Merge "Call DPM from RestrictedPreferenceHelper" into main

        // This flag library has been added in frameworks jar

        // This flag library has been added in frameworks jar

        "aconfig_settingslib_flags_java_lib",

        "aconfig_settingslib_flags_java_lib",

        "wifi_framework_aconfig_flags_lib",

        "wifi_framework_aconfig_flags_lib",

        "device_policy_aconfig_flags_lib",

    ],

    ],

    plugins: ["androidx.room_room-compiler-plugin"],

    plugins: ["androidx.room_room-compiler-plugin"],

    use_resource_processor: true,

    use_resource_processor: true,

import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;

import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;

import android.app.admin.DevicePolicyIdentifiers;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyManager;

import android.app.admin.EnforcingAdmin;

import android.app.admin.EnforcingAdmin;

import android.app.admin.PolicyEnforcementInfo;

import android.app.admin.UnknownAuthority;

import android.app.admin.UnknownAuthority;

import android.app.admin.flags.Flags;

import android.app.admin.flags.Flags;

import android.content.Context;

import android.content.Context;

 * by device admins via user restrictions.

 * by device admins via user restrictions.

 */

 */

public class RestrictedPreferenceHelper {

public class RestrictedPreferenceHelper {

    /**

     * Represents a restriction that a RestrictedPreference tracks. A restriction can either

     * be a user restriction represented by a constant from {@link android.os.UserManager} or

     * a policy represented by a constant from {@link DevicePolicyIdentifiers}.

     */

    private static class Restriction {

        private final String mRestriction;

        private final boolean mIsUserRestriction;

        private Restriction(String restriction, boolean isUserRestriction) {

            mRestriction = restriction;

            mIsUserRestriction = isUserRestriction;

        }

        /**

         * Creates a user restriction. {@code userRestriction} must be a user restriction

         * constant from {@link android.os.UserManager}.

         */

        static Restriction ofUserRestriction(@NonNull String userRestriction) {

            return new Restriction(userRestriction, /* isUserRestriction= */true);

        }

        /**

         * Creates a restriction that represents an admin policy. {@code policyIdentifier} must be a

         * constant from {@link DevicePolicyIdentifiers}.

         */

        static Restriction ofPolicyIdentifier(@NonNull String policyIdentifier) {

            return new Restriction(policyIdentifier, /* isUserRestriction= */false);

        }

        String getRestriction() {

            return mRestriction;

        }

        boolean isUserRestriction() {

            return mIsUserRestriction;

        }

        /**

         * Returns the device policy identifier of the restriction.

         */

        String getDevicePolicyIdentifier() {

            if (mIsUserRestriction) {

                return DevicePolicyIdentifiers.getIdentifierForUserRestriction(mRestriction);

            }

            return mRestriction;

        }

    }

    private static final String TAG = "RestrictedPreferenceHelper";

    private static final String TAG = "RestrictedPreferenceHelper";

    private static final String REASON_PHONE_STATE = "phone_state";

    private static final String REASON_PHONE_STATE = "phone_state";

    // TODO(b/414733570): Remove when feature is enabled and all calls have moved to use

    // TODO(b/414733570): Remove when feature is enabled and all calls have moved to use

    //  mEnforcingAdmin.

    //  mEnforcingAdmin.

    EnforcedAdmin mEnforcedAdmin;

    EnforcedAdmin mEnforcedAdmin;

    private String mAttrUserRestriction = null;

    private Restriction mRestriction = null;

    private boolean mDisabledSummary = false;

    private boolean mDisabledSummary = false;

    private boolean mDisabledByEcm;

    private boolean mDisabledByEcm;

                    data = userRestriction.string;

                    data = userRestriction.string;

                }

                }

            }

            }

            mAttrUserRestriction = data == null ? null : data.toString();

            if (data == null) {

            // If the system has set the user restriction, then we shouldn't add the padlock.

            if (RestrictedLockUtilsInternal.hasBaseUserRestriction(mContext, mAttrUserRestriction,

                    UserHandle.myUserId())) {

                mAttrUserRestriction = null;

                return;

                return;

