1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.settings; 18 19 import android.app.Activity; 20 import android.app.ActivityManager; 21 import android.app.AlertDialog; 22 import android.app.AppOpsManager; 23 import android.app.Dialog; 24 import android.app.admin.DeviceAdminInfo; 25 import android.app.admin.DeviceAdminReceiver; 26 import android.app.admin.DevicePolicyManager; 27 import android.content.ComponentName; 28 import android.content.Context; 29 import android.content.DialogInterface; 30 import android.content.Intent; 31 import android.content.pm.ActivityInfo; 32 import android.content.pm.ApplicationInfo; 33 import android.content.pm.PackageInfo; 34 import android.content.pm.PackageManager; 35 import android.content.pm.PackageManager.NameNotFoundException; 36 import android.content.pm.ResolveInfo; 37 import android.content.pm.UserInfo; 38 import android.content.res.Resources; 39 import android.os.Binder; 40 import android.os.Bundle; 41 import android.os.Handler; 42 import android.os.IBinder; 43 import android.os.RemoteCallback; 44 import android.os.RemoteException; 45 import android.os.UserHandle; 46 import android.os.UserManager; 47 import android.text.TextUtils; 48 import android.text.TextUtils.TruncateAt; 49 import android.util.EventLog; 50 import android.util.Log; 51 import android.view.Display; 52 import android.view.View; 53 import android.view.ViewGroup; 54 import android.view.ViewTreeObserver; 55 import android.view.WindowManager; 56 import android.widget.AppSecurityPermissions; 57 import android.widget.Button; 58 import android.widget.ImageView; 59 import android.widget.TextView; 60 61 import com.android.internal.logging.nano.MetricsProto; 62 import com.android.settings.fuelgauge.BatteryUtils; 63 import com.android.settings.overlay.FeatureFactory; 64 import com.android.settings.users.UserDialogs; 65 import com.android.settingslib.RestrictedLockUtils; 66 import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; 67 68 import org.xmlpull.v1.XmlPullParserException; 69 70 import java.io.IOException; 71 import java.util.ArrayList; 72 import java.util.List; 73 import java.util.Optional; 74 75 public class DeviceAdminAdd extends Activity { 76 static final String TAG = "DeviceAdminAdd"; 77 78 static final int DIALOG_WARNING = 1; 79 80 private static final int MAX_ADD_MSG_LINES_PORTRAIT = 5; 81 private static final int MAX_ADD_MSG_LINES_LANDSCAPE = 2; 82 private static final int MAX_ADD_MSG_LINES = 15; 83 84 /** 85 * Optional key to map to the package name of the Device Admin. 86 * Currently only used when uninstalling an active device admin. 87 */ 88 public static final String EXTRA_DEVICE_ADMIN_PACKAGE_NAME = 89 "android.app.extra.DEVICE_ADMIN_PACKAGE_NAME"; 90 91 public static final String EXTRA_CALLED_FROM_SUPPORT_DIALOG = 92 "android.app.extra.CALLED_FROM_SUPPORT_DIALOG"; 93 94 private final IBinder mToken = new Binder(); 95 Handler mHandler; 96 97 DevicePolicyManager mDPM; 98 AppOpsManager mAppOps; 99 DeviceAdminInfo mDeviceAdmin; 100 CharSequence mAddMsgText; 101 String mProfileOwnerName; 102 103 ImageView mAdminIcon; 104 TextView mAdminName; 105 TextView mAdminDescription; 106 TextView mAddMsg; 107 TextView mProfileOwnerWarning; 108 ImageView mAddMsgExpander; 109 boolean mAddMsgEllipsized = true; 110 TextView mAdminWarning; 111 TextView mSupportMessage; 112 ViewGroup mAdminPolicies; 113 Button mActionButton; 114 Button mUninstallButton; 115 Button mCancelButton; 116 117 boolean mUninstalling = false; 118 boolean mAdding; 119 boolean mRefreshing; 120 boolean mWaitingForRemoveMsg; 121 boolean mAddingProfileOwner; 122 boolean mAdminPoliciesInitialized; 123 124 boolean mIsCalledFromSupportDialog = false; 125 126 @Override onCreate(Bundle icicle)127 protected void onCreate(Bundle