Support lockdown whitelisting in TestDPC.

Pavel Grafov · Pavel Grafov · commit c6026e1b85d3 · 2019-01-31T20:14:20.000Z
Test: manual
Bug: 77468593
Change-Id: Ic3634b0fd9bedb29a74b5e93b405b8abc69f34a4
diff --git a/app/src/main/java/com/afwsamples/testdpc/common/SelectAppFragment.java b/app/src/main/java/com/afwsamples/testdpc/common/SelectAppFragment.java
@@ -65,9 +65,9 @@ public View onCreateView(LayoutInflater layoutInflater, ViewGroup container,
             Bundle savedInstanceState) {
         View view = layoutInflater.inflate(R.layout.select_app, null);
 
-        mCurrentSelectedPackage = (EditText) view.findViewById(R.id.selected_package_current);
-        mNewSelectedPackage = (EditText) view.findViewById(R.id.selected_package_new);
-        mAppListView = (ListView) view.findViewById(R.id.select_app_list);
+        mCurrentSelectedPackage = view.findViewById(R.id.selected_package_current);
+        mNewSelectedPackage = view.findViewById(R.id.selected_package_new);
+        mAppListView = view.findViewById(R.id.select_app_list);
         AppInfoArrayAdapter appInfoArrayAdapter = new AppInfoArrayAdapter(getActivity(),
                 R.id.pkg_name, mAppPackages, true);
         mAppListView.setAdapter(appInfoArrayAdapter);
@@ -93,6 +93,10 @@ protected List<String> createAppList() {
         return appList;
     }
 
+    protected ViewGroup getExtensionLayout(View rootView) {
+       return rootView.findViewById(R.id.extension);
+    }
+
     @Override
     public void onClick(View v) {
         switch (v.getId()) {
@@ -108,7 +112,7 @@ public void onClick(View v) {
         }
     }
 
-    private void reloadSelectedPackage() {
+    protected void reloadSelectedPackage() {
         String selectedPackage = getSelectedPackage();
         if (selectedPackage == null) {
             mCurrentSelectedPackage.setText("");
diff --git a/app/src/main/java/com/afwsamples/testdpc/policy/networking/AlwaysOnVpnFragment.java b/app/src/main/java/com/afwsamples/testdpc/policy/networking/AlwaysOnVpnFragment.java
@@ -16,6 +16,8 @@
 
 package com.afwsamples.testdpc.policy.networking;
 
+import static com.afwsamples.testdpc.common.Util.isAtLeastQ;
+
 import android.annotation.TargetApi;
 import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
@@ -27,15 +29,23 @@
 import android.os.Build;
 import android.os.Bundle;
 import android.util.Log;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.CheckBox;
+import android.widget.EditText;
+import android.widget.Toast;
 
 import com.afwsamples.testdpc.DeviceAdminReceiver;
 import com.afwsamples.testdpc.R;
 import com.afwsamples.testdpc.common.SelectAppFragment;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * This fragment provides a setting for always-on VPN apps.
@@ -49,14 +59,20 @@
 @TargetApi(Build.VERSION_CODES.N)
 public class AlwaysOnVpnFragment extends SelectAppFragment {
     private static final String TAG = "AlwaysOnVpnFragment";
+
     private DevicePolicyManager mDpm;
 
+    private CheckBox mLockdown;
+    private EditText mExemptedPackages;
+
     private static final Intent VPN_INTENT = new Intent(VpnService.SERVICE_INTERFACE);
+    private ComponentName mWho;
 
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
         mDpm = (DevicePolicyManager) getContext().getSystemService(Context.DEVICE_POLICY_SERVICE);
+        mWho = DeviceAdminReceiver.getComponentName(getActivity());
     }
 
     @Override
@@ -65,6 +81,23 @@ public void onResume() {
         getActivity().getActionBar().setTitle(R.string.set_always_on_vpn);
     }
 
+    @Override
+    public View onCreateView(LayoutInflater layoutInflater, ViewGroup container,
+            Bundle savedInstanceState) {
+        final View view = super.onCreateView(layoutInflater, container, savedInstanceState);
+
+        if (isAtLeastQ()) {
+            final ViewGroup extension = getExtensionLayout(view);
+            extension.setVisibility(View.VISIBLE);
+            layoutInflater.inflate(R.layout.lockdown_settings, extension);
+            mLockdown = view.findViewById(R.id.enable_lockdown);
+            mExemptedPackages = view.findViewById(R.id.exempted_packages);
+            mLockdown.setOnCheckedChangeListener(
+                    (unused, checked) -> mExemptedPackages.setEnabled(checked));
+        }
+        return view;
+    }
+
     @Override
     protected List<String> createAppList() {
         Set<String> apps = new HashSet<>();
@@ -79,16 +112,54 @@ protected List<String> createAppList() {
         return new ArrayList<>(apps);
     }
 
