am 247f3c4d: am 4af4ed0f: Provisioning: Add internal alias for continue flow
* commit '247f3c4dc8a723898e571f9913ad306ee77bc7dc':
Provisioning: Add internal alias for continue flow
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 139cedc..58c93f5 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -88,6 +88,12 @@
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
+ <activity-alias
+ android:name="ManagedProvisioningActivityNoCallerCheck"
+ android:targetActivity="ManagedProvisioningActivity"
+ android:permission="android.permission.MANAGE_USERS"
+ android:exported="true">
+ </activity-alias>
<activity
android:name="UserConsentActivity"
android:immersive="true"
diff --git a/src/com/android/managedprovisioning/BootReminder.java b/src/com/android/managedprovisioning/BootReminder.java
index 7f923b7..1d742d9 100644
--- a/src/com/android/managedprovisioning/BootReminder.java
+++ b/src/com/android/managedprovisioning/BootReminder.java
@@ -17,6 +17,9 @@
import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEFAULT_MANAGED_PROFILE_NAME;
import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME;
+import static com.android.managedprovisioning.ManagedProvisioningActivity.
+ EXTRA_USER_HAS_CONSENTED_PROVISIONING;
+
import android.app.Notification;
import android.app.NotificationManager;
@@ -49,9 +52,13 @@
EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME
};
+ private static final String[] PROFILE_OWNER_BOOLEAN_EXTRAS = {
+ // Key for whether the user already consented to provisioning
+ EXTRA_USER_HAS_CONSENTED_PROVISIONING
+ };
+
private static final ComponentName PROFILE_OWNER_INTENT_TARGET =
- new ComponentName("com.android.managedprovisioning",
- "com.android.managedprovisioning.ManagedProvisioningActivity");
+ ManagedProvisioningActivity.ALIAS_NO_CHECK_CALLER;
/*
* Device owner parameters that are stored in the IntentStore for resuming provisioning.
@@ -70,10 +77,10 @@
// Resume profile owner provisioning if applicable.
IntentStore profileOwnerIntentStore = getProfileOwnerIntentStore(context);
final Intent resumeProfileOwnerPrvIntent = profileOwnerIntentStore.load();
- if (resumeProfileOwnerPrvIntent != null ) {
+ if (resumeProfileOwnerPrvIntent != null) {
+ profileOwnerIntentStore.clear();
// Show reminder notification and then forget about it for next boot
setNotification(context, resumeProfileOwnerPrvIntent);
- profileOwnerIntentStore.clear();
}
// Resume device owner provisioning if applicable.
@@ -137,7 +144,7 @@
PROFILE_OWNER_STRING_EXTRAS,
new String[0],
new String[0],
- new String[0],
+ PROFILE_OWNER_BOOLEAN_EXTRAS,
PROFILE_OWNER_INTENT_TARGET,
PROFILE_OWNER_PREFERENCES_NAME);
}
@@ -166,7 +173,8 @@
.setContentIntent(resumePendingIntent)
.setContentTitle(context.getString(R.string.continue_provisioning_notify_title))
.setContentText(context.getString(R.string.continue_provisioning_notify_text))
- .setSmallIcon(android.R.drawable.ic_dialog_alert)
+ .setSmallIcon(com.android.internal.R.drawable.ic_corp_icon)
+ .setVisibility(Notification.VISIBILITY_PUBLIC)
.setAutoCancel(true);
notificationManager.notify(NOTIFY_ID, notify.build());
}
diff --git a/src/com/android/managedprovisioning/ManagedProvisioningActivity.java b/src/com/android/managedprovisioning/ManagedProvisioningActivity.java
index f9531cc..bcef3ed 100644
--- a/src/com/android/managedprovisioning/ManagedProvisioningActivity.java
+++ b/src/com/android/managedprovisioning/ManagedProvisioningActivity.java
@@ -17,10 +17,14 @@
package com.android.managedprovisioning;
import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME;
+import static com.android.managedprovisioning.EncryptDeviceActivity.EXTRA_RESUME;
+import static com.android.managedprovisioning.EncryptDeviceActivity.EXTRA_RESUME_TARGET;
+import static com.android.managedprovisioning.EncryptDeviceActivity.TARGET_PROFILE_OWNER;
import android.app.Activity;
import android.app.AlertDialog;
import android.content.BroadcastReceiver;
+import android.content.ComponentName;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
@@ -59,7 +63,7 @@
private static final String MANAGE_USERS_PERMISSION = "android.permission.MANAGE_USERS";
- private static final String EXTRA_USER_HAS_CONSENTED_PROVISIONING =
+ protected static final String EXTRA_USER_HAS_CONSENTED_PROVISIONING =
"com.android.managedprovisioning.EXTRA_USER_HAS_CONSENTED_PROVISIONING";
// TODO remove these when the new constant values are in use in all relevant places.
