From ded1cd59c95f234e1abd2287378c738ad78c2c11 Mon Sep 17 00:00:00 2001 From: Hani Kazmi Date: Wed, 1 Nov 2023 16:16:10 +0000 Subject: [PATCH] Update existing ECM settings to use new infrastructure 1. Update Notification Listener and A11y settings to call RestrictedLockUtilsInternal rather than checking appOp themselves 2. Rename ecm related methods to include Ecm rather than AppOp - implementation details are being moved to permissions module and may change. Bug: 297372999 Test: Manually tested on device. Automaated tests to follow Change-Id: Ie3e16b502993b21a7e34eab0d661f98814b3cfd5 --- .../RestrictedPreferenceHelper.java | 26 +++++++++++++++++++ .../ApprovalPreferenceController.java | 26 +++++++++++++++++-- .../NotificationAccessDetails.java | 2 ++ 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/src/com/android/settings/accessibility/RestrictedPreferenceHelper.java b/src/com/android/settings/accessibility/RestrictedPreferenceHelper.java index dfa2f33f56f..6f21fb87a30 100644 --- a/src/com/android/settings/accessibility/RestrictedPreferenceHelper.java +++ b/src/com/android/settings/accessibility/RestrictedPreferenceHelper.java @@ -234,6 +234,32 @@ public class RestrictedPreferenceHelper { // permittedServices null means all accessibility services are allowed. boolean serviceAllowed = permittedServices == null || permittedServices.contains( preference.getPackageName()); + + if (android.security.Flags.extendEcmToAllSettings()) { + preference.checkEcmRestrictionAndSetDisabled( + AppOpsManager.OPSTR_BIND_ACCESSIBILITY_SERVICE, + preference.getPackageName(), preference.getUid()); + if (preference.isDisabledByEcm()) { + serviceAllowed = false; + } + + if (serviceAllowed || serviceEnabled) { + preference.setEnabled(true); + } else { + // Disable accessibility service that are not permitted. + final RestrictedLockUtils.EnforcedAdmin admin = + RestrictedLockUtilsInternal.checkIfAccessibilityServiceDisallowed( + mContext, preference.getPackageName(), UserHandle.myUserId()); + + if (admin != null) { + preference.setDisabledByAdmin(admin); + } else if (!preference.isDisabledByEcm()) { + preference.setEnabled(false); + } + } + return; + } + boolean appOpsAllowed; if (serviceAllowed) { try { diff --git a/src/com/android/settings/applications/specialaccess/notificationaccess/ApprovalPreferenceController.java b/src/com/android/settings/applications/specialaccess/notificationaccess/ApprovalPreferenceController.java index e3816bf755c..fb78e3eb077 100644 --- a/src/com/android/settings/applications/specialaccess/notificationaccess/ApprovalPreferenceController.java +++ b/src/com/android/settings/applications/specialaccess/notificationaccess/ApprovalPreferenceController.java @@ -41,6 +41,8 @@ public class ApprovalPreferenceController extends BasePreferenceController { private PreferenceFragmentCompat mParent; private NotificationManager mNm; private PackageManager mPm; + // The appOp representing this preference + private String mAppOpStr; public ApprovalPreferenceController(Context context, String key) { super(context, key); @@ -71,6 +73,14 @@ public class ApprovalPreferenceController extends BasePreferenceController { return this; } + /** + * Set the associated appOp for the Setting + */ + public ApprovalPreferenceController setAppOpStr(String appOpStr) { + mAppOpStr = appOpStr; + return this; + } + @Override public int getAvailabilityStatus() { return AVAILABLE; @@ -107,8 +117,20 @@ public class ApprovalPreferenceController extends BasePreferenceController { return false; } }); - preference.updateState( - mCn.getPackageName(), mPkgInfo.applicationInfo.uid, isAllowedCn, isEnabled); + + if (android.security.Flags.extendEcmToAllSettings()) { + if (!isAllowedCn && !isEnabled) { + preference.setEnabled(false); + } else if (isEnabled) { + preference.setEnabled(true); + } else { + preference.checkEcmRestrictionAndSetDisabled(mAppOpStr, + mCn.getPackageName(), mPkgInfo.applicationInfo.uid); + } + } else { + preference.updateState( + mCn.getPackageName(), mPkgInfo.applicationInfo.uid, isAllowedCn, isEnabled); + } } public void disable(final ComponentName cn) { diff --git a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java index 17dabe4b7a4..89767ddb011 100644 --- a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java +++ b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java @@ -21,6 +21,7 @@ import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static com.android.settings.applications.AppInfoBase.ARG_PACKAGE_NAME; import android.Manifest; +import android.app.AppOpsManager; import android.app.NotificationManager; import android.app.settings.SettingsEnums; import android.companion.ICompanionDeviceManager; @@ -102,6 +103,7 @@ public class NotificationAccessDetails extends DashboardFragment { .setCn(mComponentName) .setNm(context.getSystemService(NotificationManager.class)) .setPm(mPm) + .setAppOpStr(AppOpsManager.OPSTR_ACCESS_NOTIFICATIONS) .setParent(this); use(HeaderPreferenceController.class) .setFragment(this)