1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.verifier.managedprovisioning; 18 19 import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_HOME; 20 import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_OVERVIEW; 21 import static android.app.admin.DevicePolicyManager.MAKE_USER_EPHEMERAL; 22 import static android.app.admin.DevicePolicyManager.SKIP_SETUP_WIZARD; 23 24 import android.Manifest; 25 import android.app.Activity; 26 import android.app.KeyguardManager; 27 import android.app.PendingIntent; 28 import android.app.admin.DevicePolicyManager; 29 import android.content.ComponentName; 30 import android.content.Context; 31 import android.content.Intent; 32 import android.content.IntentFilter; 33 import android.content.pm.PackageInstaller; 34 import android.content.pm.PackageManager; 35 import android.content.pm.ResolveInfo; 36 import android.graphics.BitmapFactory; 37 import android.net.ProxyInfo; 38 import android.os.Bundle; 39 import android.os.PersistableBundle; 40 import android.os.UserHandle; 41 import android.os.UserManager; 42 import android.provider.ContactsContract; 43 import android.provider.MediaStore; 44 import android.provider.Settings; 45 import android.util.Log; 46 import android.view.inputmethod.InputMethodInfo; 47 import android.view.inputmethod.InputMethodManager; 48 import android.widget.Toast; 49 50 import com.android.cts.verifier.R; 51 52 import java.io.File; 53 import java.io.FileInputStream; 54 import java.io.InputStream; 55 import java.io.OutputStream; 56 import java.util.ArrayList; 57 import java.util.Collections; 58 import java.util.List; 59 import java.util.concurrent.TimeUnit; 60 import java.util.stream.Collectors; 61 62 public class CommandReceiverActivity extends Activity { 63 private static final String TAG = "CommandReceiverActivity"; 64 65 public static final String ACTION_EXECUTE_COMMAND = 66 "com.android.cts.verifier.managedprovisioning.action.EXECUTE_COMMAND"; 67 public static final String EXTRA_COMMAND = 68 "com.android.cts.verifier.managedprovisioning.extra.COMMAND"; 69 70 public static final String COMMAND_SET_USER_RESTRICTION = "set-user_restriction"; 71 public static final String COMMAND_DISALLOW_KEYGUARD_UNREDACTED_NOTIFICATIONS = 72 "disallow-keyguard-unredacted-notifications"; 73 public static final String COMMAND_SET_AUTO_TIME_REQUIRED = "set-auto-time-required"; 74 public static final String COMMAND_SET_GLOBAL_SETTING = 75 "set-global-setting"; 76 public static final String COMMAND_SET_MAXIMUM_TO_LOCK = "set-maximum-time-to-lock"; 77 public static final String COMMAND_SET_PASSWORD_QUALITY = "set-password-quality"; 78 public static final String COMMAND_SET_KEYGUARD_DISABLED = "set-keyguard-disabled"; 79 public static final String COMMAND_SET_LOCK_SCREEN_INFO = "set-lock-screen-info"; 80 public static final String COMMAND_SET_STATUSBAR_DISABLED = "set-statusbar-disabled"; 81 public static final String COMMAND_SET_LOCK_TASK_FEATURES = "set-lock-task-features"; 82 public static final String COMMAND_ALLOW_ONLY_SYSTEM_INPUT_METHODS = 83 "allow-only-system-input-methods"; 84 public static final String COMMAND_ALLOW_ONLY_SYSTEM_ACCESSIBILITY_SERVICES = 85 "allow-only-system-accessibility-services"; 86 public static final String COMMAND_CLEAR_POLICIES = "clear-policies"; 87 public static final String COMMAND_REMOVE_DEVICE_OWNER = "remove-device-owner"; 88 public static final String COMMAND_REQUEST_BUGREPORT = "request-bugreport"; 89 public static final String COMMAND_SET_USER_ICON = "set-user-icon"; 90 public static final String COMMAND_RETRIEVE_NETWORK_LOGS = "retrieve-network-logs"; 91 public static final String COMMAND_RETRIEVE_SECURITY_LOGS = "retrieve-security-logs"; 92 public static final String COMMAND_SET_ORGANIZATION_NAME = "set-organization-name"; 93 public static final String COMMAND_ENABLE_NETWORK_LOGGING = "enable-network-logging"; 94 public static final String COMMAND_DISABLE_NETWORK_LOGGING = "disable-network-logging"; 95 public static final String COMMAND_INSTALL_HELPER_PACKAGE = "install-helper-package"; 96 public static final String COMMAND_UNINSTALL_HELPER_PACKAGE = "uninstall-helper-package"; 97 public static final String COMMAND_SET_PERMISSION_GRANT_STATE = "set-permission-grant-state"; 98 public static final String COMMAND_ADD_PERSISTENT_PREFERRED_ACTIVITIES = 99 "add-persistent-preferred-activities"; 100 public static final String COMMAND_CLEAR_PERSISTENT_PREFERRED_ACTIVITIES = 101 "clear-persistent-preferred-activities"; 102 public static final String COMMAND_CREATE_MANAGED_PROFILE = "create-managed-profile"; 103 public static final String COMMAND_REMOVE_MANAGED_PROFILE = "remove-managed-profile"; 104 public static final String COMMAND_SET_ALWAYS_ON_VPN = "set-always-on-vpn"; 105 public static final String COMMAND_CLEAR_ALWAYS_ON_VPN = "clear-always-on-vpn"; 106 public static final String COMMAND_SET_GLOBAL_HTTP_PROXY = "set-global-http-proxy"; 107 public static final String COMMAND_CLEAR_GLOBAL_HTTP_PROXY = "clear-global-http-proxy"; 108 public static final String COMMAND_INSTALL_CA_CERT = "install-ca-cert"; 109 public static final String COMMAND_CLEAR_CA_CERT = "clear-ca-cert"; 110 public static final String COMMAND_SET_MAXIMUM_PASSWORD_ATTEMPTS = 111 "set-maximum-password-attempts"; 112 public static final String COMMAND_CLEAR_MAXIMUM_PASSWORD_ATTEMPTS = 113 "clear-maximum-password-attempts"; 114 public static final String COMMAND_SET_DEFAULT_IME = "set-default-ime"; 115 public static final String COMMAND_CLEAR_DEFAULT_IME = "clear-default-ime"; 116 public static final String COMMAND_CREATE_MANAGED_USER = "create-managed-user"; 117 public static final String COMMAND_CREATE_MANAGED_USER_WITHOUT_SETUP = 118 "create-managed-user-without-setup"; 119 public static final String COMMAND_WITH_USER_SWITCHER_MESSAGE = "with-user-switcher-message"; 120 public static final String COMMAND_WITHOUT_USER_SWITCHER_MESSAGE = 121 "without-user-switcher-message"; 122 public static final String COMMAND_ENABLE_LOGOUT = "enable-logout"; 123 124 public static final String EXTRA_USER_RESTRICTION = 125 "com.android.cts.verifier.managedprovisioning.extra.USER_RESTRICTION"; 126 public static final String EXTRA_SETTING = 127 "com.android.cts.verifier.managedprovisioning.extra.SETTING"; 128 // This extra can be used along with a command extra to set policy to 129 // specify if that policy is enforced or not. 130 public static final String EXTRA_ENFORCED = 131 "com.android.cts.verifier.managedprovisioning.extra.ENFORCED"; 132 public static final String EXTRA_VALUE = 133 "com.android.cts.verifier.managedprovisioning.extra.VALUE"; 134 public static final String EXTRA_ORGANIZATION_NAME = 135 "com.android.cts.verifier.managedprovisioning.extra.ORGANIZATION_NAME"; 136 public static final String EXTRA_PERMISSION = 137 "com.android.cts.verifier.managedprovisioning.extra.PERMISSION"; 138 public static final String EXTRA_GRANT_STATE = 139 "com.android.cts.verifier.managedprovisioning.extra.GRANT_STATE"; 140 141 // We care about installing and uninstalling only. It does not matter what apk is used. 142 // NotificationBot.apk is a good choice because it comes bundled with the CTS verifier. 