DivestOS/Patches/LineageOS-20.0/ASB2023-09/settings-03.patch

From ba4da9c7b3a711a5e1c73dcf361b0c14fe02ebf4 Mon Sep 17 00:00:00 2001
From: Taran Singh <tarandeep@google.com>
Date: Fri, 19 May 2023 23:17:47 +0000
Subject: [PATCH] DO NOT MERGE: Prevent non-system IME from becoming device
 admin

Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
activate itself as device admin and cause various DoS attacks.

This CL ensures KeyEvent on "Activate" button can only come from system
apps.

Bug: 280793427
Test: atest DeviceAdminActivationTest
(cherry picked from commit 70a501d02e0a6aefd874767a15378ba998759373)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0976cd789d3bfb593e73237b5b0adc39933a1c1c)
Merged-In: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
---
 .../deviceadmin/DeviceAdminAdd.java           | 129 +++++++++---------
 1 file changed, 68 insertions(+), 61 deletions(-)

diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
index fa76a948c06..5746d13666a 100644
--- a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
@@ -66,6 +66,7 @@
 import android.util.EventLog;
 import android.util.Log;
 import android.view.Display;
+import android.view.KeyEvent;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
@@ -156,12 +157,12 @@ protected void onCreate(Bundle icicle) {
 
         mHandler = new Handler(getMainLooper());
 
-        mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
-        mAppOps = (AppOpsManager)getSystemService(Context.APP_OPS_SERVICE);
-        mLayoutInflaternflater = (LayoutInflater) getSystemService(Context.LAYOUT_INFLATER_SERVICE);
+        mDPM = getSystemService(DevicePolicyManager.class);
+        mAppOps = getSystemService(AppOpsManager.class);
+        mLayoutInflaternflater = getSystemService(LayoutInflater.class);
         PackageManager packageManager = getPackageManager();
 
-        if ((getIntent().getFlags()&Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {
+        if ((getIntent().getFlags() & Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {
             Log.w(TAG, "Cannot start ADD_DEVICE_ADMIN as a new task");
             finish();
             return;
@@ -171,7 +172,7 @@ protected void onCreate(Bundle icicle) {
                 EXTRA_CALLED_FROM_SUPPORT_DIALOG, false);
 
         String action = getIntent().getAction();
-        ComponentName who = (ComponentName)getIntent().getParcelableExtra(
+        ComponentName who = (ComponentName) getIntent().getParcelableExtra(
                 DevicePolicyManager.EXTRA_DEVICE_ADMIN);
         if (who == null) {
             String packageName = getIntent().getStringExtra(EXTRA_DEVICE_ADMIN_PACKAGE_NAME);
@@ -229,7 +230,7 @@ protected void onCreate(Bundle icicle) {
                     PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS);
             int count = avail == null ? 0 : avail.size();
             boolean found = false;
-            for (int i=0; i<count; i++) {
+            for (int i = 0; i < count; i++) {
                 ResolveInfo ri = avail.get(i);
                 if (ai.packageName.equals(ri.activityInfo.packageName)
                         && ai.name.equals(ri.activityInfo.name)) {
@@ -345,22 +346,22 @@ public void onDismiss(DialogInterface dialogInterface) {
             mAdminWarning = dialog.findViewById(R.id.admin_warning_simplified);
             mAdminWarning.setText(
                     mDPM.getResources().getString(NEW_DEVICE_ADMIN_WARNING_SIMPLIFIED, () ->
-                    getString(R.string.device_admin_warning_simplified,
-                    mProfileOwnerName), mProfileOwnerName));
+                            getString(R.string.device_admin_warning_simplified,
+                                    mProfileOwnerName), mProfileOwnerName));
             return;
         }
         setContentView(R.layout.device_admin_add);
 
-        mAdminIcon = (ImageView)findViewById(R.id.admin_icon);
-        mAdminName = (TextView)findViewById(R.id.admin_name);
-        mAdminDescription = (TextView)findViewById(R.id.admin_description);
+        mAdminIcon = (ImageView) findViewById(R.id.admin_icon);
+        mAdminName = (TextView) findViewById(R.id.admin_name);
+        mAdminDescription = (TextView) findViewById(R.id.admin_description);
         mProfileOwnerWarning = (TextView) findViewById(R.id.profile_owner_warning);
 
         mProfileOwnerWarning.setText(
                 mDPM.getResources().getString(SET_PROFILE_OWNER_POSTSETUP_WARNING,
                         () -> getString(R.string.adding_profile_owner_warning)));
 
