summaryrefslogtreecommitdiffhomepage
path: root/ui/src
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2020-07-23 16:38:22 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2020-07-23 17:35:47 +0200
commit3748a1da8894e5812a213b7b931f24197780b311 (patch)
tree1677d649c0f48ddfb9adc557f3bfb30bc07a9f86 /ui/src
parent9597d719ac4e52c8674f011b3775f5383a9c227d (diff)
AdminKnobs: allow enterprise admins to disable private key export
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'ui/src')
-rw-r--r--ui/src/main/AndroidManifest.xml3
-rw-r--r--ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt5
-rw-r--r--ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt2
-rw-r--r--ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt2
-rw-r--r--ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt16
-rw-r--r--ui/src/main/res/values/strings.xml2
-rw-r--r--ui/src/main/res/xml/app_restrictions.xml13
7 files changed, 43 insertions, 0 deletions
diff --git a/ui/src/main/AndroidManifest.xml b/ui/src/main/AndroidManifest.xml
index 47a833e1..f483ddbe 100644
--- a/ui/src/main/AndroidManifest.xml
+++ b/ui/src/main/AndroidManifest.xml
@@ -112,5 +112,8 @@
android:name="android.service.quicksettings.ACTIVE_TILE"
android:value="false" />
</service>
+
+ <meta-data android:name="android.content.APP_RESTRICTIONS"
+ android:resource="@xml/app_restrictions" />
</application>
</manifest>
diff --git a/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt b/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt
index 103b6b44..88114800 100644
--- a/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt
+++ b/ui/src/main/java/com/wireguard/android/activity/SettingsActivity.kt
@@ -17,6 +17,7 @@ import androidx.preference.PreferenceFragmentCompat
import com.wireguard.android.Application
import com.wireguard.android.R
import com.wireguard.android.backend.WgQuickBackend
+import com.wireguard.android.util.AdminKnobs
import com.wireguard.android.util.ModuleLoader
import java.util.ArrayList
import java.util.Arrays
@@ -87,6 +88,10 @@ class SettingsActivity : ThemeChangeAwareActivity() {
val remoteApps = preferenceManager.findPreference<Preference>("allow_remote_control_intents")
remoteApps?.parent?.removePreference(remoteApps)
}
+ if (AdminKnobs.disableConfigExport) {
+ val zipExporter = preferenceManager.findPreference<Preference>("zip_exporter")
+ zipExporter?.parent?.removePreference(zipExporter)
+ }
val wgQuickOnlyPrefs = arrayOf(
preferenceManager.findPreference("tools_installer"),
preferenceManager.findPreference("restore_on_boot"),
diff --git a/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt b/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
index dc1b8aa2..cf39d052 100644
--- a/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
+++ b/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
@@ -26,6 +26,7 @@ import com.wireguard.android.databinding.TunnelEditorFragmentBinding
import com.wireguard.android.fragment.AppListDialogFragment.AppSelectionListener
import com.wireguard.android.model.ObservableTunnel
import com.wireguard.android.util.BiometricAuthenticator
+import com.wireguard.android.util.AdminKnobs
import com.wireguard.android.util.ErrorMessages
import com.wireguard.android.viewmodel.ConfigProxy
import com.wireguard.android.widget.EdgeToEdge.setUpRoot
@@ -252,6 +253,7 @@ class TunnelEditorFragment : BaseFragment(), AppSelectionListener {
val edit = view as? EditText ?: return
if (edit.inputType == InputType.TYPE_TEXT_FLAG_NO_SUGGESTIONS or InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) return
if (!haveShownKeys && edit.text.isNotEmpty()) {
+ if (AdminKnobs.disableConfigExport) return
showingAuthenticator = true
BiometricAuthenticator.authenticate(R.string.biometric_prompt_private_key_title, this) {
showingAuthenticator = false
diff --git a/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt b/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt
index cdd25134..fe8d39a3 100644
--- a/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt
+++ b/ui/src/main/java/com/wireguard/android/preference/ZipExporterPreference.kt
@@ -16,6 +16,7 @@ import com.wireguard.android.R
import com.wireguard.android.model.ObservableTunnel
import com.wireguard.android.util.BiometricAuthenticator
import com.wireguard.android.util.DownloadsFileSaver
+import com.wireguard.android.util.AdminKnobs
import com.wireguard.android.util.ErrorMessages
import com.wireguard.android.util.FragmentUtils
import java9.util.concurrent.CompletableFuture
@@ -82,6 +83,7 @@ class ZipExporterPreference(context: Context, attrs: AttributeSet?) : Preference
override fun getTitle() = context.getString(R.string.zip_export_title)
override fun onClick() {
+ if (AdminKnobs.disableConfigExport) return
val prefActivity = FragmentUtils.getPrefActivity(this)
val fragment = prefActivity.supportFragmentManager.fragments.first()
BiometricAuthenticator.authenticate(R.string.biometric_prompt_zip_exporter_title, fragment) {
diff --git a/ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt b/ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt
new file mode 100644
index 00000000..ff8dbd8c
--- /dev/null
+++ b/ui/src/main/java/com/wireguard/android/util/AdminKnobs.kt
@@ -0,0 +1,16 @@
+/*
+ * Copyright © 2020 WireGuard LLC. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.wireguard.android.util
+
+import android.content.RestrictionsManager
+import androidx.core.content.getSystemService
+import com.wireguard.android.Application
+
+object AdminKnobs {
+ private val restrictions: RestrictionsManager? = Application.get().getSystemService()
+ val disableConfigExport: Boolean
+ get() = restrictions?.applicationRestrictions?.getBoolean("disable_config_export", false) ?: false
+}
diff --git a/ui/src/main/res/values/strings.xml b/ui/src/main/res/values/strings.xml
index f3c4eb4e..63703ad6 100644
--- a/ui/src/main/res/values/strings.xml
+++ b/ui/src/main/res/values/strings.xml
@@ -101,6 +101,8 @@
<string name="dark_theme_summary_on">Currently using dark (night) theme</string>
<string name="dark_theme_title">Use dark theme</string>
<string name="delete">Delete</string>
+ <string name="disable_config_export_title">Disable config exporting</string>
+ <string name="disable_config_export_description">Disabling config exporting makes private keys less accessible</string>
<string name="dns_servers">DNS servers</string>
<string name="edit">Edit</string>
<string name="endpoint">Endpoint</string>
diff --git a/ui/src/main/res/xml/app_restrictions.xml b/ui/src/main/res/xml/app_restrictions.xml
new file mode 100644
index 00000000..039af8c4
--- /dev/null
+++ b/ui/src/main/res/xml/app_restrictions.xml
@@ -0,0 +1,13 @@
+<!--
+ ~ Copyright © 2020 WireGuard LLC. All Rights Reserved.
+ ~ SPDX-License-Identifier: Apache-2.0
+ -->
+
+<restrictions xmlns:android="http://schemas.android.com/apk/res/android">
+ <restriction
+ android:defaultValue="false"
+ android:description="@string/disable_config_export_description"
+ android:key="disable_config_export"
+ android:restrictionType="bool"
+ android:title="@string/disable_config_export_title" />
+</restrictions>