icicle) { 128 super.onCreate(icicle); 129 130 mHandler = new Handler(getMainLooper()); 131 132 mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE); 133 mAppOps = (AppOpsManager)getSystemService(Context.APP_OPS_SERVICE); 134 PackageManager packageManager = getPackageManager(); 135 136 if ((getIntent().getFlags()&Intent.FLAG_ACTIVITY_NEW_TASK) != 0) { 137 Log.w(TAG, "Cannot start ADD_DEVICE_ADMIN as a new task"); 138 finish(); 139 return; 140 } 141 142 mIsCalledFromSupportDialog = getIntent().getBooleanExtra( 143 EXTRA_CALLED_FROM_SUPPORT_DIALOG, false); 144 145 String action = getIntent().getAction(); 146 ComponentName who = (ComponentName)getIntent().getParcelableExtra( 147 DevicePolicyManager.EXTRA_DEVICE_ADMIN); 148 if (who == null) { 149 String packageName = getIntent().getStringExtra(EXTRA_DEVICE_ADMIN_PACKAGE_NAME); 150 Optional<ComponentName> installedAdmin = findAdminWithPackageName(packageName); 151 if (!installedAdmin.isPresent()) { 152 Log.w(TAG, "No component specified in " + action); 153 finish(); 154 return; 155 } 156 who = installedAdmin.get(); 157 mUninstalling = true; 158 } 159 160 if (action != null && action.equals(DevicePolicyManager.ACTION_SET_PROFILE_OWNER)) { 161 setResult(RESULT_CANCELED); 162 setFinishOnTouchOutside(true); 163 mAddingProfileOwner = true; 164 mProfileOwnerName = 165 getIntent().getStringExtra(DevicePolicyManager.EXTRA_PROFILE_OWNER_NAME); 166 String callingPackage = getCallingPackage(); 167 if (callingPackage == null || !callingPackage.equals(who.getPackageName())) { 168 Log.e(TAG, "Unknown or incorrect caller"); 169 finish(); 170 return; 171 } 172 try { 173 PackageInfo packageInfo = packageManager.getPackageInfo(callingPackage, 0); 174 if ((packageInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0) { 175 Log.e(TAG, "Cannot set a non-system app as a profile owner"); 176 finish(); 177 return; 178 } 179 } catch (NameNotFoundException nnfe) { 180 Log.e(TAG, "Cannot find the package " + callingPackage); 181 finish(); 182 return; 183 } 184 } 185 186 ActivityInfo ai; 187 try { 188 ai = packageManager.getReceiverInfo(who, PackageManager.GET_META_DATA); 189 } catch (PackageManager.NameNotFoundException e) { 190 Log.w(TAG, "Unable to retrieve device policy " + who, e); 191 finish(); 192 return; 193 } 194 195 // When activating, make sure the given component name is actually a valid device admin. 196 // No need to check this when deactivating, because it is safe to deactivate an active 197 // invalid device admin. 198 if (!mDPM.isAdminActive(who)) { 199 List<ResolveInfo> avail = packageManager.queryBroadcastReceivers( 200 new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED), 201 PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS); 202 int count = avail == null ? 0 : avail.size(); 203 boolean found = false; 204 for (int i=0; i<count; i++) { 205 ResolveInfo ri = avail.get(i); 206 if (ai.packageName.equals(ri.activityInfo.packageName) 207 && ai.name.equals(ri.activityInfo.name)) { 208 try { 209 // We didn't retrieve the meta data for all possible matches, so 210 // need to use the activity info of this specific one that was retrieved. 211 ri.activityInfo = ai; 212 DeviceAdminInfo dpi = new DeviceAdminInfo(this, ri); 213 found = true; 214 } catch (XmlPullParserException e) { 215 Log.w(TAG, "Bad " + ri.activityInfo, e); 216 } catch (IOException e) { 217 Log.w(TAG, "Bad " + ri.activityInfo, e); 218 } 219 break; 220 } 221 } 222 if (!found) { 223 Log.w(TAG, "Request to add invalid device admin: " + who); 224 finish(); 225 return; 226 } 227 } 228 229 ResolveInfo ri = new ResolveInfo(); 230 ri.activityInfo = ai; 231 try { 232 mDeviceAdmin = new DeviceAdminInfo(this, ri); 233 } catch (XmlPullParserException e) { 234 Log.w(TAG, "Unable to retrieve device policy " + who, e); 235 finish(); 236 return; 237 } catch (IOException e) { 238 Log.w(TAG, "Unable to retrieve device policy " + who, e); 239 finish(); 240 return; 241 } 242 243 // This admin already exists, an we have two options at this point. If new policy 244 // bits are set, show the user the new list. If nothing has changed, simply return 245 // "OK" immediately. 