Integrate admin controls for content protection
Bug: 323038631 Test: End-to-end with TestDPC, new units Change-Id: I98d52fdd95fca023b8eb576c97d563a1f3cab464
This commit is contained in:
Nino Jagar
@@ -15,15 +15,23 @@
|
||||
*/
|
||||
package com.android.settings.security;
|
||||
|
||||
import static android.view.contentprotection.flags.Flags.manageDevicePolicyEnabled;
|
||||
|
||||
import static com.android.internal.R.string.config_defaultContentProtectionService;
|
||||
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.content.ComponentName;
|
||||
import android.content.Context;
|
||||
import android.content.pm.PackageManager;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.provider.DeviceConfig;
|
||||
import android.view.contentcapture.ContentCaptureManager;
|
||||
|
||||
import androidx.annotation.Nullable;
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.annotation.Nullable;
|
||||
|
||||
import com.android.settings.Utils;
|
||||
|
||||
/** Util class for content protection preference. */
|
||||
public class ContentProtectionPreferenceUtils {
|
||||
@@ -60,4 +68,49 @@ public class ContentProtectionPreferenceUtils {
|
||||
ContentCaptureManager.DEVICE_CONFIG_PROPERTY_ENABLE_CONTENT_PROTECTION_RECEIVER,
|
||||
ContentCaptureManager.DEFAULT_ENABLE_CONTENT_PROTECTION_RECEIVER);
|
||||
}
|
||||
|
||||
/** Returns the managed profile or null if none exists. */
|
||||
@Nullable
|
||||
public static UserHandle getManagedProfile(@NonNull Context context) {
|
||||
UserManager userManager = context.getSystemService(UserManager.class);
|
||||
if (userManager == null) {
|
||||
return null;
|
||||
}
|
||||
return Utils.getManagedProfile(userManager);
|
||||
}
|
||||
|
||||
/** Returns the current content protection policy. */
|
||||
@DevicePolicyManager.ContentProtectionPolicy
|
||||
public static int getContentProtectionPolicy(
|
||||
@NonNull Context context, @Nullable UserHandle managedProfile) {
|
||||
if (!manageDevicePolicyEnabled()) {
|
||||
return DevicePolicyManager.CONTENT_PROTECTION_DISABLED;
|
||||
}
|
||||
Context policyContext = createContentProtectionPolicyContext(context, managedProfile);
|
||||
return getContentProtectionPolicyWithGivenContext(policyContext);
|
||||
}
|
||||
|
||||
@NonNull
|
||||
private static Context createContentProtectionPolicyContext(
|
||||
@NonNull Context context, @Nullable UserHandle managedProfile) {
|
||||
if (managedProfile == null) {
|
||||
return context;
|
||||
}
|
||||
try {
|
||||
return context.createPackageContextAsUser(
|
||||
context.getPackageName(), /* flags= */ 0, managedProfile);
|
||||
} catch (PackageManager.NameNotFoundException ex) {
|
||||
throw new IllegalStateException(ex);
|
||||
}
|
||||
}
|
||||
|
||||
@DevicePolicyManager.ContentProtectionPolicy
|
||||
private static int getContentProtectionPolicyWithGivenContext(@NonNull Context context) {
|
||||
DevicePolicyManager devicePolicyManager =
|
||||
context.getSystemService(DevicePolicyManager.class);
|
||||
if (devicePolicyManager == null) {
|
||||
return DevicePolicyManager.CONTENT_PROTECTION_DISABLED;
|
||||
}
|
||||
return devicePolicyManager.getContentProtectionPolicy(/* admin= */ null);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,12 +15,17 @@
|
||||
*/
|
||||
package com.android.settings.security;
|
||||
|
||||
import static android.view.contentprotection.flags.Flags.manageDevicePolicyEnabled;
|
||||
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.content.ContentResolver;
|
||||
import android.content.Context;
|
||||
import android.os.UserHandle;
|
||||
import android.provider.Settings;
|
||||
import android.widget.CompoundButton;
|
||||
import android.widget.CompoundButton.OnCheckedChangeListener;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.annotation.Nullable;
|
||||
import androidx.annotation.VisibleForTesting;
|
||||
import androidx.preference.Preference;
|
||||
@@ -40,12 +45,22 @@ public class ContentProtectionTogglePreferenceController extends TogglePreferenc
|
||||
static final String KEY_CONTENT_PROTECTION_PREFERENCE = "content_protection_user_consent";
|
||||
|
||||
@Nullable private SettingsMainSwitchPreference mSwitchBar;
|
||||
|
||||
@Nullable private RestrictedLockUtils.EnforcedAdmin mEnforcedAdmin;
|
||||
