PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add restricted settings UI in Settings accessibility screeen

Browse Source 
If OP_ACCESS_RESTRICTED_SETTINGS is rejected, it means accessibility page
for that app is gray out and app info won't show "unlock restricted settings menu"

If OP_ACCESS_RESTRICTED_SETTINGS is ignored, it means accessibility page
for that app is gray out, but app info shows "unlock restricted settings menu"

If OP_ACCESS_RESTRICTED_SETTINGS is allowed(default), it means users can
access accessibility page for that app.

OP_ACCESS_RESTRICTED_SETTINGS will be changed to ignored if user visited
the restricted settings dialog.

OP_ACCESS_RESTRICTED_SETTINGS will be changed to allowed if user passes
the confirmation screen.

Bug: 202130031
Test: Tested the UI and it works correctly
Change-Id: I3dfb94cee440658b4726a1c3f7265f93cd19ed3e
This commit is contained in:
Ricky Wai
2022-01-25 23:04:26 +00:00
parent 8b8b06404c
commit c76a11f0c1
11 changed files with 315 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
AndroidManifest.xml
View File

@@ -3618,6 +3618,18 @@
</intent-filter>
</activity>
<activity android:name=".ActionDisabledByAppOpsDialog"
android:theme="@style/Theme.AlertDialog"
android:taskAffinity="com.android.settings.appops"
android:excludeFromRecents="true"
android:exported="false"
android:launchMode="singleTop">
<intent-filter android:priority="1">
<action android:name="android.settings.SHOW_RESTRICTED_SETTING_DIALOG" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
<activity
android:name="Settings$ManageExternalStorageActivity"
android:exported="true"

0
res/layout/admin_support_details_dialog.xml → res/layout/support_details_dialog.xml
View File

9
res/values/strings.xml
View File

@@ -4632,6 +4632,8 @@
<string name="clear_user_data_text">Clear storage</string>
<!-- Manage applications, restore updated system application to factory version -->
<string name="app_factory_reset">Uninstall updates</string>
<!-- [CHAR LIMIT=50] Manage applications, unlock restricted settings from lock screen title -->
<string name="app_restricted_settings_lockscreen_title">Unlock restricted settings</string>
<!-- Manage applications, individual application info screen, screen, message text under Launch by default heading. This is present if the app is set as a default for some actions. -->
<string name="auto_launch_enable_text">Some activities you\u2019ve selected open in this app by default.</string>
<!-- Manage applications, individual application info screen, screen, message text under Launch by default heading. This is present if the app was given user permission to create widgets. -->
@@ -12004,6 +12006,10 @@
<string name="do_disclosure_learn_more_separator">" "</string>
<!-- Button label to allow the user to view additional information [CHAR LIMIT=NONE BACKUP_MESSAGE_ID=2416766240581561009] -->
<string name="learn_more">Learn more</string>
<!--Title for dialog displayed to tell user that settings are blocked by setting restrictions [CHAR LIMIT=50] -->
<string name="blocked_by_restricted_settings_title">Restricted Settings</string>
<!--Content for dialog displayed to tell user that settings are blocked by setting restrictions [CHAR LIMIT=100] -->
<string name="blocked_by_restricted_settings_content">For your security, this setting is currently unavailable.</string>
<!-- Financed device Privacy --> <skip />
@@ -12248,6 +12254,9 @@
<!-- Help URI, prevent ringing gesture [DO NOT TRANSLATE] -->
<string name="help_uri_prevent_ringing_gesture" translatable="false"></string>
<!-- Help URI, action disabled by restricted settings [DO NOT TRANSLATE] -->
<string name="help_url_action_disabled_by_restricted_settings" translatable="false"></string>
<!-- Title label for Priority mode suggestion, which is displayed in Settings homepage [CHAR LIMIT=100] -->
<string name="zen_suggestion_title" translatable="false">Update Priority mode</string>

65
src/com/android/settings/ActionDisabledByAppOpsDialog.java Normal file
View File

