Merge "[MTE] allow device policy to control setting"

2022-12-15 18:40:14 +00:00
parent 2f96743835 8b9d792692
commit 2be085005b
7 changed files with 109 additions and 3 deletions
--- a/res/xml/memtag_page.xml
+++ b/res/xml/memtag_page.xml
@@ -23,7 +23,7 @@
        android:title="@string/memtag_intro"
        settings:searchable="false"/>

-    <SwitchPreference
+    <com.android.settingslib.RestrictedSwitchPreference
        android:id="@+id/memtag_page_switch"
        android:key="memtag"
        android:title="@string/memtag_toggle"
--- a/res/xml/security_advanced_settings.xml
+++ b/res/xml/security_advanced_settings.xml
@@ -107,7 +107,7 @@
        settings:isPreferenceVisible="@bool/config_show_sim_info"
        settings:controller="com.android.settings.security.ConfirmSimDeletionPreferenceController" />

-  <Preference
+  <com.android.settingslib.RestrictedPreference
        android:order="100"
        android:id="@+id/memtag_page"
        android:key="memtag_page"
--- a/src/com/android/settings/security/MemtagPagePreferenceController.java
+++ b/src/com/android/settings/security/MemtagPagePreferenceController.java
@@ -16,12 +16,16 @@

 package com.android.settings.security;

+import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+
 import android.content.Context;

 import androidx.preference.Preference;
 import androidx.preference.PreferenceScreen;

 import com.android.settings.core.BasePreferenceController;
+import com.android.settingslib.RestrictedLockUtilsInternal;
+import com.android.settingslib.RestrictedPreference;

 public class MemtagPagePreferenceController extends BasePreferenceController {
    static final String KEY_MEMTAG = "memtag_page";
@@ -39,6 +43,10 @@ public class MemtagPagePreferenceController extends BasePreferenceController {
    public void displayPreference(PreferenceScreen screen) {
        super.displayPreference(screen);
        Preference preference = screen.findPreference(getPreferenceKey());
+        EnforcedAdmin admin = RestrictedLockUtilsInternal.checkIfMteIsDisabled(mContext);
+        if (admin != null) {
+            ((RestrictedPreference) preference).setDisabledByAdmin(admin);
+        }
        refreshSummary(preference);
    }

--- a/src/com/android/settings/security/MemtagPreferenceController.java
+++ b/src/com/android/settings/security/MemtagPreferenceController.java
@@ -16,6 +16,8 @@

 package com.android.settings.security;

+import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+
 import android.content.Context;

 import androidx.fragment.app.Fragment;
@@ -24,6 +26,8 @@ import androidx.preference.PreferenceScreen;

 import com.android.settings.R;
 import com.android.settings.core.TogglePreferenceController;
+import com.android.settingslib.RestrictedLockUtilsInternal;
+import com.android.settingslib.RestrictedSwitchPreference;

 public class MemtagPreferenceController extends TogglePreferenceController {
    private Preference mPreference;
@@ -74,6 +78,12 @@ public class MemtagPreferenceController extends TogglePreferenceController {
    @Override
    public void updateState(Preference preference) {
        super.updateState(preference);
+        EnforcedAdmin admin = RestrictedLockUtilsInternal.checkIfMteIsDisabled(mContext);
+        if (admin != null) {
+            // Make sure this is disabled even if the user directly goes to this
+            // page via the android.settings.ADVANCED_MEMORY_PROTECTION_SETTINGS intent.
+            ((RestrictedSwitchPreference) preference).setDisabledByAdmin(admin);
+        }
        refreshSummary(preference);
    }

