Add ability to unmount storage volumes am: 307e48bfcb am: f6c6b593bd
am: 1f11275bf3
Change-Id: I6b4d307849baf982d8226e14d5eebb4e87a284cb
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index dc4ce93..56f8e78 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -215,6 +215,11 @@
</intent-filter>
<intent-filter android:priority="100">
+ <action android:name="android.settings.SECURITY_SETTINGS" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+
+ <intent-filter android:priority="100">
<action android:name="android.settings.LOCALE_SETTINGS" />
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
@@ -335,6 +340,17 @@
android:windowSoftInputMode="adjustResize">
</activity>
+ <activity android:name=".security.CredentialStorageActivity"
+ android:theme="@style/ActionDialogTheme"
+ android:launchMode="singleTop"
+ android:configChanges="orientation|keyboardHidden|screenSize">
+ <intent-filter android:priority="1">
+ <action android:name="com.android.credentials.INSTALL" />
+ <action android:name="com.android.credentials.RESET" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
+
<activity android:name=".system.ThirdPartyLicensesActivity"
android:label="@string/settings_license_activity_title"
android:configChanges="orientation|keyboardHidden|screenSize"
diff --git a/res/values-es/strings.xml b/res/values-es/strings.xml
index 2b00c82..ec1536c 100644
--- a/res/values-es/strings.xml
+++ b/res/values-es/strings.xml
@@ -21,7 +21,7 @@
<string name="more_settings_label" msgid="3867559443480110616">"Más"</string>
<string name="display_settings" msgid="5325515247739279185">"Pantalla"</string>
<string name="brightness" msgid="2919605130898772866">"Nivel de brillo"</string>
- <string name="auto_brightness_title" msgid="9124647862844666581">"Brillo automático"</string>
+ <string name="auto_brightness_title" msgid="9124647862844666581">"Brillo adaptativo"</string>
<string name="auto_brightness_summary" msgid="4741887033140384352">"Optimizar el nivel de brillo según la luz disponible"</string>
<string name="condition_night_display_title" msgid="3777509730126972675">"Luz nocturna activada"</string>
<string name="keywords_display" msgid="3978416985146943922">"pantalla, pantalla táctil"</string>
diff --git a/res/values-zh-rTW/strings.xml b/res/values-zh-rTW/strings.xml
index fe6e4e7..2f53fd8 100644
--- a/res/values-zh-rTW/strings.xml
+++ b/res/values-zh-rTW/strings.xml
@@ -298,8 +298,8 @@
<string name="assist_app_settings" msgid="9085261410166776497">"小幫手應用程式"</string>
<string name="assist_access_context_title" msgid="8034851731390785301">"使用畫面中的文字"</string>
<string name="assist_access_context_summary" msgid="2374281280599443774">"允許小幫手應用程式使用畫面中的文字內容"</string>
- <string name="assist_access_screenshot_title" msgid="2855956879971465044">"使用螢幕擷取畫面"</string>
- <string name="assist_access_screenshot_summary" msgid="6246496926635145782">"允許小幫手應用程式使用螢幕擷取畫面"</string>
+ <string name="assist_access_screenshot_title" msgid="2855956879971465044">"使用螢幕截圖"</string>
+ <string name="assist_access_screenshot_summary" msgid="6246496926635145782">"允許小幫手應用程式使用螢幕截圖"</string>
<string name="voice_input_settings_title" msgid="3238707827815647526">"語音輸入"</string>
<string name="autofill_settings_title" msgid="1188754272680049972">"自動填入服務"</string>
<string name="app_list_preference_none" msgid="7753357799926715901">"無"</string>
diff --git a/res/values/preference_keys.xml b/res/values/preference_keys.xml
index 5dcf88c..38ec696 100644
--- a/res/values/preference_keys.xml
+++ b/res/values/preference_keys.xml
@@ -308,6 +308,7 @@
<string name="pk_companion_app_download" translatable="false">companion_app_download</string>
<string name="pk_trusted_device_safety_alert" translatable="false">trusted_device_safety_alert
</string>
+ <string name="pk_credentials_reset" translatable="false">credentials_reset</string>
<!-- System Settings -->
<string name="pk_languages_and_input_settings" translatable="false">
diff --git a/res/values/strings.xml b/res/values/strings.xml
index fd926b2..9be3f49 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -1369,6 +1369,18 @@
<!-- Toast shown when phone is disconnected [CHAR LIMIT=50]-->
<string name="trusted_device_disconnected_toast">Device disconnected.</string>
+ <!-- security credentials --><skip/>
+ <!-- Title of preference to reset credential storage. [CHAR LIMIT=40] -->
+ <string name="credentials_reset">Clear credentials</string>
+ <!-- Summary of preference to reset credential storage. [CHAR LIMIT=NONE] -->