@@ -0,0 +1,65 @@
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings;
import android.app.Activity;
import android.app.AppOpsManager;
import android.content.DialogInterface;
import android.content.Intent;
import android.os.Bundle;
import android.util.Log;
public class ActionDisabledByAppOpsDialog extends Activity
implements DialogInterface.OnDismissListener {
private static final String TAG = "ActionDisabledByAppOpsDialog";
private ActionDisabledByAppOpsHelper mDialogHelper;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
mDialogHelper = new ActionDisabledByAppOpsHelper(this);
mDialogHelper.prepareDialogBuilder()
.setOnDismissListener(this)
.show();
updateAppOps();
}
private void updateAppOps() {
final Intent intent = getIntent();
final String packageName = intent.getStringExtra(Intent.EXTRA_PACKAGE_NAME);
final int uid = intent.getIntExtra(Intent.EXTRA_UID, android.os.Process.INVALID_UID);
getSystemService(AppOpsManager.class)
.setMode(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,
uid,
packageName,
AppOpsManager.MODE_IGNORED);
}
@Override
public void onNewIntent(Intent intent) {
super.onNewIntent(intent);
mDialogHelper.updateDialog();
updateAppOps();
}
@Override
public void onDismiss(DialogInterface dialog) {
finish();
}
}

88
src/com/android/settings/ActionDisabledByAppOpsHelper.java Normal file
View File

@@ -0,0 +1,88 @@
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings;
import android.app.Activity;
import android.content.ActivityNotFoundException;
import android.content.DialogInterface;
import android.content.Intent;
import android.net.Uri;
import android.text.TextUtils;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.TextView;
import androidx.annotation.VisibleForTesting;
import androidx.appcompat.app.AlertDialog;
import com.android.settingslib.HelpUtils;
final class ActionDisabledByAppOpsHelper {
private final ViewGroup mDialogView;
private final Activity mActivity;
ActionDisabledByAppOpsHelper(Activity activity) {
mActivity = activity;
mDialogView = (ViewGroup) LayoutInflater.from(mActivity).inflate(
R.layout.support_details_dialog, null);
}
public AlertDialog.Builder prepareDialogBuilder() {
final String helpUrl = mActivity.getString(
R.string.help_url_action_disabled_by_restricted_settings);
AlertDialog.Builder builder = new AlertDialog.Builder(mActivity)
.setPositiveButton(R.string.okay, null)
.setView(mDialogView);
if (!TextUtils.isEmpty(helpUrl)) {
builder.setNeutralButton(R.string.learn_more,
(DialogInterface.OnClickListener) (dialog, which) -> {
final Intent intent = HelpUtils.getHelpIntent(mActivity,
helpUrl, mActivity.getClass().getName());
if (intent != null) {
mActivity.startActivity(intent);
}
});
}
initializeDialogViews(mDialogView);
return builder;
}
public void updateDialog() {
initializeDialogViews(mDialogView);
}
private void initializeDialogViews(View root) {
setSupportTitle(root);
setSupportDetails(root);
}
@VisibleForTesting
void setSupportTitle(View root) {
final TextView titleView = root.findViewById(R.id.admin_support_dialog_title);
if (titleView == null) {
return;
}
titleView.setText(R.string.blocked_by_restricted_settings_title);
}
void setSupportDetails(final View root) {
final TextView textView = root.findViewById(R.id.admin_support_msg);
textView.setText(R.string.blocked_by_restricted_settings_content);
}
}

23
src/com/android/settings/accessibility/AccessibilityDetailsSettingsFragment.java
View File

@@ -21,6 +21,7 @@ import static com.android.internal.accessibility.AccessibilityShortcutController
import android.accessibilityservice.AccessibilityServiceInfo;
import android.app.Activity;
import android.app.AppOpsManager;
import android.app.admin.DevicePolicyManager;
import android.app.settings.SettingsEnums;
import android.content.ComponentName;
@@ -49,6 +50,7 @@ import java.util.Set;
public class AccessibilityDetailsSettingsFragment extends InstrumentedFragment {
private final static String TAG = "A11yDetailsSettings";
private AppOpsManager mAppOps;
@Override
public int getMetricsCategory() {
@@ -59,6 +61,8 @@ public class AccessibilityDetailsSettingsFragment extends InstrumentedFragment {
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
mAppOps = getActivity().getSystemService(AppOpsManager.class);
// In case the Intent doesn't have component name, go to a11y services list.
final String extraComponentName = getActivity().getIntent().getStringExtra(
Intent.EXTRA_COMPONENT_NAME);
@@ -127,10 +131,11 @@ public class AccessibilityDetailsSettingsFragment extends InstrumentedFragment {
}
// In case this accessibility service isn't permitted, go to a11y services list.
if (!isServiceAllowed(componentName.getPackageName())) {
if (!isServiceAllowed(info.getResolveInfo().serviceInfo.applicationInfo.uid,
componentName.getPackageName())) {
Log.w(TAG,
"openAccessibilityDetailsSettingsAndFinish: target accessibility service is"
+ "prohibited by Device Admin.");
+ "prohibited by Device Admin or App Op.");
return false;
}
openSubSettings(ToggleAccessibilityServicePreferenceFragment.class.getName(),
@@ -148,11 +153,21 @@ public class AccessibilityDetailsSettingsFragment extends InstrumentedFragment {
}
@VisibleForTesting
boolean isServiceAllowed(String packageName) {
boolean isServiceAllowed(int uid, String packageName) {
final DevicePolicyManager dpm = getContext().getSystemService(DevicePolicyManager.class);
final List<String> permittedServices = dpm.getPermittedAccessibilityServices(
UserHandle.myUserId());
return (permittedServices == null || permittedServices.contains(packageName));
if (permittedServices != null && !permittedServices.contains(packageName)) {
return false;
}
try {
final int mode = mAppOps.noteOpNoThrow(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,
uid, packageName);
return mode != AppOpsManager.MODE_ERRORED && mode != AppOpsManager.MODE_IGNORED;
} catch (Exception e) {
// Fallback in case if app ops is not available in testing.
return true;
}
}
private AccessibilityServiceInfo getAccessibilityServiceInfo(ComponentName componentName) {