@@ -68,6 +72,15 @@
protected static final String EXTRA_LEGACY_PROVISIONING_DEFAULT_MANAGED_PROFILE_NAME =
"defaultManagedProfileName";
+ // Aliases to start managed provisioning with and without MANAGE_USERS permission
+ protected static final ComponentName ALIAS_CHECK_CALLER =
+ new ComponentName("com.android.managedprovisioning",
+ "com.android.managedprovisioning.ManagedProvisioningActivity");
+
+ protected static final ComponentName ALIAS_NO_CHECK_CALLER =
+ new ComponentName("com.android.managedprovisioning",
+ "com.android.managedprovisioning.ManagedProvisioningActivityNoCallerCheck");
+
protected static final int ENCRYPT_DEVICE_REQUEST_CODE = 2;
private String mMdmPackageName;
@@ -118,29 +131,36 @@
setContentView(mContentView);
setMdmIcon(mMdmPackageName, mContentView);
- // Calling package has to equal the requested device admin package or has to be system.
- String callingPackage = getCallingPackage();
- if (callingPackage == null) {
- showErrorAndClose(R.string.managed_provisioning_error_text, "Calling package is null. "
- + "Was startActivityForResult used to start this activity?");
- return;
+ // If the caller started us via ALIAS_NO_CHECK_CALLER then they must have permission to
+ // MANAGE_USERS since it is a restricted intent. Otherwise, check the calling package.
+ boolean hasManageUsersPermission = (getComponentName().equals(ALIAS_NO_CHECK_CALLER));
+ if (!hasManageUsersPermission) {
+ // Calling package has to equal the requested device admin package or has to be system.
+ String callingPackage = getCallingPackage();
+ if (callingPackage == null) {
+ showErrorAndClose(R.string.managed_provisioning_error_text,
+ "Calling package is null. " +
+ "Was startActivityForResult used to start this activity?");
+ return;
+ }
+ if (!callingPackage.equals(mMdmPackageName)
+ && !packageHasManageUsersPermission(callingPackage)) {
+ showErrorAndClose(R.string.managed_provisioning_error_text, "Permission denied, "
+ + "calling package tried to set a different package as profile owner. "
+ + "The system MANAGE_USERS permission is required.");
+ return;
+ }
}
- boolean hasManageUsersPermission = packageHasManageUsersPermission(callingPackage);
- if (!(callingPackage.equals(mMdmPackageName) || hasManageUsersPermission)) {
- showErrorAndClose(R.string.managed_provisioning_error_text, "Permission denied, "
- + "calling package tried to set a different package as profile owner. "
- + "The system MANAGE_USERS permission is required.");
- return;
- }
-
// Don't continue if the caller tries to skip user consent without permission.
// Only system apps with the MANAGE_USERS permission can claim that the user consented.
- boolean needsPermission = getIntent().hasExtra(EXTRA_USER_HAS_CONSENTED_PROVISIONING);
- if (needsPermission && !hasManageUsersPermission) {
- showErrorAndClose(R.string.managed_provisioning_error_text, "Permission denied,"
- + "you need MANAGE_USERS permission to skip user consent");
- return;
+ if (getIntent().hasExtra(EXTRA_USER_HAS_CONSENTED_PROVISIONING)) {
+ if (!hasManageUsersPermission) {
+ showErrorAndClose(R.string.managed_provisioning_error_text, "Permission denied, "
+ + "you need MANAGE_USERS permission to skip user consent.");
+ return;
+ }
+ mUserConsented = true;
}
// If there is already a managed profile, allow the user to cancel or delete it.
@@ -153,10 +173,7 @@
}
private void showStartProvisioningScreen() {
-
// Skip the user consent if user has previously consented.
- mUserConsented = getIntent().getBooleanExtra(EXTRA_USER_HAS_CONSENTED_PROVISIONING,
- false);
if (mUserConsented) {
checkEncryptedAndStartProvisioningService();
} else {
@@ -164,6 +181,7 @@
positiveButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
+ mUserConsented = true;
checkEncryptedAndStartProvisioningService();
}
});
@@ -280,10 +298,10 @@
startService(intent);
} else {
Bundle resumeExtras = getIntent().getExtras();
- resumeExtras.putString(EncryptDeviceActivity.EXTRA_RESUME_TARGET,
- EncryptDeviceActivity.TARGET_PROFILE_OWNER);
+ resumeExtras.putBoolean(EXTRA_USER_HAS_CONSENTED_PROVISIONING, mUserConsented);
+ resumeExtras.putString(EXTRA_RESUME_TARGET, TARGET_PROFILE_OWNER);
Intent encryptIntent = new Intent(this, EncryptDeviceActivity.class)
- .putExtra(EncryptDeviceActivity.EXTRA_RESUME, resumeExtras);
+ .putExtra(EXTRA_RESUME, resumeExtras);
startActivityForResult(encryptIntent, ENCRYPT_DEVICE_REQUEST_CODE);
// Continue in onActivityResult or after reboot.
}