+ <string name="credentials_reset_summary">Remove all certificates</string>
+ <!-- Description of dialog to reset credential storage [CHAR LIMIT=NONE] -->
+ <string name="credentials_reset_hint">Remove all the contents?</string>
+ <!-- Toast message after credential storage is erased. [CHAR LIMIT=60] -->
+ <string name="credentials_erased">Credential storage is erased.</string>
+ <!-- Toast message when credential storage could not be erased. [CHAR LIMIT=60] -->
+ <string name="credentials_not_erased">Credential storage couldn\u2019t be erased.</string>
+
<!-- generic --><skip/>
<!-- Button label for generic forget action [CHAR LIMIT=20] -->
<string name="forget">Forget</string>
diff --git a/res/values/themes.xml b/res/values/themes.xml
index d2dc80e..87482a9 100644
--- a/res/values/themes.xml
+++ b/res/values/themes.xml
@@ -71,6 +71,7 @@
<item name="android:colorBackgroundCacheHint">@null</item>
<item name="android:windowIsTranslucent">true</item>
<item name="android:windowAnimationStyle">@android:style/Animation</item>
+ <item name="android:windowIsFloating">true</item>
</style>
<!-- Themes for Setup Wizard -->
diff --git a/res/xml/security_settings_fragment.xml b/res/xml/security_settings_fragment.xml
index b71d532..a096a93 100644
--- a/res/xml/security_settings_fragment.xml
+++ b/res/xml/security_settings_fragment.xml
@@ -34,4 +34,13 @@
android:key="@string/pk_trusted_device"
android:title="@string/trusted_device"
settings:controller="com.android.car.settings.security.TrustedDeviceEntryPreferenceController"/>
-</PreferenceScreen>
\ No newline at end of file
+ <Preference
+ android:key="@string/pk_credentials_reset"
+ android:summary="@string/credentials_reset_summary"
+ android:title="@string/credentials_reset"
+ settings:controller="com.android.car.settings.security.CredentialsResetPreferenceController">
+ <intent
+ android:action="com.android.credentials.RESET"
+ android:targetPackage="com.android.car.settings"/>
+ </Preference>
+</PreferenceScreen>
diff --git a/src/com/android/car/settings/common/FragmentResolver.java b/src/com/android/car/settings/common/FragmentResolver.java
index dc8656c..1197486 100644
--- a/src/com/android/car/settings/common/FragmentResolver.java
+++ b/src/com/android/car/settings/common/FragmentResolver.java
@@ -45,6 +45,7 @@
import com.android.car.settings.network.MobileNetworkFragment;
import com.android.car.settings.network.NetworkAndInternetFragment;
import com.android.car.settings.quicksettings.QuickSettingFragment;
+import com.android.car.settings.security.SecuritySettingsFragment;
import com.android.car.settings.sound.SoundSettingsFragment;
import com.android.car.settings.storage.StorageSettingsFragment;
import com.android.car.settings.system.AboutSettingsFragment;
@@ -163,6 +164,9 @@
case Settings.ACTION_INTERNAL_STORAGE_SETTINGS:
return new StorageSettingsFragment();
+ case Settings.ACTION_SECURITY_SETTINGS:
+ return new SecuritySettingsFragment();
+
case Settings.ACTION_LOCALE_SETTINGS:
return new LanguagePickerFragment();
diff --git a/src/com/android/car/settings/security/CredentialStorageActivity.java b/src/com/android/car/settings/security/CredentialStorageActivity.java
new file mode 100644
index 0000000..e9d49d7
--- /dev/null
+++ b/src/com/android/car/settings/security/CredentialStorageActivity.java
@@ -0,0 +1,350 @@
+/*
+ * Copyright 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.car.settings.security;
+
+import android.app.Activity;
+import android.car.userlib.CarUserManagerHelper;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.content.pm.UserInfo;
+import android.os.AsyncTask;
+import android.os.Bundle;
+import android.os.Process;
+import android.os.RemoteException;
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.security.Credentials;
+import android.security.KeyChain;
+import android.security.KeyStore;
+import android.text.TextUtils;
+import android.widget.Toast;
+
+import androidx.annotation.Nullable;
+import androidx.fragment.app.FragmentActivity;
+
+import com.android.car.settings.R;
+import com.android.car.settings.common.ConfirmationDialogFragment;
+import com.android.car.settings.common.Logger;
+import com.android.internal.widget.LockPatternUtils;
+
+import java.lang.ref.WeakReference;
+
+/**
+ * Handles resetting and installing keys into {@link KeyStore}. Only Settings and the CertInstaller
+ * application are permitted to perform the install action.
