1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
|
/*
* Copyright 2014, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.managedprovisioning;
import android.app.admin.DevicePolicyManager;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ActivityInfo;
import android.content.pm.ApplicationInfo;
import android.content.pm.IPackageManager;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.UserInfo;
import android.graphics.drawable.Drawable;
import android.os.AsyncTask;
import android.os.Binder;
import android.os.Bundle;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings.Global;
import android.provider.Settings.Secure;
import android.text.TextUtils;
import android.util.Base64;
import java.io.IOException;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME;
import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME;
import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
/**
* Class containing various auxiliary methods.
*/
public class Utils {
private Utils() {}
public static Set<String> getCurrentSystemApps(int userId) {
IPackageManager ipm = IPackageManager.Stub.asInterface(ServiceManager
.getService("package"));
Set<String> apps = new HashSet<String>();
List<ApplicationInfo> aInfos = null;
try {
aInfos = ipm.getInstalledApplications(
PackageManager.GET_UNINSTALLED_PACKAGES, userId).getList();
} catch (RemoteException neverThrown) {
ProvisionLogger.loge("This should not happen.", neverThrown);
}
for (ApplicationInfo aInfo : aInfos) {
if ((aInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
apps.add(aInfo.packageName);
}
}
return apps;
}
public static void disableComponent(ComponentName toDisable, int userId) {
try {
IPackageManager ipm = IPackageManager.Stub.asInterface(ServiceManager
.getService("package"));
ipm.setComponentEnabledSetting(toDisable,
PackageManager.COMPONENT_ENABLED_STATE_DISABLED, PackageManager.DONT_KILL_APP,
userId);
} catch (RemoteException neverThrown) {
ProvisionLogger.loge("This should not happen.", neverThrown);
} catch (Exception e) {
ProvisionLogger.logw("Component not found, not disabling it: "
+ toDisable.toShortString());
}
}
/**
* Exception thrown when the provisioning has failed completely.
*
* We're using a custom exception to avoid catching subsequent exceptions that might be
* significant.
*/
public static class IllegalProvisioningArgumentException extends Exception {
public IllegalProvisioningArgumentException(String message) {
super(message);
}
public IllegalProvisioningArgumentException(String message, Throwable t) {
super(message, t);
}
}
/**
* Check the validity of the admin component name supplied, or try to infer this componentName
* from the package.
*
* We are supporting lookup by package name for legacy reasons.
*
* If mdmComponentName is supplied (not null):
* mdmPackageName is ignored.
* Check that the package of mdmComponentName is installed, that mdmComponentName is a
* receiver in this package, and return it.
*
* Otherwise:
* mdmPackageName must be supplied (not null).
* Check that this package is installed, try to infer a potential device admin in this package,
* and return it.
*/
public static ComponentName findDeviceAdmin(String mdmPackageName,
ComponentName mdmComponentName, Context c) throws IllegalProvisioningArgumentException {
if (mdmComponentName != null) {
mdmPackageName = mdmComponentName.getPackageName();
}
if (mdmPackageName == null) {
throw new IllegalProvisioningArgumentException("Neither the package name nor the"
+ " component name of the admin are supplied");
}
PackageInfo pi;
try {
pi = c.getPackageManager().getPackageInfo(mdmPackageName,
PackageManager.GET_RECEIVERS);
} catch (NameNotFoundException e) {
throw new IllegalProvisioningArgumentException("Mdm "+ mdmPackageName
+ " is not installed. ", e);
}
if (mdmComponentName != null) {
// If the component was specified in the intent: check that it is in the manifest.
checkAdminComponent(mdmComponentName, pi);
return mdmComponentName;
} else {
// Otherwise: try to find a potential device admin in the manifest.
return findDeviceAdminInPackage(mdmPackageName, pi);
}
}
private static void checkAdminComponent(ComponentName mdmComponentName, PackageInfo pi)
throws IllegalProvisioningArgumentException{
for (ActivityInfo ai : pi.receivers) {
if (mdmComponentName.getClassName().equals(ai.name)) {
return;
}
}
throw new IllegalProvisioningArgumentException("The component " + mdmComponentName
+ " cannot be found");
}
private static ComponentName findDeviceAdminInPackage(String mdmPackageName, PackageInfo pi)
throws IllegalProvisioningArgumentException {
ComponentName mdmComponentName = null;
for (ActivityInfo ai : pi.receivers) {
if (!TextUtils.isEmpty(ai.permission) &&
ai.permission.equals(android.Manifest.permission.BIND_DEVICE_ADMIN)) {
if (mdmComponentName != null) {
throw new IllegalProvisioningArgumentException("There are several "
+ "device admins in " + mdmPackageName + " but no one in specified");
} else {
mdmComponentName = new ComponentName(mdmPackageName, ai.name);
}
}
}
if (mdmComponentName == null) {
throw new IllegalProvisioningArgumentException("There are no device admins in"
+ mdmPackageName);
}
return mdmComponentName;
}
public static MdmPackageInfo getMdmPackageInfo(PackageManager pm, String packageName) {
if (packageName != null) {
try {
ApplicationInfo ai = pm.getApplicationInfo(packageName, /* default flags */ 0);
if (ai != null) {
return new MdmPackageInfo(pm.getApplicationIcon(packageName),
pm.getApplicationLabel(ai).toString());
}
} catch (PackageManager.NameNotFoundException e) {
// Package does not exist, ignore. Should never happen.
