From 2fbb544cd2aa7e7a2fa44c570d1d5f835e7aebc2 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 25 Aug 2021 19:37:47 +0200 Subject: [PATCH] block adding repos when Unknown Sources is disable by Device Admin Device Admin apps aka Mobile Device Management can set all sorts of restrictions on the device. One of these is to globally disable the use of Unknown Sources. The other is to restrict a user on the device from using Unknown Sources. Both of these are supported. When either or both are set, then F-Droid will not allow adding new repos, either via Intent or via the UI. refs #2238 https://gitlab.com/groups/CalyxOS/-/epics/25 https://gitlab.com/CalyxOS/calyxos/-/issues/611 --- .../org/fdroid/fdroid/data/NewRepoConfig.java | 7 ++++ .../fdroid/views/ManageReposActivity.java | 42 ++++++++++++++++++- app/src/main/res/values/strings.xml | 4 ++ 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/app/src/main/java/org/fdroid/fdroid/data/NewRepoConfig.java b/app/src/main/java/org/fdroid/fdroid/data/NewRepoConfig.java index 099b0ff82..71c16b022 100644 --- a/app/src/main/java/org/fdroid/fdroid/data/NewRepoConfig.java +++ b/app/src/main/java/org/fdroid/fdroid/data/NewRepoConfig.java @@ -10,6 +10,7 @@ import org.fdroid.fdroid.R; import org.fdroid.fdroid.Utils; import org.fdroid.fdroid.nearby.SwapWorkflowActivity; import org.fdroid.fdroid.nearby.peers.WifiPeer; +import org.fdroid.fdroid.views.ManageReposActivity; import java.util.Arrays; import java.util.List; @@ -50,6 +51,12 @@ public class NewRepoConfig { return; } + if (ManageReposActivity.hasDisallowInstallUnknownSources(context)) { + errorMessage = ManageReposActivity.getDisallowInstallUnknownSourcesErrorMessage(context); + isValidRepo = false; + return; + } + Utils.debugLog(TAG, "Parsing incoming intent looking for repo: " + incomingUri); // scheme and host should only ever be pure ASCII aka Locale.ENGLISH diff --git a/app/src/main/java/org/fdroid/fdroid/views/ManageReposActivity.java b/app/src/main/java/org/fdroid/fdroid/views/ManageReposActivity.java index 0db904c8a..9560c7edb 100644 --- a/app/src/main/java/org/fdroid/fdroid/views/ManageReposActivity.java +++ b/app/src/main/java/org/fdroid/fdroid/views/ManageReposActivity.java @@ -33,6 +33,7 @@ import android.net.wifi.WifiInfo; import android.net.wifi.WifiManager; import android.os.Build; import android.os.Bundle; +import android.os.UserManager; import android.text.Editable; import android.text.TextUtils; import android.text.TextWatcher; @@ -194,7 +195,11 @@ public class ManageReposActivity extends AppCompatActivity @Override public void finish() { Intent ret = new Intent(); - setResult(RESULT_OK, ret); + if (getIntent() != null && hasDisallowInstallUnknownSources(this)) { + setResult(RESULT_CANCELED, ret); + } else { + setResult(RESULT_OK, ret); + } super.finish(); } @@ -262,7 +267,12 @@ public class ManageReposActivity extends AppCompatActivity } private void showAddRepo(String newAddress, String newFingerprint, String username, String password) { - new AddRepo(newAddress, newFingerprint, username, password); + if (hasDisallowInstallUnknownSources(this)) { + String msg = getDisallowInstallUnknownSourcesErrorMessage(this); + Toast.makeText(this, msg, Toast.LENGTH_LONG).show(); + } else { + new AddRepo(newAddress, newFingerprint, username, password); + } } /** @@ -911,4 +921,32 @@ public class ManageReposActivity extends AppCompatActivity private void notifyDataSetChanged() { getSupportLoaderManager().restartLoader(0, null, this); } + + /** + * {@link android.app.admin.DevicePolicyManager} makes it possible to set + * user- or device-wide restrictions. This changes whether installing from + * "Unknown Sources" has been disallowed by device policy. + * + * @return boolean whether installing from Unknown Sources has been disallowed + * @see UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES + * @see UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY + */ + public static boolean hasDisallowInstallUnknownSources(Context context) { + UserManager userManager = (UserManager) context.getSystemService(Context.USER_SERVICE); + if (Build.VERSION.SDK_INT < 29) { + return userManager.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES); + } else { + return userManager.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES) + || userManager.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY); + } + } + + public static String getDisallowInstallUnknownSourcesErrorMessage(Context context) { + UserManager userManager = (UserManager) context.getSystemService(Context.USER_SERVICE); + if (Build.VERSION.SDK_INT >= 29 + && userManager.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY)) { + return context.getString(R.string.has_disallow_install_unknown_sources_globally); + } + return context.getString(R.string.has_disallow_install_unknown_sources); + } } diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 0393d84dd..bbf57db48 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -197,6 +197,10 @@ This often occurs with apps installed via Google Play or other sources, if they Bad fingerprint This is not a valid URL. Ignoring malformed repo URI: %s + + Your device admin doesn\'t allow installing apps from unknown sources, that includes new repos + + Unknown sources can\'t be added by this user, that includes new repos Repository: %s Repositories