+ */
+public class CredentialStorageActivity extends FragmentActivity {
+
+ private static final Logger LOG = new Logger(CredentialStorageActivity.class);
+
+ private static final String ACTION_INSTALL = "com.android.credentials.INSTALL";
+ private static final String ACTION_RESET = "com.android.credentials.RESET";
+
+ private static final String DIALOG_TAG = "com.android.car.settings.security.RESET_CREDENTIALS";
+ private static final String CERT_INSTALLER_PKG = "com.android.certinstaller";
+
+ private static final int CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST = 1;
+
+ private final KeyStore mKeyStore = KeyStore.getInstance();
+
+ private CarUserManagerHelper mCarUserManagerHelper;
+ private LockPatternUtils mUtils;
+
+ @Override
+ protected void onCreate(@Nullable Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ mCarUserManagerHelper = new CarUserManagerHelper(this);
+ mUtils = new LockPatternUtils(this);
+ }
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+
+ if (isFinishing()) {
+ return;
+ }
+
+ if (mCarUserManagerHelper.isCurrentProcessUserHasRestriction(
+ UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
+ finish();
+ return;
+ }
+
+ Intent intent = getIntent();
+ String action = intent.getAction();
+ if (ACTION_RESET.equals(action)) {
+ showResetConfirmationDialog();
+ } else if (ACTION_INSTALL.equals(action) && checkCallerIsCertInstallerOrSelfInProfile()) {
+ Bundle installBundle = intent.getExtras();
+ boolean allTasksComplete = installIfAvailable(installBundle);
+ if (allTasksComplete) {
+ finish();
+ }
+ }
+ }
+
+ private void showResetConfirmationDialog() {
+ ConfirmationDialogFragment dialog = new ConfirmationDialogFragment.Builder(this)
+ .setTitle(R.string.credentials_reset)
+ .setMessage(R.string.credentials_reset_hint)
+ .setPositiveButton(android.R.string.ok, arguments -> onResetConfirmed())
+ .setNegativeButton(android.R.string.cancel, arguments -> finish())
+ .build();
+ dialog.show(getSupportFragmentManager(), DIALOG_TAG);
+ }
+
+ private void onResetConfirmed() {
+ if (!mUtils.isSecure(mCarUserManagerHelper.getCurrentProcessUserId())) {
+ new ResetKeyStoreAndKeyChain(this).execute();
+ } else {
+ startActivityForResult(new Intent(this, CheckLockActivity.class),
+ CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST);
+ }
+ }
+
+ @Override
+ public void onActivityResult(int requestCode, int resultCode, Intent data) {
+ super.onActivityResult(requestCode, resultCode, data);
+ if (requestCode == CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST) {
+ if (resultCode == Activity.RESULT_OK) {
+ new ResetKeyStoreAndKeyChain(this).execute();
+ } else {
+ finish();
+ }
+ }
+ }
+
+ /**
+ * Check that the caller is either CertInstaller or Settings running in a profile of this user.
+ */
+ private boolean checkCallerIsCertInstallerOrSelfInProfile() {
+ if (TextUtils.equals(CERT_INSTALLER_PKG, getCallingPackage())) {
+ // CertInstaller is allowed to install credentials if it has the same signature as
+ // Settings package.
