From fb85a69370578cdb23d2bb091a7736f1fc3d08b9 Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Thu, 9 Jun 2022 11:27:32 +0200
Subject: [PATCH 001/117] Settings: Pass empty lottie resource for quickly open
 camera animation

This lets us hide it properly.

Change-Id: I02ac031a835236811b82a7de283335390ffebab9
---
 res/drawable/quickly_open_camera.xml    | 3 ---
 res/raw/lottie_quickly_open_camera.json | 0
 res/xml/double_tap_power_settings.xml   | 2 +-
 3 files changed, 1 insertion(+), 4 deletions(-)
 delete mode 100644 res/drawable/quickly_open_camera.xml
 create mode 100644 res/raw/lottie_quickly_open_camera.json

diff --git a/res/drawable/quickly_open_camera.xml b/res/drawable/quickly_open_camera.xml
deleted file mode 100644
index dcbf9f4dc68..00000000000
--- a/res/drawable/quickly_open_camera.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<shape>
-</shape>
diff --git a/res/raw/lottie_quickly_open_camera.json b/res/raw/lottie_quickly_open_camera.json
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/res/xml/double_tap_power_settings.xml b/res/xml/double_tap_power_settings.xml
index 783d045b5d5..a1e133d8e91 100644
--- a/res/xml/double_tap_power_settings.xml
+++ b/res/xml/double_tap_power_settings.xml
@@ -22,7 +22,7 @@
     <com.android.settingslib.widget.IllustrationPreference
         android:key="gesture_double_tap_power_video"
         settings:searchable="false"
-        settings:lottie_rawRes="@drawable/quickly_open_camera"
+        settings:lottie_rawRes="@raw/lottie_quickly_open_camera"
         settings:controller="com.android.settings.gestures.DoubleTapPowerIllustrationPreferenceController"/>
 
     <com.android.settingslib.widget.MainSwitchPreference

From 07a9ab0e2d38c508408516d01e3ead2e01d70011 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 14 Feb 2023 10:05:57 +0200
Subject: [PATCH 002/117] add a toggle for auto-grants of OTHER_SENSORS
 permission

---
 res/values/strings_ext.xml                 | 4 ++++
 res/xml/more_security_privacy_settings.xml | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index d80f4360aa0..60a38fd4cef 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -11,4 +11,8 @@
     <string name="app_exploit_protection_category">App exploit protection</string>
 
 
+    <string name="auto_grant_OTHER_SENSORS_permission_title">Allow Sensors permission to apps by default</string>
+    <string name="auto_grant_OTHER_SENSORS_permission_summary_on">Sensors is a non-standard permission, apps may malfunction if it’s denied.</string>
+    <string name="auto_grant_OTHER_SENSORS_permission_summary_off">A permission prompt will be shown when an app tries to access sensors. Note that some apps may need to be manually restarted after allowing the Sensors permission.</string>
+
 </resources>
diff --git a/res/xml/more_security_privacy_settings.xml b/res/xml/more_security_privacy_settings.xml
index 56706c3f91a..b22cc9e12ae 100644
--- a/res/xml/more_security_privacy_settings.xml
+++ b/res/xml/more_security_privacy_settings.xml
@@ -97,6 +97,13 @@
             settings:controller=
                 "com.android.settings.sound.MediaControlsLockScreenPreferenceController" />
 
+        <SwitchPreferenceCompat
+            android:key="privacy_auto_grant_OTHER_SENSORS_permission"
+            android:title="@string/auto_grant_OTHER_SENSORS_permission_title"
+            android:summaryOn="@string/auto_grant_OTHER_SENSORS_permission_summary_on"
+            android:summaryOff="@string/auto_grant_OTHER_SENSORS_permission_summary_off"
+            settings:boolSettingField="android.ext.settings.ExtSettings AUTO_GRANT_OTHER_SENSORS_PERMISSION"/>
+
         <!-- Allow software fallback for camera extensions -->
         <SwitchPreferenceCompat
             android:key="privacy_camera_extensions_fallback"

From daf097c02c6b26e0bc18bf7f52557ef3a52de10e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 14 Feb 2023 10:27:56 +0200
Subject: [PATCH 003/117] add a toggle for camera access from the lock screen

---
 res/values/strings_ext.xml       | 2 ++
 res/xml/screen_lock_settings.xml | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 60a38fd4cef..eb282e89d04 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -15,4 +15,6 @@
     <string name="auto_grant_OTHER_SENSORS_permission_summary_on">Sensors is a non-standard permission, apps may malfunction if it’s denied.</string>
     <string name="auto_grant_OTHER_SENSORS_permission_summary_off">A permission prompt will be shown when an app tries to access sensors. Note that some apps may need to be manually restarted after allowing the Sensors permission.</string>
 
+    <string name="keyguard_camera_title">Allow camera access when locked</string>
+
 </resources>
diff --git a/res/xml/screen_lock_settings.xml b/res/xml/screen_lock_settings.xml
index 19061d9b855..d2553f61a25 100644
--- a/res/xml/screen_lock_settings.xml
+++ b/res/xml/screen_lock_settings.xml
@@ -52,4 +52,9 @@
         android:key="power_button_instantly_locks"
         android:title="@string/lockpattern_settings_enable_power_button_instantly_locks" />
 
+    <SwitchPreferenceCompat
+        android:key="allow_keyguard_camera"
+        android:title="@string/keyguard_camera_title"
+        settings:boolSettingField="android.ext.settings.ExtSettings ALLOW_KEYGUARD_CAMERA" />
+
 </PreferenceScreen>

From b08c1bddea86a35ea75105b8c1ce3f6f30b3ff01 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 14 Feb 2023 11:23:29 +0200
Subject: [PATCH 004/117] add auto-reboot setting

Squashed with:
20d4d3e46ba4a626d6044df499b91c1fc5e5bd96
514f0ddf2adbb7b69b0750806020476cef8ed17e

Co-authored-by: Daniel Micay <daniel.micay@grapheneos.org>
---
 res/values/strings_ext.xml                    |  3 ++
 res/xml/exploit_protection_settings.xml       |  5 ++
 .../security/AutoRebootPrefController.java    | 49 +++++++++++++++++++
 3 files changed, 57 insertions(+)
 create mode 100644 src/com/android/settings/security/AutoRebootPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index eb282e89d04..4cfb702a329 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -17,4 +17,7 @@
 
     <string name="keyguard_camera_title">Allow camera access when locked</string>
 
+    <string name="auto_reboot_title">Auto reboot</string>
+    <string name="auto_reboot_footer">Automatically reboot the device if it hasn\'t been unlocked within the selected duration of time.</string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 54da29f1394..faaf3b59180 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -5,6 +5,11 @@
     android:key="exploit_protection_settings"
     android:title="@string/exploit_protection_settings">
 
+    <Preference
+        android:key="auto_reboot"
+        android:title="@string/auto_reboot_title"
+        settings:controller="com.android.settings.security.AutoRebootPrefController" />
+
     <PreferenceCategory
         android:key="app_exploit_protection_settings"
         android:title="@string/app_exploit_protection_category">
diff --git a/src/com/android/settings/security/AutoRebootPrefController.java b/src/com/android/settings/security/AutoRebootPrefController.java
new file mode 100644
index 00000000000..9c00e954e96
--- /dev/null
+++ b/src/com/android/settings/security/AutoRebootPrefController.java
@@ -0,0 +1,49 @@
+package com.android.settings.security;
+
+import android.content.Context;
+import android.ext.settings.ExtSettings;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+import static java.util.concurrent.TimeUnit.DAYS;
+import static java.util.concurrent.TimeUnit.HOURS;
+import static java.util.concurrent.TimeUnit.MINUTES;
+
+public class AutoRebootPrefController extends IntSettingPrefController {
+
+    public AutoRebootPrefController(Context ctx, String key) {
+        super(ctx, key, ExtSettings.AUTO_REBOOT_TIMEOUT);
+    }
+
+    @Override
+    public void addPrefsBeforeList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.auto_reboot_footer,
+                "https://grapheneos.org/features#auto-reboot");
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        entries.add(R.string.switch_off_text, 0);
+        entries.add(3, DAYS);
+        entries.add(2, DAYS);
+        entries.add(36, HOURS);
+        entries.add(1, DAYS);
+        entries.add(18, HOURS);
+        entries.add(12, HOURS);
+        entries.add(8, HOURS);
+        entries.add(4, HOURS);
+        entries.add(2, HOURS);
+        entries.add(1, HOURS);
+        entries.add(30, MINUTES);
+        entries.add(10, MINUTES);
+    }
+
+    @Override
+    protected boolean isCredentialConfirmationRequired() {
+        return true;
+    }
+}

From be2e8e464abcac8d7c4eef04207d03cfe281ebd4 Mon Sep 17 00:00:00 2001
From: r3g_5z <june@girlboss.ceo>
Date: Sat, 18 Feb 2023 11:09:31 -0500
Subject: [PATCH 005/117] Add toggle for screenshot timestamp EXIF metadata

Signed-off-by: r3g_5z <june@girlboss.ceo>
---
 res/values/strings_ext.xml                 | 3 +++
 res/xml/more_security_privacy_settings.xml | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 4cfb702a329..813daad375c 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -20,4 +20,7 @@
     <string name="auto_reboot_title">Auto reboot</string>
     <string name="auto_reboot_footer">Automatically reboot the device if it hasn\'t been unlocked within the selected duration of time.</string>
 
+    <string name="screenshot_timestamp_exif_title">Save screenshot timestamp to EXIF</string>
+    <string name="screenshot_timestamp_exif_summary">Enables adding a timestamp to screenshot EXIF metadata</string>
+
 </resources>
diff --git a/res/xml/more_security_privacy_settings.xml b/res/xml/more_security_privacy_settings.xml
index b22cc9e12ae..c1b98843a45 100644
--- a/res/xml/more_security_privacy_settings.xml
+++ b/res/xml/more_security_privacy_settings.xml
@@ -104,6 +104,12 @@
             android:summaryOff="@string/auto_grant_OTHER_SENSORS_permission_summary_off"
             settings:boolSettingField="android.ext.settings.ExtSettings AUTO_GRANT_OTHER_SENSORS_PERMISSION"/>
 
+        <SwitchPreferenceCompat
+            android:key="privacy_screenshot_timestamp_exif"
+            android:title="@string/screenshot_timestamp_exif_title"
+            android:summary="@string/screenshot_timestamp_exif_summary"
+            settings:boolSettingField="android.ext.settings.ExtSettings SCREENSHOT_TIMESTAMP_EXIF"/>
+
         <!-- Allow software fallback for camera extensions -->
         <SwitchPreferenceCompat
             android:key="privacy_camera_extensions_fallback"

From 2b82b69265f2ea77f23860d22b0491a67c3c291b Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 3 Mar 2023 09:53:21 +0200
Subject: [PATCH 006/117] add GNSS SUPL setting

---
 res/values/strings_ext.xml                    |  8 ++++
 res/xml/location_settings.xml                 |  5 +++
 .../location/GnssSuplPrefController.java      | 40 +++++++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 src/com/android/settings/location/GnssSuplPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 813daad375c..2ef5fe0ff9d 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -23,4 +23,12 @@
     <string name="screenshot_timestamp_exif_title">Save screenshot timestamp to EXIF</string>
     <string name="screenshot_timestamp_exif_summary">Enables adding a timestamp to screenshot EXIF metadata</string>
 
+    <string name="pref_gnss_supl_title">Secure User Plane Location (SUPL)</string>
+    <string name="pref_gnss_supl_footer">A-GNSS (assisted satellite geolocation) based on nearby cell towers.</string>
+
+    <string name="supl_enabled_grapheneos_proxy">GrapheneOS proxy</string>
+    <string name="supl_enabled_standard_server">Standard server</string>
+    <string name="supl_disabled">Off</string>
+    <string name="supl_disabled_summary">Will make acquiring location lock significantly slower, especially if PSDS is turned off too</string>
+
 </resources>
diff --git a/res/xml/location_settings.xml b/res/xml/location_settings.xml
index 3f26d04287e..07c32921981 100644
--- a/res/xml/location_settings.xml
+++ b/res/xml/location_settings.xml
@@ -69,6 +69,11 @@
             android:title="@string/location_services_preference_title"
             settings:controller="com.android.settings.location.LocationServicesPreferenceController"/>
 
+        <Preference
+            android:key="gnss_supl"
+            android:title="@string/pref_gnss_supl_title"
+            settings:controller="com.android.settings.location.GnssSuplPrefController"/>
+
     </PreferenceCategory>
 
     <com.android.settingslib.widget.FooterPreference
diff --git a/src/com/android/settings/location/GnssSuplPrefController.java b/src/com/android/settings/location/GnssSuplPrefController.java
new file mode 100644
index 00000000000..95be474c9de
--- /dev/null
+++ b/src/com/android/settings/location/GnssSuplPrefController.java
@@ -0,0 +1,40 @@
+package com.android.settings.location;
+
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.ext.settings.GnssSettings;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+public class GnssSuplPrefController extends IntSettingPrefController {
+    private final boolean hasGpsFeature;
+
+    public GnssSuplPrefController(Context ctx, String key) {
+        super(ctx, key, GnssSettings.SUPL_SETTING);
+        hasGpsFeature = ctx.getPackageManager().hasSystemFeature(PackageManager.FEATURE_LOCATION_GPS);
+    }
+
+    @Override
+    public void addPrefsAfterList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.pref_gnss_supl_footer);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (!hasGpsFeature) {
+            return UNSUPPORTED_ON_DEVICE;
+        }
+        return super.getAvailabilityStatus();
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        entries.add(R.string.supl_enabled_grapheneos_proxy, GnssSettings.SUPL_SERVER_GRAPHENEOS_PROXY);
+        entries.add(R.string.supl_enabled_standard_server, GnssSettings.SUPL_SERVER_STANDARD);
+        entries.add(R.string.supl_disabled, R.string.supl_disabled_summary, GnssSettings.SUPL_DISABLED);
+    }
+}

From 097b0531ffac6647a2b7589aad0849eb97211429 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Mon, 16 Oct 2023 09:42:40 -0400
Subject: [PATCH 007/117] disable auto confirm PIN toggle by default

---
 src/com/android/settings/password/ChooseLockPassword.java | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java
index eb7d66708b6..e4d53c94d4a 100644
--- a/src/com/android/settings/password/ChooseLockPassword.java
+++ b/src/com/android/settings/password/ChooseLockPassword.java
@@ -1022,9 +1022,6 @@ private void setAutoPinConfirmOption(boolean enabled, int length) {
             if (enabled && !mIsAlphaMode && isAutoPinConfirmPossible(length)) {
                 mAutoPinConfirmOption.setVisibility(View.VISIBLE);
                 mAutoConfirmSecurityMessage.setVisibility(View.VISIBLE);
-                if (!mIsAutoPinConfirmOptionSetManually) {
-                    mAutoPinConfirmOption.setChecked(length == MIN_AUTO_PIN_REQUIREMENT_LENGTH);
-                }
             } else {
                 mAutoPinConfirmOption.setVisibility(View.GONE);
                 mAutoConfirmSecurityMessage.setVisibility(View.GONE);

From 032186846cfb4f318683499addb0f35dbd4f86f9 Mon Sep 17 00:00:00 2001
From: r3g_5z <june@girlboss.ceo>
Date: Wed, 15 Mar 2023 21:11:12 -0400
Subject: [PATCH 008/117] remove missing display resolution lottie animation

AOSP does not provide these similar to the missing quickly open camera
lottie animation

Signed-off-by: r3g_5z <june@girlboss.ceo>
---
 src/com/android/settings/display/ScreenResolutionFragment.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/com/android/settings/display/ScreenResolutionFragment.java b/src/com/android/settings/display/ScreenResolutionFragment.java
index d9718f66f93..ae37ab9e1b8 100644
--- a/src/com/android/settings/display/ScreenResolutionFragment.java
+++ b/src/com/android/settings/display/ScreenResolutionFragment.java
@@ -101,7 +101,6 @@ protected int getPreferenceScreenResId() {
 
     @Override
     protected void addStaticPreferences(PreferenceScreen screen) {
-        updateIllustrationImage(mImagePreference);
         screen.addPreference(mImagePreference);
 
         final FooterPreference footerPreference = new FooterPreference(screen.getContext());
@@ -223,7 +222,6 @@ protected boolean setDefaultKey(final String key) {
         }
 
         setDisplayMode(width);
-        updateIllustrationImage(mImagePreference);
 
         return true;
     }

From d0b61d815c6ab6d825e83d971841e7228fa9d396 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 24 Jan 2024 19:13:22 +0200
Subject: [PATCH 009/117] add toggle for eSIM support via Google's eSIM LPA
 package

---
 res/values/strings_ext.xml                    |  18 +++
 res/xml/network_provider_internet.xml         |   8 ++
 .../network/GoogleEuiccLpaController.java     | 108 ++++++++++++++++++
 3 files changed, 134 insertions(+)
 create mode 100644 src/com/android/settings/network/GoogleEuiccLpaController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 2ef5fe0ff9d..9c72938e5aa 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -31,4 +31,22 @@
     <string name="supl_disabled">Off</string>
     <string name="supl_disabled_summary">Will make acquiring location lock significantly slower, especially if PSDS is turned off too</string>
 
+    <string name="g_euicc_lpa_title">eSIM support</string>
+    <string name="g_euicc_lpa_enable_dialog_msg">
+A device restart is required to enable this setting.
+    </string>
+    <string name="g_euicc_lpa_disable_dialog_title">Warning</string>
+    <string name="g_euicc_lpa_disable_dialog_msg">
+"Turning off eSIM support will break the following functionality:
+
+• adding new eSIMs
+• turning existing eSIMs on or off
+• removing eSIMs, including from the lock screen (e.g. when eSIM is locked with a forgotten PIN)
+• wiping eSIMs during factory reset
+
+Device will be automatically restarted."
+    </string>
+    <string name="g_euicc_lpa_restart_button">Restart</string>
+    <string name="g_euicc_lpa_proceed_button">Proceed</string>
+
 </resources>
diff --git a/res/xml/network_provider_internet.xml b/res/xml/network_provider_internet.xml
index 7a333672317..d1acf902104 100644
--- a/res/xml/network_provider_internet.xml
+++ b/res/xml/network_provider_internet.xml
@@ -56,6 +56,14 @@
         settings:useAdminDisabledSummary="true"
         settings:controller="com.android.settings.network.MobileNetworkSummaryController" />
 
+    <com.android.settingslib.RestrictedSwitchPreference
+        android:key="google_euicc_lpa"
+        android:title="@string/g_euicc_lpa_title"
+        android:icon="@drawable/ic_sim_card"
+        android:order="-14"
+        settings:controller="com.android.settings.network.GoogleEuiccLpaController"
+        settings:userRestriction="no_config_mobile_networks"/>
+
     <com.android.settingslib.RestrictedSwitchPreference
         android:key="airplane_mode_on"
         android:title="@string/airplane_mode"
diff --git a/src/com/android/settings/network/GoogleEuiccLpaController.java b/src/com/android/settings/network/GoogleEuiccLpaController.java
new file mode 100644
index 00000000000..d697c3b97f1
--- /dev/null
+++ b/src/com/android/settings/network/GoogleEuiccLpaController.java
@@ -0,0 +1,108 @@
+package com.android.settings.network;
+
+import android.Manifest;
+import android.app.AlertDialog;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.ext.PackageId;
+import android.os.PowerManager;
+import android.os.UserHandle;
+import android.permission.PermissionManager;
+
+import com.android.settings.R;
+import com.android.settings.ext.AbstractTogglePrefController;
+import com.android.settings.ext.ExtSettingControllerHelper;
+
+import static java.util.Objects.requireNonNull;
+
+public class GoogleEuiccLpaController extends AbstractTogglePrefController {
+    private static final String PKG_NAME = PackageId.G_EUICC_LPA_NAME;
+
+    private final PackageManager packageManager;
+    private final boolean isPresent;
+
+    public GoogleEuiccLpaController(Context context, String key) {
+        super(context, key);
+        packageManager = context.getPackageManager();
+
+        boolean isPresent = false;
+        try {
+            var ai = packageManager.getApplicationInfo(PKG_NAME, 0);
+            isPresent = ai.isSystemApp();
+        } catch (PackageManager.NameNotFoundException ignored) {}
+
+        this.isPresent = isPresent;
+    }
+
+    @Override
+    public boolean isChecked() {
+        try {
+            return isPresent && packageManager.getApplicationInfo(PKG_NAME, 0).enabled;
+        } catch (PackageManager.NameNotFoundException e) {
+            return false;
+        }
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (!isPresent) {
+            return UNSUPPORTED_ON_DEVICE;
+        }
+        return ExtSettingControllerHelper.getGlobalSettingAvailability(mContext);
+    }
+    
+    private void setEnabled(boolean isEnabled) {
+        String pkg = PKG_NAME;
+
+        if (isEnabled) {
+            var permManager = mContext.getSystemService(PermissionManager.class);
+            UserHandle user = mContext.getUser();
+
+            String perm = Manifest.permission.CAMERA;
+            permManager.revokeRuntimePermission(pkg, perm, user, null);
+            // Previously, Camera permission was auto-granted with the FLAG_PERMISSION_SYSTEM_FIXED,
+            // which made it unchangeable by the user.
+            // Removing FLAG_PERMISSION_USER_FIXED is needed to make sure that the app is always
+            // able to show a permission request dialog after being enabled
+            int permFlagsToRemove = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
+                    | PackageManager.FLAG_PERMISSION_USER_FIXED;
+            permManager.updatePermissionFlags(pkg, perm, permFlagsToRemove, 0, user);
+        }
+
+        var powerManager = requireNonNull(mContext.getSystemService(PowerManager.class));
+
+        int ces = isEnabled ? PackageManager.COMPONENT_ENABLED_STATE_ENABLED :
+                              PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
+        packageManager.setApplicationEnabledSetting(pkg, ces, 0);
+
+        // Reboot is required in both cases:
+        // - OS code doesn't expect LPA to become unavailable at runtime and starts to poll for it
+        // with a high frequency
+        // - EuiccGoogle performs initialization in response to "(locked) boot completed" broadcasts
+        // - also, if current boot count is 1 (i.e. if this is the first boot), EuiccGoogle expects to
+        // be interacted with by Google's SetupWizard. Boot count will be at least 2 after reboot.
+        powerManager.reboot(null);
+    }
+
+    @Override
+    public boolean setChecked(boolean isChecked) {
+        var b = new AlertDialog.Builder(mContext);
+
+        int msg;
+        int btnText;
+        if (isChecked) {
+            msg = R.string.g_euicc_lpa_enable_dialog_msg;
+            btnText = R.string.g_euicc_lpa_restart_button;
+        } else {
+            b.setTitle(R.string.g_euicc_lpa_disable_dialog_title);
+            msg = R.string.g_euicc_lpa_disable_dialog_msg;
+            btnText = R.string.g_euicc_lpa_proceed_button;
+        }
+
+        b.setMessage(msg);
+        b.setPositiveButton(btnText, (d, btn) -> setEnabled(isChecked));
+        b.show();
+
+        return false;
+    }
+}

From b59eb259c45da31a8ae514be454836d1daa2be2f Mon Sep 17 00:00:00 2001
From: r3g_5z <june@girlboss.ceo>
Date: Sun, 2 Apr 2023 22:23:41 -0400
Subject: [PATCH 010/117] remote key provisioning server setting

Co-authored-by: flawedworld <flawedworld@flawed.world>
Signed-off-by: r3g_5z <june@girlboss.ceo>
---
 res/values/strings_ext.xml                    |  5 +++
 res/xml/network_provider_internet.xml         |  6 ++++
 .../RemoteProvisioningPrefController.java     | 36 +++++++++++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 src/com/android/settings/network/RemoteProvisioningPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 9c72938e5aa..0863ddb28cc 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -49,4 +49,9 @@ Device will be automatically restarted."
     <string name="g_euicc_lpa_restart_button">Restart</string>
     <string name="g_euicc_lpa_proceed_button">Proceed</string>
 
+    <string name="remote_provisioning_title">Attestation key provisioning</string>
+    <string name="remote_provisioning_enabled_grapheneos_proxy">GrapheneOS proxy</string>
+    <string name="remote_provisioning_enabled_google_server">Google server</string>
+    <string name="remote_provisioning_disabled">Off</string>
+
 </resources>
diff --git a/res/xml/network_provider_internet.xml b/res/xml/network_provider_internet.xml
index d1acf902104..d04f6999b1c 100644
--- a/res/xml/network_provider_internet.xml
+++ b/res/xml/network_provider_internet.xml
@@ -126,4 +126,10 @@
         android:summary="@string/cellular_security_summary"
         android:order="30"
         settings:controller="com.android.settings.network.CellularSecurityPreferenceController"/>
+
+    <Preference
+        android:key="remote_provisioning_settings"
+        android:title="@string/remote_provisioning_title"
+        android:order="35"
+        settings:controller="com.android.settings.network.RemoteProvisioningPrefController" />
 </PreferenceScreen>
diff --git a/src/com/android/settings/network/RemoteProvisioningPrefController.java b/src/com/android/settings/network/RemoteProvisioningPrefController.java
new file mode 100644
index 00000000000..8617d6bd98c
--- /dev/null
+++ b/src/com/android/settings/network/RemoteProvisioningPrefController.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.network;
+
+import android.content.Context;
+import android.ext.settings.RemoteKeyProvisioningSettings;
+
+import com.android.settings.R;
+import com.android.settings.ext.IntSettingPrefController;
+
+public class RemoteProvisioningPrefController extends IntSettingPrefController {
+
+    public RemoteProvisioningPrefController(Context ctx, String key) {
+        super(ctx, key, RemoteKeyProvisioningSettings.SERVER_SETTING);
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        entries.add(R.string.remote_provisioning_enabled_grapheneos_proxy, RemoteKeyProvisioningSettings.GRAPHENEOS_PROXY);
+        entries.add(R.string.remote_provisioning_enabled_google_server, RemoteKeyProvisioningSettings.STANDARD_SERVER);
+    }
+}

From 3259b5cba98f923bcc8088c7fa8783f1baac8ed3 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 6 Apr 2023 12:11:09 +0300
Subject: [PATCH 011/117] add toggle for special access to hardware
 accelerators by Google apps

---
 res/values/strings_ext.xml                    | 15 ++++++
 res/xml/special_access.xml                    |  6 +++
 ...oogleSpecialAcceleratorAccessFragment.java | 46 +++++++++++++++++++
 ...pecialAcceleratorAccessPrefController.java | 34 ++++++++++++++
 4 files changed, 101 insertions(+)
 create mode 100644 src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessFragment.java
 create mode 100644 src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 0863ddb28cc..e6f3d6a9044 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -54,4 +54,19 @@ Device will be automatically restarted."
     <string name="remote_provisioning_enabled_google_server">Google server</string>
     <string name="remote_provisioning_disabled">Off</string>
 
+    <string name="Google_apps_special_accelerator_access_title">Special access to hardware accelerators for Google apps</string>
+    <string name="Google_apps_special_accelerator_access_summary_granted">Access granted</string>
+    <string name="Google_apps_special_accelerator_access_summary_not_granted">Access not granted</string>
+    <string name="Google_apps_special_accelerator_access_main_switch">Grant special access to hardware accelerators to Google apps</string>
+    <string name="Google_apps_special_accelerator_access_footer">
+"Some Google apps expect to be able to access hardware accelerators in a special, more capable way than regular apps do.
+
+Examples of such apps:
+• Pixel Camera
+• Google Photos
+• Google Recorder
+
+This setting applies to all users on the device."
+    </string>
+
 </resources>
diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml
index f3a5f3216c7..32867ea63f7 100644
--- a/res/xml/special_access.xml
+++ b/res/xml/special_access.xml
@@ -231,4 +231,10 @@
             android:name="classname"
             android:value="com.android.settings.Settings$ChangeNfcTagAppsActivity" />
     </Preference>
+
+    <Preference
+        android:key="Google_apps_special_accelerator_access"
+        android:title="@string/Google_apps_special_accelerator_access_title"
+        android:fragment="com.android.settings.applications.specialaccess.GoogleSpecialAcceleratorAccessFragment"
+        settings:controller="com.android.settings.applications.specialaccess.GoogleSpecialAcceleratorAccessPrefController" />
 </PreferenceScreen>
diff --git a/src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessFragment.java b/src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessFragment.java
new file mode 100644
index 00000000000..d681703f4cd
--- /dev/null
+++ b/src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessFragment.java
@@ -0,0 +1,46 @@
+package com.android.settings.applications.specialaccess;
+
+import android.app.ActivityThread;
+import android.ext.settings.BoolSetting;
+import android.ext.settings.ExtSettings;
+import android.os.RemoteException;
+
+import com.android.internal.util.GoogleCameraUtils;
+import com.android.settings.R;
+import com.android.settings.ext.BoolSettingFragment;
+import com.android.settingslib.widget.FooterPreference;
+
+public class GoogleSpecialAcceleratorAccessFragment extends BoolSettingFragment {
+    private static final String TAG = GoogleSpecialAcceleratorAccessFragment.class.getSimpleName();
+
+    @Override
+    protected BoolSetting getSetting() {
+        return ExtSettings.ALLOW_GOOGLE_APPS_SPECIAL_ACCESS_TO_ACCELERATORS;
+    }
+
+    @Override
+    protected CharSequence getTitle() {
+        return resText(R.string.Google_apps_special_accelerator_access_title);
+    }
+
+    @Override
+    protected CharSequence getMainSwitchTitle() {
+        return resText(R.string.Google_apps_special_accelerator_access_main_switch);
+    }
+
+    @Override
+    protected void onMainSwitchChanged(boolean state) {
+        if (GoogleCameraUtils.isCustomSeInfoNeededForAccessToAccelerators(requireContext())) {
+            try {
+                ActivityThread.getPackageManager().updateSeInfo(GoogleCameraUtils.PACKAGE_NAME);
+            } catch (RemoteException e) {
+                throw e.rethrowFromSystemServer();
+            }
+        }
+    }
+
+    @Override
+    protected FooterPreference makeFooterPref(FooterPreference.Builder builder) {
+        return builder.setTitle(R.string.Google_apps_special_accelerator_access_footer).build();
+    }
+}
diff --git a/src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessPrefController.java b/src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessPrefController.java
new file mode 100644
index 00000000000..ac7d84fcbb0
--- /dev/null
+++ b/src/com/android/settings/applications/specialaccess/GoogleSpecialAcceleratorAccessPrefController.java
@@ -0,0 +1,34 @@
+package com.android.settings.applications.specialaccess;
+
+import android.content.Context;
+import android.ext.settings.ExtSettings;
+
+import com.android.settings.R;
+import com.android.settings.ext.BoolSettingFragmentPrefController;
+
+public class GoogleSpecialAcceleratorAccessPrefController extends BoolSettingFragmentPrefController {
+
+    public GoogleSpecialAcceleratorAccessPrefController(Context ctx, String key) {
+        super(ctx, key, ExtSettings.ALLOW_GOOGLE_APPS_SPECIAL_ACCESS_TO_ACCELERATORS);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (!mContext.getResources().getBoolean(
+                com.android.internal.R.bool.config_Google_apps_can_have_special_access_to_accelerators)) {
+            return UNSUPPORTED_ON_DEVICE;
+        }
+
+        return super.getAvailabilityStatus();
+    }
+
+    @Override
+    protected CharSequence getSummaryOn() {
+        return resText(R.string.Google_apps_special_accelerator_access_summary_granted);
+    }
+
+    @Override
+    protected CharSequence getSummaryOff() {
+        return resText(R.string.Google_apps_special_accelerator_access_summary_not_granted);
+    }
+}

From 665015130287626dc34dca8feb79d5a713b4ac36 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 3 May 2023 08:57:01 +0300
Subject: [PATCH 012/117] add GNSS PSDS setting

---
 res/values/strings_ext.xml                    | 10 ++++
 res/xml/location_settings.xml                 |  5 ++
 .../location/GnssPsdsPrefController.java      | 55 +++++++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100644 src/com/android/settings/location/GnssPsdsPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index e6f3d6a9044..c10ca2f6d89 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -69,4 +69,14 @@ Examples of such apps:
 This setting applies to all users on the device."
     </string>
 
+    <string name="pref_gnss_psds_title">Predicted Satellite Data Service (PSDS)</string>
+    <string name="gnss_psds_footer">
+"If PSDS is turned on, static PSDS information files will be downloaded periodically to improve location resolution speed and accuracy.
+No query or data is sent to the server. These files contain orbits and statuses of satellites, Earth environmental data and time adjustment information."
+</string>
+    <string name="psds_enabled_grapheneos_server">GrapheneOS server</string>
+    <string name="psds_enabled_standard_server">Standard server</string>
+    <string name="psds_disabled">Off</string>
+    <string name="psds_disabled_summary">Will make acquiring location lock significantly slower, especially if SUPL is turned off too</string>
+
 </resources>
diff --git a/res/xml/location_settings.xml b/res/xml/location_settings.xml
index 07c32921981..4c99a9ae6a6 100644
--- a/res/xml/location_settings.xml
+++ b/res/xml/location_settings.xml
@@ -74,6 +74,11 @@
             android:title="@string/pref_gnss_supl_title"
             settings:controller="com.android.settings.location.GnssSuplPrefController"/>
 
+        <Preference
+            android:key="gnss_psds"
+            android:title="@string/pref_gnss_psds_title"
+            settings:controller="com.android.settings.location.GnssPsdsPrefController"/>
+
     </PreferenceCategory>
 
     <com.android.settingslib.widget.FooterPreference
diff --git a/src/com/android/settings/location/GnssPsdsPrefController.java b/src/com/android/settings/location/GnssPsdsPrefController.java
new file mode 100644
index 00000000000..426b29b8fdc
--- /dev/null
+++ b/src/com/android/settings/location/GnssPsdsPrefController.java
@@ -0,0 +1,55 @@
+package com.android.settings.location;
+
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.ext.settings.GnssSettings;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+public class GnssPsdsPrefController extends IntSettingPrefController {
+    private final String psdsType;
+    private final boolean hasGpsFeature;
+
+    public GnssPsdsPrefController(Context ctx, String key) {
+        super(ctx, key, GnssSettings.getPsdsSetting(ctx));
+        psdsType = ctx.getString(com.android.internal.R.string.config_gnssPsdsType);
+        hasGpsFeature = ctx.getPackageManager().hasSystemFeature(PackageManager.FEATURE_LOCATION_GPS);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (!hasGpsFeature) {
+            return UNSUPPORTED_ON_DEVICE;
+        }
+
+        int result = super.getAvailabilityStatus();
+        if (result == AVAILABLE) {
+            if (psdsType.isEmpty()) {
+                result = UNSUPPORTED_ON_DEVICE;
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public void addPrefsAfterList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.gnss_psds_footer);
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        entries.add(R.string.psds_enabled_grapheneos_server, GnssSettings.PSDS_SERVER_GRAPHENEOS);
+        int standardServerString;
+        switch (psdsType) {
+            default:
+                standardServerString = R.string.psds_enabled_standard_server;
+                break;
+        }
+        entries.add(standardServerString, GnssSettings.PSDS_SERVER_STANDARD);
+        entries.add(R.string.psds_disabled, R.string.psds_disabled_summary, GnssSettings.PSDS_DISABLED);
+    }
+}

From 77e455dda24bb0123c3b9aefec97428b3b838d11 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 24 May 2023 13:32:14 +0300
Subject: [PATCH 013/117] add connectivity checks setting

---
 res/values/strings_ext.xml                    | 10 +++++++
 res/xml/network_provider_internet.xml         |  6 ++++
 .../ConnectivityChecksPrefController.java     | 29 +++++++++++++++++++
 3 files changed, 45 insertions(+)
 create mode 100644 src/com/android/settings/network/ConnectivityChecksPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index c10ca2f6d89..395d667e9f6 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -79,4 +79,14 @@ No query or data is sent to the server. These files contain orbits and statuses
     <string name="psds_disabled">Off</string>
     <string name="psds_disabled_summary">Will make acquiring location lock significantly slower, especially if SUPL is turned off too</string>
 
+    <string name="conn_checks_grapheneos_server">GrapheneOS server</string>
+    <string name="conn_checks_google_server">Standard (Google) server</string>
+    <string name="conn_checks_disabled">Off</string>
+
+    <string name="conn_checks_title">Internet connectivity checks</string>
+    <string name="conn_checks_footer">
+"Connectivity check is a special empty server request that is made to find out whether the current network has internet connection.
+There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
+    </string>
+
 </resources>
diff --git a/res/xml/network_provider_internet.xml b/res/xml/network_provider_internet.xml
index d04f6999b1c..b4becf7c709 100644
--- a/res/xml/network_provider_internet.xml
+++ b/res/xml/network_provider_internet.xml
@@ -127,6 +127,12 @@
         android:order="30"
         settings:controller="com.android.settings.network.CellularSecurityPreferenceController"/>
 
+    <Preference
+        android:key="connectivity_checks"
+        android:title="@string/conn_checks_title"
+        android:order="30"
+        settings:controller="com.android.settings.network.ConnectivityChecksPrefController"/>
+
     <Preference
         android:key="remote_provisioning_settings"
         android:title="@string/remote_provisioning_title"
diff --git a/src/com/android/settings/network/ConnectivityChecksPrefController.java b/src/com/android/settings/network/ConnectivityChecksPrefController.java
new file mode 100644
index 00000000000..ef2ee6c12ee
--- /dev/null
+++ b/src/com/android/settings/network/ConnectivityChecksPrefController.java
@@ -0,0 +1,29 @@
+package com.android.settings.network;
+
+import android.content.Context;
+import android.ext.settings.ConnChecksSetting;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+public class ConnectivityChecksPrefController extends IntSettingPrefController {
+
+    public ConnectivityChecksPrefController(Context ctx, String key) {
+        super(ctx, key, ConnChecksSetting.SYS_PROP);
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        entries.add(R.string.conn_checks_grapheneos_server, ConnChecksSetting.VAL_GRAPHENEOS);
+        entries.add(R.string.conn_checks_google_server, ConnChecksSetting.VAL_STANDARD);
+        entries.add(R.string.conn_checks_disabled, ConnChecksSetting.VAL_DISABLED);
+    }
+
+    @Override
+    public void addPrefsAfterList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.conn_checks_footer);
+    }
+}

From 181e48ec7f38d56959fd5a7d131c11ed90317e99 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 24 May 2023 14:57:01 +0300
Subject: [PATCH 014/117] add common resources for auto-off settings

---
 res/values/strings_ext.xml                    |  1 +
 .../android/settings/ext/AutoOffSetting.java  | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 src/com/android/settings/ext/AutoOffSetting.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 395d667e9f6..0b647684e3e 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
     <string name="hardware_sku">Hardware SKU</string>
+    <string name="auto_off_never">Never</string>
 
     <string name="bool_setting_enable">Enable</string>
     <string name="bool_setting_enabled">Enabled</string>
diff --git a/src/com/android/settings/ext/AutoOffSetting.java b/src/com/android/settings/ext/AutoOffSetting.java
new file mode 100644
index 00000000000..98be94b8589
--- /dev/null
+++ b/src/com/android/settings/ext/AutoOffSetting.java
@@ -0,0 +1,25 @@
+package com.android.settings.ext;
+
+import com.android.settings.R;
+
+import static java.util.concurrent.TimeUnit.HOURS;
+import static java.util.concurrent.TimeUnit.MINUTES;
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+public class AutoOffSetting {
+
+    public static void getEntries(AbstractListPreferenceController.Entries entries) {
+        entries.add(R.string.auto_off_never, 0);
+        entries.add(15, SECONDS);
+        entries.add(30, SECONDS);
+        entries.add(1,  MINUTES);
+        entries.add(2,  MINUTES);
+        entries.add(5,  MINUTES);
+        entries.add(10, MINUTES);
+        entries.add(30, MINUTES);
+        entries.add(1,  HOURS);
+        entries.add(2,  HOURS);
+        entries.add(4,  HOURS);
+        entries.add(8,  HOURS);
+    }
+}

From 45f309fbd0d92c1ad058826e15aec1a6cde078ce Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 25 May 2023 16:25:33 +0300
Subject: [PATCH 015/117] add Wi-Fi auto-off setting

---
 res/values/strings_ext.xml                    |  2 +
 res/xml/exploit_protection_settings.xml       |  5 +++
 .../wifi/WifiAutoOffPrefController.java       | 39 +++++++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 src/com/android/settings/wifi/WifiAutoOffPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 0b647684e3e..fea4c60d654 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -90,4 +90,6 @@ No query or data is sent to the server. These files contain orbits and statuses
 There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     </string>
 
+    <string name="wifi_auto_off_title">Turn off Wi-Fi automatically</string>
+    <string name="wifi_auto_off_footer">If Wi-Fi is disconnected, it will be turned off after the selected timeout.</string>
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index faaf3b59180..b5f3a0e1dde 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -10,6 +10,11 @@
         android:title="@string/auto_reboot_title"
         settings:controller="com.android.settings.security.AutoRebootPrefController" />
 