            }

            }

            if (!hasBaseUserRestriction(data.toString())) {

                mRestriction = Restriction.ofUserRestriction(data.toString());

            }

            final TypedValue useAdminDisabledSummary =

            final TypedValue useAdminDisabledSummary =

                    attributes.peekValue(R.styleable.RestrictedPreference_useAdminDisabledSummary);

                    attributes.peekValue(R.styleable.RestrictedPreference_useAdminDisabledSummary);

    public boolean isRestrictionEnforcedByAdvancedProtection() {

    public boolean isRestrictionEnforcedByAdvancedProtection() {

        if (Flags.policyTransparencyRefactorEnabled()) {

        if (Flags.policyTransparencyRefactorEnabled()) {

            if (mRestriction == null) {

                return false;

            }

            return mEnforcingAdmin != null

            return mEnforcingAdmin != null

                    && RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(mContext,

                    && RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(mContext,

                    // When the feature is enabled and we're using mEnforcingAdmin, the user

                    // When the feature is enabled and we're using mEnforcingAdmin, the user

                    // restriction is always stored on mAttrUserRestriction.

                    // restriction is always stored on mRestriction.

                    mAttrUserRestriction, UserHandle.myUserId());

                    mRestriction.getRestriction(), UserHandle.myUserId());

        } else {

        } else {

            return mEnforcedAdmin != null

            return mEnforcedAdmin != null

                    && RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(mContext,

                    && RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(mContext,

    }

    }

    /**

    /**

     * Configures the user restriction that this preference will track. This is equivalent to

     * Configures the user restriction that this preference will track and updates the disabled

     * specifying {@link R.styleable#RestrictedPreference_userRestriction} in XML and allows

     * state. This is equivalent to specifying

     * configuring user restriction at runtime.

     * {@link R.styleable#RestrictedPreference_userRestriction} in XML and allows

     * configuring user restriction at runtime. Note that this will overwrite the policy value if

     * it's set previously set by {@link #setAdminPolicyRestriction(String)}.

     */

     */

    public void setUserRestriction(@Nullable String userRestriction) {

    public void setUserRestriction(@Nullable String userRestriction) {

        mAttrUserRestriction = userRestriction == null ||

        if (Flags.policyTransparencyRefactorEnabled()) {

                RestrictedLockUtilsInternal.hasBaseUserRestriction(mContext, userRestriction,

            if (userRestriction == null) {

                        UserHandle.myUserId()) ? null : userRestriction;

                return;

            }

            // We don't need to check for base restriction here because {@link

            // checkAdminRestrictionEnforced} method considers it.

            mRestriction = Restriction.ofUserRestriction(userRestriction);

            setDisabledByEnforcingAdmin(checkAdminRestrictionEnforced());

            return;

        }

        mRestriction =

                userRestriction == null || RestrictedLockUtilsInternal.hasBaseUserRestriction(

                        mContext, userRestriction, UserHandle.myUserId()) ? null

                        : Restriction.ofUserRestriction(userRestriction);

        setDisabledByAdmin(checkRestrictionEnforced());

    }

    /**

     * Configures the admin policy that this preference will track and updates the disabled state.

     * This option is for setting the policy identifier. For user restrictions, see

     * {@link #setUserRestriction(String)}. Note that setting this value will overwrite the user

     * restriction value that was previously set.

     */

    public void setAdminPolicyRestriction(@NonNull String adminPolicyIdentifier) {

        Objects.requireNonNull(adminPolicyIdentifier);

        mRestriction = Restriction.ofPolicyIdentifier(adminPolicyIdentifier);

        if (Flags.policyTransparencyRefactorEnabled()) {

            setDisabledByEnforcingAdmin(checkAdminRestrictionEnforced());

            return;

        }

        setDisabledByAdmin(checkRestrictionEnforced());

        setDisabledByAdmin(checkRestrictionEnforced());

    }

    }

    @SuppressWarnings("NewApi")

