABLE_SCREEN_CAPTURE.equals(tag)) {
835                 disableScreenCapture = parser.getAttributeBoolean(null, ATTR_VALUE, false);
836             } else if (TAG_REQUIRE_AUTO_TIME.equals(tag)) {
837                 requireAutoTime = parser.getAttributeBoolean(null, ATTR_VALUE, false);
838             } else if (TAG_FORCE_EPHEMERAL_USERS.equals(tag)) {
839                 forceEphemeralUsers = parser.getAttributeBoolean(null, ATTR_VALUE, false);
840             } else if (TAG_IS_NETWORK_LOGGING_ENABLED.equals(tag)) {
841                 isNetworkLoggingEnabled = parser.getAttributeBoolean(null, ATTR_VALUE, false);
842                 lastNetworkLoggingNotificationTimeMs = parser.getAttributeLong(null,
843                         ATTR_LAST_NETWORK_LOGGING_NOTIFICATION);
844                 numNetworkLoggingNotifications = parser.getAttributeInt(null,
845                         ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS);
846             } else if (TAG_DISABLE_KEYGUARD_FEATURES.equals(tag)) {
847                 disabledKeyguardFeatures = parser.getAttributeInt(null, ATTR_VALUE);
848             } else if (TAG_DISABLE_ACCOUNT_MANAGEMENT.equals(tag)) {
849                 readAttributeValues(
850                         parser, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled);
851             } else if (TAG_MANAGE_TRUST_AGENT_FEATURES.equals(tag)) {
852                 trustAgentInfos = getAllTrustAgentInfos(parser, tag);
853             } else if (TAG_CROSS_PROFILE_WIDGET_PROVIDERS.equals(tag)) {
854                 crossProfileWidgetProviders = new ArrayList<>();
855                 readAttributeValues(parser, TAG_PROVIDER, crossProfileWidgetProviders);
856             } else if (TAG_PERMITTED_ACCESSIBILITY_SERVICES.equals(tag)) {
857                 permittedAccessiblityServices = readPackageList(parser, tag);
858             } else if (TAG_PERMITTED_IMES.equals(tag)) {
859                 permittedInputMethods = readPackageList(parser, tag);
860             } else if (TAG_PERMITTED_NOTIFICATION_LISTENERS.equals(tag)) {
861                 permittedNotificationListeners = readPackageList(parser, tag);
862             } else if (TAG_KEEP_UNINSTALLED_PACKAGES.equals(tag)) {
863                 keepUninstalledPackages = readPackageList(parser, tag);
864             } else if (TAG_METERED_DATA_DISABLED_PACKAGES.equals(tag)) {
865                 meteredDisabledPackages = readPackageList(parser, tag);
866             } else if (TAG_PROTECTED_PACKAGES.equals(tag)) {
867                 protectedPackages = readPackageList(parser, tag);
868             } else if (TAG_SUSPENDED_PACKAGES.equals(tag)) {
869                 suspendedPackages = readPackageList(parser, tag);
870             } else if (TAG_USER_RESTRICTIONS.equals(tag)) {
871                 userRestrictions = UserRestrictionsUtils.readRestrictions(parser);
872             } else if (TAG_DEFAULT_ENABLED_USER_RESTRICTIONS.equals(tag)) {
873                 readAttributeValues(
874                         parser, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet);
875             } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) {
876                 type = parser.next();
877                 if (type == TypedXmlPullParser.TEXT) {
878                     shortSupportMessage = parser.getText();
879                 } else {
880                     Slogf.w(LOG_TAG, "Missing text when loading short support message");
881                 }
882             } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) {
883                 type = parser.next();
884                 if (type == TypedXmlPullParser.TEXT) {
885                     longSupportMessage = parser.getText();
886                 } else {
887                     Slogf.w(LOG_TAG, "Missing text when loading long support message");
888                 }
889             } else if (TAG_PARENT_ADMIN.equals(tag)) {
890                 Preconditions.checkState(!isParent);