private final ContentResolver mContentResolver;
|
||||
|
||||
@NonNull private final ContentResolver mContentResolver;
|
||||
|
||||
@DevicePolicyManager.ContentProtectionPolicy
|
||||
private int mContentProtectionPolicy = DevicePolicyManager.CONTENT_PROTECTION_DISABLED;
|
||||
|
||||
public ContentProtectionTogglePreferenceController(Context context, String preferenceKey) {
|
||||
super(context, preferenceKey);
|
||||
mContentResolver = context.getContentResolver();
|
||||
|
||||
if (manageDevicePolicyEnabled()) {
|
||||
mEnforcedAdmin = getEnforcedAdmin();
|
||||
mContentProtectionPolicy = getContentProtectionPolicy(getManagedProfile());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -56,14 +71,30 @@ public class ContentProtectionTogglePreferenceController extends TogglePreferenc
|
||||
@Override
|
||||
public boolean isChecked() {
|
||||
if (mEnforcedAdmin != null) {
|
||||
// If fully managed device, it should always unchecked
|
||||
return false;
|
||||
if (!manageDevicePolicyEnabled()) {
|
||||
// If fully managed device, it should always unchecked
|
||||
return false;
|
||||
}
|
||||
|
||||
if (mContentProtectionPolicy == DevicePolicyManager.CONTENT_PROTECTION_DISABLED) {
|
||||
return false;
|
||||
}
|
||||
if (mContentProtectionPolicy == DevicePolicyManager.CONTENT_PROTECTION_ENABLED) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return Settings.Global.getInt(mContentResolver, KEY_CONTENT_PROTECTION_PREFERENCE, 0) >= 0;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean setChecked(boolean isChecked) {
|
||||
if (manageDevicePolicyEnabled()) {
|
||||
if (mEnforcedAdmin != null
|
||||
&& mContentProtectionPolicy
|
||||
!= DevicePolicyManager.CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Settings.Global.putInt(
|
||||
mContentResolver, KEY_CONTENT_PROTECTION_PREFERENCE, isChecked ? 1 : -1);
|
||||
return true;
|
||||
@@ -80,16 +111,20 @@ public class ContentProtectionTogglePreferenceController extends TogglePreferenc
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Temporary workaround for SettingsMainSwitchPreference.setDisabledByAdmin without user
|
||||
* restriction.
|
||||
*/
|
||||
// Workaround for SettingsMainSwitchPreference.setDisabledByAdmin without user restriction.
|
||||
@Override
|
||||
public void updateState(Preference preference) {
|
||||
super.updateState(preference);
|
||||
// Assign the value to mEnforcedAdmin since it's needed in isChecked()
|
||||
mEnforcedAdmin = getEnforcedAdmin();
|
||||
if (mSwitchBar != null && mEnforcedAdmin != null) {
|
||||
|
||||
if (!manageDevicePolicyEnabled()) {
|
||||
// Assign the value to mEnforcedAdmin since it's needed in isChecked()
|
||||
mEnforcedAdmin = getEnforcedAdmin();
|
||||
mContentProtectionPolicy = DevicePolicyManager.CONTENT_PROTECTION_DISABLED;
|
||||
}
|
||||
if (mSwitchBar != null
|
||||
&& mEnforcedAdmin != null
|
||||
&& mContentProtectionPolicy
|
||||
!= DevicePolicyManager.CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY) {
|
||||
mSwitchBar.setDisabledByAdmin(mEnforcedAdmin);
|
||||
}
|
||||
}
|
||||
@@ -107,7 +142,20 @@ public class ContentProtectionTogglePreferenceController extends TogglePreferenc
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@Nullable
|
||||
protected UserHandle getManagedProfile() {
|
||||
return ContentProtectionPreferenceUtils.getManagedProfile(mContext);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@Nullable
|
||||
protected RestrictedLockUtils.EnforcedAdmin getEnforcedAdmin() {
|
||||
return RestrictedLockUtilsInternal.getDeviceOwner(mContext);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@DevicePolicyManager.ContentProtectionPolicy
|
||||
protected int getContentProtectionPolicy(@Nullable UserHandle userHandle) {
|
||||
return ContentProtectionPreferenceUtils.getContentProtectionPolicy(mContext, userHandle);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,9 +15,11 @@
|
||||
*/
|
||||
package com.android.settings.security;
|
||||
|
||||
import static android.view.contentprotection.flags.Flags.manageDevicePolicyEnabled;
|
||||
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.content.Context;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.annotation.Nullable;
|
||||
@@ -25,7 +27,6 @@ import androidx.annotation.VisibleForTesting;
|
||||