+    <Preference
+        android:key="wifi_auto_off"
+        android:title="@string/wifi_auto_off_title"
+        settings:controller="com.android.settings.wifi.WifiAutoOffPrefController"/>
+
     <PreferenceCategory
         android:key="app_exploit_protection_settings"
         android:title="@string/app_exploit_protection_category">
diff --git a/src/com/android/settings/wifi/WifiAutoOffPrefController.java b/src/com/android/settings/wifi/WifiAutoOffPrefController.java
new file mode 100644
index 00000000000..b8ec16bd69a
--- /dev/null
+++ b/src/com/android/settings/wifi/WifiAutoOffPrefController.java
@@ -0,0 +1,39 @@
+package com.android.settings.wifi;
+
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.ext.settings.ExtSettings;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.AutoOffSetting;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+public class WifiAutoOffPrefController extends IntSettingPrefController {
+
+    public WifiAutoOffPrefController(Context ctx, String key) {
+        super(ctx, key, ExtSettings.WIFI_AUTO_OFF);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        int r = super.getAvailabilityStatus();
+        if (r == AVAILABLE) {
+            return mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WIFI) ?
+                    AVAILABLE : UNSUPPORTED_ON_DEVICE;
+        }
+        return r;
+    }
+
+    @Override
+    public void addPrefsBeforeList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.wifi_auto_off_footer);
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        AutoOffSetting.getEntries(entries);
+    }
+}

From 0e1552b06908bdcc45bfad41c2956c4d7b66511a Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 24 May 2023 15:01:04 +0300
Subject: [PATCH 016/117] add Bluetooth auto-off setting

---
 res/values/strings_ext.xml                    |  6 +++
 res/xml/exploit_protection_settings.xml       |  5 +++
 .../BluetoothAutoOffPrefController.java       | 39 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 src/com/android/settings/bluetooth/BluetoothAutoOffPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index fea4c60d654..dd9938b6b5f 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -92,4 +92,10 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
 
     <string name="wifi_auto_off_title">Turn off Wi-Fi automatically</string>
     <string name="wifi_auto_off_footer">If Wi-Fi is disconnected, it will be turned off after the selected timeout.</string>
+
+    <string name="bluetooth_auto_off_title">Turn off Bluetooth automatically</string>
+    <string name="bluetooth_auto_off_footer">
+"If there are no connected devices, Bluetooth will turn off after the selected timeout."
+    </string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index b5f3a0e1dde..bfd7e4dc3d9 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -15,6 +15,11 @@
         android:title="@string/wifi_auto_off_title"
         settings:controller="com.android.settings.wifi.WifiAutoOffPrefController"/>
 
+    <Preference
+        android:key="bluetooth_auto_off"
+        android:title="@string/bluetooth_auto_off_title"
+        settings:controller="com.android.settings.bluetooth.BluetoothAutoOffPrefController"/>
+
     <PreferenceCategory
         android:key="app_exploit_protection_settings"
         android:title="@string/app_exploit_protection_category">
diff --git a/src/com/android/settings/bluetooth/BluetoothAutoOffPrefController.java b/src/com/android/settings/bluetooth/BluetoothAutoOffPrefController.java
new file mode 100644
index 00000000000..14791951802
--- /dev/null
+++ b/src/com/android/settings/bluetooth/BluetoothAutoOffPrefController.java
@@ -0,0 +1,39 @@
+package com.android.settings.bluetooth;
+
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.ext.settings.ExtSettings;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.AutoOffSetting;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+public class BluetoothAutoOffPrefController extends IntSettingPrefController {
+
+    public BluetoothAutoOffPrefController(Context ctx, String key) {
+        super(ctx, key, ExtSettings.BLUETOOTH_AUTO_OFF);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        int r = super.getAvailabilityStatus();
+        if (r == AVAILABLE) {
+            return mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_BLUETOOTH) ?
+                    AVAILABLE : UNSUPPORTED_ON_DEVICE;
+        }
+        return r;
+    }
+
+    @Override
+    public void addPrefsBeforeList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.bluetooth_auto_off_footer);
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        AutoOffSetting.getEntries(entries);
+    }
+}

From e70de75d7fbd851b3d990dd4289833ecab4b7b0e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 25 May 2023 16:47:42 +0300
Subject: [PATCH 017/117] add exec spawning setting

---
 res/values/strings_ext.xml                    |  4 +++
 res/xml/exploit_protection_settings.xml       |  6 +++-
 .../security/ExecSpawningFragment.java        | 34 +++++++++++++++++++
 .../security/ExecSpawningPrefController.java  | 13 +++++++
 4 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 src/com/android/settings/security/ExecSpawningFragment.java
 create mode 100644 src/com/android/settings/security/ExecSpawningPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index dd9938b6b5f..822b659c0bc 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -98,4 +98,8 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
 "If there are no connected devices, Bluetooth will turn off after the selected timeout."
     </string>
 
+    <string name="exec_spawning_title">Secure app spawning</string>
+    <string name="exec_spawning_title_inner">Use secure app spawning</string>
+    <string name="exec_spawning_footer">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index bfd7e4dc3d9..ada50481305 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -24,7 +24,11 @@
         android:key="app_exploit_protection_settings"
         android:title="@string/app_exploit_protection_category">
 
-
+        <Preference
+            android:key="exec_spawning"
+            android:title="@string/exec_spawning_title"
+            android:fragment="com.android.settings.security.ExecSpawningFragment"
+            settings:controller="com.android.settings.security.ExecSpawningPrefController" />
 
     </PreferenceCategory>
 
diff --git a/src/com/android/settings/security/ExecSpawningFragment.java b/src/com/android/settings/security/ExecSpawningFragment.java
new file mode 100644
index 00000000000..1ab1f744617
--- /dev/null
+++ b/src/com/android/settings/security/ExecSpawningFragment.java
@@ -0,0 +1,34 @@
+package com.android.settings.security;
+
+import android.ext.settings.BoolSetting;
+import android.ext.settings.ExtSettings;
+import android.net.Uri;
+
+import com.android.settings.R;
+import com.android.settings.ext.BoolSettingFragment;
+import com.android.settingslib.widget.FooterPreference;
+
+public class ExecSpawningFragment extends BoolSettingFragment {
+
+    @Override
+    protected BoolSetting getSetting() {
+        return ExtSettings.EXEC_SPAWNING;
+    }
+
+    @Override
+    protected CharSequence getTitle() {
+        return getText(R.string.exec_spawning_title);
+    }
+
+    @Override
+    protected CharSequence getMainSwitchTitle() {
+        return getText(R.string.exec_spawning_title_inner);
+    }
+
+    @Override
+    protected FooterPreference makeFooterPref(FooterPreference.Builder builder) {
+        FooterPreference p = builder.setTitle(R.string.exec_spawning_footer).build();
+        setFooterPrefLearnMoreUri(p, Uri.parse("https://grapheneos.org/usage#exec-spawning"));
+        return p;
+    }
+}
diff --git a/src/com/android/settings/security/ExecSpawningPrefController.java b/src/com/android/settings/security/ExecSpawningPrefController.java
new file mode 100644
index 00000000000..cd2be5cfc71
--- /dev/null
+++ b/src/com/android/settings/security/ExecSpawningPrefController.java
@@ -0,0 +1,13 @@
+package com.android.settings.security;
+
+import android.content.Context;
+import android.ext.settings.ExtSettings;
+
+import com.android.settings.ext.BoolSettingFragmentPrefController;
+
+public class ExecSpawningPrefController extends BoolSettingFragmentPrefController {
+
+    public ExecSpawningPrefController(Context ctx, String key) {
+        super(ctx, key, ExtSettings.EXEC_SPAWNING);
+    }
+}

From f6976f6c865a33fec01d0c36067993ba8035b1d8 Mon Sep 17 00:00:00 2001
From: flawedworld <flawedworld@flawed.world>
Date: Sun, 25 Jun 2023 13:53:58 +0100
Subject: [PATCH 018/117] Mark all DSU options as unsupported

---
 src/com/android/settings/development/DSULoader.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/com/android/settings/development/DSULoader.java b/src/com/android/settings/development/DSULoader.java
index fede67a7766..957e3d79e6f 100644
--- a/src/com/android/settings/development/DSULoader.java
+++ b/src/com/android/settings/development/DSULoader.java
@@ -305,7 +305,7 @@ Date getDeviceSPL() {
         }
 
         boolean isSupported() {
-            boolean supported = true;
+            boolean supported = false;
             String cpu = getDeviceCpu();
             if (!mCpuAbi.equals(cpu)) {
                 Slog.i(TAG, mCpuAbi + " != " + cpu);

From ba85901e3003f721864c9c1ede01a10b506fafe7 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Sat, 1 Jul 2023 07:07:57 +0000
Subject: [PATCH 019/117] Remove "Add users from lock screen" setting

---
 .../AddUserWhenLockedPreferenceController.java     | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/src/com/android/settings/users/AddUserWhenLockedPreferenceController.java b/src/com/android/settings/users/AddUserWhenLockedPreferenceController.java
index 2dc5b2d60d6..315be794607 100644
--- a/src/com/android/settings/users/AddUserWhenLockedPreferenceController.java
+++ b/src/com/android/settings/users/AddUserWhenLockedPreferenceController.java
@@ -57,19 +57,7 @@ public void updateState(Preference preference) {
 
     @Override
     public int getAvailabilityStatus() {
-        if (!mUserCaps.isAdmin()) {
-            return DISABLED_FOR_USER;
-        } else if (android.multiuser.Flags.newMultiuserSettingsUx()) {
-            if (mUserCaps.mDisallowAddUser && !mUserCaps.mDisallowAddUserSetByAdmin) {
-                return DISABLED_FOR_USER;
-            } else {
-                return AVAILABLE;
-            }
-        } else if (mUserCaps.disallowAddUser() || mUserCaps.disallowAddUserSetByAdmin()) {
-            return DISABLED_FOR_USER;
-        } else {
-            return mUserCaps.mUserSwitcherEnabled ? AVAILABLE : CONDITIONALLY_UNAVAILABLE;
-        }
+        return UNSUPPORTED_ON_DEVICE;
     }
 
     @Override

From b4d0b354805a9a0044393dcade594fc6c8a780df Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Sun, 23 Jul 2023 19:53:04 +0000
Subject: [PATCH 020/117] Factor out common code for reading/writing
 UserManager restrictions

---
 .../settings/users/UserDetailsSettings.java   |  2 +
 .../settings/users/UserRestrictions.java      | 38 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 src/com/android/settings/users/UserRestrictions.java

diff --git a/src/com/android/settings/users/UserDetailsSettings.java b/src/com/android/settings/users/UserDetailsSettings.java
index ec4a4ff2558..aa7b95e735d 100644
--- a/src/com/android/settings/users/UserDetailsSettings.java
+++ b/src/com/android/settings/users/UserDetailsSettings.java
@@ -102,6 +102,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
     @VisibleForTesting
     /** The user being studied (not the user doing the studying). */
     UserInfo mUserInfo;
+    private UserRestrictions userRestrictions;
 
     @Override
     public int getMetricsCategory() {
@@ -344,6 +345,7 @@ void initialize(Context context, Bundle arguments) {
         boolean isNewUser =
                 arguments.getBoolean(AppRestrictionsFragment.EXTRA_NEW_USER, false);
         mUserInfo = mUserManager.getUserInfo(userId);
+        userRestrictions = new UserRestrictions(mUserManager, mUserInfo);
 
         mSwitchUserPref = findPreference(KEY_SWITCH_USER);
         mPhonePref = findPreference(KEY_ENABLE_TELEPHONY);
diff --git a/src/com/android/settings/users/UserRestrictions.java b/src/com/android/settings/users/UserRestrictions.java
new file mode 100644
index 00000000000..7db3161c201
--- /dev/null
+++ b/src/com/android/settings/users/UserRestrictions.java
@@ -0,0 +1,38 @@
+package com.android.settings.users;
+
+import android.content.pm.UserInfo;
+import android.os.Bundle;
+import android.os.UserHandle;
+import android.os.UserManager;
+
+import java.util.List;
+
+final class UserRestrictions {
+
+    final UserManager userManager;
+    final UserInfo userInfo;
+
+    UserRestrictions(UserManager userManager, UserInfo userInfo) {
+        this.userManager = userManager;
+        this.userInfo = userInfo;
+    }
+
+    boolean isSet(String restrictionKey) {
+        final boolean isSetFromUser = userManager.hasUserRestriction(restrictionKey, userInfo.getUserHandle());
+        if (userInfo.isGuest()) {
+            return isSetFromUser || userManager.getDefaultGuestRestrictions().getBoolean(restrictionKey);
+        }
+
+        return isSetFromUser;
+    }
+
+    void set(String restrictionKey, boolean enableRestriction) {
+        if (userInfo.isGuest()) {
+            Bundle defaultGuestRestrictions = userManager.getDefaultGuestRestrictions();
+            defaultGuestRestrictions.putBoolean(restrictionKey, enableRestriction);
+            userManager.setDefaultGuestRestrictions(defaultGuestRestrictions);
+        } else {
+            userManager.setUserRestriction(restrictionKey, enableRestriction, userInfo.getUserHandle());
+        }
+    }
+}

From def9671518bd3d2bc1fd682fe82e93260d704be5 Mon Sep 17 00:00:00 2001
From: Pratyush <codelab@pratyush.dev>
Date: Sat, 3 Sep 2022 15:52:37 +0530
Subject: [PATCH 021/117] UserManager enable "install available apps"

allowing adding (installed) apps from (owner) user manager ui.
---
 src/com/android/settings/users/UserDetailsSettings.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/com/android/settings/users/UserDetailsSettings.java b/src/com/android/settings/users/UserDetailsSettings.java
index aa7b95e735d..d4317bd614b 100644
--- a/src/com/android/settings/users/UserDetailsSettings.java
+++ b/src/com/android/settings/users/UserDetailsSettings.java
@@ -78,7 +78,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
     private static final int DIALOG_CONFIRM_GRANT_ADMIN = 7;
 
     /** Whether to enable the app_copying fragment. */
-    private static final boolean SHOW_APP_COPYING_PREF = false;
+    private static final boolean SHOW_APP_COPYING_PREF = true;
     private static final int MESSAGE_PADDING = 20;
 
     private UserManager mUserManager;
@@ -424,7 +424,6 @@ void initialize(Context context, Bundle arguments) {
                 mPhonePref.setChecked(!mUserManager.hasUserRestriction(
                         UserManager.DISALLOW_OUTGOING_CALLS, new UserHandle(userId)));
                 mRemoveUserPref.setTitle(R.string.user_remove_user);
-                removePreference(KEY_APP_COPYING);
             }
 
             // Remove preference KEY_REMOVE_USER if DISALLOW_REMOVE_USER restriction is set

From 3859b0173b832a0e43811658ebc456cec4aab219 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Thu, 20 Jul 2023 05:07:49 +0000
Subject: [PATCH 022/117] UserManager settings for apps installs and updates

---
 res/values/strings_ext.xml                    |  11 ++
 res/xml/user_details_settings.xml             |   4 +
 .../users/UserAppsInstallSettings.java        | 173 ++++++++++++++++++
 .../settings/users/UserDetailsSettings.java   |  11 ++
 4 files changed, 199 insertions(+)
 create mode 100644 src/com/android/settings/users/UserAppsInstallSettings.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 822b659c0bc..66f0fa23f23 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -102,4 +102,15 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     <string name="exec_spawning_title_inner">Use secure app spawning</string>
     <string name="exec_spawning_footer">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
 
+    <!-- Title of preference to enable app installs and updates [CHAR LIMIT=40] -->
+    <string name="user_app_install">App installs and updates</string>
+    <!-- Options for setting app install and updates per user -->
+    <string name="user_app_install_enabled">Enabled</string>
+    <string name="user_app_install_enabled_first_party_sources">Enabled for first party sources</string>
+    <string name="user_app_install_disabled">Disabled</string>
+    <!-- Description for options for setting app installs and updates per user -->
+    <string name="user_app_install_enabled_desc">Enable app installs and updates</string>
+    <string name="user_app_install_enabled_first_party_sources_desc">Enable app installs and updates from first party sources only</string>
+    <string name="user_app_install_disabled_desc">Disable app installs and updates</string>
+
 </resources>
diff --git a/res/xml/user_details_settings.xml b/res/xml/user_details_settings.xml
index 8e15d14bf5a..2cd01c1ef7d 100644
--- a/res/xml/user_details_settings.xml
+++ b/res/xml/user_details_settings.xml
@@ -33,6 +33,10 @@
             android:key="app_and_content_access"
             android:icon="@drawable/ic_lock_closed"
             android:title="@string/user_restrictions_title" />
+    <com.android.settingslib.RestrictedPreference
+            android:key="app_installs"
+            android:icon="@drawable/ic_settings_install"
+            android:title="@string/user_app_install" />
     <com.android.settingslib.RestrictedPreference
             android:key="app_copying"
             android:icon="@drawable/ic_apps"
diff --git a/src/com/android/settings/users/UserAppsInstallSettings.java b/src/com/android/settings/users/UserAppsInstallSettings.java
new file mode 100644
index 00000000000..52312d90f5c
--- /dev/null
+++ b/src/com/android/settings/users/UserAppsInstallSettings.java
@@ -0,0 +1,173 @@
+package com.android.settings.users;
+
+import static com.android.settings.users.UserDetailsSettings.EXTRA_USER_ID;
+
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.os.Bundle;
+import android.os.UserHandle;
+import android.os.UserManager;
+
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.core.SubSettingLauncher;
+import com.android.settings.dashboard.DashboardFragment;
+import com.android.settings.utils.CandidateInfoExtra;
+import com.android.settings.widget.RadioButtonPickerFragment;
+import com.android.settingslib.core.instrumentation.MetricsFeatureProvider;
+import com.android.settingslib.widget.CandidateInfo;
+import com.android.settingslib.widget.SelectorWithWidgetPreference;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+
+public class UserAppsInstallSettings extends RadioButtonPickerFragment {
+
+    private static final String INSTALL_ENABLED = "install_apps_enabled";
+    private static final String INSTALL_FIRST_PARTY_ENABLED = "install_apps_first_party_enabled";
+    private static final String INSTALL_DISABLED = "install_apps_disabled";
+    private UserRestrictions userRestrictions;
+
+    static void launch(Preference preference, int userId) {
+
+        Bundle extras = preference.getExtras();
+        extras.putInt(EXTRA_USER_ID, userId);
+
+        new SubSettingLauncher(preference.getContext())
+                .setDestination(UserAppsInstallSettings.class.getName())
+                .setSourceMetricsCategory(extras.getInt(DashboardFragment.CATEGORY,
+                        SettingsEnums.PAGE_UNKNOWN))
+                .setTitleText(preference.getTitle())
+                .setArguments(extras)
+                .launch();
+    }
+
+    private static String getCurrentInstallRestriction(UserRestrictions userRestrictions) {
+        if (userRestrictions.isSet(UserManager.DISALLOW_INSTALL_APPS)) {
+            return INSTALL_DISABLED;
+        }
+
+        if (userRestrictions.isSet(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)) {
+            return INSTALL_FIRST_PARTY_ENABLED;
+        }
+
+        return INSTALL_ENABLED;
+    }
+
+    static String getDescription(Context context, UserRestrictions userRestrictions) {
+        switch (getCurrentInstallRestriction(userRestrictions)) {
+            case INSTALL_ENABLED:
+                return context.getString(R.string.user_app_install_enabled);
+            case INSTALL_FIRST_PARTY_ENABLED:
+                return context.getString(R.string.user_app_install_enabled_first_party_sources);
+            case INSTALL_DISABLED:
+                return context.getString(R.string.user_app_install_disabled);
+            default:
+                throw new IllegalStateException();
+        }
+    }
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        Bundle args = requireArguments();
+        int userId = args.getInt(EXTRA_USER_ID, UserHandle.USER_NULL);
+
+        Context ctx = requireContext();
+        UserManager userManager = ctx.getSystemService(UserManager.class);
+        UserInfo userInfo = userManager.getUserInfo(userId);
+        userRestrictions = new UserRestrictions(userManager, userInfo);
+
+        super.onCreate(savedInstanceState);
+    }
+
+    @Override
+    public void onCreatePreferences(Bundle savedInstanceState, String rootKey) {
+        PreferenceScreen ps = getPreferenceManager().createPreferenceScreen(requireContext());
+        setPreferenceScreen(ps);
+    }
+
+    @Override
+    protected int getPreferenceScreenResId() {
+        return -1;
+    }
+
+    @Override
+    protected List<? extends CandidateInfo> getCandidates() {
+        Context ctx = requireContext();
+        ArrayList<CandidateInfoExtra> candidates = new ArrayList<>(3);
+        if (!userRestrictions.userInfo.isGuest()) {
+            candidates.add(new CandidateInfoExtra(ctx.getString(R.string.user_app_install_enabled),
+                    ctx.getString(R.string.user_app_install_enabled_desc),
+                    INSTALL_ENABLED, true));
+        }
+        candidates.add(new CandidateInfoExtra(ctx.getString(R.string.user_app_install_enabled_first_party_sources),
+                        ctx.getString(R.string.user_app_install_enabled_first_party_sources_desc),
+                INSTALL_FIRST_PARTY_ENABLED, true));
+        candidates.add(new CandidateInfoExtra(ctx.getString(R.string.user_app_install_disabled),
+                        ctx.getString(R.string.user_app_install_disabled_desc),
+                INSTALL_DISABLED, true));
+        return candidates;
+    }
+
+    @Override
+    public void bindPreferenceExtra(SelectorWithWidgetPreference pref, String key, CandidateInfo info,
+                                    String defaultKey, String systemDefaultKey) {
+        pref.setSingleLineTitle(false);
+
+        if (info instanceof CandidateInfoExtra) {
+            var cie = (CandidateInfoExtra) info;
+            pref.setSummary(cie.loadSummary());
+        }
+    }
+
+    @Override
+    protected String getDefaultKey() {
+        return getCurrentInstallRestriction(userRestrictions);
+    }
+
+    @Override
+    protected boolean setDefaultKey(String key) {
+        if (key == null) {
+            return false;
+        }
+
+        switch (key) {
+            case INSTALL_ENABLED:
+                if (userRestrictions.userInfo.isGuest()) {
+                    return false;
+                }
+                userRestrictions.set(UserManager.DISALLOW_INSTALL_APPS, false);
+                userRestrictions.set(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, false);
+                return true;
+            case INSTALL_FIRST_PARTY_ENABLED:
+                userRestrictions.set(UserManager.DISALLOW_INSTALL_APPS, false);
+                if (!userRestrictions.userInfo.isGuest()) {
+                    userRestrictions.set(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true);
+                }
+                return true;
+            case INSTALL_DISABLED:
+                userRestrictions.set(UserManager.DISALLOW_INSTALL_APPS, true);
+                if (!userRestrictions.userInfo.isGuest()) {
+                    userRestrictions.set(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true);
+                }
+                return true;
+            default:
+                return false;
+        }
+    }
+
+    @Override
+    public int getMetricsCategory() {
+        return METRICS_CATEGORY_UNKNOWN;
+    }
+
+    @Override
+    public void onResume() {
+        super.onResume();
+        updateCandidates();
+    }
+}
diff --git a/src/com/android/settings/users/UserDetailsSettings.java b/src/com/android/settings/users/UserDetailsSettings.java
index d4317bd614b..52b8e6f7aa5 100644
--- a/src/com/android/settings/users/UserDetailsSettings.java
+++ b/src/com/android/settings/users/UserDetailsSettings.java
@@ -66,6 +66,8 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
     private static final String KEY_APP_AND_CONTENT_ACCESS = "app_and_content_access";
     private static final String KEY_APP_COPYING = "app_copying";
 
+    private static final String KEY_APP_INSTALLS = "app_installs";
+
     /** Integer extra containing the userId to manage */
     static final String EXTRA_USER_ID = "user_id";
 
@@ -98,6 +100,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
     Preference mRemoveUserPref;
     @VisibleForTesting
     TwoStatePreference mGrantAdminPref;
+    Preference mAppsInstallsPref;
 
     @VisibleForTesting
     /** The user being studied (not the user doing the studying). */
@@ -135,6 +138,8 @@ public void onResume() {
         if (mUserInfo.isGuest() && mGuestUserAutoCreated) {
             mRemoveUserPref.setEnabled((mUserInfo.flags & UserInfo.FLAG_INITIALIZED) != 0);
         }
+        mAppsInstallsPref.setSummary(UserAppsInstallSettings.getDescription(
+                requireContext(), userRestrictions));
     }
 
     @Override
@@ -175,6 +180,9 @@ public boolean onPreferenceClick(Preference preference) {
         } else if (preference == mAppCopyingPref) {
             openAppCopyingScreen();
             return true;
+        } else if (preference == mAppsInstallsPref) {
+            UserAppsInstallSettings.launch(preference, mUserInfo.id);
+            return true;
         }
         return false;
     }
@@ -355,6 +363,7 @@ void initialize(Context context, Bundle arguments) {
         mGrantAdminPref = findPreference(KEY_GRANT_ADMIN);
 
         mGrantAdminPref.setChecked(mUserInfo.isAdmin());
+        mAppsInstallsPref = findPreference(KEY_APP_INSTALLS);
 
         mSwitchUserPref.setVisible(mUserCaps.mUserSwitchingUiEnabled);
 
@@ -391,6 +400,7 @@ void initialize(Context context, Bundle arguments) {
             removePreference(KEY_REMOVE_USER);
             removePreference(KEY_APP_AND_CONTENT_ACCESS);
             removePreference(KEY_APP_COPYING);
+            removePreference(KEY_APP_INSTALLS);
         } else {
             if (!Utils.isVoiceCapable(context)) { // no telephony
                 removePreference(KEY_ENABLE_TELEPHONY);
@@ -435,6 +445,7 @@ void initialize(Context context, Bundle arguments) {
             }
 
             mRemoveUserPref.setOnPreferenceClickListener(this);
+            mAppsInstallsPref.setOnPreferenceClickListener(this);
             mPhonePref.setOnPreferenceChangeListener(this);
             mGrantAdminPref.setOnPreferenceChangeListener(this);
             mAppAndContentAccessPref.setOnPreferenceClickListener(this);

From f390dd7125479f7a39c28ed5772b16c11391d1d1 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Tue, 13 Jun 2023 12:19:41 +0000
Subject: [PATCH 023/117] UserManager settings for running in background

---
 res/values/strings_ext.xml                          |  2 ++
 res/xml/user_details_settings.xml                   |  4 ++++
 .../android/settings/users/UserDetailsSettings.java | 13 +++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 66f0fa23f23..14836ee79e2 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -112,5 +112,7 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     <string name="user_app_install_enabled_desc">Enable app installs and updates</string>
     <string name="user_app_install_enabled_first_party_sources_desc">Enable app installs and updates from first party sources only</string>
     <string name="user_app_install_disabled_desc">Disable app installs and updates</string>
+    <!-- Title of preference to enable running in background [CHAR LIMIT=40] -->
+    <string name="user_run_in_background">Allow running in background</string>
 
 </resources>
diff --git a/res/xml/user_details_settings.xml b/res/xml/user_details_settings.xml
index 2cd01c1ef7d..5f6df097ec9 100644
--- a/res/xml/user_details_settings.xml
+++ b/res/xml/user_details_settings.xml
@@ -25,6 +25,10 @@
             android:key="user_grant_admin"
             android:icon="@drawable/ic_admin_panel_settings"
             android:title="@string/user_grant_admin" />
+    <SwitchPreferenceCompat
+            android:icon="@drawable/ic_sync"
+            android:key="allow_run_in_background"
+            android:title="@string/user_run_in_background" />
     <SwitchPreferenceCompat
             android:key="enable_calling"
             android:icon="@drawable/ic_phone"
diff --git a/src/com/android/settings/users/UserDetailsSettings.java b/src/com/android/settings/users/UserDetailsSettings.java
index 52b8e6f7aa5..9de016ba353 100644
--- a/src/com/android/settings/users/UserDetailsSettings.java
+++ b/src/com/android/settings/users/UserDetailsSettings.java
@@ -32,6 +32,7 @@
 
 import androidx.annotation.VisibleForTesting;
 import androidx.preference.Preference;
+import androidx.preference.SwitchPreferenceCompat;
 import androidx.preference.TwoStatePreference;
 
 import com.android.settings.R;
@@ -67,6 +68,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
     private static final String KEY_APP_COPYING = "app_copying";
 
     private static final String KEY_APP_INSTALLS = "app_installs";
+    private static final String KEY_RUN_IN_BACKGROUND = "allow_run_in_background";
 
     /** Integer extra containing the userId to manage */
     static final String EXTRA_USER_ID = "user_id";
@@ -101,6 +103,7 @@ public class UserDetailsSettings extends SettingsPreferenceFragment
     @VisibleForTesting
     TwoStatePreference mGrantAdminPref;
     Preference mAppsInstallsPref;
+    private SwitchPreferenceCompat mRunInBackgroundPref;
 
     @VisibleForTesting
     /** The user being studied (not the user doing the studying). */
@@ -210,7 +213,11 @@ public boolean onPreferenceChange(Preference preference, Object newValue) {
                 showDialog(DIALOG_CONFIRM_GRANT_ADMIN);
             }
             return false;
+        } else if (preference == mRunInBackgroundPref) {
+            userRestrictions.set(UserManager.DISALLOW_RUN_IN_BACKGROUND, !((boolean) newValue));
+            return true;
         }
+
         return true;
     }
 
@@ -364,6 +371,7 @@ void initialize(Context context, Bundle arguments) {
 
         mGrantAdminPref.setChecked(mUserInfo.isAdmin());
         mAppsInstallsPref = findPreference(KEY_APP_INSTALLS);
+        mRunInBackgroundPref = findPreference(KEY_RUN_IN_BACKGROUND);
 
         mSwitchUserPref.setVisible(mUserCaps.mUserSwitchingUiEnabled);
 
@@ -401,6 +409,7 @@ void initialize(Context context, Bundle arguments) {
             removePreference(KEY_APP_AND_CONTENT_ACCESS);
             removePreference(KEY_APP_COPYING);
             removePreference(KEY_APP_INSTALLS);
+            removePreference(KEY_RUN_IN_BACKGROUND);
         } else {
             if (!Utils.isVoiceCapable(context)) { // no telephony
                 removePreference(KEY_ENABLE_TELEPHONY);
@@ -430,10 +439,13 @@ void initialize(Context context, Bundle arguments) {
                 if (!SHOW_APP_COPYING_PREF) {
                     removePreference(KEY_APP_COPYING);
                 }
+                removePreference(KEY_RUN_IN_BACKGROUND);
             } else {
                 mPhonePref.setChecked(!mUserManager.hasUserRestriction(
                         UserManager.DISALLOW_OUTGOING_CALLS, new UserHandle(userId)));
                 mRemoveUserPref.setTitle(R.string.user_remove_user);
+                mRunInBackgroundPref.setChecked(!userRestrictions.isSet(
+                        UserManager.DISALLOW_RUN_IN_BACKGROUND));
             }
 
             // Remove preference KEY_REMOVE_USER if DISALLOW_REMOVE_USER restriction is set
@@ -450,6 +462,7 @@ void initialize(Context context, Bundle arguments) {
             mGrantAdminPref.setOnPreferenceChangeListener(this);
             mAppAndContentAccessPref.setOnPreferenceClickListener(this);
             mAppCopyingPref.setOnPreferenceClickListener(this);
+            mRunInBackgroundPref.setOnPreferenceChangeListener(this);
         }
     }
 

From 78ad2129a28b19ac20f099d420da497d044b4e7d Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Wed, 26 Jul 2023 09:45:29 +0000
Subject: [PATCH 024/117] Disable app copying preference when the user has
 DISALLOW_INSTALL_APPS restriction

---
 src/com/android/settings/users/UserDetailsSettings.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/com/android/settings/users/UserDetailsSettings.java b/src/com/android/settings/users/UserDetailsSettings.java
index 9de016ba353..d3d4692da50 100644
--- a/src/com/android/settings/users/UserDetailsSettings.java
+++ b/src/com/android/settings/users/UserDetailsSettings.java
@@ -143,6 +143,7 @@ public void onResume() {
         }
         mAppsInstallsPref.setSummary(UserAppsInstallSettings.getDescription(
                 requireContext(), userRestrictions));
+        mAppCopyingPref.setEnabled(!userRestrictions.isSet(UserManager.DISALLOW_INSTALL_APPS));
     }
 
     @Override

From 1d5ecf9c75e3bfa360cc872734e9d82851df5b0d Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 2 Mar 2024 11:24:34 +0200
Subject: [PATCH 025/117] add support for disabling non-system apps

---
 .../settings/spa/app/appinfo/AppDisableButton.kt     | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/com/android/settings/spa/app/appinfo/AppDisableButton.kt b/src/com/android/settings/spa/app/appinfo/AppDisableButton.kt
index 555e9f14c61..07d583cde30 100644
--- a/src/com/android/settings/spa/app/appinfo/AppDisableButton.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppDisableButton.kt
@@ -31,6 +31,7 @@ import com.android.settingslib.spa.widget.dialog.AlertDialogButton
 import com.android.settingslib.spa.widget.dialog.rememberAlertDialogPresenter
 import com.android.settingslib.spaprivileged.framework.common.devicePolicyManager
 import com.android.settingslib.spaprivileged.framework.common.userManager
+import com.android.settingslib.spaprivileged.model.app.installed
 import com.android.settingslib.spaprivileged.model.app.isDisabledUntilUsed
 import com.android.settingslib.Utils as SettingsLibUtils
 
@@ -47,7 +48,7 @@ class AppDisableButton(
 
     @Composable
     fun getActionButton(app: ApplicationInfo): ActionButton? {
-        if (!app.isSystemApp) return null
+        if (!app.installed) return null
 
         return when {
             app.enabled && !app.isDisabledUntilUsed -> {
@@ -62,6 +63,8 @@ class AppDisableButton(
      * Gets whether a package can be disabled.
      */
     private fun ApplicationInfo.canBeDisabled(): Boolean = when {
+        !isSystemApp -> appButtonRepository.isAllowUninstallOrArchive(context, this)
+
         // Try to prevent the user from bricking their phone by not allowing disabling of apps
         // signed with the system certificate.
         isSignedWithPlatformKey -> false
@@ -98,7 +101,12 @@ class AppDisableButton(
             // Currently we apply the same device policy for both the uninstallation and disable
             // button.
             if (!appButtonRepository.isUninstallBlockedByAdmin(app)) {
-                dialogPresenter.open()
+                if (app.isSystemApp) {
+                    dialogPresenter.open()
+                } else {
+                    packageInfoPresenter.disable()
+                }
+
             }
         }
     }

From aa92acb6fe7adeffff84d7cbf68db4f1ee534dad Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 2 Mar 2024 12:29:45 +0200
Subject: [PATCH 026/117] don't show "More options" button in App info
 uninstall dialog

That button opens app's App info screen.
---
 src/com/android/settings/spa/app/AppUtil.kt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/spa/app/AppUtil.kt b/src/com/android/settings/spa/app/AppUtil.kt
index 64da61380f5..7b319aeddeb 100644
--- a/src/com/android/settings/spa/app/AppUtil.kt
+++ b/src/com/android/settings/spa/app/AppUtil.kt
@@ -37,6 +37,7 @@ fun Context.startUninstallActivity(
 
     val intent = Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageUri).apply {
         putExtra(Intent.EXTRA_UNINSTALL_ALL_USERS, forAllUsers)
+        putExtra(Intent.EXTRA_UNINSTALL_SHOW_MORE_OPTIONS_BUTTON, false)
     }
     startActivityAsUser(intent, userHandle)
-}
\ No newline at end of file
+}

From ed7e0c8363f91891067a9f15062fcee92569496a Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 2 Mar 2024 11:19:46 +0200
Subject: [PATCH 027/117] add Storage Scopes link to the "App info" screen

---
 res/values/strings.xml                        |  2 ++
 .../spa/app/appinfo/AppInfoSettings.kt        |  3 +-
 .../app/appinfo/AppStorageScopesPreference.kt | 32 +++++++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 src/com/android/settings/spa/app/appinfo/AppStorageScopesPreference.kt

diff --git a/res/values/strings.xml b/res/values/strings.xml
index 22c54009e3b..f8b417d9a59 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -13936,4 +13936,6 @@
 
     <string name="sandboxed_google_play">Sandboxed Google Play</string>
     <string name="sandboxed_google_play_work_profile">Sandboxed Google Play (work profile)</string>
+
+    <string name="storage_scopes">Storage Scopes</string>
 </resources>
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 78fb8df123b..46b29d7915a 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -147,6 +147,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             AppAllServicesPreference(app)
             AppNotificationPreference(app)
             AppPermissionPreference(app)
+            AppStorageScopesPreference(app)
             AppStoragePreference(app)
             InstantAppDomainsPreference(app)
             AppDataUsagePreference(app)
@@ -181,4 +182,4 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
 }
 
 fun isArchivingEnabled(featureFlags: PmFeatureFlags) =
-        featureFlags.archiving() || Flags.appArchiving()
\ No newline at end of file
+        featureFlags.archiving() || Flags.appArchiving()
diff --git a/src/com/android/settings/spa/app/appinfo/AppStorageScopesPreference.kt b/src/com/android/settings/spa/app/appinfo/AppStorageScopesPreference.kt
new file mode 100644
index 00000000000..cbcd8944f56
--- /dev/null
+++ b/src/com/android/settings/spa/app/appinfo/AppStorageScopesPreference.kt
@@ -0,0 +1,32 @@
+package com.android.settings.spa.app.appinfo
+
+import android.app.StorageScope
+import android.content.pm.ApplicationInfo
+import android.content.pm.GosPackageState
+import android.content.pm.GosPackageStateFlag
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.res.stringResource
+import com.android.settings.R
+import com.android.settingslib.spa.widget.preference.Preference
+import com.android.settingslib.spa.widget.preference.PreferenceModel
+import com.android.settingslib.spaprivileged.model.app.userHandle
+import com.android.settingslib.spaprivileged.model.app.userId
+
+@Composable
+fun AppStorageScopesPreference(app: ApplicationInfo) {
+    val pkgName = app.packageName
+    if (!GosPackageState.get(pkgName, app.userId).hasFlag(GosPackageStateFlag.STORAGE_SCOPES_ENABLED)) {
+        return
+    }
+
+    val context = LocalContext.current
+
+    Preference(object : PreferenceModel {
+        override val title = stringResource(R.string.storage_scopes)
+        override val onClick = {
+            val intent = StorageScope.createConfigActivityIntent(pkgName)
+            context.startActivityAsUser(intent, app.userHandle)
+        }
+    })
+}

From 19d63272ed03dc48497a9885eb74e1dfe23e1bff Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 2 Mar 2024 11:20:31 +0200
Subject: [PATCH 028/117] add Storage Scopes link to "All files access" screen

---
 .../spa/app/specialaccess/AllFilesAccess.kt   | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/com/android/settings/spa/app/specialaccess/AllFilesAccess.kt b/src/com/android/settings/spa/app/specialaccess/AllFilesAccess.kt
index f6c08c0ca7c..6dba4817a2a 100644
--- a/src/com/android/settings/spa/app/specialaccess/AllFilesAccess.kt
+++ b/src/com/android/settings/spa/app/specialaccess/AllFilesAccess.kt
@@ -18,11 +18,19 @@ package com.android.settings.spa.app.specialaccess
 
 import android.Manifest
 import android.app.AppOpsManager
+import android.app.StorageScope
 import android.app.settings.SettingsEnums
 import android.content.Context
+import android.content.pm.PackageInfo
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.res.stringResource
 import com.android.settings.R
 import com.android.settings.overlay.FeatureFactory.Companion.featureFactory
+import com.android.settingslib.spa.widget.preference.Preference
+import com.android.settingslib.spa.widget.preference.PreferenceModel
 import com.android.settingslib.spaprivileged.model.app.AppOps
+import com.android.settingslib.spaprivileged.model.app.userHandle
 import com.android.settingslib.spaprivileged.template.app.AppOpPermissionListModel
 import com.android.settingslib.spaprivileged.template.app.AppOpPermissionRecord
 import com.android.settingslib.spaprivileged.template.app.TogglePermissionAppListProvider
@@ -54,4 +62,18 @@ class AllFilesAccessListModel(context: Context) : AppOpPermissionListModel(conte
         }
         featureFactory.metricsFeatureProvider.action(context, category, "")
     }
+
+    @Composable
+    override fun extContent(record: AppOpPermissionRecord, pkgInfo: PackageInfo) {
+        val context = LocalContext.current
+
+        Preference(object : PreferenceModel {
+            override val title = stringResource(R.string.storage_scopes)
+            override val onClick = {
+                val app = record.app
+                val i = StorageScope.createConfigActivityIntent(app.packageName)
+                context.startActivityAsUser(i, app.userHandle)
+            }
+        })
+    }
 }

From be25069de5b1b1c6457d4213d5d8d4e60668aa7f Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 8 Jul 2022 13:40:22 +0300
Subject: [PATCH 029/117] add OBB access toggle to "Install unknown apps"
 screen

---
 res/values/strings.xml                        |  3 ++
 .../app/specialaccess/InstallUnknownApps.kt   | 52 ++++++++++++++++++-
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/res/values/strings.xml b/res/values/strings.xml
index f8b417d9a59..cdca65e9a1e 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -13938,4 +13938,7 @@
     <string name="sandboxed_google_play_work_profile">Sandboxed Google Play (work profile)</string>
 