891                 parentAdmin = new ActiveAdmin(info, /* parent */ true);
892                 parentAdmin.readFromXml(parser, shouldOverridePolicies);
893             } else if (TAG_ORGANIZATION_COLOR.equals(tag)) {
894                 organizationColor = parser.getAttributeInt(null, ATTR_VALUE);
895             } else if (TAG_ORGANIZATION_NAME.equals(tag)) {
896                 type = parser.next();
897                 if (type == TypedXmlPullParser.TEXT) {
898                     organizationName = parser.getText();
899                 } else {
900                     Slogf.w(LOG_TAG, "Missing text when loading organization name");
901                 }
902             } else if (TAG_IS_LOGOUT_ENABLED.equals(tag)) {
903                 isLogoutEnabled = parser.getAttributeBoolean(null, ATTR_VALUE, false);
904             } else if (TAG_START_USER_SESSION_MESSAGE.equals(tag)) {
905                 type = parser.next();
906                 if (type == TypedXmlPullParser.TEXT) {
907                     startUserSessionMessage = parser.getText();
908                 } else {
909                     Slogf.w(LOG_TAG, "Missing text when loading start session message");
910                 }
911             } else if (TAG_END_USER_SESSION_MESSAGE.equals(tag)) {
912                 type = parser.next();
913                 if (type == TypedXmlPullParser.TEXT) {
914                     endUserSessionMessage = parser.getText();
915                 } else {
916                     Slogf.w(LOG_TAG, "Missing text when loading end session message");
917                 }
918             } else if (TAG_CROSS_PROFILE_CALENDAR_PACKAGES.equals(tag)) {
919                 mCrossProfileCalendarPackages = readPackageList(parser, tag);
920             } else if (TAG_CROSS_PROFILE_CALENDAR_PACKAGES_NULL.equals(tag)) {
921                 mCrossProfileCalendarPackages = null;
922             } else if (TAG_CROSS_PROFILE_PACKAGES.equals(tag)) {
923                 mCrossProfilePackages = readPackageList(parser, tag);
924             } else if (TAG_FACTORY_RESET_PROTECTION_POLICY.equals(tag)) {
925                 mFactoryResetProtectionPolicy = FactoryResetProtectionPolicy.readFromXml(
926                             parser);
927             } else if (TAG_SUSPEND_PERSONAL_APPS.equals(tag)) {
928                 mSuspendPersonalApps = parser.getAttributeBoolean(null, ATTR_VALUE, false);
929             } else if (TAG_PROFILE_MAXIMUM_TIME_OFF.equals(tag)) {
930                 mProfileMaximumTimeOffMillis =
931                         parser.getAttributeLong(null, ATTR_VALUE);
932             } else if (TAG_PROFILE_OFF_DEADLINE.equals(tag)) {
933                 mProfileOffDeadline =
934                         parser.getAttributeLong(null, ATTR_VALUE);
935             } else if (TAG_ALWAYS_ON_VPN_PACKAGE.equals(tag)) {
936                 mAlwaysOnVpnPackage = parser.getAttributeValue(null, ATTR_VALUE);
937             } else if (TAG_ALWAYS_ON_VPN_LOCKDOWN.equals(tag)) {
938                 mAlwaysOnVpnLockdown = parser.getAttributeBoolean(null, ATTR_VALUE, false);
939             } else if (TAG_PREFERENTIAL_NETWORK_SERVICE_ENABLED.equals(tag)) {
940                 boolean preferentialNetworkServiceEnabled = parser.getAttributeBoolean(null,
941                         ATTR_VALUE,
942                         DevicePolicyManager.PREFERENTIAL_NETWORK_SERVICE_ENABLED_DEFAULT);
943                 if (preferentialNetworkServiceEnabled) {
944                     PreferentialNetworkServiceConfig.Builder configBuilder =
945                             new PreferentialNetworkServiceConfig.Builder();
946                     configBuilder.setEnabled(preferentialNetworkServiceEnabled);
947                     configBuilder.setNetworkId(NET_ENTERPRISE_ID_1);
948                     mPreferentialNetworkServiceConfigs = List.of(configBuilder.build());
949                 }
950             } else if (TAG_COMMON_CRITERIA_MODE.equals(tag)) {
951                 mCommonCriteriaMode = parser.getAttributeBoolean(null, ATTR_VALUE, false);