143 protected static final String HELPER_APP_LOCATION = "/sdcard/NotificationBot.apk"; 144 protected static final String HELPER_APP_PKG = "com.android.cts.robot"; 145 146 public static final String ACTION_INSTALL_COMPLETE = 147 "com.android.cts.verifier.managedprovisioning.action.ACTION_INSTALL_COMPLETE"; 148 public static final String ACTION_UNINSTALL_COMPLETE = 149 "com.android.cts.verifier.managedprovisioning.action.ACTION_UNINSTALL_COMPLETE"; 150 151 /* 152 * The CA cert below is the content of cacert.pem as generated by: 153 * 154 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 155 */ 156 private static final String TEST_CA = 157 "-----BEGIN CERTIFICATE-----\n" + 158 "MIIDXTCCAkWgAwIBAgIJAK9Tl/F9V8kSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" + 159 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" + 160 "aWRnaXRzIFB0eSBMdGQwHhcNMTUwMzA2MTczMjExWhcNMjUwMzAzMTczMjExWjBF\n" + 161 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" + 162 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 163 "CgKCAQEAvItOutsE75WBTgTyNAHt4JXQ3JoseaGqcC3WQij6vhrleWi5KJ0jh1/M\n" + 164 "Rpry7Fajtwwb4t8VZa0NuM2h2YALv52w1xivql88zce/HU1y7XzbXhxis9o6SCI+\n" + 165 "oVQSbPeXRgBPppFzBEh3ZqYTVhAqw451XhwdA4Aqs3wts7ddjwlUzyMdU44osCUg\n" + 166 "kVg7lfPf9sTm5IoHVcfLSCWH5n6Nr9sH3o2ksyTwxuOAvsN11F/a0mmUoPciYPp+\n" + 167 "q7DzQzdi7akRG601DZ4YVOwo6UITGvDyuAAdxl5isovUXqe6Jmz2/myTSpAKxGFs\n" + 168 "jk9oRoG6WXWB1kni490GIPjJ1OceyQIDAQABo1AwTjAdBgNVHQ4EFgQUH1QIlPKL\n" + 169 "p2OQ/AoLOjKvBW4zK3AwHwYDVR0jBBgwFoAUH1QIlPKLp2OQ/AoLOjKvBW4zK3Aw\n" + 170 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcMi4voMMJHeQLjtq8Oky\n" + 171 "Azpyk8moDwgCd4llcGj7izOkIIFqq/lyqKdtykVKUWz2bSHO5cLrtaOCiBWVlaCV\n" + 172 "DYAnnVLM8aqaA6hJDIfaGs4zmwz0dY8hVMFCuCBiLWuPfiYtbEmjHGSmpQTG6Qxn\n" + 173 "ZJlaK5CZyt5pgh5EdNdvQmDEbKGmu0wpCq9qjZImwdyAul1t/B0DrsWApZMgZpeI\n" + 174 "d2od0VBrCICB1K4p+C51D93xyQiva7xQcCne+TAnGNy9+gjQ/MyR8MRpwRLv5ikD\n" + 175 "u0anJCN8pXo6IMglfMAsoton1J6o5/ae5uhC6caQU8bNUsCK570gpNfjkzo6rbP0\n" + 176 "wQ==\n" + 177 "-----END CERTIFICATE-----"; 178 179 private ComponentName mAdmin; 180 private DevicePolicyManager mDpm; 181 private UserManager mUm; 182 183 @Override 184 public void onCreate(Bundle savedInstanceState) { 185 super.onCreate(savedInstanceState); 186 final Intent intent = getIntent(); 187 try { 188 mDpm = (DevicePolicyManager) getSystemService( 189 Context.DEVICE_POLICY_SERVICE); 190 mUm = (UserManager) getSystemService(Context.USER_SERVICE); 191 mAdmin = DeviceAdminTestReceiver.getReceiverComponentName(); 192 final String command = getIntent().getStringExtra(EXTRA_COMMAND); 193 Log.i(TAG, "Command: " + command); 194 switch (command) { 195 case COMMAND_SET_USER_RESTRICTION: { 196 String restrictionKey = intent.getStringExtra(EXTRA_USER_RESTRICTION); 197 boolean enforced = intent.getBooleanExtra(EXTRA_ENFORCED, false); 198 if (enforced) { 199 mDpm.addUserRestriction(mAdmin, restrictionKey); 200 } else { 201 mDpm.clearUserRestriction(mAdmin, restrictionKey); 202 } 203 } break; 204 case COMMAND_DISALLOW_KEYGUARD_UNREDACTED_NOTIFICATIONS: { 205 boolean enforced = intent.getBooleanExtra(EXTRA_ENFORCED, false); 206 mDpm.setKeyguardDisabledFeatures(mAdmin, enforced 207 ? DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS 208 : 0); 209 } break; 210 case COMMAND_SET_AUTO_TIME_REQUIRED: { 211 mDpm.setAutoTimeRequired(mAdmin, 212 intent.getBooleanExtra(EXTRA_ENFORCED, false)); 213 } 214 case COMMAND_SET_LOCK_SCREEN_INFO: { 215 mDpm.setDeviceOwnerLockScreenInfo(mAdmin, intent.getStringExtra(EXTRA_VALUE)); 216 } 217 case COMMAND_SET_MAXIMUM_TO_LOCK: { 218 final long timeInSeconds = Long.parseLong(intent.getStringExtra(EXTRA_VALUE)); 219 mDpm.setMaximumTimeToLock(mAdmin, 220 TimeUnit.SECONDS.toMillis(timeInSeconds) /* in milliseconds */); 221 } break; 222 case COMMAND_SET_PASSWORD_QUALITY: { 223 int quality = intent.getIntExtra(EXTRA_VALUE, 0); 224 mDpm.setPasswordQuality(mAdmin, quality); 225 } break; 226 case COMMAND_SET_KEYGUARD_DISABLED: { 227 boolean enforced = intent.getBooleanExtra(EXTRA_ENFORCED, false); 228 KeyguardManager km = this.getSystemService(KeyguardManager.class); 229 if (km.isKeyguardSecure()) { 230 Toast.makeText(this, getString(R.string.device_owner_lockscreen_secure), 231 Toast.LENGTH_SHORT).show(); 232 } else { 233 mDpm.setKeyguardDisabled(mAdmin, enforced); 234 } 235 } break; 236 case COMMAND_SET_STATUSBAR_DISABLED: { 237 boolean enforced = intent.getBooleanExtra(EXTRA_ENFORCED, false); 238 mDpm.setStatusBarDisabled(mAdmin, enforced); 239 } break; 240 case COMMAND_SET_LOCK_TASK_FEATURES: { 241 int flags = intent.getIntExtra(EXTRA_VALUE, 242 DevicePolicyManager.LOCK_TASK_FEATURE_NONE); 243 mDpm.setLockTaskFeatures(mAdmin, flags); 244 // If feature HOME is used, we need to whitelist the current launcher 245 if ((flags & LOCK_TASK_FEATURE_HOME) != 0) { 246 mDpm.setLockTaskPackages(mAdmin, 247 new String[] {getPackageName(), getCurrentLauncherPackage()}); 248 } else { 249 mDpm.setLockTaskPackages(mAdmin, new String[] {getPackageName()}); 250 } 251 } break; 252 case COMMAND_ALLOW_ONLY_SYSTEM_INPUT_METHODS: { 253 boolean enforced = intent.getBooleanExtra(EXTRA_ENFORCED, false); 254 mDpm.setPermittedInputMethods(mAdmin, 255 enforced ? getEnabledNonSystemImes() : null); 256 } break; 257 case COMMAND_ALLOW_ONLY_SYSTEM_ACCESSIBILITY_SERVICES: { 258 boolean enforced = intent.getBooleanExtra(EXTRA_ENFORCED, false); 259 mDpm.setPermittedAccessibilityServices(mAdmin, 260 enforced ? new ArrayList() : null); 261 } break; 262 case COMMAND_SET_GLOBAL_SETTING: { 263 final String setting = intent.getStringExtra(EXTRA_SETTING); 264 final String value = intent.getStringExtra(EXTRA_VALUE); 265 mDpm.setGlobalSetting(mAdmin, setting, value); 266 } break; 267 case COMMAND_REMOVE_DEVICE_OWNER: { 268 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 269 return; 270 } 271 clearAllPoliciesAndRestrictions(); 272 mDpm.clearDeviceOwnerApp(getPackageName()); 273 } break; 274 case COMMAND_REQUEST_BUGREPORT: { 275 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 276 return; 277 } 278 final boolean bugreportStarted = mDpm.requestBugreport(mAdmin); 279 if (!bugreportStarted) { 280 Utils.showBugreportNotification(this, getString( 281 R.string.bugreport_already_in_progress), 282 Utils.BUGREPORT_NOTIFICATION_ID); 283 } 284 } break; 285 case COMMAND_CLEAR_POLICIES: { 286 int mode = intent.getIntExtra(PolicyTransparencyTestListActivity.EXTRA_MODE, 287 PolicyTransparencyTestListActivity.MODE_DEVICE_OWNER); 288 if (mode == PolicyTransparencyTestListActivity.MODE_DEVICE_OWNER) { 289 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 290 return; 291 } 292 clearAllPoliciesAndRestrictions(); 293 } else if (mode == PolicyTransparencyTestListActivity.MODE_MANAGED_PROFILE 294 || mode == PolicyTransparencyTestListActivity.MODE_MANAGED_USER) { 295 if (!mDpm.isProfileOwnerApp(getPackageName())) { 296 return; 297 } 298 clearProfileOwnerRelatedPoliciesAndRestrictions(mode); 299 } 300 // No policies need to be cleared for COMP at the moment. 