     <string name="storage_scopes">Storage Scopes</string>
+
+    <string name="allow_access_to_obb_directory_title">Allow access to Android/obb folder</string>
+    <string name="allow_access_to_obb_directory_summary">Required for installation of some large apps (mostly games) that use OBB expansion files</string>
 </resources>
diff --git a/src/com/android/settings/spa/app/specialaccess/InstallUnknownApps.kt b/src/com/android/settings/spa/app/specialaccess/InstallUnknownApps.kt
index d6fe7160dbf..0a3d5219bc9 100644
--- a/src/com/android/settings/spa/app/specialaccess/InstallUnknownApps.kt
+++ b/src/com/android/settings/spa/app/specialaccess/InstallUnknownApps.kt
@@ -22,10 +22,18 @@ import android.app.AppOpsManager
 import android.app.AppOpsManager.MODE_DEFAULT
 import android.content.Context
 import android.content.pm.ApplicationInfo
+import android.content.pm.GosPackageState
+import android.content.pm.GosPackageStateFlag
+import android.content.pm.PackageInfo
 import android.os.UserManager
 import androidx.compose.runtime.Composable
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.res.stringResource
 import com.android.settings.R
 import com.android.settingslib.spa.lifecycle.collectAsCallbackWithLifecycle
+import com.android.settingslib.spa.widget.preference.SwitchPreference
+import com.android.settingslib.spa.widget.preference.SwitchPreferenceModel
 import com.android.settingslib.spaprivileged.model.app.AppOps
 import com.android.settingslib.spaprivileged.model.app.AppOpsController
 import com.android.settingslib.spaprivileged.model.app.AppRecord
@@ -44,7 +52,26 @@ object InstallUnknownAppsListProvider : TogglePermissionAppListProvider {
 data class InstallUnknownAppsRecord(
     override val app: ApplicationInfo,
     val appOpsController: AppOpsController,
-) : AppRecord
+) : AppRecord {
+    val isObbFlagSet = mutableStateOf(isObbFlagSet())
+
+    fun isObbFlagSet(): Boolean {
+        return GosPackageState.get(app.packageName, app.userId).hasFlag(GosPackageStateFlag.ALLOW_ACCESS_TO_OBB_DIRECTORY)
+    }
+
+    fun setObbFlagState(state: Boolean): Boolean {
+        GosPackageState.edit(app.packageName, app.userId).run {
+            setFlagState(GosPackageStateFlag.ALLOW_ACCESS_TO_OBB_DIRECTORY, state)
+            killUidAfterApply()
+            if (apply()) {
+                isObbFlagSet.value = state
+                return true
+            } else {
+                return false
+            }
+        }
+    }
+}
 
 class InstallUnknownAppsListModel(private val context: Context) :
     TogglePermissionAppListModel<InstallUnknownAppsRecord> {
@@ -84,6 +111,29 @@ class InstallUnknownAppsListModel(private val context: Context) :
 
     override fun setAllowed(record: InstallUnknownAppsRecord, newAllowed: Boolean) {
         record.appOpsController.setAllowed(newAllowed)
+        if (!newAllowed) {
+            record.setObbFlagState(false)
+        }
+    }
+
+    @Composable
+    override fun extContent(record: InstallUnknownAppsRecord, pkgInfo: PackageInfo) {
+        val context = LocalContext.current
+
+        SwitchPreference(object : SwitchPreferenceModel {
+            override val title = stringResource(R.string.allow_access_to_obb_directory_title)
+            override val summary = {
+                context.getString(R.string.allow_access_to_obb_directory_summary)
+            }
+
+            override val checked = {
+                record.isObbFlagSet.value
+            }
+            override val onCheckedChange = { newChecked: Boolean ->
+                record.setObbFlagState(newChecked)
+                Unit
+            }
+        })
     }
 
     companion object {

From 0688fe1a5c4becdac2dcbba5963ed969c2b4dc26 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 2 Mar 2024 11:22:22 +0200
Subject: [PATCH 030/117] add Contact Scopes link to the "App info" screen

---
 res/values/strings_ext.xml                    |  2 ++
 .../app/appinfo/AppContactScopesPreference.kt | 32 +++++++++++++++++++
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 3 files changed, 35 insertions(+)
 create mode 100644 src/com/android/settings/spa/app/appinfo/AppContactScopesPreference.kt

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 14836ee79e2..bd500ec6ced 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -80,6 +80,8 @@ No query or data is sent to the server. These files contain orbits and statuses
     <string name="psds_disabled">Off</string>
     <string name="psds_disabled_summary">Will make acquiring location lock significantly slower, especially if SUPL is turned off too</string>
 
+    <string name="contact_scopes">Contact Scopes</string>
+
     <string name="conn_checks_grapheneos_server">GrapheneOS server</string>
     <string name="conn_checks_google_server">Standard (Google) server</string>
     <string name="conn_checks_disabled">Off</string>
diff --git a/src/com/android/settings/spa/app/appinfo/AppContactScopesPreference.kt b/src/com/android/settings/spa/app/appinfo/AppContactScopesPreference.kt
new file mode 100644
index 00000000000..be4cf6fadbc
--- /dev/null
+++ b/src/com/android/settings/spa/app/appinfo/AppContactScopesPreference.kt
@@ -0,0 +1,32 @@
+package com.android.settings.spa.app.appinfo
+
+import android.content.pm.ApplicationInfo
+import android.content.pm.GosPackageState
+import android.content.pm.GosPackageStateFlag
+import android.ext.cscopes.ContactScopesApi
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.res.stringResource
+import com.android.settings.R
+import com.android.settingslib.spa.widget.preference.Preference
+import com.android.settingslib.spa.widget.preference.PreferenceModel
+import com.android.settingslib.spaprivileged.model.app.userHandle
+import com.android.settingslib.spaprivileged.model.app.userId
+
+@Composable
+fun AppContactScopesPreference(app: ApplicationInfo) {
+    val pkgName = app.packageName
+    if (!GosPackageState.get(pkgName, app.userId).hasFlag(GosPackageStateFlag.CONTACT_SCOPES_ENABLED)) {
+        return
+    }
+
+    val context = LocalContext.current
+
+    Preference(object : PreferenceModel {
+        override val title = stringResource(R.string.contact_scopes)
+        override val onClick = {
+            val intent = ContactScopesApi.createConfigActivityIntent(pkgName)
+            context.startActivityAsUser(intent, app.userHandle)
+        }
+    })
+}
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 46b29d7915a..cfe8f368bf5 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -148,6 +148,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             AppNotificationPreference(app)
             AppPermissionPreference(app)
             AppStorageScopesPreference(app)
+            AppContactScopesPreference(app)
             AppStoragePreference(app)
             InstantAppDomainsPreference(app)
             AppDataUsagePreference(app)

From e339ef81febacf161254d8dc724ec4dd9017a048 Mon Sep 17 00:00:00 2001
From: empratyush <codelab@pratyush.dev>
Date: Mon, 20 Jun 2022 22:16:29 +0300
Subject: [PATCH 031/117] Reverse Wireless Charging UI

---
 Android.bp                                    |  1 +
 res/values/strings.xml                        |  3 +
 res/xml/power_usage_summary.xml               |  6 ++
 .../BatterySharePreferenceController.java     | 99 +++++++++++++++++++
 4 files changed, 109 insertions(+)
 create mode 100644 src/com/android/settings/display/BatterySharePreferenceController.java

diff --git a/Android.bp b/Android.bp
index 907ff12bc86..420bf5ab07c 100644
--- a/Android.bp
+++ b/Android.bp
@@ -93,6 +93,7 @@ android_library {
         // Settings dependencies
         "FingerprintManagerInteractor",
         "MediaDrmSettingsFlagsLib",
+        "ReverseWirelessCharging",
         "Settings-change-ids",
         "SettingsLib",
         "SettingsLibActivityEmbedding",
diff --git a/res/values/strings.xml b/res/values/strings.xml
index cdca65e9a1e..305f3e12bb9 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -13941,4 +13941,7 @@
 
     <string name="allow_access_to_obb_directory_title">Allow access to Android/obb folder</string>
     <string name="allow_access_to_obb_directory_summary">Required for installation of some large apps (mostly games) that use OBB expansion files</string>
+
+    <string name="battery_share_description">Charge other devices by placing them on the back of your phone</string>
+    <string name="battery_share">Battery share</string>
 </resources>
diff --git a/res/xml/power_usage_summary.xml b/res/xml/power_usage_summary.xml
index 21a836d6d9a..c86ff0ac78f 100644
--- a/res/xml/power_usage_summary.xml
+++ b/res/xml/power_usage_summary.xml
@@ -70,6 +70,12 @@
         android:summary="@string/battery_percentage_description"
         settings:controller="com.android.settings.display.BatteryPercentagePreferenceController" />
 
+    <SwitchPreferenceCompat
+        android:key="battery_share"
+        android:title="@string/battery_share"
+        android:summary="@string/battery_share_description"
+        settings:controller="com.android.settings.display.BatterySharePreferenceController" />
+
     <com.android.settingslib.widget.FooterPreference
         android:key="power_usage_footer"
         android:title="@string/battery_footer_summary"
diff --git a/src/com/android/settings/display/BatterySharePreferenceController.java b/src/com/android/settings/display/BatterySharePreferenceController.java
new file mode 100644
index 00000000000..39b9066cdb9
--- /dev/null
+++ b/src/com/android/settings/display/BatterySharePreferenceController.java
@@ -0,0 +1,99 @@
+package com.android.settings.display;
+
+import android.app.Activity;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.os.BatteryManager;
+
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+import androidx.preference.TwoStatePreference;
+
+import com.android.internal.R;
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settingslib.core.lifecycle.LifecycleObserver;
+import com.android.settingslib.core.lifecycle.events.OnStart;
+import com.android.settingslib.core.lifecycle.events.OnStop;
+
+import vendor.google.wireless_charger.ReverseWirelessCharger;
+
+public class BatterySharePreferenceController extends BasePreferenceController implements
+        PreferenceControllerMixin, Preference.OnPreferenceChangeListener, LifecycleObserver,
+        OnStart, OnStop {
+
+    private static final String KEY_BATTERY_SHARE = "battery_share";
+    private final ReverseWirelessCharger wirelessCharger;
+    private final Context mContext;
+    private Preference mPreference;
+
+    private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() {
+        @Override
+        public void onReceive(Context context, Intent intent) {
+            ((Activity) mContext).runOnUiThread(() -> update());
+        }
+    };
+
+
+    public BatterySharePreferenceController(Context context, String preferenceKey) {
+        super(context, preferenceKey);
+        mContext = context;
+        wirelessCharger = ReverseWirelessCharger.getInstance();
+    }
+
+    public boolean isPlugged(Context context) {
+        Intent intent = context.registerReceiver(null,
+                new IntentFilter(Intent.ACTION_BATTERY_CHANGED));
+        int plugged = intent.getIntExtra(BatteryManager.EXTRA_PLUGGED, -1);
+        return plugged == BatteryManager.BATTERY_PLUGGED_WIRELESS;
+    }
+
+    @Override
+    public void displayPreference(PreferenceScreen screen) {
+        super.displayPreference(screen);
+        mPreference = screen.findPreference(getPreferenceKey());
+        update();
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_BATTERY_SHARE;
+    }
+
+    private void update() {
+        if (mPreference == null) return;
+        boolean enabled = !isPlugged(mContext) && wirelessCharger.isRtxSupported();
+        mPreference.setEnabled(enabled);
+        ((TwoStatePreference) mPreference).setChecked(wirelessCharger.isRtxModeOn());
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        return wirelessCharger.isRtxSupported() ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
+    }
+
+    @Override
+    public void updateState(Preference preference) {
+        update();
+    }
+
+    @Override
+    public boolean onPreferenceChange(Preference preference, Object newValue) {
+        wirelessCharger.setRtxMode((Boolean) newValue);
+        return true;
+    }
+
+    @Override
+    public void onStart() {
+        IntentFilter filter = new IntentFilter();
+        filter.addAction(Intent.ACTION_BATTERY_CHANGED);
+        mContext.registerReceiver(mBroadcastReceiver, filter);
+    }
+
+    @Override
+    public void onStop() {
+        mContext.unregisterReceiver(mBroadcastReceiver);
+    }
+}

From 9c1f06bd9513f16b8cbb693115260f2258794828 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 15 Sep 2023 10:03:16 +0300
Subject: [PATCH 032/117] hide the "Storage manager" toggle from Storage screen

"Storage manager" is supposed to automatically remove backed up photos and videos.
This functionality is not implemented in AOSP, i.e. this toggle doesn't actually work.
---
 res/values/config.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/res/values/config.xml b/res/values/config.xml
index 129ea31b004..9f8460ba664 100644
--- a/res/values/config.xml
+++ b/res/values/config.xml
@@ -612,7 +612,7 @@
     <string name="config_other_storage_category_uri" translatable="false">content://com.android.providers.media.documents/root/others_root</string>
 
     <!-- Whether to show Smart Storage toggle -->
-    <bool name="config_show_smart_storage_toggle">true</bool>
+    <bool name="config_show_smart_storage_toggle">false</bool>
 
     <!-- Display settings screen, Color mode options. Must be the same length and order as
          config_color_mode_options_values below. Only the values that also appear in

From a98838a7b1a71f9a4cbc91c4c897aa216cd6ae10 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 8 Oct 2023 13:48:51 +0300
Subject: [PATCH 033/117] add toggle for fingerprint screen unlocking

---
 res/values/strings_keyguard_fingerprint.xml   |  4 +
 res/xml/security_settings_fingerprint.xml     |  9 +-
 .../fingerprint/FingerprintSettings.java      | 56 +++++++++----
 ...tSettingsKeyguardPreferenceController.java | 83 +++++++++++++++++++
 .../FingerprintUnlockCategoryController.java  |  3 +-
 5 files changed, 137 insertions(+), 18 deletions(-)
 create mode 100644 res/values/strings_keyguard_fingerprint.xml
 create mode 100644 src/com/android/settings/biometrics/fingerprint/FingerprintSettingsKeyguardPreferenceController.java

diff --git a/res/values/strings_keyguard_fingerprint.xml b/res/values/strings_keyguard_fingerprint.xml
new file mode 100644
index 00000000000..edf85b2602a
--- /dev/null
+++ b/res/values/strings_keyguard_fingerprint.xml
@@ -0,0 +1,4 @@
+<resources>
+    <string name="keyguard_fingerprint_title">Use for screen unlocking</string>
+    <string name="keyguard_fingerprint_summary">When disabled, fingerprint unlock can still be used in apps</string>
+</resources>
diff --git a/res/xml/security_settings_fingerprint.xml b/res/xml/security_settings_fingerprint.xml
index 32f09244f97..4fdd4b9fb04 100644
--- a/res/xml/security_settings_fingerprint.xml
+++ b/res/xml/security_settings_fingerprint.xml
@@ -32,8 +32,7 @@
     <PreferenceCategory
         android:key="security_settings_fingerprint_unlock_category"
         android:title="@string/security_settings_fingerprint_settings_preferences_category"
-        settings:controller="com.android.settings.biometrics.fingerprint.FingerprintUnlockCategoryController"
-        settings:isPreferenceVisible="false">
+        settings:controller="com.android.settings.biometrics.fingerprint.FingerprintUnlockCategoryController">
 
         <com.android.settingslib.RestrictedSwitchPreference
             android:key="@string/security_settings_require_screen_on_to_auth_key"
@@ -50,6 +49,12 @@
             settings:keywords="@string/security_settings_screen_off_unlock_udfps_keywords"
             settings:controller="com.android.settings.biometrics.fingerprint.FingerprintSettingsScreenOffUnlockUdfpsPreferenceController"
             settings:isPreferenceVisible="false"/>
+
+        <com.android.settingslib.RestrictedSwitchPreference
+            android:key="fingerprint_enable_keyguard_toggle"
+            android:title="@string/keyguard_fingerprint_title"
+            android:summary="@string/keyguard_fingerprint_summary"
+            settings:controller="com.android.settings.biometrics.fingerprint.FingerprintSettingsKeyguardPreferenceController" />
     </PreferenceCategory>
 
     <PreferenceCategory
diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java b/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java
index d8a14f1e450..ec260c81576 100644
--- a/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java
+++ b/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java
@@ -198,23 +198,17 @@ private static List<AbstractPreferenceController> createThePreferenceControllers
             if (manager == null || !manager.isHardwareDetected()) {
                 return null;
             }
+
+            controllers.add(new FingerprintUnlockCategoryController(context,
+                    KEY_FINGERPRINT_UNLOCK_CATEGORY));
+
             if (manager.isPowerbuttonFps()) {
-                controllers.add(
-                        new FingerprintUnlockCategoryController(
-                                context,
-                                KEY_FINGERPRINT_UNLOCK_CATEGORY
-                        ));
                 controllers.add(
                         new FingerprintSettingsRequireScreenOnToAuthPreferenceController(
                                 context,
                                 KEY_REQUIRE_SCREEN_ON_TO_AUTH
                         ));
             } else if (screenOffUnlockUdfps()) {
-                controllers.add(
-                        new FingerprintUnlockCategoryController(
-                                context,
-                                KEY_FINGERPRINT_UNLOCK_CATEGORY
-                        ));
                 controllers.add(
                         new FingerprintSettingsScreenOffUnlockUdfpsPreferenceController(
                                 context,
@@ -223,6 +217,8 @@ private static List<AbstractPreferenceController> createThePreferenceControllers
             }
             controllers.add(new FingerprintsEnrolledCategoryPreferenceController(context,
                     KEY_FINGERPRINTS_ENROLLED_CATEGORY));
+            controllers.add(new FingerprintSettingsKeyguardPreferenceController(context,
+                    KEY_FINGERPRINT_ENABLE_KEYGUARD_TOGGLE));
             return controllers;
         }
 
@@ -653,16 +649,17 @@ private void addFingerprintPreferences(PreferenceGroup root) {
                     ((FingerprintSettingsPreferenceController) controller).setUserId(mUserId);
                 } else if (controller instanceof FingerprintUnlockCategoryController) {
                     ((FingerprintUnlockCategoryController) controller).setUserId(mUserId);
+                } else if (controller instanceof FingerprintSettingsKeyguardPreferenceController c) {
+                    c.setUserId(mUserId);
                 }
             }
 
             // This needs to be after setting ids, otherwise
             // |mRequireScreenOnToAuthPreferenceController.isChecked| is always checking the primary
             // user instead of the user with |mUserId|.
-            if (isSfps() || (screenOffUnlockUdfps() && isUltrasnoicUdfps())) {
-                scrollToPreference(fpPrefKey);
-                addFingerprintUnlockCategory();
-            }
+            scrollToPreference(fpPrefKey);
+            addFingerprintUnlockCategory();
+
             createFooterPreference(root);
         }
 
@@ -729,6 +726,7 @@ private void addFingerprintUnlockCategory() {
             } else if (screenOffUnlockUdfps() && isUltrasnoicUdfps()) {
                 setupFingerprintUnlockCategoryPreferencesForScreenOffUnlock();
             }
+            setupFingerprintUnlockCategoryPreferencesExt();
             updateFingerprintUnlockCategoryVisibility();
         }
 
@@ -748,6 +746,19 @@ private void updateFingerprintUnlockCategoryVisibility() {
             }
         }
 
+        private FingerprintSettingsKeyguardPreferenceController mFingerprintKeyguardController;
+
+        private void setupFingerprintUnlockCategoryPreferencesExt() {
+            RestrictedSwitchPreference keyguardFingerprintPref = findPreference(KEY_FINGERPRINT_ENABLE_KEYGUARD_TOGGLE);
+            keyguardFingerprintPref.setChecked(mFingerprintKeyguardController.isChecked());
+            keyguardFingerprintPref.setOnPreferenceChangeListener((p, value) -> {
+                mFingerprintKeyguardController.setChecked((boolean) value);
+                return true;
+            });
+            // Without this, the preference will display even when it is not available.
+            keyguardFingerprintPref.setVisible(mFingerprintKeyguardController.isAvailable());
+        }
+
         private void setupFingerprintUnlockCategoryPreferencesForScreenOnToAuth() {
             mRequireScreenOnToAuthPreference = findPreference(KEY_REQUIRE_SCREEN_ON_TO_AUTH);
             mRequireScreenOnToAuthPreference.setChecked(
@@ -1006,6 +1017,23 @@ protected List<AbstractPreferenceController> createPreferenceControllers(Context
         private List<AbstractPreferenceController> buildPreferenceControllers(Context context) {
             final List<AbstractPreferenceController> controllers =
                     createThePreferenceControllers(context);
+            if (controllers == null) {
+                return controllers;
+            }
+
+            for (AbstractPreferenceController controller : controllers) {
+                switch (controller.getPreferenceKey()) {
+                    case KEY_FINGERPRINT_UNLOCK_CATEGORY:
+                        mFingerprintUnlockCategoryPreferenceController =
+                                (FingerprintUnlockCategoryController) controller;
+                        continue;
+                    case KEY_FINGERPRINT_ENABLE_KEYGUARD_TOGGLE:
+                        mFingerprintKeyguardController =
+                                (FingerprintSettingsKeyguardPreferenceController) controller;
+                        continue;
+                }
+            }
+
             if (isSfps()) {
                 for (AbstractPreferenceController controller : controllers) {
                     if (controller.getPreferenceKey() == KEY_FINGERPRINT_UNLOCK_CATEGORY) {
diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintSettingsKeyguardPreferenceController.java b/src/com/android/settings/biometrics/fingerprint/FingerprintSettingsKeyguardPreferenceController.java
new file mode 100644
index 00000000000..79fcfd30f95
--- /dev/null
+++ b/src/com/android/settings/biometrics/fingerprint/FingerprintSettingsKeyguardPreferenceController.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.settings.biometrics.fingerprint;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.Context;
+import android.os.UserManager;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.core.TogglePreferenceController;
+import com.android.settings.overlay.FeatureFactory;
+import com.android.settingslib.RestrictedLockUtils;
+import com.android.settingslib.RestrictedLockUtilsInternal;
+
+// based on src/com/android/settings/biometrics/combination/BiometricSettingsKeyguardPreferenceController.java
+// from android-14.0.0_r1
+public class FingerprintSettingsKeyguardPreferenceController extends TogglePreferenceController {
+    private int mUserId;
+    private final LockPatternUtils mLockPatternUtils;
+
+    public FingerprintSettingsKeyguardPreferenceController(Context context, String key) {
+        super(context, key);
+        mLockPatternUtils = FeatureFactory.getFeatureFactory()
+                .getSecurityFeatureProvider()
+                .getLockPatternUtils(context);
+    }
+
+    protected RestrictedLockUtils.EnforcedAdmin getRestrictingAdmin() {
+        return RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled(mContext,
+                DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT, mUserId);
+    }
+
+    public void setUserId(int userId) {
+        mUserId = userId;
+    }
+
+    @Override
+    public boolean isChecked() {
+        return mLockPatternUtils.isBiometricKeyguardEnabled(mUserId);
+    }
+
+    @Override
+    public boolean setChecked(boolean isChecked) {
+        return mLockPatternUtils.setBiometricKeyguardEnabled(mUserId, isChecked);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (UserManager.get(mContext).isManagedProfile(mUserId)) {
+            return DISABLED_FOR_USER;
+        }
+
+        return getAvailabilityFromRestrictingAdmin();
+    }
+
+    private int getAvailabilityFromRestrictingAdmin() {
+        return getRestrictingAdmin() != null ? DISABLED_FOR_USER : AVAILABLE;
+    }
+
+    @Override
+    public final boolean isSliceable() {
+        return false;
+    }
+
+    @Override
+    public int getSliceHighlightMenuRes() {
+        // not needed since it's not sliceable
+        return NO_RES;
+    }
+}
diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintUnlockCategoryController.java b/src/com/android/settings/biometrics/fingerprint/FingerprintUnlockCategoryController.java
index c949d3da4d8..7184f01a4ea 100644
--- a/src/com/android/settings/biometrics/fingerprint/FingerprintUnlockCategoryController.java
+++ b/src/com/android/settings/biometrics/fingerprint/FingerprintUnlockCategoryController.java
@@ -43,8 +43,7 @@ public FingerprintUnlockCategoryController(Context context, String key) {
     @Override
     public int getAvailabilityStatus() {
         if (mFingerprintManager != null
-                && mFingerprintManager.isHardwareDetected()
-                && (mFingerprintManager.isPowerbuttonFps() || screenOffUnlockUdfps())) {
+                && mFingerprintManager.isHardwareDetected()) {
             return mFingerprintManager.hasEnrolledTemplates(getUserId())
                     ? AVAILABLE : CONDITIONALLY_UNAVAILABLE;
         } else {

From 77ed62955b515899b2890055c7cea445dfa97317 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 29 Sep 2023 09:46:29 +0300
Subject: [PATCH 034/117] add helpers for per-app settings

---
 res/values/strings_ext.xml                     |  2 ++
 src/com/android/settings/ext/AppPrefUtils.java | 14 ++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 src/com/android/settings/ext/AppPrefUtils.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index bd500ec6ced..609768d5c21 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -117,4 +117,6 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     <!-- Title of preference to enable running in background [CHAR LIMIT=40] -->
     <string name="user_run_in_background">Allow running in background</string>
 
+    <string name="app_exploit_protection_default_value_warning">"Warning: enabling this setting might cause some apps to stop working.</string>
+
 </resources>
diff --git a/src/com/android/settings/ext/AppPrefUtils.java b/src/com/android/settings/ext/AppPrefUtils.java
new file mode 100644
index 00000000000..3ae426bf36f
--- /dev/null
+++ b/src/com/android/settings/ext/AppPrefUtils.java
@@ -0,0 +1,14 @@
+package com.android.settings.ext;
+
+import android.content.Context;
+
+import com.android.settings.R;
+
+import androidx.annotation.StringRes;
+
+public class AppPrefUtils {
+
+    public static String getFooterForDefaultHardeningSetting(Context ctx, @StringRes int baseText) {
+        return ctx.getString(R.string.app_exploit_protection_default_value_warning) + "\n\n" + ctx.getString(baseText);
+    }
+}

From e438cfc8fa389c52ce35524ddfdf3dc82d23c2bd Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 15 Nov 2023 13:44:08 +0200
Subject: [PATCH 035/117] add base class for App info single-choice fragments

---
 .../appinfo/RadioButtonAppInfoFragment.java   | 228 ++++++++++++++++++
 1 file changed, 228 insertions(+)
 create mode 100644 src/com/android/settings/applications/appinfo/RadioButtonAppInfoFragment.java

diff --git a/src/com/android/settings/applications/appinfo/RadioButtonAppInfoFragment.java b/src/com/android/settings/applications/appinfo/RadioButtonAppInfoFragment.java
new file mode 100644
index 00000000000..26fa78beb4d
--- /dev/null
+++ b/src/com/android/settings/applications/appinfo/RadioButtonAppInfoFragment.java
@@ -0,0 +1,228 @@
+package com.android.settings.applications.appinfo;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.ApplicationInfo;
+import android.net.Uri;
+import android.os.Bundle;
+import android.util.TypedValue;
+
+import androidx.annotation.Nullable;
+import androidx.annotation.StringRes;
+import androidx.appcompat.app.AlertDialog;
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+import androidx.preference.SwitchPreferenceCompat;
+
+import com.android.settings.applications.AppInfoWithHeader;
+import com.android.settings.applications.SpacePreference;
+import com.android.settingslib.widget.FooterPreference;
+import com.android.settingslib.widget.SelectorWithWidgetPreference;
+
+import java.util.Collections;
+import java.util.List;
+
+public abstract class RadioButtonAppInfoFragment extends AppInfoWithHeader implements SelectorWithWidgetPreference.OnClickListener {
+
+    public static class Entry {
+        public final int id;
+        public CharSequence title;
+        @Nullable
+        public CharSequence summary;
+        public boolean isChecked;
+        public boolean isEnabled;
+
+        public Entry(int id, CharSequence title, @Nullable CharSequence summary, boolean isChecked, boolean isEnabled) {
+            this.id = id;
+            this.title = title;
+            this.summary = summary;
+            this.isChecked = isChecked;
+            this.isEnabled = isEnabled;
+        }
+    }
+
+    public static Entry createEntry(int id, CharSequence title) {
+        return new Entry(id, title, null, false, true);
+    }
+
+    public Entry createEntry(int id, @StringRes int title) {
+        return createEntry(id, getText(title));
+    }
+
+    public Entry createEntry(@StringRes int title) {
+        return createEntry(title, title);
+    }
+
+    public abstract Entry[] getEntries();
+
+    public boolean hasFooter() {
+        return true;
+    }
+
+    public abstract void updateFooter(FooterPreference fp);
+
+    public void setLearnMoreLink(FooterPreference p, String url) {
+        p.setLearnMoreAction(v -> {
+            var i = new Intent(Intent.ACTION_VIEW, Uri.parse(url));
+            startActivity(i);
+        });
+    }
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        PreferenceScreen screen = getPreferenceManager().createPreferenceScreen(getPrefContext());
+        setPreferenceScreen(screen);
+        requireActivity().setTitle(getTitle());
+    }
+
+    protected abstract CharSequence getTitle();
+
+    @Nullable
+    private SelectorWithWidgetPreference[] radioButtons;
+    @Nullable
+    private FooterPreference footer;
+
+    private Preference[] extraPrefs;
+
+    @Override
+    protected boolean refreshUi() {
+        Entry[] entries = getEntries();
+        int entryCnt = entries.length;
+
+        Context ctx = getPrefContext();
+        PreferenceScreen screen = getPreferenceScreen();
+
+        if (radioButtons == null || radioButtons.length != entryCnt) {
+            if (radioButtons != null) {
+                for (Preference p : radioButtons) {
+                    screen.removePreference(p);
+                }
+            }
+
+            radioButtons = new SelectorWithWidgetPreference[entryCnt];
+
+            for (int i = 0; i < entryCnt; ++i) {
+                var p = new SelectorWithWidgetPreference(ctx);
+                p.setOnClickListener(this);
+                screen.addPreference(p);
+                radioButtons[i] = p;
+            }
+        }
+
+        for (int i = 0; i < entryCnt; ++i) {
+            SelectorWithWidgetPreference p = radioButtons[i];
+            Entry e = entries[i];
+            p.setKey(Integer.toString(e.id));
+            p.setTitle(e.title);
+            p.setSummary(e.summary);
+            p.setEnabled(e.isEnabled);
+            p.setChecked(e.isChecked);
+        }
+
+        List<PrefModel> extraPrefModels = getExtraPrefModels();
+
+        if (extraPrefs == null) {
+            if (extraPrefModels.isEmpty()) {
+                extraPrefs = new Preference[0];
+            } else {
+                var spacer = new SpacePreference(ctx, null);
+                int h = (int) TypedValue.applyDimension(TypedValue.COMPLEX_UNIT_PX, 48f, ctx.getResources().getDisplayMetrics());
+                spacer.setHeight(h);
+                screen.addPreference(spacer);
+
+                extraPrefs = new Preference[extraPrefModels.size()];
+                for (int i = 0; i < extraPrefs.length; ++i) {
+                    PrefModel pm = extraPrefModels.get(i);
+                    Preference p;
+                    if (pm instanceof LinkPrefModel lpm) {
+                        p = new Preference(ctx);
+                        p.setOnPreferenceClickListener(pref -> {
+                            lpm.onClick.run();
+                            return true;
+                        });
+                    } else if (pm instanceof TogglePrefModel tpm) {
+                        p = new SwitchPreferenceCompat(ctx);
+                        p.setOnPreferenceChangeListener(tpm.onChangeListener);
+                    } else {
+                        throw new IllegalArgumentException(pm.toString());
+                    }
+                    p.setKey("extra_pref_" + i);
+                    screen.addPreference(p);
+                    extraPrefs[i] = p;
+                }
+            }
+        }
+        for (int i = 0; i < extraPrefs.length; ++i) {
+            PrefModel pm = extraPrefModels.get(i);
+            Preference p = extraPrefs[i];
+            if (pm instanceof TogglePrefModel tpm) {
+                var sp = (SwitchPreferenceCompat) p;
+                sp.setChecked(tpm.isChecked);
+            }
+            p.setTitle(pm.title);
+            p.setSummary(pm.summary);
+            p.setEnabled(pm.isEnabled);
+        }
+
+        if (hasFooter()) {
+            if (footer == null) {
+                footer = new FooterPreference(ctx);
+                screen.addPreference(footer);
+            }
+            updateFooter(footer);
+        } else {
+            if (footer != null) {
+                screen.removePreference(footer);
+                footer = null;
+            }
+        }
+
+        return true;
+    }
+
+    public static class PrefModel {
+        public CharSequence title;
+        public CharSequence summary;
+        public boolean isEnabled = true;
+    }
+
+    public static class LinkPrefModel extends PrefModel {
+        public Runnable onClick;
+    }
+
+    public static class TogglePrefModel extends PrefModel {
+        public boolean isChecked;
+        public Preference.OnPreferenceChangeListener onChangeListener;
+    }
+
+    protected List<PrefModel> getExtraPrefModels() {
+        return Collections.emptyList();
+    }
+
+    @Override
+    public final void onRadioButtonClicked(SelectorWithWidgetPreference emiter) {
+        int id = Integer.parseInt(emiter.getKey());
+        onEntrySelected(id);
+        if (!refreshUi()) {
+            setIntentAndFinish(true);
+        }
+    }
+
+    public abstract void onEntrySelected(int id);
+
+    @Override
+    protected AlertDialog createDialog(int id, int errorCode) {
+        return null;
+    }
+
+    @Override
+    public int getMetricsCategory() {
+        return METRICS_CATEGORY_UNKNOWN;
+    }
+
+    protected ApplicationInfo getAppInfo() {
+        return mPackageInfo.applicationInfo;
+    }
+}

From 2d0afd813364d7e98694344cb51f800ba4dd540e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 15 Nov 2023 13:44:23 +0200
Subject: [PATCH 036/117] infrastructure for AppSwitch UIs

Squashed with 28baa8dcbf5a0d285d8bf3852b723beaa290a973 by quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
---
 res/values/strings_app_exploit_protection.xml |  37 +++
 .../settings/applications/AswAdapter.kt       |  88 +++++++
 .../applications/AswAppInfoFragment.java      | 228 ++++++++++++++++++
 .../AswAppListPrefController.java             |  27 +++
 .../AswExploitProtectionFragment.java         |  44 ++++
 .../spa/app/appinfo/AppInfoSettings.kt        |   3 +
 .../settings/spa/app/appinfo/AswAppList.kt    | 101 ++++++++
 .../settings/spa/app/appinfo/AswPreference.kt |  27 +++
 .../spa/app/appinfo/PackageInfoPresenter.kt   |   5 +-
 9 files changed, 559 insertions(+), 1 deletion(-)
 create mode 100644 res/values/strings_app_exploit_protection.xml
 create mode 100644 src/com/android/settings/applications/AswAdapter.kt
 create mode 100644 src/com/android/settings/applications/AswAppInfoFragment.java
 create mode 100644 src/com/android/settings/applications/AswAppListPrefController.java
 create mode 100644 src/com/android/settings/applications/AswExploitProtectionFragment.java
 create mode 100644 src/com/android/settings/spa/app/appinfo/AswAppList.kt
 create mode 100644 src/com/android/settings/spa/app/appinfo/AswPreference.kt

diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
new file mode 100644
index 00000000000..5081ee0a037
--- /dev/null
+++ b/res/values/strings_app_exploit_protection.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string name="exploit_protection_category_title">Exploit protection</string>
+
+    <string name="aep_allowed">Allowed</string>
+    <string name="aep_blocked">Blocked</string>
+    <string name="aep_default">Default (%1$s)</string>
+    <string name="aep_disabled">Disabled</string>
+    <string name="aep_enabled">Enabled</string>
+    <string name="aep_restricted">Restricted</string>
+
+    <string name="aep_confirm_disable_title">Warning</string>
+    <string name="aep_confirm_disable_warning_msg">This setting will weaken exploit protections for the selected app.</string>
+    <string name="aep_confirm_disable_proceed_btn">Proceed</string>
+
+    <string name="aep_dvr_default_security_setting">Default value can be changed in the %1$s section</string>
+
+    <string name="aep_dvr_compat_config_hardening_opt_in">The selected app is known to be compatible with this setting</string>
+    <string name="aep_dvr_compat_config_hardening_opt_out">%1$s by default, because this app is known to need it.
+This behavior can be disabled in the %2$s section.</string>
+
+    <string name="aep_dvr_app_is_client_of_gmscore">%1$s by default because this app depends on Play services</string>
+
+    <string name="aep_default_main_switch_block_for_3p_apps">Block for third-party apps by default</string>
+    <string name="aep_default_main_switch_restrict_for_3p_apps">Restrict for third-party apps by default</string>
+    <string name="aep_default_main_switch_disable_for_3p_apps">Disable for third-party apps by default</string>
+    <string name="aep_default_summary_restricted">Restricted by default</string>
+    <string name="aep_default_summary_restricted_except_for_gmscore_clients">Restricted by default, except for apps that depend on Play services</string>
+    <string name="aep_default_summary_disabled">Disabled by default</string>
+    <string name="aep_default_summary_blocked">Blocked by default</string>
+    <string name="aep_default_summary_allowed_for_3p_apps">Allowed for third-party apps by default</string>
+    <string name="aep_default_summary_enabled_for_3p_apps">Enabled for third-party apps by default</string>
+
+    <string name="aep_ir_exploit_protection_compat_mode">%1$s is enabled</string>
+
+    <string name="aep_compat_mode_title">Exploit protection compatibility mode</string>
+</resources>
diff --git a/src/com/android/settings/applications/AswAdapter.kt b/src/com/android/settings/applications/AswAdapter.kt
new file mode 100644
index 00000000000..478dd02e25e
--- /dev/null
+++ b/src/com/android/settings/applications/AswAdapter.kt
@@ -0,0 +1,88 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.content.pm.GosPackageState
+import android.ext.settings.app.AppSwitch
+import androidx.preference.Preference
+import androidx.preference.PreferenceScreen
+import com.android.settings.R
+import com.android.settings.SettingsPreferenceFragment
+import com.android.settings.applications.appinfo.AppInfoDashboardFragment
+import com.android.settings.spa.SpaActivity.Companion.startSpaActivity
+import com.android.settings.spa.app.appinfo.AppInfoSettingsProvider
+import com.android.settings.spa.app.appinfo.AswAppListPageProvider
+import com.android.settingslib.spaprivileged.model.app.userId
+import kotlin.reflect.KClass
+
+abstract class AswAdapter<T : AppSwitch> {
+    abstract fun getAppSwitch(): T
+
+    enum class Category {
+        ExploitProtection,
+    }
+
+    fun getCategory(): Category = Category.ExploitProtection
+
+    fun getPreferenceSummary(ctx: Context, appInfo: ApplicationInfo): CharSequence {
+        val asw = getAppSwitch()
+        val si = AppSwitch.StateInfo()
+        val userId = appInfo.userId
+        val isOn = asw.get(ctx, userId, appInfo, GosPackageState.get(appInfo.packageName, userId), si)
+        return if (si.isUsingDefaultValue) {
+            getDefaultTitle(ctx, isOn)
+        } else {
+            if (isOn) getOnTitle(ctx) else getOffTitle(ctx)
+        }
+    }
+
+    open fun getNotificationToggleTitle(ctx: Context): CharSequence? = null
+    open fun getNotificationToggleSummary(ctx: Context): CharSequence? = null
+
+    abstract fun getAswTitle(ctx: Context): CharSequence
+
+    open fun getShortAswTitle(ctx: Context) = getAswTitle(ctx)
+
+    fun getDefaultTitle(ctx: Context, isOn: Boolean): CharSequence {
+        return ctx.getString(R.string.aep_default,
+            if (isOn) getOnTitle(ctx) else getOffTitle(ctx)
+        )
+    }
+
+    open fun getOnTitle(ctx: Context): CharSequence = ctx.getText(R.string.aep_enabled)
+
+    open fun getOffTitle(ctx: Context): CharSequence = ctx.getText(R.string.aep_disabled)
+
+    abstract fun getDetailFragmentClass(): KClass<out SettingsPreferenceFragment>
+
+    fun openAppPage(context: Context, app: ApplicationInfo) {
+        AppInfoDashboardFragment.startAppInfoFragment(
+            getDetailFragmentClass().java,
+            app, context, AppInfoSettingsProvider.METRICS_CATEGORY,
+        )
+    }
+
+    fun makeAppListPageProvider() = AswAppListPageProvider(this)
+
+    fun getAppListPageProviderName() = this::class.simpleName!!
+
+    open fun shouldIncludeInAppListPage(app: ApplicationInfo, gosPs: GosPackageState) = true
+
+    fun openAppListPage(ctx: Context) {
+        ctx.startSpaActivity(getAppListPageProviderName())
+    }
+
+    @JvmOverloads
+    fun addAppListPageLink(screen: PreferenceScreen,
+                           title: CharSequence = screen.context.getText(R.string.default_see_all_apps_title)) {
+        val ctx = screen.context
+        val pref = Preference(ctx).apply {
+            this.title = title
+            setOnPreferenceClickListener { p ->
+                p.context.startSpaActivity(getAppListPageProviderName())
+                true
+            }
+        }
+        screen.addPreference(pref)
+    }
+}
diff --git a/src/com/android/settings/applications/AswAppInfoFragment.java b/src/com/android/settings/applications/AswAppInfoFragment.java
new file mode 100644
index 00000000000..cac5229f781
--- /dev/null
+++ b/src/com/android/settings/applications/AswAppInfoFragment.java
@@ -0,0 +1,228 @@
+package com.android.settings.applications;
+
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.GosPackageState;
+import android.ext.settings.app.AppSwitch;
+import android.os.Bundle;
+
+import androidx.annotation.Nullable;
+
+import com.android.settings.R;
+import com.android.settings.applications.appinfo.RadioButtonAppInfoFragment;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public abstract class AswAppInfoFragment<T extends AppSwitch>
+        extends RadioButtonAppInfoFragment {
+
+    protected static final int ID_DEFAULT = 0;
+    protected static final int ID_ON = 1;
+    protected static final int ID_OFF = 2;
+
+    public abstract AswAdapter<T> getAswAdapter();
+
+    protected AswAdapter<T> adapter;
+    private final ArrayList<PrefModel> extraPrefs = new ArrayList<>();
+    @Nullable
+    private TogglePrefModel notifTogglePref;
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        adapter = getAswAdapter();
+        super.onCreate(savedInstanceState);
+
+        if (adapter.getAppSwitch().hasNotification()) {
+            Context ctx = requireContext();
+            var p = new TogglePrefModel();
+            p.title = adapter.getNotificationToggleTitle(ctx);
+            p.summary = adapter.getNotificationToggleSummary(ctx);
+            p.onChangeListener = (pref, state) -> {
+                var ed = GosPackageState.edit(mPackageName, mUserId);
+                adapter.getAppSwitch().setNotificationEnabled(ed, (boolean) state);
+                return ed.apply();
+            };
+            extraPrefs.add(p);
+            notifTogglePref = p;
+        }
+        {
+            var p = new LinkPrefModel();
+            p.title = getText(R.string.default_see_all_apps_title);
+            p.onClick = () -> adapter.openAppListPage(requireContext());
+            extraPrefs.add(p);
+        }
+    }
+
+    @Override
+    protected CharSequence getTitle() {
+        return adapter.getAswTitle(requireContext());
+    }
+
+    @Override
+    public Entry[] getEntries() {
+        Context ctx = requireContext();
+        AppSwitch asw = adapter.getAppSwitch();
+
+        int userId = mUserId;
+        GosPackageState ps = GosPackageState.get(mPackageName, userId);
+        ApplicationInfo appInfo = getAppInfo();
+        var si = new AppSwitch.StateInfo();
+        boolean state = asw.get(ctx, userId, appInfo, ps, si);
+
+        boolean isDefault = si.isUsingDefaultValue();
+        boolean isImmutable = si.isImmutable();
+
+        var defaultSi = new AppSwitch.StateInfo();
+        boolean defaultValue = asw.getDefaultValue(ctx, userId, appInfo, ps, defaultSi);
+
+        var def = createEntry(ID_DEFAULT, adapter.getDefaultTitle(ctx, defaultValue));
+        def.isChecked = isDefault;
+        def.isEnabled = !isImmutable;
+        if (def.isEnabled) {
+            int dvr = defaultSi.getDefaultValueReason();
+            CharSequence summary = getSummaryForDefaultValueReason(dvr);
+            if (summary == null) {
+                summary = switch (dvr) {
+                    case AppSwitch.DVR_DEFAULT_SETTING -> {
+                        if (!ctx.getUser().isSystem()) {
+                            yield null;
+                        }
+                        yield getString(R.string.aep_dvr_default_security_setting,
+                                getAppDefaultSettingPathForCategory(adapter.getCategory()));
+                    }
+                    case AppSwitch.DVR_APP_COMPAT_CONFIG_HARDENING_OPT_IN ->
+                        getText(R.string.aep_dvr_compat_config_hardening_opt_in);
+                    case AppSwitch.DVR_APP_COMPAT_CONFIG_HARDENING_OPT_OUT -> {
+                        if (!ctx.getUser().isSystem()) {
+                            yield null;
+                        }
+                        var s = defaultValue ? adapter.getOnTitle(ctx) : adapter.getOffTitle(ctx);
+                        yield getString(R.string.aep_dvr_compat_config_hardening_opt_out,
+                                s.toString(), getSettingPath(R.string.safety_center_title,
+                                                  R.string.more_security_privacy_settings));
+                    }
+                    case AppSwitch.DVR_APP_IS_CLIENT_OF_GMSCORE -> {
+                        var s = defaultValue ? adapter.getOnTitle(ctx) : adapter.getOffTitle(ctx);
+                        yield getString(R.string.aep_dvr_app_is_client_of_gmscore, s.toString());
+                    }
+                    default -> null;
+                };
+            }
+            def.summary = summary;
+        }
+
+        var enabled = createEntry(ID_ON, adapter.getOnTitle(ctx));
+        enabled.isChecked = !isDefault && state;
+        enabled.isEnabled = enabled.isChecked || !isImmutable;
+
+        var disabled = createEntry(ID_OFF, adapter.getOffTitle(ctx));
+        disabled.isChecked = !isDefault && !state;
+        disabled.isEnabled = disabled.isChecked || !isImmutable;
+
+        if (isImmutable) {
+            int immutabilityReason = si.getImmutabilityReason();
+            CharSequence summary = getSummaryForImmutabilityReason(immutabilityReason);
+            if (summary == null) {
+                if (immutabilityReason == AppSwitch.IR_EXPLOIT_PROTECTION_COMPAT_MODE) {
+                    summary = getString(R.string.aep_ir_exploit_protection_compat_mode,
+                            getString(R.string.aep_compat_mode_title));
+                }
+            }
+            if (enabled.isChecked) {
+                enabled.summary = summary;
+            }
+            if (disabled.isChecked) {
+                disabled.summary = summary;
+            }
+        }
+
+        if (notifTogglePref != null) {
+            notifTogglePref.isChecked = adapter.getAppSwitch().isNotificationEnabled(ps);
+            notifTogglePref.isEnabled = state;
+        }
+
+        return new Entry[] { def, enabled, disabled };
+    }
+
+    private String getAppDefaultSettingPathForCategory(AswAdapter.Category category) {
+        switch (category) {
+            case ExploitProtection:
+                return getSettingPath(R.string.safety_center_title, R.string.exploit_protection_settings);
+            default:
+                throw new IllegalArgumentException(category.toString());
+        }
+    }
+
+    private String getSettingPath(int... parts) {
+        var sb = new StringBuilder();
+        for (int i = 0; i < parts.length; ++i) {
+            if (i != 0) {
+                sb.append(" > ");
+            }
+            sb.append(getString(parts[i]));
+        }
+        return sb.toString();
+    }
+
+    @Nullable
+    protected CharSequence getSummaryForDefaultValueReason(int dvr) {
+        return null;
+    }
+
+    @Nullable
+    protected CharSequence getSummaryForImmutabilityReason(int ir) {
+        return null;
+    }
+
+    @Override
+    protected List<PrefModel> getExtraPrefModels() {
+        return extraPrefs;
+    }
+
+    @Override
+    public final void onEntrySelected(int id) {
+        Context ctx = requireContext();
+        AppSwitch asw = adapter.getAppSwitch();
+        int userId = mUserId;
+        String pkgName = mPackageName;
+        GosPackageState ps = GosPackageState.get(pkgName, userId);
+        ApplicationInfo appInfo = getAppInfo();
+
+        boolean isImmutable = asw.isImmutable(ctx, userId, appInfo, ps);
+
+        if (isImmutable) {
+            return;
+        }
+
+        Runnable r = () -> {
+            GosPackageState.Editor ed = GosPackageState.edit(pkgName, userId);
+
+            switch (id) {
+                case ID_DEFAULT -> asw.setUseDefaultValue(ed);
+                case ID_ON, ID_OFF -> asw.set(ed, id == ID_ON);
+                default -> throw new IllegalStateException();
+            }
+
+            ed.setKillUidAfterApply(shouldKillUidAfterChange());
+
+            if (!ed.apply()) {
+                finish();
+            }
+
+            if (!refreshUi()) {
+                setIntentAndFinish(true);
+            }
+        };
+
+        completeStateChange(id, asw.get(ctx, userId, appInfo, ps), r);
+    }
+
+    protected void completeStateChange(int newEntryId, boolean curValue, Runnable stateChangeAction) {
+        stateChangeAction.run();
+    }
+
+    protected boolean shouldKillUidAfterChange() {
+        return true;
+    }
+}
diff --git a/src/com/android/settings/applications/AswAppListPrefController.java b/src/com/android/settings/applications/AswAppListPrefController.java
new file mode 100644
index 00000000000..c6d9fa7260a
--- /dev/null
+++ b/src/com/android/settings/applications/AswAppListPrefController.java
@@ -0,0 +1,27 @@
+package com.android.settings.applications;
+
+import android.content.Context;
+
+import androidx.preference.Preference;
+
+import com.android.settings.applications.AswAdapter;
+import com.android.settings.core.BasePreferenceController;
+
+public abstract class AswAppListPrefController extends BasePreferenceController {
+
+    protected final AswAdapter aswAdapter;
+
+    public AswAppListPrefController(Context context, String preferenceKey, AswAdapter adapter) {
+        super(context, preferenceKey);
+        aswAdapter = adapter;
+    }
+
+    @Override
+    public boolean handlePreferenceTreeClick(Preference preference) {
+        if (!getPreferenceKey().equals(preference.getKey())) {
+            return false;
+        }
+        aswAdapter.openAppListPage(preference.getContext());
+        return true;
+    }
+}
diff --git a/src/com/android/settings/applications/AswExploitProtectionFragment.java b/src/com/android/settings/applications/AswExploitProtectionFragment.java
new file mode 100644
index 00000000000..19d0a470433
--- /dev/null
+++ b/src/com/android/settings/applications/AswExploitProtectionFragment.java
@@ -0,0 +1,44 @@
+package com.android.settings.applications;
+
+import android.content.Context;
+import android.content.pm.GosPackageState;
+import android.ext.settings.app.AppSwitch;
+
+import androidx.appcompat.app.AlertDialog;
+
+import com.android.settings.R;
+
+public abstract class AswExploitProtectionFragment<T extends AppSwitch> extends AswAppInfoFragment<T> {
+
+    @Override
+    protected void completeStateChange(int newEntryId, boolean curValue, Runnable stateChangeAction) {
+        Context ctx = requireContext();
+
+        boolean showWarning = false;
+        if (curValue) {
+            if (newEntryId == ID_OFF) {
+                showWarning = true;
+            } else if (newEntryId == ID_DEFAULT) {
+                AppSwitch asw = adapter.getAppSwitch();
+                int userId = mUserId;
+                var ps = GosPackageState.get(mPackageName, userId);
+                showWarning = !asw.getDefaultValue(ctx, userId, getAppInfo(), ps);
+            }
+        }
+        if (showWarning) {
+            var d = getExploitProtectionWarningOnDisable(ctx, stateChangeAction);
+            d.show();
+        } else {
+            stateChangeAction.run();
+        }
+    }
+
+    public static AlertDialog.Builder getExploitProtectionWarningOnDisable(Context ctx, Runnable action) {
+        var b = new AlertDialog.Builder(ctx);
+        b.setTitle(R.string.aep_confirm_disable_title);
+        b.setMessage(R.string.aep_confirm_disable_warning_msg);
+        b.setNegativeButton(R.string.cancel, null);
+        b.setPositiveButton(R.string.aep_confirm_disable_proceed_btn, (d, w) -> action.run());
+        return b;
+    }
+}
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index cfe8f368bf5..7431e928e0a 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -45,6 +45,7 @@ import com.android.settings.spa.app.specialaccess.ModifySystemSettingsAppListPro
 import com.android.settings.spa.app.specialaccess.PictureInPictureListProvider
 import com.android.settings.spa.app.specialaccess.WriteSystemPreferencesAppListProvider
 import com.android.settingslib.spa.framework.common.SettingsPageProvider
+import com.android.settingslib.spa.framework.compose.LifecycleEffect
 import com.android.settingslib.spa.framework.compose.navigator
 import com.android.settingslib.spa.widget.scaffold.RegularScaffold
 import com.android.settingslib.spa.widget.ui.Category
@@ -122,6 +123,8 @@ object AppInfoSettingsProvider : SettingsPageProvider {
 
 @Composable
 private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
+    // needed to refresh AppSwitch items after returning from their fragments
+    LifecycleEffect(onStart = { check(packageInfoPresenter.manualRefreshFlow.tryEmit(Any())) })
     val packageInfoState = packageInfoPresenter.flow.collectAsStateWithLifecycle()
     val featureFlags: PmFeatureFlags = PmFeatureFlagsImpl()
     RegularScaffold(
diff --git a/src/com/android/settings/spa/app/appinfo/AswAppList.kt b/src/com/android/settings/spa/app/appinfo/AswAppList.kt
new file mode 100644
index 00000000000..c08586a7002
--- /dev/null
+++ b/src/com/android/settings/spa/app/appinfo/AswAppList.kt
@@ -0,0 +1,101 @@
+package com.android.settings.spa.app.appinfo
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.content.pm.GosPackageState
+import android.os.Bundle
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import com.android.settings.applications.AswAdapter
+import com.android.settingslib.spa.framework.common.SettingsPageProvider
+import com.android.settingslib.spa.framework.compose.rememberContext
+import com.android.settingslib.spa.framework.util.asyncFilter
+import com.android.settingslib.spa.framework.util.asyncMap
+import com.android.settingslib.spa.widget.ui.SpinnerOption
+import com.android.settingslib.spaprivileged.model.app.AppListModel
+import com.android.settingslib.spaprivileged.model.app.AppRecord
+import com.android.settingslib.spaprivileged.template.app.AppListItem
+import com.android.settingslib.spaprivileged.template.app.AppListItemModel
+import com.android.settingslib.spaprivileged.template.app.AppListPage
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.combine
+
+open class AswAppListPageProvider(val adapter: AswAdapter<*>) : SettingsPageProvider {
+    override val name = adapter.getAppListPageProviderName()
+
+    @Composable
+    override fun Page(arguments: Bundle?) {
+        AswAppListPage(adapter)
+    }
+}
+
+@Composable
+fun AswAppListPage(adapter: AswAdapter<*>) {
+    AppListPage(
+        title = rememberContext { ctx ->
+            adapter.getShortAswTitle(ctx).toString()
+        },
+        listModel = rememberContext { ctx ->
+            AswAppListModel(ctx, adapter)
+        },
+    )
+}
+
+class AppRecordImpl(override val app: ApplicationInfo, val gosPackageState: GosPackageState) : AppRecord
+
+class AswAppListModel(val ctx: Context, val adapter: AswAdapter<*>) : AppListModel<AppRecordImpl> {
+    companion object {
+        const val SPINNER_OPTION_OFF = 0
+        const val SPINNER_OPTION_ON = 1
+    }
+
+    override fun getSpinnerOptions(recordList: List<AppRecordImpl>): List<SpinnerOption> {
+        val options = ArrayList<SpinnerOption>(2)
+        options.add(SpinnerOption(SPINNER_OPTION_OFF, adapter.getOffTitle(ctx).toString()))
+        options.add(SpinnerOption(SPINNER_OPTION_ON, adapter.getOnTitle(ctx).toString()))
+        return options
+    }
+
+    override fun transform(
+        userIdFlow: Flow<Int>,
+        appListFlow: Flow<List<ApplicationInfo>>
+    ): Flow<List<AppRecordImpl>> {
+        return userIdFlow.combine(appListFlow) { userId, appList ->
+            appList.asyncMap { app ->
+                val gosPs = GosPackageState.get(app.packageName, userId)
+                if (adapter.shouldIncludeInAppListPage(app, gosPs)) {
+                    AppRecordImpl(app, GosPackageState.get(app.packageName, userId))
+                } else {
+                    null
+                }
+            }.filterNotNull()
+        }
+    }
+
+    override fun filter(
+        userIdFlow: Flow<Int>,
+        option: Int,
+        recordListFlow: Flow<List<AppRecordImpl>>
+    ): Flow<List<AppRecordImpl>> {
+        val appSwitch = adapter.getAppSwitch()
+        return userIdFlow.combine(recordListFlow) { userId, recordList ->
+            recordList.asyncFilter {
+                val value = appSwitch.get(ctx, userId, it.app, it.gosPackageState)
+                when (option) {
+                    SPINNER_OPTION_OFF -> !value
+                    SPINNER_OPTION_ON -> value
+                    else -> throw IllegalArgumentException(option.toString())
+                }
+            }
+        }
+    }
+
+    @Composable
+    override fun AppListItemModel<AppRecordImpl>.AppItem() {
+        val context = LocalContext.current
+        AppListItem(onClick = {
+            adapter.openAppPage(context, record.app)
+        })
+    }
+}
+
diff --git a/src/com/android/settings/spa/app/appinfo/AswPreference.kt b/src/com/android/settings/spa/app/appinfo/AswPreference.kt
new file mode 100644
index 00000000000..116fa047025
--- /dev/null
+++ b/src/com/android/settings/spa/app/appinfo/AswPreference.kt
@@ -0,0 +1,27 @@
+package com.android.settings.spa.app.appinfo
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.app.AppSwitch
+import androidx.compose.runtime.Composable
+import com.android.settings.applications.AswAdapter
+import com.android.settingslib.spa.widget.preference.Preference
+import com.android.settingslib.spa.widget.preference.PreferenceModel
+import com.android.settingslib.spaprivileged.model.app.installed
+
+@Composable
+fun AswPreference(context: Context, app: ApplicationInfo, adapter: AswAdapter<out AppSwitch>) {
+    if (!app.installed) {
+        return
+    }
+
+    Preference(object : PreferenceModel {
+        override val title = adapter.getAswTitle(context).toString()
+        override val summary = {
+            adapter.getPreferenceSummary(context, app).toString()
+        }
+        override val onClick = {
+            adapter.openAppPage(context, app)
+        }
+    })
+}
diff --git a/src/com/android/settings/spa/app/appinfo/PackageInfoPresenter.kt b/src/com/android/settings/spa/app/appinfo/PackageInfoPresenter.kt
index 36fe93e2f27..dc650d78883 100644
--- a/src/com/android/settings/spa/app/appinfo/PackageInfoPresenter.kt
+++ b/src/com/android/settings/spa/app/appinfo/PackageInfoPresenter.kt
@@ -44,6 +44,7 @@ import com.android.settingslib.spaprivileged.model.app.IPackageManagers
 import com.android.settingslib.spaprivileged.model.app.PackageManagers
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.SharingStarted
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.flow.filter
@@ -96,7 +97,9 @@ class PackageInfoPresenter(
         intent.action != Intent.ACTION_PACKAGE_REMOVED ||
             intent.getBooleanExtra(Intent.EXTRA_ARCHIVAL, false)
 
-    val flow: StateFlow<PackageInfo?> = merge(flowOf(null), appChangeFlow)
+    val manualRefreshFlow = MutableStateFlow<Any?>(null)
+
+    val flow: StateFlow<PackageInfo?> = merge(flowOf(null), appChangeFlow, manualRefreshFlow)
         .map { getPackageInfo() }
         .stateIn(coroutineScope + Dispatchers.Default, SharingStarted.Eagerly, null)
 

From add8c066cb00853ff3ec1c031f1897d34b545f6e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 2 Mar 2024 12:09:48 +0200
Subject: [PATCH 037/117] add "Exploit protection" category to App info

---
 src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 7431e928e0a..0e84f1b30d7 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -178,6 +178,9 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             Enable16KbAppCompatPreference(app)
         }
 
+        Category(title = stringResource(R.string.exploit_protection_category_title)) {
+        }
+
         Category(title = stringResource(R.string.app_install_details_group_title)) {
             AppInstallerInfoPreference(app)
         }

From 01e7747eae11abed94245dad4d8a570ae115d699 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 26 Sep 2023 10:34:50 +0300
Subject: [PATCH 038/117] add per-app setting for exploit protection
 compatibility mode

---
 res/values/strings_app_exploit_protection.xml |  1 +
 ...oitProtectionCompatModeSwitchPreference.kt | 59 +++++++++++++++++++
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 3 files changed, 61 insertions(+)
 create mode 100644 src/com/android/settings/spa/app/appinfo/AppExploitProtectionCompatModeSwitchPreference.kt

diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index 5081ee0a037..ed4eef3ab79 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -34,4 +34,5 @@ This behavior can be disabled in the %2$s section.</string>
     <string name="aep_ir_exploit_protection_compat_mode">%1$s is enabled</string>
 
     <string name="aep_compat_mode_title">Exploit protection compatibility mode</string>
+    <string name="aep_compat_mode_summary">Improves compatibility by disabling some of the GrapheneOS exploit protections for this app</string>
 </resources>
diff --git a/src/com/android/settings/spa/app/appinfo/AppExploitProtectionCompatModeSwitchPreference.kt b/src/com/android/settings/spa/app/appinfo/AppExploitProtectionCompatModeSwitchPreference.kt
new file mode 100644
index 00000000000..daf3ace3dba
--- /dev/null
+++ b/src/com/android/settings/spa/app/appinfo/AppExploitProtectionCompatModeSwitchPreference.kt
@@ -0,0 +1,59 @@
+package com.android.settings.spa.app.appinfo
+
+import android.content.pm.ApplicationInfo
+import android.content.pm.GosPackageState
+import android.content.pm.GosPackageStateFlag
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.res.stringResource
+import com.android.settings.R
+import com.android.settings.applications.AswExploitProtectionFragment
+import com.android.settingslib.spa.widget.preference.SwitchPreference
+import com.android.settingslib.spa.widget.preference.SwitchPreferenceModel
+import com.android.settingslib.spaprivileged.model.app.installed
+import com.android.settingslib.spaprivileged.model.app.userId
+
+@Composable
+fun AppExploitProtectionCompatModeSwitchPreference(app: ApplicationInfo,
+                                                   packageInfoPresenter: PackageInfoPresenter) {
+    if (app.isSystemApp || !app.installed) {
+        return
+    }
+
+    val context = LocalContext.current
+    val pkgName = app.packageName
+    val userId = app.userId
+    val psFlag = GosPackageStateFlag.ENABLE_EXPLOIT_PROTECTION_COMPAT_MODE
+
+    SwitchPreference(object : SwitchPreferenceModel {
+        override val title = stringResource(R.string.aep_compat_mode_title)
+        override val summary = {
+            context.getString(R.string.aep_compat_mode_summary)
+        }
+
+        override val checked = {
+            GosPackageState.get(pkgName, userId).hasFlag(psFlag)
+        }
+
+        override val onCheckedChange = { newChecked: Boolean ->
+            val action = Runnable {
+                GosPackageState.edit(pkgName, userId).run {
+                    setFlagState(psFlag, newChecked)
+                    killUidAfterApply()
+                    if (apply()) {
+                        // needed to recompose other exploit protection settings
+                        check(packageInfoPresenter.manualRefreshFlow.tryEmit(Any()))
+                    }
+                }
+            }
+
+            if (newChecked) {
+                val d = AswExploitProtectionFragment.getExploitProtectionWarningOnDisable(context, action)
+                d.show()
+            } else {
+                action.run()
+            }
+            Unit
+        }
+    })
+}
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 0e84f1b30d7..8f508b9f4ad 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -179,6 +179,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
         }
 
         Category(title = stringResource(R.string.exploit_protection_category_title)) {
+            AppExploitProtectionCompatModeSwitchPreference(app, packageInfoPresenter)
         }
 
         Category(title = stringResource(R.string.app_install_details_group_title)) {

From 369728ef8600d1c6496f397fba1f90fee4b8867c Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 7 Oct 2023 21:28:08 +0300
Subject: [PATCH 039/117] add toggle for automatic exploit protection
 compatibility mode

---
 res/values/strings_ext.xml                 | 6 ++++++
 res/xml/more_security_privacy_settings.xml | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 609768d5c21..8e073138a9f 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -117,6 +117,12 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     <!-- Title of preference to enable running in background [CHAR LIMIT=40] -->
     <string name="user_run_in_background">Allow running in background</string>
 
+    <string name="allow_automatic_per_app_epcm_title">Automatic exploit protection compatibility mode</string>
+
+    <string name="allow_automatic_per_app_epcm_summary">
+"Allow automatically disabling exploit protections for apps that are known to need it"
+    </string>
+
     <string name="app_exploit_protection_default_value_warning">"Warning: enabling this setting might cause some apps to stop working.</string>
 
 </resources>
diff --git a/res/xml/more_security_privacy_settings.xml b/res/xml/more_security_privacy_settings.xml
index c1b98843a45..99a56dd9ef1 100644
--- a/res/xml/more_security_privacy_settings.xml
+++ b/res/xml/more_security_privacy_settings.xml
@@ -237,6 +237,13 @@
         settings:keywords="@string/keywords_app_pinning"
         settings:controller="com.android.settings.security.ScreenPinningPreferenceController" />
 
+    <SwitchPreferenceCompat
+        android:order="282"
+        android:key="allow_automatic_per_app_epcm"
+        android:title="@string/allow_automatic_per_app_epcm_title"
+        android:summary="@string/allow_automatic_per_app_epcm_summary"
+        settings:boolSettingField="android.ext.settings.ExtSettings ALLOW_DISABLING_HARDENING_VIA_APP_COMPAT_CONFIG" />
+
     <Preference
         android:order="300"
         android:id="@+id/memtag_page"

From 4a19d191bee2363e14ffde714e2d7703387abdf1 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 16 Nov 2023 17:23:47 +0200
Subject: [PATCH 040/117] add per-app setting for hardened_malloc

---
 AndroidManifest.xml                           | 18 +++++++
 res/values/strings_app_exploit_protection.xml |  8 +++
 res/xml/exploit_protection_settings.xml       |  5 ++
 src/com/android/settings/Settings.java        |  2 +
 .../applications/AppHardenedMalloc.kt         | 54 +++++++++++++++++++
 .../core/gateway/SettingsGateway.java         |  1 +
 .../settings/spa/SettingsSpaEnvironment.kt    |  1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 8 files changed, 90 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppHardenedMalloc.kt

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 101e37fc778..18d64b27ab1 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5475,5 +5475,23 @@
         </activity>
 
         <!-- This is the longest AndroidManifest.xml ever. -->
+
+        <activity
+            android:name="Settings$AppHardenedMallocActivity"
+            android:permission="android.permission.WRITE_SECURE_SETTINGS"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="android.settings.OPEN_APP_HARDENED_MALLOC_SETTINGS" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="package" />
+            </intent-filter>
+
+            <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
+                android:value="com.android.settings.applications.AppHardenedMallocFragment"/>
+            <meta-data android:name="com.android.settings.HIGHLIGHT_MENU_KEY"
+                android:value="@string/menu_key_apps"/>
+        </activity>
+
     </application>
 </manifest>
diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index ed4eef3ab79..8581d72090b 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -35,4 +35,12 @@ This behavior can be disabled in the %2$s section.</string>
 
     <string name="aep_compat_mode_title">Exploit protection compatibility mode</string>
     <string name="aep_compat_mode_summary">Improves compatibility by disabling some of the GrapheneOS exploit protections for this app</string>
+
+    <string name="aep_hmalloc">Hardened memory allocator</string>
+    <string name="aep_hmalloc_footer">
+        Hardened memory allocator (hardened_malloc) provides substantial defenses against the most common classes of vulnerabilities (heap memory corruption) along with reducing the lifetime of sensitive data in memory.</string>
+    <string name="aep_hmalloc_ir_no_native_code">This app doesn’t have native code</string>
+    <string name="aep_hmalloc_ir_32_bit_native_code">This is a 32-bit app, hardened_malloc is 64-bit only</string>
+    <string name="aep_hmalloc_ir_preinstalled_app">hardened_malloc is not allowed to be disabled for a preinstalled app</string>
+    <string name="aep_hmalloc_ir_debuggable_app">This is a debuggable app, hardened_malloc can’t be disabled</string>
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index ada50481305..34d6ccf6cb4 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -24,6 +24,11 @@
         android:key="app_exploit_protection_settings"
         android:title="@string/app_exploit_protection_category">
 
+        <Preference
+            android:key="aep_h_malloc_app_list"
+            android:title="@string/aep_hmalloc"
+            settings:controller="com.android.settings.applications.HardenedMallocAppListPrefController" />
+
         <Preference
             android:key="exec_spawning"
             android:title="@string/exec_spawning_title"
diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
index 3af97f9c47a..a0d6b14d86a 100644
--- a/src/com/android/settings/Settings.java
+++ b/src/com/android/settings/Settings.java
@@ -523,5 +523,7 @@ public static class HearingDevicesActivity extends SettingsActivity { /* empty *
     public static class HearingDevicesPairingActivity extends SettingsActivity { /* empty */ }
     public static class ContactsStorageSettingsActivity extends SettingsActivity { /* empty */ }
 
+    public static class AppHardenedMallocActivity extends SettingsActivity {}
+
     public static class ExploitProtectionActivity extends SettingsActivity {}
 }
diff --git a/src/com/android/settings/applications/AppHardenedMalloc.kt b/src/com/android/settings/applications/AppHardenedMalloc.kt
new file mode 100644
index 00000000000..aac49534220
--- /dev/null
+++ b/src/com/android/settings/applications/AppHardenedMalloc.kt
@@ -0,0 +1,54 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.app.AppSwitch
+import android.ext.settings.app.AswUseHardenedMalloc
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import com.android.settings.R
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.widget.FooterPreference
+
+object AswAdapterUseHardenedMalloc : AswAdapter<AswUseHardenedMalloc>() {
+
+    override fun getAppSwitch() = AswUseHardenedMalloc.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.aep_hmalloc)
+
+    override fun getDetailFragmentClass() = AppHardenedMallocFragment::class
+}
+
+@Composable
+fun AppHardenedMallocPreference(app: ApplicationInfo) {
+    val context = LocalContext.current
+    AswPreference(context, app, AswAdapterUseHardenedMalloc)
+}
+
+class AppHardenedMallocFragment : AswExploitProtectionFragment<AswUseHardenedMalloc>() {
+
+    override fun getAswAdapter() = AswAdapterUseHardenedMalloc
+
+    override fun getSummaryForImmutabilityReason(ir: Int): CharSequence? {
+        val id = when (ir) {
+            AppSwitch.IR_IS_SYSTEM_APP -> R.string.aep_hmalloc_ir_preinstalled_app
+            AppSwitch.IR_NO_NATIVE_CODE -> R.string.aep_hmalloc_ir_no_native_code
+            AppSwitch.IR_NON_64_BIT_NATIVE_CODE -> R.string.aep_hmalloc_ir_32_bit_native_code
+            AppSwitch.IR_IS_DEBUGGABLE_APP -> R.string.aep_hmalloc_ir_debuggable_app
+            else -> return null
+        }
+        return getText(id)
+    }
+
+    override fun updateFooter(fp: FooterPreference) {
+        fp.setTitle(R.string.aep_hmalloc_footer)
+        setLearnMoreLink(fp, "https://grapheneos.org/features#exploit-mitigations")
+    }
+}
+
+
+class HardenedMallocAppListPrefController(context: Context, preferenceKey: String) :
+    AswAppListPrefController(context, preferenceKey, AswAdapterUseHardenedMalloc) {
+
+    override fun getAvailabilityStatus() = AVAILABLE
+}
diff --git a/src/com/android/settings/core/gateway/SettingsGateway.java b/src/com/android/settings/core/gateway/SettingsGateway.java
index 4dee4dc0301..348e8b9a708 100644
--- a/src/com/android/settings/core/gateway/SettingsGateway.java
+++ b/src/com/android/settings/core/gateway/SettingsGateway.java
@@ -218,6 +218,7 @@ public class SettingsGateway {
      * security exception if the fragment it needs to display is not in this list.
      */
     public static final String[] ENTRY_FRAGMENTS = {
+            com.android.settings.applications.AppHardenedMallocFragment.class.getName(),
             com.android.settings.safetycenter.ExploitProtectionFragment.class.getName(),
             AdvancedConnectedDeviceDashboardFragment.class.getName(),
             CreateShortcut.class.getName(),
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index 7702db6bcde..1dd6f84c662 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -102,6 +102,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
     open fun settingsPageProviders() = listOf(
         HomePageProvider,
         AppsMainPageProvider,
+        com.android.settings.applications.AswAdapterUseHardenedMalloc.makeAppListPageProvider(),
         AllAppListPageProvider,
         AppInfoSettingsProvider,
         SpecialAppAccessPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 8f508b9f4ad..0415c9c0392 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -180,6 +180,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
 
         Category(title = stringResource(R.string.exploit_protection_category_title)) {
             AppExploitProtectionCompatModeSwitchPreference(app, packageInfoPresenter)
+            com.android.settings.applications.AppHardenedMallocPreference(app)
         }
 
         Category(title = stringResource(R.string.app_install_details_group_title)) {

From 7d03c42ce7e3dec7a5b3c27524f66c632a718244 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 30 Aug 2024 16:23:56 +0300
Subject: [PATCH 041/117] add dev mode per-app setting for extended virtual
 address space

---
 res/values/strings_app_exploit_protection.xml |  5 ++
 res/xml/exploit_protection_settings.xml       |  5 ++
 .../applications/AppExtendedVaSpace.kt        | 58 +++++++++++++++++++
 .../settings/spa/SettingsSpaEnvironment.kt    |  1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 5 files changed, 70 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppExtendedVaSpace.kt

diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index 8581d72090b..d9d94fe5484 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -43,4 +43,9 @@ This behavior can be disabled in the %2$s section.</string>
     <string name="aep_hmalloc_ir_32_bit_native_code">This is a 32-bit app, hardened_malloc is 64-bit only</string>
     <string name="aep_hmalloc_ir_preinstalled_app">hardened_malloc is not allowed to be disabled for a preinstalled app</string>
     <string name="aep_hmalloc_ir_debuggable_app">This is a debuggable app, hardened_malloc can’t be disabled</string>
+
+    <string name="aep_ext_va_space">Extended virtual address space</string>
+    <string name="aep_ext_va_space_footer">Extends virtual address space from 39 to 48 bits, which significantly improves the address space layout randomization.</string>
+    <string name="aep_ext_va_space_ir_32_bit_native_code">Incompatible with 32-bit apps</string>
+    <string name="aep_ext_va_space_ir_hardened_malloc">Required by hardened_malloc</string>
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 34d6ccf6cb4..1068040a7a6 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -29,6 +29,11 @@
             android:title="@string/aep_hmalloc"
             settings:controller="com.android.settings.applications.HardenedMallocAppListPrefController" />
 
+        <Preference
+            android:key="aep_extended_va_space_app_list"
+            android:title="@string/aep_ext_va_space"
+            settings:controller="com.android.settings.applications.ExtendedVaSpaceAppListPrefController" />
+
         <Preference
             android:key="exec_spawning"
             android:title="@string/exec_spawning_title"
diff --git a/src/com/android/settings/applications/AppExtendedVaSpace.kt b/src/com/android/settings/applications/AppExtendedVaSpace.kt
new file mode 100644
index 00000000000..a44ca968cd6
--- /dev/null
+++ b/src/com/android/settings/applications/AppExtendedVaSpace.kt
@@ -0,0 +1,58 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.app.AppSwitch
+import android.ext.settings.app.AswUseExtendedVaSpace
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import com.android.settings.R
+import com.android.settings.core.BasePreferenceController
+import com.android.settings.ext.ExtSettingControllerHelper
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.widget.FooterPreference
+
+object AswAdapterUseExtendedVaSpace : AswAdapter<AswUseExtendedVaSpace>() {
+
+    override fun getAppSwitch() = AswUseExtendedVaSpace.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.aep_ext_va_space)
+
+    override fun getDetailFragmentClass() = AppExtendedVaSpaceFragment::class
+}
+
+@Composable
+fun AppExtendedVaSpacePreference(app: ApplicationInfo) {
+    val context = LocalContext.current
+    if (ExtSettingControllerHelper.getDevModeSettingAvailability(context) != BasePreferenceController.AVAILABLE) {
+        return
+    }
+
+    AswPreference(context, app, AswAdapterUseExtendedVaSpace)
+}
+
+class AppExtendedVaSpaceFragment : AswExploitProtectionFragment<AswUseExtendedVaSpace>() {
+
+    override fun getAswAdapter() = AswAdapterUseExtendedVaSpace
+
+    override fun getSummaryForImmutabilityReason(ir: Int): CharSequence? {
+        val id = when (ir) {
+            AppSwitch.IR_REQUIRED_BY_HARDENED_MALLOC -> R.string.aep_ext_va_space_ir_hardened_malloc
+            AppSwitch.IR_NON_64_BIT_NATIVE_CODE -> R.string.aep_ext_va_space_ir_32_bit_native_code
+            else -> return null
+        }
+        return getText(id)
+    }
+
+    override fun updateFooter(fp: FooterPreference) {
+        fp.setTitle(R.string.aep_ext_va_space_footer)
+    }
+}
+
+
+class ExtendedVaSpaceAppListPrefController(context: Context, preferenceKey: String) :
+    AswAppListPrefController(context, preferenceKey, AswAdapterUseExtendedVaSpace) {
+
+    override fun getAvailabilityStatus() = ExtSettingControllerHelper
+        .getDevModeSettingAvailability(mContext)
+}
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index 1dd6f84c662..e001c8b152a 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -103,6 +103,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
         HomePageProvider,
         AppsMainPageProvider,
         com.android.settings.applications.AswAdapterUseHardenedMalloc.makeAppListPageProvider(),
+        com.android.settings.applications.AswAdapterUseExtendedVaSpace.makeAppListPageProvider(),
         AllAppListPageProvider,
         AppInfoSettingsProvider,
         SpecialAppAccessPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 0415c9c0392..8954d4916da 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -181,6 +181,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
         Category(title = stringResource(R.string.exploit_protection_category_title)) {
             AppExploitProtectionCompatModeSwitchPreference(app, packageInfoPresenter)
             com.android.settings.applications.AppHardenedMallocPreference(app)
+            com.android.settings.applications.AppExtendedVaSpacePreference(app)
         }
 
         Category(title = stringResource(R.string.app_install_details_group_title)) {

From bfb388b04f8ded88e049b97cee3af630a5d03d6b Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 15 Nov 2023 13:51:07 +0200
Subject: [PATCH 042/117] add per-app setting for native debugging

---
 AndroidManifest.xml                           | 18 ++++
 res/values/strings_app_exploit_protection.xml |  8 ++
 res/xml/exploit_protection_settings.xml       | 11 +++
 src/com/android/settings/Settings.java        |  2 +
 .../applications/AppNativeDebugging.kt        | 94 +++++++++++++++++++
 .../core/gateway/SettingsGateway.java         |  1 +
 .../settings/spa/SettingsSpaEnvironment.kt    |  1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 8 files changed, 136 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppNativeDebugging.kt

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 18d64b27ab1..a7101324453 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5476,6 +5476,24 @@
 
         <!-- This is the longest AndroidManifest.xml ever. -->
 
+        <activity
+            android:name="Settings$AppNativeDebuggingActivity"
+            android:permission="android.permission.WRITE_SECURE_SETTINGS"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="android.settings.OPEN_APP_NATIVE_DEBUGGING_SETTINGS" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="package" />
+            </intent-filter>
+
+            <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
+                android:value="com.android.settings.applications.AppNativeDebuggingFragment"/>
+            <meta-data android:name="com.android.settings.HIGHLIGHT_MENU_KEY"
+                android:value="@string/menu_key_apps"/>
+        </activity>
+
+
         <activity
             android:name="Settings$AppHardenedMallocActivity"
             android:permission="android.permission.WRITE_SECURE_SETTINGS"
diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index d9d94fe5484..68e404594b6 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -48,4 +48,12 @@ This behavior can be disabled in the %2$s section.</string>
     <string name="aep_ext_va_space_footer">Extends virtual address space from 39 to 48 bits, which significantly improves the address space layout randomization.</string>
     <string name="aep_ext_va_space_ir_32_bit_native_code">Incompatible with 32-bit apps</string>
     <string name="aep_ext_va_space_ir_hardened_malloc">Required by hardened_malloc</string>
+
+    <string name="aep_native_debug_title">Native code debugging</string>
+    <string name="aep_native_debug_notif_toggle_title">Show notifications about blocked access attempts</string>
+    <string name="aep_native_debug_footer">
+Native code debugging (ptrace) slightly weakens the app sandbox. Some apps (most notably banking apps) use it as a tampering detection tool.
+    </string>
+    <string name="aep_native_debug_dvr_is_system_app">Native debugging is always blocked for preinstalled apps</string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 1068040a7a6..c56c38ef64c 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -34,6 +34,17 @@
             android:title="@string/aep_ext_va_space"
             settings:controller="com.android.settings.applications.ExtendedVaSpaceAppListPrefController" />
 