-        mAddMsg = (TextView)findViewById(R.id.add_msg);
+        mAddMsg = (TextView) findViewById(R.id.add_msg);
         mAddMsgExpander = (ImageView) findViewById(R.id.add_msg_expander);
         final View.OnClickListener onClickListener = new View.OnClickListener() {
             @Override
@@ -381,7 +382,7 @@ public void onGlobalLayout() {
                         boolean hideMsgExpander = mAddMsg.getLineCount() <= maxLines;
                         mAddMsgExpander.setVisibility(hideMsgExpander ? View.GONE : View.VISIBLE);
                         if (hideMsgExpander) {
-                            ((View)mAddMsgExpander.getParent()).invalidate();
+                            ((View) mAddMsgExpander.getParent()).invalidate();
                         }
                         mAddMsg.getViewTreeObserver().removeOnGlobalLayoutListener(this);
                     }
@@ -399,7 +400,7 @@ public void onGlobalLayout() {
         mCancelButton.setOnClickListener(new View.OnClickListener() {
             public void onClick(View v) {
                 EventLog.writeEvent(EventLogTags.EXP_DET_DEVICE_ADMIN_DECLINED_BY_USER,
-                    mDeviceAdmin.getActivityInfo().applicationInfo.uid);
+                        mDeviceAdmin.getActivityInfo().applicationInfo.uid);
                 finish();
             }
         });
@@ -421,58 +422,64 @@ public void onClick(View v) {
 
         final View restrictedAction = findViewById(R.id.restricted_action);
         restrictedAction.setFilterTouchesWhenObscured(true);
-        restrictedAction.setOnClickListener(new View.OnClickListener() {
-            public void onClick(View v) {
-                if (!mActionButton.isEnabled()) {
-                    showPolicyTransparencyDialogIfRequired();
-                    return;
-                }
-                if (mAdding) {
-                    addAndFinish();
-                } else if (isManagedProfile(mDeviceAdmin)
-                        && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {
-                    final int userId = UserHandle.myUserId();
-                    UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,
-                            new DialogInterface.OnClickListener() {
-                                @Override
-                                public void onClick(DialogInterface dialog, int which) {
-                                    UserManager um = UserManager.get(DeviceAdminAdd.this);
-                                    um.removeUser(userId);
-                                    finish();
-                                }
+
+        final View.OnClickListener restrictedActionClickListener = v -> {
+            if (!mActionButton.isEnabled()) {
+                showPolicyTransparencyDialogIfRequired();
+                return;
+            }
+            if (mAdding) {
+                addAndFinish();
+            } else if (isManagedProfile(mDeviceAdmin)
+                    && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {
+                final int userId = UserHandle.myUserId();
+                UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,
+                        new DialogInterface.OnClickListener() {
+                            @Override
+                            public void onClick(DialogInterface dialog, int which) {
+                                UserManager um = UserManager.get(DeviceAdminAdd.this);
+                                um.removeUser(userId);
+                                finish();
                             }
-                    ).show();
-                } else if (mUninstalling) {
-                    mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());
-                    finish();
-                } else if (!mWaitingForRemoveMsg) {
-                    try {
-                        // Don't allow the admin to put a dialog up in front
-                        // of us while we interact with the user.
-                        ActivityManager.getService().stopAppSwitches();
-                    } catch (RemoteException e) {
-                    }
-                    mWaitingForRemoveMsg = true;
-                    mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),
-                            new RemoteCallback(new RemoteCallback.OnResultListener() {
-                                @Override
-                                public void onResult(Bundle result) {
-                                    CharSequence msg = result != null
-                                            ? result.getCharSequence(
-                                            DeviceAdminReceiver.EXTRA_DISABLE_WARNING)
-                                            : null;
-                                    continueRemoveAction(msg);
-                                }
-                            }, mHandler));
-                    // Don't want to wait too long.
-                    getWindow().getDecorView().getHandler().postDelayed(new Runnable() {
-                        @Override public void run() {
-                            continueRemoveAction(null);
                         }
-                    }, 2*1000);
+                ).show();
+            } else if (mUninstalling) {
+                mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());
+                finish();
+            } else if (!mWaitingForRemoveMsg) {
+                try {
+                    // Don't allow the admin to put a dialog up in front
+                    // of us while we interact with the user.
+                    ActivityManager.getService().stopAppSwitches();
+                } catch (RemoteException e) {
                 }
+                mWaitingForRemoveMsg = true;
+                mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),
+                        new RemoteCallback(new RemoteCallback.OnResultListener() {
+                            @Override
+                            public void onResult(Bundle result) {
+                                CharSequence msg = result != null
+                                        ? result.getCharSequence(
+                                        DeviceAdminReceiver.EXTRA_DISABLE_WARNING)
+                                        : null;
+                                continueRemoveAction(msg);
+                            }
+                        }, mHandler));
+                // Don't want to wait too long.
+                getWindow().getDecorView().getHandler().postDelayed(
+                        () -> continueRemoveAction(null), 2 * 1000);
+            }
+        };
+        restrictedAction.setOnKeyListener((view, keyCode, keyEvent) -> {
+            if ((keyEvent.getFlags() & KeyEvent.FLAG_FROM_SYSTEM) == 0) {
+                Log.e(TAG, "Can not activate device-admin with KeyEvent from non-system app.");
+                // Consume event to suppress click.
+                return true;
             }
+            // Fallback to view click handler.
+            return false;
         });
+        restrictedAction.setOnClickListener(restrictedActionClickListener);
     }
 
