Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 47e66580 authored by Azhara Assanova's avatar Azhara Assanova
Browse files

[AAPM] Update ActionDisabledByAdminDialog and ExternalSourcesDetails strings 

The new advanced protection support intent will be launched by the
existing ActionDisabledByAdminDialog if the enforcing admin of a certain
restriction is advanced protection. To determine that, Change-Id
If931dcddad508f88aac1280b587da4767b937875 introduces an API to query the
enforcing admin.

In addition, this change updates ExternalSourcesDetails to display
a disabled by advanced protection string in the preference summary.

Tests will be written in a follow up change.

Bug: 358229113
Bug: 369361373
Test: manual
Test: atest ActionDisabledByAdminDialogTest
Test: atest ExternalSourcesDetailsTest
Test: atest LocationInjectedServicesPreferenceControllerTest
Flag: android.security.aapm_api
Flag: android.security.aapm_feature_disable_install_unknown_sources
Change-Id: Icedef421d65f7ccde6562734e39a87d4458567ff
parent e1573f84

Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -134,6 +134,7 @@ android_library { 
        "aconfig_settings_flags",

        "android.app.flags-aconfig",

        "android.provider.flags-aconfig",

        "android.security.flags-aconfig",

    ],

}

src/com/android/settings/applications/appinfo/ExternalSourcesDetails.java

+33 −11
Original line number Diff line number Diff line
@@ -17,6 +17,8 @@ package com.android.settings.applications.appinfo; 


import static android.app.Activity.RESULT_CANCELED;

import static android.app.Activity.RESULT_OK;

import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES;

import static android.os.UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY;



import android.app.AppOpsManager;

import android.app.settings.SettingsEnums;
@@ -34,6 +36,7 @@ import com.android.settings.Settings; 
import com.android.settings.applications.AppInfoWithHeader;

import com.android.settings.applications.AppStateInstallAppsBridge;

import com.android.settings.applications.AppStateInstallAppsBridge.InstallAppsState;

import com.android.settingslib.RestrictedLockUtilsInternal;

import com.android.settingslib.RestrictedSwitchPreference;

import com.android.settingslib.applications.ApplicationsState.AppEntry;
@@ -82,16 +85,35 @@ public class ExternalSourcesDetails extends AppInfoWithHeader 
    public static CharSequence getPreferenceSummary(Context context, AppEntry entry) {

        final UserHandle userHandle = UserHandle.getUserHandleForUid(entry.info.uid);

        final UserManager um = UserManager.get(context);

        if (android.security.Flags.aapmFeatureDisableInstallUnknownSources()) {

            if (um.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) {

                return context.getString(com.android.settingslib.R.string.disabled);

            } else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)) {

                return context.getString(

                        com.android.settingslib.widget.restricted.R.string.disabled_by_admin);

            } else if (um.hasUserRestrictionForUser(DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,

                    userHandle)) {

                if (RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(context,

                        DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle.getIdentifier())) {

                    return context.getString(com.android.settingslib.widget.restricted

                            .R.string.disabled_by_advanced_protection);

                } else {

                    return context.getString(

                            com.android.settingslib.widget.restricted.R.string.disabled_by_admin);

                }

            }

        } else {

            final int userRestrictionSource = um.getUserRestrictionSource(

                UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)

                    DISALLOW_INSTALL_UNKNOWN_SOURCES, userHandle)

                    | um.getUserRestrictionSource(

                        UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,

                        userHandle);

                            UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, userHandle);

            if ((userRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {

            return context.getString(com.android.settingslib.widget.restricted.R.string.disabled_by_admin);

                return context.getString(

                        com.android.settingslib.widget.restricted.R.string.disabled_by_admin);

            } else if (userRestrictionSource != 0) {

                return context.getString(com.android.settingslib.R.string.disabled);

            }

        }

        final InstallAppsState appsState = new AppStateInstallAppsBridge(context, null, null)

                .createInstallAppsStateFor(entry.info.packageName, entry.info.uid);

        return context.getString(appsState.canInstallApps()
@@ -110,14 +132,14 @@ public class ExternalSourcesDetails extends AppInfoWithHeader 
        if (mPackageInfo == null || mPackageInfo.applicationInfo == null) {

            return false;

        }

        if (mUserManager.hasBaseUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,

        if (mUserManager.hasBaseUserRestriction(DISALLOW_INSTALL_UNKNOWN_SOURCES,

                UserHandle.of(UserHandle.myUserId()))) {

            mSwitchPref.setChecked(false);

            mSwitchPref.setSummary(com.android.settingslib.R.string.disabled);

            mSwitchPref.setEnabled(false);

            return true;

        }

        mSwitchPref.checkRestrictionAndSetDisabled(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);

        mSwitchPref.checkRestrictionAndSetDisabled(DISALLOW_INSTALL_UNKNOWN_SOURCES);

        if (!mSwitchPref.isDisabledByAdmin()) {

            mSwitchPref.checkRestrictionAndSetDisabled(

                    UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY);

src/com/android/settings/enterprise/ActionDisabledByAdminDialog.java

+50 −14
Original line number Diff line number Diff line
@@ -16,12 +16,18 @@ 


package com.android.settings.enterprise;



import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY;



import android.app.Activity;

import android.app.admin.DevicePolicyManager;

import android.app.admin.EnforcingAdmin;

import android.app.admin.UnknownAuthority;

import android.content.ComponentName;

import android.content.DialogInterface;

import android.content.Intent;

import android.os.Bundle;

import android.os.UserHandle;

import android.security.advancedprotection.AdvancedProtectionManager;



import com.android.settingslib.RestrictedLockUtils;

import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
@@ -53,37 +59,67 @@ public class ActionDisabledByAdminDialog extends Activity 