+        <Preference
+            android:key="aep_native_debugging"
+            android:title="@string/aep_native_debug_title"
+            android:fragment="com.android.settings.applications.AppDefaultNativeDebuggingFragment"
+            settings:controller="com.android.settings.applications.AppDefaultNativeDebuggingPrefController" />
+
+        <Preference
+            android:key="aep_native_debugging_app_list"
+            android:title="@string/aep_native_debug_title"
+            settings:controller="com.android.settings.applications.NativeDebuggingAppListPrefController" />
+
         <Preference
             android:key="exec_spawning"
             android:title="@string/exec_spawning_title"
diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
index a0d6b14d86a..b3b08a7e006 100644
--- a/src/com/android/settings/Settings.java
+++ b/src/com/android/settings/Settings.java
@@ -525,5 +525,7 @@ public static class ContactsStorageSettingsActivity extends SettingsActivity { /
 
     public static class AppHardenedMallocActivity extends SettingsActivity {}
 
+    public static class AppNativeDebuggingActivity extends SettingsActivity {}
+
     public static class ExploitProtectionActivity extends SettingsActivity {}
 }
diff --git a/src/com/android/settings/applications/AppNativeDebugging.kt b/src/com/android/settings/applications/AppNativeDebugging.kt
new file mode 100644
index 00000000000..52ab5b94c62
--- /dev/null
+++ b/src/com/android/settings/applications/AppNativeDebugging.kt
@@ -0,0 +1,94 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.BoolSetting
+import android.ext.settings.ExtSettings
+import android.ext.settings.app.AppSwitch
+import android.ext.settings.app.AswDenyNativeDebug
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.preference.PreferenceScreen
+import com.android.settings.R
+import com.android.settings.ext.AppPrefUtils
+import com.android.settings.ext.BoolSettingFragment
+import com.android.settings.ext.BoolSettingFragmentPrefController
+import com.android.settings.ext.ExtSettingControllerHelper
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.widget.FooterPreference
+
+object AswAdapterNativeDebugging : AswAdapter<AswDenyNativeDebug>() {
+
+    override fun getAppSwitch() = AswDenyNativeDebug.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.aep_native_debug_title)
+
+    override fun getOnTitle(ctx: Context) = ctx.getText(R.string.aep_blocked)
+    override fun getOffTitle(ctx: Context) = ctx.getText(R.string.aep_allowed)
+
+    override fun getNotificationToggleTitle(ctx: Context) = ctx.getText(R.string.aep_native_debug_notif_toggle_title)
+
+    override fun getDetailFragmentClass() = AppNativeDebuggingFragment::class
+}
+
+@Composable
+fun AppNativeDebuggingPreference(app: ApplicationInfo) {
+    val context = LocalContext.current
+    AswPreference(context, app, AswAdapterNativeDebugging)
+}
+
+class AppNativeDebuggingFragment : AswExploitProtectionFragment<AswDenyNativeDebug>() {
+
+    override fun getAswAdapter() = AswAdapterNativeDebugging
+
+    override fun getSummaryForImmutabilityReason(ir: Int): CharSequence? {
+        val id = when (ir) {
+            AppSwitch.IR_IS_SYSTEM_APP -> R.string.aep_native_debug_dvr_is_system_app
+            else -> return null
+        }
+        return getText(id)
+    }
+
+    override fun updateFooter(fp: FooterPreference) {
+        fp.setTitle(R.string.aep_native_debug_footer)
+    }
+}
+
+class AppDefaultNativeDebuggingPrefController(ctx: Context, key: String) :
+    BoolSettingFragmentPrefController(ctx, key, ExtSettings.ALLOW_NATIVE_DEBUG_BY_DEFAULT) {
+
+    override fun getSummary(): CharSequence {
+        return resText(if (setting.get(mContext)) R.string.aep_default_summary_allowed_for_3p_apps else R.string.aep_default_summary_blocked)
+    }
+}
+
+class AppDefaultNativeDebuggingFragment : BoolSettingFragment() {
+
+    override fun getSetting(): BoolSetting {
+        invertSetting = true
+        return ExtSettings.ALLOW_NATIVE_DEBUG_BY_DEFAULT
+    }
+
+    override fun getTitle() = getText(R.string.aep_native_debug_title)
+
+    override fun getMainSwitchTitle() = getText(R.string.aep_default_main_switch_block_for_3p_apps)
+
+    override fun addExtraPrefs(screen: PreferenceScreen) {
+        AswAdapterNativeDebugging.addAppListPageLink(screen)
+    }
+
+    override fun makeFooterPref(builder: FooterPreference.Builder): FooterPreference {
+        val text = AppPrefUtils.getFooterForDefaultHardeningSetting(
+            requireContext(),
+            R.string.aep_native_debug_footer
+        )
+        return builder.setTitle(text).build()
+    }
+}
+
+class NativeDebuggingAppListPrefController(context: Context, preferenceKey: String) :
+    AswAppListPrefController(context, preferenceKey, AswAdapterNativeDebugging) {
+
+    override fun getAvailabilityStatus() = ExtSettingControllerHelper
+        .getSecondaryUserOnlySettingAvailability(mContext)
+}
diff --git a/src/com/android/settings/core/gateway/SettingsGateway.java b/src/com/android/settings/core/gateway/SettingsGateway.java
index 348e8b9a708..c69e658103d 100644
--- a/src/com/android/settings/core/gateway/SettingsGateway.java
+++ b/src/com/android/settings/core/gateway/SettingsGateway.java
@@ -218,6 +218,7 @@ public class SettingsGateway {
      * security exception if the fragment it needs to display is not in this list.
      */
     public static final String[] ENTRY_FRAGMENTS = {
+            com.android.settings.applications.AppNativeDebuggingFragment.class.getName(),
             com.android.settings.applications.AppHardenedMallocFragment.class.getName(),
             com.android.settings.safetycenter.ExploitProtectionFragment.class.getName(),
             AdvancedConnectedDeviceDashboardFragment.class.getName(),
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index e001c8b152a..09c762f2fc5 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -104,6 +104,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
         AppsMainPageProvider,
         com.android.settings.applications.AswAdapterUseHardenedMalloc.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterUseExtendedVaSpace.makeAppListPageProvider(),
+        com.android.settings.applications.AswAdapterNativeDebugging.makeAppListPageProvider(),
         AllAppListPageProvider,
         AppInfoSettingsProvider,
         SpecialAppAccessPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 8954d4916da..cce2f233c69 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -182,6 +182,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             AppExploitProtectionCompatModeSwitchPreference(app, packageInfoPresenter)
             com.android.settings.applications.AppHardenedMallocPreference(app)
             com.android.settings.applications.AppExtendedVaSpacePreference(app)
+            com.android.settings.applications.AppNativeDebuggingPreference(app)
         }
 
         Category(title = stringResource(R.string.app_install_details_group_title)) {

From 11098703569d852dc837cdb3d5ff806c572d6f87 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 30 Aug 2024 16:25:59 +0300
Subject: [PATCH 043/117] add per-app setting for memory tagging

---
 AndroidManifest.xml                           |  16 +++
 res/values/strings_app_exploit_protection.xml |  18 +++
 res/xml/exploit_protection_settings.xml       |  11 ++
 src/com/android/settings/Settings.java        |   2 +
 .../settings/applications/AppMemoryTagging.kt | 111 ++++++++++++++++++
 .../core/gateway/SettingsGateway.java         |   1 +
 .../settings/spa/SettingsSpaEnvironment.kt    |   1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |   1 +
 8 files changed, 161 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppMemoryTagging.kt

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index a7101324453..1e39f370ab0 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5493,6 +5493,22 @@
                 android:value="@string/menu_key_apps"/>
         </activity>
 
+        <activity
+            android:name="Settings$AppMemtagActivity"
+            android:permission="android.permission.WRITE_SECURE_SETTINGS"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="android.settings.OPEN_APP_MEMTAG_SETTINGS" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="package" />
+            </intent-filter>
+
+            <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
+                android:value="com.android.settings.applications.AppMemtagFragment"/>
+            <meta-data android:name="com.android.settings.HIGHLIGHT_MENU_KEY"
+                android:value="@string/menu_key_apps"/>
+        </activity>
 
         <activity
             android:name="Settings$AppHardenedMallocActivity"
diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index 68e404594b6..bd5777efb49 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -56,4 +56,22 @@ Native code debugging (ptrace) slightly weakens the app sandbox. Some apps (most
     </string>
     <string name="aep_native_debug_dvr_is_system_app">Native debugging is always blocked for preinstalled apps</string>
 
+    <string name="aep_memtag">Memory tagging</string>
+    <string name="aep_memtag_notif_toggle_time">Show notifications about detected errors</string>
+    <string name="aep_memtag_footer">Memory tagging provides strong protections against exploitation of heap memory bugs (e.g. use-after-free, buffer overflow).</string>
+    <string name="aep_memtag_dvr_is_system_app">Memory tagging is always enabled for preinstalled apps</string>
+    <string name="aep_memtag_dvr_no_native_code">Memory tagging is always enabled for apps that don’t have native code</string>
+    <string name="aep_memtag_dvr_manifest_opt_in">This app has opted-in to memory tagging</string>
+
+    <string name="aep_default_memtag_main_switch_title">Enable by default</string>
+    <string name="aep_default_memtag_main_switch_summary">
+        This setting doesn’t apply to apps that are known to be compatible with memory tagging</string>
+    <string name="aep_default_memtag_footer">"Memory tagging provides strong protections against exploitation of heap memory bugs (e.g. use-after-free, buffer overflow).
+
+Memory tagging is always enabled for preinstalled apps and for third-party apps that are known to be
+compatible with it (e.g. apps that don’t have native code), regardless of this setting."</string>
+    <string name="aep_default_memtag_summary_on">Enabled by default</string>
+    <string name="aep_default_memtag_summary_off">
+        Disabled by default, except for apps that are known to be compatible with memory tagging</string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index c56c38ef64c..d2ed9ca38c0 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -29,6 +29,17 @@
             android:title="@string/aep_hmalloc"
             settings:controller="com.android.settings.applications.HardenedMallocAppListPrefController" />
 
+        <Preference
+            android:key="aep_memtag"
+            android:title="@string/aep_memtag"
+            android:fragment="com.android.settings.applications.AppDefaultMemtagFragment"
+            settings:controller="com.android.settings.applications.AppDefaultMemtagPrefController" />
+
+        <Preference
+            android:key="aep_memtag_app_list"
+            android:title="@string/aep_memtag"
+            settings:controller="com.android.settings.applications.MemtagAppListPrefController" />
+
         <Preference
             android:key="aep_extended_va_space_app_list"
             android:title="@string/aep_ext_va_space"
diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
index b3b08a7e006..fa6e1115711 100644
--- a/src/com/android/settings/Settings.java
+++ b/src/com/android/settings/Settings.java
@@ -523,6 +523,8 @@ public static class HearingDevicesActivity extends SettingsActivity { /* empty *
     public static class HearingDevicesPairingActivity extends SettingsActivity { /* empty */ }
     public static class ContactsStorageSettingsActivity extends SettingsActivity { /* empty */ }
 
+    public static class AppMemtagActivity extends SettingsActivity {}
+
     public static class AppHardenedMallocActivity extends SettingsActivity {}
 
     public static class AppNativeDebuggingActivity extends SettingsActivity {}
diff --git a/src/com/android/settings/applications/AppMemoryTagging.kt b/src/com/android/settings/applications/AppMemoryTagging.kt
new file mode 100644
index 00000000000..20ffbe0829e
--- /dev/null
+++ b/src/com/android/settings/applications/AppMemoryTagging.kt
@@ -0,0 +1,111 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.ExtSettings
+import android.ext.settings.app.AppSwitch
+import android.ext.settings.app.AswUseMemoryTagging
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.preference.PreferenceScreen
+import com.android.internal.os.Zygote
+import com.android.settings.R
+import com.android.settings.ext.AppPrefUtils
+import com.android.settings.ext.BoolSettingFragment
+import com.android.settings.ext.BoolSettingFragmentPrefController
+import com.android.settings.ext.ExtSettingControllerHelper
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.widget.FooterPreference
+
+object AswAdapterUseMemoryTagging : AswAdapter<AswUseMemoryTagging>() {
+
+    override fun getAppSwitch() = AswUseMemoryTagging.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.aep_memtag)
+
+    override fun getNotificationToggleTitle(ctx: Context) = ctx.getText(R.string.aep_memtag_notif_toggle_time)
+
+    override fun getDetailFragmentClass() = AppMemtagFragment::class
+}
+
+private val isMemoryTaggingSupported = Zygote.nativeSupportsMemoryTagging()
+
+@Composable
+fun AppMemtagPreference(app: ApplicationInfo) {
+    if (!isMemoryTaggingSupported) {
+        return
+    }
+
+    val context = LocalContext.current
+    AswPreference(context, app, AswAdapterUseMemoryTagging)
+}
+
+class AppMemtagFragment : AswExploitProtectionFragment<AswUseMemoryTagging>() {
+
+    override fun getAswAdapter() = AswAdapterUseMemoryTagging
+
+    override fun getSummaryForImmutabilityReason(ir: Int): CharSequence? {
+        val id = when (ir) {
+            AppSwitch.IR_IS_SYSTEM_APP -> R.string.aep_memtag_dvr_is_system_app
+            AppSwitch.IR_NO_NATIVE_CODE -> R.string.aep_memtag_dvr_no_native_code
+            AppSwitch.IR_OPTED_IN_VIA_MANIFEST -> R.string.aep_memtag_dvr_manifest_opt_in
+            else -> return null
+        }
+        return getText(id)
+    }
+
+    override fun updateFooter(fp: FooterPreference) {
+        fp.setTitle(R.string.aep_memtag_footer)
+    }
+}
+
+class AppDefaultMemtagPrefController(ctx: Context, key: String) :
+    BoolSettingFragmentPrefController(ctx, key, ExtSettings.FORCE_APP_MEMTAG_BY_DEFAULT) {
+
+    private val isSupported = Zygote.nativeSupportsMemoryTagging()
+
+    override fun getAvailabilityStatus(): Int {
+        if (!isSupported) {
+            return UNSUPPORTED_ON_DEVICE
+        }
+
+        return super.getAvailabilityStatus()
+    }
+
+    override fun getSummaryOn() = resText(R.string.aep_default_memtag_summary_on)
+    override fun getSummaryOff() = resText(R.string.aep_default_memtag_summary_off)
+}
+
+class AppDefaultMemtagFragment : BoolSettingFragment() {
+
+    override fun getSetting() = ExtSettings.FORCE_APP_MEMTAG_BY_DEFAULT
+
+    override fun getTitle() = resText(R.string.aep_memtag)
+
+    override fun getMainSwitchTitle() = resText(R.string.aep_default_memtag_main_switch_title)
+    override fun getMainSwitchSummary() = resText(R.string.aep_default_memtag_main_switch_summary)
+
+    override fun addExtraPrefs(screen: PreferenceScreen) {
+        AswAdapterUseMemoryTagging.addAppListPageLink(screen)
+    }
+
+    override fun makeFooterPref(builder: FooterPreference.Builder): FooterPreference {
+        val text = AppPrefUtils.getFooterForDefaultHardeningSetting(requireContext(),
+                R.string.aep_default_memtag_footer)
+        return builder.setTitle(text).build()
+    }
+}
+
+class MemtagAppListPrefController(context: Context, preferenceKey: String) :
+    AswAppListPrefController(context, preferenceKey, AswAdapterUseMemoryTagging) {
+
+    private val isSupported = Zygote.nativeSupportsMemoryTagging()
+
+    override fun getAvailabilityStatus(): Int {
+        if (!isSupported) {
+            return UNSUPPORTED_ON_DEVICE
+        }
+        return ExtSettingControllerHelper
+            .getSecondaryUserOnlySettingAvailability(mContext)
+    }
+}
diff --git a/src/com/android/settings/core/gateway/SettingsGateway.java b/src/com/android/settings/core/gateway/SettingsGateway.java
index c69e658103d..8ea84bc6ce2 100644
--- a/src/com/android/settings/core/gateway/SettingsGateway.java
+++ b/src/com/android/settings/core/gateway/SettingsGateway.java
@@ -219,6 +219,7 @@ public class SettingsGateway {
      */
     public static final String[] ENTRY_FRAGMENTS = {
             com.android.settings.applications.AppNativeDebuggingFragment.class.getName(),
+            com.android.settings.applications.AppMemtagFragment.class.getName(),
             com.android.settings.applications.AppHardenedMallocFragment.class.getName(),
             com.android.settings.safetycenter.ExploitProtectionFragment.class.getName(),
             AdvancedConnectedDeviceDashboardFragment.class.getName(),
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index 09c762f2fc5..f7c62225702 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -103,6 +103,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
         HomePageProvider,
         AppsMainPageProvider,
         com.android.settings.applications.AswAdapterUseHardenedMalloc.makeAppListPageProvider(),
+        com.android.settings.applications.AswAdapterUseMemoryTagging.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterUseExtendedVaSpace.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterNativeDebugging.makeAppListPageProvider(),
         AllAppListPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index cce2f233c69..a83b10e87dc 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -181,6 +181,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
         Category(title = stringResource(R.string.exploit_protection_category_title)) {
             AppExploitProtectionCompatModeSwitchPreference(app, packageInfoPresenter)
             com.android.settings.applications.AppHardenedMallocPreference(app)
+            com.android.settings.applications.AppMemtagPreference(app)
             com.android.settings.applications.AppExtendedVaSpacePreference(app)
             com.android.settings.applications.AppNativeDebuggingPreference(app)
         }

From 2df9027d970addda56605a949ab5d244c37b93c6 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Mon, 27 Nov 2023 21:47:26 +0200
Subject: [PATCH 044/117] add toggle for system process crash notifications

---
 res/values/strings_ext.xml                 | 3 +++
 res/xml/more_security_privacy_settings.xml | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 8e073138a9f..504fa032934 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -125,4 +125,7 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
 
     <string name="app_exploit_protection_default_value_warning">"Warning: enabling this setting might cause some apps to stop working.</string>
 
+    <string name="show_system_process_crash_notifs_title">Notify about system process crashes</string>
+    <string name="show_system_process_crash_notifs_summary">Such crashes may indicate exploitation attempts</string>
+
 </resources>
diff --git a/res/xml/more_security_privacy_settings.xml b/res/xml/more_security_privacy_settings.xml
index 99a56dd9ef1..3da6e0d25f0 100644
--- a/res/xml/more_security_privacy_settings.xml
+++ b/res/xml/more_security_privacy_settings.xml
@@ -237,6 +237,14 @@
         settings:keywords="@string/keywords_app_pinning"
         settings:controller="com.android.settings.security.ScreenPinningPreferenceController" />
 
+    <SwitchPreferenceCompat
+        android:order="281"
+        android:key="show_system_process_crash_notifs"
+        android:title="@string/show_system_process_crash_notifs_title"
+        android:summary="@string/show_system_process_crash_notifs_summary"
+        settings:boolSettingField=
+            "android.ext.settings.ExtSettings SHOW_SYSTEM_PROCESS_CRASH_NOTIFICATIONS" />
+
     <SwitchPreferenceCompat
         android:order="282"
         android:key="allow_automatic_per_app_epcm"

From d946d8e1f8ceb1f742dd9a018aca4d2a17da4744 Mon Sep 17 00:00:00 2001
From: maade69 <70593890+maade69@users.noreply.github.com>
Date: Fri, 29 Sep 2023 16:16:00 +0300
Subject: [PATCH 045/117] Widevine provisioning setting

Signed-off-by: maade69 <70593890+maade69@users.noreply.github.com>
---
 res/values/strings_ext.xml                    |  5 +++
 res/xml/network_provider_internet.xml         |  6 +++
 .../WidevineProvisioningPrefController.java   | 43 +++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 src/com/android/settings/network/WidevineProvisioningPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 504fa032934..f46dd322b70 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -104,6 +104,11 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     <string name="exec_spawning_title_inner">Use secure app spawning</string>
     <string name="exec_spawning_footer">Launch apps in a more secure way than Android which takes slightly longer and increases memory usage by app processes.</string>
 
+    <string name="widevine_provisioning_title">Widevine provisioning</string>
+    <string name="widevine_provisioning_enabled_grapheneos_proxy">GrapheneOS proxy</string>
+    <string name="widevine_provisioning_enabled_google_server">Google server</string>
+    <string name="widevine_provisioning_footer">The provisioned certificate will be used for accessing DRM protected content.</string>
+
     <!-- Title of preference to enable app installs and updates [CHAR LIMIT=40] -->
     <string name="user_app_install">App installs and updates</string>
     <!-- Options for setting app install and updates per user -->
diff --git a/res/xml/network_provider_internet.xml b/res/xml/network_provider_internet.xml
index b4becf7c709..594d307f83e 100644
--- a/res/xml/network_provider_internet.xml
+++ b/res/xml/network_provider_internet.xml
@@ -138,4 +138,10 @@
         android:title="@string/remote_provisioning_title"
         android:order="35"
         settings:controller="com.android.settings.network.RemoteProvisioningPrefController" />
+    
+    <Preference
+        android:key="widevine_provisioning_settings"
+        android:title="@string/widevine_provisioning_title"
+        android:order="40"
+        settings:controller="com.android.settings.network.WidevineProvisioningPrefController" />
 </PreferenceScreen>
diff --git a/src/com/android/settings/network/WidevineProvisioningPrefController.java b/src/com/android/settings/network/WidevineProvisioningPrefController.java
new file mode 100644
index 00000000000..09d62f012ac
--- /dev/null
+++ b/src/com/android/settings/network/WidevineProvisioningPrefController.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.network;
+
+import android.content.Context;
+import android.ext.settings.WidevineProvisioningSettings;
+
+import com.android.settings.R;
+import androidx.preference.PreferenceScreen;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+public class WidevineProvisioningPrefController extends IntSettingPrefController {
+
+    public WidevineProvisioningPrefController(Context ctx, String key) {
+        super(ctx, key, WidevineProvisioningSettings.SERVER_SETTING);
+    }
+
+    @Override
+    public void addPrefsAfterList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.widevine_provisioning_footer);
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        entries.add(R.string.widevine_provisioning_enabled_grapheneos_proxy, WidevineProvisioningSettings.WV_GRAPHENEOS_PROXY);
+        entries.add(R.string.widevine_provisioning_enabled_google_server, WidevineProvisioningSettings.WV_STANDARD_SERVER);
+    }
+}

From 8e1ca78c4e1589a9597949340e70a03158edfbc6 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Mon, 18 Dec 2023 15:38:16 +0200
Subject: [PATCH 046/117] remove confusing mention of Android Auto from
 "Connected devices" screen

---
 .../AdvancedConnectedDeviceController.java    | 10 +-------
 ...AdvancedConnectedDeviceControllerTest.java | 25 -------------------
 2 files changed, 1 insertion(+), 34 deletions(-)

diff --git a/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceController.java b/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceController.java
index 2855f0ab16a..2f7dd6ff789 100644
--- a/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceController.java
+++ b/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceController.java
@@ -34,7 +34,6 @@ public class AdvancedConnectedDeviceController extends BasePreferenceController
 
     private static final String DRIVING_MODE_SETTINGS_ENABLED =
             "gearhead:driving_mode_settings_enabled";
-    private static final String GEARHEAD_PACKAGE = "com.google.android.projection.gearhead";
 
     public AdvancedConnectedDeviceController(Context context, String preferenceKey) {
         super(context, preferenceKey);
@@ -59,7 +58,7 @@ public static int getConnectedDevicesSummaryResourceId(Context context) {
                 new NfcPreferenceController(context, NfcPreferenceController.KEY_TOGGLE_NFC);
 
         return getConnectedDevicesSummaryResourceId(nfcPreferenceController,
-                isDrivingModeAvailable(context), isAndroidAutoSettingAvailable(context));
+                isDrivingModeAvailable(context), false);
     }
 
     @VisibleForTesting
@@ -68,13 +67,6 @@ static boolean isDrivingModeAvailable(Context context) {
                 getInt(context.getContentResolver(), DRIVING_MODE_SETTINGS_ENABLED, 0) == 1;
     }
 
-    @VisibleForTesting
-    static boolean isAndroidAutoSettingAvailable(Context context) {
-        final Intent intent = new Intent(IA_SETTINGS_ACTION);
-        intent.setPackage(GEARHEAD_PACKAGE);
-        return intent.resolveActivity(context.getPackageManager()) != null;
-    }
-
     @VisibleForTesting
     static int getConnectedDevicesSummaryResourceId(NfcPreferenceController
             nfcPreferenceController,
diff --git a/tests/robotests/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceControllerTest.java b/tests/robotests/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceControllerTest.java
index 6ae670dc120..2af9242dab8 100644
--- a/tests/robotests/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceControllerTest.java
+++ b/tests/robotests/src/com/android/settings/connecteddevice/AdvancedConnectedDeviceControllerTest.java
@@ -99,31 +99,6 @@ public void isDrivingModeAvailable_returnFalse() {
             AdvancedConnectedDeviceController.isDrivingModeAvailable(mContext)).isFalse();
     }
 
-    @Test
-    public void isAndroidAutoSettingAvailable_returnTrue() {
-        final ApplicationInfo appInfo =
-                ApplicationInfoBuilder.newBuilder().setPackageName(ANDROID_AUTO_PACKAGE).build();
-        final ActivityInfo activityInfo = new ActivityInfo();
-        activityInfo.packageName = ANDROID_AUTO_PACKAGE;
-        activityInfo.name = ANDROID_AUTO_PACKAGE;
-        activityInfo.applicationInfo = appInfo;
-        final ResolveInfo resolveInfo = new ResolveInfo();
-        resolveInfo.activityInfo = activityInfo;
-        mShadowPackageManager.addResolveInfoForIntent(
-                buildAndroidAutoSettingsIntent(),
-                resolveInfo);
-
-        assertThat(
-            AdvancedConnectedDeviceController.isAndroidAutoSettingAvailable(mContext)).isTrue();
-    }
-
-    @Test
-    public void isAndroidAutoSettingAvailable_returnFalse() {
-        // No ResolveInfo for Android Auto, expect false.
-        assertThat(
-            AdvancedConnectedDeviceController.isAndroidAutoSettingAvailable(mContext)).isFalse();
-    }
-
     @Test
     public void getConnectedDevicesSummaryResourceId_NFCAndDrivingModeAvailable() {
         // NFC available, driving mode available

From 95cf901f4198cc4648cc500196f08965a64fb2d3 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 6 Jan 2024 19:37:47 +0200
Subject: [PATCH 047/117] add logcat viewer link to System settings

---
 AndroidManifest.xml                           |  1 +
 res/values/strings_ext.xml                    |  2 ++
 res/xml/system_dashboard_fragment.xml         |  7 ++++
 .../system/LogcatLinkPrefController.java      | 34 +++++++++++++++++++
 4 files changed, 44 insertions(+)
 create mode 100644 src/com/android/settings/system/LogcatLinkPrefController.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 1e39f370ab0..373fd205ee2 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -148,6 +148,7 @@
     <uses-permission android:name="android.permission.GET_BACKGROUND_INSTALLED_PACKAGES" />
     <uses-permission android:name="android.permission.SATELLITE_COMMUNICATION" />
     <uses-permission android:name="android.permission.READ_SYSTEM_GRAMMATICAL_GENDER" />
+    <uses-permission android:name="app.grapheneos.logviewer.SHOW_LOGCAT" />
 
     <application
             android:name=".SettingsApplication"
diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index f46dd322b70..a745a34ea95 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -133,4 +133,6 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     <string name="show_system_process_crash_notifs_title">Notify about system process crashes</string>
     <string name="show_system_process_crash_notifs_summary">Such crashes may indicate exploitation attempts</string>
 
+    <string name="view_logs">View logs</string>
+
 </resources>
diff --git a/res/xml/system_dashboard_fragment.xml b/res/xml/system_dashboard_fragment.xml
index 83cdf64fc00..60e4eaa220d 100644
--- a/res/xml/system_dashboard_fragment.xml
+++ b/res/xml/system_dashboard_fragment.xml
@@ -84,6 +84,13 @@
         <intent android:action="android.settings.SYSTEM_UPDATE_SETTINGS"/>
     </Preference>
 
+    <Preference
+        android:key="view_logs"
+        android:title="@string/view_logs"
+        android:icon="@drawable/ic_settings_development"
+        android:order="-39"
+        settings:controller="com.android.settings.system.LogcatLinkPrefController"/>
+
     <Preference
         android:key="system_multiuser"
         android:title="@string/user_settings_title"
diff --git a/src/com/android/settings/system/LogcatLinkPrefController.java b/src/com/android/settings/system/LogcatLinkPrefController.java
new file mode 100644
index 00000000000..e56f57dcd85
--- /dev/null
+++ b/src/com/android/settings/system/LogcatLinkPrefController.java
@@ -0,0 +1,34 @@
+package com.android.settings.system;
+
+import android.content.Context;
+import android.content.Intent;
+import android.ext.LogViewerApp;
+import android.text.TextUtils;
+
+import androidx.preference.Preference;
+
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.ext.ExtSettingControllerHelper;
+
+public class LogcatLinkPrefController extends BasePreferenceController {
+
+    public LogcatLinkPrefController(Context context, String preferenceKey) {
+        super(context, preferenceKey);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        return ExtSettingControllerHelper.getGlobalSettingAvailability(mContext);
+    }
+
+    @Override
+    public boolean handlePreferenceTreeClick(Preference preference) {
+        if (!TextUtils.equals(preference.getKey(), getPreferenceKey())) {
+            return false;
+        }
+
+        Intent i = LogViewerApp.getLogcatIntent();
+        mContext.startActivity(i);
+        return true;
+    }
+}

From b219be0d492a640369f8873aee677c16e0d36344 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 2 Mar 2024 11:25:46 +0200
Subject: [PATCH 048/117] add logcat viewer link to App info screen

---
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 .../spa/app/appinfo/AppLogcatPreference.kt    | 29 +++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 src/com/android/settings/spa/app/appinfo/AppLogcatPreference.kt

diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index a83b10e87dc..8162046c7df 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -160,6 +160,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             AppLocalePreference(app)
             AppOpenByDefaultPreference(app)
             DefaultAppShortcuts(app)
+            AppLogcatPreference(app)
         }
 
         Category(title = stringResource(R.string.unused_apps_category)) {
diff --git a/src/com/android/settings/spa/app/appinfo/AppLogcatPreference.kt b/src/com/android/settings/spa/app/appinfo/AppLogcatPreference.kt
new file mode 100644
index 00000000000..14e3c60b5e1
--- /dev/null
+++ b/src/com/android/settings/spa/app/appinfo/AppLogcatPreference.kt
@@ -0,0 +1,29 @@
+package com.android.settings.spa.app.appinfo
+
+import android.content.pm.ApplicationInfo
+import android.ext.LogViewerApp
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.res.stringResource
+import com.android.settings.R
+import com.android.settingslib.spa.widget.preference.Preference
+import com.android.settingslib.spa.widget.preference.PreferenceModel
+import com.android.settingslib.spaprivileged.model.app.installed
+import com.android.settingslib.spaprivileged.model.app.userHandle
+
+@Composable
+fun AppLogcatPreference(app: ApplicationInfo) {
+    if (!app.installed) {
+        return
+    }
+
+    val context = LocalContext.current
+
+    Preference(object : PreferenceModel {
+        override val title = stringResource(R.string.view_logs)
+        override val onClick = {
+            val intent = LogViewerApp.getPackageLogcatIntent(app.packageName)
+            context.startActivityAsUser(intent, app.userHandle)
+        }
+    })
+}

From a0be10d8a661291da36d1515455089a97c8b0a82 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 21 Feb 2024 16:39:26 +0200
Subject: [PATCH 049/117] add USB-C port and pogo pins security setting

---
 res/values/strings_ext.xml                    |  32 ++++
 res/xml/exploit_protection_settings.xml       |  10 ++
 .../UsbPortSecurityPrefController.java        | 141 ++++++++++++++++++
 3 files changed, 183 insertions(+)
 create mode 100644 src/com/android/settings/security/UsbPortSecurityPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index a745a34ea95..44e90a7e01b 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -135,4 +135,36 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
 
     <string name="view_logs">View logs</string>
 
+    <string name="usbc_port_title">USB-C port</string>
+    <string name="usbc_port_off_title">Off</string>
+    <string name="usbc_port_off_summary">Turns off the USB-C port.
+        Doesn’t impact the separate charging mode, which is activated by turning off the device and plugging it in to a charger.
+    </string>
+    <string name="usbc_port_charging_only_title">Charging-only</string>
+    <string name="usbc_port_charging_only_summary">Turns off all non-charging USB-C port functionality.</string>
+    <string name="usbc_port_charging_only_when_locked_title">Charging-only when locked</string>
+    <string name="usbc_port_charging_only_when_locked_summary">Enables the charging-only mode when the
+        device is locked and disables it when the device becomes unlocked. If the port is already
+        plugged-in at the time when the device becomes locked, then the activation of charging-only
+        mode will be delayed until the port is disconnected.</string>
+    <string name="usbc_port_charging_only_when_locked_afu_title">Charging-only when locked, except before first unlock</string>
+    <string name="usbc_port_charging_only_when_locked_afu_summary">This mode has the same behavior
+        as the “%1$s” mode, except for an additional exemption for before-first-unlock connections.
+    </string>
+    <string name="usbc_port_on_title">On</string>
+    <string name="usbc_port_on_summary">Does not add any restrictions.</string>
+
+    <string name="usbc_port_and_pogo_pins_title">USB-C port and pogo pins</string>
+    <string name="usbc_port_and_pogo_pins_off_title">USB-C port off, pogo pins used only for charging</string>
+    <string name="usbc_port_and_pogo_pins_off_summary">Turns off the USB-C port and turns off all
+        non-charging pogo pins functionality. Doesn’t impact the separate charging mode, which is
+        activated by turning off the device and plugging it in to a charger.
+    </string>
+    <string name="usbc_port_and_pogo_pins_charging_only_summary">Turns off all non-charging USB-C port and pogo pins functionality.</string>
+    <string name="usbc_port_and_pogo_pins_charging_only_when_locked_summary">Enables the charging-only mode when the
+        device is locked and disables it when the device becomes unlocked. If the port is already
+        plugged-in at the time when the device becomes locked, then the activation of charging-only
+        mode will be delayed until the port is disconnected. The same behavior applies to pogo pins.
+    </string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index d2ed9ca38c0..530e97cd956 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -10,6 +10,16 @@
         android:title="@string/auto_reboot_title"
         settings:controller="com.android.settings.security.AutoRebootPrefController" />
 
+    <Preference
+        android:key="usbc_port"
+        android:title="@string/usbc_port_title"
+        settings:controller="com.android.settings.security.UsbPortSecurityPrefController" />
+
+    <Preference
+        android:key="usbc_port_and_pogo_pins"
+        android:title="@string/usbc_port_and_pogo_pins_title"
+        settings:controller="com.android.settings.security.UsbPortSecurityPrefController" />
+
     <Preference
         android:key="wifi_auto_off"
         android:title="@string/wifi_auto_off_title"
diff --git a/src/com/android/settings/security/UsbPortSecurityPrefController.java b/src/com/android/settings/security/UsbPortSecurityPrefController.java
new file mode 100644
index 00000000000..ddea6316299
--- /dev/null
+++ b/src/com/android/settings/security/UsbPortSecurityPrefController.java
@@ -0,0 +1,141 @@
+package com.android.settings.security;
+
+import android.content.Context;
+import android.content.res.Resources;
+import android.ext.settings.UsbPortSecurity;
+import android.hardware.usb.UsbManager;
+import android.hardware.usb.ext.PortSecurityState;
+import android.os.Bundle;
+import android.os.ResultReceiver;
+
+import androidx.preference.Preference;
+
+import com.android.internal.infra.AndroidFuture;
+import com.android.settings.R;
+import com.android.settings.ext.IntSettingPrefController;
+
+import java.util.Objects;
+import java.util.concurrent.TimeUnit;
+
+import static java.util.Objects.requireNonNull;
+
+public class UsbPortSecurityPrefController extends IntSettingPrefController {
+    private final boolean appliesToPogoPins;
+
+    public UsbPortSecurityPrefController(Context ctx, String key) {
+        super(ctx, key, UsbPortSecurity.MODE_SETTING);
+
+        appliesToPogoPins = ctx.getResources().getBoolean(
+                com.android.internal.R.bool.config_usb_port_security_applies_to_pogo_pins);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        String prefKey = getPreferenceKey();
+        if (appliesToPogoPins) {
+            if ("usbc_port".equals(prefKey)) {
+                return UNSUPPORTED_ON_DEVICE;
+            }
+        } else {
+            if ("usbc_port_and_pogo_pins".equals(prefKey)) {
+                return UNSUPPORTED_ON_DEVICE;
+            }
+        }
+
+        int res = super.getAvailabilityStatus();
+        if (res == AVAILABLE) {
+            int config = com.android.internal.R.bool.config_usbPortSecuritySupported;
+            if (!mContext.getResources().getBoolean(config)) {
+                res = UNSUPPORTED_ON_DEVICE;
+            }
+        }
+        return res;
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        boolean pogo = appliesToPogoPins;
+
+        Resources res = mContext.getResources();
+        entries.add(pogo ? R.string.usbc_port_and_pogo_pins_off_title : R.string.usbc_port_off_title,
+                pogo ? R.string.usbc_port_and_pogo_pins_off_summary : R.string.usbc_port_off_summary,
+                UsbPortSecurity.MODE_DISABLED);
+        entries.add(R.string.usbc_port_charging_only_title,
+                pogo ? R.string.usbc_port_and_pogo_pins_charging_only_summary : R.string.usbc_port_charging_only_summary,
+                UsbPortSecurity.MODE_CHARGING_ONLY);
+
+        String title = res.getString(R.string.usbc_port_charging_only_when_locked_title);
+        CharSequence summary = res.getText(pogo ?
+                R.string.usbc_port_and_pogo_pins_charging_only_when_locked_summary :
+                R.string.usbc_port_charging_only_when_locked_summary);
+        entries.add(title, summary,
+                UsbPortSecurity.MODE_CHARGING_ONLY_WHEN_LOCKED);
+
+        CharSequence titleAfu = res.getText(R.string.usbc_port_charging_only_when_locked_afu_title);
+        String summaryAfu = res.getString(R.string.usbc_port_charging_only_when_locked_afu_summary, title);
+        entries.add(titleAfu, summaryAfu,
+                UsbPortSecurity.MODE_CHARGING_ONLY_WHEN_LOCKED_AFU);
+
+        entries.add(R.string.usbc_port_on_title, R.string.usbc_port_on_summary,
+                UsbPortSecurity.MODE_ENABLED);
+    }
+
+    private static void setSecurityStateForAllPortsSync(UsbManager usbManager, int state) {
+        var future = new AndroidFuture<>();
+        usbManager.setSecurityStateForAllPorts(state, new ResultReceiver(null) {
+            @Override
+            protected void onReceiveResult(int resultCode, Bundle resultData) {
+                if (resultCode != android.hardware.usb.ext.IUsbExt.NO_ERROR) {
+                    String msg = "setPortSecurityState failed, " +
+                            "resultCode: " + resultCode;
+                    if (resultData != null) {
+                        msg += ", resultData: " + resultData.toStringDeep();
+                    }
+                    throw new RuntimeException(msg);
+                }
+                future.complete(null);
+            }
+        });
+        try {
+            future.get(3, TimeUnit.SECONDS);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private void setState(int prevSetting, @android.hardware.usb.ext.PortSecurityState int state) {
+        var usbManager = requireNonNull(mContext.getSystemService(UsbManager.class));
+        if (prevSetting == UsbPortSecurity.MODE_CHARGING_ONLY && state >= UsbPortSecurity.MODE_CHARGING_ONLY_WHEN_LOCKED) {
+            // Turn USB ports off first to trigger reconnection of devices that were connected
+            // in charging-only state. Simply enabling the data path is not enough in some
+            // advanced scenarios, e.g. when port alt mode or port role switching are used.
+            setSecurityStateForAllPortsSync(usbManager, PortSecurityState.DISABLED);
+        }
+        setSecurityStateForAllPortsSync(usbManager, state);
+    }
+
+    @Override
+    protected boolean setValue(int val) {
+        int prevSetting = getCurrentValue();
+        boolean res = super.setValue(val);
+        if (!res) {
+            return false;
+        }
+
+        int pss = switch (val) {
+            case UsbPortSecurity.MODE_DISABLED -> PortSecurityState.DISABLED;
+            case UsbPortSecurity.MODE_CHARGING_ONLY -> PortSecurityState.CHARGING_ONLY_IMMEDIATE;
+            case UsbPortSecurity.MODE_CHARGING_ONLY_WHEN_LOCKED -> PortSecurityState.ENABLED;
+            case UsbPortSecurity.MODE_CHARGING_ONLY_WHEN_LOCKED_AFU -> PortSecurityState.ENABLED;
+            case UsbPortSecurity.MODE_ENABLED -> PortSecurityState.ENABLED;
+            default -> throw new IllegalArgumentException(Integer.toString(val));
+        };
+        setState(prevSetting, pss);
+        return true;
+    }
+
+    @Override
+    protected boolean isCredentialConfirmationRequired() {
+        return true;
+    }
+}

From 4132e9b5bd5d4dbe757a39ddd0c95a16512fd445 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 7 Mar 2024 12:21:53 +0200
Subject: [PATCH 050/117] enable "About phone -> Battery information" screen

Squashed with:
commit 50f8f1d6d2c588e8e5504f6f9f6c071c6b26938f
Author: Daniel Micay <daniel.micay@grapheneos.org>
Date:   Sat Mar 9 10:06:21 2024 -0500

    use 2021-01-01 as minimum battery date
---
 .../fuelgauge/BatterySettingsFeatureProviderImpl.java       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/com/android/settings/fuelgauge/BatterySettingsFeatureProviderImpl.java b/src/com/android/settings/fuelgauge/BatterySettingsFeatureProviderImpl.java
index 4b5d9526f16..acc67ecb639 100644
--- a/src/com/android/settings/fuelgauge/BatterySettingsFeatureProviderImpl.java
+++ b/src/com/android/settings/fuelgauge/BatterySettingsFeatureProviderImpl.java
@@ -32,17 +32,17 @@ public class BatterySettingsFeatureProviderImpl implements BatterySettingsFeatur
 