61
src/com/android/settings/accessibility/AccessibilitySettings.java
View File

@@ -20,6 +20,7 @@ import static com.android.settingslib.widget.TwoTargetPreference.ICON_SIZE_MEDIU
import android.accessibilityservice.AccessibilityServiceInfo;
import android.accessibilityservice.AccessibilityShortcutInfo;
import android.app.AppOpsManager;
import android.app.admin.DevicePolicyManager;
import android.app.settings.SettingsEnums;
import android.content.ComponentName;
@@ -200,6 +201,12 @@ public class AccessibilitySettings extends DashboardFragment {
registerContentMonitors();
}
@Override
public void onResume() {
super.onResume();
updateAllPreferences();
}
@Override
public void onStart() {
if (mNeedPreferencesUpdate) {
@@ -506,11 +513,13 @@ public class AccessibilitySettings extends DashboardFragment {
private final Context mContext;
private final DevicePolicyManager mDpm;
private final PackageManager mPm;
private final AppOpsManager mAppOps;
RestrictedPreferenceHelper(Context context) {
mContext = context;
mDpm = context.getSystemService(DevicePolicyManager.class);
mPm = context.getPackageManager();
mAppOps = context.getSystemService(AppOpsManager.class);
}
/**
@@ -553,14 +562,11 @@ public class AccessibilitySettings extends DashboardFragment {
}
final RestrictedPreference preference = createRestrictedPreference(key, title,
summary, icon, fragment);
summary, icon, fragment, packageName,
resolveInfo.serviceInfo.applicationInfo.uid);
// permittedServices null means all accessibility services are allowed.
final boolean serviceAllowed =
permittedServices == null || permittedServices.contains(packageName);
setRestrictedPreferenceEnabled(preference, permittedServices, serviceEnabled);
setRestrictedPreferenceEnabled(preference, packageName, serviceAllowed,
serviceEnabled);
final String prefKey = preference.getKey();
final int imageRes = info.getAnimatedImageRes();
final CharSequence description = getServiceDescription(mContext, info,
@@ -614,16 +620,11 @@ public class AccessibilitySettings extends DashboardFragment {
}
final RestrictedPreference preference = createRestrictedPreference(key, title,
summary, icon, fragment);
final String packageName = componentName.getPackageName();
// permittedServices null means all accessibility services are allowed.
final boolean serviceAllowed =
permittedServices == null || permittedServices.contains(packageName);
summary, icon, fragment, componentName.getPackageName(),
activityInfo.applicationInfo.uid);
final boolean serviceEnabled = enabledServices.contains(componentName);
setRestrictedPreferenceEnabled(preference, packageName, serviceAllowed,
serviceEnabled);
setRestrictedPreferenceEnabled(preference, permittedServices, serviceEnabled);
final String prefKey = preference.getKey();
final String description = info.loadDescription(mPm);
@@ -633,7 +634,7 @@ public class AccessibilitySettings extends DashboardFragment {
putBasicExtras(preference, prefKey, title, description, imageRes, htmlDescription,
componentName);
putSettingsExtras(preference, packageName, settingsClassName);
putSettingsExtras(preference, componentName.getPackageName(), settingsClassName);
preferenceList.add(preference);
}
@@ -659,8 +660,9 @@ public class AccessibilitySettings extends DashboardFragment {
}
private RestrictedPreference createRestrictedPreference(String key, CharSequence title,
CharSequence summary, Drawable icon, String fragment) {
final RestrictedPreference preference = new RestrictedPreference(mContext);
CharSequence summary, Drawable icon, String fragment, String packageName, int uid) {
final RestrictedPreference preference = new RestrictedPreference(mContext, packageName,
uid);
preference.setKey(key);
preference.setTitle(title);
@@ -675,16 +677,37 @@ public class AccessibilitySettings extends DashboardFragment {
}
private void setRestrictedPreferenceEnabled(RestrictedPreference preference,
String packageName, boolean serviceAllowed, boolean serviceEnabled) {
final List<String> permittedServices, boolean serviceEnabled) {
// permittedServices null means all accessibility services are allowed.
boolean serviceAllowed = permittedServices == null || permittedServices.contains(
preference.getPackageName());
boolean appOpsAllowed;
if (serviceAllowed) {
try {
final int mode = mAppOps.noteOpNoThrow(
AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,
preference.getUid(), preference.getPackageName());
appOpsAllowed = mode == AppOpsManager.MODE_ALLOWED;
serviceAllowed = appOpsAllowed;
} catch (Exception e) {
// Allow service in case if app ops is not available in testing.
appOpsAllowed = true;
}
} else {
appOpsAllowed = false;
}
if (serviceAllowed || serviceEnabled) {
preference.setEnabled(true);
} else {
// Disable accessibility service that are not permitted.
final EnforcedAdmin admin =
RestrictedLockUtilsInternal.checkIfAccessibilityServiceDisallowed(
mContext, packageName, UserHandle.myUserId());
mContext, preference.getPackageName(), UserHandle.myUserId());
if (admin != null) {
preference.setDisabledByAdmin(admin);
} else if (!appOpsAllowed) {
preference.setDisabledByAppOps(true);
} else {
preference.setEnabled(false);
}

