1ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz/* 2ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Copyright 2016, The Android Open Source Project 3ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 4ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Licensed under the Apache License, Version 2.0 (the "License"); 5ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * you may not use this file except in compliance with the License. 6ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * You may obtain a copy of the License at 7ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 8ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * http://www.apache.org/licenses/LICENSE-2.0 9ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 10ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Unless required by applicable law or agreed to in writing, software 11ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * distributed under the License is distributed on an "AS IS" BASIS, 12ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * See the License for the specific language governing permissions and 14ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * limitations under the License. 15ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 16ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 17ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzpackage com.android.managedprovisioning.uiflows; 18ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 19ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE; 20ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE; 21ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport static com.android.internal.util.Preconditions.checkNotNull; 22c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franzimport static com.android.managedprovisioning.common.Globals.ACTION_RESUME_PROVISIONING; 23ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 24ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.annotation.NonNull; 25ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.annotation.Nullable; 26ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.app.ActivityManager; 27ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.app.admin.DevicePolicyManager; 28ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.app.KeyguardManager; 29ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.content.ComponentName; 30ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.content.Context; 31ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.content.Intent; 32ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.content.pm.ApplicationInfo; 33ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.content.pm.PackageManager; 34ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.content.pm.UserInfo; 35ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.os.AsyncTask; 36ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.os.UserHandle; 37ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.os.UserManager; 38ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.provider.Settings.Global; 39ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.service.persistentdata.PersistentDataBlockManager; 40ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport android.text.TextUtils; 41ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 42ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport com.android.internal.annotations.VisibleForTesting; 43ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport com.android.managedprovisioning.common.IllegalProvisioningArgumentException; 44ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport com.android.managedprovisioning.common.Utils; 457079df5a3fb155947004843ee8ec25b36127e3edSteven Ngimport com.android.managedprovisioning.model.ProvisioningParams; 467079df5a3fb155947004843ee8ec25b36127e3edSteven Ngimport com.android.managedprovisioning.parser.MessageParser; 47ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport com.android.managedprovisioning.ProvisionLogger; 48ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport com.android.managedprovisioning.R; 49ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 50ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzimport java.util.List; 51ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 52ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franzpublic class PreProvisioningController { 53ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final Context mContext; 54ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final Ui mUi; 55ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final MessageParser mMessageParser; 56ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final Utils mUtils; 570a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz private final EncryptionController mEncryptionController; 58ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 59ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // used system services 60ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final DevicePolicyManager mDevicePolicyManager; 61ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final UserManager mUserManager; 62ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final PackageManager mPackageManager; 63ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final ActivityManager mActivityManager; 64ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final KeyguardManager mKeyguardManager; 65ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private final PersistentDataBlockManager mPdbManager; 66ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 67ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private ProvisioningParams mParams; 68ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private boolean mIsProfileOwnerProvisioning; 69ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 70ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public PreProvisioningController( 71ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @NonNull Context context, 72ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @NonNull Ui ui) { 730a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz this(context, ui, new MessageParser(), new Utils(), 740a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz EncryptionController.getInstance(context)); 75ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 76ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 77ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @VisibleForTesting 78ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz PreProvisioningController( 79ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @NonNull Context context, 80ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @NonNull Ui ui, 81ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @NonNull MessageParser parser, 820a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz @NonNull Utils utils, 830a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz @NonNull EncryptionController encryptionController) { 84ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mContext = checkNotNull(context, "Context must not be null"); 85ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi = checkNotNull(ui, "Ui must not be null"); 86ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mMessageParser = checkNotNull(parser, "MessageParser must not be null"); 87ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUtils = checkNotNull(utils, "Utils must not be null"); 880a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz mEncryptionController = checkNotNull(encryptionController, 890a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz "EncryptionController must not be null"); 90ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 91ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mDevicePolicyManager = (DevicePolicyManager) mContext.getSystemService( 92ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz Context.DEVICE_POLICY_SERVICE); 93ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); 94ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mPackageManager = mContext.getPackageManager(); 95ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE); 96ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mKeyguardManager = (KeyguardManager) mContext.getSystemService(Context.KEYGUARD_SERVICE); 97ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mPdbManager = (PersistentDataBlockManager) mContext.getSystemService( 98ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz Context.PERSISTENT_DATA_BLOCK_SERVICE); 99ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 100ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 101ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz interface Ui { 102ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 103ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Show an error message and cancel provisioning. 104ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 105ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param resId resource id used to form the user facing error message 106ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param errorMessage an error message that gets logged for debugging 107ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 108ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void showErrorAndClose(int resId, String errorMessage); 109ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 110ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 111ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Request the user to encrypt the device. 112ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 113ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param params the {@link ProvisioningParams} object related to the ongoing provisioning 114ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 115ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void requestEncryption(ProvisioningParams params); 116ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 117ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 118ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Request the user to choose a wifi network. 119ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 120ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void requestWifiPick(); 121ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 122ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 123ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Initialize the pre provisioning UI with the mdm info and the relevant strings. 124ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 125ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param headerRes resource id for the header text 126ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param titleRes resource id for the title text 127ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param consentRes resource id of the consent text 128ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param mdmInfoRes resource id for the mdm info text 129ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param params the {@link ProvisioningParams} object related to the ongoing provisioning 130ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 131ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void initiateUi(int headerRes, int titleRes, int consentRes, int mdmInfoRes, 132ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ProvisioningParams params); 133ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 134ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 135ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Start device owner provisioning. 136ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 137ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param userId the id of the user we want to start provisioning on 138ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param params the {@link ProvisioningParams} object related to the ongoing provisioning 139ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 140ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void startDeviceOwnerProvisioning(int userId, ProvisioningParams params); 141ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 142ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 143ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Start profile owner provisioning. 144ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 145ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param params the {@link ProvisioningParams} object related to the ongoing provisioning 146ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 147ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void startProfileOwnerProvisioning(ProvisioningParams params); 148ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 149ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 150ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Show a user consent dialog. 151ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 152ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param params the {@link ProvisioningParams} object related to the ongoing provisioning 153ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param isProfileOwnerProvisioning whether we're provisioning a profile owner 154ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 155ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void showUserConsentDialog(ProvisioningParams params, boolean isProfileOwnerProvisioning); 156ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 157ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 158ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Show a dialog to delete an existing managed profile. 159ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 160ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param mdmPackageName the {@link ComponentName} of the existing profile's profile owner 161ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param domainName domain name of the organization which owns the managed profile 162ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 163ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param userId the user id of the existing profile 164ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 165ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void showDeleteManagedProfileDialog(ComponentName mdmPackageName, String domainName, 166ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz int userId); 167ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 168ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 169ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Show an error dialog indicating that the current launcher does not support managed 170ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * profiles and ask the user to choose a different one. 171ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 172ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz void showCurrentLauncherInvalid(); 173ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 174ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 175ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public void initiateProvisioning(Intent intent, String callingPackage) { 176ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Check factory reset protection as the first thing 177ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (factoryResetProtected()) { 178ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_frp, 179ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Factory reset protection blocks provisioning."); 180ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return; 181ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 182ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 183ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz try { 184c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz // Read the provisioning params from the provisioning intent 1857079df5a3fb155947004843ee8ec25b36127e3edSteven Ng mParams = mMessageParser.parse(intent, mContext); 186c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz 187c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz // If this is a resume after encryption or trusted intent, we don't need to verify the 188c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz // caller. Otherwise, verify that the calling app is trying to set itself as 189c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz // Device/ProfileOwner 190c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz if (!ACTION_RESUME_PROVISIONING.equals(intent.getAction()) && 191c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz !mParams.startedByTrustedSource) { 192c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz verifyCaller(callingPackage); 193c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz } 194ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } catch (IllegalProvisioningArgumentException e) { 195c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz // TODO: make this a generic error message 196ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_general, e.getMessage()); 197ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return; 198ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 199ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 200c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz mIsProfileOwnerProvisioning = mUtils.isProfileOwnerAction(mParams.provisioningAction); 201ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Check whether provisioning is allowed for the current action 202c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz if (!mDevicePolicyManager.isProvisioningAllowed(mParams.provisioningAction)) { 203c79c4bc4e83edd3938e13dc4a434d5a1bb638498Benjamin Franz showProvisioningError(mParams.provisioningAction); 204ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return; 205ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 206ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 207ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Initiate the corresponding provisioning mode 208ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mIsProfileOwnerProvisioning) { 209ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz initiateProfileOwnerProvisioning(intent); 210ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 211ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz initiateDeviceOwnerProvisioning(intent); 212ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 213ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 214ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 215ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 216ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Verify that the caller is trying to set itself as owner. 217ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 218ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @throws IllegalProvisioningArgumentException if the caller is trying to set a different 219ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * package as owner. 220ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 221ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private void verifyCaller(@NonNull String callingPackage) 222ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz throws IllegalProvisioningArgumentException { 223ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz checkNotNull(callingPackage, 224ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Calling package is null. Was startActivityForResult used to start this activity?"); 225ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (!callingPackage.equals(mParams.inferDeviceAdminPackageName())) { 226ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz throw new IllegalProvisioningArgumentException("Permission denied, " 227ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz + "calling package tried to set a different package as owner. "); 228ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 229ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 230ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 231ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private void initiateDeviceOwnerProvisioning(Intent intent) { 232fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz if (!mParams.startedByTrustedSource) { 233fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz mUi.initiateUi( 234fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz R.string.setup_work_device, 235fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz R.string.setup_device_start_setup, 236fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz R.string.company_controls_device, 237fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz R.string.the_following_is_your_mdm_for_device, 238fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz mParams); 239fc3a266852608609ece63ca90cc4b1d674276880Benjamin Franz } 240ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 241ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Ask to encrypt the device before proceeding 24262d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz if (isEncryptionRequired()) { 24362d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz maybeTriggerEncryption(); 244ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return; 245ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 246ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 247ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Have the user pick a wifi network if necessary. 248ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // It is not possible to ask the user to pick a wifi network if 249ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // the screen is locked. 250ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // TODO: remove this check once we know the screen will not be locked. 251ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mKeyguardManager.inKeyguardRestrictedInputMode()) { 252ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ProvisionLogger.logi("Cannot pick wifi because the screen is locked."); 253ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Have the user pick a wifi network if necessary. 25440408b76ea407f4f00b3cbf7c9a0a84dac4e8348Mattias Petersson } else if (!mUtils.isConnectedToNetwork(mContext) && mParams.wifiInfo == null 25540408b76ea407f4f00b3cbf7c9a0a84dac4e8348Mattias Petersson && mParams.deviceAdminDownloadInfo != null) { 256ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (canRequestWifiPick()) { 257ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.requestWifiPick(); 258ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return; 259ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 260ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ProvisionLogger.logi( 261ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Cannot pick wifi because there is no handler to the intent"); 262ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 263ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 264ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz askForConsentOrStartDeviceOwnerProvisioning(); 265ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 266ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 267ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private void initiateProfileOwnerProvisioning(Intent intent) { 268ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.initiateUi( 269ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz R.string.setup_work_profile, 270ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz R.string.setup_profile_start_setup, 271ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz R.string.company_controls_workspace, 272ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz R.string.the_following_is_your_mdm, 273ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mParams); 274ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 275ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // If there is already a managed profile, setup the profile deletion dialog. 276ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz int existingManagedProfileUserId = mUtils.alreadyHasManagedProfile(mContext); 277ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (existingManagedProfileUserId != -1) { 278ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ComponentName mdmPackageName = mDevicePolicyManager 279ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz .getProfileOwnerAsUser(existingManagedProfileUserId); 280ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz String domainName = mDevicePolicyManager 281ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz .getProfileOwnerNameAsUser(existingManagedProfileUserId); 282ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showDeleteManagedProfileDialog(mdmPackageName, domainName, 283ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz existingManagedProfileUserId); 284ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 285ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 286ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 287ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 288ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Start provisioning for real. In profile owner case, double check that the launcher 289ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * supports managed profiles if necessary. In device owner case, possibly create a new user 290ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * before starting provisioning. 291ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 292ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public void continueProvisioningAfterUserConsent() { 293ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (isProfileOwnerProvisioning()) { 294ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz checkLauncherAndStartProfileOwnerProvisioning(); 295ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 296ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz maybeCreateUserAndStartDeviceOwnerProvisioning(); 297ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 298ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 299ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 300ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 301ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Invoked when the user continues provisioning by pressing the next button. 302ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 303ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * <p>If device hasn't been encrypted yet, invoke the encryption flow. Otherwise, show a user 304ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * consent before starting provisioning. 305ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 306ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public void afterNavigateNext() { 30762d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz if (isEncryptionRequired()) { 30862d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz maybeTriggerEncryption(); 309ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 310ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Notify the user once more that the admin will have full control over the profile, 311ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // then start provisioning. 312ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showUserConsentDialog(mParams, mIsProfileOwnerProvisioning); 313ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 314ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 315ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 316ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 317ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Returns whether the device needs encryption. 318ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * 319ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * @param skip indicating whether the parameter to skip encryption was given. 320ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 32162d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz private boolean isEncryptionRequired() { 32262d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz return !mParams.skipEncryption && mUtils.isEncryptionRequired(); 32362d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz } 32462d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz 32562d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz /** 32662d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz * Check whether the device supports encryption. If it does not support encryption, but 32762d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz * encryption is requested, show an error dialog. 32862d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz */ 32962d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz private void maybeTriggerEncryption() { 33062d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz if (mDevicePolicyManager.getStorageEncryptionStatus() == 33162d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED) { 33262d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz mUi.showErrorAndClose(R.string.preprovisioning_error_encryption_not_supported, 33362d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz "This device does not support encryption, but " 33462d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz + DevicePolicyManager.EXTRA_PROVISIONING_SKIP_ENCRYPTION 33562d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz + " was not passed."); 33662d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz } else { 33762d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz mUi.requestEncryption(mParams); 33862d6a02ae6b1b4dd1132099dff306dd03d219c54Benjamin Franz } 339ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 340ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 341ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private void checkLauncherAndStartProfileOwnerProvisioning() { 342ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Check whether the current launcher supports managed profiles. 343ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (!mUtils.currentLauncherSupportsManagedProfiles(mContext)) { 344ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showCurrentLauncherInvalid(); 345ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 3460a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz // Cancel the boot reminder as provisioning has now started. 3470a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz mEncryptionController.cancelEncryptionReminder(); 348ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.startProfileOwnerProvisioning(mParams); 349ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 350ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 351ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 352ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public void askForConsentOrStartDeviceOwnerProvisioning() { 353ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // If we are started by Nfc and the device supports FRP, we need to ask for user consent 354ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // since FRP will not be activated at the end of the flow. 355ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mParams.startedByTrustedSource) { 356ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mUtils.isFrpSupported(mContext)) { 357ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showUserConsentDialog(mParams, false); 358ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 359ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz maybeCreateUserAndStartDeviceOwnerProvisioning(); 360ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 361ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 362ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // In other provisioning modes we wait for the user to press next. 363ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 364ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 365ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private void maybeCreateUserAndStartDeviceOwnerProvisioning() { 3660a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz // Cancel the boot reminder as provisioning has now started. 3670a964a32b7e8e7b2207416530f8f4575e1cde46eBenjamin Franz mEncryptionController.cancelEncryptionReminder(); 368ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (isMeatUserCreationRequired(mParams.provisioningAction)) { 369ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Create the primary user, and continue the provisioning in this user. 370ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz new CreatePrimaryUserTask().execute(); 371ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 372ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.startDeviceOwnerProvisioning(mUserManager.getUserHandle(), mParams); 373ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 374ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 375ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 376ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private boolean factoryResetProtected() { 377ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // If we are started during setup wizard, check for factory reset protection. 378ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // If the device is already setup successfully, do not check factory reset protection. 379ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mUtils.isDeviceProvisioned(mContext)) { 380ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ProvisionLogger.logd("Device is provisioned, FRP not required."); 381ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return false; 382ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 383ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 384ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mPdbManager == null) { 385ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ProvisionLogger.logd("Reset protection not supported."); 386ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return false; 387ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 388ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz int size = mPdbManager.getDataBlockSize(); 389ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ProvisionLogger.logd("Data block size: " + size); 390ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return size > 0; 391ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 392ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 393ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public boolean isMeatUserCreationRequired(String action) { 394ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mUtils.isSplitSystemUser() 395ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz && ACTION_PROVISION_MANAGED_DEVICE.equals(action)) { 396ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz List<UserInfo> users = mUserManager.getUsers(); 397ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (users.size() > 1) { 398ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_general, 399ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Cannot start Device Owner Provisioning because there are already " 400ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz + users.size() + " users"); 401ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return false; 402ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 403ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return true; 404ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 405ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return false; 406ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 407ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 408ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 409ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private boolean canRequestWifiPick() { 410ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return mPackageManager.resolveActivity(mUtils.getWifiPickIntent(), 0) != null; 411ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 412ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 413ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private boolean systemHasManagedProfileFeature() { 414ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return mPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS); 415ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 416ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 417ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz /** 418ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz * Returns whether the provisioning process is a profile owner provisioning process. 419ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz */ 420ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public boolean isProfileOwnerProvisioning() { 421ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return mIsProfileOwnerProvisioning; 422ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 423ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 424ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @NonNull 425ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz public ProvisioningParams getParams() { 426ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (mParams == null) { 427ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz throw new IllegalStateException("ProvisioningParams are null"); 428ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 429ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return mParams; 430ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 431ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 432ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // TODO: review the use of async task for the case where the activity might have got killed 433ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private class CreatePrimaryUserTask extends AsyncTask<Void, Void, UserInfo> { 434ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @Override 435ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz protected UserInfo doInBackground(Void... args) { 436ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Create the user where we're going to install the device owner. 437ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz UserInfo userInfo = mUserManager.createUser( 438ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mContext.getString(R.string.default_first_meat_user_name), 439ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz UserInfo.FLAG_PRIMARY | UserInfo.FLAG_ADMIN); 440ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 441ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (userInfo != null) { 442ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz ProvisionLogger.logi("Created user " + userInfo.id + " to hold the device owner"); 443ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 444ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz return userInfo; 445ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 446ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 447ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz @Override 448ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz protected void onPostExecute(UserInfo userInfo) { 449ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (userInfo == null) { 450ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_general, 451ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Could not create user to hold the device owner"); 452ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 453ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mActivityManager.switchUser(userInfo.id); 454ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.startDeviceOwnerProvisioning(userInfo.id, mParams); 455ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 456ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 457ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 458ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz 459ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz private void showProvisioningError(String action) { 460ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz UserInfo userInfo = mUserManager.getUserInfo(mUserManager.getUserHandle()); 461ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (DevicePolicyManager.ACTION_PROVISION_MANAGED_USER.equals(action)) { 462ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.user_setup_incomplete, 463ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Exiting managed user provisioning, setup incomplete"); 464ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else if (DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE.equals(action)) { 465ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // Try to show an error message explaining why provisioning is not allowed. 466ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz if (!systemHasManagedProfileFeature()) { 467ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.managed_provisioning_not_supported, 468ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Exiting managed profile provisioning, " 469ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz + "managed profiles feature is not available"); 470ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else if (!userInfo.canHaveProfile()) { 471ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.user_cannot_have_work_profile, 472ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Exiting managed profile provisioning, calling user cannot have managed" 473ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz + "profiles."); 474ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else if (mUtils.isDeviceManaged(mContext)) { 475ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // The actual check in isProvisioningAllowed() is more than just "is there DO?", 476ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // but for error message showing purpose, isDeviceManaged() will do. 477ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_exists, 478ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Exiting managed profile provisioning, a device owner exists"); 479ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else if (!mUserManager.canAddMoreManagedProfiles(UserHandle.myUserId(), 480ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz true /* after removing one eventual existing managed profile */)) { 481ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.maximum_user_limit_reached, 482ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Exiting managed profile provisioning, cannot add more managed profiles."); 483ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 484ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.managed_provisioning_error_text, "Managed profile" 485ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz + " provisioning not allowed for an unknown reason."); 486ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 487ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else if (mUtils.isDeviceProvisioned(mContext)) { 488ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_already_provisioned, 489ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Device already provisioned."); 490ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else if (!mUtils.isCurrentUserSystem()) { 491ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_general, 492ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Device owner can only be set up for USER_SYSTEM."); 493ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else if (action.equals(ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE) && 494ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz !UserManager.isSplitSystemUser()) { 495ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_general, 496ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "System User Device owner can only be set on a split-user system."); 497ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } else { 498ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz // TODO: show generic error 499ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz mUi.showErrorAndClose(R.string.device_owner_error_general, 500ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz "Device Owner provisioning not allowed for an unknown reason."); 501ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 502ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz } 503ea821b26fc845efa8058c883b0210432e9619f77Benjamin Franz} 504