From 0469f41010d8001dba5e09606bb631b1d3313021 Mon Sep 17 00:00:00 2001 From: Maggie Benthall Date: Thu, 5 Sep 2013 15:30:26 -0400 Subject: [PATCH] CA cert monitoring: add notifications and actions for dialog In DevicePolicyManagementService, on boot and when certs are installed, post notification to tell the user that their traffic may be monitored. Have QuickSettings use the MonitoringCertInfoActivity instead of building the dialog itself. Bug: 10633199 Change-Id: Ie4b97295a9fc25867c87872feccdb17f4bea071d --- .../android/app/admin/DevicePolicyManager.java | 2 +- core/java/android/provider/Settings.java | 32 ++++++++ .../drawable-hdpi/stat_sys_certificate_info.png | Bin 0 -> 1416 bytes .../drawable-mdpi/stat_sys_certificate_info.png | Bin 0 -> 930 bytes .../drawable-xhdpi/stat_sys_certificate_info.png | Bin 0 -> 1946 bytes .../drawable-xxhdpi/stat_sys_certificate_info.png | Bin 0 -> 4141 bytes core/res/res/values/strings.xml | 12 +++ core/res/res/values/symbols.xml | 4 + packages/SystemUI/res/values/strings.xml | 13 +--- .../systemui/statusbar/phone/QuickSettings.java | 43 +---------- .../android/server/DevicePolicyManagerService.java | 81 ++++++++++++++++++++- 11 files changed, 132 insertions(+), 55 deletions(-) create mode 100644 core/res/res/drawable-hdpi/stat_sys_certificate_info.png create mode 100644 core/res/res/drawable-mdpi/stat_sys_certificate_info.png create mode 100644 core/res/res/drawable-xhdpi/stat_sys_certificate_info.png create mode 100644 core/res/res/drawable-xxhdpi/stat_sys_certificate_info.png diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index e0b1c0022341..ab825314f013 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -1372,7 +1372,7 @@ public class DevicePolicyManager { * * @hide */ - public boolean hasAnyCaCertsInstalled() { + public static boolean hasAnyCaCertsInstalled() { TrustedCertificateStore certStore = new TrustedCertificateStore(); Set aliases = certStore.userAliases(); return aliases != null && !aliases.isEmpty(); diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index 1a80818ff08f..1ba982121521 100644 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -160,6 +160,38 @@ public final class Settings { "android.settings.SECURITY_SETTINGS"; /** + * Activity Action: Show trusted credentials settings, opening to the user tab, + * to allow management of installed credentials. + *

+ * In some cases, a matching Activity may not exist, so ensure you + * safeguard against this. + *

+ * Input: Nothing. + *

+ * Output: Nothing. + * @hide + */ + @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) + public static final String ACTION_TRUSTED_CREDENTIALS_USER = + "com.android.settings.TRUSTED_CREDENTIALS_USER"; + + /** + * Activity Action: Show dialog explaining that an installed CA cert may enable + * monitoring of encrypted network traffic. + *

+ * In some cases, a matching Activity may not exist, so ensure you + * safeguard against this. + *

+ * Input: Nothing. + *