301 } break; 302 case COMMAND_SET_USER_ICON: { 303 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 304 return; 305 } 306 mDpm.setUserIcon(mAdmin, BitmapFactory.decodeResource(getResources(), 307 com.android.cts.verifier.R.drawable.icon)); 308 } break; 309 case COMMAND_RETRIEVE_NETWORK_LOGS: { 310 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 311 return; 312 } 313 mDpm.setNetworkLoggingEnabled(mAdmin, true); 314 mDpm.retrieveNetworkLogs(mAdmin, 0 /* batchToken */); 315 mDpm.setNetworkLoggingEnabled(mAdmin, false); 316 } break; 317 case COMMAND_RETRIEVE_SECURITY_LOGS: { 318 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 319 return; 320 } 321 mDpm.setSecurityLoggingEnabled(mAdmin, true); 322 mDpm.retrieveSecurityLogs(mAdmin); 323 mDpm.setSecurityLoggingEnabled(mAdmin, false); 324 } break; 325 case COMMAND_SET_ORGANIZATION_NAME: { 326 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 327 return; 328 } 329 mDpm.setOrganizationName(mAdmin, 330 intent.getStringExtra(EXTRA_ORGANIZATION_NAME)); 331 } break; 332 case COMMAND_ENABLE_NETWORK_LOGGING: { 333 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 334 return; 335 } 336 mDpm.setNetworkLoggingEnabled(mAdmin, true); 337 } break; 338 case COMMAND_DISABLE_NETWORK_LOGGING: { 339 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 340 return; 341 } 342 mDpm.setNetworkLoggingEnabled(mAdmin, false); 343 } break; 344 case COMMAND_INSTALL_HELPER_PACKAGE: { 345 installHelperPackage(); 346 } break; 347 case COMMAND_UNINSTALL_HELPER_PACKAGE: { 348 uninstallHelperPackage(); 349 } break; 350 case COMMAND_SET_PERMISSION_GRANT_STATE: { 351 mDpm.setPermissionGrantState(mAdmin, getPackageName(), 352 intent.getStringExtra(EXTRA_PERMISSION), 353 intent.getIntExtra(EXTRA_GRANT_STATE, 354 DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT)); 355 } break; 356 case COMMAND_ADD_PERSISTENT_PREFERRED_ACTIVITIES: { 357 final ComponentName componentName = 358 EnterprisePrivacyTestDefaultAppActivity.COMPONENT_NAME; 359 // Browser 360 IntentFilter filter = new IntentFilter(); 361 filter.addAction(Intent.ACTION_VIEW); 362 filter.addCategory(Intent.CATEGORY_BROWSABLE); 363 filter.addDataScheme("http"); 364 mDpm.addPersistentPreferredActivity(mAdmin, filter, componentName); 365 // Camera 366 filter = new IntentFilter(); 367 filter.addAction(MediaStore.ACTION_IMAGE_CAPTURE); 368 filter.addAction(MediaStore.ACTION_VIDEO_CAPTURE); 369 mDpm.addPersistentPreferredActivity(mAdmin, filter, componentName); 370 // Map 371 filter = new IntentFilter(); 372 filter.addAction(Intent.ACTION_VIEW); 373 filter.addDataScheme("geo"); 374 mDpm.addPersistentPreferredActivity(mAdmin, filter, componentName); 375 // E-mail 376 filter = new IntentFilter(); 377 filter.addAction(Intent.ACTION_SENDTO); 378 filter.addAction(Intent.ACTION_SEND); 379 filter.addAction(Intent.ACTION_SEND_MULTIPLE); 380 mDpm.addPersistentPreferredActivity(mAdmin, filter, componentName); 381 // Calendar 382 filter = new IntentFilter(); 383 filter.addAction(Intent.ACTION_INSERT); 384 filter.addDataType("vnd.android.cursor.dir/event"); 385 mDpm.addPersistentPreferredActivity(mAdmin, filter, componentName); 386 // Contacts 387 filter = new IntentFilter(); 388 filter.addAction(Intent.ACTION_PICK); 389 filter.addDataType(ContactsContract.Contacts.CONTENT_TYPE); 390 mDpm.addPersistentPreferredActivity(mAdmin, filter, componentName); 391 // Dialer 392 filter = new IntentFilter(); 393 filter.addAction(Intent.ACTION_DIAL); 394 filter.addAction(Intent.ACTION_CALL); 395 mDpm.addPersistentPreferredActivity(mAdmin, filter, componentName); 396 getPackageManager().setComponentEnabledSetting(componentName, 397 PackageManager.COMPONENT_ENABLED_STATE_ENABLED, 398 PackageManager.DONT_KILL_APP); 399 } break; 400 case COMMAND_CLEAR_PERSISTENT_PREFERRED_ACTIVITIES: { 401 mDpm.clearPackagePersistentPreferredActivities(mAdmin, getPackageName()); 402 getPackageManager().setComponentEnabledSetting( 403 EnterprisePrivacyTestDefaultAppActivity.COMPONENT_NAME, 404 PackageManager.COMPONENT_ENABLED_STATE_DEFAULT, 405 PackageManager.DONT_KILL_APP); 406 } break; 407 case COMMAND_CREATE_MANAGED_PROFILE: { 408 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 409 return; 410 } 411 if (mUm.getUserProfiles().size() > 1) { 412 return; 413 } 414 startActivityForResult(new Intent( 415 DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE) 416 .putExtra(DevicePolicyManager 417 .EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME, 418 CompDeviceAdminTestReceiver.getReceiverComponentName()) 419 .