[AAPM] Update ActionDisabledByAdminDialog and ExternalSourcesDetails strings

The new advanced protection support intent will be launched by the existing ActionDisabledByAdminDialog if the enforcing admin of a certain restriction is advanced protection. To determine that, Change-Id If931dcddad508f88aac1280b587da4767b937875 introduces an API to query the enforcing admin. In addition, this change updates ExternalSourcesDetails to display a disabled by advanced protection string in the preference summary. Tests will be written in a follow up change. Bug: 358229113 Bug: 369361373 Test: manual Test: atest ActionDisabledByAdminDialogTest Test: atest ExternalSourcesDetailsTest Test: atest LocationInjectedServicesPreferenceControllerTest Flag: android.security.aapm_api Flag: android.security.aapm_feature_disable_install_unknown_sources Change-Id: Icedef421d65f7ccde6562734e39a87d4458567ff
2024-10-31 11:00:25 +00:00
parent e1573f84b3
commit 47e665802b
4 changed files with 89 additions and 25 deletions
--- a/src/com/android/settings/enterprise/ActionDisabledByAdminDialog.java
+++ b/src/com/android/settings/enterprise/ActionDisabledByAdminDialog.java
@@ -16,12 +16,18 @@

 package com.android.settings.enterprise;

+import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY;
+
 import android.app.Activity;
 import android.app.admin.DevicePolicyManager;
+import android.app.admin.EnforcingAdmin;
+import android.app.admin.UnknownAuthority;
+import android.content.ComponentName;
 import android.content.DialogInterface;
 import android.content.Intent;
 import android.os.Bundle;
 import android.os.UserHandle;
+import android.security.advancedprotection.AdvancedProtectionManager;

 import com.android.settingslib.RestrictedLockUtils;
 import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
@@ -53,37 +59,67 @@ public class ActionDisabledByAdminDialog extends Activity

    @androidx.annotation.VisibleForTesting
    EnforcedAdmin getAdminDetailsFromIntent(Intent intent) {
-        final EnforcedAdmin admin = new EnforcedAdmin(null, UserHandle.of(UserHandle.myUserId()));
+        final EnforcedAdmin enforcedAdmin = new EnforcedAdmin(null, UserHandle.of(
+                UserHandle.myUserId()));
        if (intent == null) {
-            return admin;
+            return enforcedAdmin;
        }
-        admin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN);
+        enforcedAdmin.component = intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,
+                ComponentName.class);
        int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());

        Bundle adminDetails = null;
-        if (admin.component == null) {
-            DevicePolicyManager devicePolicyManager = getSystemService(DevicePolicyManager.class);
-            adminDetails = devicePolicyManager.getEnforcingAdminAndUserDetails(userId,
-                    getRestrictionFromIntent(intent));
-            if (adminDetails != null) {
-                admin.component = adminDetails.getParcelable(
-                        DevicePolicyManager.EXTRA_DEVICE_ADMIN);
+        if (enforcedAdmin.component == null) {
+            DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class);
+            final String restriction = getRestrictionFromIntent(intent);
+            if (android.security.Flags.aapmApi() && dpm != null && restriction != null) {
+                // TODO(b/381025131): Move advanced protection logic to DevicePolicyManager or
+                //  elsewhere.
+                launchAdvancedProtectionDialogOrTryToSetAdminComponent(dpm, userId, restriction,
+                        enforcedAdmin);
+            } else {
+                adminDetails = dpm.getEnforcingAdminAndUserDetails(userId, restriction);
+                if (adminDetails != null) {
+                    enforcedAdmin.component = adminDetails.getParcelable(
+                            DevicePolicyManager.EXTRA_DEVICE_ADMIN, ComponentName.class);
+                }
            }
        }

        if (intent.hasExtra(Intent.EXTRA_USER)) {
-            admin.user = intent.getParcelableExtra(Intent.EXTRA_USER);
+            enforcedAdmin.user = intent.getParcelableExtra(Intent.EXTRA_USER, UserHandle.class);
        } else {
            if (adminDetails != null) {
                userId = adminDetails.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId());
            }
            if (userId == UserHandle.USER_NULL) {
-                admin.user = null;
+                enforcedAdmin.user = null;
            } else {
-                admin.user = UserHandle.of(userId);
+                enforcedAdmin.user = UserHandle.of(userId);
            }
        }
-        return admin;
+        return enforcedAdmin;
+    }
+
+    private void launchAdvancedProtectionDialogOrTryToSetAdminComponent(DevicePolicyManager dpm,
+            int userId, String restriction, EnforcedAdmin enforcedAdmin) {
+        EnforcingAdmin enforcingAdmin = dpm.getEnforcingAdmin(userId, restriction);
+        if (enforcingAdmin == null) {
+            return;
+        }
+        if (enforcingAdmin.getAuthority() instanceof UnknownAuthority authority
+                && ADVANCED_PROTECTION_SYSTEM_ENTITY.equals(authority.getName())) {
+            AdvancedProtectionManager apm = getSystemService(AdvancedProtectionManager.class);
+            if (apm == null) {
+                return;
+            }
+            Intent apmSupportIntent = apm.createSupportIntentForPolicyIdentifierOrRestriction(
+                    restriction, /* type */ null);
+            startActivityAsUser(apmSupportIntent, UserHandle.of(userId));
+            finish();
+        } else {
+            enforcedAdmin.component = enforcingAdmin.getComponentName();
+        }
    }

    @androidx.annotation.VisibleForTesting