Simplify user flow for setting default supervisor as PO
A follow up CL will clean up and separate the DeviceAdminAdd and
ProfileOwnerAdd logic (see b/131713071)
Bug: 124066840
Test: manual (overlay config_defaultSupervisionProfileOwnerComponent and
confirm only that component can be set as profile owner after setup is
complete)
Test: manual (install CtsVerifier, adb shell am start -n "com.android.cts.verifier/.admin.tapjacking.OverlayingActivity", user should not be able to click the "Allow" button)
Change-Id: Iccd931801145719110ce75421c35db80ea651779
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 9dd4732..ef8e761 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1333,22 +1333,23 @@
</activity-alias>
<activity android:name=".applications.specialaccess.deviceadmin.DeviceAdminAdd"
- android:label="@string/device_admin_add_title"
- android:clearTaskOnLaunch="true">
+ android:label="@string/device_admin_add_title"
+ android:clearTaskOnLaunch="true">
<intent-filter>
<action android:name="android.app.action.ADD_DEVICE_ADMIN" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
- <activity-alias android:name="SetProfileOwner"
- android:label="@string/profile_owner_add_title"
- android:targetActivity=".applications.specialaccess.deviceadmin.DeviceAdminAdd">
+ <activity android:name=".applications.specialaccess.deviceadmin.ProfileOwnerAdd"
+ android:excludeFromRecents="true"
+ android:theme="@style/Transparent"
+ android:clearTaskOnLaunch="true">
<intent-filter android:priority="1000">
<action android:name="android.app.action.SET_PROFILE_OWNER" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
- </activity-alias>
+ </activity>
<activity
android:name="Settings$UsageAccessSettingsActivity"
diff --git a/res/layout/profile_owner_add.xml b/res/layout/profile_owner_add.xml
new file mode 100644
index 0000000..84c51fd
--- /dev/null
+++ b/res/layout/profile_owner_add.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ~ Copyright (C) 2019 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License
+ -->
+
+<LinearLayout
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ android:id="@+id/active_layout"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent"
+ android:orientation="vertical">
+
+ <TextView android:id="@+id/add_msg_simplified"
+ android:layout_width="match_parent"
+ android:layout_height="0dp"
+ android:layout_weight="1"
+ android:scrollbars = "vertical"
+ android:padding="?dialogPreferredPadding"
+ android:gravity="center_vertical"/>
+
+ <TextView android:id="@+id/admin_warning_simplified"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:paddingStart="?dialogPreferredPadding"
+ android:paddingEnd="?dialogPreferredPadding"/>
+</LinearLayout>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 615077c..85cde7b 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -6019,6 +6019,9 @@
<string name="device_admin_warning">Activating this admin app will allow
the app <xliff:g id="app_name">%1$s</xliff:g> to perform the
following operations:</string>
+ <!-- Simplified device admin warning message [CHAR LIMIT=NONE]-->
+ <string name="device_admin_warning_simplified">This device will be managed and monitored by
+ <xliff:g id="app_name" example="Example Supervisor">%1$s</xliff:g>.</string>
<!-- Device admin warning message about policies an admin can use -->
<string name="device_admin_status">This admin app is active and allows
the app <xliff:g id="app_name">%1$s</xliff:g> to perform the
@@ -6026,6 +6029,8 @@
<!-- Title for screen to set a profile owner [CHAR LIMIT=40] -->
<string name="profile_owner_add_title">Activate Profile Manager?</string>
+ <!-- Simplified title for dialog to set a profile owner [CHAR LIMIT=40] -->
+ <string name="profile_owner_add_title_simplified">Allow supervision?</string>
<!-- Warning when trying to add a profile owner admin after setup has completed. [CHAR LIMIT=none] -->
<string name="adding_profile_owner_warning">By proceeding, your user will be managed by your
admin which may also be able to store associated data, in addition to your personal
diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
index 7e0ca24..0d0bd20 100644
--- a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
@@ -46,6 +46,7 @@
import android.os.UserManager;
import android.text.TextUtils;
import android.text.TextUtils.TruncateAt;
+import android.text.method.ScrollingMovementMethod;
import android.util.EventLog;
import android.util.Log;
import android.view.Display;
@@ -273,15 +274,63 @@
}
}
- // If we're trying to add a profile owner and user setup hasn't completed yet, no
- // need to prompt for permission. Just add and finish.