     @Override
     public boolean isManufactureDateAvailable(Context context, long manufactureDateMs) {
-        return false;
+        return manufactureDateMs > 1_609_459_200_000L; // 2021-01-01
     }
 
     @Override
     public boolean isFirstUseDateAvailable(Context context, long firstUseDateMs) {
-        return false;
+        return firstUseDateMs > 1_609_459_200_000L; // 2021-01-01
     }
 
     @Override
     public boolean isBatteryInfoEnabled(Context context) {
-        return false;
+        return true;
     }
 
     @Override

From d35fe51fae547de82859042266be22088851ee85 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 17 Mar 2024 17:40:23 +0200
Subject: [PATCH 051/117] fix footer formatting issue on App pinning screen

Since 20976c3a53802a8b78cab20e49154244ddaf9ddd screen_pinning_description is a formatted string,
it can't be used directly from XML.
---
 res/xml/screen_pinning_settings.xml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/res/xml/screen_pinning_settings.xml b/res/xml/screen_pinning_settings.xml
index 2c4402da89e..f06b42ceab1 100644
--- a/res/xml/screen_pinning_settings.xml
+++ b/res/xml/screen_pinning_settings.xml
@@ -30,7 +30,6 @@
 
     <com.android.settingslib.widget.FooterPreference
         android:key="screen_pinning_settings_screen_footer"
-        android:title="@string/screen_pinning_description"
         settings:searchable="false" />
 
 </PreferenceScreen>

From 33397fdebd44fdf140685979895c39e9c1964ebf Mon Sep 17 00:00:00 2001
From: Jitesh Singh <jiteshsingh.jts@gmail.com>
Date: Tue, 30 Jan 2024 19:48:12 +0530
Subject: [PATCH 052/117] fixes redundant horizontal margin issue on tablets

---
 res/values-sw600dp-v31/dimens.xml | 9 +++++++++
 res/values-sw600dp/dimens.xml     | 8 ++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 res/values-sw600dp-v31/dimens.xml

diff --git a/res/values-sw600dp-v31/dimens.xml b/res/values-sw600dp-v31/dimens.xml
new file mode 100644
index 00000000000..3542f62dc08
--- /dev/null
+++ b/res/values-sw600dp-v31/dimens.xml
@@ -0,0 +1,9 @@
+<resources>
+    <!-- Fixes redundant horizontal margin issue on tablets -->
+    <dimen name="sud_glif_margin_start_material_you">24dp</dimen>
+    <dimen name="sud_glif_margin_end_material_you">24dp</dimen>
+    <dimen name="sud_glif_footer_bar_padding_start_material_you">8dp</dimen>
+    <dimen name="sud_glif_footer_bar_padding_end_material_you">20dp</dimen>
+    <dimen name="sud_glif_button_margin_end">20dp</dimen>
+    <dimen name="sud_glif_button_margin_start">8dp</dimen>
+</resources>
diff --git a/res/values-sw600dp/dimens.xml b/res/values-sw600dp/dimens.xml
index 55735e66322..170d6998c36 100755
--- a/res/values-sw600dp/dimens.xml
+++ b/res/values-sw600dp/dimens.xml
@@ -29,6 +29,14 @@
     <!-- Lock pattern view size, align sysui biometric_auth_pattern_view_size -->
     <dimen name="biometric_auth_pattern_view_size">348dp</dimen>
 
+    <!-- Fixes redundant horizontal margin issue on tablets -->
+    <dimen name="sud_glif_margin_start_material_you">24dp</dimen>
+    <dimen name="sud_glif_margin_end_material_you">24dp</dimen>
+    <dimen name="sud_glif_footer_bar_padding_start_material_you">8dp</dimen>
+    <dimen name="sud_glif_footer_bar_padding_end_material_you">20dp</dimen>
+    <dimen name="sud_glif_button_margin_end">20dp</dimen>
+    <dimen name="sud_glif_button_margin_start">8dp</dimen>
+
     <!--  Pointer fill color preference  -->
     <dimen name="pointer_fill_container_height">104dp</dimen>
     <dimen name="pointer_fill_container_max_width">448dp</dimen>

From 7cbd2179c39f03680f786a7833afe62668a0cab5 Mon Sep 17 00:00:00 2001
From: Jitesh Singh <jiteshsingh.jts@gmail.com>
Date: Wed, 31 Jan 2024 01:41:53 +0530
Subject: [PATCH 053/117] internet setup activity

Co-authored-by: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Co-authored-by: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
---
 AndroidManifest.xml                           |  13 ++
 res/drawable/baseline_wifi.xml                |  10 ++
 res/drawable/baseline_wifi_glif.xml           |   7 +
 res/layout/settings_main_prefs.xml            |  62 ++++---
 res/values/dimens.xml                         |   5 +
 res/values/themes_suw.xml                     |   2 +
 .../network/InternetSetupActivity.java        |  52 ++++++
 .../network/NetworkProviderSettings.java      |   4 +-
 .../network/NetworkProviderSetup.java         | 155 ++++++++++++++++++
 9 files changed, 276 insertions(+), 34 deletions(-)
 create mode 100644 res/drawable/baseline_wifi.xml
 create mode 100644 res/drawable/baseline_wifi_glif.xml
 create mode 100644 src/com/android/settings/network/InternetSetupActivity.java
 create mode 100644 src/com/android/settings/network/NetworkProviderSetup.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 373fd205ee2..5cb17f99642 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -516,6 +516,19 @@
                 android:value="true" />
         </activity>
 
+        <!-- this is supposed to be used both for wifi and mobile data, controlled by flags -->
+        <activity
+            android:name=".network.InternetSetupActivity"
+            android:theme="@style/GlifV4Theme.DayNight"
+            android:exported="true">
+            <intent-filter android:priority="1">
+                <action android:name="android.settings.SETUP_INTERNET" />
+                <category android:name="android.intent.category.DEFAULT" />
+            </intent-filter>
+            <meta-data android:name="com.android.settings.PRIMARY_PROFILE_CONTROLLED"
+                android:value="true" />
+        </activity>
+
         <activity
             android:name=".wifi.WifiPickerActivity"
             android:permission="android.permission.CHANGE_WIFI_STATE"
diff --git a/res/drawable/baseline_wifi.xml b/res/drawable/baseline_wifi.xml
new file mode 100644
index 00000000000..e8b85e7ced0
--- /dev/null
+++ b/res/drawable/baseline_wifi.xml
@@ -0,0 +1,10 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:tint="?attr/colorPrimary"
+    android:viewportWidth="24"
+    android:viewportHeight="24">
+    <path
+        android:fillColor="@android:color/white"
+        android:pathData="M1,9l2,2c4.97,-4.97 13.03,-4.97 18,0l2,-2C16.93,2.93 7.08,2.93 1,9zM9,17l3,3 3,-3c-1.65,-1.66 -4.34,-1.66 -6,0zM5,13l2,2c2.76,-2.76 7.24,-2.76 10,0l2,-2C15.14,9.14 8.87,9.14 5,13z" />
+</vector>
diff --git a/res/drawable/baseline_wifi_glif.xml b/res/drawable/baseline_wifi_glif.xml
new file mode 100644
index 00000000000..3f12842b089
--- /dev/null
+++ b/res/drawable/baseline_wifi_glif.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<layer-list xmlns:android="http://schemas.android.com/apk/res/android">
+    <item
+        android:width="?attr/sudGlifIconSize"
+        android:height="?attr/sudGlifIconSize"
+        android:drawable="@drawable/baseline_wifi" />
+</layer-list>
\ No newline at end of file
diff --git a/res/layout/settings_main_prefs.xml b/res/layout/settings_main_prefs.xml
index 48352e2efa0..5111332bfbe 100644
--- a/res/layout/settings_main_prefs.xml
+++ b/res/layout/settings_main_prefs.xml
@@ -34,40 +34,38 @@
         android:layout_height="0dp"
         android:layout_weight="1"/>
 
-    <RelativeLayout android:id="@+id/button_bar"
-                    android:layout_height="wrap_content"
-                    android:layout_width="match_parent"
-                    android:layout_weight="0"
-                    android:visibility="gone">
-
-        <Button android:id="@+id/back_button"
-                android:layout_width="150dip"
-                android:layout_height="wrap_content"
-                android:layout_margin="5dip"
-                android:layout_alignParentStart="true"
-                android:text="@*android:string/back_button_label"/>
-
-        <LinearLayout
-                android:orientation="horizontal"
-                android:layout_width="wrap_content"
-                android:layout_height="wrap_content"
-                android:layout_alignParentEnd="true">
-
-            <Button android:id="@+id/skip_button"
-                    android:layout_width="150dip"
-                    android:layout_height="wrap_content"
-                    android:layout_margin="5dip"
-                    android:text="@*android:string/skip_button_label"
-                    android:visibility="gone"/>
+    <!-- button bar is used only by activities that use setupdesign-->
+    <RelativeLayout
+        android:id="@+id/button_bar"
+        style="@style/SudGlifButtonBar.Stackable"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:visibility="gone">
 
-            <Button android:id="@+id/next_button"
-                    android:layout_width="150dip"
-                    android:layout_height="wrap_content"
-                    android:layout_margin="5dip"
-                    android:text="@*android:string/next_button_label"/>
+        <Button
+            android:id="@+id/back_button"
+            style="@style/SudGlifButton.Secondary"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:layout_alignParentStart="true"
+            android:layout_marginEnd="@dimen/sud_glif_button_margin_end"
+            android:text="@*android:string/back_button_label" />
 
-        </LinearLayout>
+        <Button
+            android:id="@+id/skip_button"
+            style="@style/SudGlifButton.Secondary"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:layout_toEndOf="@id/back_button"
+            android:text="@*android:string/skip_button_label"
+            android:visibility="gone" />
 
+        <Button
+            android:id="@+id/next_button"
+            style="@style/SudGlifButton.Primary"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:layout_alignParentEnd="true"
+            android:text="@*android:string/next_button_label" />
     </RelativeLayout>
-
 </LinearLayout>
diff --git a/res/values/dimens.xml b/res/values/dimens.xml
index d202f850a11..2f5e28a81f3 100755
--- a/res/values/dimens.xml
+++ b/res/values/dimens.xml
@@ -524,6 +524,11 @@
     <dimen name="audio_streams_qrcode_preview_radius">30dp</dimen>
     <dimen name="audio_streams_qrcode_scanner_fragment_padding">16dp</dimen>
 
+    <!-- Setup wizard related -->
+    <dimen name="sud_progress_bar_margin_top">
+        @dimen/sud_progress_bar_margin_top_material_you
+    </dimen>
+
     <!-- Zen Modes -->
     <dimen name="zen_mode_header_size">136dp</dimen>
     <dimen name="zen_mode_header_inner_icon_size">64dp</dimen>
diff --git a/res/values/themes_suw.xml b/res/values/themes_suw.xml
index 9efac286487..d7fec0b5c1d 100644
--- a/res/values/themes_suw.xml
+++ b/res/values/themes_suw.xml
@@ -150,6 +150,7 @@
 
         <!-- LockPatternView colors -->
         <item name="*android:lockPatternStyle">@style/LockPatternStyle</item>
+        <item name="sudUseBottomProgressBar">true</item>
     </style>
 
     <style name="GlifV4Theme.Light" parent="SudThemeGlifV4.Light">
@@ -168,6 +169,7 @@
         <item name="preferenceTheme">@style/PreferenceTheme.SetupWizard</item>
 
         <item name="*android:lockPatternStyle">@style/LockPatternStyle</item>
+        <item name="sudUseBottomProgressBar">true</item>
     </style>
 
     <style name="GlifV3Theme.Light.NoActionBar" parent="GlifV3Theme.Light">
diff --git a/src/com/android/settings/network/InternetSetupActivity.java b/src/com/android/settings/network/InternetSetupActivity.java
new file mode 100644
index 00000000000..4e36accb886
--- /dev/null
+++ b/src/com/android/settings/network/InternetSetupActivity.java
@@ -0,0 +1,52 @@
+package com.android.settings.network;
+
+import android.content.Intent;
+import android.os.Bundle;
+import android.text.TextUtils;
+import android.widget.TextView;
+
+import androidx.annotation.Nullable;
+import androidx.preference.PreferenceFragmentCompat;
+
+import com.android.settings.ButtonBarHandler;
+import com.android.settings.R;
+import com.android.settings.SettingsActivity;
+import com.android.settings.SetupWizardUtils;
+
+import com.google.android.setupdesign.util.ThemeHelper;
+
+public class InternetSetupActivity extends SettingsActivity {
+
+    @Override
+    protected void onCreate(@Nullable Bundle savedInstanceState) {
+        setTheme(SetupWizardUtils.getTheme(this, getIntent()));
+        ThemeHelper.trySetDynamicColor(this);
+        super.onCreate(savedInstanceState);
+    }
+
+    @Override
+    protected void createUiFromIntent(Bundle savedState, Intent intent) {
+        intent.putExtra("extra_prefs_show_button_bar", false);
+        super.createUiFromIntent(savedState, intent);
+    }
+
+    @Override
+    protected boolean isToolbarEnabled() {
+        // Hide the action bar from this page.
+        return false;
+    }
+
+    private static final String FRAGMENT_CLASS_NAME = NetworkProviderSetup.class.getName();
+
+    @Override
+    public Intent getIntent() {
+        Intent modIntent = new Intent(super.getIntent());
+        modIntent.putExtra(EXTRA_SHOW_FRAGMENT, FRAGMENT_CLASS_NAME);
+        return modIntent;
+    }
+
+    @Override
+    protected boolean isValidFragment(String fragmentName) {
+        return FRAGMENT_CLASS_NAME.equals(fragmentName);
+    }
+}
diff --git a/src/com/android/settings/network/NetworkProviderSettings.java b/src/com/android/settings/network/NetworkProviderSettings.java
index c776987856e..a999d2ea90f 100644
--- a/src/com/android/settings/network/NetworkProviderSettings.java
+++ b/src/com/android/settings/network/NetworkProviderSettings.java
@@ -250,8 +250,8 @@ public class NetworkProviderSettings extends RestrictedDashboardFragment
     /**
      * Mobile networks list for provider model
      */
-    private static final String PREF_KEY_PROVIDER_MOBILE_NETWORK = "provider_model_mobile_network";
-    private NetworkMobileProviderController mNetworkMobileProviderController;
+    static final String PREF_KEY_PROVIDER_MOBILE_NETWORK = "provider_model_mobile_network";
+    NetworkMobileProviderController mNetworkMobileProviderController;
 
     /**
      * Tracks whether the user initiated a connection via clicking in order to autoscroll to the
diff --git a/src/com/android/settings/network/NetworkProviderSetup.java b/src/com/android/settings/network/NetworkProviderSetup.java
new file mode 100644
index 00000000000..ae3c01a70a3
--- /dev/null
+++ b/src/com/android/settings/network/NetworkProviderSetup.java
@@ -0,0 +1,155 @@
+package com.android.settings.network;
+
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import android.text.TextUtils;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+
+import androidx.annotation.Nullable;
+import androidx.preference.Preference;
+import androidx.recyclerview.widget.RecyclerView;
+
+import com.android.settings.R;
+
+import com.google.android.setupcompat.template.FooterBarMixin;
+import com.google.android.setupcompat.template.FooterButton;
+import com.google.android.setupdesign.GlifPreferenceLayout;
+
+/**
+ * UI for Mobile network and Wi-Fi network setup.
+ */
+public class NetworkProviderSetup extends NetworkProviderSettings {
+    public static final String EXTRA_SETUP_WIZARD_MODE_WIFI = "setup_wizard_mode_wifi";
+    public static final String EXTRA_SETUP_WIZARD_TITLE = "setup_wizard_title";
+    public static final String EXTRA_SETUP_WIZARD_DESCRIPTION = "setup_wizard_description";
+    private static final String PREF_KEY_CONNECTED_ETHERNET_NETWORK = "connected_ethernet_network";
+    private static final String EXTRA_PREFS_SET_SKIP_TEXT = "extra_prefs_set_skip_text";
+
+    /**
+     * Don't show media other than wifi, even if they might be available.
+     */
+    private boolean isSetupWizardModeWifi;
+    private FooterButton nextButton;
+    private FooterButton skipButton;
+
+    @Override
+    public void onCreate(Bundle icicle) {
+        super.onCreate(icicle);
+        isSetupWizardModeWifi = getIntent().getBooleanExtra(
+                EXTRA_SETUP_WIZARD_MODE_WIFI, false);
+    }
+
+    @Override
+    public void onViewCreated(View view, Bundle savedInstanceState) {
+        super.onViewCreated(view, savedInstanceState);
+        Activity activity = getActivity();
+        if (activity == null) return;
+        GlifPreferenceLayout layout = (GlifPreferenceLayout) view;
+        layout.setDividerInsets(Integer.MAX_VALUE, 0);
+        if (isSetupWizardModeWifi) {
+            layout.setIcon(activity.getDrawable(R.drawable.baseline_wifi_glif));
+            Intent intent = activity.getIntent();
+            layout.setHeaderText(intent.getStringExtra(EXTRA_SETUP_WIZARD_TITLE));
+            layout.setDescriptionText(intent.getStringExtra(EXTRA_SETUP_WIZARD_DESCRIPTION));
+        }
+        FooterBarMixin mixin = layout.getMixin(FooterBarMixin.class);
+        // setup next button
+        nextButton = new FooterButton.Builder(activity)
+                .setButtonType(FooterButton.ButtonType.NEXT)
+                .setTheme(com.google.android.setupdesign.R.style.SudGlifButton_Primary)
+                .setText(R.string.next_label)
+                .build();
+        mixin.setPrimaryButton(nextButton);
+        nextButton.setOnClickListener(v -> finish());
+        // setup skip button
+        skipButton = new FooterButton.Builder(activity)
+                .setButtonType(FooterButton.ButtonType.SKIP)
+                .setTheme(com.google.android.setupdesign.R.style.SudGlifButton_Secondary)
+                .setText(R.string.skip_label)
+                .build();
+        String buttonText = getIntent().getStringExtra(EXTRA_PREFS_SET_SKIP_TEXT);
+        if (!TextUtils.isEmpty(buttonText)) {
+            skipButton.setText(buttonText);
+        }
+        mixin.setSecondaryButton(skipButton);
+        skipButton.setOnClickListener(v -> finish());
+    }
+
+    @Override
+    public void finish() {
+        Activity activity = getActivity();
+        if (activity == null) return;
+        activity.setResult(Activity.RESULT_OK);
+        activity.finish();
+    }
+
+    @Override
+    void changeNextButtonState(boolean enabled) {
+        nextButton.setEnabled(enabled);
+        skipButton.setVisibility(enabled ? View.GONE : View.VISIBLE);
+    }
+
+    @Override
+    public RecyclerView onCreateRecyclerView(LayoutInflater inflater, ViewGroup parent,
+            Bundle savedInstanceState) {
+        GlifPreferenceLayout layout = (GlifPreferenceLayout) parent;
+        return layout.onCreateRecyclerView(inflater, parent, savedInstanceState);
+    }
+
+    private static void maybeSetVisible(@Nullable Preference p, boolean visible) {
+        if (p != null) {
+            p.setVisible(visible);
+        }
+    }
+
+    @Override
+    public void onActivityCreated(Bundle savedInstanceState) {
+        super.onActivityCreated(savedInstanceState);
+        maybeSetVisible(mConfigureWifiSettingsPreference, false);
+        maybeSetVisible(mDataUsagePreference, false);
+        maybeSetVisible(mAirplaneModeMsgPreference, false);
+        maybeSetVisible(mResetInternetPreference, false);
+        if (isSetupWizardModeWifi) {
+            maybeSetVisible(findPreference(PREF_KEY_CONNECTED_ETHERNET_NETWORK), false);
+            maybeSetVisible(findPreference(PREF_KEY_PROVIDER_MOBILE_NETWORK), false);
+            if (mNetworkMobileProviderController != null) {
+                mNetworkMobileProviderController.hidePreference(true, false);
+            }
+        }
+    }
+
+    @Override
+    protected void setProgressBarVisible(boolean visible) {
+        GlifPreferenceLayout glif = (GlifPreferenceLayout) getView();
+        if (glif == null) return;
+        glif.setProgressBarShown(visible);
+    }
+
+    @Override
+    public void setHasOptionsMenu(boolean hasMenu) {
+        // do nothing
+    }
+
+    @Override
+    public void scrollToPreference(String key) {
+        // do nothing
+    }
+
+    @Override
+    public void scrollToPreference(Preference preference) {
+        // do nothing
+    }
+
+    @Override
+    public View setPinnedHeaderView(int layoutResId) {
+        return null; // result unused
+    }
+
+    @Override
+    public void setLoading(boolean loading, boolean animate) {
+        // do nothing
+    }
+}

From 05ce3c44b0cc6728d4bb7bc6e9dd2ab556d85072 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 27 Dec 2023 21:48:57 +0200
Subject: [PATCH 054/117] add config for setupdesign and setupcompat libraries

These libraries are used by several AOSP components and proprietary Google apps for creating
consistent SetupWizard-like UIs.

For more info, see methods that call "com.google.android.setupwizard.partner" ContentProvider in
external/setupcompat and external/setupdesign.
---
 AndroidManifest.xml                           |  6 ++
 .../settings/SetupDesignConfigProvider.java   | 75 +++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 src/com/android/settings/SetupDesignConfigProvider.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 5cb17f99642..fb7f4e3b460 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5353,6 +5353,12 @@
                 android:value="@string/menu_key_apps"/>
         </activity-alias>
 
+        <provider
+            android:name="com.android.settings.SetupDesignConfigProvider"
+            android:authorities="com.google.android.setupwizard.partner"
+            android:directBootAware="true"
+            android:exported="true" />
+
         <!-- [b/197780098] Disable eager initialization of Jetpack libraries. -->
         <provider
             android:name="androidx.startup.InitializationProvider"
diff --git a/src/com/android/settings/SetupDesignConfigProvider.java b/src/com/android/settings/SetupDesignConfigProvider.java
new file mode 100644
index 00000000000..71e87972571
--- /dev/null
+++ b/src/com/android/settings/SetupDesignConfigProvider.java
@@ -0,0 +1,75 @@
+package com.android.settings;
+
+import android.content.ContentProvider;
+import android.content.ContentValues;
+import android.database.Cursor;
+import android.net.Uri;
+import android.os.Build;
+import android.os.Bundle;
+import android.provider.Settings;
+import android.text.TextUtils;
+import android.util.Log;
+
+public class SetupDesignConfigProvider extends ContentProvider {
+    private static final String TAG = SetupDesignConfigProvider.class.getSimpleName();
+
+    @Override
+    public boolean onCreate() {
+        return true;
+    }
+
+    @Override
+    public Bundle call(String method, String arg, Bundle extras) {
+        Log.d(TAG, "method: " + method + ", caller: " + getCallingPackage());
+
+        var res = new Bundle();
+        switch (method) {
+            case "suwDefaultThemeString" ->
+                res.putString(method, "glif_v4_light");
+
+            case
+                    "applyGlifThemeControlledTransition",
+                    "isDynamicColorEnabled",
+                    "isEmbeddedActivityOnePaneEnabled",
+                    "isFullDynamicColorEnabled",
+                    "IsMaterialYouStyleEnabled",
+                    "isNeutralButtonStyleEnabled",
+                    "isSuwDayNightEnabled" ->
+                res.putBoolean(method, true);
+
+            case "getDeviceName" -> {
+                String name = Settings.Global.getString(getContext().getContentResolver(), Settings.Global.DEVICE_NAME);
+                if (TextUtils.isEmpty(name)) {
+                    name = Build.MODEL;
+                }
+                res.putCharSequence(method, name);
+            }
+        }
+        return res;
+    }
+
+    @Override
+    public Cursor query(Uri uri, String[] strings, String s, String[] strings1, String s1) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public String getType(Uri uri) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public Uri insert(Uri uri, ContentValues contentValues) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public int delete(Uri uri, String s, String[] strings) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public int update(Uri uri, ContentValues contentValues, String s, String[] strings) {
+        throw new UnsupportedOperationException();
+    }
+}

From eaa32b08e9558e8bc8b70483eaab77d0cc8682df Mon Sep 17 00:00:00 2001
From: Jitesh Singh <jiteshsingh.jts@gmail.com>
Date: Mon, 26 Feb 2024 23:07:52 +0530
Subject: [PATCH 055/117] setup design config provider

- defines abstraction: NonRelationalProvider
- implements SudConfigProvider
- provides basic configs
- provides overlay config
    - non-card layout for tablets
    - navigation bar light/dark mode
    - status bar light/dark mode
---
 AndroidManifest.xml                           |  2 +-
 res/values-night-v31/fractions.xml            |  4 +
 res/values-night/bools.xml                    |  5 ++
 res/values/bools.xml                          |  5 ++
 res/values/colors.xml                         |  5 ++
 res/values/dimens.xml                         |  5 ++
 res/values/fractions.xml                      |  4 +
 .../settings/SetupDesignConfigProvider.java   | 75 -----------------
 .../sudconfig/NonRelationalProvider.kt        | 51 +++++++++++
 .../settings/sudconfig/SudConfigProvider.kt   | 84 +++++++++++++++++++
 10 files changed, 164 insertions(+), 76 deletions(-)
 create mode 100644 res/values-night-v31/fractions.xml
 create mode 100644 res/values-night/bools.xml
 create mode 100644 res/values/bools.xml
 create mode 100644 res/values/fractions.xml
 delete mode 100644 src/com/android/settings/SetupDesignConfigProvider.java
 create mode 100644 src/com/android/settings/sudconfig/NonRelationalProvider.kt
 create mode 100644 src/com/android/settings/sudconfig/SudConfigProvider.kt

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index fb7f4e3b460..f787670961a 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5354,7 +5354,7 @@
         </activity-alias>
 
         <provider
-            android:name="com.android.settings.SetupDesignConfigProvider"
+            android:name="com.android.settings.sudconfig.SudConfigProvider"
             android:authorities="com.google.android.setupwizard.partner"
             android:directBootAware="true"
             android:exported="true" />
diff --git a/res/values-night-v31/fractions.xml b/res/values-night-v31/fractions.xml
new file mode 100644
index 00000000000..547f63d5515
--- /dev/null
+++ b/res/values-night-v31/fractions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <fraction name="setup_compat_footer_button_ripple_alpha">24%</fraction>
+</resources>
diff --git a/res/values-night/bools.xml b/res/values-night/bools.xml
new file mode 100644
index 00000000000..bfdd9cf0334
--- /dev/null
+++ b/res/values-night/bools.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <bool name="setup_compat_light_navigation_bar">false</bool>
+    <bool name="setup_compat_light_status_bar">false</bool>
+</resources>
diff --git a/res/values/bools.xml b/res/values/bools.xml
new file mode 100644
index 00000000000..d978b71d643
--- /dev/null
+++ b/res/values/bools.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <bool name="setup_compat_light_navigation_bar">true</bool>
+    <bool name="setup_compat_light_status_bar">true</bool>
+</resources>
diff --git a/res/values/colors.xml b/res/values/colors.xml
index 91598fe6309..40d50b5d7e9 100644
--- a/res/values/colors.xml
+++ b/res/values/colors.xml
@@ -216,6 +216,11 @@
     <color name="screen_flash_preset_opacity_color_11">#4DFF00FE</color> <!-- 30% Magenta -->
     <color name="screen_flash_preset_opacity_color_12">#667F00FF</color> <!-- 40% Violet -->
 
+    <!-- Setup wizard related -->
+    <color name="setup_compat_footer_primary_button_bg_color">
+        @color/sud_color_accent_glif_v3_light
+    </color>
+
     <!-- Switch bar disabled state color-->
     <color name="switch_bar_state_disabled_color">#1F1F1F1F</color>
 
diff --git a/res/values/dimens.xml b/res/values/dimens.xml
index 2f5e28a81f3..3a3bcff794c 100755
--- a/res/values/dimens.xml
+++ b/res/values/dimens.xml
@@ -528,6 +528,11 @@
     <dimen name="sud_progress_bar_margin_top">
         @dimen/sud_progress_bar_margin_top_material_you
     </dimen>
+    <dimen name="setup_design_card_view_intrinsic_height">0dp</dimen>
+    <dimen name="setup_design_card_view_intrinsic_width">0dp</dimen>
+    <dimen name="setup_compat_footer_button_radius">
+        @dimen/sud_footer_bar_button_radius_material_you
+    </dimen>
 
     <!-- Zen Modes -->
     <dimen name="zen_mode_header_size">136dp</dimen>
diff --git a/res/values/fractions.xml b/res/values/fractions.xml
new file mode 100644
index 00000000000..78454226886
--- /dev/null
+++ b/res/values/fractions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <fraction name="setup_compat_footer_button_ripple_alpha">12%</fraction>
+</resources>
diff --git a/src/com/android/settings/SetupDesignConfigProvider.java b/src/com/android/settings/SetupDesignConfigProvider.java
deleted file mode 100644
index 71e87972571..00000000000
--- a/src/com/android/settings/SetupDesignConfigProvider.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package com.android.settings;
-
-import android.content.ContentProvider;
-import android.content.ContentValues;
-import android.database.Cursor;
-import android.net.Uri;
-import android.os.Build;
-import android.os.Bundle;
-import android.provider.Settings;
-import android.text.TextUtils;
-import android.util.Log;
-
-public class SetupDesignConfigProvider extends ContentProvider {
-    private static final String TAG = SetupDesignConfigProvider.class.getSimpleName();
-
-    @Override
-    public boolean onCreate() {
-        return true;
-    }
-
-    @Override
-    public Bundle call(String method, String arg, Bundle extras) {
-        Log.d(TAG, "method: " + method + ", caller: " + getCallingPackage());
-
-        var res = new Bundle();
-        switch (method) {
-            case "suwDefaultThemeString" ->
-                res.putString(method, "glif_v4_light");
-
-            case
-                    "applyGlifThemeControlledTransition",
-                    "isDynamicColorEnabled",
-                    "isEmbeddedActivityOnePaneEnabled",
-                    "isFullDynamicColorEnabled",
-                    "IsMaterialYouStyleEnabled",
-                    "isNeutralButtonStyleEnabled",
-                    "isSuwDayNightEnabled" ->
-                res.putBoolean(method, true);
-
-            case "getDeviceName" -> {
-                String name = Settings.Global.getString(getContext().getContentResolver(), Settings.Global.DEVICE_NAME);
-                if (TextUtils.isEmpty(name)) {
-                    name = Build.MODEL;
-                }
-                res.putCharSequence(method, name);
-            }
-        }
-        return res;
-    }
-
-    @Override
-    public Cursor query(Uri uri, String[] strings, String s, String[] strings1, String s1) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public String getType(Uri uri) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public Uri insert(Uri uri, ContentValues contentValues) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public int delete(Uri uri, String s, String[] strings) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public int update(Uri uri, ContentValues contentValues, String s, String[] strings) {
-        throw new UnsupportedOperationException();
-    }
-}
diff --git a/src/com/android/settings/sudconfig/NonRelationalProvider.kt b/src/com/android/settings/sudconfig/NonRelationalProvider.kt
new file mode 100644
index 00000000000..5a77d8b1b3d
--- /dev/null
+++ b/src/com/android/settings/sudconfig/NonRelationalProvider.kt
@@ -0,0 +1,51 @@
+package com.android.settings.sudconfig
+
+import android.content.ContentProvider
+import android.content.ContentValues
+import android.database.Cursor
+import android.net.Uri
+
+/**
+ * Useful for implementing content provider interfaces that are exclusively for non-relational
+ * (non-tabular) models. This reduces the boilerplate code by providing empty implementations for
+ * methods which are unneeded in non-relational models.
+ *
+ * @see [ContentProvider.call]
+ */
+abstract class NonRelationalProvider : ContentProvider() {
+
+    final override fun query(
+        uri: Uri,
+        projection: Array<out String>?,
+        selection: String?,
+        selectionArgs: Array<out String>?,
+        sortOrder: String?
+    ): Cursor? {
+        throw UnsupportedOperationException()
+    }
+
+    final override fun getType(uri: Uri): String? {
+        throw UnsupportedOperationException()
+    }
+
+    final override fun insert(uri: Uri, values: ContentValues?): Uri? {
+        throw UnsupportedOperationException()
+    }
+
+    final override fun delete(
+        uri: Uri,
+        selection: String?,
+        selectionArgs: Array<out String>?
+    ): Int {
+        throw UnsupportedOperationException()
+    }
+
+    final override fun update(
+        uri: Uri,
+        values: ContentValues?,
+        selection: String?,
+        selectionArgs: Array<out String>?
+    ): Int {
+        throw UnsupportedOperationException()
+    }
+}
diff --git a/src/com/android/settings/sudconfig/SudConfigProvider.kt b/src/com/android/settings/sudconfig/SudConfigProvider.kt
new file mode 100644
index 00000000000..ae2b4926f1f
--- /dev/null
+++ b/src/com/android/settings/sudconfig/SudConfigProvider.kt
@@ -0,0 +1,84 @@
+package com.android.settings.sudconfig
+
+import android.os.Build
+import android.os.Bundle
+import android.provider.Settings
+import android.text.TextUtils
+import android.util.Log
+import com.android.settings.R;
+import java.util.Optional
+
+/**
+ * Provides system-wide config for setup wizard screens.
+ */
+class SudConfigProvider : NonRelationalProvider() {
+    companion object {
+        private const val TAG = "SudConfigProvider"
+
+        // resources to be forwarded via overlay config
+        private val overlayConfigResources = arrayOf(
+            R.dimen.setup_design_card_view_intrinsic_height,
+            R.dimen.setup_design_card_view_intrinsic_width,
+            R.bool.setup_compat_light_navigation_bar,
+            R.bool.setup_compat_light_status_bar,
+            R.color.setup_compat_footer_primary_button_bg_color,
+            R.dimen.setup_compat_footer_button_radius,
+            R.fraction.setup_compat_footer_button_ripple_alpha
+        )
+    }
+
+    private lateinit var defaultThemeString: String
+
+    override fun onCreate(): Boolean {
+        // returns value of setupwizard.theme sysprop
+        val theme: Optional<String> = android.sysprop.SetupWizardProperties.theme()
+        // setupwizard.theme should always be set to prevent inconsistencies in setupdesign UIs
+        check(theme.isPresent) { "missing setupwizard.theme sysprop" }
+        defaultThemeString = theme.get()
+        return true
+    }
+
+    override fun call(method: String, arg: String?, extras: Bundle?): Bundle {
+        Log.d(TAG, "method: $method, caller: $callingPackage")
+        val bundle = Bundle()
+        when (method) {
+            "suwDefaultThemeString" -> bundle.putString(method, defaultThemeString)
+
+            "applyGlifThemeControlledTransition",
+            "isDynamicColorEnabled",
+            "isEmbeddedActivityOnePaneEnabled",
+            "isFullDynamicColorEnabled",
+            "IsMaterialYouStyleEnabled",
+            "isNeutralButtonStyleEnabled",
+            "isSuwDayNightEnabled" -> bundle.putBoolean(method, true)
+
+            "getDeviceName" -> bundle.putCharSequence(method, getDeviceName())
+
+            "getOverlayConfig" -> fillOverlayConfig(bundle)
+        }
+        return bundle
+    }
+
+    private fun getDeviceName(): String {
+        var name = Settings.Global.getString(
+            requireContext().contentResolver,
+            Settings.Global.DEVICE_NAME
+        )
+        if (TextUtils.isEmpty(name)) {
+            name = Build.MODEL
+        }
+        return name
+    }
+
+    private fun fillOverlayConfig(bundle: Bundle) {
+        overlayConfigResources.forEach { resId ->
+            val context = requireContext()
+            val resName = context.resources.getResourceEntryName(resId)
+            val config = Bundle()
+            config.putString("packageName", context.packageName)
+            config.putString("resourceName", resName)
+            config.putInt("resourceId", resId)
+            bundle.putBundle(resName, config)
+        }
+    }
+}

From eb1a07557ce5b186376df126d53e09b624b7d32f Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 29 May 2024 19:55:22 +0300
Subject: [PATCH 056/117] export method for stringifying password errors from
 ChooseLockPassword

It's used by the duress password management UI in the next commit.
---
 .../settings/password/ChooseLockPassword.java | 31 ++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java
index e4d53c94d4a..04bd03c6661 100644
--- a/src/com/android/settings/password/ChooseLockPassword.java
+++ b/src/com/android/settings/password/ChooseLockPassword.java
@@ -863,11 +863,39 @@ public boolean onEditorAction(TextView v, int actionId, KeyEvent event) {
             return false;
         }
 
+    String[] convertErrorCodeToMessages() {
+        var pvec = new PasswordValidationErrorConverter(getContext(), mIsAlphaMode, mValidationErrors);
+        String[] res = pvec.convertErrorCodeToMessages();
+        mIsErrorTooShort = pvec.mIsErrorTooShort;
+        return res;
+    }
+
+    public static class PasswordValidationErrorConverter {
+        private final Context mContext;
+        private final boolean mIsAlphaMode;
+        private final List<PasswordValidationError> mValidationErrors;
+        public boolean mIsErrorTooShort = true;
+
+        public PasswordValidationErrorConverter(Context context, boolean isAlphaMode,
+                              List<PasswordValidationError> validationErrors) {
+            mContext = context;
+            mIsAlphaMode = isAlphaMode;
+            mValidationErrors = validationErrors;
+        }
+
+        private Context getContext() {
+            return mContext;
+        }
+
+        private String getString(int id) {
+            return mContext.getString(id);
+        }
+
         /**
          * @param errorCode error code returned from password validation.
          * @return an array of messages describing the error, important messages come first.
          */
-        String[] convertErrorCodeToMessages() {
+        public String[] convertErrorCodeToMessages() {
             List<String> messages = new ArrayList<>();
             mIsErrorTooShort = false;
             for (PasswordValidationError error : mValidationErrors) {
@@ -958,6 +986,7 @@ String[] convertErrorCodeToMessages() {
 
             return messages.toArray(new String[0]);
         }
+    }
 
         /**
          * Update the hint based on current Stage and length of password entry

From 9756af5086d209791b3389f53d06474f32780d58 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 29 May 2024 19:55:31 +0300
Subject: [PATCH 057/117] add duress password management UI

---
 AndroidManifest.xml                           |  20 ++
 res/layout/duress_password_setup.xml          |  67 ++++++
 res/values/strings_ext.xml                    |  27 +++
 .../security/DuressPasswordActivity.java      |  71 +++++++
 .../security/DuressPasswordMainActivity.java  | 182 ++++++++++++++++
 .../security/DuressPasswordSetupActivity.java | 196 ++++++++++++++++++
 6 files changed, 563 insertions(+)
 create mode 100644 res/layout/duress_password_setup.xml
 create mode 100644 src/com/android/settings/security/DuressPasswordActivity.java
 create mode 100644 src/com/android/settings/security/DuressPasswordMainActivity.java
 create mode 100644 src/com/android/settings/security/DuressPasswordSetupActivity.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index f787670961a..42fc56af891 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -3019,6 +3019,26 @@
             <meta-data android:name="com.android.settings.icon_tintable" android:value="true" />
         </activity>
 
+        <activity android:name=".security.DuressPasswordMainActivity"
+            android:excludeFromRecents="true"
+            android:theme="@style/GlifTheme.Light"
+            android:permission="android.permission.MANAGE_SAFETY_CENTER"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="com.android.settings.DURESS_PASSWORD_SETTINGS" />
+                <category android:name="android.intent.category.DEFAULT" />
+            </intent-filter>
+
+            <meta-data android:name="com.android.settings.HIGHLIGHT_MENU_KEY"
+                       android:value="@string/menu_key_safety_center"/>
+        </activity>
+
+        <activity android:name=".security.DuressPasswordSetupActivity"
+            android:excludeFromRecents="true"
+            android:theme="@style/GlifTheme.Light"
+            android:exported="false" />
+
         <activity android:name=".biometrics.fingerprint.FingerprintEnrollSuggestionActivity"
             android:exported="true"
             android:icon="@drawable/ic_suggestion_fingerprint">
diff --git a/res/layout/duress_password_setup.xml b/res/layout/duress_password_setup.xml
new file mode 100644
index 00000000000..a708b3fc3e5
--- /dev/null
+++ b/res/layout/duress_password_setup.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<com.google.android.setupdesign.GlifLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto"
+    android:id="@+id/glif_layout"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:icon="@drawable/ic_lock"
+>
+    <LinearLayout
+        android:layout_width="match_parent"
+        android:layout_height="match_parent"
+        android:orientation="vertical"
+        style="@style/SudContentFrame">
+
+        <TextView
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:textAppearance="@style/TextAppearance.Material3.TitleMedium"
+            android:text="@string/unlock_set_unlock_pin_title" />
+
+        <EditText
+            android:id="@+id/pin_input"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="16dp"
+            android:hint="@string/duress_pwd_enter_pin"
+            android:imeOptions="actionNext"
+            android:inputType="numberPassword" />
+
+        <EditText
+            android:id="@+id/pin_input_confirmation"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="16dp"
+            android:hint="@string/duress_pwd_confirm_pin"
+            android:imeOptions="actionNext"
+            android:inputType="numberPassword" />
+
+        <TextView
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="32dp"
+            android:textAppearance="@style/TextAppearance.Material3.TitleMedium"
+            android:text="@string/unlock_set_unlock_password_title" />
+
+        <EditText
+            android:id="@+id/password_input"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="16dp"
+            android:hint="@string/duress_pwd_enter_password"
+            android:imeOptions="actionNext"
+            android:inputType="textPassword" />
+
+        <EditText
+            android:id="@+id/password_input_confirmation"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="16dp"
+            android:hint="@string/duress_pwd_confirm_password"
+            android:imeOptions="actionDone"
+            android:inputType="textPassword" />
+
+    </LinearLayout>
+</com.google.android.setupdesign.GlifLayout>
diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 44e90a7e01b..29157cbee95 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -167,4 +167,31 @@ There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
         mode will be delayed until the port is disconnected. The same behavior applies to pogo pins.
     </string>
 
