DISALLOW_CONFIG_CREDENTIALS blocks user credentials
All settings preferences related to credentials of any kind should be
stopped by this user restriction.
Bug: 26879958
Change-Id: I983c6e58081bd4022bb006942499cba4b74954e7
diff --git a/res/xml/security_settings_misc.xml b/res/xml/security_settings_misc.xml
index b225682..2577b6c 100644
--- a/res/xml/security_settings_misc.xml
+++ b/res/xml/security_settings_misc.xml
@@ -72,7 +72,7 @@
android:persistent="false"
android:fragment="com.android.settings.TrustedCredentialsSettings"/>
- <Preference android:key="user_credentials"
+ <com.android.settingslib.RestrictedPreference android:key="user_credentials"
android:title="@string/user_credentials"
android:summary="@string/user_credentials_summary"
android:persistent="false"
diff --git a/src/com/android/settings/SecuritySettings.java b/src/com/android/settings/SecuritySettings.java
index 333f6b8..e046175 100644
--- a/src/com/android/settings/SecuritySettings.java
+++ b/src/com/android/settings/SecuritySettings.java
@@ -104,6 +104,7 @@
private static final String KEY_SIM_LOCK = "sim_lock";
private static final String KEY_SHOW_PASSWORD = "show_password";
private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type";
+ private static final String KEY_USER_CREDENTIALS = "user_credentials";
private static final String KEY_RESET_CREDENTIALS = "credentials_reset";
private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
private static final String KEY_TOGGLE_INSTALL_APPLICATIONS = "toggle_install_applications";
@@ -315,6 +316,10 @@
if (!RestrictedLockUtils.hasBaseUserRestriction(getActivity(),
UserManager.DISALLOW_CONFIG_CREDENTIALS, MY_USER_ID)) {
+ RestrictedPreference userCredentials = (RestrictedPreference) root.findPreference(
+ KEY_USER_CREDENTIALS);
+ userCredentials.checkRestrictionAndSetDisabled(
+ UserManager.DISALLOW_CONFIG_CREDENTIALS);
RestrictedPreference credentialStorageType = (RestrictedPreference) root.findPreference(
KEY_CREDENTIAL_STORAGE_TYPE);
credentialStorageType.checkRestrictionAndSetDisabled(
@@ -336,6 +341,7 @@
credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS));
credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL));
credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE));
+ credentialsManager.removePreference(root.findPreference(KEY_USER_CREDENTIALS));
}
diff --git a/src/com/android/settings/UserCredentialsSettings.java b/src/com/android/settings/UserCredentialsSettings.java
index e688450..5c8168e 100644
--- a/src/com/android/settings/UserCredentialsSettings.java
+++ b/src/com/android/settings/UserCredentialsSettings.java
@@ -28,6 +28,8 @@
import android.os.Parcel;
import android.os.Parcelable;
import android.os.RemoteException;
+import android.os.UserHandle;
+import android.os.UserManager;
import android.security.Credentials;
import android.security.IKeyChainService;
import android.security.KeyChain;
@@ -44,6 +46,8 @@
import android.widget.TextView;
import com.android.internal.logging.MetricsProto.MetricsEvent;
+import com.android.settingslib.RestrictedLockUtils;
+import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
import java.util.EnumSet;
import java.util.Set;
@@ -118,19 +122,34 @@
new Credential[] {item}).getView(0, null, null);
infoContainer.addView(view);
- return new AlertDialog.Builder(getActivity())
+ UserManager userManager
+ = (UserManager) getContext().getSystemService(Context.USER_SERVICE);
+
+ AlertDialog.Builder builder = new AlertDialog.Builder(getActivity())
.setView(root)
.setTitle(R.string.user_credential_title)
- .setPositiveButton(R.string.done, null)
- .setNegativeButton(R.string.trusted_credentials_remove_label,
- new DialogInterface.OnClickListener() {
- @Override public void onClick(DialogInterface dialog, int id) {
- new RemoveCredentialsTask(getContext(), getTargetFragment())
- .execute(item.alias);
- dialog.dismiss();
- }
- })
- .create();
+ .setPositiveButton(R.string.done, null);
+
+ final String restriction = UserManager.DISALLOW_CONFIG_CREDENTIALS;
+ final int myUserId = UserHandle.myUserId();
+ if (!RestrictedLockUtils.hasBaseUserRestriction(getContext(), restriction, myUserId)) {
+ DialogInterface.OnClickListener listener = new DialogInterface.OnClickListener() {
+ @Override public void onClick(DialogInterface dialog, int id) {
+ final EnforcedAdmin admin = RestrictedLockUtils.checkIfRestrictionEnforced(
+ getContext(), restriction, myUserId);
+ if (admin != null) {
+ RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(),
+ admin);
+ } else {
+ new RemoveCredentialsTask(getContext(), getTargetFragment())
+ .execute(item.alias);
+ }
+ dialog.dismiss();
+ }
+ };
+ builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener);
+ }
+ return builder.create();
}
private class RemoveCredentialsTask extends AsyncTask<String, Void, Void> {