Remove pin and add restrictions for Security settings.

Bug: 14081992
Change-Id: Iec5667202b6f5ae5b5a2a0cfded1a832d98adaf9

6 files changed, 71 insertions, 26 deletions

diff --git a/res/layout/apn_disallowed_preference_screen.xml b/res/layout/apn_disallowed_preference_screen.xml
index 25f6f37..6ac8137 100644
--- a/res/layout/apn_disallowed_preference_screen.xml
+++ b/res/layout/apn_disallowed_preference_screen.xml
@@ -30,7 +30,7 @@
                 android:cacheColorHint="@android:color/white"
                 android:fadingEdgeLength="16dip" />
 
-        <TextView android:id="@+android:id/empty"
+        <TextView android:id="@android:id/empty"
                 android:layout_width="match_parent"
                 android:layout_height="match_parent"
                 android:gravity="center"
diff --git a/res/layout/credentials_disallowed_preference_screen.xml b/res/layout/credentials_disallowed_preference_screen.xml
new file mode 100644
index 0000000..c4e8934
--- /dev/null
+++ b/res/layout/credentials_disallowed_preference_screen.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<FrameLayout xmlns:android="http://schemas.android.com/apk/res/android"
+             android:id="@+id/listContainer"
+             android:layout_width="match_parent"
+             android:layout_height="match_parent">
+
+        <ListView android:id="@android:id/list"
+                android:layout_width="match_parent"
+                android:layout_height="match_parent"
+                android:drawSelectorOnTop="false"
+                android:scrollbarStyle="insideOverlay"
+                android:background="@android:color/white"
+                android:cacheColorHint="@android:color/white"
+                android:fadingEdgeLength="16dip" />
+
+        <TextView android:id="@android:id/empty"
+                android:layout_width="match_parent"
+                android:layout_height="match_parent"
+                android:gravity="center"
+                android:text="@string/credentials_settings_not_available"
+                android:textAppearance="?android:attr/textAppearanceMedium" />
+</FrameLayout>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index d3eb49d..8281ee1 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -4016,6 +4016,8 @@
     <string name="credential_storage_type_hardware">Hardware-backed</string>
     <!-- Summary text for preference showing what type of credential storage this device has when it is stored in software only (as opposed to "hardware-backed") [CHAR LIMIT=NONE] -->
     <string name="credential_storage_type_software">Software only</string>
+    <!-- Error message for users that aren't allowed to see or modify credentials [CHAR LIMIT=none] -->
+    <string name="credentials_settings_not_available">Credentials are not available for this user</string>
 
     <!-- Message to draw an unlock pattern when installing credentials -->
     <string name="credentials_install_gesture_prompt">Draw your unlock pattern</string>
diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java
index 44e966c..f515b36 100644
--- a/src/com/android/settings/CredentialStorage.java
+++ b/src/com/android/settings/CredentialStorage.java
@@ -19,6 +19,7 @@ package com.android.settings;
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.admin.DevicePolicyManager;
+import android.content.Context;
 import android.content.DialogInterface;
 import android.content.Intent;
 import android.content.res.Resources;
@@ -26,6 +27,7 @@ import android.os.AsyncTask;
 import android.os.Bundle;
 import android.os.RemoteException;
 import android.os.Process;
+import android.os.UserManager;
 import android.security.Credentials;
 import android.security.KeyChain.KeyChainConnection;
 import android.security.KeyChain;
@@ -38,8 +40,8 @@ import android.view.View;
 import android.widget.Button;
 import android.widget.TextView;
 import android.widget.Toast;
-import com.android.internal.widget.LockPatternUtils;
 
+import com.android.internal.widget.LockPatternUtils;
 import com.android.org.bouncycastle.asn1.ASN1InputStream;
 import com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 
@@ -119,16 +121,20 @@ public final class CredentialStorage extends Activity {
 
