Loading packages/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java +18 −5 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.app.AppGlobals; import android.app.AppOpsManager; import android.app.Dialog; import android.app.DialogFragment; import android.app.admin.DevicePolicyManager; import android.content.ActivityNotFoundException; import android.content.ContentResolver; import android.content.Context; Loading Loading @@ -427,7 +428,7 @@ public class PackageInstallerActivity extends AlertActivity { if (mAllowUnknownSources || !isInstallRequestFromUnknownSource(getIntent())) { initiateInstall(); } else { // Check for unknown sources restriction // Check for unknown sources restrictions. final int unknownSourcesRestrictionSource = mUserManager.getUserRestrictionSource( UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, Process.myUserHandle()); final int unknownSourcesGlobalRestrictionSource = mUserManager.getUserRestrictionSource( Loading @@ -436,16 +437,28 @@ public class PackageInstallerActivity extends AlertActivity { & (unknownSourcesRestrictionSource | unknownSourcesGlobalRestrictionSource); if (systemRestriction != 0) { showDialogInner(DLG_UNKNOWN_SOURCES_RESTRICTED_FOR_USER); } else if (unknownSourcesRestrictionSource != UserManager.RESTRICTION_NOT_SET || unknownSourcesGlobalRestrictionSource != UserManager.RESTRICTION_NOT_SET) { startActivity(new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS)); finish(); } else if (unknownSourcesRestrictionSource != UserManager.RESTRICTION_NOT_SET) { startAdminSupportDetailsActivity(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES); } else if (unknownSourcesGlobalRestrictionSource != UserManager.RESTRICTION_NOT_SET) { startAdminSupportDetailsActivity( UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY); } else { handleUnknownSources(); } } } private void startAdminSupportDetailsActivity(String restriction) { // If the given restriction is set by an admin, display information about the // admin enforcing the restriction for the affected user. final DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class); final Intent showAdminSupportDetailsIntent = dpm.createAdminSupportIntent(restriction); if (showAdminSupportDetailsIntent != null) { startActivity(showAdminSupportDetailsIntent); } finish(); } private void handleUnknownSources() { if (mOriginatingPackage == null) { Log.i(TAG, "No source found for package " + mPkgInfo.packageName); Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +41 −38 Original line number Diff line number Diff line Loading @@ -11180,48 +11180,51 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) { int source; long ident = mInjector.binderClearCallingIdentity(); final long ident = mInjector.binderClearCallingIdentity(); try { source = mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId)); } finally { mInjector.binderRestoreCallingIdentity(ident); } if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { /* * In this case, the user restriction is enforced by the system. * So we won't show an admin support intent, even if it is also * enforced by a profile/device owner. */ final List<UserManager.EnforcingUser> sources = mUserManager .getUserRestrictionSources(userRestriction, UserHandle.of(userId)); if (sources == null || sources.isEmpty()) { // The restriction is not enforced. return null; } boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0; boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0; if (enforcedByDo && enforcedByPo) { } else if (sources.size() > 1) { // In this case, we'll show an admin support dialog that does not // specify the admin. return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); } else if (enforcedByPo) { final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); // TODO(b/128928355): if this restriction is enforced by multiple DPCs, return // the admin for the calling user. return DevicePolicyManagerService.this.createShowAdminSupportIntent( null, userId); } final UserManager.EnforcingUser enforcingUser = sources.get(0); final int sourceType = enforcingUser.getUserRestrictionSource(); final int enforcingUserId = enforcingUser.getUserHandle().getIdentifier(); if (sourceType == UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) { // Restriction was enforced by PO final ComponentName profileOwner = mOwners.getProfileOwnerComponent( enforcingUserId); if (profileOwner != null) { return DevicePolicyManagerService.this .createShowAdminSupportIntent(profileOwner, userId); return DevicePolicyManagerService.this.createShowAdminSupportIntent( profileOwner, enforcingUserId); } // This could happen if another thread has changed the profile owner since we called // getUserRestrictionSource return null; } else if (enforcedByDo) { final Pair<Integer, ComponentName> deviceOwner = mOwners.getDeviceOwnerUserIdAndComponent(); } else if (sourceType == UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) { // Restriction was enforced by DO final Pair<Integer, ComponentName> deviceOwner = mOwners.getDeviceOwnerUserIdAndComponent(); if (deviceOwner != null) { return DevicePolicyManagerService.this .