diff --git a/Android.bp b/Android.bp index e81ef9e2f06..fccbfca4dab 100644 --- a/Android.bp +++ b/Android.bp @@ -134,6 +134,7 @@ android_library { "aconfig_settings_flags", "android.app.flags-aconfig", "android.provider.flags-aconfig", + "android.security.flags-aconfig", ], } diff --git a/src/com/android/settings/applications/appinfo/ExternalSourcesDetails.java b/src/com/android/settings/applications/appinfo/ExternalSourcesDetails.java index 9a41f2519bf..826583df866 100644 --- a/src/com/android/settings/applications/appinfo/ExternalSourcesDetails.java +++ b/src/com/android/settings/applications/appinfo/ExternalSourcesDetails.java @@ -17,6 +17,8 @@ package com.android.settings.applications.appinfo; import static android.app.Activity.RESULT_CANCELED; import static android.app.Activity.RESULT_OK; +import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES; +import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY; import android.app.AppOpsManager; import android.app.settings.SettingsEnums; @@ -34,6 +36,7 @@ import com.android.settings.Settings; import com.android.settings.applications.AppInfoWithHeader; import com.android.settings.applications.AppStateInstallAppsBridge; import com.android.settings.applications.AppStateInstallAppsBridge.InstallAppsState; +import com.android.settingslib.RestrictedLockUtilsInternal; import com.android.settingslib.RestrictedSwitchPreference; import com.android.settingslib.applications.ApplicationsState.AppEntry; @@ -82,15 +85,34 @@ public class ExternalSourcesDetails extends AppInfoWithHeader public static CharSequence getPreferenceSummary(Context context, AppEntry entry) { final UserHandle userHandle = UserHandle.getUserHandleForUid(entry.info.uid); final UserManager um = UserManager.get(context); - final int userRestrictionSource = um.getUserRestrictionSource( - UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle) - | um.getUserRestrictionSource( - UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, - userHandle); - if ((userRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { - return context.getString(com.android.settingslib.widget.restricted.R.string.disabled_by_admin); - } else if (userRestrictionSource != 0) { - return context.getString(com.android.settingslib.R.string.disabled); + if (android.security.Flags.aapmFeatureDisableInstallUnknownSources()) { + if (um.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) { + return context.getString(com.android.settingslib.R.string.disabled); + } else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) { + return context.getString( + com.android.settingslib.widget.restricted.R.string.disabled_by_admin); + } else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, + userHandle)) { + if (RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(context, + DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle.getIdentifier())) { + return context.getString(com.android.settingslib.widget.restricted + .R.string.disabled_by_advanced_protection); + } else { + return context.getString( + com.android.settingslib.widget.restricted.R.string.disabled_by_admin); + } + } + } else { + final int userRestrictionSource = um.getUserRestrictionSource( + DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle) + | um.getUserRestrictionSource( + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle); + if ((userRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { + return context.getString( + com.android.settingslib.widget.restricted.R.string.disabled_by_admin); + } else if (userRestrictionSource != 0) { + return context.getString(com.android.settingslib.R.string.disabled); + } } final InstallAppsState appsState = new AppStateInstallAppsBridge(context, null, null) .createInstallAppsStateFor(entry.info.packageName, entry.info.uid); @@ -110,14 +132,14 @@ public class ExternalSourcesDetails extends AppInfoWithHeader if (mPackageInfo == null || mPackageInfo.applicationInfo == null) { return false; } - if (mUserManager.hasBaseUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, + if (mUserManager.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES, UserHandle.of(UserHandle.myUserId()))) { mSwitchPref.setChecked(false); mSwitchPref.setSummary(com.android.settingslib.R.string.disabled); mSwitchPref.setEnabled(false); return true; } - mSwitchPref.checkRestrictionAndSetDisabled(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES); + mSwitchPref.checkRestrictionAndSetDisabled(DISALLOW_INSTALL_UNKNOWN_SOURCES); if (!mSwitchPref.isDisabledByAdmin()) { mSwitchPref.checkRestrictionAndSetDisabled( UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY); diff --git a/src/com/android/settings/enterprise/ActionDisabledByAdminDialog.java b/src/com/android/settings/enterprise/ActionDisabledByAdminDialog.java index c4bef25b1cc..e05ae71a05a 100644 --- a/src/com/android/settings/enterprise/ActionDisabledByAdminDialog.java +++ b/src/com/android/settings/enterprise/ActionDisabledByAdminDialog.java @@ -16,12 +16,18 @@ package com.android.settings.enterprise; +import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY; + import android.app.Activity; import android.app.admin.DevicePolicyManager; +import android.app.admin.EnforcingAdmin; +import android.app.admin.UnknownAuthority; +import