From 35eef604a351215ccc35c301e010f546dfb306b9 Mon Sep 17 00:00:00 2001
From: Michael Wachenschwanz <mwachens@google.com>
Date: Thu, 25 Apr 2019 16:07:39 -0700
Subject: [PATCH] Simplify user flow for setting default supervisor as PO

A follow up CL will clean up and separate the DeviceAdminAdd and
ProfileOwnerAdd logic (see b/131713071)

Bug: 124066840
Test: manual (overlay config_defaultSupervisionProfileOwnerComponent and
confirm only that component can be set as profile owner after setup is
complete)
Test: manual (install CtsVerifier, adb shell am start -n "com.android.cts.verifier/.admin.tapjacking.OverlayingActivity", user should not be able to click the "Allow" button)

Change-Id: Iccd931801145719110ce75421c35db80ea651779
---
 AndroidManifest.xml                           | 13 ++--
 res/layout/profile_owner_add.xml              | 38 ++++++++++
 res/values/strings.xml                        |  5 ++
 .../deviceadmin/DeviceAdminAdd.java           | 76 +++++++++++++++----
 .../deviceadmin/ProfileOwnerAdd.java          | 31 ++++++++
 5 files changed, 141 insertions(+), 22 deletions(-)
 create mode 100644 res/layout/profile_owner_add.xml
 create mode 100644 src/com/android/settings/applications/specialaccess/deviceadmin/ProfileOwnerAdd.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 9dd4732072f..ef8e76160e4 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1333,22 +1333,23 @@
         </activity-alias>
 
         <activity android:name=".applications.specialaccess.deviceadmin.DeviceAdminAdd"
-                android:label="@string/device_admin_add_title"
-                android:clearTaskOnLaunch="true">
+                  android:label="@string/device_admin_add_title"
+                  android:clearTaskOnLaunch="true">
             <intent-filter>
                 <action android:name="android.app.action.ADD_DEVICE_ADMIN" />
                 <category android:name="android.intent.category.DEFAULT" />
             </intent-filter>
         </activity>
 
-        <activity-alias android:name="SetProfileOwner"
-                        android:label="@string/profile_owner_add_title"
-                        android:targetActivity=".applications.specialaccess.deviceadmin.DeviceAdminAdd">
+        <activity android:name=".applications.specialaccess.deviceadmin.ProfileOwnerAdd"
+                  android:excludeFromRecents="true"
+                  android:theme="@style/Transparent"
+                  android:clearTaskOnLaunch="true">
             <intent-filter android:priority="1000">
                 <action android:name="android.app.action.SET_PROFILE_OWNER" />
                 <category android:name="android.intent.category.DEFAULT" />
             </intent-filter>
-        </activity-alias>
+        </activity>
 
         <activity
             android:name="Settings$UsageAccessSettingsActivity"
diff --git a/res/layout/profile_owner_add.xml b/res/layout/profile_owner_add.xml
new file mode 100644
index 00000000000..84c51fd8316
--- /dev/null
+++ b/res/layout/profile_owner_add.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (C) 2019 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License
+  -->
+
+<LinearLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:id="@+id/active_layout"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:orientation="vertical">
+
+    <TextView android:id="@+id/add_msg_simplified"
+              android:layout_width="match_parent"
+              android:layout_height="0dp"
+              android:layout_weight="1"
+              android:scrollbars = "vertical"
+              android:padding="?dialogPreferredPadding"
+              android:gravity="center_vertical"/>
+
+    <TextView android:id="@+id/admin_warning_simplified"
+              android:layout_width="match_parent"
+              android:layout_height="wrap_content"
+              android:paddingStart="?dialogPreferredPadding"
+              android:paddingEnd="?dialogPreferredPadding"/>
+</LinearLayout>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 615077c6c13..85cde7b7d1b 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -6019,6 +6019,9 @@
     <string name="device_admin_warning">Activating this admin app will allow
         the app <xliff:g id="app_name">%1$s</xliff:g> to perform the
         following operations:</string>
+    <!-- Simplified device admin warning message [CHAR LIMIT=NONE]-->
+    <string name="device_admin_warning_simplified">This device will be managed and monitored by
+        <xliff:g id="app_name" example="Example Supervisor">%1$s</xliff:g>.</string>
     <!-- Device admin warning message about policies an admin can use -->
     <string name="device_admin_status">This admin app is active and allows
         the app <xliff:g id="app_name">%1$s</xliff:g> to perform the
@@ -6026,6 +6029,8 @@
 
     <!-- Title for screen to set a profile owner [CHAR LIMIT=40] -->
     <string name="profile_owner_add_title">Activate Profile Manager?</string>
+    <!-- Simplified title for dialog to set a profile owner [CHAR LIMIT=40] -->
+    <string name="profile_owner_add_title_simplified">Allow supervision?</string>
     <!-- Warning when trying to add a profile owner admin after setup has completed. [CHAR LIMIT=none] -->
     <string name="adding_profile_owner_warning">By proceeding, your user will be managed by your
         admin which may also be able to store associated data, in addition to your personal
diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
index 7e0ca242b36..0d0bd2016c5 100644
--- a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
@@ -46,6 +46,7 @@ import android.os.UserHandle;
 import android.os.UserManager;
 import android.text.TextUtils;
 import android.text.TextUtils.TruncateAt;
+import android.text.method.ScrollingMovementMethod;
 import android.util.EventLog;
 import android.util.Log;
 import android.view.Display;
@@ -273,15 +274,63 @@ public class DeviceAdminAdd extends Activity {
             }
         }
 