     /**
20.0: September ASB picks wget https://github.com/GrapheneOS/platform_packages_services_Telephony/commit/b96ee4a2d1ec8c552af40820077fe85f9b2fa01f.patch -O telephony-01.patch wget https://github.com/GrapheneOS/platform_packages_providers_MediaProvider/commit/c16e6e78c1c8ba40f8c2ff6a4d87afe44590eb7f.patch -O media-01.patch wget https://github.com/GrapheneOS/platform_packages_providers_MediaProvider/commit/d5771450d7b2acde9fa051dedbb6c115b001d48b.patch -O media-02.patch wget https://github.com/GrapheneOS/platform_packages_modules_NeuralNetworks/commit/a1370bd00c106e4d172dc68638778fa111f6ecbe.patch -O nn-01.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/ce2776f4ca4fba080bd64bffa2c8fa2d0188bd45.patch -O bt-01.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/585f583ef5e6c2446df7700d8959774771d2a9d8.patch -O bt-02.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/c9905e7968f603014d8ebd631393f9ba1ffd98c9.patch -O bt-03.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/c93ec045f59462f2fb64242da1a119a7b49c3d50.patch -O bt-04.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/89fb17d17249382f8bd5c4c9b0912447ea7ff676.patch -O bt-05.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/14aed2455e4e800e4bde6175ad3c4910ffcf7b0e.patch -O bt-06.patch wget https://github.com/GrapheneOS/platform_packages_modules_Bluetooth/commit/cd438ebc524bc27b6200c70ccb6ed9f8d0271a10.patch -O bt-07.patch wget https://github.com/GrapheneOS/platform_packages_apps_Nfc/commit/27e7cdc4e5748e2ad85552433cf9c120fd7a936b.patch -O nfc-01.patch wget https://github.com/GrapheneOS/platform_packages_apps_Launcher3/commit/dfeb4270b8ecad08bc5361f122af9453881a5987.patch -O launcher-01.patch wget https://github.com/GrapheneOS/platform_frameworks_native/commit/b1993f6cec45bc638ea1d2875c91d069e89ca57e.patch -O native-01.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/df4a9362cd39867ca7deee537934649bd6a2589f.patch -O fwb-01.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/b55563bb9d534210c3f4c5e21ba07a63360c2094.patch -O fwb-02.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/a80971a28168f2667a2821d008964ba001cad059.patch -O fwb-03.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/7e173b43837c419a7cb77f5758191a557fdc76fa.patch -O fwb-04.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/44191b1c6b55d9e09d8b5fca96176035abc18c31.patch -O fwb-05.patch wget https://github.com/GrapheneOS/platform_frameworks_base/commit/8dc8dfe572ce5e4bcb64418275b6d8c4e05284ac.patch -O fwb-06.patch wget https://github.com/GrapheneOS/platform_frameworks_av/commit/00a42241007a2c2a03b97656c958236091553b80.patch -O av-01.patch wget https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/21623d1f437beb59ceee1fc88cd07d48e3f6a13e.patch -O settings-01.patch wget https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/fa5ec443d94922424112fe8a7c7f9d3b36dca67d.patch -O settings-02.patch wget https://github.com/GrapheneOS/platform_packages_apps_Settings/commit/ba4da9c7b3a711a5e1c73dcf361b0c14fe02ebf4.patch -O settings-03.patch Signed-off-by: Tad <tad@spotco.us> 2023-09-06 19:26:45 +00:00			`From ba4da9c7b3a711a5e1c73dcf361b0c14fe02ebf4 Mon Sep 17 00:00:00 2001`
			`From: Taran Singh <tarandeep@google.com>`
			`Date: Fri, 19 May 2023 23:17:47 +0000`
			`Subject: [PATCH] DO NOT MERGE: Prevent non-system IME from becoming device`
			`admin`