952             } else if (TAG_PASSWORD_COMPLEXITY.equals(tag)) {
953                 mPasswordComplexity = parser.getAttributeInt(null, ATTR_VALUE);
954             } else if (TAG_NEARBY_NOTIFICATION_STREAMING_POLICY.equals(tag)) {
955                 mNearbyNotificationStreamingPolicy = parser.getAttributeInt(null, ATTR_VALUE);
956             } else if (TAG_NEARBY_APP_STREAMING_POLICY.equals(tag)) {
957                 mNearbyAppStreamingPolicy = parser.getAttributeInt(null, ATTR_VALUE);
958             } else if (TAG_ORGANIZATION_ID.equals(tag)) {
959                 type = parser.next();
960                 if (type == TypedXmlPullParser.TEXT) {
961                     mOrganizationId = parser.getText();
962                 } else {
963                     Slogf.w(LOG_TAG, "Missing Organization ID.");
964                 }
965             } else if (TAG_ENROLLMENT_SPECIFIC_ID.equals(tag)) {
966                 type = parser.next();
967                 if (type == TypedXmlPullParser.TEXT) {
968                     mEnrollmentSpecificId = parser.getText();
969                 } else {
970                     Slogf.w(LOG_TAG, "Missing Enrollment-specific ID.");
971                 }
972             } else if (TAG_ADMIN_CAN_GRANT_SENSORS_PERMISSIONS.equals(tag)) {
973                 mAdminCanGrantSensorsPermissions = parser.getAttributeBoolean(null, ATTR_VALUE,
974                         false);
975             } else if (TAG_USB_DATA_SIGNALING.equals(tag)) {
976                 mUsbDataSignalingEnabled = parser.getAttributeBoolean(null, ATTR_VALUE,
977                         USB_DATA_SIGNALING_ENABLED_DEFAULT);
978             } else if (TAG_WIFI_MIN_SECURITY.equals(tag)) {
979                 mWifiMinimumSecurityLevel = parser.getAttributeInt(null, ATTR_VALUE);
980             } else if (TAG_SSID_ALLOWLIST.equals(tag)) {
981                 List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID);
982                 mWifiSsidPolicy = new WifiSsidPolicy(
983                         WIFI_SSID_POLICY_TYPE_ALLOWLIST, new ArraySet<>(ssids));
984             } else if (TAG_SSID_DENYLIST.equals(tag)) {
985                 List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID);
986                 mWifiSsidPolicy = new WifiSsidPolicy(
987                         WIFI_SSID_POLICY_TYPE_DENYLIST, new ArraySet<>(ssids));
988             } else if (TAG_PREFERENTIAL_NETWORK_SERVICE_CONFIGS.equals(tag)) {
989                 List<PreferentialNetworkServiceConfig> configs =
990                         getPreferentialNetworkServiceConfigs(parser, tag);
991                 if (!configs.isEmpty()) {
992                     mPreferentialNetworkServiceConfigs = configs;
993                 }
994             } else if (TAG_MTE_POLICY.equals(tag)) {
995                 mtePolicy = parser.getAttributeInt(null, ATTR_VALUE);
996             } else if (TAG_CROSS_PROFILE_CALLER_ID_POLICY.equals(tag)) {
997                 mManagedProfileCallerIdAccess = readPackagePolicy(parser);
998             } else if (TAG_CROSS_PROFILE_CONTACTS_SEARCH_POLICY.equals(tag)) {
999                 mManagedProfileContactsAccess = readPackagePolicy(parser);
1000             } else if (TAG_MANAGED_SUBSCRIPTIONS_POLICY.equals(tag)) {
1001                 mManagedSubscriptionsPolicy = ManagedSubscriptionsPolicy.readFromXml(parser);
1002             } else if (TAG_CREDENTIAL_MANAGER_POLICY.equals(tag)) {
1003                 mCredentialManagerPolicy = readPackagePolicy(parser);
1004             } else if (TAG_DIALER_PACKAGE.equals(tag)) {
1005                 mDialerPackage = parser.getAttributeValue(null, ATTR_VALUE);
1006             } else if (TAG_SMS_PACKAGE.equals(tag)) {
1007                 mSmsPackage = parser.getAttributeValue(null, ATTR_VALUE);
1008             } else {
1009                 Slogf.w(LOG_TAG, "Unknown admin tag: %s", tag);
1010                 XmlUtils.skipCurrentTag(parser);
1011             }
1012         }
1013     }
