Add support message for device admins
Allow admins to set a long and short support
message for settings to display.
Bug: 25659579
Change-Id: Ib645490785642e49c69d8dbc65455eb3398547ee
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index cf661ce..7d1e66f 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -424,6 +424,8 @@
private static final String TAG_PACKAGE_LIST_ITEM = "item";
private static final String TAG_KEEP_UNINSTALLED_PACKAGES = "keep-uninstalled-packages";
private static final String TAG_USER_RESTRICTIONS = "user-restrictions";
+ private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message";
+ private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message";
final DeviceAdminInfo info;
@@ -509,6 +511,10 @@
Bundle userRestrictions;
+ // Support text provided by the admin to display to the user.
+ String shortSupportMessage = null;
+ String longSupportMessage = null;
+
ActiveAdmin(DeviceAdminInfo _info) {
info = _info;
}
@@ -688,6 +694,16 @@
UserRestrictionsUtils.writeRestrictions(
out, userRestrictions, TAG_USER_RESTRICTIONS);
}
+ if (!TextUtils.isEmpty(shortSupportMessage)) {
+ out.startTag(null, TAG_SHORT_SUPPORT_MESSAGE);
+ out.text(shortSupportMessage);
+ out.endTag(null, TAG_SHORT_SUPPORT_MESSAGE);
+ }
+ if (!TextUtils.isEmpty(longSupportMessage)) {
+ out.startTag(null, TAG_LONG_SUPPORT_MESSAGE);
+ out.text(longSupportMessage);
+ out.endTag(null, TAG_LONG_SUPPORT_MESSAGE);
+ }
}
void writePackageListToXml(XmlSerializer out, String outerTag,
@@ -801,6 +817,20 @@
keepUninstalledPackages = readPackageList(parser, tag);
} else if (TAG_USER_RESTRICTIONS.equals(tag)) {
UserRestrictionsUtils.readRestrictions(parser, ensureUserRestrictions());
+ } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) {
+ type = parser.next();
+ if (type == XmlPullParser.TEXT) {
+ shortSupportMessage = parser.getText();
+ } else {
+ Log.w(LOG_TAG, "Missing text when loading short support message");
+ }
+ } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) {
+ type = parser.next();
+ if (type == XmlPullParser.TEXT) {
+ longSupportMessage = parser.getText();
+ } else {
+ Log.w(LOG_TAG, "Missing text when loading long support message");
+ }
} else {
Slog.w(LOG_TAG, "Unknown admin tag: " + tag);
XmlUtils.skipCurrentTag(parser);
@@ -1599,6 +1629,23 @@
}
}
+ /**
+ * Find the admin for the component and userId bit of the uid, then check
+ * the admin's uid matches the uid.
+ */
+ private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) {
+ final int userId = UserHandle.getUserId(uid);
+ final DevicePolicyData policy = getUserData(userId);
+ ActiveAdmin admin = policy.mAdminMap.get(who);
+ if (admin == null) {
+ throw new SecurityException("No active admin " + who);
+ }
+ if (admin.getUid() != uid) {
+ throw new SecurityException("Admin " + who + " is not owned by uid " + uid);
+ }
+ return admin;
+ }
+
private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy,
int uid) {
// Try to find an admin which can use reqPolicy
@@ -1610,8 +1657,7 @@
throw new SecurityException("No active admin " + who);
}
if (admin.getUid() != uid) {
- throw new SecurityException("Admin " + who + " is not owned by uid "
- + mInjector.binderGetCallingUid());
+ throw new SecurityException("Admin " + who + " is not owned by uid " + uid);
}
if (isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, userId)) {
return admin;
@@ -7104,4 +7150,99 @@
}
}
+ @Override
+ public void setShortSupportMessage(@NonNull ComponentName who, String message) {
+ if (!mHasFeature) {
+ return;
+ }
+ Preconditions.checkNotNull(who, "ComponentName is null");
+ final int userHandle = mInjector.userHandleGetCallingUserId();
+ synchronized (this) {
+ ActiveAdmin admin = getActiveAdminForUidLocked(who,
+ mInjector.binderGetCallingUid());
+ if (!TextUtils.equals(admin.shortSupportMessage, message)) {
+ admin.shortSupportMessage = message;
+ saveSettingsLocked(userHandle);
+ }
+ }
+ }
+
+ @Override
+ public String getShortSupportMessage(@NonNull ComponentName who) {
+ if (!mHasFeature) {
+ return null;
+ }
+ Preconditions.checkNotNull(who, "ComponentName is null");
+ synchronized (this) {
+ ActiveAdmin admin = getActiveAdminForUidLocked(who,
+ mInjector.binderGetCallingUid());
+ return admin.shortSupportMessage;
+ }
+ }
+
+ @Override
+ public void setLongSupportMessage(@NonNull ComponentName who, String message) {
+ if (!mHasFeature) {
+ return;
+ }
+ Preconditions.checkNotNull(who, "ComponentName is null");
+ final int userHandle = mInjector.userHandleGetCallingUserId();
+ synchronized (this) {
+ ActiveAdmin admin = getActiveAdminForUidLocked(who,
+ mInjector.binderGetCallingUid());
+ if (!TextUtils.equals(admin.longSupportMessage, message)) {
+ admin.longSupportMessage = message;
+ saveSettingsLocked(userHandle);
+ }
+ }
+ }
+
+ @Override
+ public String getLongSupportMessage(@NonNull ComponentName who) {
