add automatic installation of play apps into work profile #147
Conversation
|
New, simpler approach. No custom permissions, no custom apis In InstallStart when installing apps it checks if play store is genuine google play store and the user is a work profile and skips the DISALLOW_UNKNOWN_SOURCES restriction DevicePolicyGmsHooks runs after device policy manager creates the profile and installs store + services and gives the store permission to install packages (REQUEST_INSTALL_PACKAGES) (only if the managing app requires play services) |
mkg20001
force-pushed
the
gapps-work-profile-new
branch
2 times, most recently
from
65c24ec to
6090d44
Compare
|
I remember last time I was told the play store installation shouldn't happen in DevicePolicyManagerService as it has too many permissions I need the installation to happen just before the device policy app is installed and gets any intent, as it may crash due to lack of play services. I'm none the wiser on how to do that securely and I'd appreciate some guidence if possible |
|
Absolute legend mate, thank you so much for continuing to develop and push this! |
mkg20001
force-pushed
the
gapps-work-profile-new
branch
from
6090d44 to
b7c9a88
Compare
thestinger
force-pushed
the
15-qpr2
branch
5 times, most recently
from
5f3142f to
8edf282
Compare
thestinger
force-pushed
the
15-qpr2
branch
10 times, most recently
from
3ec1472 to
ccaf1e6
Compare
How do we know the managing app requires play services? For example, Microsoft Company Portal requires it to set up the work profile. Will this change support that use case? |
See 437b272#diff-d0c4fee5a9bb21d19df9696c4428b8053d7842e0e3fde3356fd4bdc335666548R33 |
thestinger
force-pushed
the
15-qpr2
branch
3 times, most recently
from
44f6627 to
c0c2721
Compare
mkg20001
force-pushed
the
gapps-work-profile-new
branch
from
b7c9a88 to
bdfe2c2
Compare
thestinger
force-pushed
the
15-qpr2
branch
2 times, most recently
from
1e77b17 to
acd9811
Compare
SystemUITests contains tests that calls SystemUI code that accesses GrapheneOS settings such as lockscreen_scramble_pin_layout, scramble_sim_pin_layout and lockscreen_scramble_pin_layout_secondary Test: atest SystemUITests:com.android.systemui.tests com.android.keyguard.KeyguardPinViewControllerTest Test: atest SystemUITests:com.android.keyguard.KeyguardPinBasedInputViewControllerTest
Edge-to-edge is still not supported in many AOSP UIs and in LogViewer.
This reverts commit 569110fb91ed4c876c05d773555ec1de0603f175.
This approach is no longer viable since Pixel USB HAL sources are not available anymore.
There is new code in Android 16 that gets called when hardware keyboard gets added / updated / removed if the com.android.internal.widget.flags.hide_last_char_with_physical_input aconfig flag is enabled. When this happens, it seems it will always use LockDomain.Primary's setting for enhanced PIN privacy when the external keyboard state changes; the`isPinEnhancedPrivacyEnabled` method uses Primary by default via a method override if a LockDomain is not passed. Fix this by passing the stored mLockDomain field. Also fixes test failures due to mocking a function that never gets called from 2FA changes. Test: atest SystemUITests:com.android.keyguard.KeyguardPinBasedInputViewControllerTest
It's used by arsclib.
This reverts commit 59f7252.
When setting up a google-managed work profile, GmsCore tries to install the Android Device Policy app For this to work REQUEST_INSTALL_PACKAGES permission needs to be in it's manifest
…nto work profile Currently when creating a work profile with a DPC app that requires play services, the DPC app expects play services to also exist on the work profile Since play services aren't global on GOS, this patch automatically installs them into the work profile Whether an app requires play services is automatically detected Because this needs to happen before the DPC app is triggered in any way in the work profile, this needs to be part of the profile creation itself.
When a work profile with play services gets created Play Store can't install any apps as the work profile may have a policy active to forbid unknown sources as it is not aware that play store is not a system app and gets blocked by that policy. Here we detect if the play store is genuine and is trying to install an app in a work profile. If that is the case we allow it to proceed, despite not being a
mkg20001
force-pushed
the
gapps-work-profile-new
branch
from
4778e63 to
0742a64
Compare
|
new issue, play store is not being copied. |
thestinger
force-pushed
the
16
branch
2 times, most recently
from
3a3da14 to
b8ebc93
Compare
|
This would fix a lot of issues lol |
|
Hi just checking, are there plans to merge this yet? Thanks |
|
This is currently broken and i have no resources to update and fix |
What?! Please noo. :'( |
20 participants
Currently when creating a work profile with a DPC app that requires play services, the DPC app expects play services to also exist on the work profile
Since play services aren't global on GOS, this patch automatically installs them into the work profile
Whether an app requires play services is automatically detected
Because this needs to happen before the DPC app is triggered in any way in the work profile, this needs to be part of the profile creation itself.