1014 
readPackagePolicy(TypedXmlPullParser parser)1015     private PackagePolicy readPackagePolicy(TypedXmlPullParser parser)
1016             throws XmlPullParserException, IOException {
1017         int policy = parser.getAttributeInt(null, ATTR_PACKAGE_POLICY_MODE);
1018         Set<String> packageNames = new ArraySet<>(
1019                 readPackageList(parser, TAG_PACKAGE_POLICY_PACKAGE_NAMES));
1020         return new PackagePolicy(policy, packageNames);
1021     }
1022 
readWifiSsids(TypedXmlPullParser parser, String tag)1023     private List<WifiSsid> readWifiSsids(TypedXmlPullParser parser, String tag)
1024             throws XmlPullParserException, IOException {
1025         List<String> ssidStrings = new ArrayList<>();
1026         readAttributeValues(parser, tag, ssidStrings);
1027         List<WifiSsid> ssids = ssidStrings.stream()
1028                 .map(ssid -> WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)))
1029                 .collect(Collectors.toList());
1030         return ssids;
1031     }
1032 
readPackageList(TypedXmlPullParser parser, String tag)1033     private List<String> readPackageList(TypedXmlPullParser parser,
1034             String tag) throws XmlPullParserException, IOException {
1035         List<String> result = new ArrayList<String>();
1036         int outerDepth = parser.getDepth();
1037         int outerType;
1038         while ((outerType = parser.next()) != TypedXmlPullParser.END_DOCUMENT
1039                 && (outerType != TypedXmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1040             if (outerType == TypedXmlPullParser.END_TAG || outerType == TypedXmlPullParser.TEXT) {
1041                 continue;
1042             }
1043             String outerTag = parser.getName();
1044             if (TAG_PACKAGE_LIST_ITEM.equals(outerTag)) {
1045                 String packageName = parser.getAttributeValue(null, ATTR_VALUE);
1046                 if (packageName != null) {
1047                     result.add(packageName);
1048                 } else {
1049                     Slogf.w(LOG_TAG, "Package name missing under %s", outerTag);
1050                 }
1051             } else {
1052                 Slogf.w(LOG_TAG, "Unknown tag under %s: ", tag, outerTag);
1053             }
1054         }
1055         return result;
1056     }
1057 
readAttributeValues( TypedXmlPullParser parser, String tag, Collection<String> result)1058     private void readAttributeValues(
1059             TypedXmlPullParser parser, String tag, Collection<String> result)
1060             throws XmlPullParserException, IOException {
1061         result.clear();
1062         int outerDepthDAM = parser.getDepth();
1063         int typeDAM;
1064         while ((typeDAM = parser.next()) != END_DOCUMENT
1065                 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1066             if (typeDAM == END_TAG || typeDAM == TEXT) {
1067                 continue;
1068             }
1069             String tagDAM = parser.getName();
1070             if (tag.equals(tagDAM)) {
1071                 result.add(parser.getAttributeValue(null, ATTR_VALUE));
1072             } else {
1073                 Slogf.e(LOG_TAG, "Expected tag %s but found %s", tag, tagDAM);
1074             }
1075         }
1076     }
1077 
1078     @NonNull
getAllTrustAgentInfos( TypedXmlPullParser parser, String tag)1079     private ArrayMap<String, TrustAgentInfo> getAllTrustAgentInfos(
1080             TypedXmlPullParser parser, String tag) throws XmlPullParserException, IOException {
1081         int outerDepthDAM = parser.getDepth();
1082         int typeDAM;
1083         final ArrayMap<String, TrustAgentInfo> result = new ArrayMap<>();
1084         while ((typeDAM = parser.next()) != END_DOCUMENT
1085                 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) {
1086             if (typeDAM == END_TAG || typeDAM == TEXT) {
1087                 continue;
1088             }
1089             String tagDAM = parser.getName();