			`Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to`
			`activate itself as device admin and cause various DoS attacks.`

			`This CL ensures KeyEvent on "Activate" button can only come from system`
			`apps.`

			`Bug: 280793427`
			`Test: atest DeviceAdminActivationTest`
			`(cherry picked from commit 70a501d02e0a6aefd874767a15378ba998759373)`
			`(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0976cd789d3bfb593e73237b5b0adc39933a1c1c)`
			`Merged-In: I6470d1684d707f4b1e86f8b456be0b4e0af5f188`
			`Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188`
			`---`
			`.../deviceadmin/DeviceAdminAdd.java \| 129 +++++++++---------`
			`1 file changed, 68 insertions(+), 61 deletions(-)`

			`diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java`
			`index fa76a948c06..5746d13666a 100644`
			`--- a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java`
			`+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java`
			`@@ -66,6 +66,7 @@`
			`import android.util.EventLog;`
			`import android.util.Log;`
			`import android.view.Display;`
			`+import android.view.KeyEvent;`
			`import android.view.LayoutInflater;`
			`import android.view.View;`
			`import android.view.ViewGroup;`
			`@@ -156,12 +157,12 @@ protected void onCreate(Bundle icicle) {`

			`mHandler = new Handler(getMainLooper());`

			`- mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);`
			`- mAppOps = (AppOpsManager)getSystemService(Context.APP_OPS_SERVICE);`
			`- mLayoutInflaternflater = (LayoutInflater) getSystemService(Context.LAYOUT_INFLATER_SERVICE);`
			`+ mDPM = getSystemService(DevicePolicyManager.class);`
			`+ mAppOps = getSystemService(AppOpsManager.class);`
			`+ mLayoutInflaternflater = getSystemService(LayoutInflater.class);`
			`PackageManager packageManager = getPackageManager();`

			`- if ((getIntent().getFlags()&Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {`
			`+ if ((getIntent().getFlags() & Intent.FLAG_ACTIVITY_NEW_TASK) != 0) {`
			`Log.w(TAG, "Cannot start ADD_DEVICE_ADMIN as a new task");`
			`finish();`
			`return;`
			`@@ -171,7 +172,7 @@ protected void onCreate(Bundle icicle) {`
			`EXTRA_CALLED_FROM_SUPPORT_DIALOG, false);`

