From 3748a1da8894e5812a213b7b931f24197780b311 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 23 Jul 2020 16:38:22 +0200 Subject: AdminKnobs: allow enterprise admins to disable private key export Signed-off-by: Jason A. Donenfeld --- .../com/wireguard/android/activity/SettingsActivity.kt | 5 +++++ .../wireguard/android/fragment/TunnelEditorFragment.kt | 2 ++ .../android/preference/ZipExporterPreference.kt | 2 ++ .../main/java/com/wireguard/android/util/AdminKnobs.kt | 16 ++++++++++++++++ 4 files changed, 25 insertions(+) create mode 100644 ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt (limited to 'ui/src/main/java/com/wireguard/android') diff --git a/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt b/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt index 103b6b44..88114800 100644 --- a/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt +++ b/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt @@ -17,6 +17,7 @@ import androidx.preference.PreferenceFragmentCompat import com.wireguard.android.Application import com.wireguard.android.R import com.wireguard.android.backend.WgQuickBackend +import com.wireguard.android.util.AdminKnobs import com.wireguard.android.util.ModuleLoader import java.util.ArrayList import java.util.Arrays @@ -87,6 +88,10 @@ class SettingsActivity : ThemeChangeAwareActivity() { val remoteApps = preferenceManager.findPreference("allow_remote_control_intents") remoteApps?.parent?.removePreference(remoteApps) } + if (AdminKnobs.disableConfigExport) { + val zipExporter = preferenceManager.findPreference("zip_exporter") + zipExporter?.parent?.removePreference(zipExporter) + } val wgQuickOnlyPrefs = arrayOf( preferenceManager.findPreference("tools_installer"), preferenceManager.findPreference("restore_on_boot"), diff --git a/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt b/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt index dc1b8aa2..cf39d052 100644 --- a/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt +++ b/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt @@ -26,6 +26,7 @@ import com.wireguard.android.databinding.TunnelEditorFragmentBinding import com.wireguard.android.fragment.AppListDialogFragment.AppSelectionListener import com.wireguard.android.model.ObservableTunnel import com.wireguard.android.util.BiometricAuthenticator +import com.wireguard.android.util.AdminKnobs import com.wireguard.android.util.ErrorMessages import com.wireguard.android.viewmodel.ConfigProxy import com.wireguard.android.widget.EdgeToEdge.setUpRoot @@ -252,6 +253,7 @@ class TunnelEditorFragment : BaseFragment(), AppSelectionListener { val edit = view as? EditText ?: return if (edit.inputType == InputType.TYPE_TEXT_FLAG_NO_SUGGESTIONS or InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) return if (!haveShownKeys && edit.text.isNotEmpty()) { + if (AdminKnobs.disableConfigExport) return showingAuthenticator = true BiometricAuthenticator.authenticate(R.string.biometric_prompt_private_key_title, this) { showingAuthenticator = false diff --git a/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt b/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt index cdd25134..fe8d39a3 100644 --- a/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt +++ b/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt @@ -16,6 +16,7 @@ import com.wireguard.android.R import com.wireguard.android.model.ObservableTunnel import com.wireguard.android.util.BiometricAuthenticator import com.wireguard.android.util.DownloadsFileSaver +import com.wireguard.android.util.AdminKnobs import com.wireguard.android.util.ErrorMessages import com.wireguard.android.util.FragmentUtils import java9.util.concurrent.CompletableFuture @@ -82,6 +83,7 @@ class ZipExporterPreference(context: Context, attrs: AttributeSet?) : Preference override fun getTitle() = context.getString(R.string.zip_export_title) override fun onClick() { + if (AdminKnobs.disableConfigExport) return val prefActivity = FragmentUtils.getPrefActivity(this) val fragment = prefActivity.supportFragmentManager.fragments.first() BiometricAuthenticator.authenticate(R.string.biometric_prompt_zip_exporter_title, fragment) { diff --git a/ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt b/ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt new file mode 100644 index 00000000..ff8dbd8c --- /dev/null +++ b/ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt @@ -0,0 +1,16 @@ +/* + * Copyright © 2020 WireGuard LLC. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0 + */ + +package com.wireguard.android.util + +import android.content.RestrictionsManager +import androidx.core.content.getSystemService +import com.wireguard.android.Application + +object AdminKnobs { + private val restrictions: RestrictionsManager? = Application.get().getSystemService() + val disableConfigExport: Boolean + get() = restrictions?.applicationRestrictions?.getBoolean("disable_config_export", false) ?: false +} -- cgit v1.2.3-59-g8ed1b