    @SuppressWarnings("NewApi")

    public boolean performClick() {

    public boolean performClick() {

        if (mDisabledByAdmin) {

        if (mDisabledByAdmin) {

            if (Flags.policyTransparencyRefactorEnabled()) {

            if (Flags.policyTransparencyRefactorEnabled() && mRestriction != null) {

                RestrictedLockUtils.sendShowAdminSupportDetailsIntent(

                RestrictedLockUtils.sendShowAdminSupportDetailsIntent(

                        mContext, mEnforcingAdmin, mAttrUserRestriction);

                        mContext, mEnforcingAdmin, mRestriction.getRestriction());

            } else {

            } else {

                RestrictedLockUtils.sendShowAdminSupportDetailsIntent(mContext, mEnforcedAdmin);

                RestrictedLockUtils.sendShowAdminSupportDetailsIntent(mContext, mEnforcedAdmin);

            }

            }

     * Disable / enable if we have been passed the restriction in the xml.

     * Disable / enable if we have been passed the restriction in the xml.

     */

     */

    public void onAttachedToHierarchy() {

    public void onAttachedToHierarchy() {

        if (mAttrUserRestriction != null) {

        // mRestriction will be set as a user restriction if it's passed in xml.

            checkRestrictionAndSetDisabled(mAttrUserRestriction, UserHandle.myUserId());

        if (mRestriction != null && mRestriction.isUserRestriction()) {

            checkRestrictionAndSetDisabled(mRestriction.getRestriction(), UserHandle.myUserId());

        }

        }

    }

    }

    /**

    /**

     * Set the user restriction that is used to disable this preference.

     * Checks if the user restriction is enforced by the admin and updates the disabled state.

     *

     *

     * @param userRestriction constant from {@link android.os.UserManager}

     * @param userRestriction constant from {@link android.os.UserManager}

     * @param userId user to check the restriction for.

     * @param userId user to check the restriction for.

     */

     */

    public void checkRestrictionAndSetDisabled(String userRestriction, int userId) {

    public void checkRestrictionAndSetDisabled(@NonNull String userRestriction, int userId) {

        Objects.requireNonNull(userRestriction);

        if (Flags.policyTransparencyRefactorEnabled()) {

            setDisabledByEnforcingAdmin(

                    checkAdminRestrictionEnforced(Restriction.ofUserRestriction(userRestriction),

                            userId));

            return;

        }

        EnforcedAdmin admin = RestrictedLockUtilsInternal.checkIfRestrictionEnforced(mContext,

        EnforcedAdmin admin = RestrictedLockUtilsInternal.checkIfRestrictionEnforced(mContext,

                userRestriction, userId);

                userRestriction, userId);

        setDisabledByAdmin(admin);

        setDisabledByAdmin(admin);

    }

    }

    /**

     * Checks if the admin policy is enforced by the admin and updates the disabled state.

     *

     * @param policyIdentifier constant from {@link DevicePolicyIdentifiers}

     * @param userId user to check the policy for.

     */

    public void checkPolicyAndSetDisabled(@NonNull String policyIdentifier, int userId) {

        Objects.requireNonNull(policyIdentifier);

        setDisabledByEnforcingAdmin(

                checkAdminRestrictionEnforced(Restriction.ofPolicyIdentifier(policyIdentifier),

                        userId));

    }

    /**

    /**

     * Checks if the given setting is subject to Enhanced Confirmation Mode restrictions for this

     * Checks if the given setting is subject to Enhanced Confirmation Mode restrictions for this

     * package. Marks the preference as disabled if so.

     * package. Marks the preference as disabled if so.

     * @return EnforcedAdmin if we have been passed the restriction in the xml.

     * @return EnforcedAdmin if we have been passed the restriction in the xml.

     */

     */

    public EnforcedAdmin checkRestrictionEnforced() {

    public EnforcedAdmin checkRestrictionEnforced() {

        if (mAttrUserRestriction == null) {

        if (mRestriction == null) {

            return null;

            return null;

        }

        }

        if (Flags.policyTransparencyRefactorEnabled()) {

            // Use new DPM API if the flag is enabled.

