From 5e451db3952c6a808d803b1b7b1f645dc4756d4d Mon Sep 17 00:00:00 2001
From: Himanshu Gupta <himanshuz@google.com>
Date: Thu, 21 Mar 2024 14:14:02 +0000
Subject: [PATCH] Disable PS entry point and Activity when PS is not allowed.

In this change we disable:
1. Security Center Entry point
2. PrivateSpaceAuthenticationActivity

when private profile is not present and cannot be added.

Additionally, the intent exposing PrivateSpaceAuthenticationActivity
is also non-exported and changed to a better name.

Bug: 328578044
Test: Manual build and flash
Change-Id: I13d298316c6d719d0b06e4969989ea1da83dd4c6
---
 AndroidManifest.xml                           | 12 +++-
 .../PrivateSpaceAuthenticationActivity.java   |  2 +-
 .../PrivateSpaceBroadcastReceiver.java        | 55 +++++++++++++++++++
 .../privatespace/PrivateSpaceMaintainer.java  |  2 +-
 .../PrivateSpaceSafetySource.java             | 24 ++++++--
 5 files changed, 87 insertions(+), 8 deletions(-)
 create mode 100644 src/com/android/settings/privatespace/PrivateSpaceBroadcastReceiver.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 8730b421739..8a2ac6b0b36 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5103,9 +5103,9 @@
         <activity
             android:name=".privatespace.PrivateSpaceAuthenticationActivity"
             android:theme="@*android:style/Theme.DeviceDefault.Settings.Dialog.NoActionBar"
-            android:exported="true">
+            android:exported="false">
             <intent-filter>
-                <action android:name="com.android.settings.action.PRIVATE_SPACE_SETUP_FLOW" />
+                <action android:name="com.android.settings.action.OPEN_PRIVATE_SPACE_SETTINGS" />
                 <category android:name="android.intent.category.DEFAULT"/>
             </intent-filter>
         </activity>
@@ -5117,6 +5117,14 @@
                   android:exported="false">
         </activity>
 