+ if (!mHasFeature) {
+ return null;
+ }
+ Preconditions.checkNotNull(who, "ComponentName is null");
+ synchronized (this) {
+ ActiveAdmin admin = getActiveAdminForUidLocked(who,
+ mInjector.binderGetCallingUid());
+ return admin.longSupportMessage;
+ }
+ }
+
+ @Override
+ public String getShortSupportMessageForUser(@NonNull ComponentName who, int userHandle) {
+ if (!mHasFeature) {
+ return null;
+ }
+ Preconditions.checkNotNull(who, "ComponentName is null");
+ if (!UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID)) {
+ throw new SecurityException("Only the system can query support message for user");
+ }
+ synchronized (this) {
+ ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
+ if (admin != null) {
+ return admin.shortSupportMessage;
+ }
+ }
+ return null;
+ }
+
+ @Override
+ public String getLongSupportMessageForUser(@NonNull ComponentName who, int userHandle) {
+ if (!mHasFeature) {
+ return null;
+ }
+ Preconditions.checkNotNull(who, "ComponentName is null");
+ if (!UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID)) {
+ throw new SecurityException("Only the system can query support message for user");
+ }
+ synchronized (this) {
+ ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
+ if (admin != null) {
+ return admin.longSupportMessage;
+ }
+ }
+ return null;
+ }
}
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 568e1d5..8270eef 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -1385,4 +1385,95 @@
dpm.reboot(admin1);
}
+
+ public void testSetGetSupportText() {
+ mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
+ dpm.setActiveAdmin(admin1, true);
+ dpm.setActiveAdmin(admin2, true);
+ mContext.callerPermissions.remove(permission.MANAGE_DEVICE_ADMINS);
+
+ // Null default support messages.
+ {
+ assertNull(dpm.getLongSupportMessage(admin1));
+ assertNull(dpm.getShortSupportMessage(admin1));
+ mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
+ assertNull(dpm.getShortSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE));
+ assertNull(dpm.getLongSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE));
+ mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
+ }
+
+ // Only system can call the per user versions.
+ {
+ try {
+ dpm.getShortSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE);
+ fail("Only system should be able to call getXXXForUser versions");
+ } catch (SecurityException expected) {
+ MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
+ }
+ try {
+ dpm.getLongSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE);
+ fail("Only system should be able to call getXXXForUser versions");
+ } catch (SecurityException expected) {
+ MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
+ }
+ }
+
+ // Can't set message for admin in another uid.
+ {
+ mContext.binder.callingUid = DpmMockContext.CALLER_UID + 1;
+ try {
+ dpm.setShortSupportMessage(admin1, "Some text");
+ fail("Admins should only be able to change their own support text.");
+ } catch (SecurityException expected) {
+ MoreAsserts.assertContainsRegex("is not owned by uid", expected.getMessage());
+ }
+ mContext.binder.callingUid = DpmMockContext.CALLER_UID;
+ }
+
+ // Set/Get short returns what it sets and other admins text isn't changed.
+ {
+ final String supportText = "Some text to test with.";
+ dpm.setShortSupportMessage(admin1, supportText);
+ assertEquals(supportText, dpm.getShortSupportMessage(admin1));
+ assertNull(dpm.getLongSupportMessage(admin1));
+ assertNull(dpm.getShortSupportMessage(admin2));
+
+ mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
+ assertEquals(supportText, dpm.getShortSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE));
+ assertNull(dpm.getShortSupportMessageForUser(admin2,
+ DpmMockContext.CALLER_USER_HANDLE));
+ assertNull(dpm.getLongSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE));
+ mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
+
+ dpm.setShortSupportMessage(admin1, null);
+ assertNull(dpm.getShortSupportMessage(admin1));
+ }
+
+ // Set/Get long returns what it sets and other admins text isn't changed.
+ {
+ final String supportText = "Some text to test with.\nWith more text.";
+ dpm.setLongSupportMessage(admin1, supportText);
+ assertEquals(supportText, dpm.getLongSupportMessage(admin1));
+ assertNull(dpm.getShortSupportMessage(admin1));
+ assertNull(dpm.getLongSupportMessage(admin2));
+
+ mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
+ assertEquals(supportText, dpm.getLongSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE));
+ assertNull(dpm.getLongSupportMessageForUser(admin2,
+ DpmMockContext.CALLER_USER_HANDLE));
+ assertNull(dpm.getShortSupportMessageForUser(admin1,
+ DpmMockContext.CALLER_USER_HANDLE));
+ mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
+
+ dpm.setLongSupportMessage(admin1, null);
+ assertNull(dpm.getLongSupportMessage(admin1));
+ }
+ }
}