[AAPM] Update ActionDisabledByAdminDialog and ExternalSourcesDetails strings
The new advanced protection support intent will be launched by the existing ActionDisabledByAdminDialog if the enforcing admin of a certain restriction is advanced protection. To determine that, Change-Id If931dcddad508f88aac1280b587da4767b937875 introduces an API to query the enforcing admin. In addition, this change updates ExternalSourcesDetails to display a disabled by advanced protection string in the preference summary. Tests will be written in a follow up change. Bug: 358229113 Bug: 369361373 Test: manual Test: atest ActionDisabledByAdminDialogTest Test: atest ExternalSourcesDetailsTest Test: atest LocationInjectedServicesPreferenceControllerTest Flag: android.security.aapm_api Flag: android.security.aapm_feature_disable_install_unknown_sources Change-Id: Icedef421d65f7ccde6562734e39a87d4458567ff
This commit is contained in:
Azhara Assanova
@@ -134,6 +134,7 @@ android_library {
|
||||
"aconfig_settings_flags",
|
||||
"android.app.flags-aconfig",
|
||||
"android.provider.flags-aconfig",
|
||||
"android.security.flags-aconfig",
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
@@ -17,6 +17,8 @@ package com.android.settings.applications.appinfo;
|
||||
|
||||
import static android.app.Activity.RESULT_CANCELED;
|
||||
import static android.app.Activity.RESULT_OK;
|
||||
import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES;
|
||||
import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY;
|
||||
|
||||
import android.app.AppOpsManager;
|
||||
import android.app.settings.SettingsEnums;
|
||||
@@ -34,6 +36,7 @@ import com.android.settings.Settings;
|
||||
import com.android.settings.applications.AppInfoWithHeader;
|
||||
import com.android.settings.applications.AppStateInstallAppsBridge;
|
||||
import com.android.settings.applications.AppStateInstallAppsBridge.InstallAppsState;
|
||||
import com.android.settingslib.RestrictedLockUtilsInternal;
|
||||
import com.android.settingslib.RestrictedSwitchPreference;
|
||||
import com.android.settingslib.applications.ApplicationsState.AppEntry;
|
||||
|
||||
@@ -82,15 +85,34 @@ public class ExternalSourcesDetails extends AppInfoWithHeader
|
||||
public static CharSequence getPreferenceSummary(Context context, AppEntry entry) {
|
||||
final UserHandle userHandle = UserHandle.getUserHandleForUid(entry.info.uid);
|
||||
final UserManager um = UserManager.get(context);
|
||||
final int userRestrictionSource = um.getUserRestrictionSource(
|
||||
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)
|
||||
| um.getUserRestrictionSource(
|
||||
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,
|
||||
userHandle);
|
||||
if ((userRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
|
||||
return context.getString(com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
||||
} else if (userRestrictionSource != 0) {
|
||||
return context.getString(com.android.settingslib.R.string.disabled);
|
||||
if (android.security.Flags.aapmFeatureDisableInstallUnknownSources()) {
|
||||
if (um.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) {
|
||||
return context.getString(com.android.settingslib.R.string.disabled);
|
||||
} else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) {
|
||||
return context.getString(
|
||||
com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
||||
} else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,
|
||||
userHandle)) {
|
||||
if (RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(context,
|
||||
DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle.getIdentifier())) {
|
||||
return context.getString(com.android.settingslib.widget.restricted
|
||||
.R.string.disabled_by_advanced_protection);
|
||||
} else {
|
||||
return context.getString(
|
||||
com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
final int userRestrictionSource = um.getUserRestrictionSource(
