/* * Copyright (C) 2008 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.provision; import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE; import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME; import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION; import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM; import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_TRIGGER; import static com.android.provision.Utils.DEFAULT_SETTINGS_PROVISION_DO_MODE; import static com.android.provision.Utils.SETTINGS_PROVISION_DO_MODE; import static com.android.provision.Utils.TAG; import static com.android.provision.Utils.getSettings; import android.app.Activity; import android.app.AlertDialog; import android.app.admin.DevicePolicyManager; import android.content.ComponentName; import android.content.Intent; import android.content.pm.PackageManager; import android.os.Bundle; import android.provider.Settings; import android.util.Log; /** * Application that sets the provisioned bit, like {@code SetupWizard} does. * *

By default, it silently provisions the device, but it can also be used to provision * {@code DeviceOwner}. For example, to set the {@code TestDPC} app, run the steps below: * 


    adb root
    adb install PATH_TO_TESTDPC_APK
    adb shell settings put secure tmp_provision_set_do 1
    adb shell settings put secure tmp_provision_package com.afwsamples.testdpc
    adb shell settings put secure tmp_provision_receiver com.afwsamples.testdpc.DeviceAdminReceiver
    adb shell settings put secure tmp_provision_trigger 2
    adb shell rm /data/system/device_policies.xml
    adb shell settings put global device_provisioned 0
    adb shell settings put secure user_setup_complete 0
    adb shell pm enable com.android.provision
    adb shell pm enable com.android.provision/.DefaultActivity
    adb shell stop && adb shell start

    // You might also need to run:
    adb shell am start com.android.provision/.DefaultActivity

