From 01f4dbcc1cfb70502e7b7deb5017e92d56e0b855 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Mon, 9 May 2016 16:13:10 +0100 Subject: [PATCH] Fix ConfirmCredential is not presented before trusting cert installed by PO/DO - Show ConfirmCredential in TrustedCredentialsSettings when Trust button is clicked for the very first time since the activity launched - Warning activity (work mode off, crpyto-aware) should not be shown when the activity is started. Also fixed it here. Bug: 28619980 Change-Id: I084b70883c087376e437a9ad3238d7c3313a0a17 --- .../settings/MonitoringCertInfoActivity.java | 11 ++- .../TrustedCredentialsDialogBuilder.java | 7 +- .../settings/TrustedCredentialsSettings.java | 78 ++++++++++++++++--- 3 files changed, 81 insertions(+), 15 deletions(-) diff --git a/src/com/android/settings/MonitoringCertInfoActivity.java b/src/com/android/settings/MonitoringCertInfoActivity.java index 7bf57680941..0111ae7e99f 100644 --- a/src/com/android/settings/MonitoringCertInfoActivity.java +++ b/src/com/android/settings/MonitoringCertInfoActivity.java @@ -29,15 +29,20 @@ import android.provider.Settings; /** * Activity that shows a dialog explaining that a CA cert is allowing someone to monitor network - * traffic. This activity should be launched for the user into which the CA cert is installed. + * traffic. This activity should be launched for the user into which the CA cert is installed + * unless Intent.EXTRA_USER_ID is provided. */ public class MonitoringCertInfoActivity extends Activity implements OnClickListener, OnDismissListener { + private int mUserId; + @Override protected void onCreate(Bundle savedStates) { super.onCreate(savedStates); + mUserId = getIntent().getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId()); + DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class); final int numberOfCertificates = getIntent().getIntExtra( Settings.EXTRA_NUMBER_OF_CERTIFICATES, 1); @@ -53,7 +58,7 @@ public class MonitoringCertInfoActivity extends Activity implements OnClickListe builder.setNeutralButton(R.string.cancel, null); builder.setOnDismissListener(this); - if (dpm.getProfileOwner() != null) { + if (dpm.getProfileOwnerAsUser(mUserId) != null) { builder.setMessage(getResources().getQuantityString(R.plurals.ssl_ca_cert_info_message, numberOfCertificates, dpm.getProfileOwnerName())); } else if (dpm.getDeviceOwnerComponentOnCallingUser() != null) { @@ -72,7 +77,7 @@ public class MonitoringCertInfoActivity extends Activity implements OnClickListe public void onClick(DialogInterface dialog, int which) { Intent intent = new Intent(android.provider.Settings.ACTION_TRUSTED_CREDENTIALS_USER); intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TOP); - intent.putExtra(TrustedCredentialsSettings.ARG_SHOW_NEW_FOR_USER, UserHandle.myUserId()); + intent.putExtra(TrustedCredentialsSettings.ARG_SHOW_NEW_FOR_USER, mUserId); startActivity(intent); finish(); } diff --git a/src/com/android/settings/TrustedCredentialsDialogBuilder.java b/src/com/android/settings/TrustedCredentialsDialogBuilder.java index ed2ab094966..2508d8c1fc0 100644 --- a/src/com/android/settings/TrustedCredentialsDialogBuilder.java +++ b/src/com/android/settings/TrustedCredentialsDialogBuilder.java @@ -43,6 +43,7 @@ class TrustedCredentialsDialogBuilder extends AlertDialog.Builder { public interface DelegateInterface { List getX509CertsFromCertHolder(CertHolder certHolder); void removeOrInstallCert(CertHolder certHolder); + boolean startConfirmCredentialIfNotConfirmed(int userId); } private final DialogEventHandler mDialogEventHandler; @@ -144,8 +145,10 @@ class TrustedCredentialsDialogBuilder extends AlertDialog.Builder { private void onClickTrust() { CertHolder certHolder = getCurrentCertInfo(); - mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true); - nextOrDismiss(); + if (!mDelegate.startConfirmCredentialIfNotConfirmed(certHolder.getUserId())) { + mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true); + nextOrDismiss(); + } } private void onClickRemove() { diff --git a/src/com/android/settings/TrustedCredentialsSettings.java b/src/com/android/settings/TrustedCredentialsSettings.java index e7ab4067030..c630ed6c370 100644 --- a/src/com/android/settings/TrustedCredentialsSettings.java +++ b/src/com/android/settings/TrustedCredentialsSettings.java @@ -17,6 +17,7 @@ package com.android.settings; import android.annotation.UiThread; +import android.app.Activity; import android.app.KeyguardManager; import android.app.admin.DevicePolicyManager; import android.content.BroadcastReceiver; @@ -79,8 +80,10 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment private KeyguardManager mKeyguardManager; private int mTrustAllCaUserId; - + private static final String SAVED_CONFIRMED_CREDENTIAL_USERS = "ConfirmedCredentialUsers"; + private static final String SAVED_CONFIRMING_CREDENTIAL_USER = "ConfirmingCredentialUser"; private static final String USER_ACTION = "com.android.settings.TRUSTED_CREDENTIALS_USER"; + private static final int REQUEST_CONFIRM_CREDENTIALS = 1; @Override protected int getMetricsCategory() { @@ -154,6 +157,8 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment private TabHost mTabHost; private ArrayList mGroupAdapters = new ArrayList<>(2); private AliasOperation mAliasOperation; + private ArraySet mConfirmedCredentialUsers; + private int mConfirmingCredentialUser; private Set mAliasLoaders = new ArraySet(2); private final SparseArray mKeyChainConnectionByProfileId = new SparseArray(); @@ -182,6 +187,17 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment .getSystemService(Context.KEYGUARD_SERVICE); mTrustAllCaUserId = getActivity().getIntent().getIntExtra(ARG_SHOW_NEW_FOR_USER, UserHandle.USER_NULL); + mConfirmedCredentialUsers = new ArraySet<>(2); + mConfirmingCredentialUser = UserHandle.USER_NULL; + if (savedInstanceState != null) { + mConfirmingCredentialUser = savedInstanceState.getInt(SAVED_CONFIRMING_CREDENTIAL_USER, + UserHandle.USER_NULL); + ArrayList users = savedInstanceState.getIntegerArrayList( + SAVED_CONFIRMED_CREDENTIAL_USERS); + if (users != null) { + mConfirmedCredentialUsers.addAll(users); + } + } IntentFilter filter = new IntentFilter(); filter.addAction(Intent.ACTION_MANAGED_PROFILE_AVAILABLE); @@ -190,6 +206,14 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment getActivity().registerReceiver(mWorkProfileChangedReceiver, filter); } + @Override + public void onSaveInstanceState(Bundle outState) { + super.onSaveInstanceState(outState); + outState.putIntegerArrayList(SAVED_CONFIRMED_CREDENTIAL_USERS, new ArrayList<>( + mConfirmedCredentialUsers)); + outState.putInt(SAVED_CONFIRMING_CREDENTIAL_USER, mConfirmingCredentialUser); + } + @Override public View onCreateView( LayoutInflater inflater, ViewGroup parent, Bundle savedInstanceState) { mTabHost = (TabHost) inflater.inflate(R.layout.trusted_credentials, parent, false); @@ -219,6 +243,16 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment super.onDestroy(); } + @Override + public void onActivityResult(int requestCode, int resultCode, Intent data) { + if (requestCode == REQUEST_CONFIRM_CREDENTIALS) { + if (resultCode == Activity.RESULT_OK) { + mConfirmedCredentialUsers.add(mConfirmingCredentialUser); + } + mConfirmingCredentialUser = UserHandle.USER_NULL; + } + } + private void closeKeyChainConnections() { final int n = mKeyChainConnectionByProfileId.size(); for (int i = 0; i < n; ++i) { @@ -262,14 +296,18 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment } /** - * Start work challenge activity. TODO: Move and refactor this method as a util function. + * Start work challenge activity. + * @return true if screenlock exists */ - private void startWorkChallenge(int userId) { + private boolean startConfirmCredential(int userId) { final Intent newIntent = mKeyguardManager.createConfirmDeviceCredentialIntent(null, null, userId); - newIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK - | Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS | Intent.FLAG_ACTIVITY_CLEAR_TASK); - getActivity().startActivity(newIntent); + if (newIntent == null) { + return false; + } + mConfirmingCredentialUser = userId; + startActivityForResult(newIntent, REQUEST_CONFIRM_CREDENTIALS); + return true; } /** @@ -303,7 +341,8 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment } @Override public CertHolder getChild(int groupPosition, int childPosition) { - return mData.mCertHoldersByUserId.get(getUserIdByGroup(groupPosition)).get(childPosition); + return mData.mCertHoldersByUserId.get(getUserIdByGroup(groupPosition)).get( + childPosition); } @Override public long getGroupId(int groupPosition) { @@ -386,18 +425,27 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment } public boolean checkGroupExpandableAndStartWarningActivity(int groupPosition) { + return checkGroupExpandableAndStartWarningActivity(groupPosition, true); + } + + public boolean checkGroupExpandableAndStartWarningActivity(int groupPosition, + boolean startActivity) { final UserHandle groupUser = getGroup(groupPosition); final int groupUserId = groupUser.getIdentifier(); if (mUserManager.isQuietModeEnabled(groupUser)) { final Intent intent = UnlaunchableAppActivity.createInQuietModeDialogIntent( groupUserId); - getActivity().startActivity(intent); + if (startActivity) { + getActivity().startActivity(intent); + } return false; } else if (!mUserManager.isUserUnlocked(groupUser)) { final LockPatternUtils lockPatternUtils = new LockPatternUtils( getActivity()); if (lockPatternUtils.isSeparateProfileChallengeEnabled(groupUserId)) { - startWorkChallenge(groupUserId); + if (startActivity) { + startConfirmCredential(groupUserId); + } return false; } } @@ -548,7 +596,8 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment } public void prepare() { - mIsListExpanded = checkGroupExpandableAndStartWarningActivity(); + mIsListExpanded = mParent.checkGroupExpandableAndStartWarningActivity(mGroupPosition, + false /* startActivity */); refreshViews(); } @@ -890,6 +939,15 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment new AliasOperation(certHolder).execute(); } + @Override + public boolean startConfirmCredentialIfNotConfirmed(int userId) { + if (mConfirmedCredentialUsers.contains(userId)) { + // Credential has been confirmed. Don't start activity. + return false; + } + return startConfirmCredential(userId); + } + private class AliasOperation extends AsyncTask { private final CertHolder mCertHolder;