            EnforcingAdmin enforcingAdmin = checkAdminRestrictionEnforced();

            if (enforcingAdmin == null) {

                return null;

            }

            return new EnforcedAdmin(enforcingAdmin.getComponentName(),

                    mRestriction.getRestriction(), enforcingAdmin.getUserHandle());

        }

        return RestrictedLockUtilsInternal.checkIfRestrictionEnforced(mContext,

        return RestrictedLockUtilsInternal.checkIfRestrictionEnforced(mContext,

                mAttrUserRestriction, UserHandle.myUserId());

                mRestriction.getRestriction(), UserHandle.myUserId());

    }

    /**

     * Checks if the restriction represented by this preference is enforced by an admin on the

     * current running user and returns that admin. If not, returns null. The restriction should be

     * set by {@link #setUserRestriction(String)} or {@link #setAdminPolicyRestriction(String)} or

     * through XML attribute {@link R.styleable#RestrictedPreference_userRestriction} before calling

     * this.

     */

    @Nullable

    public EnforcingAdmin checkAdminRestrictionEnforced() {

        if (mRestriction == null) {

            return null;

        }

        return checkAdminRestrictionEnforced(mRestriction, UserHandle.myUserId());

    }

    private EnforcingAdmin checkAdminRestrictionEnforced(Restriction restriction, int userId) {

        final DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);

        if (dpm == null) {

            return null;

        }

        PolicyEnforcementInfo policyEnforcementInfo = dpm.getEnforcingAdminsForPolicy(

                restriction.getDevicePolicyIdentifier(),

                userId);

        // Don't set it disabled by admin if only system is enforcing a restriction.

        if (policyEnforcementInfo.isOnlyEnforcedBySystem()) {

            return null;

        }

        return policyEnforcementInfo.getMostImportantEnforcingAdmin();

    }

    }

    /**

    /**

            EnforcingAdmin enforcingAdmin = getEnforcingAdminFromEnforcedAdmin(admin);

            EnforcingAdmin enforcingAdmin = getEnforcingAdminFromEnforcedAdmin(admin);

            // Ensure that mAttrUserRestriction is set to the value passed in admin if it's unset.

            // Ensure that mAttrUserRestriction is set to the value passed in admin if it's unset.

            // If it's already set, we don't need to update the value.

            // If it's already set, we don't need to update the value.

            if (admin != null && mAttrUserRestriction == null) {

            if (admin != null && mRestriction == null) {

                mAttrUserRestriction = admin.enforcedRestriction;

                mRestriction = Restriction.ofUserRestriction(admin.enforcedRestriction);

            }

            }

            return setDisabledByEnforcingAdmin(enforcingAdmin);

            return setDisabledByEnforcingAdmin(enforcingAdmin);

        }

        }

     *

     *

     * @param admin details of the admin who enforced the restriction. If it is {@code null}, then

     * @param admin details of the admin who enforced the restriction. If it is {@code null}, then

     *              this preference will be enabled. Otherwise, it will be disabled. Only gray out

     *              this preference will be enabled. Otherwise, it will be disabled. Only gray out

     *              the

     *              the preference which is not {@link RestrictedTopLevelPreference}.

     *              preference which is not {@link RestrictedTopLevelPreference}.

     * @return true if the disabled state was changed.

     * @return true if the disabled state was changed.

     */

     */

    public boolean setDisabledByEnforcingAdmin(@Nullable EnforcingAdmin admin) {

    public boolean setDisabledByEnforcingAdmin(@Nullable EnforcingAdmin admin) {

                admin.user == null ? UserHandle.of(UserHandle.myUserId()) : admin.user,

                admin.user == null ? UserHandle.of(UserHandle.myUserId()) : admin.user,

                admin.component);

                admin.component);

    }

    }

    private boolean hasBaseUserRestriction(String userRestriction) {

        if (Flags.policyTransparencyRefactorEnabled()) {

            DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);

            if (dpm == null) {

                return false;

