Policy transparency when DISALLOW_FACTORY_RESET prevents OEM unlock.

If an admin has set the DISALLOW_FACTORY_RESET user restriction, OEM
unlock is also restricted. If this is the case, it should be explained
to the user that the admin is preventing the OEM unlock.

DISALLOW_OEM_UNLOCK is deprecated and now managed by OemLockManager.
This restriction is also one set by the carrier, not an admin.

Test: RunSettingsRoboTests
Test: CTS verifier test from the bug
Bug: 65124732
Change-Id: I8bde87a522742a7cbda006eee17c2a19797b1835

src/com/android/settings/development/DevelopmentSettings.java

@@ -53,6 +53,7 @@ import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.os.StrictMode;
 import android.os.SystemProperties;
+import android.os.UserHandle;
 import android.os.UserManager;
 import android.os.storage.IStorageManager;
 import android.provider.SearchIndexableResource;
@@ -1025,8 +1026,19 @@ public class DevelopmentSettings extends RestrictedSettingsFragment
         return context.getSystemService(Context.OEM_LOCK_SERVICE) != null;
     }
 
+    /**
+     * Returns whether OEM unlock is allowed by the user and carrier.
+     *
+     * This does not take into account any restrictions imposed by the device policy.
+     */
+    private boolean isOemUnlockAllowedByUserAndCarrier() {
+        final UserHandle userHandle = UserHandle.of(UserHandle.myUserId());
+        return mOemLockManager.isOemUnlockAllowedByCarrier()
+                && !mUm.hasBaseUserRestriction(UserManager.DISALLOW_FACTORY_RESET, userHandle);
+    }
+
     private boolean enableOemUnlockPreference() {
-        return !isBootloaderUnlocked() && mOemLockManager.canUserAllowOemUnlock();
+        return !isBootloaderUnlocked() && isOemUnlockAllowedByUserAndCarrier();
     }
 
     private void updateOemUnlockOptions() {
@@ -1040,10 +1052,6 @@ public class DevelopmentSettings extends RestrictedSettingsFragment
                 // Check restriction, disable mEnableOemUnlock and apply policy transparency.
                 mEnableOemUnlock.checkRestrictionAndSetDisabled(UserManager.DISALLOW_FACTORY_RESET);
             }
-            if (mEnableOemUnlock.isEnabled()) {
-                // Check restriction, disable mEnableOemUnlock and apply policy transparency.
-                mEnableOemUnlock.checkRestrictionAndSetDisabled(UserManager.DISALLOW_OEM_UNLOCK);
-            }
         }
     }
 
@@ -2568,7 +2576,7 @@ public class DevelopmentSettings extends RestrictedSettingsFragment
                 oemUnlockSummary = R.string.oem_unlock_enable_disabled_summary_bootloader_unlocked;
             } else if (isSimLockedDevice()) {
                 oemUnlockSummary = R.string.oem_unlock_enable_disabled_summary_sim_locked_device;
-            } else if (!mOemLockManager.canUserAllowOemUnlock()) {
+            } else if (!isOemUnlockAllowedByUserAndCarrier()) {
                 // If the device isn't SIM-locked but OEM unlock is disallowed by some party, this
                 // means either some other carrier restriction is in place or the device hasn't been
                 // able to confirm which restrictions (SIM-lock or otherwise) apply.

tests/robotests/src/android/service/oemlock/OemLockManager.java

@@ -32,9 +32,6 @@ public class OemLockManager {
         return false;
     }
 
-    public boolean canUserAllowOemUnlock() {
-        return true;
-    }
     public boolean isOemUnlockAllowed() {
         return false;
     }