76
src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
View File

@@ -19,6 +19,8 @@ package com.android.settings.applications.appinfo;
import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
import android.app.Activity;
import android.app.AppOpsManager;
import android.app.KeyguardManager;
import android.app.admin.DevicePolicyManager;
import android.app.settings.SettingsEnums;
import android.content.BroadcastReceiver;
@@ -30,8 +32,13 @@ import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.UserInfo;
import android.hardware.biometrics.BiometricManager;
import android.hardware.biometrics.BiometricPrompt;
import android.net.Uri;
import android.os.Bundle;
import android.os.CancellationSignal;
import android.os.Handler;
import android.os.Looper;
import android.os.UserHandle;
import android.os.UserManager;
import android.text.TextUtils;
@@ -82,6 +89,7 @@ public class AppInfoDashboardFragment extends DashboardFragment
@VisibleForTesting
static final int UNINSTALL_UPDATES = 2;
static final int INSTALL_INSTANT_APP_MENU = 3;
static final int ACCESS_RESTRICTED_SETTINGS = 4;
// Result code identifiers
@VisibleForTesting
@@ -261,6 +269,7 @@ public class AppInfoDashboardFragment extends DashboardFragment
if (!refreshUi()) {
setIntentAndFinish(true, true);
}
getActivity().invalidateOptionsMenu();
}
@Override
@@ -381,6 +390,9 @@ public class AppInfoDashboardFragment extends DashboardFragment
.setShowAsAction(MenuItem.SHOW_AS_ACTION_NEVER);
menu.add(0, UNINSTALL_ALL_USERS_MENU, 1, R.string.uninstall_all_users_text)
.setShowAsAction(MenuItem.SHOW_AS_ACTION_NEVER);
menu.add(0, ACCESS_RESTRICTED_SETTINGS, 0,
R.string.app_restricted_settings_lockscreen_title)
.setShowAsAction(MenuItem.SHOW_AS_ACTION_NEVER);
}
@Override
@@ -390,6 +402,7 @@ public class AppInfoDashboardFragment extends DashboardFragment
}
super.onPrepareOptionsMenu(menu);
menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry));
menu.findItem(ACCESS_RESTRICTED_SETTINGS).setVisible(shouldShowAccessRestrictedSettings());
mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES);
final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean(
@@ -404,6 +417,46 @@ public class AppInfoDashboardFragment extends DashboardFragment
}
}
private static void showLockScreen(Context context, Runnable successRunnable) {
final KeyguardManager keyguardManager = context.getSystemService(
KeyguardManager.class);
if (keyguardManager.isKeyguardSecure()) {
final BiometricPrompt.AuthenticationCallback authenticationCallback =
new BiometricPrompt.AuthenticationCallback() {
@Override
public void onAuthenticationSucceeded(
BiometricPrompt.AuthenticationResult result) {
successRunnable.run();
}
@Override
public void onAuthenticationError(int errorCode, CharSequence errString) {
//Do nothing
}
};
final BiometricPrompt.Builder builder = new BiometricPrompt.Builder(context)
.setTitle(context.getText(R.string.app_restricted_settings_lockscreen_title));
if (context.getSystemService(BiometricManager.class).canAuthenticate(
BiometricManager.Authenticators.DEVICE_CREDENTIAL
| BiometricManager.Authenticators.BIOMETRIC_WEAK)
== BiometricManager.BIOMETRIC_SUCCESS) {
builder.setAllowedAuthenticators(BiometricManager.Authenticators.DEVICE_CREDENTIAL
| BiometricManager.Authenticators.BIOMETRIC_WEAK);
}
final BiometricPrompt bp = builder.build();
final Handler handler = new Handler(Looper.getMainLooper());
bp.authenticate(new CancellationSignal(),
runnable -> handler.post(runnable),
authenticationCallback);
} else {
successRunnable.run();
}
}
@Override
public boolean onOptionsItemSelected(MenuItem item) {
switch (item.getItemId()) {
@@ -413,6 +466,17 @@ public class AppInfoDashboardFragment extends DashboardFragment
case UNINSTALL_UPDATES:
uninstallPkg(mAppEntry.info.packageName, false, false);
return true;
case ACCESS_RESTRICTED_SETTINGS:
showLockScreen(getContext(), () -> {
final AppOpsManager appOpsManager = getContext().getSystemService(
AppOpsManager.class);
appOpsManager.setMode(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,
getUid(),
getPackageName(),
AppOpsManager.MODE_ALLOWED);
getActivity().invalidateOptionsMenu();
});
return true;
}
return super.onOptionsItemSelected(item);
}
@@ -436,6 +500,18 @@ public class AppInfoDashboardFragment extends DashboardFragment
}
}
private boolean shouldShowAccessRestrictedSettings() {
try {
final int mode = getSystemService(AppOpsManager.class).noteOpNoThrow(
AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS, getUid(),
getPackageName());
return mode == AppOpsManager.MODE_IGNORED;
} catch (Exception e) {
// Fallback in case if app ops is not available in testing.
return false;
}
}
@VisibleForTesting
boolean shouldShowUninstallForAll(AppEntry appEntry) {
boolean showIt = true;