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_SKIP_ENCRYPTION, true) 420 .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_SKIP_USER_CONSENT, 421 true), 0); 422 } break; 423 case COMMAND_REMOVE_MANAGED_PROFILE: { 424 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 425 return; 426 } 427 removeManagedProfile(); 428 } break; 429 case COMMAND_SET_ALWAYS_ON_VPN: { 430 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 431 return; 432 } 433 mDpm.setAlwaysOnVpnPackage(mAdmin, getPackageName(), 434 false /* lockdownEnabled */); 435 } break; 436 case COMMAND_CLEAR_ALWAYS_ON_VPN: { 437 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 438 return; 439 } 440 mDpm.setAlwaysOnVpnPackage(mAdmin, null /* vpnPackage */, 441 false /* lockdownEnabled */); 442 } break; 443 case COMMAND_SET_GLOBAL_HTTP_PROXY: { 444 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 445 return; 446 } 447 mDpm.setRecommendedGlobalProxy(mAdmin, 448 ProxyInfo.buildDirectProxy("example.com", 123)); 449 } break; 450 case COMMAND_CLEAR_GLOBAL_HTTP_PROXY: { 451 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 452 return; 453 } 454 mDpm.setRecommendedGlobalProxy(mAdmin, null); 455 } break; 456 case COMMAND_INSTALL_CA_CERT: { 457 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 458 return; 459 } 460 mDpm.installCaCert(mAdmin, TEST_CA.getBytes()); 461 } break; 462 case COMMAND_CLEAR_CA_CERT: { 463 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 464 return; 465 } 466 mDpm.uninstallCaCert(mAdmin, TEST_CA.getBytes()); 467 } break; 468 case COMMAND_SET_MAXIMUM_PASSWORD_ATTEMPTS: { 469 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 470 return; 471 } 472 mDpm.setMaximumFailedPasswordsForWipe(mAdmin, 100); 473 } break; 474 case COMMAND_CLEAR_MAXIMUM_PASSWORD_ATTEMPTS: { 475 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 476 return; 477 } 478 mDpm.setMaximumFailedPasswordsForWipe(mAdmin, 0); 479 } break; 480 case COMMAND_SET_DEFAULT_IME: { 481 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 482 return; 483 } 484 mDpm.setSecureSetting(mAdmin, Settings.Secure.DEFAULT_INPUT_METHOD, 485 getPackageName()); 486 } break; 487 case COMMAND_CLEAR_DEFAULT_IME: { 488 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 489 return; 490 } 491 mDpm.setSecureSetting(mAdmin, Settings.Secure.DEFAULT_INPUT_METHOD, null); 492 } break; 493 case COMMAND_CREATE_MANAGED_USER:{ 494 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 495 return; 496 } 497 PersistableBundle extras = new PersistableBundle(); 498 extras.putBoolean(DeviceAdminTestReceiver.EXTRA_MANAGED_USER_TEST, true); 499 UserHandle userHandle = mDpm.createAndManageUser(mAdmin, "managed user", mAdmin, 500 extras, 501 SKIP_SETUP_WIZARD | MAKE_USER_EPHEMERAL); 502 mDpm.setAffiliationIds(mAdmin, 503 Collections.singleton(DeviceAdminTestReceiver.AFFILIATION_ID)); 504 mDpm.startUserInBackground(mAdmin, userHandle); 505 } break; 506 case COMMAND_CREATE_MANAGED_USER_WITHOUT_SETUP:{ 507 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 508 return; 509 } 510 PersistableBundle extras = new PersistableBundle(); 511 extras.putBoolean(DeviceAdminTestReceiver.EXTRA_MANAGED_USER_TEST, true); 512 mDpm.createAndManageUser(mAdmin, "managed user", mAdmin, extras, /* flags */ 0); 513 } break; 514 case COMMAND_WITH_USER_SWITCHER_MESSAGE: { 515 createAndSwitchUserWithMessage("Start user session", "End user session"); 516 } break; 517 case COMMAND_WITHOUT_USER_SWITCHER_MESSAGE: { 518 createAndSwitchUserWithMessage(null, null); 519 } break; 520 case COMMAND_ENABLE_LOGOUT: { 521 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 522 return; 523 } 524 mDpm.addUserRestriction(mAdmin, UserManager.DISALLOW_USER_SWITCH); 525 mDpm.setLogoutEnabled(mAdmin, true); 526 UserHandle userHandle = mDpm.createAndManageUser(mAdmin, "managed user", mAdmin, 527 null, SKIP_SETUP_WIZARD | MAKE_USER_EPHEMERAL); 528 mDpm.switchUser(mAdmin, userHandle); 529 } break; 530 } 531 } catch (Exception e) { 532 Log.e(TAG, "Failed to execute command: " + intent, e); 533 } finally { 534 finish(); 535 } 536 } 537 538 private void installHelperPackage() throws Exception { 539 final PackageInstaller packageInstaller = getPackageManager().getPackageInstaller(); 540 final PackageInstaller.Session session = packageInstaller.openSession( 541 packageInstaller.createSession(new PackageInstaller.SessionParams( 542 PackageInstaller.SessionParams.MODE_FULL_INSTALL))); 543 final File file = new File(HELPER_APP_LOCATION); 544 final InputStream in = new FileInputStream(file); 545 final OutputStream out = session.openWrite("CommandReceiverActivity", 0, file.length()); 546 final byte[] buffer = new byte[65536]; 547 int count; 548 while ((count = in.read(buffer)) != -1) { 549 out.write(buffer, 0, count); 550 } 551 session.fsync(out); 552 in.close(); 553 out.close(); 554 session.commit(PendingIntent.getBroadcast(this, 0, new Intent(ACTION_INSTALL_COMPLETE), 0) 555 .getIntentSender()); 556 } 557 558 private void uninstallHelperPackage() { 559 try { 560 getPackageManager().getPackageInstaller().uninstall(HELPER_APP_PKG, 561 PendingIntent.getBroadcast(this, 0, new Intent(ACTION_UNINSTALL_COMPLETE), 0) 562 .getIntentSender()); 563 } catch (IllegalArgumentException e) { 564 // The package is not installed: that's fine 565 } 566 } 567 568 private void clearAllPoliciesAndRestrictions() throws Exception { 569 clearProfileOwnerRelatedPolicies(); 570 clearPolicyTransparencyUserRestriction( 571 PolicyTransparencyTestListActivity.MODE_DEVICE_OWNER); 572 573 // There are a few user restrictions that are used, but not for policy transparency 574 mDpm.clearUserRestriction(mAdmin, UserManager.DISALLOW_CONFIG_BLUETOOTH); 575 mDpm.clearUserRestriction(mAdmin, UserManager.DISALLOW_CONFIG_VPN); 576 mDpm.clearUserRestriction(mAdmin, UserManager.DISALLOW_DATA_ROAMING); 577 mDpm.clearUserRestriction(mAdmin, UserManager.DISALLOW_USER_SWITCH); 578 579 mDpm.setDeviceOwnerLockScreenInfo(mAdmin, null); 580 mDpm.setKeyguardDisabled(mAdmin, false); 581 mDpm.setAutoTimeRequired(mAdmin, false); 582 mDpm.setStatusBarDisabled(mAdmin, false); 583 mDpm.setOrganizationName(mAdmin, null); 584 mDpm.setNetworkLoggingEnabled(mAdmin, false); 585 mDpm.setSecurityLoggingEnabled(mAdmin, false); 586 mDpm.setPermissionGrantState(mAdmin, getPackageName(), 587 Manifest.permission.ACCESS_FINE_LOCATION, 588 DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT); 589 mDpm.setPermissionGrantState(mAdmin, getPackageName(), Manifest.permission.RECORD_AUDIO, 590 DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT); 591 mDpm.setPermissionGrantState(mAdmin, getPackageName(), Manifest.permission.CAMERA, 592 DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT); 593 mDpm.clearPackagePersistentPreferredActivities(mAdmin, getPackageName()); 594 mDpm.setAlwaysOnVpnPackage(mAdmin, null, false); 595 mDpm.setRecommendedGlobalProxy(mAdmin, null); 596 