[DO NOT MERGE] FRP bypass defense in the settings app

Over the last few years, there have been a number of
Factory Reset Protection bypass bugs in the SUW flow.
It's unlikely to defense all points from individual apps.

Therefore, we decide to block some critical pages when
user doesn't complete the SUW flow.

Test: Can't open the certain pages in the suw flow.
Bug: 258422561
Fix: 200746457
Bug: 202975040
Fix: 213091525
Fix: 213090835
Fix: 201561699
Fix: 213090827
Fix: 213090875
Change-Id: Ia18f367109df5af7da0a5acad7702898a459d32e
Merged-In: Ia18f367109df5af7da0a5acad7702898a459d32e

Author: Tsung-Mao Fang

src/com/android/settings/SettingsPreferenceFragment.java

@@ -55,6 +55,8 @@
 import com.android.settingslib.search.Indexable;
 import com.android.settingslib.widget.LayoutPreference;
 
+import com.google.android.setupcompat.util.WizardManagerHelper;
+
 import java.util.UUID;
 
 /**
@@ -63,7 +65,7 @@
 public abstract class SettingsPreferenceFragment extends InstrumentedPreferenceFragment
         implements DialogCreatable, HelpResourceProvider, Indexable {
 
-    private static final String TAG = "SettingsPreference";
+    private static final String TAG = "SettingsPreferenceFragment";
 
     private static final String SAVE_HIGHLIGHTED_KEY = "android:preference_highlighted";
 
@@ -123,6 +125,15 @@ public void onItemRangeMoved(int fromPosition, int toPosition, int itemCount) {
     @VisibleForTesting
     public boolean mPreferenceHighlighted = false;
 
+    @Override
+    public void onAttach(Context context) {
+        if (shouldSkipForInitialSUW() && !WizardManagerHelper.isDeviceProvisioned(getContext())) {
+            Log.w(TAG, "Skip " + getClass().getSimpleName() + " before SUW completed.");
+            finish();
+        }
+        super.onAttach(context);
+    }
+
     @Override
     public void onCreate(Bundle icicle) {
         super.onCreate(icicle);
@@ -270,6 +281,16 @@ protected boolean isPreferenceExpanded(Preference preference) {
                 || (mAdapter.getPreferenceAdapterPosition(preference) != RecyclerView.NO_POSITION));
     }
 
+    /**
+     * Whether UI should be skipped in the initial SUW flow.
+     *
+     * @return {@code true} when UI should be skipped in the initial SUW flow.
+     * {@code false} when UI should not be skipped in the initial SUW flow.
+     */
+    protected boolean shouldSkipForInitialSUW() {
+        return false;
+    }
+
     protected void onDataSetChanged() {
         highlightPreferenceIfNeeded();
         updateEmptyView();

src/com/android/settings/accounts/AccountDashboardFragment.java

@@ -72,6 +72,11 @@ protected List<AbstractPreferenceController> createPreferenceControllers(Context
         return buildPreferenceControllers(context, this /* parent */, authorities);
     }
 
+    @Override
+    protected boolean shouldSkipForInitialSUW() {
+        return true;
+    }
+
     private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
             SettingsPreferenceFragment parent, String[] authorities) {
         final List<AbstractPreferenceController> controllers = new ArrayList<>();

src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java

@@ -491,6 +491,11 @@ boolean refreshUi() {
         return true;
     }
 
+    @Override
+    protected boolean shouldSkipForInitialSUW() {
+        return true;
+    }
+
     private void uninstallPkg(String packageName, boolean allUsers, boolean andDisable) {
         stopListeningToPackageRemove();
         // Create new intent to launch Uninstaller activity

src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java

@@ -204,6 +204,11 @@ public void onActivityCreated(Bundle icicle) {
         }
     }
 
+    @Override
+    protected boolean shouldSkipForInitialSUW() {
+        return true;
+    }
+
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup container,
             Bundle savedInstanceState) {

src/com/android/settings/system/ResetDashboardFragment.java

@@ -57,6 +57,11 @@ protected List<AbstractPreferenceController> createPreferenceControllers(Context
         return buildPreferenceControllers(context, getSettingsLifecycle());
     }
 
+    @Override
+    protected boolean shouldSkipForInitialSUW() {
+        return true;
+    }
+
     private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
             Lifecycle lifecycle) {
         final List<AbstractPreferenceController> controllers = new ArrayList<>();

tests/robotests/src/com/android/settings/SettingsPreferenceFragmentTest.java

@@ -23,11 +23,13 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import android.content.Context;
 import android.os.Bundle;
+import android.provider.Settings;
 import android.view.View;
 import android.widget.FrameLayout;
 
@@ -41,6 +43,7 @@
 import com.android.settings.testutils.shadow.ShadowFragment;
 import com.android.settings.widget.WorkOnlyCategory;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -64,21 +67,34 @@ public class SettingsPreferenceFragmentTest {
     private PreferenceScreen mPreferenceScreen;
     private Context mContext;
     private TestFragment mFragment;
+    private TestFragment2 mFragment2;
     private View mEmptyView;
+    private int mInitDeviceProvisionedValue;
 
