Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_packages_apps_Settings / 16d588c11a738d24704688b3bad58bcfe17a20c8^! / . / src / com / android / settings / vpn2 / AppPreference.java
commit16d588c11a738d24704688b3bad58bcfe17a20c8[log] [tgz]
authorPavel Grafov <pgrafov@google.com>Thu Mar 18 22:46:08 2021 +0000
committerPavel Grafov <pgrafov@google.com>Wed Mar 31 15:20:11 2021 +0000
tree4901446e93ad6148eebe7e3cae7edf51a2842025
parent7d9233302ffa5877bd5923a28bab4d9e423da7b9 [diff] [blame]
Prevent disconnecting admin-configured VPN

First, if the VPN is configured by an admin, the preference is
disabled and tapping on it will results in a policy disclouser
dialog.
In addition restriction checks in the dialog also check if the
VPN is admin-configured.

Bug: 179975048
Test: Manual, setting VPN in profile and primary user and via DPM API.
Test: make RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.vpn2
Change-Id: Id59d2ac2782e83601bc3093d3a092faea36ff5d9

diff --git a/src/com/android/settings/vpn2/AppPreference.java b/src/com/android/settings/vpn2/AppPreference.java
index 6b64250..8ee2f5f 100644
--- a/src/com/android/settings/vpn2/AppPreference.java
+++ b/src/com/android/settings/vpn2/AppPreference.java

@@ -16,6 +16,7 @@
 
 package com.android.settings.vpn2;
 
+import android.app.admin.DevicePolicyManager;
 import android.content.Context;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
@@ -26,6 +27,8 @@
 
 import com.android.internal.net.LegacyVpnInfo;
 import com.android.internal.net.VpnConfig;
+import com.android.settingslib.RestrictedLockUtils;
+import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
 
 /**
  * {@link androidx.preference.Preference} containing information about a VPN
@@ -43,6 +46,7 @@
         super.setUserId(userId);
 
         mPackageName = packageName;
+        disableIfConfiguredByAdmin();
 
         // Fetch icon and VPN label
         String label = packageName;
@@ -74,6 +78,25 @@
         setIcon(icon);
     }
 
+    /**
+     * Disable this preference if VPN is set as always on by a profile or device owner.
+     * NB: it should be called after super.setUserId() otherwise admin information can be lost.
+     */
+    private void disableIfConfiguredByAdmin() {
+        if (isDisabledByAdmin()) {
+            // Already disabled due to user restriction.
+            return;
+        }
+        final DevicePolicyManager dpm = getContext()
+                .createContextAsUser(UserHandle.of(getUserId()), /* flags= */ 0)
+                .getSystemService(DevicePolicyManager.class);
+        if (mPackageName.equals(dpm.getAlwaysOnVpnPackage())) {
+            final EnforcedAdmin admin = RestrictedLockUtils.getProfileOrDeviceOwner(
+                    getContext(), UserHandle.of(mUserId));
+            setDisabledByAdmin(admin);
+        }
+    }
+
     public PackageInfo getPackageInfo() {
         try {
             PackageManager pm = getUserContext().getPackageManager();