mDpm.uninstallCaCert(mAdmin, TEST_CA.getBytes()); 597 mDpm.setMaximumFailedPasswordsForWipe(mAdmin, 0); 598 mDpm.setSecureSetting(mAdmin, Settings.Secure.DEFAULT_INPUT_METHOD, null); 599 mDpm.setAffiliationIds(mAdmin, Collections.emptySet()); 600 mDpm.setStartUserSessionMessage(mAdmin, null); 601 mDpm.setEndUserSessionMessage(mAdmin, null); 602 mDpm.setLogoutEnabled(mAdmin, false); 603 604 uninstallHelperPackage(); 605 removeManagedProfile(); 606 getPackageManager().setComponentEnabledSetting( 607 EnterprisePrivacyTestDefaultAppActivity.COMPONENT_NAME, 608 PackageManager.COMPONENT_ENABLED_STATE_DEFAULT, 609 PackageManager.DONT_KILL_APP); 610 } 611 612 private void clearProfileOwnerRelatedPoliciesAndRestrictions(int mode) { 613 clearPolicyTransparencyUserRestriction(mode); 614 clearProfileOwnerRelatedPolicies(); 615 } 616 617 private void clearProfileOwnerRelatedPolicies() { 618 mDpm.setKeyguardDisabledFeatures(mAdmin, 0); 619 mDpm.setPasswordQuality(mAdmin, 0); 620 mDpm.setMaximumTimeToLock(mAdmin, 0); 621 mDpm.setPermittedAccessibilityServices(mAdmin, null); 622 mDpm.setPermittedInputMethods(mAdmin, null); 623 } 624 625 private void clearPolicyTransparencyUserRestriction(int mode) { 626 for (String userRestriction : UserRestrictions.getUserRestrictionsForPolicyTransparency( 627 mode)) { 628 mDpm.clearUserRestriction(mAdmin, userRestriction); 629 } 630 } 631 632 private void removeManagedProfile() { 633 for (final UserHandle userHandle : mUm.getUserProfiles()) { 634 mDpm.removeUser(mAdmin, userHandle); 635 } 636 } 637 638 public static Intent createSetUserRestrictionIntent(String restriction, boolean enforced) { 639 return new Intent(ACTION_EXECUTE_COMMAND) 640 .putExtra(EXTRA_COMMAND,COMMAND_SET_USER_RESTRICTION) 641 .putExtra(EXTRA_USER_RESTRICTION, restriction) 642 .putExtra(EXTRA_ENFORCED, enforced); 643 } 644 645 private List<String> getEnabledNonSystemImes() { 646 InputMethodManager inputMethodManager = getSystemService(InputMethodManager.class); 647 final List<InputMethodInfo> inputMethods = inputMethodManager.getEnabledInputMethodList(); 648 return inputMethods.stream() 649 .filter(inputMethodInfo -> !isSystemInputMethodInfo(inputMethodInfo)) 650 .map(inputMethodInfo -> inputMethodInfo.getPackageName()) 651 .filter(packageName -> !packageName.equals(getPackageName())) 652 .distinct() 653 .collect(Collectors.toList()); 654 } 655 656 private boolean isSystemInputMethodInfo(InputMethodInfo inputMethodInfo) { 657 return inputMethodInfo.getServiceInfo().applicationInfo.isSystemApp(); 658 } 659 660 private void createAndSwitchUserWithMessage(String startUserSessionMessage, 661 String endUserSessionMessage) { 662 if (!mDpm.isDeviceOwnerApp(getPackageName())) { 663 return; 664 } 665 mDpm.setStartUserSessionMessage(mAdmin, startUserSessionMessage); 666 mDpm.setEndUserSessionMessage(mAdmin, endUserSessionMessage); 667 mDpm.setAffiliationIds(mAdmin, 668 Collections.singleton(DeviceAdminTestReceiver.AFFILIATION_ID)); 669 670 PersistableBundle extras = new PersistableBundle(); 671 extras.putBoolean(DeviceAdminTestReceiver.EXTRA_LOGOUT_ON_START, true); 672 UserHandle userHandle = mDpm.createAndManageUser(mAdmin, "managed user", mAdmin, 673 extras, 674 SKIP_SETUP_WIZARD | MAKE_USER_EPHEMERAL); 675 mDpm.switchUser(mAdmin, userHandle); 676 } 677 678 private String getCurrentLauncherPackage() { 679 ResolveInfo resolveInfo = getPackageManager() 680 .resolveActivity(new Intent(Intent.ACTION_MAIN) 681 .addCategory(Intent.CATEGORY_HOME), PackageManager.MATCH_DEFAULT_ONLY); 682 if (resolveInfo == null || resolveInfo.activityInfo == null) { 683 return null; 684 } 685 686 return resolveInfo.activityInfo.packageName; 687 } 688 } 689