246 if (DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN.equals(getIntent().getAction())) { 247 mRefreshing = false; 248 if (mDPM.isAdminActive(who)) { 249 if (mDPM.isRemovingAdmin(who, android.os.Process.myUserHandle().getIdentifier())) { 250 Log.w(TAG, "Requested admin is already being removed: " + who); 251 finish(); 252 return; 253 } 254 255 ArrayList<DeviceAdminInfo.PolicyInfo> newPolicies = mDeviceAdmin.getUsedPolicies(); 256 for (int i = 0; i < newPolicies.size(); i++) { 257 DeviceAdminInfo.PolicyInfo pi = newPolicies.get(i); 258 if (!mDPM.hasGrantedPolicy(who, pi.ident)) { 259 mRefreshing = true; 260 break; 261 } 262 } 263 if (!mRefreshing) { 264 // Nothing changed (or policies were removed) - return immediately 265 setResult(Activity.RESULT_OK); 266 finish(); 267 return; 268 } 269 } 270 } 271 272 // If we're trying to add a profile owner and user setup hasn't completed yet, no 273 // need to prompt for permission. Just add and finish. 274 if (mAddingProfileOwner && !mDPM.hasUserSetupCompleted()) { 275 addAndFinish(); 276 return; 277 } 278 279 mAddMsgText = getIntent().getCharSequenceExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION); 280 281 setContentView(R.layout.device_admin_add); 282 283 mAdminIcon = (ImageView)findViewById(R.id.admin_icon); 284 mAdminName = (TextView)findViewById(R.id.admin_name); 285 mAdminDescription = (TextView)findViewById(R.id.admin_description); 286 mProfileOwnerWarning = (TextView) findViewById(R.id.profile_owner_warning); 287 288 mAddMsg = (TextView)findViewById(R.id.add_msg); 289 mAddMsgExpander = (ImageView) findViewById(R.id.add_msg_expander); 290 final View.OnClickListener onClickListener = new View.OnClickListener() { 291 @Override 292 public void onClick(View v) { 293 toggleMessageEllipsis(mAddMsg); 294 } 295 }; 296 mAddMsgExpander.setOnClickListener(onClickListener); 297 mAddMsg.setOnClickListener(onClickListener); 298 299 // Determine whether the message can be collapsed - getLineCount() gives the correct 300 // number of lines only after a layout pass. 301 mAddMsg.getViewTreeObserver().addOnGlobalLayoutListener( 302 new ViewTreeObserver.OnGlobalLayoutListener() { 303 @Override 304 public void onGlobalLayout() { 305 final int maxLines = getEllipsizedLines(); 306 // hide the icon if number of visible lines does not exceed maxLines 307 boolean hideMsgExpander = mAddMsg.getLineCount() <= maxLines; 308 mAddMsgExpander.setVisibility(hideMsgExpander ? View.GONE : View.VISIBLE); 309 if (hideMsgExpander) { 310 mAddMsg.setOnClickListener(null); 311 ((View)mAddMsgExpander.getParent()).invalidate(); 312 } 313 mAddMsg.getViewTreeObserver().removeOnGlobalLayoutListener(this); 314 } 315 }); 316 317 // toggleMessageEllipsis also handles initial layout: 318 toggleMessageEllipsis(mAddMsg); 319 320 mAdminWarning = (TextView) findViewById(R.id.admin_warning); 321 mAdminPolicies = (ViewGroup) findViewById(R.id.admin_policies); 322 mSupportMessage = (TextView) findViewById(R.id.admin_support_message); 323 324 mCancelButton = (Button) findViewById(R.id.cancel_button); 325 mCancelButton.setFilterTouchesWhenObscured(true); 326 mCancelButton.setOnClickListener(new View.OnClickListener() { 327 public void onClick(View v) { 328 EventLog.writeEvent(EventLogTags.EXP_DET_DEVICE_ADMIN_DECLINED_BY_USER, 329 mDeviceAdmin.getActivityInfo().applicationInfo.uid); 330 finish(); 331 } 332 }); 333 