Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 173e9437 authored by Jason Parks's avatar Jason Parks Committed by Android (Google) Code Review
Browse files

Merge "Fix Settings crash for global user restrictions." into main

parents a1dc124d 0de92329
Loading
Loading
Loading
Loading
+12 −5
Original line number Original line Diff line number Diff line
@@ -16,17 +16,20 @@


package com.android.settingslib.enterprise;
package com.android.settingslib.enterprise;



import android.content.ComponentName;
import android.content.ComponentName;
import android.content.Context;
import android.content.Context;
import android.content.DialogInterface;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.Intent;
import android.net.Uri;
import android.net.Uri;
import android.provider.Settings;
import android.provider.Settings;
import android.util.Log;
import android.text.TextUtils;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;


import com.android.settingslib.RestrictedLockUtils;
import com.android.settingslib.RestrictedLockUtils;


import org.jetbrains.annotations.Nullable;


final class SupervisedDeviceActionDisabledByAdminController
final class SupervisedDeviceActionDisabledByAdminController
        extends BaseActionDisabledByAdminController {
        extends BaseActionDisabledByAdminController {
@@ -57,8 +60,13 @@ final class SupervisedDeviceActionDisabledByAdminController


    @Nullable
    @Nullable
    @Override
    @Override
    public DialogInterface.OnClickListener getPositiveButtonListener(Context context,
    public DialogInterface.OnClickListener getPositiveButtonListener(@NonNull Context context,
            RestrictedLockUtils.EnforcedAdmin enforcedAdmin) {
            @NonNull RestrictedLockUtils.EnforcedAdmin enforcedAdmin) {
        if (enforcedAdmin.component == null
                || TextUtils.isEmpty(enforcedAdmin.component.getPackageName())) {
            return null;
        }

        final Intent intent = new Intent(Settings.ACTION_MANAGE_SUPERVISOR_RESTRICTED_SETTING)
        final Intent intent = new Intent(Settings.ACTION_MANAGE_SUPERVISOR_RESTRICTED_SETTING)
                .setData(new Uri.Builder()
                .setData(new Uri.Builder()
                        .scheme("policy")
                        .scheme("policy")
@@ -72,7 +80,6 @@ final class SupervisedDeviceActionDisabledByAdminController
            return null;
            return null;
        }
        }
        return (dialog, which) -> {
        return (dialog, which) -> {
            Log.d(TAG, "Positive button clicked, component: " + enforcedAdmin.component);
            context.startActivity(intent);
            context.startActivity(intent);
        };
        };
    }
    }
+8 −45
Original line number Original line Diff line number Diff line
@@ -241,6 +241,7 @@ import static android.provider.Telephony.Carriers.ENFORCE_KEY;
import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI;
import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI;
import static android.provider.Telephony.Carriers.INVALID_APN_ID;
import static android.provider.Telephony.Carriers.INVALID_APN_ID;
import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION;
import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION;
import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB;
import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB;
import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE;
import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE;
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;
@@ -15781,41 +15782,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
        } else {
        } else {
            long ident = mInjector.binderClearCallingIdentity();
            long ident = mInjector.binderClearCallingIdentity();
            try {
            try {
                // TODO(b/277908283): check in the policy engine instead of calling user manager.
                if (getEnforcingAdminsForRestrictionInternal(userId, restriction).size() == 0) {
                List<UserManager.EnforcingUser> sources = mUserManager
                        .getUserRestrictionSources(restriction, UserHandle.of(userId));
                if (sources == null) {
                    // The restriction is not enforced.
                    return null;
                }
                int sizeBefore = sources.size();
                if (sizeBefore > 1) {
                    Slogf.d(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): "
                            + "%d sources found, excluding those set by UserManager",
                            userId, restriction, sizeBefore);
                    sources = getDevicePolicySources(sources);
                }
                if (sources.isEmpty()) {
                    // The restriction is not enforced (or is just enforced by the system)
                    return null;
                    return null;
                }
                }
                if (sources.size() > 1) {
                    // In this case, we'll show an admin support dialog that does not
                    // specify the admin.
                    // TODO(b/128928355): if this restriction is enforced by multiple DPCs, return
                    // the admin for the calling user.
                    Slogf.w(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): multiple "
                            + "sources for restriction %s on user %d",
                            userId, restriction, restriction, userId);
                    result = new Bundle();
                    result.putInt(Intent.EXTRA_USER_ID, userId);
                    return result;
                }
                final UserManager.EnforcingUser enforcingUser = sources.get(0);
                final int sourceType = enforcingUser.getUserRestrictionSource();
                if (sourceType == UserManager.RESTRICTION_SOURCE_PROFILE_OWNER
                        || sourceType == UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) {
                ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userId);
                ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userId);
                if (admin != null) {
                if (admin != null) {
                    result = new Bundle();
                    result = new Bundle();
@@ -15824,14 +15794,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                            admin.info.getComponent());
                            admin.info.getComponent());
                    return result;
                    return result;
                }
                }
                } else if (sourceType == UserManager.RESTRICTION_SOURCE_SYSTEM) {
                    /*
                     * In this case, the user restriction is enforced by the system.
                     * So we won't show an admin support intent, even if it is also
                     * enforced by a profile/device owner.
                     */
                return null;
                return null;
                }
            } finally {
            } finally {
                mInjector.binderRestoreCallingIdentity(ident);
                mInjector.binderRestoreCallingIdentity(ident);
            }
            }