android.content.ComponentName; import android.content.DialogInterface; import android.content.Intent; import android.os.Bundle; import android.os.UserHandle; +import android.security.advancedprotection.AdvancedProtectionManager; import com.android.settingslib.RestrictedLockUtils; import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; @@ -53,37 +59,67 @@ public class ActionDisabledByAdminDialog extends Activity @androidx.annotation.VisibleForTesting EnforcedAdmin getAdminDetailsFromIntent(Intent intent) { - final EnforcedAdmin admin = new EnforcedAdmin(null, UserHandle.of(UserHandle.myUserId())); + final EnforcedAdmin enforcedAdmin = new EnforcedAdmin(null, UserHandle.of( + UserHandle.myUserId())); if (intent == null) { - return admin; + return enforcedAdmin; } - admin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN); + enforcedAdmin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, + ComponentName.class); int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId()); Bundle adminDetails = null; - if (admin.component == null) { - DevicePolicyManager devicePolicyManager = getSystemService(DevicePolicyManager.class); - adminDetails = devicePolicyManager.getEnforcingAdminAndUserDetails(userId, - getRestrictionFromIntent(intent)); - if (adminDetails != null) { - admin.component = adminDetails.getParcelable( - DevicePolicyManager.EXTRA_DEVICE_ADMIN); + if (enforcedAdmin.component == null) { + DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class); + final String restriction = getRestrictionFromIntent(intent); + if (android.security.Flags.aapmApi() && dpm != null && restriction != null) { + // TODO(b/381025131): Move advanced protection logic to DevicePolicyManager or + // elsewhere. + launchAdvancedProtectionDialogOrTryToSetAdminComponent(dpm, userId, restriction, + enforcedAdmin); + } else { + adminDetails = dpm.getEnforcingAdminAndUserDetails(userId, restriction); + if (adminDetails != null) { + enforcedAdmin.component = adminDetails.getParcelable( + DevicePolicyManager.EXTRA_DEVICE_ADMIN, ComponentName.class); + } } } if (intent.hasExtra(Intent.EXTRA_USER)) { - admin.user = intent.getParcelableExtra(Intent.EXTRA_USER); + enforcedAdmin.user = intent.getParcelableExtra(Intent.EXTRA_USER, UserHandle.class); } else { if (adminDetails != null) { userId = adminDetails.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId()); } if (userId == UserHandle.USER_NULL) { - admin.user = null; + enforcedAdmin.user = null; } else { - admin.user = UserHandle.of(userId); + enforcedAdmin.user = UserHandle.of(userId); } } - return admin; + return enforcedAdmin; + } + + private void launchAdvancedProtectionDialogOrTryToSetAdminComponent(DevicePolicyManager dpm, + int userId, String restriction, EnforcedAdmin enforcedAdmin) { + EnforcingAdmin enforcingAdmin = dpm.getEnforcingAdmin(userId, restriction); + if (enforcingAdmin == null) { + return; + } + if (enforcingAdmin.getAuthority() instanceof UnknownAuthority authority + && ADVANCED_PROTECTION_SYSTEM_ENTITY.equals(authority.getName())) { + AdvancedProtectionManager apm = getSystemService(AdvancedProtectionManager.class); + if (apm == null) { + return; + } + Intent apmSupportIntent = apm.createSupportIntentForPolicyIdentifierOrRestriction( + restriction, /* type */ null); + startActivityAsUser(apmSupportIntent, UserHandle.of(userId)); + finish(); + } else { + enforcedAdmin.component = enforcingAdmin.getComponentName(); + } } @androidx.annotation.VisibleForTesting diff --git a/tests/robotests/src/com/android/settings/location/LocationInjectedServicesPreferenceControllerTest.java b/tests/robotests/src/com/android/settings/location/LocationInjectedServicesPreferenceControllerTest.java index 375e1520096..1e85fbf5d92 100644 --- a/tests/robotests/src/com/android/settings/location/LocationInjectedServicesPreferenceControllerTest.java +++ b/tests/robotests/src/com/android/settings/location/LocationInjectedServicesPreferenceControllerTest.java @@ -26,6 +26,7 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import android.app.admin.DevicePolicyManager; +import android.app.admin.DevicePolicyResourcesManager; import android.content.ComponentName; import android.content.Context; import android.content.pm.UserInfo; @@ -83,6 +84,8 @@ public class LocationInjectedServicesPreferenceControllerTest { private AppSettingsInjector mSettingsInjector; @Mock private DevicePolicyManager mDevicePolicyManager; + @Mock + private DevicePolicyResourcesManager mDevicePolicyResourcesManager; private Context mContext; private LocationInjectedServicesPreferenceController mController; @@ -104,6 +107,7 @@ public class LocationInjectedServicesPreferenceControllerTest { when(mCategoryPrimary.getKey()).thenReturn(key); when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)) .thenReturn(mDevicePolicyManager); + when(mDevicePolicyManager.getResources()).thenReturn(mDevicePolicyResourcesManager); } @Test @@ -276,6 +280,7 @@ public class LocationInjectedServicesPreferenceControllerTest { UserHandle.of(userId), enforcingUsers); when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser()).thenReturn(componentName); + when(mDevicePolicyResourcesManager.getString(any(), any())).thenReturn(any()); mController.displayPreference(mScreen);