- if (mAddingProfileOwner && !mDPM.hasUserSetupCompleted()) {
- addAndFinish();
- return;
- }
-
mAddMsgText = getIntent().getCharSequenceExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION);
+ if (mAddingProfileOwner) {
+ // If we're trying to add a profile owner and user setup hasn't completed yet, no
+ // need to prompt for permission. Just add and finish
+ if (!mDPM.hasUserSetupCompleted()) {
+ addAndFinish();
+ return;
+ }
+
+ // othewise, only the defined default supervision profile owner can be set after user
+ // setup.
+ final String supervisor = getString(
+ com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
+ if (supervisor == null) {
+ Log.w(TAG, "Unable to set profile owner post-setup, no default supervisor"
+ + "profile owner defined");
+ finish();
+ return;
+ }
+
+ final ComponentName supervisorComponent = ComponentName.unflattenFromString(
+ supervisor);
+ if (who.compareTo(supervisorComponent) != 0) {
+ Log.w(TAG, "Unable to set non-default profile owner post-setup " + who);
+ finish();
+ return;
+ }
+
+ // Build and show the simplified dialog
+ final Dialog dialog = new AlertDialog.Builder(this)
+ .setTitle(getText(R.string.profile_owner_add_title_simplified))
+ .setView(R.layout.profile_owner_add)
+ .setPositiveButton(R.string.allow, new DialogInterface.OnClickListener() {
+ public void onClick(DialogInterface dialog, int which) {
+ addAndFinish();
+ }
+ })
+ .setNeutralButton(R.string.cancel, null)
+ .setOnDismissListener(new DialogInterface.OnDismissListener() {
+ public void onDismiss(DialogInterface dialogInterface) {
+ finish();
+ }
+ })
+ .create();
+ dialog.show();
+
+ mActionButton = ((AlertDialog) dialog).getButton(DialogInterface.BUTTON_POSITIVE);
+ mActionButton.setFilterTouchesWhenObscured(true);
+ mAddMsg = dialog.findViewById(R.id.add_msg_simplified);
+ mAddMsg.setMovementMethod(new ScrollingMovementMethod());
+ mAddMsg.setText(mAddMsgText);
+ mAdminWarning = dialog.findViewById(R.id.admin_warning_simplified);
+ mAdminWarning.setText(getString(R.string.device_admin_warning_simplified,
+ mProfileOwnerName));
+ return;
+ }
setContentView(R.layout.device_admin_add);
mAdminIcon = (ImageView)findViewById(R.id.admin_icon);
@@ -501,7 +550,9 @@
protected void onResume() {
super.onResume();
mActionButton.setEnabled(true);
- updateInterface();
+ if (!mAddingProfileOwner) {
+ updateInterface();
+ }
// As long as we are running, don't let anyone overlay stuff on top of the screen.
mAppOps.setUserRestriction(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, true, mToken);
mAppOps.setUserRestriction(AppOpsManager.OP_TOAST_WINDOW, true, mToken);
@@ -571,9 +622,6 @@
} catch (Resources.NotFoundException e) {
mAdminDescription.setVisibility(View.GONE);
}
- if (mAddingProfileOwner) {
- mProfileOwnerWarning.setVisibility(View.VISIBLE);
- }
if (mAddMsgText != null) {
mAddMsg.setText(mAddMsgText);
mAddMsg.setVisibility(View.VISIBLE);
@@ -634,11 +682,7 @@
addDeviceAdminPolicies(true /* showDescription */);
mAdminWarning.setText(getString(R.string.device_admin_warning,
mDeviceAdmin.getActivityInfo().applicationInfo.loadLabel(getPackageManager())));
- if (mAddingProfileOwner) {
- setTitle(getText(R.string.profile_owner_add_title));
- } else {
- setTitle(getText(R.string.add_device_admin_msg));
- }
+ setTitle(getText(R.string.add_device_admin_msg));
mActionButton.setText(getText(R.string.add_device_admin));
if (isAdminUninstallable()) {
mUninstallButton.setVisibility(View.VISIBLE);
diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/ProfileOwnerAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/ProfileOwnerAdd.java
new file mode 100644
index 0000000..6841ea4
--- /dev/null
+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/ProfileOwnerAdd.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package com.android.settings.applications.specialaccess.deviceadmin;
+
+import android.os.Bundle;
+
+/**
+ * ProfileOwnerAdd uses the DeviceAdminAdd logic to handle SET_PROFILE_OWNER intents
+ *
+ * TODO(b/131713071): Move profile owner add logic from DeviceAdminAdd to here
+ */
+public class ProfileOwnerAdd extends DeviceAdminAdd {
+ @Override
+ protected void onCreate(Bundle icicle) {
+ super.onCreate(icicle);
+ }
+}