334 mUninstallButton = (Button) findViewById(R.id.uninstall_button); 335 mUninstallButton.setFilterTouchesWhenObscured(true); 336 mUninstallButton.setOnClickListener(new View.OnClickListener() { 337 public void onClick(View v) { 338 EventLog.writeEvent(EventLogTags.EXP_DET_DEVICE_ADMIN_UNINSTALLED_BY_USER, 339 mDeviceAdmin.getActivityInfo().applicationInfo.uid); 340 mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName()); 341 finish(); 342 } 343 }); 344 345 mActionButton = (Button) findViewById(R.id.action_button); 346 347 final View restrictedAction = findViewById(R.id.restricted_action); 348 restrictedAction.setFilterTouchesWhenObscured(true); 349 restrictedAction.setOnClickListener(new View.OnClickListener() { 350 public void onClick(View v) { 351 if (!mActionButton.isEnabled()) { 352 showPolicyTransparencyDialogIfRequired(); 353 return; 354 } 355 if (mAdding) { 356 addAndFinish(); 357 } else if (isManagedProfile(mDeviceAdmin) 358 && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) { 359 final int userId = UserHandle.myUserId(); 360 UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId, 361 new DialogInterface.OnClickListener() { 362 @Override 363 public void onClick(DialogInterface dialog, int which) { 364 UserManager um = UserManager.get(DeviceAdminAdd.this); 365 um.removeUser(userId); 366 finish(); 367 } 368 } 369 ).show(); 370 } else if (mUninstalling) { 371 mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName()); 372 finish(); 373 } else if (!mWaitingForRemoveMsg) { 374 try { 375 // Don't allow the admin to put a dialog up in front 376 // of us while we interact with the user. 377 ActivityManager.getService().stopAppSwitches(); 378 } catch (RemoteException e) { 379 } 380 mWaitingForRemoveMsg = true; 381 mDPM.getRemoveWarning(mDeviceAdmin.getComponent(), 382 new RemoteCallback(new RemoteCallback.OnResultListener() { 383 @Override 384 public void onResult(Bundle result) { 385 CharSequence msg = result != null 386 ? result.getCharSequence( 387 DeviceAdminReceiver.EXTRA_DISABLE_WARNING) 388 : null; 389 continueRemoveAction(msg); 390 } 391 }, mHandler)); 392 // Don't want to wait too long. 393 getWindow().getDecorView().getHandler().postDelayed(new Runnable() { 394 @Override public void run() { 395 continueRemoveAction(null); 396 } 397 }, 2*1000); 398 } 399 } 400 }); 401 } 402 403 /** 404 * Shows a dialog to explain why the button is disabled if required. 405 */ showPolicyTransparencyDialogIfRequired()406 private void showPolicyTransparencyDialogIfRequired() { 407 if (isManagedProfile(mDeviceAdmin) 408 && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) { 409 if (hasBaseCantRemoveProfileRestriction()) { 410 // If DISALLOW_REMOVE_MANAGED_PROFILE is set by the system, there's no 411 // point showing a dialog saying it's disabled by an admin. 412 return; 413 } 414 EnforcedAdmin enforcedAdmin = getAdminEnforcingCantRemoveProfile(); 415 if (enforcedAdmin != null) { 416 RestrictedLockUtils.sendShowAdminSupportDetailsIntent( 417 DeviceAdminAdd.this, 418 enforcedAdmin); 419 } 420 } 421 } 422 addAndFinish()423 void addAndFinish() { 424 try { 425 logSpecialPermissionChange(true, mDeviceAdmin.getComponent().getPackageName()); 426 mDPM.setActiveAdmin(mDeviceAdmin.getComponent(), mRefreshing); 427 EventLog.writeEvent(EventLogTags.EXP_DET_DEVICE_ADMIN_ACTIVATED_BY_USER, 428 mDeviceAdmin.getActivityInfo().applicationInfo.uid); 429 430 unrestrictAppIfPossible(BatteryUtils.getInstance(this)); 431 432 setResult(Activity.RESULT_OK); 433 } catch (RuntimeException e) { 434 // Something bad happened... could be that it was 435 // already set, though. 