|
||||
DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)
|
||||
| um.getUserRestrictionSource(
|
||||
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle);
|
||||
if ((userRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
|
||||
return context.getString(
|
||||
com.android.settingslib.widget.restricted.R.string.disabled_by_admin);
|
||||
} else if (userRestrictionSource != 0) {
|
||||
return context.getString(com.android.settingslib.R.string.disabled);
|
||||
}
|
||||
}
|
||||
final InstallAppsState appsState = new AppStateInstallAppsBridge(context, null, null)
|
||||
.createInstallAppsStateFor(entry.info.packageName, entry.info.uid);
|
||||
@@ -110,14 +132,14 @@ public class ExternalSourcesDetails extends AppInfoWithHeader
|
||||
if (mPackageInfo == null || mPackageInfo.applicationInfo == null) {
|
||||
return false;
|
||||
}
|
||||
if (mUserManager.hasBaseUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
|
||||
if (mUserManager.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES,
|
||||
UserHandle.of(UserHandle.myUserId()))) {
|
||||
mSwitchPref.setChecked(false);
|
||||
mSwitchPref.setSummary(com.android.settingslib.R.string.disabled);
|
||||
mSwitchPref.setEnabled(false);
|
||||
return true;
|
||||
}
|
||||
mSwitchPref.checkRestrictionAndSetDisabled(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
|
||||
mSwitchPref.checkRestrictionAndSetDisabled(DISALLOW_INSTALL_UNKNOWN_SOURCES);
|
||||
if (!mSwitchPref.isDisabledByAdmin()) {
|
||||
mSwitchPref.checkRestrictionAndSetDisabled(
|
||||
UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY);
|
||||
|
||||
@@ -16,12 +16,18 @@
|
||||
|
||||
package com.android.settings.enterprise;
|
||||
|
||||
import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY;
|
||||
|
||||
import android.app.Activity;
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.app.admin.EnforcingAdmin;
|
||||
import android.app.admin.UnknownAuthority;
|
||||
import android.content.ComponentName;
|
||||
import android.content.DialogInterface;
|
||||
import android.content.Intent;
|
||||
import android.os.Bundle;
|
||||
import android.os.UserHandle;
|
||||
import android.security.advancedprotection.AdvancedProtectionManager;
|
||||
|
||||
import com.android.settingslib.RestrictedLockUtils;
|
||||
import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
|
||||
@@ -53,37 +59,67 @@ public class ActionDisabledByAdminDialog extends Activity
|
||||
|
||||
@androidx.annotation.VisibleForTesting
|
||||
EnforcedAdmin getAdminDetailsFromIntent(Intent intent) {
|
||||
final EnforcedAdmin admin = new EnforcedAdmin(null, UserHandle.of(UserHandle.myUserId()));
|
||||
final EnforcedAdmin enforcedAdmin = new EnforcedAdmin(null, UserHandle.of(
|
||||
UserHandle.myUserId()));
|
||||
if (intent == null) {
|
||||
return admin;
|
||||
return enforcedAdmin;
|
||||
}
|
||||
admin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN);
|
||||
enforcedAdmin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,
|
||||
ComponentName.class);
|
||||
int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
|
||||
|
||||
Bundle adminDetails = null;
|
||||
if (admin.component == null) {
|
||||
DevicePolicyManager devicePolicyManager = getSystemService(DevicePolicyManager.class);
|
||||
adminDetails = devicePolicyManager.getEnforcingAdminAndUserDetails(userId,
|
||||
getRestrictionFromIntent(intent));
|
||||
if (adminDetails != null) {
|
||||
admin.component = adminDetails.getParcelable(
|
||||
DevicePolicyManager.EXTRA_DEVICE_ADMIN);
|
||||
if (enforcedAdmin.component == null) {
|
||||
DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class);
|
||||
final String restriction = getRestrictionFromIntent(intent);
|
||||
if (android.security.Flags.aapmApi() && dpm != null && restriction != null) {
|
||||
// TODO(b/381025131): Move advanced protection logic to DevicePolicyManager or
|
||||
// elsewhere.
