Loading packages/SettingsLib/src/com/android/settingslib/enterprise/SupervisedDeviceActionDisabledByAdminController.java +12 −5 Original line number Original line Diff line number Diff line Loading @@ -16,17 +16,20 @@ package com.android.settingslib.enterprise; package com.android.settingslib.enterprise; import android.content.ComponentName; import android.content.ComponentName; import android.content.Context; import android.content.Context; import android.content.DialogInterface; import android.content.DialogInterface; import android.content.Intent; import android.content.Intent; import android.net.Uri; import android.net.Uri; import android.provider.Settings; import android.provider.Settings; import android.util.Log; import android.text.TextUtils; import androidx.annotation.NonNull; import androidx.annotation.Nullable; import com.android.settingslib.RestrictedLockUtils; import com.android.settingslib.RestrictedLockUtils; import org.jetbrains.annotations.Nullable; final class SupervisedDeviceActionDisabledByAdminController final class SupervisedDeviceActionDisabledByAdminController extends BaseActionDisabledByAdminController { extends BaseActionDisabledByAdminController { Loading Loading @@ -57,8 +60,13 @@ final class SupervisedDeviceActionDisabledByAdminController @Nullable @Nullable @Override @Override public DialogInterface.OnClickListener getPositiveButtonListener(Context context, public DialogInterface.OnClickListener getPositiveButtonListener(@NonNull Context context, RestrictedLockUtils.EnforcedAdmin enforcedAdmin) { @NonNull RestrictedLockUtils.EnforcedAdmin enforcedAdmin) { if (enforcedAdmin.component == null || TextUtils.isEmpty(enforcedAdmin.component.getPackageName())) { return null; } final Intent intent = new Intent(Settings.ACTION_MANAGE_SUPERVISOR_RESTRICTED_SETTING) final Intent intent = new Intent(Settings.ACTION_MANAGE_SUPERVISOR_RESTRICTED_SETTING) .setData(new Uri.Builder() .setData(new Uri.Builder() .scheme("policy") .scheme("policy") Loading @@ -72,7 +80,6 @@ final class SupervisedDeviceActionDisabledByAdminController return null; return null; } } return (dialog, which) -> { return (dialog, which) -> { Log.d(TAG, "Positive button clicked, component: " + enforcedAdmin.component); context.startActivity(intent); context.startActivity(intent); }; }; } } Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +8 −45 Original line number Original line Diff line number Diff line Loading @@ -241,6 +241,7 @@ import static android.provider.Telephony.Carriers.ENFORCE_KEY; import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; import static android.provider.Telephony.Carriers.INVALID_APN_ID; import static android.provider.Telephony.Carriers.INVALID_APN_ID; import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION; import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION; import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB; import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; Loading Loading @@ -15781,41 +15782,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else { } else { long ident = mInjector.binderClearCallingIdentity(); long ident = mInjector.binderClearCallingIdentity(); try { try { // TODO(b/277908283): check in the policy engine instead of calling user manager. if (getEnforcingAdminsForRestrictionInternal(userId, restriction).size() == 0) { List<UserManager.EnforcingUser> sources = mUserManager .getUserRestrictionSources(restriction, UserHandle.of(userId)); if (sources == null) { // The restriction is not enforced. return null; } int sizeBefore = sources.size(); if (sizeBefore > 1) { Slogf.d(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): " + "%d sources found, excluding those set by UserManager", userId, restriction, sizeBefore); sources = getDevicePolicySources(sources); } if (sources.isEmpty()) { // The restriction is not enforced (or is just enforced by the system) return null; return null; } } if (sources.size() > 1) { // In this case, we'll show an admin support dialog that does not // specify the admin. // TODO(b/128928355): if this restriction is enforced by multiple DPCs, return // the admin for the calling user. Slogf.w(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): multiple " + "sources for restriction %s on user %d", userId, restriction, restriction, userId); result = new Bundle(); result.putInt(Intent.EXTRA_USER_ID, userId); return result; } final UserManager.EnforcingUser enforcingUser = sources.get(0); final int sourceType = enforcingUser.getUserRestrictionSource(); if (sourceType == UserManager.RESTRICTION_SOURCE_PROFILE_OWNER || sourceType == UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) { ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userId); ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userId); if (admin != null) { if (admin != null) { result = new Bundle(); result = new Bundle(); Loading @@ -15824,14 +15794,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { admin.info.getComponent()); admin.info.getComponent()); return result; return result; } } } else if (sourceType == UserManager.RESTRICTION_SOURCE_SYSTEM) { /* * In this case, the user restriction is enforced by the system. * So we won't show an admin support intent, even if it is also * enforced by a profile/device owner. */ return null; return null; } } finally { } finally { mInjector.binderRestoreCallingIdentity(ident); mInjector.binderRestoreCallingIdentity(ident); } } Loading