ProvisionLogger.loge("Package does not exist. Should never happen.");
}
}
return null;
}
/**
* Information relating to the currently installed MDM package manager.
*/
public static final class MdmPackageInfo {
private final Drawable packageIcon;
private final String appLabel;
private MdmPackageInfo(Drawable packageIcon, String appLabel) {
this.packageIcon = packageIcon;
this.appLabel = appLabel;
}
public String getAppLabel() {
return appLabel;
}
public Drawable getPackageIcon() {
return packageIcon;
}
}
public static boolean isCurrentUserOwner() {
return UserHandle.myUserId() == UserHandle.USER_OWNER;
}
public static boolean hasDeviceOwner(Context context) {
DevicePolicyManager dpm =
(DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
return !TextUtils.isEmpty(dpm.getDeviceOwner());
}
public static boolean hasDeviceInitializer(Context context) {
DevicePolicyManager dpm =
(DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
return dpm != null && dpm.getDeviceInitializerApp() != null;
}
public static boolean isManagedProfile(Context context) {
UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
UserInfo user = um.getUserInfo(UserHandle.myUserId());
return user != null ? user.isManagedProfile() : false;
}
/**
* Returns true if the given package does not exist on the device or if its version code is less
* than the given version, and false otherwise.
*/
public static boolean packageRequiresUpdate(String packageName, int minSupportedVersion,
Context context) {
try {
PackageInfo packageInfo = context.getPackageManager().getPackageInfo(packageName, 0);
if (packageInfo.versionCode >= minSupportedVersion) {
return false;
}
} catch (NameNotFoundException e) {
// Package not on device.
}
return true;
}
public static byte[] stringToByteArray(String s)
throws NumberFormatException {
try {
return Base64.decode(s, Base64.URL_SAFE);
} catch (IllegalArgumentException e) {
throw new NumberFormatException("Incorrect format. Should be Url-safe Base64 encoded.");
}
}
public static String byteArrayToString(byte[] bytes) {
return Base64.encodeToString(bytes, Base64.URL_SAFE | Base64.NO_PADDING | Base64.NO_WRAP);
}
public static void markDeviceProvisioned(Context context) {
if (isCurrentUserOwner()) {
// This only needs to be set once per device
Global.putInt(context.getContentResolver(), Global.DEVICE_PROVISIONED, 1);
}
// Setting this flag will either cause Setup Wizard to finish immediately when it starts (if
// it is not already running), or when its next activity starts (if it is already running,
// e.g. the non-NFC flow).
// When either of these things happen, a home intent is fired. We catch that in
// HomeReceiverActivity before sending the intent to notify the mdm that provisioning is
// complete.
// Note that, in the NFC flow or for secondary users, setting this flag will prevent the
// user from seeing SUW, even if no other device initialization app was specified.
Secure.putInt(context.getContentResolver(), Secure.USER_SETUP_COMPLETE, 1);
}
public static boolean isUserSetupCompleted(Context context) {
return Secure.getInt(context.getContentResolver(), Secure.USER_SETUP_COMPLETE, 0) != 0;
}
public static UserHandle getManagedProfile(Context context) {
UserManager userManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
int currentUserId = userManager.getUserHandle();
List<UserInfo> userProfiles = userManager.getProfiles(currentUserId);
for (UserInfo profile : userProfiles) {
if (profile.isManagedProfile()) {
return new UserHandle(profile.id);
}
}
return null;
}
/**
* @return The User id of an already existing managed profile or -1 if none
* exists
*/
public static int alreadyHasManagedProfile(Context context) {
UserHandle managedUser = getManagedProfile(context);
if (managedUser != null) {
return managedUser.getIdentifier();
} else {
return -1;
}
}
public static void removeAccount(Context context, Account account) {
try {
AccountManager accountManager =
(AccountManager) context.getSystemService(Context.ACCOUNT_SERVICE);
AccountManagerFuture<Bundle> bundle = accountManager.removeAccount(account,
null, null /* callback */, null /* handler */);
// Block to get the result of the removeAccount operation
if (bundle.getResult().getBoolean(AccountManager.KEY_BOOLEAN_RESULT, false)) {
ProvisionLogger.logw("Account removed from the primary user.");
} else {
Intent removeIntent = (Intent) bundle.getResult().getParcelable(
AccountManager.KEY_INTENT);
if (removeIntent != null) {
ProvisionLogger.logi("Starting activity to remove account");
TrampolineActivity.startActivity(context, removeIntent);
} else {
ProvisionLogger.logw("Could not remove account from the primary user.");
}
}
} catch (OperationCanceledException | AuthenticatorException | IOException e) {
ProvisionLogger.logw("Exception removing account from the primary user.", e);
}
}
public static boolean isFrpSupported(Context context) {
Object pdbManager = context.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
return pdbManager != null;
}
}
|