+ * Output: Nothing. + * @hide + */ + @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION) + public static final String ACTION_MONITORING_CERT_INFO = + "com.android.settings.MONITORING_CERT_INFO"; + + /** * Activity Action: Show settings to allow configuration of privacy options. *

* In some cases, a matching Activity may not exist, so ensure you diff --git a/core/res/res/drawable-hdpi/stat_sys_certificate_info.png b/core/res/res/drawable-hdpi/stat_sys_certificate_info.png new file mode 100644 index 0000000000000000000000000000000000000000..3be426c4a4dfd34f50a42643683401b9b413b933 GIT binary patch literal 1416 zcmZ`(X*8P&6#ar&qV}bhT3XT)TWqB%RjD*WX{fX^RAUg0RP80kj9OxfTIX~vSbKgDpo_F8-_p-6xXa$H41ONa9jJun! zn2oyc5V2)cvkvHPqZ6w@Vy@N*5->HxoCHM9016xeFq3AE!PsC z`x)cr>gPY$QGD^b0Zw^@)h+bQ#pbJG^NQ;=8j;!Rg)os^-5sQ}y?zfx+0SXyP|Byj zEImni>KyK=%;OV2ZjWF=ZgqLdax?x-8dE%0wF1ePoH{x(SXMOmb!=7i?QlGS(!JJO zveQRtv)u@)0m-gcF&VF%mnV&z@ZE3n!tnA6VXl#9Lun99gAcymq~w}^_l&0h$2zsj z64YhxI+S)Cx{_yi{IL-UKatL$U`C+(9~({EIA=8jWELtp`k)ZD5j&V?Czt~Ffr2D% z#BwS zMuDWjqdHE~a80I4cT$P{w_;92r4NCF?~I`Tad1i|0`Z~nWz)=>)@n=NQ6+Z4aN!C_ z^M)vGilw@Ys#K~FpdGduZEsHUGQECDklbw@N9B!A@7WVnw6Y<)T|+d!^QvH*<;osB zNm7}{caMb0bI)3xL9t%IKG&Y+xAIe{!ew7{PEE?gQG|U=LsTF}v#U(mu9vK?=WyVQ z>6{j#gRr<+P%M>WXG(g)Xl7iZDN2wNQkHN)9E}L&nv*;xf-xnX16Q+dl_;kP!K|*= zO3W%A`AYy^q3ZokI{#v|n+xl!-OBCl}KAZ5oP5o_ahtU!)`9Rl_-1$Sdv6(0~ zJoj1?*K%>-#fMGZs4P{An)en{)&w!%L+|mQu#bUC7M8A#EZj5J%iTTp06D+4KO|k#^rS)aL_Ub^?tH*8TeQKL(a!vSe=O2- z;p@39(Rqxp=l1=}u!`Y`>$rZLe#hDtw8FnL5M`PCzWPgf*uhJue~t+X~0|nzTl}C5S1Z?e)q}SA4Rgv`ZLOD`5nRw9W_+Ox|qt z>-)B$9nO{g3>j#VLvrnd%52T<)}2$FYAf*MIQjV7ZI1LUA1Q|Np8cs>J5ZEW;o|Dp zw0hz5&?IWUa?|jwb=A(;r*hCLS!$B-$RhJ&Gy}y$5w7Gu6oyMB0ow!oDyf@Z{Ylz* z4HE~=jOjC&akD^kce;)vZ1E0bO}+ISg-URsW81lwB+mX)lt*a`lP?W5St?S1?HTF= z#BzgndKfSAiR=*lP6b1s&~4>6Bi{v)7sxZ!mnkrirqvT00i>}YR!lvI6;x#X;^) z4C~IxyaaL-l0AZa85pWm85kOx85n;42hu?CQUeBtR|yOZRx=nF#PcV`A9Vw&WlQpQ zcVYMsf(!O8p9~b?EbxddW?xIlwNTJS%Ew6ynIR_TowN}4oXazc4ty4DDAI5~uvsAMEK z)*N~BPp9lz+P5ccMGp+B&;L!^H`CI1v$IK=Z@&Pha_VFqKH}d*!#wM|IwIm8+_E zrc2>ip+e@^s6!Q^9QvH$g1?6SSJw(>3w5WcDUuVHzUodqm$tHClJd8I+vdApNPe)qRhsvBE$CnQ-vI#wt~VXx^96gNM3NmY1~5;`niN-7lDIo^PnDTxmCDQ3 zB?s3iCI{~`vy@@1_O1Kob>-I8Nn3LEhkMCv(p%2Ca7u6gV?eCW==f_e8~+DJPk;?q8Qy_n5TLvr7BrqQ+UStIPG~ zPdnN@iL>V1lP%19RMtmT&OPsSHM`c>Abmz~WaclG7pzhTjP3i`vJUVVdCm~6=Knmp}uRhfKyj)7jP^QIs#fsQ##u77%4KixOspxUeau%O@3mo^-e@_EN{K&8hpBbZB~;vN54 z?khODM&FPJrd!n#*NBpo#FA92|wMfhzz2 literal 0 HcmV?d00001 diff --git a/core/res/res/drawable-xhdpi/stat_sys_certificate_info.png b/core/res/res/drawable-xhdpi/stat_sys_certificate_info.png new file mode 100644 index 0000000000000000000000000000000000000000..3c93ea00860d7d34823cddbc3b5c030d8b8b6aed GIT binary patch literal 1946 zcmZ`)dpOgJAO3C(>3(ysP)bV1IOIM@hS{vqMhFQ-Zc&aAn@c!o3dfePj{8BH&@#ii zAd^eBbjT%@vSP@LW&GBkzdz3NdEU?ayzleApMO7@7&KzLqM9NA0Nb4$?XgmZ{(^#> zbmPHm=~9vnhNIvBKqqfq_lHO|C>o2f10MEk%u0o3fFl+K00bQXAf^Do+NPAH{&ndU zz8?UXQvg6Y;;!