packages/SettingsLib/src/com/android/settingslib/enterprise/SupervisedDeviceActionDisabledByAdminController.java +12 −5 Original line number Original line Diff line number Diff line Loading @@ -16,17 +16,20 @@ package com.android.settingslib.enterprise; package com.android.settingslib.enterprise; import android.content.ComponentName; import android.content.ComponentName; import android.content.Context; import android.content.Context; import android.content.DialogInterface; import android.content.DialogInterface; import android.content.Intent; import android.content.Intent; import android.net.Uri; import android.net.Uri; import android.provider.Settings; import android.provider.Settings; import android.util.Log; import android.text.TextUtils; import androidx.annotation.NonNull; import androidx.annotation.Nullable; import com.android.settingslib.RestrictedLockUtils; import com.android.settingslib.RestrictedLockUtils; import org.jetbrains.annotations.Nullable; final class SupervisedDeviceActionDisabledByAdminController final class SupervisedDeviceActionDisabledByAdminController extends BaseActionDisabledByAdminController { extends BaseActionDisabledByAdminController { Loading Loading @@ -57,8 +60,13 @@ final class SupervisedDeviceActionDisabledByAdminController @Nullable @Nullable @Override @Override public DialogInterface.OnClickListener getPositiveButtonListener(Context context, public DialogInterface.OnClickListener getPositiveButtonListener(@NonNull Context context, RestrictedLockUtils.EnforcedAdmin enforcedAdmin) { @NonNull RestrictedLockUtils.EnforcedAdmin enforcedAdmin) { if (enforcedAdmin.component == null || TextUtils.isEmpty(enforcedAdmin.component.getPackageName())) { return null; } final Intent intent = new Intent(Settings.ACTION_MANAGE_SUPERVISOR_RESTRICTED_SETTING) final Intent intent = new Intent(Settings.ACTION_MANAGE_SUPERVISOR_RESTRICTED_SETTING) .setData(new Uri.Builder() .setData(new Uri.Builder() .scheme("policy") .scheme("policy") Loading @@ -72,7 +80,6 @@ final class SupervisedDeviceActionDisabledByAdminController return null; return null; } } return (dialog, which) -> { return (dialog, which) -> { Log.d(TAG, "Positive button clicked, component: " + enforcedAdmin.component); context.startActivity(intent); context.startActivity(intent); }; }; } } Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +8 −45 Original line number Original line Diff line number Diff line Loading @@ -241,6 +241,7 @@ import static android.provider.Telephony.Carriers.ENFORCE_KEY; import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; import static android.provider.Telephony.Carriers.INVALID_APN_ID; import static android.provider.Telephony.Carriers.INVALID_APN_ID; import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION; import static android.security.keystore.AttestationUtils.USE_INDIVIDUAL_ATTESTATION; import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB; import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; Loading Loading @@ -15781,41 +15782,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else { } else { long ident = mInjector.binderClearCallingIdentity(); long ident = mInjector.binderClearCallingIdentity(); try { try { // TODO(b/277908283): check in the policy engine instead of calling user manager. if (getEnforcingAdminsForRestrictionInternal(userId, restriction).size() == 0) { List<UserManager.EnforcingUser> sources = mUserManager .getUserRestrictionSources(restriction, UserHandle.of(userId)); if (sources == null) { // The restriction is not enforced. return null; } int sizeBefore = sources.size(); if (sizeBefore > 1) { Slogf.d(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): " + "%d sources found, excluding those set by UserManager", userId, restriction, sizeBefore); sources = getDevicePolicySources(sources); } if (sources.isEmpty()) { // The restriction is not enforced (or is just enforced by the system) return null; return null; } } if (sources.size() > 1) { // In this case, we'll show an admin support dialog that does not // specify the admin. // TODO(b/128928355): if this restriction is enforced by multiple DPCs, return // the admin for the calling user. Slogf.w(LOG_TAG, "getEnforcingAdminAndUserDetailsInternal(%d, %s): multiple " + "sources for restriction %s on user %d", userId, restriction, restriction, userId); result = new Bundle(); result.putInt(Intent.EXTRA_USER_ID, userId); return result; } final UserManager.EnforcingUser enforcingUser = sources.get(0); final int sourceType = enforcingUser.getUserRestrictionSource(); if (sourceType == UserManager.RESTRICTION_SOURCE_PROFILE_OWNER || sourceType == UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) { ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userId); ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userId); if (admin != null) { if (admin != null) { result = new Bundle(); result = new Bundle(); Loading @@ -15824,14 +15794,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { admin.info.getComponent()); admin.info.getComponent()); return result; return result; } } } else if (sourceType == UserManager.RESTRICTION_SOURCE_SYSTEM) { /* * In this case, the user restriction is enforced by the system. * So we won't show an admin support intent, even if it is also * enforced by a profile/device owner. */ return null; return null; } } finally { } finally { mInjector.binderRestoreCallingIdentity(ident); mInjector.binderRestoreCallingIdentity(ident); } }