			`String action = getIntent().getAction();`
			`- ComponentName who = (ComponentName)getIntent().getParcelableExtra(`
			`+ ComponentName who = (ComponentName) getIntent().getParcelableExtra(`
			`DevicePolicyManager.EXTRA_DEVICE_ADMIN);`
			`if (who == null) {`
			`String packageName = getIntent().getStringExtra(EXTRA_DEVICE_ADMIN_PACKAGE_NAME);`
			`@@ -229,7 +230,7 @@ protected void onCreate(Bundle icicle) {`
			`PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS);`
			`int count = avail == null ? 0 : avail.size();`
			`boolean found = false;`
			`- for (int i=0; i<count; i++) {`
			`+ for (int i = 0; i < count; i++) {`
			`ResolveInfo ri = avail.get(i);`
			`if (ai.packageName.equals(ri.activityInfo.packageName)`
			`&& ai.name.equals(ri.activityInfo.name)) {`
			`@@ -345,22 +346,22 @@ public void onDismiss(DialogInterface dialogInterface) {`
			`mAdminWarning = dialog.findViewById(R.id.admin_warning_simplified);`
			`mAdminWarning.setText(`
			`mDPM.getResources().getString(NEW_DEVICE_ADMIN_WARNING_SIMPLIFIED, () ->`
			`- getString(R.string.device_admin_warning_simplified,`
			`- mProfileOwnerName), mProfileOwnerName));`
			`+ getString(R.string.device_admin_warning_simplified,`
			`+ mProfileOwnerName), mProfileOwnerName));`
			`return;`
			`}`
			`setContentView(R.layout.device_admin_add);`

			`- mAdminIcon = (ImageView)findViewById(R.id.admin_icon);`
			`- mAdminName = (TextView)findViewById(R.id.admin_name);`
			`- mAdminDescription = (TextView)findViewById(R.id.admin_description);`
			`+ mAdminIcon = (ImageView) findViewById(R.id.admin_icon);`
			`+ mAdminName = (TextView) findViewById(R.id.admin_name);`
			`+ mAdminDescription = (TextView) findViewById(R.id.admin_description);`
			`mProfileOwnerWarning = (TextView) findViewById(R.id.profile_owner_warning);`

			`mProfileOwnerWarning.setText(`
			`mDPM.getResources().getString(SET_PROFILE_OWNER_POSTSETUP_WARNING,`
			`() -> getString(R.string.adding_profile_owner_warning)));`

			`- mAddMsg = (TextView)findViewById(R.id.add_msg);`
			`+ mAddMsg = (TextView) findViewById(R.id.add_msg);`
			`mAddMsgExpander = (ImageView) findViewById(R.id.add_msg_expander);`
			`final View.OnClickListener onClickListener = new View.OnClickListener() {`
			`@Override`
			`@@ -381,7 +382,7 @@ public void onGlobalLayout() {`
			`boolean hideMsgExpander = mAddMsg.getLineCount() <= maxLines;`
			`mAddMsgExpander.setVisibility(hideMsgExpander ? View.GONE : View.VISIBLE);`
			`if (hideMsgExpander) {`
			`- ((View)mAddMsgExpander.getParent()).invalidate();`
			`+ ((View) mAddMsgExpander.getParent()).invalidate();`
			`}`
			`mAddMsg.getViewTreeObserver().removeOnGlobalLayoutListener(this);`
			`}`
			`@@ -399,7 +400,7 @@ public void onGlobalLayout() {`
			`mCancelButton.setOnClickListener(new View.OnClickListener() {`
			`public void onClick(View v) {`
			`EventLog.writeEvent(EventLogTags.EXP_DET_DEVICE_ADMIN_DECLINED_BY_USER,`
			`- mDeviceAdmin.getActivityInfo().applicationInfo.uid);`
			`+ mDeviceAdmin.getActivityInfo().applicationInfo.uid);`
			`finish();`
			`}`
			`});`
			`@@ -421,58 +422,64 @@ public void onClick(View v) {`