#Y2WeLBA`)Q_Z2lS=t13_GY>9OAj0S+Mdw&50+`F$LO_81K;qI3w zc=vp&E6%ABOCw5Qd4w(v7xk(-)niRDZHp1#C*jGuT6z`R4D|FeG#jwFjxu+`wHNfn zPj#JBw7ZWu9Wj&@hBqDR)m29gM=fU~f*aRP$J_YSHLoNNm``q4<)vR(^#~ORd<2A~ z5mCE9#NIq@9O_y3#&~;3Io=nzWq3g%M8VWg!0P`|DdqGn2Wj$rEowF0{N+(HF-smQ zr850;r$GHOEubopI&l*)0J(ybKr3J*>8<5ppkGZUgz7=;Oh}&scLsK*lgKj4z_FYM zV~`7=gP=sn`?s8|w zSyoQeUZ`q++~_gZOq<6>xNoYQ9O8Uz;DxEihGUW0*NW^u-FoCiV)8gA)*XrmM!Xrl zNxNfH#GXP|>cpa@wd&V?l#cC7N6&=lW_Aa6plRv`H)z}3QH66G@ou+M6tej9HEEZJ z)<=?StF7xwl#^TcW_F`4+P;nAHSXk_@R9HgWnNbOj$9{-K@Yx$Lt2}xF8aaRKMzfH zp!X)w`*yv*JSVCdkdKu-CgAAvj#|&Ua>Po)S=+C7uJRwSO->O*LFeD@tMIOASMy#u z7Eq75A|sTKi^AVTj~n(MsueQ1OzuzK81J=em5Iao)K%|^q|@X>S$5fPtoiY|A<5|XL6rz+1W;7dfYX=x%eGq5^B_Uz!sE55%lL+p%u zQIh?bv>Wqu@weeCT+Yb#p{@KgXZT3&@9cy^i~da<6H}IGqx*p&uE`#z+7cO)^`!o? zdXo3r%4>f%tH2k=o`Hzmg(1QpeED?9qAbn~Z?$WB@y$6p#))OBuyE!1ZqpB4ZpC&1 zU-wmPXfMQgEmQVjwjWO$-*LZmGyYEglWuO@kyPy}P&>$5K?5=YyoWoNBC%%24-n;v zp-Tz)gG|X!_TOjS=TPv@2dBmR3iNvtTwXOKZr<880u=6Qw4x{U2TwK@n+IA-Wt(_bxUW zG*?>n1kjx1`aOPbl#cs%EVU}eM`_)?YT{2u$HB(JoRh*m7`fIR!6HL_#R49WCM963^xtCT@v2C$w6(c0XI(Mt(i%qaE4 z1IWH4OEzuqqvCygIdv)fds9x5EmSq217KI>rcrP_>3LitD5dIJaPc&4Ay#MBLvGb# zA!K8`7GkDgc|XYjVAlR@*qUnmxBS&3*EbX`-yPK&9LQRMMp6wffsLSFzOfTNpr*#l zS9Cf%oYwYvGWLV>3q*I;UGA#;6n!ZUNujrWLiL)|FY9Esm9TdcOcz{mk5I!$Dwkx+ zil_-nj6C=)!r@5qHoN>~|A2#Ey7U!dka?ot%PZ;Sbt_D^`H5q2z8s@CAB{8zh4;!< zy$V)xGHkXXrz5nUF#3;9S$I<980q^;=Vt#v9v2m0cHH2(;wru{rW2X1ZdSf5j8yv0gaW7G})5tQ0zT+wTEj;a7Nbp&1^#BV1)-~KJo_I*%D z`2Keh1OrSj>#cR-ON=T$W=8MBbbNYI;Mh`cw2>s)5s;-)un}lBbfhdj^ zaw@^=<-HAA+GvvlvQH@Y^ z*9z|{KG5$}_v+CAN(Rm+W-Q0tteg(it9K16)O5_F3UIn!q{l>3{}WDYF*t{#DOHY$3!F)t;CJ19d**_( z;-vpdC+3Vt%q9PrK=XiWfl>mDpoTDg=xKdJBX>hnb3+qzn6W<8)Eo*89r`o-{|aFd am#zfG{dYkv+vwNl1)R>H?H}6tCI1hT&z;i% literal 0 HcmV?d00001 diff --git a/core/res/res/drawable-xxhdpi/stat_sys_certificate_info.png b/core/res/res/drawable-xxhdpi/stat_sys_certificate_info.png new file mode 100644 index 0000000000000000000000000000000000000000..d96ef640bdc6669803017798b32c14623dfcd903 GIT binary patch literal 4141 zcmV+|5Yq37P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z000G8Nklhg3 zu(_PgxqGekJA3c5zt*XfL`|Y)L=8a=Pz_KGP#I-p8FbbGbAScFOyDkHDsU6f1k?kU zfb+m#z!Bg8a0uuD_5me(v(%O7E!G4)ZfPMfaTsNt26h5pSUO+LfMx?P0#6yF&~hHw z47_7CE4)ZbBF&Z5Eh(eYNXGQt6WW*1HE2Ar4pGBGLb2YsXVQ)tg zfR;okTU()UuBLSnb}tDDXuPD89wi?Ic4mU4>Gm74+z&mrpD@3I0D8}(V1K|4xy8mS z?)ar8Q2F(ee)jnAZU{hgBwcX|z9gwV;1lkSXa-*f)X{EsXUi2yvxf`lGmqgL0ylwk z5r8fP*0aH*W6N-6^Rs~c&dmHMaCgi}W?cElX79fBp5}mh8f|s*j;y>4&<-3dW=;Af z&pmGjh6C_TME+NS^;|UjT?Q+Pnawv#>T{~&aY>^Scok2Sv`x}w({owUR?82qtKR&` zmOk@$$o;u$&?3(=X$R1sz{2KfTTiM7Cfn~~%MUG=%nx_Xd{LoIY>9K70X8MPxIX}# zvfm_SlV@jSaUm;;Bkk#p%gXBk9!$}e*Dm0Jtn0J3^)wKt2F-Qg0PIN6*e+X>c2ie^ zI$eLpncuOR*u9>-?-JfOyU~-H64dGQXMS8jGd+v#yHmESyvNfI&4~+WhI4%^fw51y zE}(Iq(PtW^ zzt|dd*14`vDWK8$TFQu+Rj)avfLy=M#RcRZN}8NfK$D8CK}VeH=_v)|j`xno1>}wo zS{Yo8OOuQNTAaMYaRL42&ia9QDFZZ*p=XSKjSFaxC-0$@0rL5?J1(HTo>%>2DFgJV zXK3?FTtHVm%K;0lFG_>7nm^gH!~Bi~2;g(iy-%kE&@&$2xB70(1*qFI9$MxZeOBY> z`FYQ{ue(q{eZUqc?>1m*l>=I8eq>8m)Py|W#^GBG?q+1m%T+ukY6M z=zynfP61X|DWKIro2RcmSS%ob^$gvoTEXCcb~Q;mL${a*fVH{)6ek>NFYtkN(Agc` zX5c=;tW|&Qn+FjtKxH)WspkdLnO8@JoiIx(C4RyTNl!