Merge cherrypicks of ['googleplex-android-review.googlesource.com/35833850',...

            mAbortInstall = true;

        }

        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. the installation is not triggered via ACTION_VIEW or ACTION_INSTALL_PACKAGE

        // 2. the value of the Intent.EXTRA_NOT_UNKNOWN_SOURCE is TRUE and the caller is

        //    a privileged app

        final boolean isIntentInstall =

                Intent.ACTION_VIEW.equals(intentAction)

                        || Intent.ACTION_INSTALL_PACKAGE.equals(intentAction);

        final boolean bypassUnknownSourceRestrictions = !isIntentInstall || isPrivilegedAndKnown;

        checkDevicePolicyRestrictions(bypassUnknownSourceRestrictions);

        checkDevicePolicyRestrictions(isTrustedSource);

        final String installerPackageNameFromIntent = getIntent().getStringExtra(

                Intent.EXTRA_INSTALLER_PACKAGE_NAME);

        return callingUid == installerUid;

    }

    private void checkDevicePolicyRestrictions(boolean bypassUnknownSourceRestrictions) {

    private void checkDevicePolicyRestrictions(boolean isTrustedSource) {

        String[] restrictions;

        if (bypassUnknownSourceRestrictions) {

        if(isTrustedSource) {

            restrictions = new String[] { UserManager.DISALLOW_INSTALL_APPS };

        } else {

            restrictions =  new String[] {

            return InstallAborted(ABORT_REASON_INTERNAL_ERROR)

        }

        val isPrivilegedAndKnown = sourceInfo != null && sourceInfo.isPrivilegedApp &&

                intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)

        val isInstallPkgPermissionGranted = originatingUid != Process.INVALID_UID &&

                isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, originatingUid)

        isTrustedSource = isPrivilegedAndKnown || isInstallPkgPermissionGranted

        isTrustedSource = isInstallRequestFromTrustedSource(sourceInfo, this.intent, originatingUid)

        // In general case, the originatingUid is callingUid. If callingUid is INVALID_UID, return

        // InstallAborted in the check above. When the originatingUid is INVALID_UID here, it means

        // the originatingUid is from the system download manager or the system documents manager,

            return InstallAborted(ABORT_REASON_INTERNAL_ERROR)

        }

        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. the installation is not triggered via ACTION_VIEW or ACTION_INSTALL_PACKAGE

        // 2. the value of the Intent.EXTRA_NOT_UNKNOWN_SOURCE is TRUE and the caller is

        //    a privileged app

        val isIntentInstall =

            Intent.ACTION_VIEW == intent.action

                    || Intent.ACTION_INSTALL_PACKAGE == intent.action

        val bypassUnknownSourceRestrictions = !isIntentInstall || isPrivilegedAndKnown

        val restriction = getDevicePolicyRestrictions(bypassUnknownSourceRestrictions)

        val restriction = getDevicePolicyRestrictions(isTrustedSource)

        if (restriction != null) {

            val adminSupportDetailsIntent =

                devicePolicyManager!!.createAdminSupportIntent(restriction)

        }

    }

    private fun getDevicePolicyRestrictions(bypassUnknownSourceRestrictions: Boolean): String? {

        val restrictions: Array<String> = if (bypassUnknownSourceRestrictions) {

    private fun isInstallRequestFromTrustedSource(

        sourceInfo: ApplicationInfo?,

        intent: Intent,

        callingUid: Int,

    ): Boolean {

        val isPrivilegedAndKnown = sourceInfo != null && sourceInfo.isPrivilegedApp &&

            intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)

        val isInstallPkgPermissionGranted = callingUid != Process.INVALID_UID

                && isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, callingUid)

        return isPrivilegedAndKnown || isInstallPkgPermissionGranted

    }

    private fun getDevicePolicyRestrictions(isTrustedSource: Boolean): String? {

        val restrictions: Array<String> = if (isTrustedSource) {

            arrayOf(UserManager.DISALLOW_INSTALL_APPS)

        } else {

            arrayOf(

        val v = holder.itemView

        val drawableStateLayout = holder.itemView as? DrawableStateLayout

        if (drawableStateLayout != null && mItemPositionStates[position] != 0) {

            if (v.background == null) {

                // Make sure the stateful drawable is set for expressive UI

                v.setBackgroundResource(R.drawable.settingslib_round_background_stateful)

