Update existing ECM settings to use new infrastructure

1. Update Notification Listener and A11y settings to call RestrictedLockUtilsInternal rather than checking appOp themselves 2. Rename ecm related methods to include Ecm rather than AppOp - implementation details are being moved to permissions module and may change. Bug: 297372999 Test: Manually tested on device. Automaated tests to follow Change-Id: Ie3e16b502993b21a7e34eab0d661f98814b3cfd5
2023-11-01 16:16:10 +00:00
parent 291e6043bf
commit ded1cd59c9
3 changed files with 52 additions and 2 deletions
--- a/src/com/android/settings/accessibility/RestrictedPreferenceHelper.java
+++ b/src/com/android/settings/accessibility/RestrictedPreferenceHelper.java
@@ -234,6 +234,32 @@ public class RestrictedPreferenceHelper {
        // permittedServices null means all accessibility services are allowed.
        boolean serviceAllowed = permittedServices == null || permittedServices.contains(
                preference.getPackageName());
+
+        if (android.security.Flags.extendEcmToAllSettings()) {
+            preference.checkEcmRestrictionAndSetDisabled(
+                    AppOpsManager.OPSTR_BIND_ACCESSIBILITY_SERVICE,
+                    preference.getPackageName(), preference.getUid());
+            if (preference.isDisabledByEcm()) {
+                serviceAllowed = false;
+            }
+
+            if (serviceAllowed || serviceEnabled) {
+                preference.setEnabled(true);
+            } else {
+                // Disable accessibility service that are not permitted.
+                final RestrictedLockUtils.EnforcedAdmin admin =
+                        RestrictedLockUtilsInternal.checkIfAccessibilityServiceDisallowed(
+                                mContext, preference.getPackageName(), UserHandle.myUserId());
+
+                if (admin != null) {
+                    preference.setDisabledByAdmin(admin);
+                } else if (!preference.isDisabledByEcm()) {
+                    preference.setEnabled(false);
+                }
+            }
+            return;
+        }
+
        boolean appOpsAllowed;
        if (serviceAllowed) {
            try {
--- a/src/com/android/settings/applications/specialaccess/notificationaccess/ApprovalPreferenceController.java
+++ b/src/com/android/settings/applications/specialaccess/notificationaccess/ApprovalPreferenceController.java
@@ -41,6 +41,8 @@ public class ApprovalPreferenceController extends BasePreferenceController {
    private PreferenceFragmentCompat mParent;
    private NotificationManager mNm;
    private PackageManager mPm;
+    // The appOp representing this preference
+    private String mAppOpStr;

    public ApprovalPreferenceController(Context context, String key) {
        super(context, key);
@@ -71,6 +73,14 @@ public class ApprovalPreferenceController extends BasePreferenceController {
        return this;
    }

+    /**
+     * Set the associated appOp for the Setting
+     */
+    public ApprovalPreferenceController setAppOpStr(String appOpStr) {
+        mAppOpStr = appOpStr;
+        return this;
+    }
+
    @Override
    public int getAvailabilityStatus() {
        return AVAILABLE;
@@ -107,8 +117,20 @@ public class ApprovalPreferenceController extends BasePreferenceController {
                return false;
            }
        });
-        preference.updateState(
-                mCn.getPackageName(), mPkgInfo.applicationInfo.uid, isAllowedCn, isEnabled);
+
+        if (android.security.Flags.extendEcmToAllSettings()) {
+            if (!isAllowedCn && !isEnabled) {
+                preference.setEnabled(false);
+            } else if (isEnabled) {
+                preference.setEnabled(true);
+            } else {
+                preference.checkEcmRestrictionAndSetDisabled(mAppOpStr,
+                        mCn.getPackageName(), mPkgInfo.applicationInfo.uid);
+            }
+        } else {
+            preference.updateState(
+                    mCn.getPackageName(), mPkgInfo.applicationInfo.uid, isAllowedCn, isEnabled);
+        }
    }

    public void disable(final ComponentName cn) {
--- a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
+++ b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
@@ -21,6 +21,7 @@ import static android.content.pm.PackageManager.PERMISSION_GRANTED;
 import static com.android.settings.applications.AppInfoBase.ARG_PACKAGE_NAME;

 import android.Manifest;
+import android.app.AppOpsManager;
 import android.app.NotificationManager;
 import android.app.settings.SettingsEnums;
 import android.companion.ICompanionDeviceManager;
@@ -102,6 +103,7 @@ public class NotificationAccessDetails extends DashboardFragment {
                .setCn(mComponentName)
                .setNm(context.getSystemService(NotificationManager.class))
                .setPm(mPm)
+                .setAppOpStr(AppOpsManager.OPSTR_ACCESS_NOTIFICATIONS)
                .setParent(this);
        use(HeaderPreferenceController.class)
                .setFragment(this)