|
||||
launchAdvancedProtectionDialogOrTryToSetAdminComponent(dpm, userId, restriction,
|
||||
enforcedAdmin);
|
||||
} else {
|
||||
adminDetails = dpm.getEnforcingAdminAndUserDetails(userId, restriction);
|
||||
if (adminDetails != null) {
|
||||
enforcedAdmin.component = adminDetails.getParcelable(
|
||||
DevicePolicyManager.EXTRA_DEVICE_ADMIN, ComponentName.class);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (intent.hasExtra(Intent.EXTRA_USER)) {
|
||||
admin.user = intent.getParcelableExtra(Intent.EXTRA_USER);
|
||||
enforcedAdmin.user = intent.getParcelableExtra(Intent.EXTRA_USER, UserHandle.class);
|
||||
} else {
|
||||
if (adminDetails != null) {
|
||||
userId = adminDetails.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId());
|
||||
}
|
||||
if (userId == UserHandle.USER_NULL) {
|
||||
admin.user = null;
|
||||
enforcedAdmin.user = null;
|
||||
} else {
|
||||
admin.user = UserHandle.of(userId);
|
||||
enforcedAdmin.user = UserHandle.of(userId);
|
||||
}
|
||||
}
|
||||
return admin;
|
||||
return enforcedAdmin;
|
||||
}
|
||||
|
||||
private void launchAdvancedProtectionDialogOrTryToSetAdminComponent(DevicePolicyManager dpm,
|
||||
int userId, String restriction, EnforcedAdmin enforcedAdmin) {
|
||||
EnforcingAdmin enforcingAdmin = dpm.getEnforcingAdmin(userId, restriction);
|
||||
if (enforcingAdmin == null) {
|
||||
return;
|
||||
}
|
||||
if (enforcingAdmin.getAuthority() instanceof UnknownAuthority authority
|
||||
&& ADVANCED_PROTECTION_SYSTEM_ENTITY.equals(authority.getName())) {
|
||||
AdvancedProtectionManager apm = getSystemService(AdvancedProtectionManager.class);
|
||||
if (apm == null) {
|
||||
return;
|
||||
}
|
||||
Intent apmSupportIntent = apm.createSupportIntentForPolicyIdentifierOrRestriction(
|
||||
restriction, /* type */ null);
|
||||
startActivityAsUser(apmSupportIntent, UserHandle.of(userId));
|
||||
finish();
|
||||
} else {
|
||||
enforcedAdmin.component = enforcingAdmin.getComponentName();
|
||||
}
|
||||
}
|
||||
|
||||
@androidx.annotation.VisibleForTesting
|
||||
|
||||
@@ -26,6 +26,7 @@ import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.app.admin.DevicePolicyResourcesManager;
|
||||
import android.content.ComponentName;
|
||||
import android.content.Context;
|
||||
import android.content.pm.UserInfo;
|
||||
@@ -83,6 +84,8 @@ public class LocationInjectedServicesPreferenceControllerTest {
|
||||
private AppSettingsInjector mSettingsInjector;
|
||||
@Mock
|
||||
private DevicePolicyManager mDevicePolicyManager;
|
||||
@Mock
|
||||
private DevicePolicyResourcesManager mDevicePolicyResourcesManager;
|
||||
|
||||
private Context mContext;
|
||||
private LocationInjectedServicesPreferenceController mController;
|
||||
@@ -104,6 +107,7 @@ public class LocationInjectedServicesPreferenceControllerTest {
|
||||
when(mCategoryPrimary.getKey()).thenReturn(key);
|
||||
when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE))
|
||||
.thenReturn(mDevicePolicyManager);
|
||||
when(mDevicePolicyManager.getResources()).thenReturn(mDevicePolicyResourcesManager);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -276,6 +280,7 @@ public class LocationInjectedServicesPreferenceControllerTest {
|
||||
UserHandle.of(userId),
|
||||
enforcingUsers);
|
||||
when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser()).thenReturn(componentName);
|
||||
when(mDevicePolicyResourcesManager.getString(any(), any())).thenReturn(any());
|
||||
|
||||
mController.displayPreference(mScreen);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user