Add policy transparency to Settings > device administrators
In Settings > device administrators: if the user wants to remove a work profile but DISALLOW_REMOVE_MANAGED_PROFILE is set: show policy transparency. BUG:33925172 BUG:34455202 Test: manual Change-Id: Ifbb9806e92e759039d592af29568bffce5fbb92a
This commit is contained in:
Nicolas Prevot
@@ -129,14 +129,25 @@
|
||||
android:orientation="vertical"
|
||||
android:divider="?android:attr/dividerHorizontal"
|
||||
android:showDividers="beginning|middle|end">
|
||||
<LinearLayout
|
||||
android:id="@+id/restricted_action"
|
||||
android:layout_width="wrap_content"
|
||||
android:layout_height="wrap_content"
|
||||
android:orientation="horizontal"
|
||||
android:gravity="center_vertical">
|
||||
<Button android:id="@+id/action_button"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:layout_gravity="start"
|
||||
android:gravity="start|center_vertical"
|
||||
android:maxLines="2"
|
||||
style="?android:attr/buttonBarButtonStyle"
|
||||
android:clickable="false"
|
||||
android:focusable="false"
|
||||
android:textAllCaps="false"
|
||||
android:layout_height="wrap_content" />
|
||||
/>
|
||||
<include layout="@layout/restricted_icon" />
|
||||
</LinearLayout>
|
||||
<Button android:id="@+id/cancel_button"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_gravity="end"
|
||||
|
||||
@@ -61,8 +61,10 @@ import android.widget.TextView;
|
||||
import com.android.internal.logging.nano.MetricsProto;
|
||||
import com.android.settings.core.instrumentation.MetricsFeatureProvider;
|
||||
import com.android.settings.overlay.FeatureFactory;
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.users.UserDialogs;
|
||||
|
||||
import com.android.settingslib.RestrictedLockUtils;
|
||||
import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
|
||||
import org.xmlpull.v1.XmlPullParserException;
|
||||
|
||||
import java.io.IOException;
|
||||
@@ -345,13 +347,26 @@ public class DeviceAdminAdd extends Activity {
|
||||
});
|
||||
|
||||
mActionButton = (Button) findViewById(R.id.action_button);
|
||||
mActionButton.setFilterTouchesWhenObscured(true);
|
||||
mActionButton.setOnClickListener(new View.OnClickListener() {
|
||||
|
||||
final View restrictedAction = findViewById(R.id.restricted_action);
|
||||
restrictedAction.setFilterTouchesWhenObscured(true);
|
||||
restrictedAction.setOnClickListener(new View.OnClickListener() {
|
||||
public void onClick(View v) {
|
||||
if (mAdding) {
|
||||
addAndFinish();
|
||||
} else if (isManagedProfile(mDeviceAdmin)
|
||||
&& mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {
|
||||
if (hasBaseCantRemoveProfileRestriction()) {
|
||||
// If DISALLOW_REMOVE_MANAGED_PROFILE is set by the system, there's no
|
||||
// point showing a dialog saying it's disabled by an admin.
|
||||
return;
|
||||
}
|
||||
EnforcedAdmin enforcedAdmin = getAdminEnforcingCantRemoveProfile();
|
||||
if (enforcedAdmin != null) {
|
||||
RestrictedLockUtils.sendShowAdminSupportDetailsIntent(DeviceAdminAdd.this,
|
||||
enforcedAdmin);
|
||||
return;
|
||||
}
|
||||
final int userId = UserHandle.myUserId();
|
||||
UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,
|
||||
new DialogInterface.OnClickListener() {
|
||||
@@ -522,6 +537,7 @@ public class DeviceAdminAdd extends Activity {
|
||||
}
|
||||
|
||||
void updateInterface() {
|
||||
findViewById(R.id.restricted_icon).setVisibility(View.GONE);
|
||||
mAdminIcon.setImageDrawable(mDeviceAdmin.loadIcon(getPackageManager()));
|
||||
mAdminName.setText(mDeviceAdmin.loadLabel(getPackageManager()));
|
||||
try {
|
||||
@@ -551,6 +567,13 @@ public class DeviceAdminAdd extends Activity {
|
||||
// Profile owner in a managed profile, user can remove profile to disable admin.
|
||||
mAdminWarning.setText(R.string.admin_profile_owner_message);
|
||||
mActionButton.setText(R.string.remove_managed_profile_label);
|
||||
|
||||
final EnforcedAdmin admin = getAdminEnforcingCantRemoveProfile();
|
||||
final boolean hasBaseRestriction = hasBaseCantRemoveProfileRestriction();
|
||||
if (admin != null && !hasBaseRestriction) {
|
||||
findViewById(R.id.restricted_icon).setVisibility(View.VISIBLE);
|
||||
}
|
||||
mActionButton.setEnabled(admin == null && !hasBaseRestriction);
|
||||
} else if (isProfileOwner || mDeviceAdmin.getComponent().equals(
|
||||
mDPM.getDeviceOwnerComponentOnCallingUser())) {
|
||||
// Profile owner in a user or device owner, user can't disable admin.
|
||||
@@ -601,6 +624,22 @@ public class DeviceAdminAdd extends Activity {
|
||||
}
|
||||
}
|
||||
|
||||
private EnforcedAdmin getAdminEnforcingCantRemoveProfile() {
|
||||
// Removing a managed profile is disallowed if DISALLOW_REMOVE_MANAGED_PROFILE
|
||||
// is set in the parent rather than the user itself.
|
||||
return RestrictedLockUtils.checkIfRestrictionEnforced(this,
|
||||
UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, getParentUserId());
|
||||
}
|
||||
|
||||
private boolean hasBaseCantRemoveProfileRestriction() {
|
||||
return RestrictedLockUtils.hasBaseUserRestriction(this,
|
||||
UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, getParentUserId());
|
||||
}
|
||||
|
||||
private int getParentUserId() {
|
||||
return UserManager.get(this).getProfileParent(UserHandle.myUserId()).id;
|
||||
}
|
||||
|
||||
private void addDeviceAdminPolicies(boolean showDescription) {
|
||||
if (!mAdminPoliciesInitialized) {
|
||||
boolean isAdminUser = UserManager.get(this).isAdminUser();
|
||||
|
||||
Reference in New Issue
Block a user