Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015, The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.managedprovisioning; |
| 18 | |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 19 | import static android.app.admin.DeviceAdminReceiver.ACTION_READY_FOR_USER_INITIALIZATION; |
| 20 | import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE; |
| 21 | import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME; |
| 22 | import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_INITIALIZER_COMPONENT_NAME; |
| 23 | import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED; |
| 24 | import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_SKIP_ENCRYPTION; |
| 25 | import static android.Manifest.permission.BIND_DEVICE_ADMIN; |
| 26 | |
| 27 | import android.app.admin.DevicePolicyManager; |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 28 | import android.content.BroadcastReceiver; |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 29 | import android.content.ComponentName; |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 30 | import android.content.Context; |
| 31 | import android.content.Intent; |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 32 | import android.content.pm.PackageManager; |
| 33 | import android.content.pm.ResolveInfo; |
| 34 | import android.os.PersistableBundle; |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 35 | import android.os.Process; |
| 36 | import android.os.UserHandle; |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 37 | import android.text.TextUtils; |
| 38 | |
| 39 | import java.util.List; |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 40 | |
| 41 | /** |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 42 | * On secondary user initialization, send a broadcast to the primary user to request CA certs. |
| 43 | * Also, if this device has a Device Owner, send an intent to start managed provisioning. |
| 44 | */ |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 45 | public class UserInitializedReceiver extends BroadcastReceiver { |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 46 | |
| 47 | private static final String MP_PACKAGE_NAME = "com.android.managedprovisioning"; |
| 48 | private static final String MP_ACTIVITY_NAME = |
| 49 | "com.android.managedprovisioning.DeviceOwnerProvisioningActivity"; |
| 50 | |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 51 | @Override |
| 52 | public void onReceive(Context context, Intent receivedIntent) { |
| 53 | ProvisionLogger.logi("User is initialized"); |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 54 | if (!Utils.isCurrentUserOwner() && !Utils.isManagedProfile(context)) { |
| 55 | requestCACerts(context); |
| 56 | |
| 57 | if (Utils.hasDeviceOwner(context)) { |
| 58 | ProvisionLogger.logi("Initializing secondary user with a device owner. " + |
| 59 | "Starting managed provisioning."); |
| 60 | launchManagedProvisioning(context); |
| 61 | } |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 62 | } |
| 63 | } |
Joe Delfino | 84e56f5 | 2015-03-27 09:56:18 -0400 | [diff] [blame] | 64 | |
| 65 | private void requestCACerts(Context context) { |
| 66 | Intent intent = new Intent(InstallCertRequestReceiver.REQUEST_CERT_ACTION); |
| 67 | intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); |
| 68 | intent.putExtra(CertService.EXTRA_REQUESTING_USER, Process.myUserHandle()); |
| 69 | context.sendBroadcastAsUser(intent, UserHandle.OWNER); |
| 70 | } |
| 71 | |
| 72 | /** |
| 73 | * Construct an appropriate intent and launch managed provisioning for a secondary user. |
| 74 | */ |
| 75 | private void launchManagedProvisioning(Context context) { |
| 76 | DevicePolicyManager dpm = (DevicePolicyManager) |
| 77 | context.getSystemService(Context.DEVICE_POLICY_SERVICE); |
| 78 | |
| 79 | Intent startMpIntent = new Intent(context, DeviceOwnerProvisioningActivity.class); |
| 80 | startMpIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); |
| 81 | startMpIntent.putExtra( |
| 82 | EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME, dpm.getDeviceOwner()); |
| 83 | |
| 84 | ComponentName diComponentName = getDeviceInitializerComponentName( |
| 85 | dpm.getDeviceInitializerApp(), context); |
| 86 | if (diComponentName != null) { |
| 87 | startMpIntent.putExtra( |
| 88 | EXTRA_PROVISIONING_DEVICE_INITIALIZER_COMPONENT_NAME, |
| 89 | diComponentName); |
| 90 | } |
| 91 | |
| 92 | // Rely on DPC to disable any system apps that need to be turned off |
| 93 | startMpIntent.putExtra(EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED, true); |
| 94 | |
| 95 | // For secondary users, if the device needs to be encrypted, it has already happened |
| 96 | startMpIntent.putExtra(EXTRA_PROVISIONING_SKIP_ENCRYPTION, true); |
| 97 | ProvisionLogger.logd("Sending intent to start managed provisioning"); |
| 98 | context.startActivity(startMpIntent); |
| 99 | } |
| 100 | |
| 101 | /** |
| 102 | * Find the name of the device initializer component within the given package. It must be a |
| 103 | * broadcast receiver with ACTION_READY_FOR_USER_INITIALIZATION and the BIND_DEVICE_OWNER |
| 104 | * permission. |
| 105 | * @param deviceInitializerPackageName The package to check |
| 106 | * @return The ComponentName for the DI, or null if an appropriate component couldn't be found |
| 107 | */ |
| 108 | private ComponentName getDeviceInitializerComponentName(String deviceInitializerPackageName, |
| 109 | Context context) { |
| 110 | |
| 111 | if (!TextUtils.isEmpty(deviceInitializerPackageName)) { |
| 112 | Intent findDeviceInitIntent = new Intent(ACTION_READY_FOR_USER_INITIALIZATION); |
| 113 | findDeviceInitIntent.setPackage(deviceInitializerPackageName); |
| 114 | |
| 115 | PackageManager pm = context.getPackageManager(); |
| 116 | List<ResolveInfo> results; |
| 117 | results = pm.queryBroadcastReceivers(findDeviceInitIntent, |
| 118 | PackageManager.GET_DISABLED_COMPONENTS, UserHandle.USER_OWNER); |
| 119 | |
| 120 | for (ResolveInfo result : results) { |
| 121 | if (result.activityInfo.permission != null && |
| 122 | result.activityInfo.permission.equals(BIND_DEVICE_ADMIN)) { |
| 123 | return new ComponentName( |
| 124 | result.activityInfo.packageName, result.activityInfo.name); |
| 125 | } |
| 126 | } |
| 127 | } |
| 128 | return null; |
| 129 | } |
Joe Delfino | d0f2928 | 2015-03-19 08:26:09 -0400 | [diff] [blame] | 130 | } |