mdm: update MDMSettings (and syspolicy) when application restrictions change (#571)

nickkhyl · web-flow · commit d512aeffd12d · 2024-11-22T12:56:29.000-06:00
In this PR, we update the Android app to register a broadcast receiver that listens for android.content.Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED and updates MDMSettings whenever a change occurs. This, in turn, notifies the Go backend and causes it to reload syspolicy, ensuring it reflects the updated MDM settings. Updates tailscale/tailscale#12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>
diff --git a/android/src/main/java/com/tailscale/ipn/App.kt b/android/src/main/java/com/tailscale/ipn/App.kt
@@ -26,6 +26,7 @@ import androidx.lifecycle.ViewModelStoreOwner
 import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKey
 import com.tailscale.ipn.mdm.MDMSettings
+import com.tailscale.ipn.mdm.MDMSettingsChangedReceiver
 import com.tailscale.ipn.ui.localapi.Client
 import com.tailscale.ipn.ui.localapi.Request
 import com.tailscale.ipn.ui.model.Ipn
@@ -71,6 +72,7 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
 
   val dns = DnsConfig()
   private lateinit var connectivityManager: ConnectivityManager
+  private lateinit var mdmChangeReceiver: MDMSettingsChangedReceiver
   private lateinit var app: libtailscale.Application
 
   override val viewModelStore: ViewModelStore
@@ -101,6 +103,11 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     super.onCreate()
     appInstance = this
     setUnprotectedInstance(this)
+
+    mdmChangeReceiver = MDMSettingsChangedReceiver()
+    val filter = IntentFilter(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED)
+    registerReceiver(mdmChangeReceiver, filter)
+
     createNotificationChannel(
         STATUS_CHANNEL_ID,
         getString(R.string.vpn_status),
@@ -124,6 +131,7 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
     notificationManager.cancelAll()
     applicationScope.cancel()
     viewModelStore.clear()
+    unregisterReceiver(mdmChangeReceiver)
   }
 
   @Volatile private var isInitialized = false
diff --git a/android/src/main/java/com/tailscale/ipn/mdm/MDMSettingsChangedReceiver.kt b/android/src/main/java/com/tailscale/ipn/mdm/MDMSettingsChangedReceiver.kt
@@ -0,0 +1,21 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package com.tailscale.ipn.mdm
+
+import android.content.BroadcastReceiver
+import android.content.Context
+import android.content.Intent
+import android.content.RestrictionsManager
+import com.tailscale.ipn.App
+import com.tailscale.ipn.util.TSLog
+
+class MDMSettingsChangedReceiver : BroadcastReceiver() {
+    override fun onReceive(context: Context?, intent: Intent?) {
+        if (intent?.action == android.content.Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED) {
+            TSLog.d("syspolicy", "MDM settings changed")
+            val restrictionsManager = context?.getSystemService(Context.RESTRICTIONS_SERVICE) as RestrictionsManager
+            MDMSettings.update(App.get(), restrictionsManager)
+        }
+    }
+}
