Fix 'Modifying dpm.setSecureSetting call for install_non_market_apps'
The previous change was reverted as it broke work profile provisioning.
Clearing binder calling identity before calling into settings provider
should fix the issue.
Test: runtest managed-provisioning
Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Test: Manually tested that work profile is inflated with expected values
of install_non_market_apps
Bug: 33947615
Bug: 35590590
Change-Id: I3c31a73fef0c25c0e682e18f637272adad39b28d
diff --git a/packages/SettingsProvider/res/values/defaults.xml b/packages/SettingsProvider/res/values/defaults.xml
index 136f17e..7206127 100644
--- a/packages/SettingsProvider/res/values/defaults.xml
+++ b/packages/SettingsProvider/res/values/defaults.xml
@@ -38,7 +38,7 @@
<bool name="def_bluetooth_on">true</bool>
<bool name="def_wifi_display_on">false</bool>
- <bool name="def_install_non_market_apps">true</bool>
+ <bool name="def_install_non_market_apps">false</bool>
<bool name="def_package_verifier_enable">true</bool>
<!-- Comma-separated list of location providers.
Network location is off by default because it requires
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 85c153c..9cf060c 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -3174,9 +3174,17 @@
// setting through the UI.
final SettingsState secureSetting = getSecureSettingsLocked(userId);
if (!mUserManager.hasUserRestriction(
- UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, UserHandle.of(userId))) {
+ UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, UserHandle.of(userId))
+ && secureSetting.getSettingLocked(
+ Settings.Secure.INSTALL_NON_MARKET_APPS).getValue().equals("0")) {
+
secureSetting.insertSettingLocked(Settings.Secure.INSTALL_NON_MARKET_APPS,
"1", null, true, SettingsState.SYSTEM_PACKAGE_NAME);
+ // For managed profiles with profile owners, DevicePolicyManagerService
+ // may want to set the user restriction in this case
+ secureSetting.insertSettingLocked(
+ Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, "1", null, true,
+ SettingsState.SYSTEM_PACKAGE_NAME);
}
currentVersion = 138;
}
diff --git a/packages/SettingsProvider/test/src/com/android/providers/settings/InstallNonMarketAppsDeprecationTest.java b/packages/SettingsProvider/test/src/com/android/providers/settings/InstallNonMarketAppsDeprecationTest.java
index 51e4373..d8ee9b6 100644
--- a/packages/SettingsProvider/test/src/com/android/providers/settings/InstallNonMarketAppsDeprecationTest.java
+++ b/packages/SettingsProvider/test/src/com/android/providers/settings/InstallNonMarketAppsDeprecationTest.java
@@ -22,6 +22,7 @@
import android.content.Context;
import android.content.pm.UserInfo;
+import android.os.Process;
import android.os.SystemClock;
import android.os.UserManager;
import android.provider.Settings;
@@ -37,6 +38,7 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
+import java.util.ArrayList;
import java.util.List;
@LargeTest
@@ -47,7 +49,8 @@
private UserManager mUm;
private boolean mHasUserRestriction;
- private List<UserInfo> mCurrentUsers;
+ private boolean mSystemSetUserRestriction;
+ private List<Integer> mUsersAddedByTest;
private String waitTillValueChanges(String errorMessage, String oldValue) {
boolean interrupted = false;
@@ -84,7 +87,10 @@
public void setUp() {
mUm = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
mHasUserRestriction = mUm.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
- mCurrentUsers = mUm.getUsers();
+ mSystemSetUserRestriction = mUm.getUserRestrictionSource(
+ UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, Process.myUserHandle())
+ == UserManager.RESTRICTION_SOURCE_SYSTEM;
+ mUsersAddedByTest = new ArrayList<>();
}
@Test
@@ -108,6 +114,7 @@
@Test
public void testValueForNewUser() throws Exception {
UserInfo newUser = mUm.createUser("TEST_USER", 0);
+ mUsersAddedByTest.add(newUser.id);
String value = getSecureSettingForUserViaShell(newUser.id);
assertEquals("install_non_market_apps should be 1 for a new user", value, "1");
}
@@ -117,6 +124,13 @@
String value = getSetting(SETTING_TYPE_SECURE, Settings.Secure.INSTALL_NON_MARKET_APPS);
assertEquals(value, mHasUserRestriction ? "0" : "1");
+ if (mHasUserRestriction && !mSystemSetUserRestriction) {
+ // User restriction set by device policy. This case should be covered in DO/PO related
+ // tests. Pass.
+ Log.w(TAG, "User restriction set by PO/DO. Skipping testValueRespectsUserRestriction");
+ return;
+ }
+
mUm.setUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, !mHasUserRestriction);
value = waitTillValueChanges(
"Changing user restriction did not change the value of install_non_market_apps",
@@ -132,15 +146,13 @@
@After
public void tearDown() {
- if (mUm.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)
- != mHasUserRestriction) {
+ if (!mHasUserRestriction || mSystemSetUserRestriction) {
+ // The test may have modified the user restriction state. Restore it.
mUm.setUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
mHasUserRestriction);
}
- mUm.getUsers().forEach(user -> {
- if (!mCurrentUsers.contains(user)) {
- mUm.removeUser(user.id);
- }
- });
+ for (int userId : mUsersAddedByTest) {
+ mUm.removeUser(userId);
+ }
}
}