 *
*/ public class DefaultActivity extends Activity { // TODO(b/170333009): copied from ManagedProvisioning app, as they're hidden; private static final String PROVISION_FINALIZATION_INSIDE_SUW = "android.app.action.PROVISION_FINALIZATION_INSIDE_SUW"; private static final int RESULT_CODE_PROFILE_OWNER_SET = 122; private static final int RESULT_CODE_DEVICE_OWNER_SET = 123; private static final int REQUEST_CODE_STEP1 = 42; private static final int REQUEST_CODE_STEP2_PO = 43; private static final int REQUEST_CODE_STEP2_DO = 44; @Override protected void onCreate(Bundle icicle) { super.onCreate(icicle); boolean provisionDeviceOwner = getSettings(getContentResolver(), SETTINGS_PROVISION_DO_MODE, DEFAULT_SETTINGS_PROVISION_DO_MODE) == 1; if (provisionDeviceOwner) { provisionDeviceOwner(); return; } finishSetup(); } private void finishSetup() { setProvisioningState(); disableSelfAndFinish(); } private void setProvisioningState() { Log.i(TAG, "Setting provisioning state"); // Add a persistent setting to allow other apps to know the device has been provisioned. Settings.Global.putInt(getContentResolver(), Settings.Global.DEVICE_PROVISIONED, 1); Settings.Secure.putInt(getContentResolver(), Settings.Secure.USER_SETUP_COMPLETE, 1); } private void disableSelfAndFinish() { // remove this activity from the package manager. PackageManager pm = getPackageManager(); ComponentName name = new ComponentName(this, DefaultActivity.class); Log.i(TAG, "Disabling itself (" + name + ")"); pm.setComponentEnabledSetting(name, PackageManager.COMPONENT_ENABLED_STATE_DISABLED, PackageManager.DONT_KILL_APP); // terminate the activity. finish(); } private void provisionDeviceOwner() { if (!getPackageManager() .hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN)) { Log.e(TAG, "Cannot set up device owner because device does not have the " + PackageManager.FEATURE_DEVICE_ADMIN + " feature"); finishSetup(); return; } DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class); if (!dpm.isProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE)) { Log.e(TAG, "DeviceOwner provisioning is not allowed, most like device is already " + "provisioned"); finishSetup(); return; } DpcInfo dpcInfo = new DpcInfo(getContentResolver()); Intent intent = new Intent(ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE); intent.putExtra(EXTRA_PROVISIONING_TRIGGER, dpcInfo.trigger); intent.putExtra(EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME, dpcInfo.getReceiverComponentName()); if (dpcInfo.checkSum != null) { intent.putExtra(EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM, dpcInfo.checkSum); } if (dpcInfo.downloadUrl != null) { intent.putExtra(EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION, dpcInfo.downloadUrl); } Log.i(TAG, "Provisioning device with " + dpcInfo + ". Intent: " + intent); startActivityForResult(intent, REQUEST_CODE_STEP1); } @Override protected void onActivityResult(int requestCode, int resultCode, Intent data) { Log.d(TAG, "onActivityResult(): request=" + requestCode + ", result=" + resultCodeToString(resultCode) + ", data=" + data); switch (requestCode) { case REQUEST_CODE_STEP1: onProvisioningStep1Result(resultCode); break; case REQUEST_CODE_STEP2_PO: case REQUEST_CODE_STEP2_DO: onProvisioningStep2Result(requestCode, resultCode); break; default: showErrorMessage("onActivityResult(): invalid request code " + requestCode); } } private void onProvisioningStep1Result(int resultCode) { int requestCodeStep2; switch (resultCode) { case RESULT_CODE_PROFILE_OWNER_SET: requestCodeStep2 = REQUEST_CODE_STEP2_PO; break; case RESULT_CODE_DEVICE_OWNER_SET: requestCodeStep2 = REQUEST_CODE_STEP2_DO; break; default: factoryReset("invalid response from " + ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE + ": " + resultCodeToString(resultCode)); return; } Intent intent = new Intent(PROVISION_FINALIZATION_INSIDE_SUW) .addCategory(Intent.CATEGORY_DEFAULT); Log.i(TAG, "Finalizing DPC with " + intent); startActivityForResult(intent, requestCodeStep2); } private void onProvisioningStep2Result(int requestCode, int resultCode) { // Must set state before launching the intent that finalize the DPC, because the DPC // implementation might not remove the back button setProvisioningState(); boolean doMode = requestCode == REQUEST_CODE_STEP2_DO; if (resultCode != RESULT_OK) { factoryReset("invalid response from " + PROVISION_FINALIZATION_INSIDE_SUW + ": " + resultCodeToString(resultCode)); return; } Log.i(TAG, (doMode ? "Device owner" : "Profile owner") + " mode provisioned!"); disableSelfAndFinish(); } private static String resultCodeToString(int resultCode) { StringBuilder result = new StringBuilder(); switch (resultCode) { case RESULT_OK: result.append("RESULT_OK"); break; case RESULT_CANCELED: result.append("RESULT_CANCELED"); break; case RESULT_FIRST_USER: result.append("RESULT_FIRST_USER"); break; case RESULT_CODE_PROFILE_OWNER_SET: result.append("RESULT_CODE_PROFILE_OWNER_SET"); break; case RESULT_CODE_DEVICE_OWNER_SET: result.append("RESULT_CODE_DEVICE_OWNER_SET"); break; default: result.append("UNKNOWN_CODE"); } return result.append('(').append(resultCode).append(')').toString(); } private void showErrorMessage(String message) { Log.e(TAG, "Error: " + message); } private void factoryReset(String reason) { new AlertDialog.Builder(this) .setMessage("Device owner provisioning failed (" + reason + ") and device must be factory reset") .setPositiveButton("Reset", (d, w) -> sendFactoryResetIntent(reason)) .setOnDismissListener((d) -> sendFactoryResetIntent(reason)) .show(); } private void sendFactoryResetIntent(String reason) { Log.e(TAG, "Factory resetting: " + reason); Intent intent = new Intent(Intent.ACTION_FACTORY_RESET); intent.setPackage("android"); intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); intent.putExtra(Intent.EXTRA_REASON, reason); sendBroadcast(intent); // Just in case the factory reset request fails... finishSetup(); } }