-        // If we're trying to add a profile owner and user setup hasn't completed yet, no
-        // need to prompt for permission. Just add and finish.
-        if (mAddingProfileOwner && !mDPM.hasUserSetupCompleted()) {
-            addAndFinish();
-            return;
-        }
-
         mAddMsgText = getIntent().getCharSequenceExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION);
 
+        if (mAddingProfileOwner) {
+            // If we're trying to add a profile owner and user setup hasn't completed yet, no
+            // need to prompt for permission. Just add and finish
+            if (!mDPM.hasUserSetupCompleted()) {
+                addAndFinish();
+                return;
+            }
+
+            // othewise, only the defined default supervision profile owner can be set after user
+            // setup.
+            final String supervisor = getString(
+                    com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
+            if (supervisor == null) {
+                Log.w(TAG, "Unable to set profile owner post-setup, no default supervisor"
+                        + "profile owner defined");
+                finish();
+                return;
+            }
+
+            final ComponentName supervisorComponent = ComponentName.unflattenFromString(
+                    supervisor);
+            if (who.compareTo(supervisorComponent) != 0) {
+                Log.w(TAG, "Unable to set non-default profile owner post-setup " + who);
+                finish();
+                return;
+            }
+
+            // Build and show the simplified dialog
+            final Dialog dialog = new AlertDialog.Builder(this)
+                    .setTitle(getText(R.string.profile_owner_add_title_simplified))
+                    .setView(R.layout.profile_owner_add)
+                    .setPositiveButton(R.string.allow, new DialogInterface.OnClickListener() {
+                        public void onClick(DialogInterface dialog, int which) {
+                            addAndFinish();
+                        }
+                    })
+                    .setNeutralButton(R.string.cancel, null)
+                    .setOnDismissListener(new DialogInterface.OnDismissListener() {
+                        public void onDismiss(DialogInterface dialogInterface) {
+                            finish();
+                        }
+                    })
+                    .create();
+            dialog.show();
+
+            mActionButton = ((AlertDialog) dialog).getButton(DialogInterface.BUTTON_POSITIVE);
+            mActionButton.setFilterTouchesWhenObscured(true);
+            mAddMsg = dialog.findViewById(R.id.add_msg_simplified);
+            mAddMsg.setMovementMethod(new ScrollingMovementMethod());
+            mAddMsg.setText(mAddMsgText);
+            mAdminWarning = dialog.findViewById(R.id.admin_warning_simplified);
+            mAdminWarning.setText(getString(R.string.device_admin_warning_simplified,
+                    mProfileOwnerName));
+            return;
+        }
         setContentView(R.layout.device_admin_add);
 
         mAdminIcon = (ImageView)findViewById(R.id.admin_icon);
@@ -501,7 +550,9 @@ public class DeviceAdminAdd extends Activity {
     protected void onResume() {
         super.onResume();
         mActionButton.setEnabled(true);
-        updateInterface();
+        if (!mAddingProfileOwner) {
+            updateInterface();
+        }
         // As long as we are running, don't let anyone overlay stuff on top of the screen.
         mAppOps.setUserRestriction(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, true, mToken);
         mAppOps.setUserRestriction(AppOpsManager.OP_TOAST_WINDOW, true, mToken);
@@ -571,9 +622,6 @@ public class DeviceAdminAdd extends Activity {
         } catch (Resources.NotFoundException e) {
             mAdminDescription.setVisibility(View.GONE);
         }
-        if (mAddingProfileOwner) {
-            mProfileOwnerWarning.setVisibility(View.VISIBLE);
-        }
         if (mAddMsgText != null) {
             mAddMsg.setText(mAddMsgText);
             mAddMsg.setVisibility(View.VISIBLE);
@@ -634,11 +682,7 @@ public class DeviceAdminAdd extends Activity {
             addDeviceAdminPolicies(true /* showDescription */);
             mAdminWarning.setText(getString(R.string.device_admin_warning,
                     mDeviceAdmin.getActivityInfo().applicationInfo.loadLabel(getPackageManager())));
-            if (mAddingProfileOwner) {
-                setTitle(getText(R.string.profile_owner_add_title));
-            } else {
-                setTitle(getText(R.string.add_device_admin_msg));
-            }
+            setTitle(getText(R.string.add_device_admin_msg));
             mActionButton.setText(getText(R.string.add_device_admin));
             if (isAdminUninstallable()) {
                 mUninstallButton.setVisibility(View.VISIBLE);
diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/ProfileOwnerAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/ProfileOwnerAdd.java
new file mode 100644
index 00000000000..6841ea491fa
--- /dev/null
+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/ProfileOwnerAdd.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package com.android.settings.applications.specialaccess.deviceadmin;
+
+import android.os.Bundle;
+
+/**
+ * ProfileOwnerAdd uses the DeviceAdminAdd logic to handle SET_PROFILE_OWNER intents
+ *
+ * TODO(b/131713071): Move profile owner add logic from DeviceAdminAdd to here
+ */
+public class ProfileOwnerAdd extends DeviceAdminAdd {
+    @Override
+    protected void onCreate(Bundle icicle) {
+        super.onCreate(icicle);
+    }
+}