+c;d!HWM)6wetg=(C%OmXV zEXO(Nl@$hOWki5YqUWUZowWb>dOvAji`6I~O_6lCN}_#wOC9Y~ix*2E;_%gg2g6&e zyu>38L&vOk0ypQlC&RUv)$b`hW_2OgVpelalTO-_#x`At z2;53xQO_9$qn=+QP}Fmhar4_t95=t+^j37-yen1z<%Qa}J1PW_y9pWf^_Q{0DBwQ^ r4-#BAUw^4useNFn2B-!oQTcxWT;6_mXZgEh00000NkvXXu0mjf-+jZD literal 0 HcmV?d00001 diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 68acd8c2dcd4..b6e3a03c3cfc 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -273,6 +273,18 @@ Phone storage is full. Delete some files to free space. + + + Network may be monitored + + By an unknown third party + + By %s Me diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml index 39e712744f0b..c928a512953f 100644 --- a/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml @@ -884,6 +884,9 @@ + + + @@ -1006,6 +1009,7 @@ + diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml index 3ffa6f441231..bbfe383d5c52 100644 --- a/packages/SystemUI/res/values/strings.xml +++ b/packages/SystemUI/res/values/strings.xml @@ -500,16 +500,5 @@ Network may be monitored - - Done - - Network Monitoring - - This device is managed by: %s.\n\nYour administrator is capable of monitoring your network activity, including emails, apps, and secure websites.\n\nFor more information,contact your administrator. - - A third party is capable of monitoring your network\nactivity, including emails, apps, and secure websites.\n\nA trusted credential installed on your device is making this possible. - - Check trusted credentials + diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/QuickSettings.java b/packages/SystemUI/src/com/android/systemui/statusbar/phone/QuickSettings.java index 0d591ba3c016..9015ba9a6525 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/QuickSettings.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/QuickSettings.java @@ -192,7 +192,7 @@ class QuickSettings { mQueryCertTask = new AsyncTask>() { @Override protected Pair doInBackground(Void... params) { - boolean hasCert = mDevicePolicyManager.hasAnyCaCertsInstalled(); + boolean hasCert = DevicePolicyManager.hasAnyCaCertsInstalled(); boolean isManaged = mDevicePolicyManager.getDeviceOwner() != null; return Pair.create(hasCert, isManaged); @@ -756,7 +756,7 @@ class QuickSettings { @Override public void onClick(View v) { collapsePanels(); - showSslCaCertWarningDialog(); + startSettingsActivity(Settings.ACTION_MONITORING_CERT_INFO); } }); @@ -824,45 +824,6 @@ class QuickSettings { dialog.show(); } - private void showSslCaCertWarningDialog() { - final AlertDialog.Builder builder = new AlertDialog.Builder(mContext); - builder.setTitle(R.string.ssl_ca_cert_dialog_title); - builder.setCancelable(true); - final boolean hasDeviceOwner = mDevicePolicyManager.getDeviceOwner() != null; - int buttonLabel; - if (hasDeviceOwner) { - // Institutional case. Show informational message. - String message = mContext.getResources().getString(R.string.ssl_ca_cert_info_message, - mDevicePolicyManager.getDeviceOwnerName()); - builder.setMessage(message); - buttonLabel = R.string.done_button; - } else { - // Consumer case. Show scary warning. - builder.setMessage(R.string.ssl_ca_cert_warning_message); - buttonLabel = R.string.ssl_ca_cert_settings_button; - } - - builder.setPositiveButton(buttonLabel, new OnClickListener() { - @Override - public void onClick(DialogInterface dialog, int