1090             if (TAG_TRUST_AGENT_COMPONENT.equals(tagDAM)) {
1091                 final String component = parser.getAttributeValue(null, ATTR_VALUE);
1092                 final TrustAgentInfo trustAgentInfo = getTrustAgentInfo(parser, tag);
1093                 result.put(component, trustAgentInfo);
1094             } else {
1095                 Slogf.w(LOG_TAG, "Unknown tag under %s: %s", tag, tagDAM);
1096             }
1097         }
1098         return result;
1099     }
1100 
getTrustAgentInfo(TypedXmlPullParser parser, String outerTag)1101     private TrustAgentInfo getTrustAgentInfo(TypedXmlPullParser parser, String outerTag)
1102             throws XmlPullParserException, IOException  {
1103         int outerDepth = parser.getDepth();
1104         int type;
1105         TrustAgentInfo result = new TrustAgentInfo(null);
1106         while ((type = parser.next()) != END_DOCUMENT
1107                 && (type != END_TAG || parser.getDepth() > outerDepth)) {
1108             if (type == END_TAG || type == TEXT) {
1109                 continue;
1110             }
1111             String tag = parser.getName();
1112             if (TAG_TRUST_AGENT_COMPONENT_OPTIONS.equals(tag)) {
1113                 result.options = PersistableBundle.restoreFromXml(parser);
1114             } else {
1115                 Slogf.w(LOG_TAG, "Unknown tag under %s: %s", outerTag, tag);
1116             }
1117         }
1118         return result;
1119     }
1120 
1121     @NonNull
getPreferentialNetworkServiceConfigs( TypedXmlPullParser parser, String tag)1122     private List<PreferentialNetworkServiceConfig> getPreferentialNetworkServiceConfigs(
1123             TypedXmlPullParser parser, String tag) throws XmlPullParserException, IOException {
1124         int outerDepth = parser.getDepth();
1125         int typeDAM;
1126         final List<PreferentialNetworkServiceConfig> result = new ArrayList<>();
1127         while ((typeDAM = parser.next()) != END_DOCUMENT
1128             && (typeDAM != END_TAG || parser.getDepth() > outerDepth)) {
1129             if (typeDAM == END_TAG || typeDAM == TEXT) {
1130                 continue;
1131             }
1132             String tagDAM = parser.getName();
1133             if (TAG_PREFERENTIAL_NETWORK_SERVICE_CONFIG.equals(tagDAM)) {
1134                 final PreferentialNetworkServiceConfig preferentialNetworkServiceConfig =
1135                         PreferentialNetworkServiceConfig.getPreferentialNetworkServiceConfig(
1136                                 parser, tag);
1137                 result.add(preferentialNetworkServiceConfig);
1138             } else {
1139                 Slogf.w(LOG_TAG, "Unknown tag under %s: %s", tag, tagDAM);
1140             }
1141         }
1142         return result;
1143     }
1144 
hasUserRestrictions()1145     boolean hasUserRestrictions() {
1146         return userRestrictions != null && userRestrictions.size() > 0;
1147     }
1148 
ensureUserRestrictions()1149     Bundle ensureUserRestrictions() {
1150         if (userRestrictions == null) {
1151             userRestrictions = new Bundle();
1152         }
1153         return userRestrictions;
1154     }
1155 
transfer(DeviceAdminInfo deviceAdminInfo)1156     public void transfer(DeviceAdminInfo deviceAdminInfo) {
1157         if (hasParentActiveAdmin()) {
1158             parentAdmin.info = deviceAdminInfo;
1159         }
1160         info = deviceAdminInfo;
1161     }
1162 
addSyntheticRestrictions(Bundle restrictions)1163     Bundle addSyntheticRestrictions(Bundle restrictions) {
1164         if (disableCamera) {
1165             restrictions.putBoolean(UserManager.DISALLOW_CAMERA, true);
1166         }
1167         if (requireAutoTime) {
1168             restrictions.putBoolean(UserManager.DISALLOW_CONFIG_DATE_TIME, true);
1169         }
1170         return restrictions;
1171     }
1172 
removeDeprecatedRestrictions(Bundle restrictions)1173     static Bundle removeDeprecatedRestrictions(Bundle restrictions) {