+ return getPackageManager().checkSignatures(getCallingPackage(), getPackageName())
+ == PackageManager.SIGNATURE_MATCH;
+ }
+
+ int launchedFromUserId;
+ try {
+ int launchedFromUid = android.app.ActivityManager.getService().getLaunchedFromUid(
+ getActivityToken());
+ if (launchedFromUid == -1) {
+ LOG.e(ACTION_INSTALL + " must be started with startActivityForResult");
+ return false;
+ }
+ if (!UserHandle.isSameApp(launchedFromUid, Process.myUid())) {
+ return false;
+ }
+ launchedFromUserId = UserHandle.getUserId(launchedFromUid);
+ } catch (RemoteException e) {
+ LOG.w("Unable to verify calling identity. ActivityManager is down.", e);
+ return false;
+ }
+
+ UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
+ UserInfo parentInfo = userManager.getProfileParent(launchedFromUserId);
+ // Caller is running in a profile of this user
+ return ((parentInfo != null) && (parentInfo.id
+ == mCarUserManagerHelper.getCurrentProcessUserId()));
+ }
+
+ /**
+ * Install credentials if available, otherwise do nothing.
+ *
+ * @return {@code true} if the installation is done and the activity should be finished, {@code
+ * false} if an asynchronous task is pending and will finish the activity when it's done.
+ */
+ private boolean installIfAvailable(Bundle installBundle) {
+ if (installBundle == null || installBundle.isEmpty()) {
+ return true;
+ }
+
+ int uid = installBundle.getInt(Credentials.EXTRA_INSTALL_AS_UID, KeyStore.UID_SELF);
+
+ if (uid != KeyStore.UID_SELF && !UserHandle.isSameUser(uid, Process.myUid())) {
+ int dstUserId = UserHandle.getUserId(uid);
+
+ // Restrict install target to the wifi uid.
+ if (uid != Process.WIFI_UID) {
+ LOG.e("Failed to install credentials as uid " + uid
+ + ": cross-user installs may only target wifi uids");
+ return true;
+ }
+
+ Intent installIntent = new Intent(ACTION_INSTALL)
+ .setFlags(Intent.FLAG_ACTIVITY_FORWARD_RESULT)
+ .putExtras(installBundle);
+ startActivityAsUser(installIntent, new UserHandle(dstUserId));
+ return true;
+ }
+
+ boolean shouldFinish = true;
+ if (installBundle.containsKey(Credentials.EXTRA_USER_PRIVATE_KEY_NAME)) {
+ String key = installBundle.getString(Credentials.EXTRA_USER_PRIVATE_KEY_NAME);
+ byte[] value = installBundle.getByteArray(Credentials.EXTRA_USER_PRIVATE_KEY_DATA);
+
+ if (!mKeyStore.importKey(key, value, uid, KeyStore.FLAG_NONE)) {
+ LOG.e("Failed to install " + key + " as uid " + uid);
+ return true;
+ }
+ // The key was prepended USER_PRIVATE_KEY by the CredentialHelper. However,
+ // KeyChain internally uses the raw alias name and only prepends USER_PRIVATE_KEY
+ // to the key name when interfacing with KeyStore.
+ // This is generally a symptom of CredentialStorage and CredentialHelper relying
+ // on internal implementation details of KeyChain and imitating its functionality
+ // rather than delegating to KeyChain for the certificate installation.
+ if (uid == Process.SYSTEM_UID || uid == KeyStore.UID_SELF) {
+ new MarkKeyAsUserSelectable(this,
+ key.replaceFirst("^" + Credentials.USER_PRIVATE_KEY, "")).execute();
+ shouldFinish = false;
+ }
+ }
+
+ int flags = KeyStore.FLAG_NONE;
+
+ if (installBundle.containsKey(Credentials.EXTRA_USER_CERTIFICATE_NAME)) {
+ String certName = installBundle.getString(Credentials.EXTRA_USER_CERTIFICATE_NAME);
+ byte[] certData = installBundle.getByteArray(Credentials.EXTRA_USER_CERTIFICATE_DATA);
+
+ if (!mKeyStore.put(certName, certData, uid, flags)) {
+ LOG.e("Failed to install " + certName + " as uid " + uid);
+ return shouldFinish;
+ }
+ }
+
+ if (installBundle.containsKey(Credentials.EXTRA_CA_CERTIFICATES_NAME)) {
+ String caListName = installBundle.getString(Credentials.EXTRA_CA_CERTIFICATES_NAME);
+ byte[] caListData = installBundle.getByteArray(Credentials.EXTRA_CA_CERTIFICATES_DATA);
+
+ if (!mKeyStore.put(caListName, caListData, uid, flags)) {
+ LOG.e("Failed to install " + caListName + " as uid " + uid);
+ return shouldFinish;
+ }
+ }
+
+ sendBroadcast(new Intent(KeyChain.ACTION_KEYCHAIN_CHANGED));
+ setResult(RESULT_OK);
+ return shouldFinish;
+ }
+
+ /**
+ * Background task to handle reset of both {@link KeyStore} and user installed CAs.
