DISALLOW_CONFIG_CREDENTIALS blocks user credentials

All settings preferences related to credentials of any kind should be stopped by this user restriction. Bug: 26879958 Change-Id: I983c6e58081bd4022bb006942499cba4b74954e7
2016-03-11 16:22:23 +00:00
parent f19001f2c0
commit c421db78f0
3 changed files with 37 additions and 12 deletions
--- a/res/xml/security_settings_misc.xml
+++ b/res/xml/security_settings_misc.xml
@@ -72,7 +72,7 @@
                android:persistent="false"
                android:fragment="com.android.settings.TrustedCredentialsSettings"/>
-        <Preference android:key="user_credentials"
+        <com.android.settingslib.RestrictedPreference android:key="user_credentials"
                android:title="@string/user_credentials"
                android:summary="@string/user_credentials_summary"
                android:persistent="false"
--- a/src/com/android/settings/SecuritySettings.java
+++ b/src/com/android/settings/SecuritySettings.java
@@ -104,6 +104,7 @@ public class SecuritySettings extends SettingsPreferenceFragment
    private static final String KEY_SIM_LOCK = "sim_lock";
    private static final String KEY_SHOW_PASSWORD = "show_password";
    private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type";
    private static final String KEY_USER_CREDENTIALS = "user_credentials";
    private static final String KEY_RESET_CREDENTIALS = "credentials_reset";
    private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
    private static final String KEY_TOGGLE_INSTALL_APPLICATIONS = "toggle_install_applications";
@@ -315,6 +316,10 @@ public class SecuritySettings extends SettingsPreferenceFragment
        if (!RestrictedLockUtils.hasBaseUserRestriction(getActivity(),
                UserManager.DISALLOW_CONFIG_CREDENTIALS, MY_USER_ID)) {
            RestrictedPreference userCredentials = (RestrictedPreference) root.findPreference(
                    KEY_USER_CREDENTIALS);
            userCredentials.checkRestrictionAndSetDisabled(
                    UserManager.DISALLOW_CONFIG_CREDENTIALS);
            RestrictedPreference credentialStorageType = (RestrictedPreference) root.findPreference(
                    KEY_CREDENTIAL_STORAGE_TYPE);
            credentialStorageType.checkRestrictionAndSetDisabled(
@@ -336,6 +341,7 @@ public class SecuritySettings extends SettingsPreferenceFragment
            credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS));
            credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL));
            credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE));
            credentialsManager.removePreference(root.findPreference(KEY_USER_CREDENTIALS));
        }
--- a/src/com/android/settings/UserCredentialsSettings.java
+++ b/src/com/android/settings/UserCredentialsSettings.java
@@ -28,6 +28,8 @@ import android.os.Bundle;
 import android.os.Parcel;
 import android.os.Parcelable;
 import android.os.RemoteException;
 import android.os.UserHandle;
 import android.os.UserManager;
 import android.security.Credentials;
 import android.security.IKeyChainService;
 import android.security.KeyChain;
@@ -44,6 +46,8 @@ import android.widget.ListView;
 import android.widget.TextView;
 import com.android.internal.logging.MetricsProto.MetricsEvent;
 import com.android.settingslib.RestrictedLockUtils;
 import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
 import java.util.EnumSet;
 import java.util.Set;
@@ -118,19 +122,34 @@ public class UserCredentialsSettings extends InstrumentedFragment implements OnI
                    new Credential[] {item}).getView(0, null, null);
            infoContainer.addView(view);
-            return new AlertDialog.Builder(getActivity())
+            UserManager userManager
                    = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
            AlertDialog.Builder builder = new AlertDialog.Builder(getActivity())
                    .setView(root)
                    .setTitle(R.string.user_credential_title)
-                    .setPositiveButton(R.string.done, null)
+                    .setPositiveButton(R.string.done, null);
-                    .setNegativeButton(R.string.trusted_credentials_remove_label,
+
-                            new DialogInterface.OnClickListener() {
+            final String restriction = UserManager.DISALLOW_CONFIG_CREDENTIALS;
-                                @Override public void onClick(DialogInterface dialog, int id) {
+            final int myUserId = UserHandle.myUserId();
-                                    new RemoveCredentialsTask(getContext(), getTargetFragment())
+            if (!RestrictedLockUtils.hasBaseUserRestriction(getContext(), restriction, myUserId)) {
-                                            .execute(item.alias);
+                DialogInterface.OnClickListener listener = new DialogInterface.OnClickListener() {
-                                    dialog.dismiss();
+                    @Override public void onClick(DialogInterface dialog, int id) {
-                                }
+                        final EnforcedAdmin admin = RestrictedLockUtils.checkIfRestrictionEnforced(
-                            })
+                                getContext(), restriction, myUserId);
-                    .create();
+                        if (admin != null) {
                            RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(),
                                    admin);
                        } else {
                            new RemoveCredentialsTask(getContext(), getTargetFragment())
                                    .execute(item.alias);
                        }
                        dialog.dismiss();
                    }
                };
                builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener);
            }
            return builder.create();
        }
        private class RemoveCredentialsTask extends AsyncTask<String, Void, Void> {