1174         for (String deprecatedRestriction: UserRestrictionsUtils.DEPRECATED_USER_RESTRICTIONS) {
1175             restrictions.remove(deprecatedRestriction);
1176         }
1177         return restrictions;
1178     }
1179 
filterRestrictions(Bundle restrictions, Predicate<String> filter)1180     static Bundle filterRestrictions(Bundle restrictions, Predicate<String> filter) {
1181         Bundle result = new Bundle();
1182         for (String key : restrictions.keySet()) {
1183             if (!restrictions.getBoolean(key)) {
1184                 continue;
1185             }
1186             if (filter.test(key)) {
1187                 result.putBoolean(key, true);
1188             }
1189         }
1190         return result;
1191     }
1192 
getEffectiveRestrictions()1193     Bundle getEffectiveRestrictions() {
1194         return addSyntheticRestrictions(
1195                 removeDeprecatedRestrictions(new Bundle(ensureUserRestrictions())));
1196     }
1197 
getLocalUserRestrictions(int adminType)1198     Bundle getLocalUserRestrictions(int adminType) {
1199         return filterRestrictions(getEffectiveRestrictions(),
1200                 key -> UserRestrictionsUtils.isLocal(adminType, key));
1201     }
1202 
getGlobalUserRestrictions(int adminType)1203     Bundle getGlobalUserRestrictions(int adminType) {
1204         return filterRestrictions(getEffectiveRestrictions(),
1205                 key -> UserRestrictionsUtils.isGlobal(adminType, key));
1206     }
1207 
dumpPackagePolicy(IndentingPrintWriter pw, String name, PackagePolicy policy)1208     void dumpPackagePolicy(IndentingPrintWriter pw, String name, PackagePolicy policy) {
1209         pw.print(name);
1210         pw.println(":");
1211         if (policy != null) {
1212             pw.increaseIndent();
1213             pw.print("policyType=");
1214             pw.println(policy.getPolicyType());
1215             pw.println("packageNames:");
1216             pw.increaseIndent();
1217             policy.getPackageNames().forEach(item -> pw.println(item));
1218             pw.decreaseIndent();
1219             pw.decreaseIndent();
1220         }
1221     }
1222 
dump(IndentingPrintWriter pw)1223     void dump(IndentingPrintWriter pw) {
1224         pw.print("uid=");
1225         pw.println(getUid());
1226 
1227         pw.print("testOnlyAdmin=");
1228         pw.println(testOnlyAdmin);
1229 
1230         if (info != null) {
1231             pw.println("policies:");
1232             ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies();
1233             if (pols != null) {
1234                 pw.increaseIndent();
1235                 for (int i = 0; i < pols.size(); i++) {
1236                     pw.println(pols.get(i).tag);
1237                 }
1238                 pw.decreaseIndent();
1239             }
1240         }
1241 
1242         pw.print("passwordQuality=0x");
1243         pw.println(Integer.toHexString(mPasswordPolicy.quality));
1244 
1245         pw.print("minimumPasswordLength=");
1246         pw.println(mPasswordPolicy.length);
1247 
1248         pw.print("passwordHistoryLength=");
1249         pw.println(passwordHistoryLength);
1250 
1251         pw.print("minimumPasswordUpperCase=");
1252         pw.println(mPasswordPolicy.upperCase);
1253 
1254         pw.print("minimumPasswordLowerCase=");
1255         pw.println(mPasswordPolicy.lowerCase);
1256 
1257         pw.print("minimumPasswordLetters=");
1258         pw.println(mPasswordPolicy.letters);
1259 
1260         pw.print("minimumPasswordNumeric=");
1261         pw.println(mPasswordPolicy.numeric);
1262 
1263         pw.print("minimumPasswordSymbols=");
1264         pw.println(mPasswordPolicy.symbols);
1265 
1266         pw.print("minimumPasswordNonLetter=");
1267         pw.println(mPasswordPolicy.nonLetter);
1268 
1269         pw.print("maximumTimeToUnlock=");
1270         pw.println(maximumTimeToUnlock);
1271 
1272         pw.print("strongAuthUnlockTimeout=");
1273         pw.println(strongAuthUnlockTimeout);
