From d1a31ab6b38cca191045e1451da9e49158bec421 Mon Sep 17 00:00:00 2001
From: Alex Johnston <acjohnston@google.com>
Date: Wed, 15 Apr 2020 11:57:26 +0100
Subject: [PATCH] Update Wi-Fi configs restrictions

* Update isNetworkLockedDown in WifiUtils
  to check the profile owner if the device
  is an organization-owned managed profile
  device.
* Update the logic to check if a Wi-Fi
  network can be forgotten (for both the
  device owner and profile owner of an
  organization-owned device).

Bug: 150197944
Bug: 153605361
Test: manual testing
      make RunSettingsRoboTests -j ROBOTEST_FILTER=WifiDetailPreferenceController2Test
      make RunSettingsRoboTests -j ROBOTEST_FILTER=WifiUtilsTest

Manual Testing Steps
A. Provision TestDPC in 'Device Owner' mode.
   - Create a Wi-Fi config in TestDPC.
   - Enable 'DO created Wi-Fi configs are
     modifiable only by DO'.
   - Go to Settings and verify that the network
     created cannot be modified and the 'Forget'
     button is not displayed.
B. Provision TestDPC in 'Profile Owner of an
   organization-owned managed profile' mode.
   - Create a Wi-Fi config in the work profile
     instance of TestDPC.
   - Enable 'DO created Wi-Fi configs are
     modifiable only by DO'.
   - Go to Settings and verify that the network
     created cannot be modified and the 'Forget'
     button is not displayed.
C. Provision CtsVerifier in 'Device Owner' mode.
   - Go to 'Device owner tests' > 'Wifi
     configuration lockdown'.
   - Create a Wi-Fi config then follow the
     instructions.

Change-Id: Ie3c71113441a3aca62563310ad0e53d89fa04226
---
 .../android/settings/wifi/WifiSettings2.java  |  7 ++++++-
 src/com/android/settings/wifi/WifiUtils.java  | 16 ++++++++++++++++
 .../WifiDetailPreferenceController2.java      | 10 +++++++++-
 .../details2/WifiNetworkDetailsFragment2.java | 19 +++++++++++++++++--
 4 files changed, 48 insertions(+), 4 deletions(-)

diff --git a/src/com/android/settings/wifi/WifiSettings2.java b/src/com/android/settings/wifi/WifiSettings2.java
index 30d5ad08da4..ec8064843f7 100644
--- a/src/com/android/settings/wifi/WifiSettings2.java
+++ b/src/com/android/settings/wifi/WifiSettings2.java
@@ -491,7 +491,7 @@ public class WifiSettings2 extends RestrictedSettingsFragment
 
         // "forget" for normal saved network. And "disconnect" for ephemeral network because it
         // could only be disconnected and be put in blacklists so it won't be used again.
-        if (mSelectedWifiEntry.canForget()) {
+        if (canForgetNetwork()) {
             menu.add(Menu.NONE, MENU_ID_FORGET, 0 /* order */, R.string.forget);
         }
 
@@ -507,6 +507,11 @@ public class WifiSettings2 extends RestrictedSettingsFragment
         }
     }
 
+    private boolean canForgetNetwork() {
+        return mSelectedWifiEntry.canForget() && !WifiUtils.isNetworkLockedDown(getActivity(),
+                mSelectedWifiEntry.getWifiConfiguration());
+    }
+
     @Override
     public boolean onContextItemSelected(MenuItem item) {
         switch (item.getItemId()) {
diff --git a/src/com/android/settings/wifi/WifiUtils.java b/src/com/android/settings/wifi/WifiUtils.java
index c73e6a2dcf0..1333ab40741 100644
--- a/src/com/android/settings/wifi/WifiUtils.java
+++ b/src/com/android/settings/wifi/WifiUtils.java
@@ -24,9 +24,12 @@ import android.content.pm.PackageManager;
 import android.net.NetworkCapabilities;
 import android.net.wifi.ScanResult;
 import android.net.wifi.WifiConfiguration;
+import android.os.UserHandle;
+import android.os.UserManager;
 import android.provider.Settings;
 import android.text.TextUtils;
 
+import com.android.settings.Utils;
 import com.android.settingslib.wifi.AccessPoint;
 
 import java.nio.charset.StandardCharsets;
@@ -77,6 +80,7 @@ public class WifiUtils {
         final DevicePolicyManager dpm =
                 (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
         final PackageManager pm = context.getPackageManager();
+        final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
 
