From b3ca3c5fb69f19fcb3199ca8ec2cbcffe527dd58 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Tue, 18 Feb 2020 17:25:58 +0000 Subject: [PATCH] Disable Settings toggle if admin has set always-on VPN If the admin has turned on always-on VPN, do not allow the user to modify it. Bug: 137938969 Test: manually set always-on VPN and check Settings is disabled Change-Id: Id2541e120f043ce24e52c3189d3a6fb1d85b432b --- .../settings/vpn2/AppManagementFragment.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/com/android/settings/vpn2/AppManagementFragment.java b/src/com/android/settings/vpn2/AppManagementFragment.java index 8e3d9bb4c18..8280a3db9fc 100644 --- a/src/com/android/settings/vpn2/AppManagementFragment.java +++ b/src/com/android/settings/vpn2/AppManagementFragment.java @@ -21,6 +21,7 @@ import static android.app.AppOpsManager.OP_ACTIVATE_VPN; import android.annotation.NonNull; import android.app.AppOpsManager; import android.app.Dialog; +import android.app.admin.DevicePolicyManager; import android.app.settings.SettingsEnums; import android.content.Context; import android.content.pm.ApplicationInfo; @@ -48,6 +49,8 @@ import com.android.settings.R; import com.android.settings.SettingsPreferenceFragment; import com.android.settings.core.SubSettingLauncher; import com.android.settings.core.instrumentation.InstrumentedDialogFragment; +import com.android.settingslib.RestrictedLockUtils; +import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; import com.android.settingslib.RestrictedPreference; import com.android.settingslib.RestrictedSwitchPreference; @@ -67,6 +70,7 @@ public class AppManagementFragment extends SettingsPreferenceFragment private static final String KEY_FORGET_VPN = "forget_vpn"; private PackageManager mPackageManager; + private DevicePolicyManager mDevicePolicyManager; private ConnectivityManager mConnectivityManager; private IConnectivityManager mConnectivityService; @@ -119,6 +123,7 @@ public class AppManagementFragment extends SettingsPreferenceFragment addPreferencesFromResource(R.xml.vpn_app_management); mPackageManager = getContext().getPackageManager(); + mDevicePolicyManager = getContext().getSystemService(DevicePolicyManager.class); mConnectivityManager = getContext().getSystemService(ConnectivityManager.class); mConnectivityService = IConnectivityManager.Stub .asInterface(ServiceManager.getService(Context.CONNECTIVITY_SERVICE)); @@ -250,6 +255,15 @@ public class AppManagementFragment extends SettingsPreferenceFragment mPreferenceForget.checkRestrictionAndSetDisabled(UserManager.DISALLOW_CONFIG_VPN, mUserId); + if (mPackageName.equals(mDevicePolicyManager.getAlwaysOnVpnPackage())) { + EnforcedAdmin admin = RestrictedLockUtils.getProfileOrDeviceOwner( + getContext(), UserHandle.of(mUserId)); + mPreferenceAlwaysOn.setDisabledByAdmin(admin); + mPreferenceForget.setDisabledByAdmin(admin); + if (mDevicePolicyManager.isAlwaysOnVpnLockdownEnabled()) { + mPreferenceLockdown.setDisabledByAdmin(admin); + } + } if (mConnectivityManager.isAlwaysOnVpnPackageSupportedForUser(mUserId, mPackageName)) { // setSummary doesn't override the admin message when user restriction is applied mPreferenceAlwaysOn.setSummary(R.string.vpn_always_on_summary);