         Intent intent = getIntent();
         String action = intent.getAction();
-
-        if (ACTION_RESET.equals(action)) {
-            new ResetDialog();
-        } else {
-            if (ACTION_INSTALL.equals(action)
-                    && "com.android.certinstaller".equals(getCallingPackage())) {
-                mInstallBundle = intent.getExtras();
+        UserManager userManager = (UserManager) getSystemService(Context.USER_SERVICE);
+        if (!userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
+            if (ACTION_RESET.equals(action)) {
+                new ResetDialog();
+            } else {
+                if (ACTION_INSTALL.equals(action)
+                        && "com.android.certinstaller".equals(getCallingPackage())) {
+                    mInstallBundle = intent.getExtras();
+                }
+                // ACTION_UNLOCK also handled here in addition to ACTION_INSTALL
+                handleUnlockOrInstall();
             }
-            // ACTION_UNLOCK also handled here in addition to ACTION_INSTALL
-            handleUnlockOrInstall();
+        } else {
+            finish();
         }
     }
 
diff --git a/src/com/android/settings/SecuritySettings.java b/src/com/android/settings/SecuritySettings.java
index b35a362..5b3a61d 100644
--- a/src/com/android/settings/SecuritySettings.java
+++ b/src/com/android/settings/SecuritySettings.java
@@ -56,7 +56,7 @@ import java.util.List;
 /**
  * Gesture lock pattern settings.
  */
-public class SecuritySettings extends RestrictedSettingsFragment
+public class SecuritySettings extends SettingsPreferenceFragment
         implements OnPreferenceChangeListener, DialogInterface.OnClickListener, Indexable {
     static final String TAG = "SecuritySettings";
     private static final Intent TRUST_AGENT_INTENT =
@@ -113,10 +113,6 @@ public class SecuritySettings extends RestrictedSettingsFragment
 
     private boolean mIsPrimary;
 
-    public SecuritySettings() {
-        super(null /* Don't ask for restrictions pin on creation. */);
-    }
-
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
@@ -272,6 +268,7 @@ public class SecuritySettings extends RestrictedSettingsFragment
 
         } else {
             removePreference(KEY_CREDENTIALS_MANAGER);
+            removePreference(KEY_CREDENTIALS_INSTALL);
         }
 
         // Application install
@@ -280,9 +277,12 @@ public class SecuritySettings extends RestrictedSettingsFragment
         mToggleAppInstallation = (CheckBoxPreference) findPreference(
                 KEY_TOGGLE_INSTALL_APPLICATIONS);
         mToggleAppInstallation.setChecked(isNonMarketAppsAllowed());
-
         // Side loading of apps.
         mToggleAppInstallation.setEnabled(mIsPrimary);
+        if (um.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)
+                || um.hasUserRestriction(UserManager.DISALLOW_INSTALL_APPS)) {
+            mToggleAppInstallation.setEnabled(false);
+        }
 
         // Package verification, only visible to primary user and if enabled
         mToggleVerifyApps = (CheckBoxPreference) findPreference(KEY_TOGGLE_VERIFY_APPLICATIONS);
@@ -300,12 +300,8 @@ public class SecuritySettings extends RestrictedSettingsFragment
                 mToggleVerifyApps.setEnabled(false);
             }
         }
-
-        if (shouldBePinProtected(RESTRICTIONS_PIN_SET)) {
-            protectByRestrictions(mToggleAppInstallation);
-            protectByRestrictions(mToggleVerifyApps);
-            protectByRestrictions(mResetCredentials);
-            protectByRestrictions(root.findPreference(KEY_CREDENTIALS_INSTALL));
+        if (um.hasUserRestriction(UserManager.ENSURE_VERIFY_APPS)) {
+            mToggleVerifyApps.setEnabled(false);
         }
 
         // Trust Agent preferences
@@ -499,9 +495,6 @@ public class SecuritySettings extends RestrictedSettingsFragment
 
     @Override
     public boolean onPreferenceTreeClick(PreferenceScreen preferenceScreen, Preference preference) {
-        if (ensurePinRestrictedPreference(preference)) {
-            return true;
-        }
         final String key = preference.getKey();
 
         final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils();
diff --git a/src/com/android/settings/TrustedCredentialsSettings.java b/src/com/android/settings/TrustedCredentialsSettings.java
index 65d0934..eb7b142 100644
--- a/src/com/android/settings/TrustedCredentialsSettings.java
+++ b/src/com/android/settings/TrustedCredentialsSettings.java
@@ -47,6 +47,7 @@ import android.widget.ProgressBar;
 import android.widget.Spinner;
 import android.widget.TabHost;
 import android.widget.TextView;
+
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -170,6 +171,10 @@ public class TrustedCredentialsSettings extends Fragment {
 
     @Override public View onCreateView(
             LayoutInflater inflater, ViewGroup parent, Bundle savedInstanceState) {
+        if (mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
+            return inflater.inflate(R.layout.credentials_disallowed_preference_screen,
+                    parent, false);
+        }
         mTabHost = (TabHost) inflater.inflate(R.layout.trusted_credentials, parent, false);
         mTabHost.setup();
         addTab(Tab.SYSTEM);