[AAPM] Update ActionDisabledByAdminDialog and ExternalSourcesDetails strings
The new advanced protection support intent will be launched by the existing ActionDisabledByAdminDialog if the enforcing admin of a certain restriction is advanced protection. To determine that, Change-Id If931dcddad508f88aac1280b587da4767b937875 introduces an API to query the enforcing admin. In addition, this change updates ExternalSourcesDetails to display a disabled by advanced protection string in the preference summary. Tests will be written in a follow up change. Bug: 358229113 Bug: 369361373 Test: manual Test: atest ActionDisabledByAdminDialogTest Test: atest ExternalSourcesDetailsTest Test: atest LocationInjectedServicesPreferenceControllerTest Flag: android.security.aapm_api Flag: android.security.aapm_feature_disable_install_unknown_sources Change-Id: Icedef421d65f7ccde6562734e39a87d4458567ff
This commit is contained in:
Azhara Assanova
@@ -134,6 +134,7 @@ android_library {
|
|||||||
"aconfig_settings_flags",
|
"aconfig_settings_flags",
|
||||||
"android.app.flags-aconfig",
|
"android.app.flags-aconfig",
|
||||||
"android.provider.flags-aconfig",
|
"android.provider.flags-aconfig",
|
||||||
|
"android.security.flags-aconfig",
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -17,6 +17,8 @@ package com.android.settings.applications.appinfo;
|
|||||||
|
|
||||||
import static android.app.Activity.RESULT_CANCELED;
|
import static android.app.Activity.RESULT_CANCELED;
|
||||||
import static android.app.Activity.RESULT_OK;
|
import static android.app.Activity.RESULT_OK;
|
||||||
|
import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES;
|
||||||
|
import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY;
|
||||||
|
|
||||||
import android.app.AppOpsManager;
|
import android.app.AppOpsManager;
|
||||||
import android.app.settings.SettingsEnums;
|
import android.app.settings.SettingsEnums;
|
||||||
@@ -34,6 +36,7 @@ import com.android.settings.Settings;
|
|||||||
import com.android.settings.applications.AppInfoWithHeader;
|
import com.android.settings.applications.AppInfoWithHeader;
|
||||||
import com.android.settings.applications.AppStateInstallAppsBridge;
|
import com.android.settings.applications.AppStateInstallAppsBridge;
|
||||||
import com.android.settings.applications.AppStateInstallAppsBridge.InstallAppsState;
|
import com.android.settings.applications.AppStateInstallAppsBridge.InstallAppsState;
|
||||||
|
import com.android.settingslib.RestrictedLockUtilsInternal;
|
||||||
import com.android.settingslib.RestrictedSwitchPreference;
|
import com.android.settingslib.RestrictedSwitchPreference;
|
||||||
import com.android.settingslib.applications.ApplicationsState.AppEntry;
|
import com.android.settingslib.applications.ApplicationsState.AppEntry;
|
||||||
|
|
||||||
@@ -82,15 +85,34 @@ public class ExternalSourcesDetails extends AppInfoWithHeader
|
|||||||
public static CharSequence getPreferenceSummary(Context context, AppEntry entry) {
|
public static CharSequence getPreferenceSummary(Context context, AppEntry entry) {
|
||||||
final UserHandle userHandle = UserHandle.getUserHandleForUid(entry.info.uid);
|
final UserHandle userHandle = UserHandle.getUserHandleForUid(entry.info.uid);
|
||||||
final UserManager um = UserManager.get(context);
|
final UserManager um = UserManager.get(context);
|
||||||
final int userRestrictionSource = um.getUserRestrictionSource(
|
if (android.security.Flags.aapmFeatureDisableInstallUnknownSources()) {
|
||||||
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)
|
if (um.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) {
|
||||||
| um.getUserRestrictionSource(
|
return context.getString(com.android.settingslib.R.string.disabled);
|
||||||
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,
|
} else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) {
|
||||||
userHandle);
|
return context.getString(
|
||||||
if ((userRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
|
com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
||||||
return context.getString(com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
} else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,
|
||||||
} else if (userRestrictionSource != 0) {
|
userHandle)) {
|
||||||
return context.getString(com.android.settingslib.R.string.disabled);
|
if (RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(context,
|
||||||
|
DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle.getIdentifier())) {
|
||||||
|
return context.getString(com.android.settingslib.widget.restricted
|
||||||
|
.R.string.disabled_by_advanced_protection);
|
||||||
|
} else {
|
||||||
|
return context.getString(
|
||||||
|
com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
final int userRestrictionSource = um.getUserRestrictionSource(
|
||||||
|
DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)
|
||||||
|
| um.getUserRestrictionSource(
|
||||||
|
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle);