which) { - // do something. - if (hasDeviceOwner) { - // Close - } else { - startSettingsActivity("com.android.settings.TRUSTED_CREDENTIALS_USER"); - } - } - }); - - final Dialog dialog = builder.create(); - dialog.getWindow().setType(WindowManager.LayoutParams.TYPE_SYSTEM_ALERT); - try { - WindowManagerGlobal.getWindowManagerService().dismissKeyguard(); - } catch (RemoteException e) { - } - dialog.show(); - } - private void updateWifiDisplayStatus() { mWifiDisplayStatus = mDisplayManager.getWifiDisplayStatus(); applyWifiDisplayStatus(); diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java index 7e833965c38a..2bca7596ca31 100644 --- a/services/java/com/android/server/DevicePolicyManagerService.java +++ b/services/java/com/android/server/DevicePolicyManagerService.java @@ -18,6 +18,7 @@ package com.android.server; import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; +import com.android.internal.R; import com.android.internal.os.storage.ExternalStorageFormatter; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.JournaledFile; @@ -33,6 +34,9 @@ import android.app.Activity; import android.app.ActivityManagerNative; import android.app.AlarmManager; import android.app.AppGlobals; +import android.app.INotificationManager; +import android.app.Notification; +import android.app.NotificationManager; import android.app.PendingIntent; import android.app.admin.DeviceAdminInfo; import android.app.admin.DeviceAdminReceiver; @@ -51,6 +55,7 @@ import android.content.pm.PackageManager; import android.content.pm.Signature; import android.content.pm.PackageManager.NameNotFoundException; import android.content.pm.ResolveInfo; +import android.content.pm.UserInfo; import android.net.Uri; import android.os.AsyncTask; import android.os.Binder; @@ -123,6 +128,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { protected static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION = "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION"; + private static final int MONITORING_CERT_NOTIFICATION_ID = R.string.ssl_ca_cert_warning; + private static final boolean DBG = false; final Context mContext; @@ -130,6 +137,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { IPowerManager mIPowerManager; IWindowManager mIWindowManager; + NotificationManager mNotificationManager; private DeviceOwner mDeviceOwner; @@ -177,7 +185,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { handlePasswordExpirationNotification(getUserData(userHandle)); } }); - } else if (Intent.ACTION_USER_REMOVED.equals(action)) { + } + if (Intent.ACTION_BOOT_COMPLETED.equals(action) + || KeyChain.ACTION_STORAGE_CHANGED.equals(action)) { + manageMonitoringCertificateNotification(intent); + } + if (Intent.ACTION_USER_REMOVED.equals(action)) { removeUserData(userHandle); } else if (Intent.ACTION_USER_STARTED.equals(action) || Intent.ACTION_PACKAGE_CHANGED.equals(action) @@ -526,6 +539,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION); filter.addAction(Intent.ACTION_USER_REMOVED); filter.addAction(Intent.ACTION_USER_STARTED); + filter.addAction(KeyChain.ACTION_STORAGE_CHANGED); context.