Update Wi-Fi configs restrictions
* Update isNetworkLockedDown in WifiUtils
to check the profile owner if the device
is an organization-owned managed profile
device.
* Update the logic to check if a Wi-Fi
network can be forgotten (for both the
device owner and profile owner of an
organization-owned device).
Bug: 150197944
Bug: 153605361
Test: manual testing
make RunSettingsRoboTests -j ROBOTEST_FILTER=WifiDetailPreferenceController2Test
make RunSettingsRoboTests -j ROBOTEST_FILTER=WifiUtilsTest
Manual Testing Steps
A. Provision TestDPC in 'Device Owner' mode.
- Create a Wi-Fi config in TestDPC.
- Enable 'DO created Wi-Fi configs are
modifiable only by DO'.
- Go to Settings and verify that the network
created cannot be modified and the 'Forget'
button is not displayed.
B. Provision TestDPC in 'Profile Owner of an
organization-owned managed profile' mode.
- Create a Wi-Fi config in the work profile
instance of TestDPC.
- Enable 'DO created Wi-Fi configs are
modifiable only by DO'.
- Go to Settings and verify that the network
created cannot be modified and the 'Forget'
button is not displayed.
C. Provision CtsVerifier in 'Device Owner' mode.
- Go to 'Device owner tests' > 'Wifi
configuration lockdown'.
- Create a Wi-Fi config then follow the
instructions.
Change-Id: Ie3c71113441a3aca62563310ad0e53d89fa04226
This commit is contained in:
Alex Johnston
@@ -491,7 +491,7 @@ public class WifiSettings2 extends RestrictedSettingsFragment
|
||||
|
||||
// "forget" for normal saved network. And "disconnect" for ephemeral network because it
|
||||
// could only be disconnected and be put in blacklists so it won't be used again.
|
||||
if (mSelectedWifiEntry.canForget()) {
|
||||
if (canForgetNetwork()) {
|
||||
menu.add(Menu.NONE, MENU_ID_FORGET, 0 /* order */, R.string.forget);
|
||||
}
|
||||
|
||||
@@ -507,6 +507,11 @@ public class WifiSettings2 extends RestrictedSettingsFragment
|
||||
}
|
||||
}
|
||||
|
||||
private boolean canForgetNetwork() {
|
||||
return mSelectedWifiEntry.canForget() && !WifiUtils.isNetworkLockedDown(getActivity(),
|
||||
mSelectedWifiEntry.getWifiConfiguration());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean onContextItemSelected(MenuItem item) {
|
||||
switch (item.getItemId()) {
|
||||
|
||||
@@ -24,9 +24,12 @@ import android.content.pm.PackageManager;
|
||||
import android.net.NetworkCapabilities;
|
||||
import android.net.wifi.ScanResult;
|
||||
import android.net.wifi.WifiConfiguration;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.provider.Settings;
|
||||
import android.text.TextUtils;
|
||||
|
||||
import com.android.settings.Utils;
|
||||
import com.android.settingslib.wifi.AccessPoint;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
@@ -77,6 +80,7 @@ public class WifiUtils {
|
||||
final DevicePolicyManager dpm =
|
||||
(DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
|
||||
final PackageManager pm = context.getPackageManager();
|
||||
final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||
|
||||
// Check if device has DPM capability. If it has and dpm is still null, then we
|
||||
// treat this case with suspicion and bail out.
