diff --git a/src/com/android/settings/vpn2/AppDialogFragment.java b/src/com/android/settings/vpn2/AppDialogFragment.java index 626a271e7fc..b5623fd1ca3 100644 --- a/src/com/android/settings/vpn2/AppDialogFragment.java +++ b/src/com/android/settings/vpn2/AppDialogFragment.java @@ -17,6 +17,7 @@ package com.android.settings.vpn2; import android.app.Dialog; +import android.app.admin.DevicePolicyManager; import android.app.settings.SettingsEnums; import android.content.DialogInterface; import android.content.pm.PackageInfo; @@ -48,6 +49,7 @@ public class AppDialogFragment extends InstrumentedDialogFragment implements App private Listener mListener; private UserManager mUserManager; + private DevicePolicyManager mDevicePolicyManager; private VpnManager mVpnManager; @Override @@ -91,7 +93,11 @@ public class AppDialogFragment extends InstrumentedDialogFragment implements App @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + mPackageInfo = getArguments().getParcelable(ARG_PACKAGE); mUserManager = UserManager.get(getContext()); + mDevicePolicyManager = getContext() + .createContextAsUser(UserHandle.of(getUserId()), /* flags= */ 0) + .getSystemService(DevicePolicyManager.class); mVpnManager = getContext().getSystemService(VpnManager.class); } @@ -101,7 +107,6 @@ public class AppDialogFragment extends InstrumentedDialogFragment implements App final String label = args.getString(ARG_LABEL); boolean managing = args.getBoolean(ARG_MANAGING); boolean connected = args.getBoolean(ARG_CONNECTED); - mPackageInfo = args.getParcelable(ARG_PACKAGE); if (managing) { return new AppDialog(getActivity(), this, mPackageInfo, label); @@ -163,7 +168,10 @@ public class AppDialogFragment extends InstrumentedDialogFragment implements App private boolean isUiRestricted() { final UserHandle userHandle = UserHandle.of(getUserId()); - return mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN, userHandle); + if (mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN, userHandle)) { + return true; + } + return mPackageInfo.packageName.equals(mDevicePolicyManager.getAlwaysOnVpnPackage()); } private int getUserId() { diff --git a/src/com/android/settings/vpn2/AppPreference.java b/src/com/android/settings/vpn2/AppPreference.java index 6b64250df32..8ee2f5f2d0c 100644 --- a/src/com/android/settings/vpn2/AppPreference.java +++ b/src/com/android/settings/vpn2/AppPreference.java @@ -16,6 +16,7 @@ package com.android.settings.vpn2; +import android.app.admin.DevicePolicyManager; import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; @@ -26,6 +27,8 @@ import androidx.preference.Preference; import com.android.internal.net.LegacyVpnInfo; import com.android.internal.net.VpnConfig; +import com.android.settingslib.RestrictedLockUtils; +import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; /** * {@link androidx.preference.Preference} containing information about a VPN @@ -43,6 +46,7 @@ public class AppPreference extends ManageablePreference { super.setUserId(userId); mPackageName = packageName; + disableIfConfiguredByAdmin(); // Fetch icon and VPN label String label = packageName; @@ -74,6 +78,25 @@ public class AppPreference extends ManageablePreference { setIcon(icon); } + /** + * Disable this preference if VPN is set as always on by a profile or device owner. + * NB: it should be called after super.setUserId() otherwise admin information can be lost. + */ + private void disableIfConfiguredByAdmin() { + if (isDisabledByAdmin()) { + // Already disabled due to user restriction. + return; + } + final DevicePolicyManager dpm = getContext() + .createContextAsUser(UserHandle.of(getUserId()), /* flags= */ 0) + .getSystemService(DevicePolicyManager.class); + if (mPackageName.equals(dpm.getAlwaysOnVpnPackage())) { + final EnforcedAdmin admin = RestrictedLockUtils.getProfileOrDeviceOwner( + getContext(), UserHandle.of(mUserId)); + setDisabledByAdmin(admin); + } + } + public PackageInfo getPackageInfo() { try { PackageManager pm = getUserContext().getPackageManager();