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first); return DevicePolicyManagerService.this.createShowAdminSupportIntent( deviceOwner.second, deviceOwner.first); } // This could happen if another thread has changed the device owner since we called // getUserRestrictionSource } else if (sourceType == UserManager.RESTRICTION_SOURCE_SYSTEM) { /* * In this case, the user restriction is enforced by the system. * So we won't show an admin support intent, even if it is also * enforced by a profile/device owner. */ return null; } } finally { mInjector.binderRestoreCallingIdentity(ident); } return null; } Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +17 −22 Original line number Diff line number Diff line Loading @@ -100,7 +100,6 @@ import com.android.server.pm.UserRestrictionsUtils; import org.hamcrest.BaseMatcher; import org.hamcrest.Description; import org.mockito.Mockito; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; import java.io.File; Loading Loading @@ -242,9 +241,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>(); // UM.setApplicationRestrictions() will save to appRestrictions. doAnswer(new Answer<Void>() { @Override public Void answer(InvocationOnMock invocation) throws Throwable { doAnswer((Answer<Void>) invocation -> { String pkg = (String) invocation.getArguments()[0]; Bundle bundle = (Bundle) invocation.getArguments()[1]; UserHandle user = (UserHandle) invocation.getArguments()[2]; Loading @@ -252,19 +249,15 @@ public class DevicePolicyManagerTest extends DpmTestBase { appRestrictions.put(Pair.create(pkg, user), bundle); return null; } }).when(getServices().userManager).setApplicationRestrictions( anyString(), nullable(Bundle.class), any(UserHandle.class)); // UM.getApplicationRestrictions() will read from appRestrictions. doAnswer(new Answer<Bundle>() { @Override public Bundle answer(InvocationOnMock invocation) throws Throwable { doAnswer((Answer<Bundle>) invocation -> { String pkg = (String) invocation.getArguments()[0]; UserHandle user = (UserHandle) invocation.getArguments()[1]; return appRestrictions.get(Pair.create(pkg, user)); } }).when(getServices().userManager).getApplicationRestrictions( anyString(), any(UserHandle.class)); Loading Loading @@ -2243,11 +2236,13 @@ public class DevicePolicyManagerTest extends DpmTestBase { intent = dpm.createAdminSupportIntent(UserManager.DISALLOW_ADJUST_VOLUME); assertNull(intent); // Permission that is set by device owner returns correct intent when(getServices().userManager.getUserRestrictionSource( // UM.getUserRestrictionSources() will return a list of size 1 with the caller resource. doAnswer((Answer<List<UserManager.EnforcingUser>>) invocation -> Collections.singletonList( new UserManager.EnforcingUser( UserHandle.myUserId(), UserManager.RESTRICTION_SOURCE_DEVICE_OWNER)) ).when(getServices().userManager).getUserRestrictionSources( eq(UserManager.DISALLOW_ADJUST_VOLUME), eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid)))) .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER); eq(UserHandle.getUserHandleForUid(UserHandle.myUserId()))); intent = dpm.createAdminSupportIntent(UserManager.DISALLOW_ADJUST_VOLUME); assertNotNull(intent); assertEquals(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS, intent.getAction()); Loading Loading
packages/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java +18 −5 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.app.AppGlobals; import android.app.AppOpsManager; import android.app.Dialog; import android.app.DialogFragment; import android.app.admin.DevicePolicyManager; import android.content.ActivityNotFoundException; import android.content.ContentResolver; import android.content.Context; Loading Loading @@ -427,7 +428,7 @@ public class PackageInstallerActivity extends AlertActivity { if (mAllowUnknownSources || !isInstallRequestFromUnknownSource(getIntent())) { initiateInstall(); } else { // Check for unknown sources restriction // Check for unknown sources restrictions. final int unknownSourcesRestrictionSource = mUserManager.getUserRestrictionSource( UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, Process.myUserHandle()); final int unknownSourcesGlobalRestrictionSource = mUserManager.getUserRestrictionSource( Loading @@ -436,16 +437,28 @@ public class PackageInstallerActivity extends AlertActivity { & (unknownSourcesRestrictionSource | unknownSourcesGlobalRestrictionSource); if (systemRestriction != 0) { showDialogInner(DLG_UNKNOWN_SOURCES_RESTRICTED_FOR_USER); } else if (unknownSourcesRestrictionSource != UserManager.RESTRICTION_NOT_SET || unknownSourcesGlobalRestrictionSource != UserManager.RESTRICTION_NOT_SET) { startActivity(new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS)); finish(); } else if (unknownSourcesRestrictionSource != UserManager.RESTRICTION_NOT_SET) { startAdminSupportDetailsActivity(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES); } else if (unknownSourcesGlobalRestrictionSource != UserManager.RESTRICTION_NOT_SET) { startAdminSupportDetailsActivity( UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY); } else { handleUnknownSources(); } } } private void startAdminSupportDetailsActivity(String restriction) { // If the given restriction is set by an admin, display information about the // admin enforcing the restriction for the affected user. final DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class); final Intent showAdminSupportDetailsIntent = dpm.createAdminSupportIntent(restriction); if (showAdminSupportDetailsIntent != null) { startActivity(showAdminSupportDetailsIntent); } finish(); } private void handleUnknownSources() { if (mOriginatingPackage == null) { Log.i(TAG, "No source found for package " + mPkgInfo.packageName); Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +41 −38 Original line number Diff line number Diff line Loading @@ -11180,48 +11180,51 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) { int source; long ident = mInjector.binderClearCallingIdentity(); final long ident = mInjector.binderClearCallingIdentity(); try { source = mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId)); } finally { mInjector.binderRestoreCallingIdentity(ident); } if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { /* * In this case, the user restriction is enforced by the system. * So we won't show an admin support intent, even if it is also * enforced by a profile/device owner. */ final List<UserManager.EnforcingUser> sources = mUserManager .getUserRestrictionSources(userRestriction, UserHandle.of(userId)); if (sources == null || sources.isEmpty()) { // The restriction is not enforced. return null; } boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0; boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0; if (enforcedByDo && enforcedByPo) { } else if (sources.size() > 1) { // In this case, we'll show an admin support dialog that does not // specify the admin. return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); } else if (enforcedByPo) { final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); // TODO(b/128928355): if this restriction is enforced by multiple DPCs, return // the admin for the calling user. return DevicePolicyManagerService.this.createShowAdminSupportIntent( null, userId); } final UserManager.EnforcingUser enforcingUser = sources.get(0); final int sourceType = enforcingUser.getUserRestrictionSource(); final int enforcingUserId = enforcingUser.getUserHandle().getIdentifier(); if (sourceType == UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) { // Restriction was enforced by PO final ComponentName profileOwner = mOwners.getProfileOwnerComponent( enforcingUserId); if (profileOwner != null) { return DevicePolicyManagerService.this .createShowAdminSupportIntent(profileOwner, userId); return DevicePolicyManagerService.this.createShowAdminSupportIntent( profileOwner, enforcingUserId); } // This could happen if another thread has changed the profile owner since we called // getUserRestrictionSource return null; } else if (enforcedByDo) { final Pair<Integer, ComponentName> deviceOwner = mOwners.getDeviceOwnerUserIdAndComponent(); } else if (sourceType == UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) { // Restriction was enforced by DO final Pair<Integer, ComponentName> deviceOwner = mOwners.getDeviceOwnerUserIdAndComponent(); if (deviceOwner != null) { return DevicePolicyManagerService.this .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first); return DevicePolicyManagerService.this.createShowAdminSupportIntent( deviceOwner.second, deviceOwner.first); } // This could happen if another thread has changed the device owner since we called // getUserRestrictionSource } else if (sourceType == UserManager.RESTRICTION_SOURCE_SYSTEM) { /* * In this case, the user restriction is enforced by the system. * So we won't show an admin support intent, even if it is also * enforced by a profile/device owner. */ return null; } } finally { mInjector.binderRestoreCallingIdentity(ident); } return null; } Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +17 −22 Original line number Diff line number Diff line Loading @@ -100,7 +100,6 @@ import com.android.server.pm.UserRestrictionsUtils; import org.hamcrest.BaseMatcher; import org.hamcrest.Description; import org.mockito.Mockito; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; import java.io.File; Loading Loading @@ -242,9 +241,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>(); // UM.setApplicationRestrictions() will save to appRestrictions. doAnswer(new Answer<Void>() { @Override public Void answer(InvocationOnMock invocation) throws Throwable { doAnswer((Answer<Void>) invocation -> { String pkg = (String) invocation.getArguments()[0]; Bundle bundle = (Bundle) invocation.getArguments()[1]; UserHandle user = (UserHandle) invocation.getArguments()[2]; Loading @@ -252,19 +249,15 @@ public class DevicePolicyManagerTest extends DpmTestBase { appRestrictions.put(Pair.create(pkg, user), bundle); return null; } }).when(getServices().userManager).setApplicationRestrictions( anyString(), nullable(Bundle.class), any(UserHandle.class)); // UM.getApplicationRestrictions() will read from appRestrictions. doAnswer(new Answer<Bundle>() { @Override public Bundle answer(InvocationOnMock invocation) throws Throwable { doAnswer((Answer<Bundle>) invocation -> { String pkg = (String) invocation.getArguments()[0]; UserHandle user = (UserHandle) invocation.getArguments()[1]; return appRestrictions.get(Pair.create(pkg, user)); } }).when(getServices().userManager).getApplicationRestrictions( anyString(), any(UserHandle.class)); Loading Loading @@ -2243,11 +2236,13 @@ public class DevicePolicyManagerTest extends DpmTestBase { intent = dpm.createAdminSupportIntent(UserManager.DISALLOW_ADJUST_VOLUME); assertNull(intent); // Permission that is set by device owner returns correct intent when(getServices().userManager.getUserRestrictionSource( // UM.getUserRestrictionSources() will return a list of size 1 with the caller resource. doAnswer((Answer<List<UserManager.EnforcingUser>>) invocation -> Collections.singletonList( new UserManager.EnforcingUser( UserHandle.myUserId(), UserManager.RESTRICTION_SOURCE_DEVICE_OWNER)) ).when(getServices().userManager).getUserRestrictionSources( eq(UserManager.DISALLOW_ADJUST_VOLUME), eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid)))) .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER); eq(UserHandle.getUserHandleForUid(UserHandle.myUserId()))); intent = dpm.createAdminSupportIntent(UserManager.DISALLOW_ADJUST_VOLUME); assertNotNull(intent); assertEquals(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS, intent.getAction()); Loading