+    @Override
+    protected void reloadSelectedPackage() {
+        super.reloadSelectedPackage();
+        if (isAtLeastQ()) {
+            updateLockdown();
+        }
+    }
+
+    @TargetApi(Build.VERSION_CODES.Q)
+    private void updateLockdown() {
+        mLockdown.setChecked(mDpm.isAlwaysOnVpnLockdownEnabled(mWho));
+        final List<String> exemptedPackages = mDpm.getAlwaysOnVpnLockdownWhitelist(mWho);
+        mExemptedPackages.setText(
+                exemptedPackages != null ? String.join(",", exemptedPackages) : "");
+    }
+
     @Override
     protected void setSelectedPackage(String pkg) {
         try {
-            final ComponentName who = DeviceAdminReceiver.getComponentName(getActivity());
-            mDpm.setAlwaysOnVpnPackage(who, pkg, /* lockdownEnabled */ true);
-        } catch (PackageManager.NameNotFoundException | UnsupportedOperationException e) {
+            if (isAtLeastQ()) {
+                setAlwaysOnVpnPackageQPlus(pkg);
+            } else {
+                mDpm.setAlwaysOnVpnPackage(mWho, pkg, /* lockdownEnabled */ true);
+            }
+        } catch (PackageManager.NameNotFoundException e) {
+            final String text = "Package not found: " + e.getMessage();
+            Toast.makeText(getActivity(), text, Toast.LENGTH_SHORT).show();
+            Log.e(TAG, "setAlwaysOnVpnPackage:", e);
+        } catch (UnsupportedOperationException e) {
+            Toast.makeText(getActivity(), "App doesn't support always-on VPN", Toast.LENGTH_SHORT)
+                    .show();
             Log.e(TAG, "setAlwaysOnVpnPackage:", e);
         }
     }
 
+    @TargetApi(Build.VERSION_CODES.Q)
+    private void setAlwaysOnVpnPackageQPlus(String pkg)
+            throws PackageManager.NameNotFoundException {
+        final boolean lockdown = mLockdown.isChecked();
+        final List<String> packages = lockdown ?
+                Arrays.stream(mExemptedPackages.getText().toString().split(","))
+                        .map(String::trim)
+                        .filter(s -> !s.isEmpty())
+                        .collect(Collectors.toList())
+                : null;
+        mDpm.setAlwaysOnVpnPackage(mWho, pkg, lockdown, packages);
+    }
+
     @Override
     protected void clearSelectedPackage() {
         setSelectedPackage(null);
diff --git a/app/src/main/res/layout/lockdown_settings.xml b/app/src/main/res/layout/lockdown_settings.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright 2019 The Android Open Source Project
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<LinearLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="wrap_content"
+    android:orientation="vertical">
+
+    <CheckBox
+        android:id="@+id/enable_lockdown"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:text="@string/vpn_lockdown"/>
+
+    <LinearLayout
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="horizontal">
+
+        <TextView
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:text="@string/vpn_exempted_packages"/>
+
+        <EditText
+            android:id="@+id/exempted_packages"
+            android:layout_width="fill_parent"
+            android:layout_height="wrap_content"/>
+
+    </LinearLayout>
+
+</LinearLayout>
diff --git a/app/src/main/res/layout/select_app.xml b/app/src/main/res/layout/select_app.xml
@@ -48,6 +48,14 @@ limitations under the License.
             android:layout_weight="1">
     </ListView>
 
+    <!-- For extension by subclasses of SelectAppFragment -->
+    <FrameLayout
+        android:id="@+id/extension"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="vertical">
+    </FrameLayout>
+
     <EditText
             android:id="@+id/selected_package_new"
             android:layout_width="fill_parent"
@@ -69,4 +77,5 @@ limitations under the License.
             android:layout_height="50dip"
             android:text="@string/selected_package_clear" />
     </LinearLayout>
+
 </LinearLayout>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -1091,4 +1091,7 @@
     <string name="dpc_policy_compliance_title">Dpc policy compliance</string>
     <string name="dpc_policy_compliance_explanation">TestDPC setup is completed.</string>
 
+    <string name="vpn_exempted_packages">Exempted packages</string>
+    <string name="vpn_lockdown">Lockdown</string>
+
 </resources>
