• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.devicelockcontroller.policy;
18 
19 import android.app.admin.DevicePolicyManager;
20 import android.content.Context;
21 
22 import com.android.devicelockcontroller.storage.SetupParametersClient;
23 import com.android.devicelockcontroller.util.LogUtil;
24 
25 import com.google.common.util.concurrent.Futures;
26 import com.google.common.util.concurrent.ListenableFuture;
27 
28 import java.util.ArrayList;
29 import java.util.List;
30 import java.util.concurrent.Executor;
31 
32 /** Enforces restrictions on Kiosk app and controller. */
33 final class PackagePolicyHandler implements PolicyHandler {
34     private static final String TAG = "PackagePolicyHandler";
35 
36     private final Context mContext;
37     private final DevicePolicyManager mDpm;
38     private final Executor mBgExecutor;
39 
PackagePolicyHandler(Context context, DevicePolicyManager dpm, Executor bgExecutor)40     PackagePolicyHandler(Context context, DevicePolicyManager dpm, Executor bgExecutor) {
41         mContext = context;
42         mDpm = dpm;
43         mBgExecutor = bgExecutor;
44     }
45 
46     @Override
onProvisioned()47     public ListenableFuture<Boolean> onProvisioned() {
48         return enablePackageProtection(/* enableForKiosk= */ true);
49     }
50 
51     @Override
onCleared()52     public ListenableFuture<Boolean> onCleared() {
53         return enablePackageProtection(/* enableForKiosk= */ false);
54     }
55 
enablePackageProtection(boolean enableForKiosk)56     private ListenableFuture<Boolean> enablePackageProtection(boolean enableForKiosk) {
57         return Futures.transform(SetupParametersClient.getInstance().getKioskPackage(),
58                 kioskPackageName -> {
59                     if (kioskPackageName == null) {
60                         LogUtil.d(TAG, "Kiosk package is not set");
61                     } else {
62                         try {
63                             mDpm.setUninstallBlocked(null /* admin */, kioskPackageName,
64                                     enableForKiosk);
65                         } catch (SecurityException e) {
66                             LogUtil.e(TAG, "Unable to set device policy", e);
67                             return false;
68                         }
69                     }
70 
71                     final List<String> pkgList = new ArrayList<>();
72 
73                     // The controller itself should always have user control disabled
74                     pkgList.add(mContext.getPackageName());
75 
76                     if (kioskPackageName != null && enableForKiosk) {
77                         pkgList.add(kioskPackageName);
78                     }
79 
80                     try {
81                         mDpm.setUserControlDisabledPackages(null /* admin */, pkgList);
82                     } catch (SecurityException e) {
83                         LogUtil.e(TAG, "Failed to setUserControlDisabledPackages", e);
84                         return false;
85                     }
86 
87                     return true;
88                 }, mBgExecutor);
89     }
90 }
91