    @androidx.annotation.VisibleForTesting

    EnforcedAdmin getAdminDetailsFromIntent(Intent intent) {

        final EnforcedAdmin admin = new EnforcedAdmin(null, UserHandle.of(UserHandle.myUserId()));

        final EnforcedAdmin enforcedAdmin = new EnforcedAdmin(null, UserHandle.of(

                UserHandle.myUserId()));

        if (intent == null) {

            return admin;

            return enforcedAdmin;

        }

        admin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN);

        enforcedAdmin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,

                ComponentName.class);

        int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());



        Bundle adminDetails = null;

        if (admin.component == null) {

            DevicePolicyManager devicePolicyManager = getSystemService(DevicePolicyManager.class);

            adminDetails = devicePolicyManager.getEnforcingAdminAndUserDetails(userId,

                    getRestrictionFromIntent(intent));

        if (enforcedAdmin.component == null) {

            DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class);

            final String restriction = getRestrictionFromIntent(intent);

            if (android.security.Flags.aapmApi() && dpm != null && restriction != null) {

                // TODO(b/381025131): Move advanced protection logic to DevicePolicyManager or

                //  elsewhere.

                launchAdvancedProtectionDialogOrTryToSetAdminComponent(dpm, userId, restriction,

                        enforcedAdmin);

            } else {

                adminDetails = dpm.getEnforcingAdminAndUserDetails(userId, restriction);

                if (adminDetails != null) {

                admin.component = adminDetails.getParcelable(

                        DevicePolicyManager.EXTRA_DEVICE_ADMIN);

                    enforcedAdmin.component = adminDetails.getParcelable(

                            DevicePolicyManager.EXTRA_DEVICE_ADMIN, ComponentName.class);

                }

            }

        }



        if (intent.hasExtra(Intent.EXTRA_USER)) {

            admin.user = intent.getParcelableExtra(Intent.EXTRA_USER);

            enforcedAdmin.user = intent.getParcelableExtra(Intent.EXTRA_USER, UserHandle.class);

        } else {

            if (adminDetails != null) {

                userId = adminDetails.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId());

            }

            if (userId == UserHandle.USER_NULL) {

                admin.user = null;

                enforcedAdmin.user = null;

            } else {

                admin.user = UserHandle.of(userId);

                enforcedAdmin.user = UserHandle.of(userId);

            }

        }

        return enforcedAdmin;

    }



    private void launchAdvancedProtectionDialogOrTryToSetAdminComponent(DevicePolicyManager dpm,

            int userId, String restriction, EnforcedAdmin enforcedAdmin) {

        EnforcingAdmin enforcingAdmin = dpm.getEnforcingAdmin(userId, restriction);

        if (enforcingAdmin == null) {

            return;

        }

        if (enforcingAdmin.getAuthority() instanceof UnknownAuthority authority

                && ADVANCED_PROTECTION_SYSTEM_ENTITY.equals(authority.getName())) {

            AdvancedProtectionManager apm = getSystemService(AdvancedProtectionManager.class);

            if (apm == null) {

                return;

            }

            Intent apmSupportIntent = apm.createSupportIntentForPolicyIdentifierOrRestriction(

                    restriction, /* type */ null);

            startActivityAsUser(apmSupportIntent, UserHandle.of(userId));

            finish();

        } else {

            enforcedAdmin.component = enforcingAdmin.getComponentName();

        }

        return admin;

    }



    @androidx.annotation.VisibleForTesting

tests/robotests/src/com/android/settings/location/LocationInjectedServicesPreferenceControllerTest.java

+5 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ import static org.mockito.Mockito.verify; 
import static org.mockito.Mockito.when;



import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyResourcesManager;

import android.content.ComponentName;

import android.content.Context;

import android.content.pm.UserInfo;
@@ -83,6 +84,8 @@ public class LocationInjectedServicesPreferenceControllerTest { 
    private AppSettingsInjector mSettingsInjector;

    @Mock

    private DevicePolicyManager mDevicePolicyManager;

    @Mock

    private DevicePolicyResourcesManager mDevicePolicyResourcesManager;



    private Context mContext;

    private LocationInjectedServicesPreferenceController mController;
@@ -104,6 +107,7 @@ public class LocationInjectedServicesPreferenceControllerTest { 
        when(mCategoryPrimary.getKey()).thenReturn(key);

        when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE))

                .thenReturn(mDevicePolicyManager);

        when(mDevicePolicyManager.getResources()).thenReturn(mDevicePolicyResourcesManager);

    }



    @Test
@@ -276,6 +280,7 @@ public class LocationInjectedServicesPreferenceControllerTest { 
                UserHandle.of(userId),

                enforcingUsers);

        when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser()).thenReturn(componentName);

        when(mDevicePolicyResourcesManager.getString(any(), any())).thenReturn(any());



        mController.displayPreference(mScreen);