     @Before
     public void setUp() {
         MockitoAnnotations.initMocks(this);
         FakeFeatureFactory.setupForTest();
         mContext = RuntimeEnvironment.application;
         mFragment = spy(new TestFragment());
+        mFragment2 = spy(new TestFragment2());
         doReturn(mActivity).when(mFragment).getActivity();
         when(mFragment.getContext()).thenReturn(mContext);
+        when(mFragment2.getContext()).thenReturn(mContext);
 
         mEmptyView = new View(mContext);
         ReflectionHelpers.setField(mFragment, "mEmptyView", mEmptyView);
 
         doReturn(ITEM_COUNT).when(mPreferenceScreen).getPreferenceCount();
+
+        mInitDeviceProvisionedValue = Settings.Global.getInt(mContext.getContentResolver(),
+                Settings.Global.DEVICE_PROVISIONED, 0);
+    }
+
+    @After
+    public void tearDown() {
+        Settings.Global.putInt(mContext.getContentResolver(),
+                Settings.Global.DEVICE_PROVISIONED, mInitDeviceProvisionedValue);
     }
 
     @Test
@@ -210,8 +226,66 @@ public void hidePinnedHeader_shouldBeInvisible() {
         assertThat(mFragment.mPinnedHeaderFrameLayout.getVisibility()).isEqualTo(View.INVISIBLE);
     }
 
+    @Test
+    public void onAttach_shouldNotSkipForSUWAndDeviceIsProvisioned_notCallFinish() {
+        Settings.Global.putInt(mContext.getContentResolver(),
+                Settings.Global.DEVICE_PROVISIONED, 1);
+
+        mFragment.onAttach(mContext);
+
+        verify(mFragment, never()).finish();
+    }
+
+    @Test
+    public void onAttach_shouldNotSkipForSUWAndDeviceIsNotProvisioned_notCallFinish() {
+        Settings.Global.putInt(mContext.getContentResolver(),
+                Settings.Global.DEVICE_PROVISIONED, 0);
+
+        mFragment.onAttach(mContext);
+
+        verify(mFragment, never()).finish();
+    }
+
+    @Test
+    public void onAttach_shouldSkipForSUWAndDeviceIsDeviceProvisioned_notCallFinish() {
+        Settings.Global.putInt(mContext.getContentResolver(),
+                Settings.Global.DEVICE_PROVISIONED, 1);
+
+        mFragment2.onAttach(mContext);
+
+        verify(mFragment2, never()).finish();
+    }
+
+    @Test
+    public void onAttach_shouldSkipForSUWAndDeviceProvisioned_notCallFinish() {
+        Settings.Global.putInt(mContext.getContentResolver(),
+                Settings.Global.DEVICE_PROVISIONED, 0);
+
+        mFragment2.onAttach(mContext);
+
+        verify(mFragment2, times(1)).finish();
+    }
+
     public static class TestFragment extends SettingsPreferenceFragment {
 
+        @Override
+        protected boolean shouldSkipForInitialSUW() {
+            return false;
+        }
+
+        @Override
+        public int getMetricsCategory() {
+            return 0;
+        }
+    }
+
+    public static class TestFragment2 extends SettingsPreferenceFragment {
+
+        @Override
+        protected boolean shouldSkipForInitialSUW() {
+            return true;
+        }
+
         @Override
         public int getMetricsCategory() {
             return 0;

tests/robotests/src/com/android/settings/accounts/AccountDashboardFragmentTest.java

@@ -114,4 +114,9 @@ public void searchIndexProvider_hasAccounts_shouldIndex() {
 
         assertThat(indexRaws).isNotEmpty();
     }
+
+    @Test
+    public void shouldSkipForInitialSUW_returnTrue() {
+        assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+    }
 }

tests/robotests/src/com/android/settings/applications/appinfo/AppInfoDashboardFragmentTest.java

@@ -384,6 +384,11 @@ public void startAppInfoFragment_includesNewAndOldArgs() {
                 .isTrue();
     }
 
+    @Test
+    public void shouldSkipForInitialSUW_returnTrue() {
+        assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+    }
+
     @Implements(AppUtils.class)
     public static class ShadowAppUtils {
 

tests/robotests/src/com/android/settings/development/DevelopmentSettingsDashboardFragmentTest.java

@@ -276,6 +276,11 @@ public void onDisableLogPersistDialogRejected_shouldCallControllerDialogRejected
         verify(controller).onDisableLogPersistDialogRejected();
     }
 
+    @Test
+    public void shouldSkipForInitialSUW_returnTrue() {
+        assertThat(mDashboard.shouldSkipForInitialSUW()).isTrue();
+    }
+
     @Implements(EnableDevelopmentSettingWarningDialog.class)
     public static class ShadowEnableDevelopmentSettingWarningDialog {
 

tests/robotests/src/com/android/settings/system/ResetDashboardFragmentTest.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.system;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+
+@RunWith(RobolectricTestRunner.class)
+public class ResetDashboardFragmentTest {
+
+    private ResetDashboardFragment mFragment;
+
+    @Before
+    public void setup() {
+        mFragment = new ResetDashboardFragment();
+    }
+
+    @Test
+    public void shouldSkipForInitialSUW_returnTrue() {
+        assertThat(mFragment.shouldSkipForInitialSUW()).isTrue();
+    }
+}