Added a warning dialog when installing a CA certificate

This is part of the changes to improve the UX and language for installing certificates. Previously, the different types of certificate used the same installation flow. Due to concerns around users installing CA certificates without understanding the conseqences, this CL introduces a new warning dialog when a CA certificate is installed from settings. Bug: 139173976 Test: Atest com.android.settings.security manual testing from Settings by selecting the certificate type preference and ensuring the installation flow still worked as expected. Screenshot of the screen: https://hsv.googleplex.com/5046848484016128 Change-Id: If95bffd1e68f14734fb20e8cc4b60eeb1c372358
2019-10-18 14:20:27 +01:00
parent 8ed2568882
commit c0c75a3e96
6 changed files with 156 additions and 5 deletions
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1342,6 +1342,11 @@
            </intent-filter>
        </activity>

+        <activity android:name=".security.InstallCaCertificateWarning"
+                  android:theme="@style/GlifV3Theme.Light"
+                  android:exported="false">
+        </activity>
+
        <activity
            android:name="Settings$DeviceAdminSettingsActivity"
            android:label="@string/device_admin_settings_title"
--- a/res/drawable-hdpi/ic_warning_googred_48dp.png
+++ b/res/drawable-hdpi/ic_warning_googred_48dp.png
--- a/res/layout/ca_certificate_warning_dialog.xml
+++ b/res/layout/ca_certificate_warning_dialog.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (C) 2019 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<com.google.android.setupdesign.GlifLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:id="@+id/setup_wizard_layout"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent">
+
+    <LinearLayout
+        style="@style/SudContentFrame"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="vertical"
+        android:gravity="center_horizontal">
+
+        <ImageView
+            android:id="@+id/sud_layout_icon"
+            style="@style/SudGlifIcon"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:gravity="center"
+            android:src="@drawable/ic_warning_googred_48dp"/>
+
+        <TextView
+            android:id="@+id/sud_layout_title"
+            style="@style/SudGlifHeaderTitle"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:gravity="center"
+            android:text="@string/ca_certificate_warning_title"/>
+
+        <TextView
+            android:id="@+id/sud_layout_description"
+            style="@style/SudDescription.Glif"
+            android:layout_marginTop="16dp"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:text="@string/ca_certificate_warning_description"/>
+
+    </LinearLayout>
+
+</com.google.android.setupdesign.GlifLayout>
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -5880,6 +5880,16 @@
    <string name="user_certificate">VPN &amp; app user certificate</string>
    <!-- Title of Wi-Fi certificate [CHAR LIMIT=30] -->
    <string name="wifi_certificate">Wi\u2011Fi certificate</string>
+    <!-- Title of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+    <string name="ca_certificate_warning_title">Your privacy is at risk</string>
+    <!-- Description of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+    <string name="ca_certificate_warning_description">CA certificates are used by websites, apps, and VPNs for encryption. Only install CA certificates from organizations you trust. \n\n If you install a CA certificate, the certificate owner could access your information, such as passwords, messages, or credit card details, from websites you visit or apps you use - even if that information is encrypted.</string>
+    <!-- Label for button to not install a CA certificate [CHAR_LIMIT=50] -->
+    <string name="ca_certificate_warning_dont_install">Don\u2019t install</string>
+    <!-- Label for button to continue installing a CA certificate [CHAR_LIMIT=50] -->
+    <string name="ca_certificate_warning_install_anyway">Install anyways</string>
+    <!-- Toast message that a certificate was not installed -->
+    <string name="cert_not_installed">Certificate not installed</string>

    <!-- Sound settings screen, setting check box label -->
    <string name="emergency_tone_title">Emergency dialing signal</string>
--- a/res/xml/install_certificate_from_storage.xml
+++ b/res/xml/install_certificate_from_storage.xml
@@ -28,11 +28,8 @@
            android:title="@string/ca_certificate">

            <intent
-                android:action="android.credentials.INSTALL"
-                android:targetPackage="com.android.certinstaller"
-                android:targetClass="com.android.certinstaller.CertInstallerMain">
-                <!-- Same value as CERTIFICATE_USAGE_CA in keystore/java/android/security/Credentials.java -->
-                <extra android:name="certificate_install_usage" android:value="ca"/>
+                android:targetPackage="com.android.settings"
+                android:targetClass="com.android.settings.security.InstallCaCertificateWarning">
            </intent>

        </Preference>
--- a/src/com/android/settings/security/InstallCaCertificateWarning.java
+++ b/src/com/android/settings/security/InstallCaCertificateWarning.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.annotation.Nullable;
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import android.security.Credentials;
+import android.view.View;
+import android.widget.Toast;
+
+import com.android.settings.R;
+
+import com.google.android.setupcompat.template.FooterBarMixin;
+import com.google.android.setupcompat.template.FooterButton;
+import com.google.android.setupdesign.GlifLayout;
+
+/**
+ * Creates a warning dialog explaining the consequences of installing a CA certificate
+ * This is displayed before a CA certificate can be installed from Settings.
+ */
+public class InstallCaCertificateWarning extends Activity {
+
+    @Override
+    public void onCreate(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        setContentView(R.layout.ca_certificate_warning_dialog);
+        final GlifLayout layout = findViewById(R.id.setup_wizard_layout);
+
+        final FooterBarMixin mixin = layout.getMixin(FooterBarMixin.class);
+        mixin.setSecondaryButton(
+                new FooterButton.Builder(this)
+                        .setText(R.string.ca_certificate_warning_install_anyway)
+                        .setListener(installCaCertificate())
+                        .setButtonType(FooterButton.ButtonType.OTHER)
+                        .setTheme(R.style.SudGlifButton_Secondary)
+                        .build()
+        );
+
+        mixin.setPrimaryButton(
+                new FooterButton.Builder(this)
+                        .setText(R.string.ca_certificate_warning_dont_install)
+                        .setListener(returnToInstallCertificateFromStorage())
+                        .setButtonType(FooterButton.ButtonType.NEXT)
+                        .setTheme(R.style.SudGlifButton_Primary)
+                        .build()
+        );
+    }
+
+    private View.OnClickListener installCaCertificate() {
+        return v -> {
+            final Intent intent = new Intent();
+            intent.setAction(Credentials.INSTALL_ACTION);
+            intent.putExtra(Credentials.EXTRA_CERTIFICATE_USAGE, Credentials.CERTIFICATE_USAGE_CA);
+            startActivity(intent);
+            finish();
+        };
+    }
+
+    private View.OnClickListener returnToInstallCertificateFromStorage() {
+        return v -> {
+            Toast.makeText(this, R.string.cert_not_installed, Toast.LENGTH_SHORT).show();
+            finish();
+        };
+    }
+
+}