Merge branch 'dev/11/fp3/security-aosp-rvc-release' into int/11/fp3
* dev/11/fp3/security-aosp-rvc-release:
Only primary user is allowed to control secure nfc
Add DISALLOW_APPS_CONTROL check into uninstall app for all users
FRP bypass defense in the settings app
Change-Id: I001f65079f2bf4e4ca0da8627c521132573f8843
diff --git a/src/com/android/settings/SettingsPreferenceFragment.java b/src/com/android/settings/SettingsPreferenceFragment.java
index 659ada4..92df759 100644
--- a/src/com/android/settings/SettingsPreferenceFragment.java
+++ b/src/com/android/settings/SettingsPreferenceFragment.java
@@ -55,6 +55,8 @@
import com.android.settingslib.search.Indexable;
import com.android.settingslib.widget.LayoutPreference;
+import com.google.android.setupcompat.util.WizardManagerHelper;
+
import java.util.UUID;
/**
@@ -63,7 +65,7 @@
public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceFragment
implements DialogCreatable, HelpResourceProvider, Indexable {
- private static final String TAG = "SettingsPreference";
+ private static final String TAG = "SettingsPreferenceFragment";
private static final String SAVE_HIGHLIGHTED_KEY = "android:preference_highlighted";
@@ -124,6 +126,15 @@
public boolean mPreferenceHighlighted = false;
@Override
+ public void onAttach(Context context) {
+ if (shouldSkipForInitialSUW() && !WizardManagerHelper.isDeviceProvisioned(getContext())) {
+ Log.w(TAG, "Skip " + getClass().getSimpleName() + " before SUW completed.");
+ finish();
+ }
+ super.onAttach(context);
+ }
+
+ @Override
public void onCreate(Bundle icicle) {
super.onCreate(icicle);
SearchMenuController.init(this /* host */);
@@ -270,6 +281,16 @@
|| (mAdapter.getPreferenceAdapterPosition(preference) != RecyclerView.NO_POSITION));
}
+ /**
+ * Whether UI should be skipped in the initial SUW flow.
+ *
+ * @return {@code true} when UI should be skipped in the initial SUW flow.
+ * {@code false} when UI should not be skipped in the initial SUW flow.
+ */
+ protected boolean shouldSkipForInitialSUW() {
+ return false;
+ }
+
protected void onDataSetChanged() {
highlightPreferenceIfNeeded();
updateEmptyView();
diff --git a/src/com/android/settings/accounts/AccountDashboardFragment.java b/src/com/android/settings/accounts/AccountDashboardFragment.java
index 7b50b46..c66b6c7 100644
--- a/src/com/android/settings/accounts/AccountDashboardFragment.java
+++ b/src/com/android/settings/accounts/AccountDashboardFragment.java
@@ -72,6 +72,11 @@
return buildPreferenceControllers(context, this /* parent */, authorities);
}
+ @Override
+ protected boolean shouldSkipForInitialSUW() {
+ return true;
+ }
+
private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
SettingsPreferenceFragment parent, String[] authorities) {
final List<AbstractPreferenceController> controllers = new ArrayList<>();
diff --git a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
old mode 100755
new mode 100644
index 7aad245..784908f
--- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
+++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
@@ -373,7 +373,13 @@
return;
}
super.onPrepareOptionsMenu(menu);
- menu.findItem(UNINSTALL_ALL_USERS_MENU).setVisible(shouldShowUninstallForAll(mAppEntry));
+ final MenuItem uninstallAllUsersItem = menu.findItem(UNINSTALL_ALL_USERS_MENU);
+ uninstallAllUsersItem.setVisible(
+ shouldShowUninstallForAll(mAppEntry) && !mAppsControlDisallowedBySystem);
+ if (uninstallAllUsersItem.isVisible()) {
+ RestrictedLockUtilsInternal.setMenuItemAsDisabledByAdmin(getActivity(),
+ uninstallAllUsersItem, mAppsControlDisallowedAdmin);
+ }
mUpdatedSysApp = (mAppEntry.info.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
final MenuItem uninstallUpdatesItem = menu.findItem(UNINSTALL_UPDATES);
final boolean uninstallUpdateDisabled = getContext().getResources().getBoolean(
@@ -491,6 +497,11 @@
return true;
}
+ @Override