436 Log.w(TAG, "Exception trying to activate admin " 437 + mDeviceAdmin.getComponent(), e); 438 if (mDPM.isAdminActive(mDeviceAdmin.getComponent())) { 439 setResult(Activity.RESULT_OK); 440 } 441 } 442 if (mAddingProfileOwner) { 443 try { 444 mDPM.setProfileOwner(mDeviceAdmin.getComponent(), 445 mProfileOwnerName, UserHandle.myUserId()); 446 } catch (RuntimeException re) { 447 setResult(Activity.RESULT_CANCELED); 448 } 449 } 450 finish(); 451 } 452 unrestrictAppIfPossible(BatteryUtils batteryUtils)453 void unrestrictAppIfPossible(BatteryUtils batteryUtils) { 454 // Unrestrict admin app if it is already been restricted 455 final String packageName = mDeviceAdmin.getComponent().getPackageName(); 456 final int uid = batteryUtils.getPackageUid(packageName); 457 if (batteryUtils.isForceAppStandbyEnabled(uid, packageName)) { 458 batteryUtils.setForceAppStandby(uid, packageName, AppOpsManager.MODE_ALLOWED); 459 } 460 } 461 continueRemoveAction(CharSequence msg)462 void continueRemoveAction(CharSequence msg) { 463 if (!mWaitingForRemoveMsg) { 464 return; 465 } 466 mWaitingForRemoveMsg = false; 467 if (msg == null) { 468 try { 469 ActivityManager.getService().resumeAppSwitches(); 470 } catch (RemoteException e) { 471 } 472 logSpecialPermissionChange(false, mDeviceAdmin.getComponent().getPackageName()); 473 mDPM.removeActiveAdmin(mDeviceAdmin.getComponent()); 474 finish(); 475 } else { 476 try { 477 // Continue preventing anything from coming in front. 478 ActivityManager.getService().stopAppSwitches(); 479 } catch (RemoteException e) { 480 } 481 Bundle args = new Bundle(); 482 args.putCharSequence( 483 DeviceAdminReceiver.EXTRA_DISABLE_WARNING, msg); 484 showDialog(DIALOG_WARNING, args); 485 } 486 } 487 logSpecialPermissionChange(boolean allow, String packageName)488 void logSpecialPermissionChange(boolean allow, String packageName) { 489 int logCategory = allow ? MetricsProto.MetricsEvent.APP_SPECIAL_PERMISSION_ADMIN_ALLOW : 490 MetricsProto.MetricsEvent.APP_SPECIAL_PERMISSION_ADMIN_DENY; 491 FeatureFactory.getFactory(this).getMetricsFeatureProvider().action(this, logCategory, packageName); 492 } 493 494 @Override onResume()495 protected void onResume() { 496 super.onResume(); 497 mActionButton.setEnabled(true); 498 updateInterface(); 499 // As long as we are running, don't let anyone overlay stuff on top of the screen. 500 mAppOps.setUserRestriction(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, true, mToken); 501 mAppOps.setUserRestriction(AppOpsManager.OP_TOAST_WINDOW, true, mToken); 502 503 } 504 505 @Override onPause()506 protected void onPause() { 507 super.onPause(); 508 // This just greys out the button. The actual listener is attached to R.id.restricted_action 509 mActionButton.setEnabled(false); 510 mAppOps.setUserRestriction(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, false, mToken); 511 mAppOps.setUserRestriction(AppOpsManager.OP_TOAST_WINDOW, false, mToken); 512 try { 513 ActivityManager.getService().resumeAppSwitches(); 514 } catch (RemoteException e) { 515 } 516 } 517 518 @Override onUserLeaveHint()519 protected void onUserLeaveHint() { 520 super.onUserLeaveHint(); 521 // In case this is triggered from support dialog, finish this activity once the user leaves 522 // so that this won't appear as a background next time support dialog is triggered. This 523 // is because the support dialog activity and this belong to the same task and we can't 524 // start this in new activity since we need to know the calling package in this activity. 