|
||||
@@ -96,6 +100,18 @@ public class WifiUtils {
|
||||
} catch (PackageManager.NameNotFoundException e) {
|
||||
// don't care
|
||||
}
|
||||
} else if (dpm.isOrganizationOwnedDeviceWithManagedProfile()) {
|
||||
int profileOwnerUserId = Utils.getManagedProfileId(um, UserHandle.myUserId());
|
||||
final ComponentName profileOwner = dpm.getProfileOwnerAsUser(profileOwnerUserId);
|
||||
if (profileOwner != null) {
|
||||
try {
|
||||
final int profileOwnerUid = pm.getPackageUidAsUser(
|
||||
profileOwner.getPackageName(), profileOwnerUserId);
|
||||
isConfigEligibleForLockdown = profileOwnerUid == config.creatorUid;
|
||||
} catch (PackageManager.NameNotFoundException e) {
|
||||
// don't care
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!isConfigEligibleForLockdown) {
|
||||
|
||||
@@ -660,7 +660,7 @@ public class WifiDetailPreferenceController2 extends AbstractPreferenceControlle
|
||||
}
|
||||
|
||||
private void refreshButtons() {
|
||||
final boolean canForgetNetwork = mWifiEntry.canForget();
|
||||
final boolean canForgetNetwork = canForgetNetwork();
|
||||
final boolean showCaptivePortalButton = updateCaptivePortalButton();
|
||||
final boolean canConnectDisconnectNetwork = mWifiEntry.canConnect()
|
||||
|| mWifiEntry.canDisconnect();
|
||||
@@ -787,6 +787,14 @@ public class WifiDetailPreferenceController2 extends AbstractPreferenceControlle
|
||||
&& !WifiUtils.isNetworkLockedDown(mContext, mWifiEntry.getWifiConfiguration());
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether the network represented by this preference can be forgotten.
|
||||
*/
|
||||
public boolean canForgetNetwork() {
|
||||
return mWifiEntry.canForget()
|
||||
&& !WifiUtils.isNetworkLockedDown(mContext, mWifiEntry.getWifiConfiguration());
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether the user can sign into the network represented by this preference.
|
||||
*/
|
||||
|
||||
@@ -18,6 +18,7 @@ package com.android.settings.wifi.details2;
|
||||
import static com.android.settings.wifi.WifiSettings.WIFI_DIALOG_ID;
|
||||
|
||||
import android.app.Dialog;
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.app.settings.SettingsEnums;
|
||||
import android.content.Context;
|
||||
import android.net.ConnectivityManager;
|
||||
@@ -29,6 +30,8 @@ import android.os.Looper;
|
||||
import android.os.Process;
|
||||
import android.os.SimpleClock;
|
||||
import android.os.SystemClock;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.view.Menu;
|
||||
import android.view.MenuInflater;
|
||||
import android.view.MenuItem;
|
||||
@@ -36,10 +39,12 @@ import android.view.MenuItem;
|
||||
import androidx.preference.PreferenceScreen;
|
||||
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.Utils;
|
||||
import com.android.settings.dashboard.DashboardFragment;
|
||||
import com.android.settings.wifi.WifiConfigUiBase2;
|
||||
import com.android.settings.wifi.WifiDialog2;
|
||||
import com.android.settingslib.RestrictedLockUtils;
|
||||
import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
|
||||
import com.android.settingslib.RestrictedLockUtilsInternal;
|
||||
import com.android.settingslib.core.AbstractPreferenceController;
|
||||
import com.android.wifitrackerlib.NetworkDetailsTracker;
|
||||
@@ -129,8 +134,18 @@ public class WifiNetworkDetailsFragment2 extends DashboardFragment implements
|
||||
switch (menuItem.getItemId()) {
|
||||
case Menu.FIRST:
|
||||
if (!mWifiDetailPreferenceController2.canModifyNetwork()) {
|
||||
RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(),
|
||||
RestrictedLockUtilsInternal.getDeviceOwner(getContext()));
|
||||
EnforcedAdmin admin = RestrictedLockUtilsInternal.getDeviceOwner(getContext());
|
||||
if (admin == null) {
|
||||
final DevicePolicyManager dpm = (DevicePolicyManager)
|
||||
getContext().getSystemService(Context.DEVICE_POLICY_SERVICE);
|
||||
final UserManager um = (UserManager)
|
||||
getContext().getSystemService(Context.USER_SERVICE);
|
||||
int profileOwnerUserId = Utils.getManagedProfileId(
|
||||
um, UserHandle.myUserId());
|
||||
admin = new EnforcedAdmin(dpm.getProfileOwnerAsUser(profileOwnerUserId),
|
||||
null, UserHandle.of(profileOwnerUserId));
|
||||
}
|
||||
RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(), admin);
|
||||
} else {
|
||||
showDialog(WIFI_DIALOG_ID);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user