Consider Private DNS user restriction
As a new user restriction, to disallow changing Private DNS settings, was
added, make the Private DNS mode dialog preference consider whether to
let the user modify it or not based on the presence of this restriction.
Bug: 112982691
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testPrivateDnsPolicy
Test: m -j RunSettingsRoboTests ROBOTEST_FILTER=PrivateDnsPreferenceControllerTest
Test: Manual, using TestDPC
Change-Id: If815860ace3aadf6f79fd23173f0a2c80a29f0e1
diff --git a/src/com/android/settings/network/PrivateDnsPreferenceController.java b/src/com/android/settings/network/PrivateDnsPreferenceController.java
index 5618010..8b3bfa0 100644
--- a/src/com/android/settings/network/PrivateDnsPreferenceController.java
+++ b/src/com/android/settings/network/PrivateDnsPreferenceController.java
@@ -34,6 +34,8 @@
import android.net.Uri;
import android.os.Handler;
import android.os.Looper;
+import android.os.UserHandle;
+import android.os.UserManager;
import android.provider.Settings;
import androidx.preference.Preference;
@@ -46,6 +48,8 @@
import com.android.settingslib.core.lifecycle.LifecycleObserver;
import com.android.settingslib.core.lifecycle.events.OnStart;
import com.android.settingslib.core.lifecycle.events.OnStop;
+import com.android.settingslib.RestrictedLockUtilsInternal;
+import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
import java.net.InetAddress;
import java.util.List;
@@ -136,6 +140,19 @@
return "";
}
+ @Override
+ public void updateState(Preference preference) {
+ super.updateState(preference);
+ //TODO(b/112982691): Add policy transparency explaining why this setting is disabled.
+ preference.setEnabled(!isManagedByAdmin());
+ }
+
+ private boolean isManagedByAdmin() {
+ EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal.checkIfRestrictionEnforced(
+ mContext, UserManager.DISALLOW_CONFIG_PRIVATE_DNS, UserHandle.myUserId());
+ return enforcedAdmin != null;
+ }
+
private class PrivateDnsSettingsObserver extends ContentObserver {
public PrivateDnsSettingsObserver(Handler h) {
super(h);
diff --git a/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java b/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java
index b475c7e..464b290 100644
--- a/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java
+++ b/tests/robotests/src/com/android/settings/network/PrivateDnsPreferenceControllerTest.java
@@ -43,6 +43,7 @@
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.withSettings;
+import android.content.ComponentName;
import android.content.ContentResolver;
import android.content.Context;
import android.net.ConnectivityManager;
@@ -50,6 +51,8 @@
import android.net.LinkProperties;
import android.net.Network;
import android.os.Handler;
+import android.os.UserHandle;
+import android.os.UserManager;
import android.provider.Settings;
import androidx.lifecycle.LifecycleOwner;
@@ -58,6 +61,8 @@
import com.android.settings.R;
import com.android.settings.testutils.SettingsRobolectricTestRunner;
+import com.android.settings.testutils.shadow.ShadowUserManager;
+import com.android.settings.testutils.shadow.ShadowDevicePolicyManager;
import com.android.settingslib.core.lifecycle.Lifecycle;
import org.junit.Before;
@@ -79,6 +84,10 @@
import java.util.List;
@RunWith(SettingsRobolectricTestRunner.class)
+@Config(shadows = {
+ ShadowUserManager.class,
+ ShadowDevicePolicyManager.class
+})
public class PrivateDnsPreferenceControllerTest {
private final static String HOSTNAME = "dns.example.com";
@@ -108,6 +117,7 @@
private ShadowContentResolver mShadowContentResolver;
private Lifecycle mLifecycle;
private LifecycleOwner mLifecycleOwner;
+ private ShadowUserManager mShadowUserManager;
@Before
public void setUp() {
@@ -127,6 +137,8 @@
mLifecycleOwner = () -> mLifecycle;
mLifecycle = new Lifecycle(mLifecycleOwner);
mLifecycle.addObserver(mController);
+
+ mShadowUserManager = ShadowUserManager.getShadow();
}
private void updateLinkProperties(LinkProperties lp) {
@@ -264,6 +276,31 @@
verify(mPreference).setSummary(getResourceString(R.string.private_dns_mode_opportunistic));
}
+ @Test
+ public void isEnabled_canBeDisabledByAdmin() {
+ final int userId = UserHandle.myUserId();
+ final List<UserManager.EnforcingUser> enforcingUsers = Collections.singletonList(
+ new UserManager.EnforcingUser(userId,
+ UserManager.RESTRICTION_SOURCE_DEVICE_OWNER)
+ );
+ mShadowUserManager.setUserRestrictionSources(
+ UserManager.DISALLOW_CONFIG_PRIVATE_DNS,
+ UserHandle.of(userId),
+ enforcingUsers);
+
+ ShadowDevicePolicyManager.getShadow().setDeviceOwnerComponentOnAnyUser(
+ new ComponentName("test", "test"));
+
+ mController.updateState(mPreference);
+ verify(mPreference).setEnabled(false);
+ }
+
+ @Test
+ public void isEnabled_isEnabledByDefault() {
+ mController.updateState(mPreference);
+ verify(mPreference).setEnabled(true);
+ }
+
private void setPrivateDnsMode(String mode) {
Settings.Global.putString(mContentResolver, PRIVATE_DNS_MODE, mode);
}