From 717194c87c7f619152dddffa12e2ec2f6127fab7 Mon Sep 17 00:00:00 2001 From: Eran Messeri Date: Wed, 3 Oct 2018 17:05:48 +0100 Subject: [PATCH] Consider Private DNS user restriction As a new user restriction, to disallow changing Private DNS settings, was added, make the Private DNS mode dialog preference consider whether to let the user modify it or not based on the presence of this restriction. Bug: 112982691 Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testPrivateDnsPolicy Test: m -j RunSettingsRoboTests ROBOTEST_FILTER=PrivateDnsPreferenceControllerTest Test: Manual, using TestDPC Change-Id: If815860ace3aadf6f79fd23173f0a2c80a29f0e1 --- .../PrivateDnsPreferenceController.java | 17 +++++++++ .../PrivateDnsPreferenceControllerTest.java | 37 +++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/src/com/android/settings/network/PrivateDnsPreferenceController.java b/src/com/android/settings/network/PrivateDnsPreferenceController.java index 561801052a6..8b3bfa0bf72 100644 --- a/src/com/android/settings/network/PrivateDnsPreferenceController.java +++ b/src/com/android/settings/network/PrivateDnsPreferenceController.java @@ -34,6 +34,8 @@ import android.net.Network; import android.net.Uri; import android.os.Handler; import android.os.Looper; +import android.os.UserHandle; +import android.os.UserManager; import android.provider.Settings; import androidx.preference.Preference; @@ -46,6 +48,8 @@ import com.android.settings.core.PreferenceControllerMixin; import com.android.settingslib.core.lifecycle.LifecycleObserver; import com.android.settingslib.core.lifecycle.events.OnStart; import com.android.settingslib.core.lifecycle.events.OnStop; +import com.android.settingslib.RestrictedLockUtilsInternal; +import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; import java.net.InetAddress; import java.util.List; @@ -136,6 +140,19 @@ public class PrivateDnsPreferenceController extends BasePreferenceController return ""; } + @Override + public void updateState(Preference preference) { + super.updateState(preference); + //TODO(b/112982691): Add policy transparency explaining why this setting is disabled. + preference.setEnabled(!isManagedByAdmin()); + } + + private boolean isManagedByAdmin() { + EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal.checkIfRestrictionEnforced( + mContext, UserManager.DISALLOW_CONFIG_PRIVATE_DNS, UserHandle.myUserId()); + return enforcedAdmin != null; + } + private class PrivateDnsSettingsObserver extends ContentObserver { public PrivateDnsSettingsObserver(Handler h) { super(h); diff --git a/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java b/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java index b475c7e9391..464b2906744 100644 --- a/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java +++ b/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java @@ -43,6 +43,7 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.mockito.Mockito.withSettings; +import android.content.ComponentName; import android.content.ContentResolver; import android.content.Context; import android.net.ConnectivityManager; @@ -50,6 +51,8 @@ import android.net.ConnectivityManager.NetworkCallback; import android.net.LinkProperties; import android.net.Network; import android.os.Handler; +import android.os.UserHandle; +import android.os.UserManager; import android.provider.Settings; import androidx.lifecycle.LifecycleOwner; @@ -58,6 +61,8 @@ import androidx.preference.PreferenceScreen; import com.android.settings.R; import com.android.settings.testutils.SettingsRobolectricTestRunner; +import com.android.settings.testutils.shadow.ShadowUserManager; +import com.android.settings.testutils.shadow.ShadowDevicePolicyManager; import com.android.settingslib.core.lifecycle.Lifecycle; import org.junit.Before; @@ -79,6 +84,10 @@ import java.util.Collections; import java.util.List; @RunWith(SettingsRobolectricTestRunner.class) +@Config(shadows = { + ShadowUserManager.class, + ShadowDevicePolicyManager.class +}) public class PrivateDnsPreferenceControllerTest { private final static String HOSTNAME = "dns.example.com"; @@ -108,6 +117,7 @@ public class PrivateDnsPreferenceControllerTest { private ShadowContentResolver mShadowContentResolver; private Lifecycle mLifecycle; private LifecycleOwner mLifecycleOwner; + private ShadowUserManager mShadowUserManager; @Before public void setUp() { @@ -127,6 +137,8 @@ public class PrivateDnsPreferenceControllerTest { mLifecycleOwner = () -> mLifecycle; mLifecycle = new Lifecycle(mLifecycleOwner); mLifecycle.addObserver(mController); + + mShadowUserManager = ShadowUserManager.getShadow(); } private void updateLinkProperties(LinkProperties lp) { @@ -264,6 +276,31 @@ public class PrivateDnsPreferenceControllerTest { verify(mPreference).setSummary(getResourceString(R.string.private_dns_mode_opportunistic)); } + @Test + public void isEnabled_canBeDisabledByAdmin() { + final int userId = UserHandle.myUserId(); + final List enforcingUsers = Collections.singletonList( + new UserManager.EnforcingUser(userId, + UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) + ); + mShadowUserManager.setUserRestrictionSources( + UserManager.DISALLOW_CONFIG_PRIVATE_DNS, + UserHandle.of(userId), + enforcingUsers); + + ShadowDevicePolicyManager.getShadow().setDeviceOwnerComponentOnAnyUser( + new ComponentName("test", "test")); + + mController.updateState(mPreference); + verify(mPreference).setEnabled(false); + } + + @Test + public void isEnabled_isEnabledByDefault() { + mController.updateState(mPreference); + verify(mPreference).setEnabled(true); + } + private void setPrivateDnsMode(String mode) { Settings.Global.putString(mContentResolver, PRIVATE_DNS_MODE, mode); }