--- a/tests/robotests/src/com/android/settings/security/MemtagPagePreferenceControllerTest.java
+++ b/tests/robotests/src/com/android/settings/security/MemtagPagePreferenceControllerTest.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import android.content.Context;
+
+import androidx.preference.PreferenceManager;
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.testutils.shadow.ShadowRestrictedLockUtilsInternal;
+import com.android.settingslib.RestrictedPreference;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.RuntimeEnvironment;
+import org.robolectric.annotation.Config;
+import org.robolectric.shadows.ShadowSystemProperties;
+
+@RunWith(RobolectricTestRunner.class)
+@Config(shadows = {ShadowRestrictedLockUtilsInternal.class})
+public class MemtagPagePreferenceControllerTest {
+    private final String mMemtagSupportedProperty = "ro.arm64.memtag.bootctl_supported";
+
+    private MemtagPagePreferenceController mController;
+    private Context mContext;
+
+    private static final String FRAGMENT_TAG = "memtag_page";
+
+    @Before
+    public void setUp() {
+        ShadowSystemProperties.override(mMemtagSupportedProperty, "true");
+
+        mContext = RuntimeEnvironment.application;
+        mController = new MemtagPagePreferenceController(mContext, FRAGMENT_TAG);
+    }
+
+    @Test
+    public void displayPreference_disabledByAdmin_disablesPreference() {
+        ShadowRestrictedLockUtilsInternal.setMteIsDisabled(true);
+        RestrictedPreference preference = new RestrictedPreference(mContext);
+        preference.setKey(mController.getPreferenceKey());
+        PreferenceScreen screen = new PreferenceManager(mContext).createPreferenceScreen(mContext);
+        screen.addPreference(preference);
+
+        mController.displayPreference(screen);
+        assertThat(preference.isDisabledByAdmin()).isTrue();
+    }
+}
--- a/tests/robotests/src/com/android/settings/security/MemtagPreferenceControllerTest.java
+++ b/tests/robotests/src/com/android/settings/security/MemtagPreferenceControllerTest.java
@@ -32,6 +32,8 @@ import androidx.test.rule.ActivityTestRule;

 import com.android.settings.R;
 import com.android.settings.testutils.shadow.ShadowDeviceConfig;
+import com.android.settings.testutils.shadow.ShadowRestrictedLockUtilsInternal;
+import com.android.settingslib.RestrictedSwitchPreference;
 import com.android.settingslib.testutils.shadow.ShadowInteractionJankMonitor;

 import org.junit.Before;
@@ -48,7 +50,8 @@ import org.robolectric.shadows.ShadowSystemProperties;
        shadows = {
            ZygoteShadow.class,
            ShadowDeviceConfig.class,
-            ShadowInteractionJankMonitor.class
+            ShadowInteractionJankMonitor.class,
+            ShadowRestrictedLockUtilsInternal.class
        })
 public class MemtagPreferenceControllerTest {
    private final String mMemtagSupportedProperty = "ro.arm64.memtag.bootctl_supported";
@@ -145,6 +148,14 @@ public class MemtagPreferenceControllerTest {
        onView(withText(R.string.memtag_reboot_title)).inRoot(isDialog()).check(doesNotExist());
    }

+    @Test
+    public void updateState_disabledByAdmin_disablesPreference() {
+        ShadowRestrictedLockUtilsInternal.setMteIsDisabled(true);
+        RestrictedSwitchPreference preference = new RestrictedSwitchPreference(mContext);
+        mController.updateState(preference);
+        assertThat(preference.isDisabledByAdmin()).isTrue();
+    }
+
    private static final class TestActivity extends FragmentActivity {

        private static final int CONTAINER_VIEW_ID = 1234;
--- a/tests/robotests/src/com/android/settings/testutils/shadow/ShadowRestrictedLockUtilsInternal.java
+++ b/tests/robotests/src/com/android/settings/testutils/shadow/ShadowRestrictedLockUtilsInternal.java
@@ -33,6 +33,7 @@ public class ShadowRestrictedLockUtilsInternal {
    private static boolean sIsRestricted;
    private static boolean sHasSystemFeature;
    private static boolean sMaximumTimeToLockIsSet;
+    private static boolean sMteOverridden;
    private static String[] sRestrictedPkgs;
    private static DevicePolicyManager sDevicePolicyManager;
    private static String[] sDisabledTypes;
@@ -45,6 +46,7 @@ public class ShadowRestrictedLockUtilsInternal {
        sKeyguardDisabledFeatures = 0;
        sDisabledTypes = new String[0];
        sMaximumTimeToLockIsSet = false;
+        sMteOverridden = false;
    }

    @Implementation
@@ -101,6 +103,11 @@ public class ShadowRestrictedLockUtilsInternal {
        return sMaximumTimeToLockIsSet ? new EnforcedAdmin() : null;
    }

+    @Implementation
+    public static EnforcedAdmin checkIfMteIsDisabled(Context context) {
+        return sMteOverridden ? new EnforcedAdmin() : null;
+    }
+
    public static void setRestricted(boolean restricted) {
        sIsRestricted = restricted;
    }
@@ -132,4 +139,8 @@ public class ShadowRestrictedLockUtilsInternal {
    public static void setMaximumTimeToLockIsSet(boolean isSet) {
        sMaximumTimeToLockIsSet = isSet;
    }
+
+    public static void setMteIsDisabled(boolean isSet) {
+        sMteOverridden = isSet;
+    }
 }