            }

            val background = v.background

            if (background != null) {

                val backgroundPadding = Rect()

import com.android.systemui.res.R.string.kg_too_many_failed_attempts_countdown

import com.android.systemui.res.R.string.kg_trust_agent_disabled

import com.android.systemui.securelockdevice.data.repository.fakeSecureLockDeviceRepository

import com.android.systemui.securelockdevice.domain.interactor.secureLockDeviceInteractor

import com.android.systemui.testKosmos

import com.android.systemui.user.data.repository.fakeUserRepository

import com.android.systemui.util.mockito.KotlinArgumentCaptor

    suspend fun TestScope.init(

        faceAuthCurrentlyAllowed: Boolean = false,

        faceAuthEnrolledAndEnabled: Boolean = false,

        hasStrongFace: Boolean = true,

        hasStrongFace: Boolean = false,

        fingerprintAuthCurrentlyAllowed: Boolean = true,

        fingerprintAuthEnrolledAndEnabled: Boolean = true,

        secureLockDeviceEnabled: Boolean? = null,

        }

        kosmos.fakeKeyguardBouncerRepository.setPrimaryShow(true)

        runCurrent()

        if (secureLockDeviceEnabled == true) {

            val hasFingerprint by collectLastValue(kosmos.secureLockDeviceInteractor.hasFingerprint)

            val hasFace by collectLastValue(kosmos.secureLockDeviceInteractor.hasFace)

            runCurrent()

            if (fingerprintAuthEnrolledAndEnabled) {

                assertThat(hasFingerprint).isTrue()

            }

            if (hasStrongFace) {

                assertThat(hasFace).isTrue()

            }

        }

    }

    @Test

            init(

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                fingerprintAuthCurrentlyAllowed = false,

                fingerprintAuthEnrolledAndEnabled = false,

                secureLockDeviceEnabled = true,

            init(

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                fingerprintAuthCurrentlyAllowed = true,

                fingerprintAuthEnrolledAndEnabled = true,

                secureLockDeviceEnabled = true,

            init(

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                secureLockDeviceEnabled = true,

                secureLockDeviceBiometricAuthActive = true,

            )

            init(

                faceAuthEnrolledAndEnabled = true,

                faceAuthCurrentlyAllowed = false,

                hasStrongFace = true,

                secureLockDeviceEnabled = true,

                secureLockDeviceBiometricAuthActive = false,

            )

    @Test

    fun onFaceLockout_whenItIsClass3_propagatesState() =

        testScope.runTest {

            init(faceAuthEnrolledAndEnabled = true)

            init(

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                fingerprintAuthCurrentlyAllowed = true,

                fingerprintAuthEnrolledAndEnabled = true,

            )

            val lockoutMessage by collectLastValue(underTest.bouncerMessage)

            kosmos.fakeDeviceEntryFaceAuthRepository.setLockedOut(true)

            runCurrent()

                fingerprintAuthEnrolledAndEnabled = false,

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                secureLockDeviceEnabled = true,

                secureLockDeviceBiometricAuthActive = true,

            )

                fingerprintAuthEnrolledAndEnabled = false,

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                secureLockDeviceEnabled = true,

                secureLockDeviceBiometricAuthActive = true,

            )

                fingerprintAuthEnrolledAndEnabled = false,

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                secureLockDeviceEnabled = true,

                secureLockDeviceBiometricAuthActive = true,

            )

                fingerprintAuthEnrolledAndEnabled = true,

                faceAuthCurrentlyAllowed = true,

                faceAuthEnrolledAndEnabled = true,

                hasStrongFace = true,

                secureLockDeviceEnabled = true,

                secureLockDeviceBiometricAuthActive = true,

            )

            secureLockDeviceRepository: SecureLockDeviceRepository,

            biometricSettingsInteractor: DeviceEntryBiometricSettingsInteractor,

            deviceEntryFaceAuthInteractor: SystemUIDeviceEntryFaceAuthInteractor,

            fingerprintPropertyInteractor: FingerprintPropertyInteractor,

            fingerprintPropertyInteractor: Lazy<FingerprintPropertyInteractor>,

            facePropertyInteractor: FacePropertyInteractor,

            lockPatternUtils: LockPatternUtils,

            authenticationPolicyManager: AuthenticationPolicyManager?,