         // Check if device has DPM capability. If it has and dpm is still null, then we
         // treat this case with suspicion and bail out.
@@ -96,6 +100,18 @@ public class WifiUtils {
                 } catch (PackageManager.NameNotFoundException e) {
                     // don't care
                 }
+            } else if (dpm.isOrganizationOwnedDeviceWithManagedProfile()) {
+                int profileOwnerUserId = Utils.getManagedProfileId(um, UserHandle.myUserId());
+                final ComponentName profileOwner = dpm.getProfileOwnerAsUser(profileOwnerUserId);
+                if (profileOwner != null) {
+                    try {
+                        final int profileOwnerUid = pm.getPackageUidAsUser(
+                                profileOwner.getPackageName(), profileOwnerUserId);
+                        isConfigEligibleForLockdown = profileOwnerUid == config.creatorUid;
+                    } catch (PackageManager.NameNotFoundException e) {
+                        // don't care
+                    }
+                }
             }
         }
         if (!isConfigEligibleForLockdown) {
diff --git a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
index d55ab0b1927..2228f7b140a 100644
--- a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
+++ b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
@@ -660,7 +660,7 @@ public class WifiDetailPreferenceController2 extends AbstractPreferenceControlle
     }
 
     private void refreshButtons() {
-        final boolean canForgetNetwork = mWifiEntry.canForget();
+        final boolean canForgetNetwork = canForgetNetwork();
         final boolean showCaptivePortalButton = updateCaptivePortalButton();
         final boolean canConnectDisconnectNetwork = mWifiEntry.canConnect()
                 || mWifiEntry.canDisconnect();
@@ -787,6 +787,14 @@ public class WifiDetailPreferenceController2 extends AbstractPreferenceControlle
                 && !WifiUtils.isNetworkLockedDown(mContext, mWifiEntry.getWifiConfiguration());
     }
 
+    /**
+     * Returns whether the network represented by this preference can be forgotten.
+     */
+    public boolean canForgetNetwork() {
+        return mWifiEntry.canForget()
+                && !WifiUtils.isNetworkLockedDown(mContext, mWifiEntry.getWifiConfiguration());
+    }
+
     /**
      * Returns whether the user can sign into the network represented by this preference.
      */
diff --git a/src/com/android/settings/wifi/details2/WifiNetworkDetailsFragment2.java b/src/com/android/settings/wifi/details2/WifiNetworkDetailsFragment2.java
index 1b54e1a2f31..394bab65be0 100644
--- a/src/com/android/settings/wifi/details2/WifiNetworkDetailsFragment2.java
+++ b/src/com/android/settings/wifi/details2/WifiNetworkDetailsFragment2.java
@@ -18,6 +18,7 @@ package com.android.settings.wifi.details2;
 import static com.android.settings.wifi.WifiSettings.WIFI_DIALOG_ID;
 
 import android.app.Dialog;
+import android.app.admin.DevicePolicyManager;
 import android.app.settings.SettingsEnums;
 import android.content.Context;
 import android.net.ConnectivityManager;
@@ -29,6 +30,8 @@ import android.os.Looper;
 import android.os.Process;
 import android.os.SimpleClock;
 import android.os.SystemClock;
+import android.os.UserHandle;
+import android.os.UserManager;
 import android.view.Menu;
 import android.view.MenuInflater;
 import android.view.MenuItem;
@@ -36,10 +39,12 @@ import android.view.MenuItem;
 import androidx.preference.PreferenceScreen;
 
 import com.android.settings.R;
+import com.android.settings.Utils;
 import com.android.settings.dashboard.DashboardFragment;
 import com.android.settings.wifi.WifiConfigUiBase2;
 import com.android.settings.wifi.WifiDialog2;
 import com.android.settingslib.RestrictedLockUtils;
+import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
 import com.android.settingslib.RestrictedLockUtilsInternal;
 import com.android.settingslib.core.AbstractPreferenceController;
 import com.android.wifitrackerlib.NetworkDetailsTracker;
@@ -129,8 +134,18 @@ public class WifiNetworkDetailsFragment2 extends DashboardFragment implements
         switch (menuItem.getItemId()) {
             case Menu.FIRST:
                 if (!mWifiDetailPreferenceController2.canModifyNetwork()) {
-                    RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(),
-                            RestrictedLockUtilsInternal.getDeviceOwner(getContext()));
+                    EnforcedAdmin admin = RestrictedLockUtilsInternal.getDeviceOwner(getContext());
+                    if (admin == null) {
+                        final DevicePolicyManager dpm = (DevicePolicyManager)
+                                getContext().getSystemService(Context.DEVICE_POLICY_SERVICE);
+                        final UserManager um = (UserManager)
+                                getContext().getSystemService(Context.USER_SERVICE);
+                        int profileOwnerUserId = Utils.getManagedProfileId(
+                                um, UserHandle.myUserId());
+                        admin = new EnforcedAdmin(dpm.getProfileOwnerAsUser(profileOwnerUserId),
+                                null, UserHandle.of(profileOwnerUserId));
+                    }
+                    RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(), admin);
                 } else {
                     showDialog(WIFI_DIALOG_ID);
                 }