1274 
1275         pw.print("maximumFailedPasswordsForWipe=");
1276         pw.println(maximumFailedPasswordsForWipe);
1277 
1278         pw.print("specifiesGlobalProxy=");
1279         pw.println(specifiesGlobalProxy);
1280 
1281         pw.print("passwordExpirationTimeout=");
1282         pw.println(passwordExpirationTimeout);
1283 
1284         pw.print("passwordExpirationDate=");
1285         pw.println(passwordExpirationDate);
1286 
1287         if (globalProxySpec != null) {
1288             pw.print("globalProxySpec=");
1289             pw.println(globalProxySpec);
1290         }
1291         if (globalProxyExclusionList != null) {
1292             pw.print("globalProxyEclusionList=");
1293             pw.println(globalProxyExclusionList);
1294         }
1295         pw.print("encryptionRequested=");
1296         pw.println(encryptionRequested);
1297 
1298         pw.print("disableCamera=");
1299         pw.println(disableCamera);
1300 
1301         pw.print("disableCallerId=");
1302         pw.println(disableCallerId);
1303 
1304         pw.print("disableContactsSearch=");
1305         pw.println(disableContactsSearch);
1306 
1307         pw.print("disableBluetoothContactSharing=");
1308         pw.println(disableBluetoothContactSharing);
1309 
1310         pw.print("disableScreenCapture=");
1311         pw.println(disableScreenCapture);
1312 
1313         pw.print("requireAutoTime=");
1314         pw.println(requireAutoTime);
1315 
1316         pw.print("forceEphemeralUsers=");
1317         pw.println(forceEphemeralUsers);
1318 
1319         pw.print("isNetworkLoggingEnabled=");
1320         pw.println(isNetworkLoggingEnabled);
1321 
1322         pw.print("disabledKeyguardFeatures=");
1323         pw.println(disabledKeyguardFeatures);
1324 
1325         pw.print("crossProfileWidgetProviders=");
1326         pw.println(crossProfileWidgetProviders);
1327 
1328         if (permittedAccessiblityServices != null) {
1329             pw.print("permittedAccessibilityServices=");
1330             pw.println(permittedAccessiblityServices);
1331         }
1332 
1333         if (permittedInputMethods != null) {
1334             pw.print("permittedInputMethods=");
1335             pw.println(permittedInputMethods);
1336         }
1337 
1338         if (permittedNotificationListeners != null) {
1339             pw.print("permittedNotificationListeners=");
1340             pw.println(permittedNotificationListeners);
1341         }
1342 
1343         if (keepUninstalledPackages != null) {
1344             pw.print("keepUninstalledPackages=");
1345             pw.println(keepUninstalledPackages);
1346         }
1347 
1348         if (meteredDisabledPackages != null) {
1349             pw.print("meteredDisabledPackages=");
1350             pw.println(meteredDisabledPackages);
1351         }
1352 
1353         if (protectedPackages != null) {
1354             pw.print("protectedPackages=");
1355             pw.println(protectedPackages);
1356         }
1357 
1358         if (suspendedPackages != null) {
1359             pw.print("suspendedPackages=");
1360             pw.println(suspendedPackages);
1361         }
1362 
1363         pw.print("organizationColor=");
1364         pw.println(organizationColor);
1365 
1366         if (organizationName != null) {
1367             pw.print("organizationName=");
1368             pw.println(organizationName);
1369         }
1370 
1371         pw.println("userRestrictions:");
1372         UserRestrictionsUtils.dumpRestrictions(pw, "  ", userRestrictions);
1373 
1374         pw.print("defaultEnabledRestrictionsAlreadySet=");
1375         pw.println(defaultEnabledRestrictionsAlreadySet);
1376 
1377 
1378         dumpPackagePolicy(pw, "managedProfileCallerIdPolicy",
1379                 mManagedProfileCallerIdAccess);
1380 
1381         dumpPackagePolicy(pw, "managedProfileContactsPolicy",
1382                 mManagedProfileContactsAccess);
1383 
1384         dumpPackagePolicy(pw, "credentialManagerPolicy",