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); filter = new IntentFilter(); filter.addAction(Intent.ACTION_PACKAGE_CHANGED); @@ -635,6 +649,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return mIWindowManager; } + private NotificationManager getNotificationManager() { + if (mNotificationManager == null) { + mNotificationManager = + (NotificationManager) mContext.getSystemService(Context.NOTIFICATION_SERVICE); + } + return mNotificationManager; + } + ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) { ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who); if (admin != null @@ -1053,6 +1075,63 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } + private void manageMonitoringCertificateNotification(Intent intent) { + final NotificationManager notificationManager = getNotificationManager(); + + final boolean hasCert = DevicePolicyManager.hasAnyCaCertsInstalled(); + if (! hasCert) { + if (intent.getAction().equals(KeyChain.ACTION_STORAGE_CHANGED)) { + UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE); + for (UserInfo user : um.getUsers()) { + notificationManager.cancelAsUser( + null, MONITORING_CERT_NOTIFICATION_ID, user.getUserHandle()); + } + } + return; + } + final boolean isManaged = getDeviceOwner() != null; + int smallIconId; + String contentText; + if (isManaged) { + contentText = mContext.getString(R.string.ssl_ca_cert_noti_managed, + getDeviceOwnerName()); + smallIconId = R.drawable.stat_sys_certificate_info; + } else { + contentText = mContext.getString(R.string.ssl_ca_cert_noti_by_unknown); + smallIconId = android.R.drawable.stat_sys_warning; + } + + Intent dialogIntent = new Intent(Settings.ACTION_MONITORING_CERT_INFO); + dialogIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + dialogIntent.setPackage("com.android.settings"); + // Notification will be sent individually to all users. The activity should start as + // whichever user is current when it starts. + PendingIntent notifyIntent = PendingIntent.getActivityAsUser(mContext, 0, dialogIntent, + PendingIntent.FLAG_UPDATE_CURRENT, null, UserHandle.CURRENT); + + Notification noti = new Notification.Builder(mContext) + .setSmallIcon(smallIconId) + .setContentTitle(mContext.getString(R.string.ssl_ca_cert_warning)) + .setContentText(contentText) + .setContentIntent(notifyIntent) + .setPriority(Notification.PRIORITY_HIGH) + .setShowWhen(false) + .build(); + + // If this is a boot intent, this will fire for each user. But if this is a storage changed + // intent, it will fire once, so we need to notify all users. + if (intent.getAction().equals(KeyChain.ACTION_STORAGE_CHANGED)) { + UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE); + for (UserInfo user : um.getUsers()) { + notificationManager.notifyAsUser( + null, MONITORING_CERT_NOTIFICATION_ID, noti, user.getUserHandle()); + } + } else { + notificationManager.notifyAsUser( + null, MONITORING_CERT_NOTIFICATION_ID, noti, UserHandle.CURRENT); + } + } + /** * @param adminReceiver The admin to add * @param refreshing true = update an active admin, no error -- 2.11.0