+ */
+ private static class ResetKeyStoreAndKeyChain extends AsyncTask<Void, Void, Boolean> {
+
+ private final WeakReference<CredentialStorageActivity> mCredentialStorage;
+
+ ResetKeyStoreAndKeyChain(CredentialStorageActivity credentialStorage) {
+ mCredentialStorage = new WeakReference<>(credentialStorage);
+ }
+
+ @Override
+ protected Boolean doInBackground(Void... unused) {
+ CredentialStorageActivity credentialStorage = mCredentialStorage.get();
+ if (credentialStorage == null || credentialStorage.isFinishing()
+ || credentialStorage.isDestroyed()) {
+ return false;
+ }
+
+ credentialStorage.mUtils.resetKeyStore(
+ credentialStorage.mCarUserManagerHelper.getCurrentProcessUserId());
+
+ try {
+ KeyChain.KeyChainConnection keyChainConnection = KeyChain.bind(credentialStorage);
+ try {
+ return keyChainConnection.getService().reset();
+ } catch (RemoteException e) {
+ LOG.w("Failed to reset KeyChain", e);
+ return false;
+ } finally {
+ keyChainConnection.close();
+ }
+ } catch (InterruptedException e) {
+ LOG.w("Failed to reset KeyChain", e);
+ Thread.currentThread().interrupt();
+ return false;
+ }
+ }
+
+ @Override
+ protected void onPostExecute(Boolean success) {
+ CredentialStorageActivity credentialStorage = mCredentialStorage.get();
+ if (credentialStorage == null || credentialStorage.isFinishing()
+ || credentialStorage.isDestroyed()) {
+ return;
+ }
+ if (success) {
+ Toast.makeText(credentialStorage, R.string.credentials_erased,
+ Toast.LENGTH_SHORT).show();
+ } else {
+ Toast.makeText(credentialStorage, R.string.credentials_not_erased,
+ Toast.LENGTH_SHORT).show();
+ }
+ credentialStorage.finish();
+ }
+ }
+
+ /**
+ * Background task to mark a given key alias as user-selectable so that it can be selected by
+ * users from the Certificate Selection prompt.
+ */
+ private static class MarkKeyAsUserSelectable extends AsyncTask<Void, Void, Boolean> {
+
+ private final WeakReference<CredentialStorageActivity> mCredentialStorage;
+ private final String mAlias;
+
+ MarkKeyAsUserSelectable(CredentialStorageActivity credentialStorage, String alias) {
+ mCredentialStorage = new WeakReference<>(credentialStorage);
+ mAlias = alias;
+ }
+
+ @Override
+ protected Boolean doInBackground(Void... unused) {
+ CredentialStorageActivity credentialStorage = mCredentialStorage.get();
+ if (credentialStorage == null || credentialStorage.isFinishing()
+ || credentialStorage.isDestroyed()) {
+ return false;
+ }
+ try (KeyChain.KeyChainConnection keyChainConnection = KeyChain.bind(
+ credentialStorage)) {
+ keyChainConnection.getService().setUserSelectable(mAlias, true);
+ return true;
+ } catch (RemoteException e) {
+ LOG.w("Failed to mark key " + mAlias + " as user-selectable.", e);
+ return false;
+ } catch (InterruptedException e) {
+ LOG.w("Failed to mark key " + mAlias + " as user-selectable.", e);
+ Thread.currentThread().interrupt();
+ return false;
+ }
+ }
+
+ @Override
+ protected void onPostExecute(Boolean result) {
+ LOG.i(String.format("Marked alias %s as selectable, success? %s", mAlias, result));
+ CredentialStorageActivity credentialStorage = mCredentialStorage.get();
+ if (credentialStorage == null || credentialStorage.isFinishing()
+ || credentialStorage.isDestroyed()) {
+ return;
+ }
+ credentialStorage.finish();
+ }
+ }
+}
diff --git a/src/com/android/car/settings/security/CredentialsResetPreferenceController.java b/src/com/android/car/settings/security/CredentialsResetPreferenceController.java
new file mode 100644
index 0000000..b3460f3
--- /dev/null
+++ b/src/com/android/car/settings/security/CredentialsResetPreferenceController.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.car.settings.security;
+
+import static android.os.UserManager.DISALLOW_CONFIG_CREDENTIALS;