import androidx.preference.PreferenceScreen;
|
||||
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.Utils;
|
||||
import com.android.settings.core.TogglePreferenceController;
|
||||
import com.android.settingslib.RestrictedLockUtils;
|
||||
import com.android.settingslib.RestrictedSwitchPreference;
|
||||
@@ -33,25 +34,49 @@ import com.android.settingslib.RestrictedSwitchPreference;
|
||||
/** Preference controller for content protection work profile switch bar. */
|
||||
public class ContentProtectionWorkSwitchController extends TogglePreferenceController {
|
||||
|
||||
@Nullable private UserHandle mManagedProfile;
|
||||
|
||||
@DevicePolicyManager.ContentProtectionPolicy
|
||||
private int mContentProtectionPolicy = DevicePolicyManager.CONTENT_PROTECTION_DISABLED;
|
||||
|
||||
public ContentProtectionWorkSwitchController(
|
||||
@NonNull Context context, @NonNull String preferenceKey) {
|
||||
super(context, preferenceKey);
|
||||
|
||||
if (manageDevicePolicyEnabled()) {
|
||||
mManagedProfile = getManagedProfile();
|
||||
if (mManagedProfile != null) {
|
||||
mContentProtectionPolicy = getContentProtectionPolicy(mManagedProfile);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getAvailabilityStatus() {
|
||||
return getManagedProfile() != null ? AVAILABLE : CONDITIONALLY_UNAVAILABLE;
|
||||
if (!manageDevicePolicyEnabled()) {
|
||||
return getManagedProfile() != null ? AVAILABLE : CONDITIONALLY_UNAVAILABLE;
|
||||
}
|
||||
if (mManagedProfile == null) {
|
||||
return CONDITIONALLY_UNAVAILABLE;
|
||||
}
|
||||
if (mContentProtectionPolicy
|
||||
== DevicePolicyManager.CONTENT_PROTECTION_NOT_CONTROLLED_BY_POLICY) {
|
||||
return CONDITIONALLY_UNAVAILABLE;
|
||||
}
|
||||
return AVAILABLE;
|
||||
}
|
||||
|
||||
// The switch is always set to unchecked until Android V by design
|
||||
@Override
|
||||
public boolean isChecked() {
|
||||
return false;
|
||||
if (!manageDevicePolicyEnabled()) {
|
||||
return false;
|
||||
}
|
||||
return mContentProtectionPolicy == DevicePolicyManager.CONTENT_PROTECTION_ENABLED;
|
||||
}
|
||||
|
||||
// The switch is disabled until Android V by design
|
||||
@Override
|
||||
public boolean setChecked(boolean isChecked) {
|
||||
// Controlled by the admin API
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -59,10 +84,13 @@ public class ContentProtectionWorkSwitchController extends TogglePreferenceContr
|
||||
public void displayPreference(PreferenceScreen screen) {
|
||||
super.displayPreference(screen);
|
||||
|
||||
RestrictedSwitchPreference switchPreference = screen.findPreference(getPreferenceKey());
|
||||
UserHandle managedProfile = getManagedProfile();
|
||||
UserHandle managedProfile =
|
||||
manageDevicePolicyEnabled() ? mManagedProfile : getManagedProfile();
|
||||
if (managedProfile != null) {
|
||||
switchPreference.setDisabledByAdmin(getEnforcedAdmin(managedProfile));
|
||||
RestrictedSwitchPreference switchPreference = screen.findPreference(getPreferenceKey());
|
||||
if (switchPreference != null) {
|
||||
switchPreference.setDisabledByAdmin(getEnforcedAdmin(managedProfile));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -74,13 +102,18 @@ public class ContentProtectionWorkSwitchController extends TogglePreferenceContr
|
||||
@VisibleForTesting
|
||||
@Nullable
|
||||
protected UserHandle getManagedProfile() {
|
||||
return Utils.getManagedProfile(mContext.getSystemService(UserManager.class));
|
||||
return ContentProtectionPreferenceUtils.getManagedProfile(mContext);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@Nullable
|
||||
protected RestrictedLockUtils.EnforcedAdmin getEnforcedAdmin(
|
||||
@NonNull UserHandle managedProfile) {
|
||||
return RestrictedLockUtils.getProfileOrDeviceOwner(mContext, managedProfile);
|
||||
protected RestrictedLockUtils.EnforcedAdmin getEnforcedAdmin(@NonNull UserHandle userHandle) {
|
||||
return RestrictedLockUtils.getProfileOrDeviceOwner(mContext, userHandle);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@DevicePolicyManager.ContentProtectionPolicy
|
||||
protected int getContentProtectionPolicy(@Nullable UserHandle userHandle) {
|
||||
return ContentProtectionPreferenceUtils.getContentProtectionPolicy(mContext, userHandle);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user