525 if (mIsCalledFromSupportDialog) { 526 finish(); 527 } 528 } 529 530 @Override onCreateDialog(int id, Bundle args)531 protected Dialog onCreateDialog(int id, Bundle args) { 532 switch (id) { 533 case DIALOG_WARNING: { 534 CharSequence msg = args.getCharSequence(DeviceAdminReceiver.EXTRA_DISABLE_WARNING); 535 AlertDialog.Builder builder = new AlertDialog.Builder(this); 536 builder.setMessage(msg); 537 builder.setPositiveButton(R.string.dlg_ok, 538 new DialogInterface.OnClickListener() { 539 public void onClick(DialogInterface dialog, int which) { 540 try { 541 ActivityManager.getService().resumeAppSwitches(); 542 } catch (RemoteException e) { 543 } 544 mDPM.removeActiveAdmin(mDeviceAdmin.getComponent()); 545 finish(); 546 } 547 }); 548 builder.setNegativeButton(R.string.dlg_cancel, null); 549 return builder.create(); 550 } 551 default: 552 return super.onCreateDialog(id, args); 553 554 } 555 } 556 updateInterface()557 void updateInterface() { 558 findViewById(R.id.restricted_icon).setVisibility(View.GONE); 559 mAdminIcon.setImageDrawable(mDeviceAdmin.loadIcon(getPackageManager())); 560 mAdminName.setText(mDeviceAdmin.loadLabel(getPackageManager())); 561 try { 562 mAdminDescription.setText( 563 mDeviceAdmin.loadDescription(getPackageManager())); 564 mAdminDescription.setVisibility(View.VISIBLE); 565 } catch (Resources.NotFoundException e) { 566 mAdminDescription.setVisibility(View.GONE); 567 } 568 if (mAddingProfileOwner) { 569 mProfileOwnerWarning.setVisibility(View.VISIBLE); 570 } 571 if (mAddMsgText != null) { 572 mAddMsg.setText(mAddMsgText); 573 mAddMsg.setVisibility(View.VISIBLE); 574 } else { 575 mAddMsg.setVisibility(View.GONE); 576 mAddMsgExpander.setVisibility(View.GONE); 577 } 578 if (!mRefreshing && !mAddingProfileOwner 579 && mDPM.isAdminActive(mDeviceAdmin.getComponent())) { 580 mAdding = false; 581 final boolean isProfileOwner = 582 mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner()); 583 final boolean isManagedProfile = isManagedProfile(mDeviceAdmin); 584 if (isProfileOwner && isManagedProfile) { 585 // Profile owner in a managed profile, user can remove profile to disable admin. 586 mAdminWarning.setText(R.string.admin_profile_owner_message); 587 mActionButton.setText(R.string.remove_managed_profile_label); 588 589 final EnforcedAdmin admin = getAdminEnforcingCantRemoveProfile(); 590 final boolean hasBaseRestriction = hasBaseCantRemoveProfileRestriction(); 591 if (admin != null && !hasBaseRestriction) { 592 findViewById(R.id.restricted_icon).setVisibility(View.VISIBLE); 593 } 594 mActionButton.setEnabled(admin == null && !hasBaseRestriction); 595 } else if (isProfileOwner || mDeviceAdmin.getComponent().equals( 596 mDPM.getDeviceOwnerComponentOnCallingUser())) { 597 // Profile owner in a user or device owner, user can't disable admin. 598 if (isProfileOwner) { 599 // Show profile owner in a user description. 600 mAdminWarning.setText(R.string.admin_profile_owner_user_message); 601 } else { 602 // Show device owner description. 603 mAdminWarning.setText(R.string.admin_device_owner_message); 604 } 605 mActionButton.setText(R.string.remove_device_admin); 606 mActionButton.setEnabled(false); 607 } else { 608 addDeviceAdminPolicies(false /* showDescription */); 609 mAdminWarning.setText(getString(R.string.device_admin_status, 610 mDeviceAdmin.getActivityInfo().applicationInfo.loadLabel( 611 getPackageManager()))); 612 setTitle(R.string.active_device_admin_msg); 613 if (mUninstalling) { 614 mActionButton.setText(R.string.remove_and_uninstall_device_admin); 615 } else { 616 mActionButton.setText(R.string.remove_device_admin); 617 } 618 } 619 CharSequence supportMessage = mDPM.getLongSupportMessageForUser( 620 mDeviceAdmin.getComponent(), UserHandle.myUserId()); 621 if (!TextUtils.isEmpty(supportMessage)) { 622 mSupportMessage.setText(supportMessage); 623 mSupportMessage.setVisibility(View.VISIBLE); 624 } else { 625 mSupportMessage.setVisibility(View.GONE); 626 } 627 } else { 628 addDeviceAdminPolicies(true /* showDescription */); 629 mAdminWarning.setText(getString(R.string.device_admin_warning, 630 mDeviceAdmin.getActivityInfo().applicationInfo.loadLabel(getPackageManager()))); 