1385                 mCredentialManagerPolicy);
1386 
1387         pw.print("isParent=");
1388         pw.println(isParent);
1389 
1390         if (parentAdmin != null) {
1391             pw.println("parentAdmin:");
1392             pw.increaseIndent();
1393             parentAdmin.dump(pw);
1394             pw.decreaseIndent();
1395         }
1396 
1397         if (mCrossProfileCalendarPackages != null) {
1398             pw.print("mCrossProfileCalendarPackages=");
1399             pw.println(mCrossProfileCalendarPackages);
1400         }
1401 
1402         pw.print("mCrossProfilePackages=");
1403         pw.println(mCrossProfilePackages);
1404 
1405         pw.print("mSuspendPersonalApps=");
1406         pw.println(mSuspendPersonalApps);
1407 
1408         pw.print("mProfileMaximumTimeOffMillis=");
1409         pw.println(mProfileMaximumTimeOffMillis);
1410 
1411         pw.print("mProfileOffDeadline=");
1412         pw.println(mProfileOffDeadline);
1413 
1414         pw.print("mAlwaysOnVpnPackage=");
1415         pw.println(mAlwaysOnVpnPackage);
1416 
1417         pw.print("mAlwaysOnVpnLockdown=");
1418         pw.println(mAlwaysOnVpnLockdown);
1419 
1420         pw.print("mCommonCriteriaMode=");
1421         pw.println(mCommonCriteriaMode);
1422 
1423         pw.print("mPasswordComplexity=");
1424         pw.println(mPasswordComplexity);
1425 
1426         pw.print("mNearbyNotificationStreamingPolicy=");
1427         pw.println(mNearbyNotificationStreamingPolicy);
1428 
1429         pw.print("mNearbyAppStreamingPolicy=");
1430         pw.println(mNearbyAppStreamingPolicy);
1431 
1432         if (!TextUtils.isEmpty(mOrganizationId)) {
1433             pw.print("mOrganizationId=");
1434             pw.println(mOrganizationId);
1435         }
1436 
1437         if (!TextUtils.isEmpty(mEnrollmentSpecificId)) {
1438             pw.print("mEnrollmentSpecificId=");
1439             pw.println(mEnrollmentSpecificId);
1440         }
1441 
1442         pw.print("mAdminCanGrantSensorsPermissions=");
1443         pw.println(mAdminCanGrantSensorsPermissions);
1444 
1445         pw.print("mUsbDataSignaling=");
1446         pw.println(mUsbDataSignalingEnabled);
1447 
1448         pw.print("mWifiMinimumSecurityLevel=");
1449         pw.println(mWifiMinimumSecurityLevel);
1450 
1451         if (mWifiSsidPolicy != null) {
1452             if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) {
1453                 pw.print("mSsidAllowlist=");
1454             } else {
1455                 pw.print("mSsidDenylist=");
1456             }
1457             pw.println(ssidsToStrings(mWifiSsidPolicy.getSsids()));
1458         }
1459 
1460         if (mFactoryResetProtectionPolicy != null) {
1461             pw.println("mFactoryResetProtectionPolicy:");
1462             pw.increaseIndent();
1463             mFactoryResetProtectionPolicy.dump(pw);
1464             pw.decreaseIndent();
1465         }
1466 
1467         if (mPreferentialNetworkServiceConfigs != null) {
1468             pw.println("mPreferentialNetworkServiceConfigs:");
1469             pw.increaseIndent();
1470             for (PreferentialNetworkServiceConfig config : mPreferentialNetworkServiceConfigs) {
1471                 config.dump(pw);
1472             }
1473             pw.decreaseIndent();
1474         }
1475 
1476         pw.print("mtePolicy=");
1477         pw.println(mtePolicy);
1478 
1479         pw.print("accountTypesWithManagementDisabled=");
1480         pw.println(accountTypesWithManagementDisabled);
1481 
1482         if (mManagedSubscriptionsPolicy != null) {
1483             pw.println("mManagedSubscriptionsPolicy:");
1484             pw.increaseIndent();
1485             pw.println(mManagedSubscriptionsPolicy);
1486             pw.decreaseIndent();
1487         }
1488 
1489         pw.print("mDialerPackage=");
1490         pw.println(mDialerPackage);
1491         pw.print("mSmsPackage=");
1492         pw.println(mSmsPackage);
1493     }
1494 }
1495