            }

            PolicyEnforcementInfo policyEnforcementInfo = dpm.getEnforcingAdminsForPolicy(

                    DevicePolicyIdentifiers.getIdentifierForUserRestriction(userRestriction),

                            UserHandle.myUserId());

            return policyEnforcementInfo.isOnlyEnforcedBySystem();

        }

        return RestrictedLockUtilsInternal.hasBaseUserRestriction(mContext, userRestriction,

                UserHandle.myUserId());

    }

}

}

        "androidx.fragment_fragment",

        "androidx.fragment_fragment",

        "androidx.test.core",

        "androidx.test.core",

        "androidx.test.ext.junit",

        "androidx.test.ext.junit",

        "device_policy_aconfig_flags_lib",

        "flag-junit",

        "flag-junit",

        "kotlinx_coroutines_test",

        "kotlinx_coroutines_test",

        "mockito-robolectric-prebuilt", // mockito deps order matters

        "mockito-robolectric-prebuilt", // mockito deps order matters

import android.app.admin.Authority;

import android.app.admin.Authority;

import android.app.admin.DeviceAdminAuthority;

import android.app.admin.DeviceAdminAuthority;

import android.app.admin.DevicePolicyIdentifiers;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyResourcesManager;

import android.app.admin.DevicePolicyResourcesManager;

import android.app.admin.DpcAuthority;

import android.app.admin.DpcAuthority;

import android.app.admin.EnforcingAdmin;

import android.app.admin.EnforcingAdmin;

import android.app.admin.PolicyEnforcementInfo;

import android.app.admin.RoleAuthority;

import android.app.admin.RoleAuthority;

import android.app.admin.SystemAuthority;

import android.app.admin.SystemAuthority;

import android.app.admin.UnknownAuthority;

import android.app.admin.UnknownAuthority;

        assertThat(mHelper.isRestrictionEnforcedByAdvancedProtection()).isTrue();

        assertThat(mHelper.isRestrictionEnforcedByAdvancedProtection()).isTrue();

    }

    }

    @EnableFlags(Flags.FLAG_POLICY_TRANSPARENCY_REFACTOR_ENABLED)

    @Test

    public void checkRestrictionAndSetDisabled_policyTransparencyRefactorEnabled_disabledByAdmin() {

        final String restriction = "restriction";

        final PolicyEnforcementInfo policyEnforcementInfo = new PolicyEnforcementInfo(

                List.of(new EnforcingAdmin(mPackage, DpcAuthority.DPC_AUTHORITY,

                        UserHandle.SYSTEM)));

        when(mDevicePolicyManager.getEnforcingAdminsForPolicy(

                DevicePolicyIdentifiers.getIdentifierForUserRestriction(restriction),

                UserHandle.myUserId())).thenReturn(

                policyEnforcementInfo);

        mHelper.checkRestrictionAndSetDisabled(restriction, UserHandle.myUserId());

        assertThat(mHelper.isDisabledByAdmin()).isTrue();

    }

    @EnableFlags(Flags.FLAG_POLICY_TRANSPARENCY_REFACTOR_ENABLED)

    @Test

    public void checkAdminRestrictionEnforced_userRestriction_disabledByAdmin() {

        final String restriction = "restriction";

        final EnforcingAdmin admin = new EnforcingAdmin(mPackage, DpcAuthority.DPC_AUTHORITY,

                UserHandle.SYSTEM);

        final PolicyEnforcementInfo policyEnforcementInfo = new PolicyEnforcementInfo(

                List.of(admin));

        when(mDevicePolicyManager.getEnforcingAdminsForPolicy(

                DevicePolicyIdentifiers.getIdentifierForUserRestriction(restriction),

                UserHandle.myUserId())).thenReturn(

                policyEnforcementInfo);

        mHelper.setUserRestriction(restriction);

        assertThat(mHelper.checkAdminRestrictionEnforced()).isEqualTo(admin);

        assertThat(mHelper.isDisabledByAdmin()).isTrue();

    }

    @EnableFlags(Flags.FLAG_POLICY_TRANSPARENCY_REFACTOR_ENABLED)