+
+import android.car.drivingstate.CarUxRestrictions;
+import android.car.userlib.CarUserManagerHelper;
+import android.content.Context;
+
+import androidx.preference.Preference;
+
+import com.android.car.settings.common.FragmentController;
+import com.android.car.settings.common.PreferenceController;
+
+/** Controls whether the option to reset credentials is shown to the user. */
+public class CredentialsResetPreferenceController extends PreferenceController<Preference> {
+
+ private final CarUserManagerHelper mCarUserManagerHelper;
+
+ public CredentialsResetPreferenceController(Context context, String preferenceKey,
+ FragmentController fragmentController, CarUxRestrictions uxRestrictions) {
+ super(context, preferenceKey, fragmentController, uxRestrictions);
+ mCarUserManagerHelper = new CarUserManagerHelper(context);
+ }
+
+ @Override
+ protected Class<Preference> getPreferenceType() {
+ return Preference.class;
+ }
+
+ @Override
+ public int getAvailabilityStatus() {
+ return mCarUserManagerHelper.isCurrentProcessUserHasRestriction(DISALLOW_CONFIG_CREDENTIALS)
+ ? DISABLED_FOR_USER : AVAILABLE;
+ }
+}
diff --git a/tests/robotests/src/com/android/car/settings/security/CredentialsResetPreferenceControllerTest.java b/tests/robotests/src/com/android/car/settings/security/CredentialsResetPreferenceControllerTest.java
new file mode 100644
index 0000000..e263973
--- /dev/null
+++ b/tests/robotests/src/com/android/car/settings/security/CredentialsResetPreferenceControllerTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.car.settings.security;
+
+import static com.android.car.settings.common.PreferenceController.AVAILABLE;
+import static com.android.car.settings.common.PreferenceController.DISABLED_FOR_USER;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import static org.mockito.Mockito.when;
+
+import android.car.userlib.CarUserManagerHelper;
+import android.content.Context;
+import android.os.UserManager;
+
+import androidx.preference.Preference;
+
+import com.android.car.settings.common.PreferenceControllerTestHelper;
+import com.android.car.settings.testutils.ShadowCarUserManagerHelper;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.RuntimeEnvironment;
+import org.robolectric.annotation.Config;
+
+/** Unit test for {@link CredentialsResetPreferenceController}. */
+@RunWith(RobolectricTestRunner.class)
+@Config(shadows = {ShadowCarUserManagerHelper.class})
+public class CredentialsResetPreferenceControllerTest {
+
+ @Mock
+ private CarUserManagerHelper mCarUserManagerHelper;
+
+ private PreferenceControllerTestHelper<CredentialsResetPreferenceController> mControllerHelper;
+
+ @Before
+ public void setUp() {
+ MockitoAnnotations.initMocks(this);
+ ShadowCarUserManagerHelper.setMockInstance(mCarUserManagerHelper);
+
+ Context context = RuntimeEnvironment.application;
+ mControllerHelper = new PreferenceControllerTestHelper<>(context,
+ CredentialsResetPreferenceController.class, new Preference(context));
+ }
+
+ @After
+ public void tearDown() {
+ ShadowCarUserManagerHelper.reset();
+ }
+
+ @Test
+ public void getAvailabilityStatus_noRestrictions_returnsAvailable() {
+ when(mCarUserManagerHelper.isCurrentProcessUserHasRestriction(
+ UserManager.DISALLOW_CONFIG_CREDENTIALS)).thenReturn(false);
+
+ assertThat(mControllerHelper.getController().getAvailabilityStatus()).isEqualTo(AVAILABLE);
+ }
+
+ @Test
+ public void getAvailabilityStatus_userRestricted_returnsDisabledForUser() {
+ when(mCarUserManagerHelper.isCurrentProcessUserHasRestriction(
+ UserManager.DISALLOW_CONFIG_CREDENTIALS)).thenReturn(true);
+
+ assertThat(mControllerHelper.getController().getAvailabilityStatus()).isEqualTo(
+ DISABLED_FOR_USER);
+ }
+}