631 if (mAddingProfileOwner) { 632 setTitle(getText(R.string.profile_owner_add_title)); 633 } else { 634 setTitle(getText(R.string.add_device_admin_msg)); 635 } 636 mActionButton.setText(getText(R.string.add_device_admin)); 637 if (isAdminUninstallable()) { 638 mUninstallButton.setVisibility(View.VISIBLE); 639 } 640 mSupportMessage.setVisibility(View.GONE); 641 mAdding = true; 642 } 643 } 644 getAdminEnforcingCantRemoveProfile()645 private EnforcedAdmin getAdminEnforcingCantRemoveProfile() { 646 // Removing a managed profile is disallowed if DISALLOW_REMOVE_MANAGED_PROFILE 647 // is set in the parent rather than the user itself. 648 return RestrictedLockUtils.checkIfRestrictionEnforced(this, 649 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, getParentUserId()); 650 } 651 hasBaseCantRemoveProfileRestriction()652 private boolean hasBaseCantRemoveProfileRestriction() { 653 return RestrictedLockUtils.hasBaseUserRestriction(this, 654 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, getParentUserId()); 655 } 656 getParentUserId()657 private int getParentUserId() { 658 return UserManager.get(this).getProfileParent(UserHandle.myUserId()).id; 659 } 660 addDeviceAdminPolicies(boolean showDescription)661 private void addDeviceAdminPolicies(boolean showDescription) { 662 if (!mAdminPoliciesInitialized) { 663 boolean isAdminUser = UserManager.get(this).isAdminUser(); 664 for (DeviceAdminInfo.PolicyInfo pi : mDeviceAdmin.getUsedPolicies()) { 665 int descriptionId = isAdminUser ? pi.description : pi.descriptionForSecondaryUsers; 666 int labelId = isAdminUser ? pi.label : pi.labelForSecondaryUsers; 667 View view = AppSecurityPermissions.getPermissionItemView(this, getText(labelId), 668 showDescription ? getText(descriptionId) : "", true); 669 mAdminPolicies.addView(view); 670 } 671 mAdminPoliciesInitialized = true; 672 } 673 } 674 toggleMessageEllipsis(View v)675 void toggleMessageEllipsis(View v) { 676 TextView tv = (TextView) v; 677 678 mAddMsgEllipsized = ! mAddMsgEllipsized; 679 tv.setEllipsize(mAddMsgEllipsized ? TruncateAt.END : null); 680 tv.setMaxLines(mAddMsgEllipsized ? getEllipsizedLines() : MAX_ADD_MSG_LINES); 681 682 mAddMsgExpander.setImageResource(mAddMsgEllipsized ? 683 com.android.internal.R.drawable.expander_ic_minimized : 684 com.android.internal.R.drawable.expander_ic_maximized); 685 } 686 getEllipsizedLines()687 int getEllipsizedLines() { 688 Display d = ((WindowManager) getSystemService(Context.WINDOW_SERVICE)) 689 .getDefaultDisplay(); 690 691 return d.getHeight() > d.getWidth() ? 692 MAX_ADD_MSG_LINES_PORTRAIT : MAX_ADD_MSG_LINES_LANDSCAPE; 693 } 694 695 /** 696 * @return true if adminInfo is running in a managed profile. 697 */ isManagedProfile(DeviceAdminInfo adminInfo)698 private boolean isManagedProfile(DeviceAdminInfo adminInfo) { 699 UserManager um = UserManager.get(this); 700 UserInfo info = um.getUserInfo( 701 UserHandle.getUserId(adminInfo.getActivityInfo().applicationInfo.uid)); 702 return info != null ? info.isManagedProfile() : false; 703 } 704 705 /** 706 * @return an {@link Optional} containing the admin with a given package name, if it exists, 707 * or {@link Optional#empty()} otherwise. 708 */ findAdminWithPackageName(String packageName)709 private Optional<ComponentName> findAdminWithPackageName(String packageName) { 710 List<ComponentName> admins = mDPM.getActiveAdmins(); 711 if (admins == null) { 712 return Optional.empty(); 713 } 714 return admins.stream().filter(i -> i.getPackageName().equals(packageName)).findAny(); 715 } 716 isAdminUninstallable()717 private boolean isAdminUninstallable() { 718 // System apps can't be uninstalled. 719 return !mDeviceAdmin.getActivityInfo().applicationInfo.isSystemApp(); 720 } 721 } 722