+    <string name="duress_pwd_pref_title">Duress password</string>
+    <string name="duress_pwd_description">"Duress password can be entered instead of the user password in any place that asks for it, such as the lock screen of any user and any user or work profile password prompt.
+
+Submitting the duress password will immediately make the storage contents permanently inaccessible, delete all eSIMs and then power off the device. GrapheneOS will remain installed.
+
+Duress PIN works the same way duress password does."</string>
+    <string name="duress_pwd_enter_pin">Enter duress PIN</string>
+    <string name="duress_pwd_confirm_pin">Confirm duress PIN</string>
+    <string name="duress_pwd_enter_password">Enter duress password</string>
+    <string name="duress_pwd_confirm_password">Confirm duress password</string>
+    <string name="duress_pwd_action_add">Add duress PIN and password</string>
+    <string name="duress_pwd_add_button">Add</string>
+    <string name="duress_pwd_toast_added">Added duress PIN and password</string>
+    <string name="duress_pwd_toast_updated">Updated duress PIN and password</string>
+    <string name="duress_pwd_update_button">Update</string>
+    <string name="duress_pwd_cancel_button">Cancel</string>
+    <string name="duress_pwd_proceed_button">Proceed</string>
+    <string name="duress_pwd_delete_button">Delete</string>
+    <string name="duress_pwd_action_update">Update duress PIN and password</string>
+    <string name="duress_pwd_action_delete">Delete duress PIN and password</string>
+    <string name="duress_pwd_action_delete_confirmation">Delete duress PIN and password?</string>
+    <string name="duress_pwd_save_warning_title">WARNING</string>
+    <string name="duress_pwd_save_warning_text">"Submitting the duress PIN/password instead of the user PIN/password <b>will immediately make the storage contents permanently inaccessible</b> and will delete all eSIMs."</string>
+    <string name="duress_pwd_save_error">Duress PIN and password were not saved.\n\nDetails:\n%1$s</string>
+    <string name="duress_pwd_delete_error">Duress PIN and password were not deleted.\n\nDetails:\n%1$s</string>
+    <string name="duress_pwd_error_dialog_dismiss">Dismiss</string>
+
 </resources>
diff --git a/src/com/android/settings/security/DuressPasswordActivity.java b/src/com/android/settings/security/DuressPasswordActivity.java
new file mode 100644
index 00000000000..54a6cb89feb
--- /dev/null
+++ b/src/com/android/settings/security/DuressPasswordActivity.java
@@ -0,0 +1,71 @@
+package com.android.settings.security;
+
+import android.app.Activity;
+import android.os.Bundle;
+import android.view.WindowManager;
+
+import androidx.annotation.Nullable;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.SetupWizardUtils;
+import com.android.settings.overlay.FeatureFactory;
+import com.google.android.setupdesign.GlifLayout;
+import com.google.android.setupdesign.template.DescriptionMixin;
+import com.google.android.setupdesign.util.ThemeHelper;
+
+public class DuressPasswordActivity extends Activity {
+
+    @Override
+    protected void onCreate(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        getWindow().addFlags(WindowManager.LayoutParams.FLAG_SECURE);
+
+        setTheme(SetupWizardUtils.getTheme(this, getIntent()));
+        ThemeHelper.trySetDynamicColor(this);
+
+        setResult(RESULT_OK);
+    }
+
+    protected boolean allowNextOnStop;
+
+    @Override
+    protected void onStop() {
+        super.onStop();
+        if (!isChangingConfigurations() && hasUserCredential()) {
+            if (allowNextOnStop) {
+                allowNextOnStop = false;
+            } else {
+                // require user credential to be re-entered after activity is backgrounded
+                setResult(RESULT_CANCELED);
+                finish();
+            }
+        }
+    }
+
+    protected boolean hasUserCredential() {
+        return true;
+    }
+
+    @Override
+    protected void onDestroy() {
+        super.onDestroy();
+        if (!isChangingConfigurations()) {
+            /** @see com.android.settings.password.ConfirmDeviceCredentialBaseActivity#onDestroy */
+            getMainThreadHandler().postDelayed(() -> {
+                System.gc();
+                System.runFinalization();
+                System.gc();
+            }, 5000);
+        }
+    }
+
+    static void adjustDescriptionStyle(GlifLayout l) {
+        l.getMixin(DescriptionMixin.class).getTextView().setTextSize(16f);
+    }
+
+    LockPatternUtils getLockPatternUtils() {
+        return FeatureFactory.getFeatureFactory()
+                .getSecurityFeatureProvider()
+                .getLockPatternUtils(this);
+    }
+}
diff --git a/src/com/android/settings/security/DuressPasswordMainActivity.java b/src/com/android/settings/security/DuressPasswordMainActivity.java
new file mode 100644
index 00000000000..e99f38e43a7
--- /dev/null
+++ b/src/com/android/settings/security/DuressPasswordMainActivity.java
@@ -0,0 +1,182 @@
+package com.android.settings.security;
+
+import android.app.AlertDialog;
+import android.content.Intent;
+import android.os.Bundle;
+import android.util.Log;
+
+import androidx.annotation.DrawableRes;
+import androidx.annotation.Nullable;
+import androidx.annotation.StringRes;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.settings.R;
+import com.android.settings.password.ChooseLockSettingsHelper;
+import com.google.android.setupdesign.GlifRecyclerLayout;
+import com.google.android.setupdesign.items.IItem;
+import com.google.android.setupdesign.items.Item;
+import com.google.android.setupdesign.items.ItemGroup;
+import com.google.android.setupdesign.items.RecyclerItemAdapter;
+
+import java.util.Objects;
+
+import static java.util.Objects.requireNonNull;
+
+public class DuressPasswordMainActivity extends DuressPasswordActivity implements RecyclerItemAdapter.OnItemSelectedListener {
+    private static final String TAG = DuressPasswordMainActivity.class.getSimpleName();
+    private static final String KEY_USER_CREDENTIAL = "user_credential";
+    private static final String KEY_HAS_ASKED_FOR_USER_CREDENTIALS = "asked_for_user_credentials";
+
+    private GlifRecyclerLayout layout;
+    private LockscreenCredential userCredential;
+    private boolean askedForUserCredentials;
+
+    @Override
+    protected void onCreate(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        var layout = new GlifRecyclerLayout(this);
+        this.layout = layout;
+        layout.setIcon(getDrawable(R.drawable.ic_lock));
+        layout.setHeaderText(R.string.duress_pwd_pref_title);
+        adjustDescriptionStyle(layout);
+        layout.setDescriptionText(R.string.duress_pwd_description);
+
+        setContentView(layout);
+
+        if (savedInstanceState != null) {
+            userCredential = savedInstanceState.getParcelable(KEY_USER_CREDENTIAL, LockscreenCredential.class);
+            askedForUserCredentials = requireNonNull(savedInstanceState.getBoolean2(KEY_HAS_ASKED_FOR_USER_CREDENTIALS));
+        }
+    }
+
+    @Override
+    protected boolean hasUserCredential() {
+        return userCredential != null && !userCredential.isNone();
+    }
+
+    @Override
+    protected void onSaveInstanceState(Bundle outState) {
+        super.onSaveInstanceState(outState);
+        outState.putParcelable(KEY_USER_CREDENTIAL, userCredential);
+        outState.putBoolean(KEY_HAS_ASKED_FOR_USER_CREDENTIALS, askedForUserCredentials);
+    }
+
+    @Override
+    protected void onResume() {
+        super.onResume();
+
+        if (userCredential == null) {
+            if (!getLockPatternUtils().isSecure(getUserId())) {
+                userCredential = LockscreenCredential.createNone();
+            } else if (!askedForUserCredentials) {
+                var b = new ChooseLockSettingsHelper.Builder(this);
+                b.setRequestCode(REQ_CODE_OBTAIN_USER_CREDENTIALS);
+                b.setReturnCredentials(true);
+                b.setForegroundOnly(true);
+                b.show();
+                askedForUserCredentials = true;
+            }
+        }
+
+        updateActionList();
+    }
+
+    private void updateActionList() {
+        if (userCredential == null) {
+            Log.d(TAG, "no userCredential, skipping updateActionList");
+            return;
+        }
+
+        var g = new ItemGroup();
+
+        if (getLockPatternUtils().hasDuressCredentials(userCredential)) {
+            g.addChild(createItem(R.string.duress_pwd_action_update, R.drawable.ic_edit));
+            g.addChild(createItem(R.string.duress_pwd_action_delete, R.drawable.ic_delete));
+        } else {
+            g.addChild(createItem(R.string.duress_pwd_action_add, R.drawable.ic_add_24dp));
+        }
+
+        var adapter = new RecyclerItemAdapter(g);
+        adapter.setOnItemSelectedListener(this);
+        layout.setAdapter(adapter);
+    }
+
+    private Item createItem(@StringRes int title, @DrawableRes int icon) {
+        var i = new Item();
+        i.setId(title);
+        i.setTitle(getText(title));
+        i.setIcon(getDrawable(icon));
+        return i;
+    }
+
+    // RecyclerItemAdapter.OnItemSelectedListener
+    @Override
+    public void onItemSelected(IItem iitem) {
+        Item item = (Item) iitem;
+        int id = item.getId();
+
+        if (id == R.string.duress_pwd_action_add || id == R.string.duress_pwd_action_update) {
+            var i = new Intent(this, DuressPasswordSetupActivity.class);
+            i.putExtra(DuressPasswordSetupActivity.EXTRA_TITLE_TEXT, id);
+            i.putExtra(DuressPasswordSetupActivity.EXTRA_USER_CREDENTIAL, userCredential);
+            allowNextOnStop = true;
+            startActivityForResult(i, REQ_CODE_SETUP);
+        } else if (id == R.string.duress_pwd_action_delete) {
+            var b = new AlertDialog.Builder(this);
+            b.setMessage(R.string.duress_pwd_action_delete_confirmation);
+            b.setPositiveButton(R.string.duress_pwd_delete_button, (dialog, which) -> {
+                LockPatternUtils lpu = getLockPatternUtils();
+                try {
+                    lpu.deleteDuressCredentials(userCredential);
+                } catch (Exception e) {
+                    Log.e(TAG, "deleteDuressCredentials failed", e);
+
+                    var d = new AlertDialog.Builder(this);
+                    d.setMessage(getString(R.string.duress_pwd_delete_error, e.toString()));
+                    d.setNeutralButton(R.string.duress_pwd_error_dialog_dismiss, null);
+                    d.show();
+                    return;
+                }
+                updateActionList();
+            });
+            b.setNegativeButton(R.string.duress_pwd_cancel_button, null);
+            b.show();
+        }
+    }
+
+    static final int REQ_CODE_OBTAIN_USER_CREDENTIALS = 1;
+    static final int REQ_CODE_SETUP = 2;
+
+    @Override
+    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+        if (requestCode == REQ_CODE_SETUP) {
+            if (resultCode == RESULT_CANCELED) {
+                finish();
+            }
+            return;
+        }
+
+        if (requestCode != REQ_CODE_OBTAIN_USER_CREDENTIALS) {
+            throw new IllegalStateException(Integer.toString(resultCode));
+        }
+
+        Log.d(TAG, "onActivityResult, requestCode: " + requestCode + ", resultCode: " + resultCode);
+
+        if (resultCode != RESULT_OK) {
+            finish();
+            return;
+        }
+
+        if (data == null) {
+            throw new IllegalStateException("data == null");
+        }
+
+        var credential = data.getParcelableExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, LockscreenCredential.class);
+        if (credential == null) {
+            throw new IllegalStateException("no returned credential");
+        }
+        userCredential = credential;
+    }
+}
diff --git a/src/com/android/settings/security/DuressPasswordSetupActivity.java b/src/com/android/settings/security/DuressPasswordSetupActivity.java
new file mode 100644
index 00000000000..9cedb11f872
--- /dev/null
+++ b/src/com/android/settings/security/DuressPasswordSetupActivity.java
@@ -0,0 +1,196 @@
+package com.android.settings.security;
+
+import android.app.AlertDialog;
+import android.os.Bundle;
+import android.util.Log;
+import android.view.KeyEvent;
+import android.view.inputmethod.EditorInfo;
+import android.widget.EditText;
+import android.widget.TextView;
+import android.widget.Toast;
+
+import androidx.annotation.IdRes;
+import androidx.annotation.Nullable;
+import androidx.annotation.StringRes;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.internal.widget.PasswordValidationError;
+import com.android.settings.R;
+import com.android.settings.password.ChooseLockPassword.ChooseLockPasswordFragment.PasswordValidationErrorConverter;
+import com.google.android.setupcompat.template.FooterBarMixin;
+import com.google.android.setupcompat.template.FooterButton;
+import com.google.android.setupdesign.GlifLayout;
+
+import java.util.List;
+import java.util.Objects;
+import java.util.function.Function;
+
+public class DuressPasswordSetupActivity extends DuressPasswordActivity
+        implements TextView.OnEditorActionListener {
+    static final String TAG = DuressPasswordSetupActivity.class.getSimpleName();
+    static final String EXTRA_USER_CREDENTIAL = "user_credential";
+    static final String EXTRA_TITLE_TEXT = "title";
+    private boolean isUpdate;
+
+    enum DuressCredentialType {
+        PIN(LockscreenCredential::createPin,
+                R.id.pin_input, R.id.pin_input_confirmation,
+                R.string.lockpassword_confirm_pins_dont_match),
+        PASSWORD(LockscreenCredential::createPassword,
+                R.id.password_input, R.id.password_input_confirmation,
+                R.string.lockpassword_confirm_passwords_dont_match),
+        ;
+
+        final Function<String, LockscreenCredential> credenialCreator;
+        final @IdRes int mainInputId;
+        final @IdRes int confirmationInputId;
+        final @StringRes int confirmationMismatchText;
+
+        DuressCredentialType(Function<String, LockscreenCredential> credenialCreator,
+                             int mainInputId, int confirmationInputId,
+                             int confirmationMismatchText) {
+            this.credenialCreator = credenialCreator;
+            this.mainInputId = mainInputId;
+            this.confirmationInputId = confirmationInputId;
+            this.confirmationMismatchText = confirmationMismatchText;
+        }
+
+        LockscreenCredential createCredential(DuressPasswordSetupActivity activity) {
+            EditText ed = activity.requireViewById(mainInputId);
+            return credenialCreator.apply(ed.getText().toString());
+        }
+    }
+
+    @Override
+    protected void onCreate(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        setContentView(R.layout.duress_password_setup);
+
+        GlifLayout layout = requireViewById(R.id.glif_layout);
+        int headerText = getIntent().getExtras().getNumber(EXTRA_TITLE_TEXT);
+        isUpdate = headerText == R.string.duress_pwd_action_update;
+        layout.setHeaderText(headerText);
+        adjustDescriptionStyle(layout);
+
+        FooterBarMixin footerBar = layout.getMixin(FooterBarMixin.class);
+        {
+            var b = new FooterButton.Builder(this);
+            b.setText(isUpdate ? R.string.duress_pwd_update_button : R.string.duress_pwd_add_button);
+            b.setButtonType(FooterButton.ButtonType.DONE);
+            b.setListener(v -> save());
+            b.setTheme(com.google.android.setupdesign.R.style.SudGlifButton_Primary);
+            footerBar.setPrimaryButton(b.build());
+        }
+        {
+            var b = new FooterButton.Builder(this);
+            b.setText(R.string.duress_pwd_cancel_button);
+            b.setButtonType(FooterButton.ButtonType.CANCEL);
+            b.setListener(v -> finish());
+            b.setTheme(com.google.android.setupdesign.R.style.SudGlifButton_Secondary);
+            footerBar.setSecondaryButton(b.build());
+        }
+        for (var ct : DuressCredentialType.values()) {
+            for (int id : new int[] { ct.mainInputId, ct.confirmationInputId }) {
+                EditText ed = requireViewById(id);
+                ed.setTag(ct);
+                ed.setOnEditorActionListener(this);
+            }
+        }
+    }
+
+    // TextView.OnEditorActionListener
+    @Override
+    public boolean onEditorAction(TextView v, int actionId, KeyEvent event) {
+        if ((actionId != EditorInfo.IME_ACTION_NEXT && actionId != EditorInfo.IME_ACTION_DONE)) {
+            return false;
+        }
+
+        EditText ed = (EditText) v;
+        DuressCredentialType ct = (DuressCredentialType) ed.getTag();
+        int id = v.getId();
+
+        if (id == ct.mainInputId) {
+            return !checkCredentialInputErrors(ct);
+        }
+        if (id == ct.confirmationInputId) {
+            return !checkCredentialConfirmationError(ct);
+        }
+        return false;
+    }
+
+    private void save() {
+        boolean credentialCheckRes = true;
+        for (DuressCredentialType ct : DuressCredentialType.values()) {
+            credentialCheckRes &= checkCredentialInputErrors(ct);
+            credentialCheckRes &= checkCredentialConfirmationError(ct);
+        }
+        if (!credentialCheckRes) {
+            return;
+        }
+
+        var userCredential = getIntent().getParcelableExtra(EXTRA_USER_CREDENTIAL, LockscreenCredential.class);
+        Objects.requireNonNull(userCredential, EXTRA_USER_CREDENTIAL);
+        LockscreenCredential pin = DuressCredentialType.PIN.createCredential(this);
+        LockscreenCredential password = DuressCredentialType.PASSWORD.createCredential(this);
+        LockPatternUtils lockPatternUtils = getLockPatternUtils();
+
+        Runnable save = () -> {
+            try {
+                lockPatternUtils.setDuressCredentials(userCredential, pin, password);
+            } catch (Exception e) {
+                Log.e(TAG, "setDuressCredentials failed", e);
+
+                var d = new AlertDialog.Builder(this);
+                d.setMessage(getString(R.string.duress_pwd_save_error, e.toString()));
+                d.setNeutralButton(R.string.duress_pwd_error_dialog_dismiss, null);
+                d.show();
+                return;
+            }
+            Toast.makeText(this,
+                    isUpdate ? R.string.duress_pwd_toast_updated : R.string.duress_pwd_toast_added,
+                    Toast.LENGTH_LONG).show();
+            finish();
+        };
+
+        if (isUpdate) {
+            save.run();
+        } else {
+            var warning = new AlertDialog.Builder(this);
+            warning.setTitle(R.string.duress_pwd_save_warning_title);
+            warning.setMessage(R.string.duress_pwd_save_warning_text);
+            warning.setNegativeButton(R.string.duress_pwd_cancel_button, null);
+            warning.setPositiveButton(R.string.duress_pwd_proceed_button, (d, w) -> {
+                save.run();
+            });
+            warning.show();
+        }
+    }
+
+    private boolean checkCredentialInputErrors(DuressCredentialType ct) {
+        EditText ed = requireViewById(ct.mainInputId);
+        String text = ed.getText().toString();
+        LockscreenCredential c = ct.credenialCreator.apply(text);
+
+        List<PasswordValidationError> errors = LockPatternUtils.validateDuressCredential(c);
+        String error = null;
+        boolean res = true;
+        if (!errors.isEmpty()) {
+            res = false;
+            var pvec = new PasswordValidationErrorConverter(this, c.isPassword(), errors);
+            error = String.join("\n", pvec.convertErrorCodeToMessages());
+        }
+        ed.setError(error);
+        return res;
+    }
+
+    private boolean checkCredentialConfirmationError(DuressCredentialType ct) {
+        EditText main = requireViewById(ct.mainInputId);
+        EditText confirmation = requireViewById(ct.confirmationInputId);
+
+        boolean res = main.getText().toString().equals(confirmation.getText().toString());
+        confirmation.setError(res ? null : getText(ct.confirmationMismatchText));
+        return res;
+    }
+}

From ad411d672296844e87ef2d355def0e5b5484d24f Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 13 Jun 2024 17:48:35 +0300
Subject: [PATCH 058/117] remove blank illustration from "Screen resolution"
 screen

---
 src/com/android/settings/display/ScreenResolutionFragment.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/com/android/settings/display/ScreenResolutionFragment.java b/src/com/android/settings/display/ScreenResolutionFragment.java
index ae37ab9e1b8..d5340a61b9c 100644
--- a/src/com/android/settings/display/ScreenResolutionFragment.java
+++ b/src/com/android/settings/display/ScreenResolutionFragment.java
@@ -101,8 +101,6 @@ protected int getPreferenceScreenResId() {
 
     @Override
     protected void addStaticPreferences(PreferenceScreen screen) {
-        screen.addPreference(mImagePreference);
-
         final FooterPreference footerPreference = new FooterPreference(screen.getContext());
         footerPreference.setTitle(R.string.screen_resolution_footer);
         footerPreference.setSelectable(false);

From 8d1e13a46c35b05114a70260e0680b84fc99d6bd Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Mon, 8 Jul 2024 10:21:18 +0300
Subject: [PATCH 059/117] fix fingerprint enrollment on Google devices with
 side FP scanner

---
 Android.bp                                    |   1 +
 res/values/arrays.xml                         |   2 +
 .../feature/SfpsEnrollmentFeatureImpl.java    | 125 ++++++++++++++++++
 .../biometrics/sidefps/IFingerprintExt.aidl   |   5 +
 4 files changed, 133 insertions(+)
 create mode 100644 src/com/google/hardware/biometrics/sidefps/IFingerprintExt.aidl

diff --git a/Android.bp b/Android.bp
index 420bf5ab07c..094784690a1 100644
--- a/Android.bp
+++ b/Android.bp
@@ -55,6 +55,7 @@ android_library {
     srcs: [
         "src/**/*.java",
         "src/**/*.kt",
+        "src/**/*.aidl",
     ],
     exclude_srcs: [
         "src/com/android/settings/biometrics/fingerprint2/lib/**/*.kt",
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index febdb0412a4..adca989a607 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -1630,4 +1630,6 @@
     <!-- Packages that will not show Display over other apps permission -->
     <string-array name="display_over_apps_permission_change_exempt">
     </string-array>
+    <string-array name="fingerprint_acquired_vendor" />
+
 </resources>
diff --git a/src/com/android/settings/biometrics/fingerprint/feature/SfpsEnrollmentFeatureImpl.java b/src/com/android/settings/biometrics/fingerprint/feature/SfpsEnrollmentFeatureImpl.java
index bf97478feef..a70144d47e7 100644
--- a/src/com/android/settings/biometrics/fingerprint/feature/SfpsEnrollmentFeatureImpl.java
+++ b/src/com/android/settings/biometrics/fingerprint/feature/SfpsEnrollmentFeatureImpl.java
@@ -25,21 +25,34 @@
 
 import android.animation.Animator;
 import android.animation.ObjectAnimator;
+import android.app.AlertDialog;
 import android.content.Context;
 import android.content.res.Configuration;
+import android.hardware.biometrics.BiometricFingerprintConstants;
 import android.hardware.fingerprint.FingerprintManager;
+import android.os.Build;
+import android.os.IBinder;
+import android.os.RemoteException;
+import android.os.ServiceManager;
+import android.util.Log;
 import android.view.View;
 import android.view.animation.AccelerateInterpolator;
 
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
+import androidx.core.util.Preconditions;
 
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.settings.R;
+import com.android.settings.biometrics.fingerprint.FingerprintEnrollEnrolling;
+import com.google.hardware.biometrics.sidefps.IFingerprintExt;
 
 import java.util.function.Function;
+import java.util.function.Supplier;
 
 public class SfpsEnrollmentFeatureImpl implements SfpsEnrollmentFeature {
+    static final String TAG = SfpsEnrollmentFeatureImpl.class.getSimpleName();
+
     @VisibleForTesting
     public static final int HELP_ANIMATOR_DURATION = 550;
 
@@ -89,8 +102,31 @@ public int getSfpsEnrollLottiePerStage(int stage) {
         };
     }
 
+    private final boolean isGoogleDevice = "google".equals(Build.BRAND);
+    private float[] mEnrollStageThresholds;
+
     @Override
     public float getEnrollStageThreshold(@NonNull Context context, int index) {
+        if (isGoogleDevice) {
+            Log.d(TAG, "getEnrollStageThreshold " + index);
+            if (mEnrollStageThresholds == null) {
+                // TODO: extract these values automatically from SettingsGoogle resource:
+                //  com.google.android.settings.R.array.config_sfps_enroll_stage_thresholds
+                mEnrollStageThresholds = new float[] {
+                        0f, 0.04f, 0.48f, 0.52f
+                };
+            }
+
+            // this logic was copied from FingerprintManager.getEnrollStageThreshold()
+
+            if (index < 0 || index > mEnrollStageThresholds.length) {
+                Log.w(TAG, "Unsupported enroll stage index: " + index);
+                return index < 0 ? 0f : 1f;
+            }
+
+            return index == mEnrollStageThresholds.length ? 1f : mEnrollStageThresholds[index];
+        }
+
         if (mFingerprintManager == null) {
             mFingerprintManager = context.getSystemService(FingerprintManager.class);
         }
@@ -113,4 +149,93 @@ public Animator getHelpAnimator(@NonNull View target) {
     public boolean shouldAdjustHeaderText(@NonNull Configuration conf, boolean isFolded) {
         return conf.orientation == Configuration.ORIENTATION_LANDSCAPE;
     }
+
+    @Override
+    public void handleOnEnrollmentHelp(int helpMsgId, CharSequence helpString, Supplier<FingerprintEnrollEnrolling> enrollingSupplier) {
+        if (isGoogleDevice) {
+            Log.d(TAG, "handleOnEnrollmentHelp, helpMsgId: " + helpMsgId + ", helpString: " + helpString, new Throwable());
+            if (helpMsgId == BiometricFingerprintConstants.FINGERPRINT_ACQUIRED_VENDOR_BASE ||
+                    helpMsgId == BiometricFingerprintConstants.FINGERPRINT_ACQUIRED_IMMOBILE) {
+                Context ctx = enrollingSupplier.get();
+                Log.d(TAG, "getVendorString: " + getVendorString(ctx, 0));
+
+                if (getGoogleFingerprintExt() == null) {
+                    return;
+                }
+
+                if (mHelpDialog != null) {
+                    mHelpDialog.dismiss();
+                    mHelpDialog = null;
+                }
+
+                var d = new AlertDialog.Builder(ctx);
+                d.setMessage(getVendorString(ctx, VENDOR_STRING_FINGERPRINT_ACQUIRED_IMMOBILE));
+                d.setPositiveButton(android.R.string.ok, (dialog, which) -> {
+                    resumeEnroll();
+                });
+                mHelpDialog = d.show();
+            }
+        }
+    }
+
+    private AlertDialog mHelpDialog;
+
+    @Override
+    public CharSequence getFeaturedVendorString(Context context, int id, CharSequence msg) {
+        if (!isGoogleDevice) {
+            return msg;
+        }
+
+        Log.d(TAG, "getFeaturedVendorString, id: " + id + ", msg: " + msg, new Throwable());
+
+        if (id == BiometricFingerprintConstants.FINGERPRINT_ACQUIRED_VENDOR_BASE ||
+                id == BiometricFingerprintConstants.FINGERPRINT_ACQUIRED_IMMOBILE) {
+            return getVendorString(context, VENDOR_STRING_FINGERPRINT_ACQUIRED_IMMOBILE);
+        }
+
+       return msg;
+    }
+
+    private static final int VENDOR_STRING_FINGERPRINT_ACQUIRED_IMMOBILE = 0;
+
+    private static String getVendorString(Context ctx, int index) {
+        String[] strings = ctx.getResources().getStringArray(R.array.fingerprint_acquired_vendor);
+        Preconditions.checkArgumentInRange(index, 0, strings.length - 1, "vendor string index");
+        return strings[index];
+    }
+
+    @Nullable
+    private static IFingerprintExt getGoogleFingerprintExt() {
+        String fpServiceName = android.hardware.biometrics.fingerprint.IFingerprint.class.getName() + "/default";
+        IBinder fpService = ServiceManager.getService(fpServiceName);
+        if (fpService == null) {
+            throw new IllegalStateException(fpServiceName + " is null");
+        }
+
+        IBinder fpServiceExt;
+        try {
+            fpServiceExt = fpService.getExtension();
+        } catch (RemoteException e) {
+            throw new IllegalStateException(e);
+        }
+
+        if (fpServiceExt == null) {
+            Log.e(TAG, "no IFingerprintExt");
+            return null;
+        }
+
+        return IFingerprintExt.Stub.asInterface(fpServiceExt);
+    }
+
+    private static void resumeEnroll() {
+        IFingerprintExt fpExt = getGoogleFingerprintExt();
+        if (fpExt == null) {
+            return;
+        }
+        try {
+            fpExt.resumeEnroll();
+        } catch (RemoteException e) {
+            Log.e(TAG, "", e);
+        }
+    }
 }
diff --git a/src/com/google/hardware/biometrics/sidefps/IFingerprintExt.aidl b/src/com/google/hardware/biometrics/sidefps/IFingerprintExt.aidl
new file mode 100644
index 00000000000..9fa1fd500e5
--- /dev/null
+++ b/src/com/google/hardware/biometrics/sidefps/IFingerprintExt.aidl
@@ -0,0 +1,5 @@
+package com.google.hardware.biometrics.sidefps;
+
+interface IFingerprintExt {
+    void resumeEnroll() = 1;
+}

From a96b36e43e563fd3049237a4bb0edc18c49bb6a8 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 19 Jun 2024 17:24:09 +0300
Subject: [PATCH 060/117] add toggle for alternative touchscreen mode

---
 res/values/strings_ext.xml                    |  5 ++
 res/xml/display_settings.xml                  |  6 +++
 .../AltTouchscreenModePrefController.java     | 52 +++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 src/com/android/settings/display/AltTouchscreenModePrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 29157cbee95..8ce9a414c52 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -194,4 +194,9 @@ Duress PIN works the same way duress password does."</string>
     <string name="duress_pwd_delete_error">Duress PIN and password were not deleted.\n\nDetails:\n%1$s</string>
     <string name="duress_pwd_error_dialog_dismiss">Dismiss</string>
 
+    <string name="alt_touchscreen_mode_title">Alternative touchscreen mode</string>
+    <string name="alt_touchscreen_mode_summary">This mode is less susceptible to ghost touches. Don’t enable it unless you are experiencing touchscreen issues.</string>
+    <string name="alt_touchscreen_mode_confirm_message">Confirm that the touchscreen is working. Without confirmation, alternative touchscreen mode will be disabled after several seconds.</string>
+    <string name="alt_touchscreen_mode_confirm_button">Confirm</string>
+
 </resources>
diff --git a/res/xml/display_settings.xml b/res/xml/display_settings.xml
index 99e1cf9f9c7..d76dfb45259 100644
--- a/res/xml/display_settings.xml
+++ b/res/xml/display_settings.xml
@@ -172,6 +172,12 @@
             android:summary="@string/touch_sensitivity_summary"
             settings:controller="com.android.settings.display.TouchSensitivityPreferenceController" />
 
+        <SwitchPreferenceCompat
+            android:key="alt_touchscreen_mode"
+            android:title="@string/alt_touchscreen_mode_title"
+            android:summary="@string/alt_touchscreen_mode_summary"
+            settings:controller="com.android.settings.display.AltTouchscreenModePrefController" />
+
         <SwitchPreferenceCompat
             android:key="show_operator_name"
             android:title="@string/show_operator_name_title"
diff --git a/src/com/android/settings/display/AltTouchscreenModePrefController.java b/src/com/android/settings/display/AltTouchscreenModePrefController.java
new file mode 100644
index 00000000000..70a27cbe814
--- /dev/null
+++ b/src/com/android/settings/display/AltTouchscreenModePrefController.java
@@ -0,0 +1,52 @@
+package com.android.settings.display;
+
+import android.app.AlertDialog;
+import android.content.Context;
+import android.ext.settings.AltTouchscreenMode;
+import android.os.Handler;
+import android.os.PowerManager;
+
+import com.android.settings.ext.BoolSettingPrefController;
+import com.android.settings.R;
+
+public class AltTouchscreenModePrefController extends BoolSettingPrefController {
+
+    public AltTouchscreenModePrefController(Context ctx, String key) {
+        super(ctx, key, AltTouchscreenMode.getSetting());
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (!AltTouchscreenMode.isAvailable(mContext)) {
+            return UNSUPPORTED_ON_DEVICE;
+        }
+
+        return super.getAvailabilityStatus();
+    }
+
+    @Override
+    public boolean setChecked(boolean isChecked) {
+        super.setChecked(isChecked);
+        if (!isChecked) {
+            return true;
+        }
+
+        Handler handler = mContext.getMainThreadHandler();
+        Runnable undo = () -> {
+            super.setChecked(false);
+            mContext.getSystemService(PowerManager.class).reboot(null);
+        };
+        // disable the alt mode after a delay unless the user confirms that the touchscreen is
+        // still working
+        handler.postDelayed(undo, 10_000);
+
+        var b = new AlertDialog.Builder(mContext);
+        b.setMessage(R.string.alt_touchscreen_mode_confirm_message);
+        b.setPositiveButton(R.string.alt_touchscreen_mode_confirm_button, (d, btn) -> {
+            handler.removeCallbacks(undo);
+        });
+        b.show();
+
+        return true;
+    }
+}

From 427303d598641a4ed42c86cbc72487a06cc99d18 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Mon, 12 Aug 2024 18:39:08 +0300
Subject: [PATCH 061/117] add lockscreen PIN input layout scrambling toggle

---
 res/values/strings_ext.xml                    |  1 +
 res/xml/screen_lock_settings.xml              |  4 ++
 .../PinScramblingPrefController.java          | 41 +++++++++++++++++++
 .../screenlock/ScreenLockSettings.java        |  3 ++
 4 files changed, 49 insertions(+)
 create mode 100644 src/com/android/settings/security/screenlock/PinScramblingPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 8ce9a414c52..ff3f75178c9 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -11,6 +11,7 @@
 
     <string name="app_exploit_protection_category">App exploit protection</string>
 
+    <string name="scramble_pin_title">Scramble PIN input layout</string>
 
     <string name="auto_grant_OTHER_SENSORS_permission_title">Allow Sensors permission to apps by default</string>
     <string name="auto_grant_OTHER_SENSORS_permission_summary_on">Sensors is a non-standard permission, apps may malfunction if it’s denied.</string>
diff --git a/res/xml/screen_lock_settings.xml b/res/xml/screen_lock_settings.xml
index d2553f61a25..c6f0f081b43 100644
--- a/res/xml/screen_lock_settings.xml
+++ b/res/xml/screen_lock_settings.xml
@@ -33,6 +33,10 @@
         android:title="@string/lock_screen_auto_pin_confirm_title"
         android:summary="@string/lock_screen_auto_pin_confirm_summary" />
 
+    <SwitchPreferenceCompat
+        android:key="scramble_pin_layout"
+        android:title="@string/scramble_pin_title" />
+
     <SwitchPreferenceCompat
         android:key="enhancedPinPrivacy"
         android:title="@string/lockpattern_settings_enhanced_pin_privacy_title"
diff --git a/src/com/android/settings/security/screenlock/PinScramblingPrefController.java b/src/com/android/settings/security/screenlock/PinScramblingPrefController.java
new file mode 100644
index 00000000000..66db573a5d5
--- /dev/null
+++ b/src/com/android/settings/security/screenlock/PinScramblingPrefController.java
@@ -0,0 +1,41 @@
+package com.android.settings.security.screenlock;
+
+import static com.android.internal.widget.LockDomain.Primary;
+
+import android.content.Context;
+import android.ext.settings.ExtSettings;
+
+import com.android.internal.widget.LockDomain;
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.ext.BoolSettingPrefController;
+import com.android.settings.overlay.FeatureFactory;
+
+public class PinScramblingPrefController extends BoolSettingPrefController {
+
+    private final LockPatternUtils mLockPatternUtils;
+    private final LockDomain mLockDomain;
+
+    static final String PREF_KEY = "scramble_pin_layout";
+
+    public PinScramblingPrefController(Context ctx, LockDomain lockDomain) {
+        super(ctx, PREF_KEY, lockDomain == Primary ?
+                ExtSettings.SCRAMBLE_LOCKSCREEN_PIN_LAYOUT_PRIMARY :
+                ExtSettings.SCRAMBLE_LOCKSCREEN_PIN_LAYOUT_SECONDARY);
+        mLockDomain = lockDomain;
+        mLockPatternUtils = FeatureFactory.getFeatureFactory()
+                .getSecurityFeatureProvider()
+                .getLockPatternUtils(ctx);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        int res = super.getAvailabilityStatus();
+        if (res == AVAILABLE) {
+            if (mLockPatternUtils.getCredentialTypeForUser(mContext.getUserId(), mLockDomain)
+                    != LockPatternUtils.CREDENTIAL_TYPE_PIN) {
+                return CONDITIONALLY_UNAVAILABLE;
+            }
+        }
+        return res;
+    }
+}
diff --git a/src/com/android/settings/security/screenlock/ScreenLockSettings.java b/src/com/android/settings/security/screenlock/ScreenLockSettings.java
index 1c66b711382..ae3caac6ba6 100644
--- a/src/com/android/settings/security/screenlock/ScreenLockSettings.java
+++ b/src/com/android/settings/security/screenlock/ScreenLockSettings.java
@@ -16,6 +16,8 @@
 
 package com.android.settings.security.screenlock;
 
+import static com.android.internal.widget.LockDomain.Primary;
+
 import android.app.Activity;
 import android.app.settings.SettingsEnums;
 import android.content.Context;
@@ -89,6 +91,7 @@ private static List<AbstractPreferenceController> buildPreferenceControllers(Con
         controllers.add(new AutoPinConfirmPreferenceController(
                 context, MY_USER_ID, lockPatternUtils, parent));
         controllers.add(new OwnerInfoPreferenceController(context, parent));
+        controllers.add(new PinScramblingPrefController(context, Primary));
         return controllers;
     }
 

From d4a8ac7d420c5372499abf30b56e062c3e05c144 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Mon, 12 Aug 2024 18:39:20 +0300
Subject: [PATCH 062/117] add SIM PIN/PUK input layout scrambling setting

---
 res/xml/sim_lock_settings.xml                 | 5 +++++
 src/com/android/settings/IccLockSettings.java | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/res/xml/sim_lock_settings.xml b/res/xml/sim_lock_settings.xml
index 02db847aef5..baa0ad597b5 100644
--- a/res/xml/sim_lock_settings.xml
+++ b/res/xml/sim_lock_settings.xml
@@ -23,6 +23,11 @@
             android:summaryOn="@string/sim_lock_on"
             android:summaryOff="@string/sim_lock_off"/>
 
+    <SwitchPreferenceCompat
+            android:key="sim_scramble_pin_layout"
+            android:dependency="sim_toggle"
+            android:title="@string/scramble_pin_title"/>
+
     <com.android.settings.EditPinPreference
             android:key="sim_pin"
             android:dependency="sim_toggle"
diff --git a/src/com/android/settings/IccLockSettings.java b/src/com/android/settings/IccLockSettings.java
index 422610a4856..4678ae96be4 100644
--- a/src/com/android/settings/IccLockSettings.java
+++ b/src/com/android/settings/IccLockSettings.java
@@ -23,6 +23,7 @@
 import android.content.IntentFilter;
 import android.content.res.Configuration;
 import android.content.res.Resources;
+import android.ext.settings.ExtSettings;
 import android.graphics.PixelFormat;
 import android.os.AsyncTask;
 import android.os.Bundle;
@@ -124,6 +125,7 @@ public class IccLockSettings extends SettingsPreferenceFragment
 
     private EditPinPreference mPinDialog;
     private TwoStatePreference mPinToggle;
+    private TwoStatePreference mPinScramblingToggle;
 
     private Resources mRes;
 
@@ -195,6 +197,10 @@ public void onCreate(Bundle savedInstanceState) {
 
         mPinDialog = (EditPinPreference) findPreference(PIN_DIALOG);
         mPinToggle = (TwoStatePreference) findPreference(PIN_TOGGLE);
+        mPinScramblingToggle = (TwoStatePreference) findPreference("sim_scramble_pin_layout");
+        mPinScramblingToggle.setOnPreferenceChangeListener((preference, newValue) -> {
+            return ExtSettings.SCRAMBLE_SIM_PIN_LAYOUT.put(requireContext(), (boolean) newValue);
+        });
         if (savedInstanceState != null) {
             if (savedInstanceState.containsKey(DIALOG_STATE)
                     && restoreDialogStates(savedInstanceState)) {
@@ -358,6 +364,8 @@ private void updatePreferences() {
                 mPinToggle.setChecked(isIccLockEnabled());
             }
         }
+
+        mPinScramblingToggle.setChecked(ExtSettings.SCRAMBLE_SIM_PIN_LAYOUT.get(requireContext()));
     }
 