|
||||||
|
if ((userRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
|
||||||
|
return context.getString(
|
||||||
|
com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
||||||
|
} else if (userRestrictionSource != 0) {
|
||||||
|
return context.getString(com.android.settingslib.R.string.disabled);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
final InstallAppsState appsState = new AppStateInstallAppsBridge(context, null, null)
|
final InstallAppsState appsState = new AppStateInstallAppsBridge(context, null, null)
|
||||||
.createInstallAppsStateFor(entry.info.packageName, entry.info.uid);
|
.createInstallAppsStateFor(entry.info.packageName, entry.info.uid);
|
||||||
@@ -110,14 +132,14 @@ public class ExternalSourcesDetails extends AppInfoWithHeader
|
|||||||
if (mPackageInfo == null || mPackageInfo.applicationInfo == null) {
|
if (mPackageInfo == null || mPackageInfo.applicationInfo == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (mUserManager.hasBaseUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
|
if (mUserManager.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES,
|
||||||
UserHandle.of(UserHandle.myUserId()))) {
|
UserHandle.of(UserHandle.myUserId()))) {
|
||||||
mSwitchPref.setChecked(false);
|
mSwitchPref.setChecked(false);
|
||||||
mSwitchPref.setSummary(com.android.settingslib.R.string.disabled);
|
mSwitchPref.setSummary(com.android.settingslib.R.string.disabled);
|
||||||
mSwitchPref.setEnabled(false);
|
mSwitchPref.setEnabled(false);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
mSwitchPref.checkRestrictionAndSetDisabled(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
|
mSwitchPref.checkRestrictionAndSetDisabled(DISALLOW_INSTALL_UNKNOWN_SOURCES);
|
||||||
if (!mSwitchPref.isDisabledByAdmin()) {
|
if (!mSwitchPref.isDisabledByAdmin()) {
|
||||||
mSwitchPref.checkRestrictionAndSetDisabled(
|
mSwitchPref.checkRestrictionAndSetDisabled(
|
||||||
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY);
|
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY);
|
||||||
|
|||||||
@@ -16,12 +16,18 @@
|
|||||||
|
|
||||||
package com.android.settings.enterprise;
|
package com.android.settings.enterprise;
|
||||||
|
|
||||||
|
import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY;
|
||||||
|
|
||||||
import android.app.Activity;
|
import android.app.Activity;
|
||||||
import android.app.admin.DevicePolicyManager;
|
import android.app.admin.DevicePolicyManager;
|
||||||
|
import android.app.admin.EnforcingAdmin;
|
||||||
|
import android.app.admin.UnknownAuthority;
|
||||||
|
import android.content.ComponentName;
|
||||||
import android.content.DialogInterface;
|
import android.content.DialogInterface;
|
||||||
import android.content.Intent;
|
import android.content.Intent;
|
||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.os.UserHandle;
|
import android.os.UserHandle;
|
||||||
|
import android.security.advancedprotection.AdvancedProtectionManager;
|
||||||
|
|
||||||
import com.android.settingslib.RestrictedLockUtils;
|
import com.android.settingslib.RestrictedLockUtils;
|
||||||
import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
|
import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
|
||||||
@@ -53,37 +59,67 @@ public class ActionDisabledByAdminDialog extends Activity
|
|||||||
|
|
||||||
@androidx.annotation.VisibleForTesting
|
@androidx.annotation.VisibleForTesting
|
||||||
EnforcedAdmin getAdminDetailsFromIntent(Intent intent) {
|
EnforcedAdmin getAdminDetailsFromIntent(Intent intent) {
|
||||||
final EnforcedAdmin admin = new EnforcedAdmin(null, UserHandle.of(UserHandle.myUserId()));
|
final EnforcedAdmin enforcedAdmin = new EnforcedAdmin(null, UserHandle.of(
|
||||||
|
UserHandle.myUserId()));
|
||||||
if (intent == null) {
|
if (intent == null) {
|
||||||
return admin;
|
return enforcedAdmin;
|
||||||
}
|
}
|
||||||
admin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN);
|
enforcedAdmin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,
|
||||||
|
ComponentName.class);
|
||||||
int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
|
int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
|
||||||
|
|
||||||
Bundle adminDetails = null;
|
Bundle adminDetails = null;
|
||||||
if (admin.component == null) {
|
if (enforcedAdmin.component == null) {
|
||||||
DevicePolicyManager devicePolicyManager = getSystemService(DevicePolicyManager.class);
|
DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class);
|
||||||
adminDetails = devicePolicyManager.getEnforcingAdminAndUserDetails(userId,
|
final String restriction = getRestrictionFromIntent(intent);
|
||||||
getRestrictionFromIntent(intent));
|
if (android.security.Flags.aapmApi() && dpm != null && restriction != null) {
|
||||||
if (adminDetails != null) {
|
// TODO(b/381025131): Move advanced protection logic to DevicePolicyManager or
|
||||||
admin.component = adminDetails.getParcelable(
|
// elsewhere.