+ protected boolean shouldSkipForInitialSUW() {
+ return true;
+ }
+
private void uninstallPkg(String packageName, boolean allUsers, boolean andDisable) {
stopListeningToPackageRemove();
// Create new intent to launch Uninstaller activity
diff --git a/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java b/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java
index 7fd1b02..b82968e 100644
--- a/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java
+++ b/src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java
@@ -242,6 +242,11 @@
}
@Override
+ protected boolean shouldSkipForInitialSUW() {
+ return true;
+ }
+
+ @Override
public View onCreateView(LayoutInflater inflater, ViewGroup container,
Bundle savedInstanceState) {
registerReceivers();
diff --git a/src/com/android/settings/nfc/SecureNfcEnabler.java b/src/com/android/settings/nfc/SecureNfcEnabler.java
index f31a382..ad5c4ab 100644
--- a/src/com/android/settings/nfc/SecureNfcEnabler.java
+++ b/src/com/android/settings/nfc/SecureNfcEnabler.java
@@ -61,7 +61,7 @@
}
private boolean isToggleable() {
- if (mUserManager.isGuestUser()) {
+ if (!mUserManager.isPrimaryUser()) {
return false;
}
return true;
diff --git a/src/com/android/settings/nfc/SecureNfcPreferenceController.java b/src/com/android/settings/nfc/SecureNfcPreferenceController.java
index 575bab1..c13d74a 100644
--- a/src/com/android/settings/nfc/SecureNfcPreferenceController.java
+++ b/src/com/android/settings/nfc/SecureNfcPreferenceController.java
@@ -103,7 +103,7 @@
}
private boolean isToggleable() {
- if (mUserManager.isGuestUser()) {
+ if (!mUserManager.isPrimaryUser()) {
return false;
}
return true;
diff --git a/src/com/android/settings/system/ResetDashboardFragment.java b/src/com/android/settings/system/ResetDashboardFragment.java
index 024db14..8c376c6 100644
--- a/src/com/android/settings/system/ResetDashboardFragment.java
+++ b/src/com/android/settings/system/ResetDashboardFragment.java
@@ -57,6 +57,11 @@
return buildPreferenceControllers(context, getSettingsLifecycle());
}
+ @Override
+ protected boolean shouldSkipForInitialSUW() {
+ return true;
+ }
+
private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
Lifecycle lifecycle) {
final List<AbstractPreferenceController> controllers = new ArrayList<>();
diff --git a/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java b/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java
index cb53f69..6489311 100644
--- a/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java
+++ b/tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java
@@ -23,11 +23,13 @@
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import android.content.Context;
import android.os.Bundle;
+import android.provider.Settings;
import android.view.View;
import android.widget.FrameLayout;
@@ -41,6 +43,7 @@
import com.android.settings.testutils.shadow.ShadowFragment;
import com.android.settings.widget.WorkOnlyCategory;
+import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -64,7 +67,9 @@
private PreferenceScreen mPreferenceScreen;
private Context mContext;
private TestFragment mFragment;
+ private TestFragment2 mFragment2;
private View mEmptyView;
+ private int mInitDeviceProvisionedValue;
@Before
public void setUp() {
@@ -72,13 +77,24 @@
FakeFeatureFactory.setupForTest();
mContext = RuntimeEnvironment.application;
mFragment = spy(new TestFragment());
+ mFragment2 = spy(new TestFragment2());
doReturn(mActivity).when(mFragment).getActivity();
when(mFragment.getContext()).thenReturn(mContext);
+ when(mFragment2.getContext()).thenReturn(mContext);
mEmptyView = new View(mContext);
ReflectionHelpers.setField(mFragment, "mEmptyView", mEmptyView);
doReturn(ITEM_COUNT).when(mPreferenceScreen).getPreferenceCount();
+
+ mInitDeviceProvisionedValue = Settings.Global.getInt(mContext.getContentResolver(),
+ Settings.Global.DEVICE_PROVISIONED, 0);
+ }
+
+ @After