    @Test

    public void checkAdminRestrictionEnforced_adminPolicy_disabledByAdmin() {

        final String restriction = "restriction";

        final EnforcingAdmin admin = new EnforcingAdmin(mPackage, DpcAuthority.DPC_AUTHORITY,

                UserHandle.SYSTEM);

        final PolicyEnforcementInfo policyEnforcementInfo = new PolicyEnforcementInfo(

                List.of(admin));

        when(mDevicePolicyManager.getEnforcingAdminsForPolicy(restriction,

                UserHandle.myUserId())).thenReturn(policyEnforcementInfo);

        mHelper.setAdminPolicyRestriction(restriction);

        assertThat(mHelper.checkAdminRestrictionEnforced()).isEqualTo(admin);

        assertThat(mHelper.isDisabledByAdmin()).isTrue();

    }

    @EnableFlags(Flags.FLAG_POLICY_TRANSPARENCY_REFACTOR_ENABLED)

    @Test

    public void checkRestrictionEnforced_userRestriction_disabledByAdmin() {

        final String restriction = "restriction";

        final EnforcingAdmin admin = new EnforcingAdmin(mPackage, DpcAuthority.DPC_AUTHORITY,

                UserHandle.SYSTEM, mAdmin);

        final PolicyEnforcementInfo policyEnforcementInfo = new PolicyEnforcementInfo(

                List.of(admin));

        when(mDevicePolicyManager.getEnforcingAdminsForPolicy(

                DevicePolicyIdentifiers.getIdentifierForUserRestriction(restriction),

                UserHandle.myUserId())).thenReturn(

                policyEnforcementInfo);

        mHelper.setUserRestriction(restriction);

        RestrictedLockUtils.EnforcedAdmin expectedAdmin = new RestrictedLockUtils.EnforcedAdmin(

                mAdmin, restriction, UserHandle.of(UserHandle.myUserId()));

        assertThat(mHelper.checkRestrictionEnforced()).isEqualTo(expectedAdmin);

        assertThat(mHelper.isDisabledByAdmin()).isTrue();

    }

    @EnableFlags(Flags.FLAG_POLICY_TRANSPARENCY_REFACTOR_ENABLED)

    @Test

    public void checkRestrictionEnforced_adminPolicy_disabledByAdmin() {

        final String restriction = "restriction";

        final EnforcingAdmin admin = new EnforcingAdmin(mPackage, DpcAuthority.DPC_AUTHORITY,

                UserHandle.SYSTEM, mAdmin);

        final PolicyEnforcementInfo policyEnforcementInfo = new PolicyEnforcementInfo(

                List.of(admin));

        when(mDevicePolicyManager.getEnforcingAdminsForPolicy(

                restriction,

                UserHandle.myUserId())).thenReturn(

                policyEnforcementInfo);

        mHelper.setAdminPolicyRestriction(restriction);

        RestrictedLockUtils.EnforcedAdmin expectedAdmin = new RestrictedLockUtils.EnforcedAdmin(

                mAdmin, restriction, UserHandle.of(UserHandle.myUserId()));

        assertThat(mHelper.checkRestrictionEnforced()).isEqualTo(expectedAdmin);

        assertThat(mHelper.isDisabledByAdmin()).isTrue();

    }

    @EnableFlags(Flags.FLAG_POLICY_TRANSPARENCY_REFACTOR_ENABLED)

    @Test

    public void checkPolicyAndSetDisabled_disabledByAdmin() {

        final String restriction = "restriction";

        final PolicyEnforcementInfo policyEnforcementInfo = new PolicyEnforcementInfo(

                List.of(new EnforcingAdmin(mPackage, DpcAuthority.DPC_AUTHORITY,

                        UserHandle.SYSTEM)));

        when(mDevicePolicyManager.getEnforcingAdminsForPolicy(restriction,

                UserHandle.myUserId())).thenReturn(policyEnforcementInfo);

        mHelper.checkPolicyAndSetDisabled(restriction, UserHandle.myUserId());

        assertThat(mHelper.isDisabledByAdmin()).isTrue();

    }

}

}