|
||||||
DevicePolicyManager.EXTRA_DEVICE_ADMIN);
|
launchAdvancedProtectionDialogOrTryToSetAdminComponent(dpm, userId, restriction,
|
||||||
|
enforcedAdmin);
|
||||||
|
} else {
|
||||||
|
adminDetails = dpm.getEnforcingAdminAndUserDetails(userId, restriction);
|
||||||
|
if (adminDetails != null) {
|
||||||
|
enforcedAdmin.component = adminDetails.getParcelable(
|
||||||
|
DevicePolicyManager.EXTRA_DEVICE_ADMIN, ComponentName.class);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (intent.hasExtra(Intent.EXTRA_USER)) {
|
if (intent.hasExtra(Intent.EXTRA_USER)) {
|
||||||
admin.user = intent.getParcelableExtra(Intent.EXTRA_USER);
|
enforcedAdmin.user = intent.getParcelableExtra(Intent.EXTRA_USER, UserHandle.class);
|
||||||
} else {
|
} else {
|
||||||
if (adminDetails != null) {
|
if (adminDetails != null) {
|
||||||
userId = adminDetails.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId());
|
userId = adminDetails.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId());
|
||||||
}
|
}
|
||||||
if (userId == UserHandle.USER_NULL) {
|
if (userId == UserHandle.USER_NULL) {
|
||||||
admin.user = null;
|
enforcedAdmin.user = null;
|
||||||
} else {
|
} else {
|
||||||
admin.user = UserHandle.of(userId);
|
enforcedAdmin.user = UserHandle.of(userId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return admin;
|
return enforcedAdmin;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void launchAdvancedProtectionDialogOrTryToSetAdminComponent(DevicePolicyManager dpm,
|
||||||
|
int userId, String restriction, EnforcedAdmin enforcedAdmin) {
|
||||||
|
EnforcingAdmin enforcingAdmin = dpm.getEnforcingAdmin(userId, restriction);
|
||||||
|
if (enforcingAdmin == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (enforcingAdmin.getAuthority() instanceof UnknownAuthority authority
|
||||||
|
&& ADVANCED_PROTECTION_SYSTEM_ENTITY.equals(authority.getName())) {
|
||||||
|
AdvancedProtectionManager apm = getSystemService(AdvancedProtectionManager.class);
|
||||||
|
if (apm == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
Intent apmSupportIntent = apm.createSupportIntentForPolicyIdentifierOrRestriction(
|
||||||
|
restriction, /* type */ null);
|
||||||
|
startActivityAsUser(apmSupportIntent, UserHandle.of(userId));
|
||||||
|
finish();
|
||||||
|
} else {
|
||||||
|
enforcedAdmin.component = enforcingAdmin.getComponentName();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@androidx.annotation.VisibleForTesting
|
@androidx.annotation.VisibleForTesting
|
||||||
|
|||||||
@@ -26,6 +26,7 @@ import static org.mockito.Mockito.verify;
|
|||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
import android.app.admin.DevicePolicyManager;
|
import android.app.admin.DevicePolicyManager;
|
||||||
|
import android.app.admin.DevicePolicyResourcesManager;
|
||||||
import android.content.ComponentName;
|
import android.content.ComponentName;
|
||||||
import android.content.Context;
|
import android.content.Context;
|
||||||
import android.content.pm.UserInfo;
|
import android.content.pm.UserInfo;
|
||||||
@@ -83,6 +84,8 @@ public class LocationInjectedServicesPreferenceControllerTest {
|
|||||||
private AppSettingsInjector mSettingsInjector;
|
private AppSettingsInjector mSettingsInjector;
|
||||||
@Mock
|
@Mock
|
||||||
private DevicePolicyManager mDevicePolicyManager;
|
private DevicePolicyManager mDevicePolicyManager;
|
||||||
|
@Mock
|
||||||
|
private DevicePolicyResourcesManager mDevicePolicyResourcesManager;
|
||||||
|
|
||||||
private Context mContext;
|
private Context mContext;
|
||||||
private LocationInjectedServicesPreferenceController mController;
|
private LocationInjectedServicesPreferenceController mController;
|
||||||
@@ -104,6 +107,7 @@ public class LocationInjectedServicesPreferenceControllerTest {
|
|||||||
when(mCategoryPrimary.getKey()).thenReturn(key);
|
when(mCategoryPrimary.getKey()).thenReturn(key);
|
||||||
when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE))
|
when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE))
|
||||||
.thenReturn(mDevicePolicyManager);
|
.thenReturn(mDevicePolicyManager);
|
||||||
|
when(mDevicePolicyManager.getResources()).thenReturn(mDevicePolicyResourcesManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -276,6 +280,7 @@ public class LocationInjectedServicesPreferenceControllerTest {
|
|||||||
UserHandle.of(userId),
|
UserHandle.of(userId),
|
||||||
enforcingUsers);
|
enforcingUsers);
|
||||||
when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser()).thenReturn(componentName);
|
when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser()).thenReturn(componentName);
|
||||||
|
when(mDevicePolicyResourcesManager.getString(any(), any())).thenReturn(any());
|
||||||
|
|
||||||
mController.displayPreference(mScreen);
|
mController.displayPreference(mScreen);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user