+ public void tearDown() {
+ Settings.Global.putInt(mContext.getContentResolver(),
+ Settings.Global.DEVICE_PROVISIONED, mInitDeviceProvisionedValue);
}
@Test
@@ -210,9 +226,67 @@
assertThat(mFragment.mPinnedHeaderFrameLayout.getVisibility()).isEqualTo(View.INVISIBLE);
}
+ @Test
+ public void onAttach_shouldNotSkipForSUWAndDeviceIsProvisioned_notCallFinish() {
+ Settings.Global.putInt(mContext.getContentResolver(),
+ Settings.Global.DEVICE_PROVISIONED, 1);
+
+ mFragment.onAttach(mContext);
+
+ verify(mFragment, never()).finish();
+ }
+
+ @Test
+ public void onAttach_shouldNotSkipForSUWAndDeviceIsNotProvisioned_notCallFinish() {
+ Settings.Global.putInt(mContext.getContentResolver(),
+ Settings.Global.DEVICE_PROVISIONED, 0);
+
+ mFragment.onAttach(mContext);
+
+ verify(mFragment, never()).finish();
+ }
+
+ @Test
+ public void onAttach_shouldSkipForSUWAndDeviceIsDeviceProvisioned_notCallFinish() {
+ Settings.Global.putInt(mContext.getContentResolver(),
+ Settings.Global.DEVICE_PROVISIONED, 1);
+
+ mFragment2.onAttach(mContext);
+
+ verify(mFragment2, never()).finish();
+ }
+
+ @Test
+ public void onAttach_shouldSkipForSUWAndDeviceProvisioned_notCallFinish() {
+ Settings.Global.putInt(mContext.getContentResolver(),
+ Settings.Global.DEVICE_PROVISIONED, 0);
+
+ mFragment2.onAttach(mContext);
+
+ verify(mFragment2, times(1)).finish();
+ }
+
public static class TestFragment extends SettingsPreferenceFragment {
@Override
+ protected boolean shouldSkipForInitialSUW() {
+ return false;
+ }
+
+ @Override
+ public int getMetricsCategory() {
+ return 0;
+ }
+ }
+
+ public static class TestFragment2 extends SettingsPreferenceFragment {
+
+ @Override
+ protected boolean shouldSkipForInitialSUW() {
+ return true;
+ }
+
+ @Override
public int getMetricsCategory() {
return 0;
}
diff --git a/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java
index fe57090..921587e 100644
--- a/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java
+++ b/tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java
@@ -114,4 +114,9 @@
assertThat(indexRaws).isNotEmpty();
}
+
+ @Test
+ public void shouldSkipForInitialSUW_returnTrue() {
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+ }
}
diff --git a/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java
index e46cd06..5292c60 100644
--- a/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java
+++ b/tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java
@@ -384,6 +384,11 @@
.isTrue();
}
+ @Test
+ public void shouldSkipForInitialSUW_returnTrue() {
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+ }
+
@Implements(AppUtils.class)
public static class ShadowAppUtils {
diff --git a/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java
index 101297b..44a7d49 100644
--- a/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java
+++ b/tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java
@@ -276,6 +276,11 @@
verify(controller).onDisableLogPersistDialogRejected();
}
+ @Test
+ public void shouldSkipForInitialSUW_returnTrue() {
+ assertThat(mDashboard.shouldSkipForInitialSUW()).isTrue();
+ }
+
@Implements(EnableDevelopmentSettingWarningDialog.class)
public static class ShadowEnableDevelopmentSettingWarningDialog {
diff --git a/tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java b/tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java
new file mode 100644
index 0000000..c1d4788
--- /dev/null
+++ b/tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.system;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+
+@RunWith(RobolectricTestRunner.class)
+public class ResetDashboardFragmentTest {
+
+ private ResetDashboardFragment mFragment;
+
+ @Before
+ public void setup() {
+ mFragment = new ResetDashboardFragment();
+ }
+
+ @Test
+ public void shouldSkipForInitialSUW_returnTrue() {
+ assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+ }
+}