+        <receiver android:name=".privatespace.PrivateSpaceBroadcastReceiver"
+            android:exported="true">
+            <intent-filter>
+                <action android:name="android.intent.action.PRE_BOOT_COMPLETED"/>
+                <action android:name="android.intent.action.BOOT_COMPLETED"/>
+            </intent-filter>
+        </receiver>
+
         <activity-alias android:name="UsageStatsActivity"
                         android:exported="true"
                         android:label="@string/testing_usage_stats"
diff --git a/src/com/android/settings/privatespace/PrivateSpaceAuthenticationActivity.java b/src/com/android/settings/privatespace/PrivateSpaceAuthenticationActivity.java
index 53d6b2272b3..f61f7bba69e 100644
--- a/src/com/android/settings/privatespace/PrivateSpaceAuthenticationActivity.java
+++ b/src/com/android/settings/privatespace/PrivateSpaceAuthenticationActivity.java
@@ -50,7 +50,7 @@ import com.google.android.setupdesign.util.ThemeHelper;
  * This class represents an activity responsible for user authentication before starting the private
  * space setup flow or accessing the private space settings page if already created. Also prompts
  * user to set a device lock if not set with an alert dialog. This can be launched using the intent
- * com.android.settings.action.PRIVATE_SPACE_SETUP_FLOW.
+ * com.android.settings.action.OPEN_PRIVATE_SPACE_SETTINGS.
  */
 public class PrivateSpaceAuthenticationActivity extends FragmentActivity {
     private static final String TAG = "PrivateSpaceAuthCheck";
diff --git a/src/com/android/settings/privatespace/PrivateSpaceBroadcastReceiver.java b/src/com/android/settings/privatespace/PrivateSpaceBroadcastReceiver.java
new file mode 100644
index 00000000000..4c59ab9e9a1
--- /dev/null
+++ b/src/com/android/settings/privatespace/PrivateSpaceBroadcastReceiver.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.privatespace;
+
+import android.content.BroadcastReceiver;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.os.UserManager;
+import android.util.Log;
+
+/** Broadcast receiver for enabling/disabling Private Space Root Activity. */
+public class PrivateSpaceBroadcastReceiver extends BroadcastReceiver {
+
+    private static final String TAG = "PrivateSpaceBroadcastReceiver";
+
+    @Override
+    public void onReceive(Context context, Intent intent) {
+        if (android.multiuser.Flags.enablePrivateSpaceFeatures()
+                && android.multiuser.Flags.blockPrivateSpaceCreation()) {
+            Log.d("Here", "Intent: " + intent.getAction());
+            PrivateSpaceMaintainer privateSpaceMaintainer =
+                    PrivateSpaceMaintainer.getInstance(context);
+            // Disable the PrivateSpaceAuthenticationActivity when
+            // -Private Profile is not present and
+            // -Private Profile cannot be added.
+            final int enableState = privateSpaceMaintainer.doesPrivateSpaceExist()
+                    || context.getSystemService(UserManager.class).canAddPrivateProfile()
+                    ? PackageManager.COMPONENT_ENABLED_STATE_ENABLED
+                    : PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
+            ComponentName privateSpaceAuth = new ComponentName(context,
+                    PrivateSpaceAuthenticationActivity.class);
+            Log.d(TAG, "Setting component " + privateSpaceAuth + " state: " + enableState);
+            context.getPackageManager().setComponentEnabledSetting(
+                    privateSpaceAuth,
+                    enableState,
+                    PackageManager.DONT_KILL_APP);
+        }
+    }
+}
diff --git a/src/com/android/settings/privatespace/PrivateSpaceMaintainer.java b/src/com/android/settings/privatespace/PrivateSpaceMaintainer.java
index 3fb9b153b8f..66235164fcb 100644
--- a/src/com/android/settings/privatespace/PrivateSpaceMaintainer.java
+++ b/src/com/android/settings/privatespace/PrivateSpaceMaintainer.java
@@ -155,7 +155,7 @@ public class PrivateSpaceMaintainer {
             return true;
         }
 
-        List<UserInfo> users = mUserManager.getProfiles(0);
+        List<UserInfo> users = mUserManager.getProfiles(mContext.getUserId());
         for (UserInfo user : users) {
             if (user.isPrivateProfile()) {
                 mUserHandle = user.getUserHandle();
diff --git a/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java b/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java
index 4e1741a7cda..3272f125756 100644
--- a/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java
+++ b/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java
@@ -44,11 +44,27 @@ public final class PrivateSpaceSafetySource {
             return;
         }
 
-        // Check the profile type - we don't want to show this for anything other than primary user.
         UserManager userManager = context.getSystemService(UserManager.class);
-        if (userManager != null && !userManager.isMainUser()) {
-            Log.i(TAG, "setSafetySourceData not main user");
-            return;
+        PrivateSpaceMaintainer privateSpaceMaintainer =
+                PrivateSpaceMaintainer.getInstance(context);
+        if (android.multiuser.Flags.enablePrivateSpaceFeatures()
+                && android.multiuser.Flags.blockPrivateSpaceCreation()) {
+            // Do not add the entry point when
+            // -Private Profile is not present and
+            // -Private Profile cannot be added.
+            if (!privateSpaceMaintainer.doesPrivateSpaceExist()
+                    && userManager != null
+                    && !userManager.canAddPrivateProfile()) {
+                Log.i(TAG, "Private Space not allowed for user " + context.getUser());
+                return;
+            }
+        } else {
+            // Check the profile type - we don't want to show this for anything other than primary
+            // user.
+            if (userManager != null && !userManager.isMainUser()) {
+                Log.i(TAG, "setSafetySourceData not main user");
+                return;
+            }
         }
 
         if (!Flags.allowPrivateProfile()