			`final View restrictedAction = findViewById(R.id.restricted_action);`
			`restrictedAction.setFilterTouchesWhenObscured(true);`
			`- restrictedAction.setOnClickListener(new View.OnClickListener() {`
			`- public void onClick(View v) {`
			`- if (!mActionButton.isEnabled()) {`
			`- showPolicyTransparencyDialogIfRequired();`
			`- return;`
			`- }`
			`- if (mAdding) {`
			`- addAndFinish();`
			`- } else if (isManagedProfile(mDeviceAdmin)`
			`- && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {`
			`- final int userId = UserHandle.myUserId();`
			`- UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,`
			`- new DialogInterface.OnClickListener() {`
			`- @Override`
			`- public void onClick(DialogInterface dialog, int which) {`
			`- UserManager um = UserManager.get(DeviceAdminAdd.this);`
			`- um.removeUser(userId);`
			`- finish();`
			`- }`
			`+`
			`+ final View.OnClickListener restrictedActionClickListener = v -> {`
			`+ if (!mActionButton.isEnabled()) {`
			`+ showPolicyTransparencyDialogIfRequired();`
			`+ return;`
			`+ }`
			`+ if (mAdding) {`
			`+ addAndFinish();`
			`+ } else if (isManagedProfile(mDeviceAdmin)`
			`+ && mDeviceAdmin.getComponent().equals(mDPM.getProfileOwner())) {`
			`+ final int userId = UserHandle.myUserId();`
			`+ UserDialogs.createRemoveDialog(DeviceAdminAdd.this, userId,`
			`+ new DialogInterface.OnClickListener() {`
			`+ @Override`
			`+ public void onClick(DialogInterface dialog, int which) {`
			`+ UserManager um = UserManager.get(DeviceAdminAdd.this);`
			`+ um.removeUser(userId);`
			`+ finish();`
			`}`
			`- ).show();`
			`- } else if (mUninstalling) {`
			`- mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());`
			`- finish();`
			`- } else if (!mWaitingForRemoveMsg) {`
			`- try {`
			`- // Don't allow the admin to put a dialog up in front`
			`- // of us while we interact with the user.`
			`- ActivityManager.getService().stopAppSwitches();`
			`- } catch (RemoteException e) {`
			`- }`
			`- mWaitingForRemoveMsg = true;`
			`- mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),`
			`- new RemoteCallback(new RemoteCallback.OnResultListener() {`
			`- @Override`
			`- public void onResult(Bundle result) {`
			`- CharSequence msg = result != null`
			`- ? result.getCharSequence(`
			`- DeviceAdminReceiver.EXTRA_DISABLE_WARNING)`
			`- : null;`
			`- continueRemoveAction(msg);`
			`- }`
			`- }, mHandler));`
			`- // Don't want to wait too long.`
			`- getWindow().getDecorView().getHandler().postDelayed(new Runnable() {`
			`- @Override public void run() {`
			`- continueRemoveAction(null);`
			`}`
			`- }, 2*1000);`
			`+ ).show();`
			`+ } else if (mUninstalling) {`
			`+ mDPM.uninstallPackageWithActiveAdmins(mDeviceAdmin.getPackageName());`
			`+ finish();`
			`+ } else if (!mWaitingForRemoveMsg) {`
			`+ try {`
			`+ // Don't allow the admin to put a dialog up in front`
			`+ // of us while we interact with the user.`
			`+ ActivityManager.getService().stopAppSwitches();`
			`+ } catch (RemoteException e) {`
			`}`
			`+ mWaitingForRemoveMsg = true;`
			`+ mDPM.getRemoveWarning(mDeviceAdmin.getComponent(),`
			`+ new RemoteCallback(new RemoteCallback.OnResultListener() {`
			`+ @Override`
			`+ public void onResult(Bundle result) {`
			`+ CharSequence msg = result != null`
			`+ ? result.getCharSequence(`
			`+ DeviceAdminReceiver.EXTRA_DISABLE_WARNING)`
			`+ : null;`
			`+ continueRemoveAction(msg);`
			`+ }`
			`+ }, mHandler));`
			`+ // Don't want to wait too long.`
			`+ getWindow().getDecorView().getHandler().postDelayed(`
			`+ () -> continueRemoveAction(null), 2 * 1000);`
			`+ }`
			`+ };`
			`+ restrictedAction.setOnKeyListener((view, keyCode, keyEvent) -> {`
			`+ if ((keyEvent.getFlags() & KeyEvent.FLAG_FROM_SYSTEM) == 0) {`
			`+ Log.e(TAG, "Can not activate device-admin with KeyEvent from non-system app.");`
			`+ // Consume event to suppress click.`
			`+ return true;`
			`}`
			`+ // Fallback to view click handler.`
			`+ return false;`
			`});`
			`+ restrictedAction.setOnClickListener(restrictedActionClickListener);`
			`}`

			`/**`