Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0de92329 authored by Jason Parks's avatar Jason Parks
Browse files

Fix Settings crash for global user restrictions. 

Bug: 277908283
Test: manual && atest FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I8b06b4439bdf74309bb2027cc4cdb350f1f52f72
parent 4ca16947

packages/SettingsLib/src/com/android/settingslib/enterprise/SupervisedDeviceActionDisabledByAdminController.java

+12 −5
Original line number Diff line number Diff line
@@ -16,17 +16,20 @@ 


package com.android.settingslib.enterprise;





import android.content.ComponentName;

import android.content.Context;

import android.content.DialogInterface;

import android.content.Intent;

import android.net.Uri;

import android.provider.Settings;

import android.util.Log;

import android.text.TextUtils;



import androidx.annotation.NonNull;

import androidx.annotation.Nullable;



import com.android.settingslib.RestrictedLockUtils;



import org.jetbrains.annotations.Nullable;



final class SupervisedDeviceActionDisabledByAdminController

        extends BaseActionDisabledByAdminController {
@@ -57,8 +60,13 @@ final class SupervisedDeviceActionDisabledByAdminController 


    @Nullable

    @Override

    public DialogInterface.OnClickListener getPositiveButtonListener(Context context,

            RestrictedLockUtils.EnforcedAdmin enforcedAdmin) {

    public DialogInterface.OnClickListener getPositiveButtonListener(@NonNull Context context,

            @NonNull RestrictedLockUtils.EnforcedAdmin enforcedAdmin) {

        if (enforcedAdmin.component == null

                || TextUtils.isEmpty(enforcedAdmin.component.getPackageName())) {

            return null;

        }



        final Intent intent = new Intent(Settings.ACTION_MANAGE_SUPERVISOR_RESTRICTED_SETTING)

                .setData(new Uri.Builder()

                        .scheme("policy")
@@ -72,7 +80,6 @@ final class SupervisedDeviceActionDisabledByAdminController 
            return null;

        }

        return (dialog, which) -> {

            Log.d(TAG, "Positive button clicked, component: " + enforcedAdmin.component);

            context.startActivity(intent);

        };

    }

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+8 −45
Original line number Diff line number Diff line
@@ -241,6 +241,7 @@ import static android.provider.Telephony.Carriers.ENFORCE_KEY; 
import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI;

import static android.provider.Telephony.Carriers.INVALID_APN_ID;

import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION;















import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB;















import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE;















import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;










@@ -15781,41 +15782,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        } else {















            long ident = mInjector.binderClearCallingIdentity();















            try {













                // TODO(b/277908283): check in the policy engine instead of calling user manager.













                List<UserManager.EnforcingUser> sources = mUserManager













                        .getUserRestrictionSources(restriction, UserHandle.of(userId));













                if (sources == null) {













                    // The restriction is not enforced.













                    return null;













                }













                int sizeBefore = sources.size();













                if (sizeBefore > 1) {













                    Slogf.d(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): "













                            + "%d sources found, excluding those set by UserManager",













                            userId, restriction, sizeBefore);













                    sources = getDevicePolicySources(sources);













                }













                if (sources.isEmpty()) {













                    // The restriction is not enforced (or is just enforced by the system)













                if (getEnforcingAdminsForRestrictionInternal(userId, restriction).size() == 0) {















                    return null;















                }



























                if (sources.size() > 1) {













                    // In this case, we'll show an admin support dialog that does not













                    // specify the admin.













                    // TODO(b/128928355): if this restriction is enforced by multiple DPCs, return













                    // the admin for the calling user.













                    Slogf.w(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): multiple "













                            + "sources for restriction %s on user %d",













                            userId, restriction, restriction, userId);













                    result = new Bundle();













                    result.putInt(Intent.EXTRA_USER_ID, userId);













                    return result;













                }













                final UserManager.EnforcingUser enforcingUser = sources.get(0);













                final int sourceType = enforcingUser.getUserRestrictionSource();













                if (sourceType == UserManager.RESTRICTION_SOURCE_PROFILE_OWNER













                        || sourceType == UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) {















                ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userId);















                if (admin != null) {















                    result = new Bundle();









@@ -15824,14 +15794,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                            admin.info.getComponent());















                    return result;















                }













                } else if (sourceType == UserManager.RESTRICTION_SOURCE_SYSTEM) {













                    /*













                     * In this case, the user restriction is enforced by the system.













                     * So we won't show an admin support intent, even if it is also













                     * enforced by a profile/device owner.













                     */















                return null;













                }















            } finally {















                mInjector.binderRestoreCallingIdentity(ident);















            }