2
src/com/android/settings/enterprise/ActionDisabledByAdminDialogHelper.java
View File

@@ -62,7 +62,7 @@ public final class ActionDisabledByAdminDialogHelper {
public ActionDisabledByAdminDialogHelper(Activity activity, String restriction) {
mActivity = activity;
mDialogView = (ViewGroup) LayoutInflater.from(mActivity).inflate(
R.layout.admin_support_details_dialog, null);
R.layout.support_details_dialog, null);
mActionDisabledByAdminController = ActionDisabledByAdminControllerFactory
.createInstance(mActivity, restriction,
new DeviceAdminStringProviderImpl(mActivity),

3
tests/robotests/src/com/android/settings/accessibility/AccessibilityDetailsSettingsFragmentTest.java
View File

@@ -22,6 +22,7 @@ import static com.android.internal.accessibility.AccessibilityShortcutController
import static com.google.common.truth.Truth.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
@@ -134,7 +135,7 @@ public class AccessibilityDetailsSettingsFragmentTest {
final Intent intent = new Intent();
intent.putExtra(Intent.EXTRA_COMPONENT_NAME, COMPONENT_NAME);
doReturn(intent).when(mActivity).getIntent();
doReturn(false).when(mFragment).isServiceAllowed(any());
doReturn(false).when(mFragment).isServiceAllowed(anyInt(), any());
mFragment.onCreate(Bundle.EMPTY);

1
tests/robotests/src/com/android/settings/accessibility/AccessibilitySettingsTest.java
View File

@@ -368,6 +368,7 @@ public class AccessibilitySettingsTest {
private void setMockAccessibilityShortcutInfo(AccessibilityShortcutInfo mockInfo) {
final ActivityInfo activityInfo = Mockito.mock(ActivityInfo.class);
activityInfo.applicationInfo = new ApplicationInfo();
when(mockInfo.getActivityInfo()).thenReturn(activityInfo);
when(activityInfo.loadLabel(any())).thenReturn(DEFAULT_LABEL);
when(mockInfo.loadSummary(any())).thenReturn(DEFAULT_SUMMARY);