Merge cherrypicks of ['googleplex-android-review.googlesource.com/23982016', 'googleplex-android-review.googlesource.com/24301337'] into security-aosp-tm-release.
Change-Id: I22b513b4c36c1283145003cf11fc3082e8628340
diff --git a/src/com/android/settings/network/apn/ApnEditor.java b/src/com/android/settings/network/apn/ApnEditor.java
index 926c77e..0c93fcd 100644
--- a/src/com/android/settings/network/apn/ApnEditor.java
+++ b/src/com/android/settings/network/apn/ApnEditor.java
@@ -25,6 +25,7 @@
import android.net.Uri;
import android.os.Bundle;
import android.os.PersistableBundle;
+import android.os.UserManager;
import android.provider.Telephony;
import android.telephony.CarrierConfigManager;
import android.telephony.SubscriptionInfo;
@@ -269,6 +270,11 @@
@Override
public void onCreate(Bundle icicle) {
super.onCreate(icicle);
+ if (isUserRestricted()) {
+ Log.e(TAG, "This setting isn't available due to user restriction.");
+ finish();
+ return;
+ }
setLifecycleForAllControllers();
@@ -1434,6 +1440,23 @@
}
@VisibleForTesting
+ boolean isUserRestricted() {
+ UserManager userManager = getContext().getSystemService(UserManager.class);
+ if (userManager == null) {
+ return false;
+ }
+ if (!userManager.isAdminUser()) {
+ Log.e(TAG, "User is not an admin");
+ return true;
+ }
+ if (userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS)) {
+ Log.e(TAG, "User is not allowed to configure mobile network");
+ return true;
+ }
+ return false;
+ }
+
+ @VisibleForTesting
static class ApnData {
/**
* The uri correspond to a database row of the apn data. This should be null if the apn
diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java
index c4a3159..613388b 100644
--- a/src/com/android/settings/password/ChooseLockPassword.java
+++ b/src/com/android/settings/password/ChooseLockPassword.java
@@ -1048,8 +1048,13 @@
@Override
protected Pair<Boolean, Intent> saveAndVerifyInBackground() {
- final boolean success = mUtils.setLockCredential(
- mChosenPassword, mCurrentCredential, mUserId);
+ boolean success;
+ try {
+ success = mUtils.setLockCredential(mChosenPassword, mCurrentCredential, mUserId);
+ } catch (RuntimeException e) {
+ Log.e(TAG, "Failed to set lockscreen credential", e);
+ success = false;
+ }
if (success) {
unifyProfileCredentialIfRequested();
}
diff --git a/src/com/android/settings/password/ChooseLockPattern.java b/src/com/android/settings/password/ChooseLockPattern.java
index c39ef66..93465df 100644
--- a/src/com/android/settings/password/ChooseLockPattern.java
+++ b/src/com/android/settings/password/ChooseLockPattern.java
@@ -909,8 +909,13 @@
@Override
protected Pair<Boolean, Intent> saveAndVerifyInBackground() {
final int userId = mUserId;
- final boolean success = mUtils.setLockCredential(mChosenPattern, mCurrentCredential,
- userId);
+ boolean success;
+ try {
+ success = mUtils.setLockCredential(mChosenPattern, mCurrentCredential, userId);
+ } catch (RuntimeException e) {
+ Log.e(TAG, "Failed to set lockscreen credential", e);
+ success = false;
+ }
if (success) {
unifyProfileCredentialIfRequested();
}
diff --git a/tests/robotests/src/com/android/settings/network/apn/ApnEditorTest.java b/tests/robotests/src/com/android/settings/network/apn/ApnEditorTest.java
index 0a430cd..b2a30ca 100644
--- a/tests/robotests/src/com/android/settings/network/apn/ApnEditorTest.java
+++ b/tests/robotests/src/com/android/settings/network/apn/ApnEditorTest.java
@@ -34,6 +34,7 @@
import android.content.res.Resources;
import android.database.Cursor;
import android.net.Uri;
+import android.os.UserManager;
import android.view.KeyEvent;
import android.view.Menu;
import android.view.MenuItem;
@@ -102,6 +103,8 @@
@Mock
private FragmentActivity mActivity;
@Mock
+ private UserManager mUserManager;
+ @Mock
private ProxySubscriptionManager mProxySubscriptionMgr;
@Captor
@@ -127,6 +130,11 @@
doReturn(mContext.getTheme()).when(mActivity).getTheme();
doReturn(mContext.getContentResolver()).when(mActivity).getContentResolver();
+ doReturn(mUserManager).when(mContext).getSystemService(UserManager.class);
+ doReturn(true).when(mUserManager).isAdminUser();
+ doReturn(false).when(mUserManager)
+ .hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS);
+
setMockPreference(mContext);
mApnEditorUT.mApnData = new FakeApnData(APN_DATA);
mApnEditorUT.sNotSet = "Not Set";
@@ -453,6 +461,27 @@
@Test
@Config(shadows = ShadowFragment.class)
+ public void onCreate_notAdminUser_shouldFinish() {
+ doReturn(false).when(mUserManager).isAdminUser();
+
+ mApnEditorUT.onCreate(null);
+
+ verify(mApnEditorUT).finish();
+ }
+
+ @Test
+ @Config(shadows = ShadowFragment.class)
+ public void onCreate_hasUserRestriction_shouldFinish() {
+ doReturn(true).when(mUserManager)
+ .hasUserRestriction(UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS);
+
+ mApnEditorUT.onCreate(null);
+
+ verify(mApnEditorUT).finish();
+ }
+
+ @Test
+ @Config(shadows = ShadowFragment.class)
public void onCreate_noAction_shouldFinishAndNoCrash() {
ProxySubscriptionManager proxySubscriptionMgr = mock(ProxySubscriptionManager.class);
mApnEditorUT.mProxySubscriptionMgr = proxySubscriptionMgr;