     @Override

From 4353dd3b2ec9bf21c45b7366b084f8fde668d566 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 18 Aug 2024 13:12:36 +0300
Subject: [PATCH 063/117] hide CameraExtensionsFallback toggle when it's a
 no-op

---
 .../CameraExtensionsFallbackPreferenceController.java     | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/com/android/settings/privacy/CameraExtensionsFallbackPreferenceController.java b/src/com/android/settings/privacy/CameraExtensionsFallbackPreferenceController.java
index 1d9c3543b9d..aa4d83ccb74 100644
--- a/src/com/android/settings/privacy/CameraExtensionsFallbackPreferenceController.java
+++ b/src/com/android/settings/privacy/CameraExtensionsFallbackPreferenceController.java
@@ -48,6 +48,14 @@ public boolean setChecked(boolean isChecked) {
 
     @Override
     public int getAvailabilityStatus() {
+        if (!com.android.internal.camera.flags.Flags.concertMode()) {
+            // this toggle is a no-op when concert_mode flag is off
+            return CONDITIONALLY_UNAVAILABLE;
+        }
+        if (mContext.getString(com.android.internal.R.string.config_extensionFallbackPackageName).isEmpty()) {
+            // this toggle is a no-op when there's no fallback camera extension package
+            return CONDITIONALLY_UNAVAILABLE;
+        }
         return AVAILABLE;
     }
 

From f26cf325f47da98196bbeb46f9f005ef5cac8a03 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 11 Jan 2024 18:26:58 +0200
Subject: [PATCH 064/117] add per-app memory DCL restriction setting

---
 AndroidManifest.xml                           | 17 ++++
 res/values/strings_app_exploit_protection.xml | 11 +++
 res/xml/exploit_protection_settings.xml       | 11 +++
 src/com/android/settings/Settings.java        |  2 +
 .../applications/AppMemoryDynCodeLoading.kt   | 92 +++++++++++++++++++
 .../core/gateway/SettingsGateway.java         |  1 +
 .../settings/spa/SettingsSpaEnvironment.kt    |  1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 8 files changed, 136 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppMemoryDynCodeLoading.kt

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 42fc56af891..45c5f30fd8d 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5567,5 +5567,22 @@
                 android:value="@string/menu_key_apps"/>
         </activity>
 
+        <activity
+            android:name=".Settings$AppMemoryDynCodeLoadingActivity"
+            android:permission="android.permission.WRITE_SECURE_SETTINGS"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="android.settings.OPEN_APP_MEMORY_DYN_CODE_LOADING_SETTINGS" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="package" />
+            </intent-filter>
+
+            <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
+                android:value="com.android.settings.applications.AppMemoryDynCodeLoadingFragment"/>
+            <meta-data android:name="com.android.settings.HIGHLIGHT_MENU_KEY"
+                android:value="@string/menu_key_apps"/>
+        </activity>
+
     </application>
 </manifest>
diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index bd5777efb49..1c4a54c5726 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -74,4 +74,15 @@ compatible with it (e.g. apps that don’t have native code), regardless of this
     <string name="aep_default_memtag_summary_off">
         Disabled by default, except for apps that are known to be compatible with memory tagging</string>
 
+    <string name="dcl_notif_toggle_title">Show notifications about blocked DCL attempts</string>
+    <string name="aep_default_dcl_footer_ending">This setting doesn’t apply to preinstalled apps, which are always restricted from performing DCL.</string>
+
+    <string name="aep_memory_dcl">Dynamic code loading via memory</string>
+    <string name="aep_memory_dcl_short">DCL via memory</string>
+    <string name="aep_memory_dcl_dvr_is_system_app">DCL via memory is always restricted for this preinstalled app</string>
+    <string name="aep_memory_dcl_footer">
+"Dynamic code loading (DCL) via memory is usually performed by apps that use just-in-time (JIT) compilation to run code from outside their APKs.
+DCL makes the app more vulnerable to exploitation, since the dynamically loaded code can be tampered with or substituted."
+    </string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 530e97cd956..461a0699dd1 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -66,6 +66,17 @@
             android:title="@string/aep_native_debug_title"
             settings:controller="com.android.settings.applications.NativeDebuggingAppListPrefController" />
 
+        <Preference
+            android:key="aep_memory_dcl"
+            android:title="@string/aep_memory_dcl"
+            android:fragment="com.android.settings.applications.AppDefaultMemoryDynCodeLoadingFragment"
+            settings:controller="com.android.settings.applications.AppDefaultMemoryDynCodeLoadingPrefController" />
+
+        <Preference
+            android:key="aep_memory_dcl_app_list"
+            android:title="@string/aep_memory_dcl"
+            settings:controller="com.android.settings.applications.MemoryDynCodeLoadingAppListPrefController" />
+
         <Preference
             android:key="exec_spawning"
             android:title="@string/exec_spawning_title"
diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
index fa6e1115711..94a5d40bdf4 100644
--- a/src/com/android/settings/Settings.java
+++ b/src/com/android/settings/Settings.java
@@ -527,6 +527,8 @@ public static class AppMemtagActivity extends SettingsActivity {}
 
     public static class AppHardenedMallocActivity extends SettingsActivity {}
 
+    public static class AppMemoryDynCodeLoadingActivity extends SettingsActivity {}
+
     public static class AppNativeDebuggingActivity extends SettingsActivity {}
 
     public static class ExploitProtectionActivity extends SettingsActivity {}
diff --git a/src/com/android/settings/applications/AppMemoryDynCodeLoading.kt b/src/com/android/settings/applications/AppMemoryDynCodeLoading.kt
new file mode 100644
index 00000000000..92444f2847f
--- /dev/null
+++ b/src/com/android/settings/applications/AppMemoryDynCodeLoading.kt
@@ -0,0 +1,92 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.ExtSettings
+import android.ext.settings.app.AppSwitch
+import android.ext.settings.app.AswRestrictMemoryDynCodeLoading
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.preference.PreferenceScreen
+import com.android.settings.R
+import com.android.settings.ext.BoolSettingFragment
+import com.android.settings.ext.BoolSettingFragmentPrefController
+import com.android.settings.ext.ExtSettingControllerHelper
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.widget.FooterPreference
+
+object AswAdapterMemoryDynCodeLoading : AswAdapter<AswRestrictMemoryDynCodeLoading>() {
+
+    override fun getAppSwitch() = AswRestrictMemoryDynCodeLoading.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.aep_memory_dcl)
+    override fun getShortAswTitle(ctx: Context) = ctx.getText(R.string.aep_memory_dcl_short)
+
+    override fun getOnTitle(ctx: Context) = ctx.getText(R.string.aep_restricted)
+    override fun getOffTitle(ctx: Context) = ctx.getText(R.string.aep_allowed)
+
+    override fun getNotificationToggleTitle(ctx: Context) = ctx.getText(R.string.dcl_notif_toggle_title)
+
+    override fun getDetailFragmentClass() = AppMemoryDynCodeLoadingFragment::class
+}
+
+@Composable
+fun AppMemoryDynCodeLoadingPreference(app: ApplicationInfo) {
+    val context = LocalContext.current
+    AswPreference(context, app, AswAdapterMemoryDynCodeLoading)
+}
+
+class AppMemoryDynCodeLoadingFragment : AswExploitProtectionFragment<AswRestrictMemoryDynCodeLoading>() {
+
+    override fun getAswAdapter() = AswAdapterMemoryDynCodeLoading
+
+    override fun getTitle() = getText(R.string.aep_memory_dcl_short)
+
+    override fun getSummaryForImmutabilityReason(ir: Int): CharSequence? {
+        val id = when (ir) {
+            AppSwitch.IR_IS_SYSTEM_APP -> R.string.aep_memory_dcl_dvr_is_system_app
+            else -> return null
+        }
+        return getText(id)
+    }
+
+    override fun updateFooter(fp: FooterPreference) {
+        fp.setTitle(R.string.aep_memory_dcl_footer)
+    }
+}
+
+class AppDefaultMemoryDynCodeLoadingPrefController(ctx: Context, key: String) :
+        BoolSettingFragmentPrefController(ctx, key,
+            ExtSettings.RESTRICT_MEMORY_DYN_CODE_LOADING_BY_DEFAULT
+        ) {
+
+    override fun getSummaryOn() = resText(R.string.aep_default_summary_restricted)
+    override fun getSummaryOff() = resText(R.string.aep_default_summary_allowed_for_3p_apps)
+}
+
+class AppDefaultMemoryDynCodeLoadingFragment : BoolSettingFragment() {
+
+    override fun getSetting() = ExtSettings.RESTRICT_MEMORY_DYN_CODE_LOADING_BY_DEFAULT
+
+    override fun getTitle() = resText(R.string.aep_memory_dcl_short)
+
+    override fun getMainSwitchTitle() = resText(R.string.aep_default_main_switch_restrict_for_3p_apps)
+
+    override fun addExtraPrefs(screen: PreferenceScreen) {
+        AswAdapterMemoryDynCodeLoading.addAppListPageLink(screen)
+    }
+
+    override fun makeFooterPref(builder: FooterPreference.Builder): FooterPreference {
+        val s = getString(R.string.app_exploit_protection_default_value_warning) + "\n\n" +
+                getString(R.string.aep_memory_dcl_footer) + "\n\n" +
+                getString(R.string.aep_default_dcl_footer_ending)
+        return builder.setTitle(s).build()
+    }
+}
+
+class MemoryDynCodeLoadingAppListPrefController(context: Context, preferenceKey: String) :
+    AswAppListPrefController(context, preferenceKey, AswAdapterMemoryDynCodeLoading) {
+
+    override fun getAvailabilityStatus() = ExtSettingControllerHelper
+        .getSecondaryUserOnlySettingAvailability(mContext)
+}
diff --git a/src/com/android/settings/core/gateway/SettingsGateway.java b/src/com/android/settings/core/gateway/SettingsGateway.java
index 8ea84bc6ce2..c257006b114 100644
--- a/src/com/android/settings/core/gateway/SettingsGateway.java
+++ b/src/com/android/settings/core/gateway/SettingsGateway.java
@@ -221,6 +221,7 @@ public class SettingsGateway {
             com.android.settings.applications.AppNativeDebuggingFragment.class.getName(),
             com.android.settings.applications.AppMemtagFragment.class.getName(),
             com.android.settings.applications.AppHardenedMallocFragment.class.getName(),
+            com.android.settings.applications.AppMemoryDynCodeLoadingFragment.class.getName(),
             com.android.settings.safetycenter.ExploitProtectionFragment.class.getName(),
             AdvancedConnectedDeviceDashboardFragment.class.getName(),
             CreateShortcut.class.getName(),
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index f7c62225702..8ff8644c7e4 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -106,6 +106,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
         com.android.settings.applications.AswAdapterUseMemoryTagging.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterUseExtendedVaSpace.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterNativeDebugging.makeAppListPageProvider(),
+        com.android.settings.applications.AswAdapterMemoryDynCodeLoading.makeAppListPageProvider(),
         AllAppListPageProvider,
         AppInfoSettingsProvider,
         SpecialAppAccessPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 8162046c7df..902ea9ded23 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -185,6 +185,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             com.android.settings.applications.AppMemtagPreference(app)
             com.android.settings.applications.AppExtendedVaSpacePreference(app)
             com.android.settings.applications.AppNativeDebuggingPreference(app)
+            com.android.settings.applications.AppMemoryDynCodeLoadingPreference(app)
         }
 
         Category(title = stringResource(R.string.app_install_details_group_title)) {

From 0c848c21949b393145fe1177c9c923d76c5ca1c6 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 11 Jan 2024 18:49:29 +0200
Subject: [PATCH 065/117] add per-app storage DCL restriction setting

---
 AndroidManifest.xml                           | 17 ++++
 res/values/strings_app_exploit_protection.xml | 10 ++
 res/xml/exploit_protection_settings.xml       | 11 +++
 src/com/android/settings/Settings.java        |  2 +
 .../applications/AppStorageDynCodeLoading.kt  | 96 +++++++++++++++++++
 .../core/gateway/SettingsGateway.java         |  1 +
 .../settings/spa/SettingsSpaEnvironment.kt    |  1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 8 files changed, 139 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppStorageDynCodeLoading.kt

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 45c5f30fd8d..229a9f4fa24 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5584,5 +5584,22 @@
                 android:value="@string/menu_key_apps"/>
         </activity>
 
+        <activity
+            android:name=".Settings$AppStorageDynCodeLoadingActivity"
+            android:permission="android.permission.WRITE_SECURE_SETTINGS"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="android.settings.OPEN_APP_STORAGE_DYN_CODE_LOADING_SETTINGS" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="package" />
+            </intent-filter>
+
+            <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
+                android:value="com.android.settings.applications.AppStorageDynCodeLoadingFragment"/>
+            <meta-data android:name="com.android.settings.HIGHLIGHT_MENU_KEY"
+                android:value="@string/menu_key_apps"/>
+        </activity>
+
     </application>
 </manifest>
diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index 1c4a54c5726..c41511acfee 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -85,4 +85,14 @@ compatible with it (e.g. apps that don’t have native code), regardless of this
 DCL makes the app more vulnerable to exploitation, since the dynamically loaded code can be tampered with or substituted."
     </string>
 
+    <string name="aep_storage_dcl">Dynamic code loading via storage</string>
+    <string name="aep_storage_dcl_short">DCL via storage</string>
+    <string name="aep_storage_dcl_dvr_is_system_app">DCL via storage is always restricted for this preinstalled app</string>
+    <string name="aep_storage_dcl_footer">
+"Dynamic code loading (DCL) via storage refers to the app's ability to run third-party code from files that are not its APKs.
+DCL makes the app more vulnerable to exploitation, since the dynamically loaded code can be tampered with or substituted.
+
+Most apps that depend on Play services require DCL via storage to be allowed."
+    </string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 461a0699dd1..3dd85dbe081 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -77,6 +77,17 @@
             android:title="@string/aep_memory_dcl"
             settings:controller="com.android.settings.applications.MemoryDynCodeLoadingAppListPrefController" />
 
+        <Preference
+            android:key="aep_storage_dcl"
+            android:title="@string/aep_storage_dcl"
+            android:fragment="com.android.settings.applications.AppDefaultStorageDynCodeLoadingFragment"
+            settings:controller="com.android.settings.applications.AppDefaultStorageDynCodeLoadingPrefController" />
+
+        <Preference
+            android:key="aep_storage_dcl_app_list"
+            android:title="@string/aep_storage_dcl"
+            settings:controller="com.android.settings.applications.StorageDynCodeLoadingAppListPrefController" />
+
         <Preference
             android:key="exec_spawning"
             android:title="@string/exec_spawning_title"
diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
index 94a5d40bdf4..2a05fcb1566 100644
--- a/src/com/android/settings/Settings.java
+++ b/src/com/android/settings/Settings.java
@@ -531,5 +531,7 @@ public static class AppMemoryDynCodeLoadingActivity extends SettingsActivity {}
 
     public static class AppNativeDebuggingActivity extends SettingsActivity {}
 
+    public static class AppStorageDynCodeLoadingActivity extends SettingsActivity {}
+
     public static class ExploitProtectionActivity extends SettingsActivity {}
 }
diff --git a/src/com/android/settings/applications/AppStorageDynCodeLoading.kt b/src/com/android/settings/applications/AppStorageDynCodeLoading.kt
new file mode 100644
index 00000000000..04d662ee40f
--- /dev/null
+++ b/src/com/android/settings/applications/AppStorageDynCodeLoading.kt
@@ -0,0 +1,96 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.ExtSettings
+import android.ext.settings.app.AppSwitch
+import android.ext.settings.app.AswRestrictStorageDynCodeLoading
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.preference.PreferenceScreen
+import com.android.settings.R
+import com.android.settings.ext.BoolSettingFragment
+import com.android.settings.ext.BoolSettingFragmentPrefController
+import com.android.settings.ext.ExtSettingControllerHelper
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.widget.FooterPreference
+
+object AswAdapterStorageDynCodeLoading : AswAdapter<AswRestrictStorageDynCodeLoading>() {
+
+    override fun getAppSwitch() = AswRestrictStorageDynCodeLoading.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.aep_storage_dcl)
+    override fun getShortAswTitle(ctx: Context) = ctx.getText(R.string.aep_storage_dcl_short)
+
+    override fun getOnTitle(ctx: Context) = ctx.getText(R.string.aep_restricted)
+    override fun getOffTitle(ctx: Context) = ctx.getText(R.string.aep_allowed)
+
+    override fun getNotificationToggleTitle(ctx: Context) = ctx.getText(R.string.dcl_notif_toggle_title)
+
+    override fun getDetailFragmentClass() = AppStorageDynCodeLoadingFragment::class
+}
+
+@Composable
+fun AppStorageDynCodeLoadingPreference(app: ApplicationInfo) {
+    val context = LocalContext.current
+    AswPreference(context, app, AswAdapterStorageDynCodeLoading)
+}
+
+class AppStorageDynCodeLoadingFragment : AswExploitProtectionFragment<AswRestrictStorageDynCodeLoading>() {
+
+    override fun getAswAdapter() = AswAdapterStorageDynCodeLoading
+
+    override fun getTitle() = getText(R.string.aep_storage_dcl_short)
+
+    override fun getSummaryForImmutabilityReason(ir: Int): CharSequence? {
+        val id = when (ir) {
+            AppSwitch.IR_IS_SYSTEM_APP -> R.string.aep_storage_dcl_dvr_is_system_app
+            else -> return null
+        }
+        return getText(id)
+    }
+
+    override fun updateFooter(fp: FooterPreference) {
+        fp.setTitle(R.string.aep_storage_dcl_footer)
+    }
+}
+
+class AppDefaultStorageDynCodeLoadingPrefController(ctx: Context, key: String) :
+        BoolSettingFragmentPrefController(ctx, key, ExtSettings.RESTRICT_STORAGE_DYN_CODE_LOADING_BY_DEFAULT) {
+
+    override fun getSummaryOn() = run {
+        val id = if (AswRestrictStorageDynCodeLoading.isGmsCoreInstalled(mContext, mContext.userId))
+            R.string.aep_default_summary_restricted_except_for_gmscore_clients
+            else R.string.aep_default_summary_restricted
+        resText(id)
+    }
+
+    override fun getSummaryOff() = resText(R.string.aep_default_summary_allowed_for_3p_apps)
+}
+
+class AppDefaultStorageDynCodeLoadingFragment : BoolSettingFragment() {
+
+    override fun getSetting() = ExtSettings.RESTRICT_STORAGE_DYN_CODE_LOADING_BY_DEFAULT
+
+    override fun getTitle() = resText(R.string.aep_storage_dcl_short)
+
+    override fun getMainSwitchTitle() = resText(R.string.aep_default_main_switch_restrict_for_3p_apps)
+
+    override fun addExtraPrefs(screen: PreferenceScreen) {
+        AswAdapterStorageDynCodeLoading.addAppListPageLink(screen)
+    }
+
+    override fun makeFooterPref(builder: FooterPreference.Builder): FooterPreference {
+        val s = getString(R.string.app_exploit_protection_default_value_warning) + "\n\n" +
+                getString(R.string.aep_storage_dcl_footer) + "\n\n" +
+                getString(R.string.aep_default_dcl_footer_ending)
+        return builder.setTitle(s).build()
+    }
+}
+
+class StorageDynCodeLoadingAppListPrefController(context: Context, preferenceKey: String) :
+    AswAppListPrefController(context, preferenceKey, AswAdapterStorageDynCodeLoading) {
+
+    override fun getAvailabilityStatus() = ExtSettingControllerHelper
+        .getSecondaryUserOnlySettingAvailability(mContext)
+}
diff --git a/src/com/android/settings/core/gateway/SettingsGateway.java b/src/com/android/settings/core/gateway/SettingsGateway.java
index c257006b114..a53f5f8ba37 100644
--- a/src/com/android/settings/core/gateway/SettingsGateway.java
+++ b/src/com/android/settings/core/gateway/SettingsGateway.java
@@ -222,6 +222,7 @@ public class SettingsGateway {
             com.android.settings.applications.AppMemtagFragment.class.getName(),
             com.android.settings.applications.AppHardenedMallocFragment.class.getName(),
             com.android.settings.applications.AppMemoryDynCodeLoadingFragment.class.getName(),
+            com.android.settings.applications.AppStorageDynCodeLoadingFragment.class.getName(),
             com.android.settings.safetycenter.ExploitProtectionFragment.class.getName(),
             AdvancedConnectedDeviceDashboardFragment.class.getName(),
             CreateShortcut.class.getName(),
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index 8ff8644c7e4..a5cb6102f77 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -107,6 +107,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
         com.android.settings.applications.AswAdapterUseExtendedVaSpace.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterNativeDebugging.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterMemoryDynCodeLoading.makeAppListPageProvider(),
+        com.android.settings.applications.AswAdapterStorageDynCodeLoading.makeAppListPageProvider(),
         AllAppListPageProvider,
         AppInfoSettingsProvider,
         SpecialAppAccessPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index 902ea9ded23..c5aff04347f 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -186,6 +186,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             com.android.settings.applications.AppExtendedVaSpacePreference(app)
             com.android.settings.applications.AppNativeDebuggingPreference(app)
             com.android.settings.applications.AppMemoryDynCodeLoadingPreference(app)
+            com.android.settings.applications.AppStorageDynCodeLoadingPreference(app)
         }
 
         Category(title = stringResource(R.string.app_install_details_group_title)) {

From 8dbd655949e747cb7cee8c97e873a3d999f6406e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 16 Aug 2024 13:41:59 +0300
Subject: [PATCH 066/117] add per-app WebView JIT setting

---
 res/values/strings_app_exploit_protection.xml |  8 ++
 res/xml/exploit_protection_settings.xml       | 11 +++
 .../applications/AppWebViewDynCodeLoading.kt  | 75 +++++++++++++++++++
 .../settings/spa/SettingsSpaEnvironment.kt    |  1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |  1 +
 5 files changed, 96 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppWebViewDynCodeLoading.kt

diff --git a/res/values/strings_app_exploit_protection.xml b/res/values/strings_app_exploit_protection.xml
index c41511acfee..33292064c8e 100644
--- a/res/values/strings_app_exploit_protection.xml
+++ b/res/values/strings_app_exploit_protection.xml
@@ -95,4 +95,12 @@ DCL makes the app more vulnerable to exploitation, since the dynamically loaded
 Most apps that depend on Play services require DCL via storage to be allowed."
     </string>
 
+    <string name="aep_webview_jit">WebView JIT</string>
+    <string name="aep_webview_jit_footer">
+"WebView is an OS component that is used for displaying web content inside apps.
+Just-in-time code compilation (JIT) significantly improves the WebView performance, but makes the app more vulnerable to exploitation.
+
+This setting doesn’t apply to preinstalled apps, WebView JIT is always disabled for the vast majority of them."
+    </string>
+
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 3dd85dbe081..73038bbeded 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -66,6 +66,17 @@
             android:title="@string/aep_native_debug_title"
             settings:controller="com.android.settings.applications.NativeDebuggingAppListPrefController" />
 
+        <Preference
+            android:key="aep_webview_jit"
+            android:title="@string/aep_webview_jit"
+            android:fragment="com.android.settings.applications.AppDefaultWebViewDynCodeLoadingFragment"
+            settings:controller="com.android.settings.applications.AppDefaultWebViewDynCodeLoadingPrefController" />
+
+        <Preference
+            android:key="aep_webview_jit_app_list"
+            android:title="@string/aep_webview_jit"
+            settings:controller="com.android.settings.applications.WebViewDynCodeLoadingAppListPrefController" />
+
         <Preference
             android:key="aep_memory_dcl"
             android:title="@string/aep_memory_dcl"
diff --git a/src/com/android/settings/applications/AppWebViewDynCodeLoading.kt b/src/com/android/settings/applications/AppWebViewDynCodeLoading.kt
new file mode 100644
index 00000000000..f1e2894b933
--- /dev/null
+++ b/src/com/android/settings/applications/AppWebViewDynCodeLoading.kt
@@ -0,0 +1,75 @@
+package com.android.settings.applications
+
+import android.content.Context
+import android.content.pm.ApplicationInfo
+import android.ext.settings.ExtSettings
+import android.ext.settings.app.AswRestrictWebViewDynCodeLoading
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.preference.PreferenceScreen
+import com.android.settings.R
+import com.android.settings.ext.BoolSettingFragment
+import com.android.settings.ext.BoolSettingFragmentPrefController
+import com.android.settings.ext.ExtSettingControllerHelper
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.widget.FooterPreference
+
+object AswAdapterWebViewDynCodeLoading : AswAdapter<AswRestrictWebViewDynCodeLoading>() {
+
+    override fun getAppSwitch() = AswRestrictWebViewDynCodeLoading.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.aep_webview_jit)
+
+    override fun getOnTitle(ctx: Context) = ctx.getText(R.string.aep_disabled)
+    override fun getOffTitle(ctx: Context) = ctx.getText(R.string.aep_enabled)
+
+    override fun getDetailFragmentClass() = AppWebViewDynCodeLoadingFragment::class
+}
+
+@Composable
+fun AppWebViewDynCodeLoadingPreference(app: ApplicationInfo) {
+    val context = LocalContext.current
+    AswPreference(context, app, AswAdapterWebViewDynCodeLoading)
+}
+
+class AppWebViewDynCodeLoadingFragment : AswExploitProtectionFragment<AswRestrictWebViewDynCodeLoading>() {
+
+    override fun getAswAdapter() = AswAdapterWebViewDynCodeLoading
+
+    override fun getTitle() = getText(R.string.aep_webview_jit)
+
+    override fun updateFooter(fp: FooterPreference) {
+        fp.setTitle(R.string.aep_webview_jit_footer)
+    }
+}
+
+class AppDefaultWebViewDynCodeLoadingPrefController(ctx: Context, key: String) :
+        BoolSettingFragmentPrefController(ctx, key, ExtSettings.RESTRICT_WEBVIEW_DYN_CODE_LOADING_BY_DEFAULT) {
+
+    override fun getSummaryOn() = resText(R.string.aep_default_summary_disabled)
+    override fun getSummaryOff() = resText(R.string.aep_default_summary_enabled_for_3p_apps)
+}
+
+class AppDefaultWebViewDynCodeLoadingFragment : BoolSettingFragment() {
+
+    override fun getSetting() = ExtSettings.RESTRICT_WEBVIEW_DYN_CODE_LOADING_BY_DEFAULT
+
+    override fun getTitle() = resText(R.string.aep_webview_jit)
+
+    override fun getMainSwitchTitle() = resText(R.string.aep_default_main_switch_disable_for_3p_apps)
+
+    override fun addExtraPrefs(screen: PreferenceScreen) {
+        AswAdapterWebViewDynCodeLoading.addAppListPageLink(screen)
+    }
+
+    override fun makeFooterPref(builder: FooterPreference.Builder): FooterPreference {
+        return builder.setTitle(R.string.aep_webview_jit_footer).build()
+    }
+}
+
+class WebViewDynCodeLoadingAppListPrefController(context: Context, preferenceKey: String) :
+    AswAppListPrefController(context, preferenceKey, AswAdapterWebViewDynCodeLoading) {
+
+    override fun getAvailabilityStatus() = ExtSettingControllerHelper
+        .getSecondaryUserOnlySettingAvailability(mContext)
+}
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index a5cb6102f77..3576dfd7375 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -106,6 +106,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
         com.android.settings.applications.AswAdapterUseMemoryTagging.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterUseExtendedVaSpace.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterNativeDebugging.makeAppListPageProvider(),
+        com.android.settings.applications.AswAdapterWebViewDynCodeLoading.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterMemoryDynCodeLoading.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterStorageDynCodeLoading.makeAppListPageProvider(),
         AllAppListPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index c5aff04347f..af8d40dd887 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -185,6 +185,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
             com.android.settings.applications.AppMemtagPreference(app)
             com.android.settings.applications.AppExtendedVaSpacePreference(app)
             com.android.settings.applications.AppNativeDebuggingPreference(app)
+            com.android.settings.applications.AppWebViewDynCodeLoadingPreference(app)
             com.android.settings.applications.AppMemoryDynCodeLoadingPreference(app)
             com.android.settings.applications.AppStorageDynCodeLoadingPreference(app)
         }

From 4395a0fa5d8173d83ec212b3fbd895f3d1801c6a Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 16 Oct 2024 22:45:29 +0300
Subject: [PATCH 067/117] add per-connection Wi-Fi MAC address randomization
 option

---
 res/layout/wifi_network_config.xml            |  2 +-
 res/values/arrays.xml                         |  8 +++---
 res/xml/wifi_network_details_fragment2.xml    |  4 +--
 .../settings/wifi/WifiConfigController.java   | 18 ++++++-------
 .../WifiDetailPreferenceController2.java      |  2 +-
 .../wifi/details2/WifiPrivacyPageProvider.kt  |  4 +--
 .../WifiPrivacyPreferenceController2.java     | 26 ++++++++++++++-----
 .../wifi/WifiConfigControllerTest.java        | 12 ++++-----
 .../details2/WifiPrivacyPageProviderTest.kt   | 12 ++++-----
 .../WifiPrivacyPreferenceController2Test.kt   |  6 ++---
 10 files changed, 54 insertions(+), 40 deletions(-)

diff --git a/res/layout/wifi_network_config.xml b/res/layout/wifi_network_config.xml
index dbd3e673913..7c6ac3758f5 100644
--- a/res/layout/wifi_network_config.xml
+++ b/res/layout/wifi_network_config.xml
@@ -707,7 +707,7 @@
                      android:layout_height="wrap_content"
                      style="@style/wifi_item_spinner"
                      android:prompt="@string/wifi_privacy_settings"
-                     android:entries="@array/wifi_privacy_entries"/>
+                     android:entries="@array/wifi_privacy_entries_ext"/>
 
             <Spinner android:id="@+id/dhcp_settings"
                 android:layout_width="match_parent"
diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index adca989a607..88e67c476dc 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -1090,8 +1090,9 @@
         <item>Treat as unmetered</item>
     </string-array>
 
-    <string-array name="wifi_privacy_entries">
-        <item>Use randomized MAC</item>
+    <string-array name="wifi_privacy_entries_ext">
+        <item>Use per-connection randomized MAC (default)</item>
+        <item>Use per-network randomized MAC</item>
         <item>Use device MAC</item>
     </string-array>
 
@@ -1111,7 +1112,8 @@
         <item>2</item>
     </string-array>
 
-    <string-array name="wifi_privacy_values" translatable="false">
+    <string-array name="wifi_privacy_values_ext" translatable="false">
+        <item>100</item>
         <item>1</item>
         <item>0</item>
     </string-array>
diff --git a/res/xml/wifi_network_details_fragment2.xml b/res/xml/wifi_network_details_fragment2.xml
index da4ea5a5e66..38e8f4b55eb 100644
--- a/res/xml/wifi_network_details_fragment2.xml
+++ b/res/xml/wifi_network_details_fragment2.xml
@@ -99,8 +99,8 @@
         android:key="privacy"
         android:icon="@drawable/ic_wifi_privacy_24dp"
         android:title="@string/wifi_privacy_settings"
-        android:entries="@array/wifi_privacy_entries"
-        android:entryValues="@array/wifi_privacy_values"/>
+        android:entries="@array/wifi_privacy_entries_ext"
+        android:entryValues="@array/wifi_privacy_values_ext"/>
 
     <com.android.settings.spa.preference.ComposePreference
         android:key="privacy_settings"
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index 39c77a17924..e1c430f3185 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -73,6 +73,7 @@
 import com.android.settings.network.SubscriptionUtil;
 import com.android.settings.utils.AndroidKeystoreAliasLoader;
 import com.android.settings.wifi.details2.WifiPrivacyPreferenceController;
+import com.android.settings.wifi.details2.WifiPrivacyPreferenceController2;
 import com.android.settings.wifi.dpp.WifiDppUtils;
 import com.android.settingslib.Utils;
 import com.android.settingslib.utils.ThreadUtils;
@@ -152,8 +153,9 @@ public class WifiConfigController implements TextWatcher,
     };
 
     // Should be the same index value as wifi_privacy_entries in arrays.xml
-    @VisibleForTesting static final int PRIVACY_SPINNER_INDEX_RANDOMIZED_MAC = 0;
-    @VisibleForTesting static final int PRIVACY_SPINNER_INDEX_DEVICE_MAC = 1;
+    public static final int PRIVACY_PREF_INDEX_PER_CONNECTION_RANDOMIZED_MAC = 0;
+    public static final int PRIVACY_PREF_INDEX_PER_NETWORK_RANDOMIZED_MAC = 1;
+    public static final int PRIVACY_PREF_INDEX_DEVICE_MAC = 2;
 
     // Should be the same index value as wifi_dhcp_entries in arrays.xml
     @VisibleForTesting static final int DHCP_SPINNER_INDEX_SEND_DHCP_HOST_NAME_ENABLE = 0;
@@ -326,9 +328,9 @@ private void initWifiConfigController(AccessPoint accessPoint, int mode) {
                         ? HIDDEN_NETWORK
                         : NOT_HIDDEN_NETWORK);
 
-                mPrivacySettingsSpinner.setSelection(
-                        config.macRandomizationSetting == WifiConfiguration.RANDOMIZATION_PERSISTENT
-                        ? PRIVACY_SPINNER_INDEX_RANDOMIZED_MAC : PRIVACY_SPINNER_INDEX_DEVICE_MAC);
+                int selection = WifiPrivacyPreferenceController2
+                        .translateWifiEntryPrivacyToPrefValue(config.macRandomizationSetting);
+                mPrivacySettingsSpinner.setSelection(selection);
 
                 mDhcpSettingsSpinner.setSelection(
                         config.isSendDhcpHostnameEnabled()
@@ -848,10 +850,8 @@ public WifiConfiguration getConfig() {
         }
 
         if (mPrivacySettingsSpinner != null) {
-            config.macRandomizationSetting = mPrivacySettingsSpinner.getSelectedItemPosition()
-                    == PRIVACY_SPINNER_INDEX_RANDOMIZED_MAC
-                    ? WifiConfiguration.RANDOMIZATION_PERSISTENT
-                    : WifiConfiguration.RANDOMIZATION_NONE;
+            config.macRandomizationSetting = WifiPrivacyPreferenceController2
+                    .translatePrefValueToWifiConfigSetting(mPrivacySettingsSpinner.getSelectedItemPosition());
         }
 
         if (mDhcpSettingsSpinner != null) {
diff --git a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
index a8d7f417a4a..29f45af1cd5 100644
--- a/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
+++ b/src/com/android/settings/wifi/details2/WifiDetailPreferenceController2.java
@@ -758,7 +758,7 @@ private void refreshWifiType() {
     }
 
     private int getMacAddressTitle() {
-        if (mWifiEntry.getPrivacy() == WifiEntry.PRIVACY_RANDOMIZED_MAC) {
+        if (mWifiEntry.getPrivacy() != WifiEntry.PRIVACY_DEVICE_MAC) {
             return mWifiEntry.getConnectedState() == WifiEntry.CONNECTED_STATE_CONNECTED
                     ? R.string.wifi_advanced_randomized_mac_address_title
                     : R.string.wifi_advanced_randomized_mac_address_disconnected_title;
diff --git a/src/com/android/settings/wifi/details2/WifiPrivacyPageProvider.kt b/src/com/android/settings/wifi/details2/WifiPrivacyPageProvider.kt
index 94a1168dbb7..ca323f94ab8 100644
--- a/src/com/android/settings/wifi/details2/WifiPrivacyPageProvider.kt
+++ b/src/com/android/settings/wifi/details2/WifiPrivacyPageProvider.kt
@@ -90,8 +90,8 @@ fun WifiPrivacyPage(wifiEntry: WifiEntry) {
     ) {
         Column {
             val title = stringResource(id = R.string.wifi_privacy_mac_settings)
-            val wifiPrivacyEntries = stringArrayResource(R.array.wifi_privacy_entries)
-            val wifiPrivacyValues = stringArrayResource(R.array.wifi_privacy_values)
+            val wifiPrivacyEntries = stringArrayResource(R.array.wifi_privacy_entries_ext)
+            val wifiPrivacyValues = stringArrayResource(R.array.wifi_privacy_values_ext)
             val textsSelectedId = rememberSaveable { mutableIntStateOf(wifiEntry.privacy) }
             val dataList = remember {
                 wifiPrivacyEntries.mapIndexed { index, text ->
diff --git a/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java b/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
index 0c67c04622e..cb20ea9c77c 100644
--- a/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
+++ b/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2.java
@@ -19,6 +19,7 @@
 import android.content.Context;
 import android.net.wifi.WifiConfiguration;
 import android.net.wifi.WifiManager;
+import android.util.Log;
 
 import androidx.annotation.NonNull;
 import androidx.annotation.VisibleForTesting;
@@ -30,6 +31,10 @@
 import com.android.wifi.flags.Flags;
 import com.android.wifitrackerlib.WifiEntry;
 
+import static com.android.settings.wifi.WifiConfigController.PRIVACY_PREF_INDEX_DEVICE_MAC;
+import static com.android.settings.wifi.WifiConfigController.PRIVACY_PREF_INDEX_PER_CONNECTION_RANDOMIZED_MAC;
+import static com.android.settings.wifi.WifiConfigController.PRIVACY_PREF_INDEX_PER_NETWORK_RANDOMIZED_MAC;
+
 /**
  * A controller that controls whether the Wi-Fi network is mac randomized or not.
  */
@@ -95,9 +100,6 @@ int getRandomizationValue() {
         return mWifiEntry.getPrivacy();
     }
 
-    private static final int PREF_RANDOMIZATION_PERSISTENT = 0;
-    private static final int PREF_RANDOMIZATION_NONE = 1;
-
     /**
      * Translates a WifiEntry.Privacy value to the matching preference index value.
      *
@@ -105,8 +107,13 @@ int getRandomizationValue() {
      * @return index value of preference
      */
     public static int translateWifiEntryPrivacyToPrefValue(@WifiEntry.Privacy int privacy) {
-        return (privacy == WifiEntry.PRIVACY_RANDOMIZED_MAC)
-            ? PREF_RANDOMIZATION_PERSISTENT : PREF_RANDOMIZATION_NONE;
+        Log.d("WifiMacRnd", "translateMacRandomizedValueToPrefValue called from", new Throwable());
+        return switch (privacy) {
+            case WifiEntry.PRIVACY_RANDOMIZATION_ALWAYS -> PRIVACY_PREF_INDEX_PER_CONNECTION_RANDOMIZED_MAC;
+            case WifiEntry.PRIVACY_RANDOMIZED_MAC -> PRIVACY_PREF_INDEX_PER_NETWORK_RANDOMIZED_MAC;
+            case WifiEntry.PRIVACY_DEVICE_MAC -> PRIVACY_PREF_INDEX_DEVICE_MAC;
+            default -> PRIVACY_PREF_INDEX_DEVICE_MAC;
+        };
     }
 
     /**
@@ -116,8 +123,13 @@ public static int translateWifiEntryPrivacyToPrefValue(@WifiEntry.Privacy int pr
      * @return WifiConfiguration.MacRandomizationSetting value
      */
     public static int translatePrefValueToWifiConfigSetting(int prefMacRandomized) {
-        return (prefMacRandomized == PREF_RANDOMIZATION_PERSISTENT)
-            ? WifiConfiguration.RANDOMIZATION_AUTO : WifiConfiguration.RANDOMIZATION_NONE;
+        Log.d("WifiMacRnd", "translatePrefValueToWifiConfigSetting called from", new Throwable());
+        return switch (prefMacRandomized) {
+            case PRIVACY_PREF_INDEX_DEVICE_MAC -> WifiConfiguration.RANDOMIZATION_NONE;
+            case PRIVACY_PREF_INDEX_PER_NETWORK_RANDOMIZED_MAC -> WifiConfiguration.RANDOMIZATION_PERSISTENT;
+            case PRIVACY_PREF_INDEX_PER_CONNECTION_RANDOMIZED_MAC -> WifiConfiguration.RANDOMIZATION_ALWAYS;
+            default -> WifiConfiguration.RANDOMIZATION_ALWAYS;
+        };
     }
 
     private void updateSummary(ListPreference preference, int macRandomized) {
diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
index d80464d5467..4053468af24 100644
--- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
+++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
@@ -16,11 +16,12 @@
 
 package com.android.settings.wifi;
 
-import static com.android.settings.wifi.WifiConfigController.PRIVACY_SPINNER_INDEX_DEVICE_MAC;
-import static com.android.settings.wifi.WifiConfigController.PRIVACY_SPINNER_INDEX_RANDOMIZED_MAC;
+import static com.android.settings.wifi.WifiConfigController.PRIVACY_PREF_INDEX_DEVICE_MAC;
+import static com.android.settings.wifi.WifiConfigController.PRIVACY_PREF_INDEX_PER_CONNECTION_RANDOMIZED_MAC;
 import static com.android.settings.wifi.WifiConfigController.DHCP_SPINNER_INDEX_SEND_DHCP_HOST_NAME_ENABLE;
 import static com.android.settings.wifi.WifiConfigController.DHCP_SPINNER_INDEX_SEND_DHCP_HOST_NAME_DISABLE;
 
+import static com.android.settings.wifi.details2.WifiPrivacyPreferenceController2.translateWifiEntryPrivacyToPrefValue;
 import static com.google.common.truth.Truth.assertThat;
 
 import static org.mockito.Mockito.mock;
@@ -407,7 +408,7 @@ public void loadMacRandomizedValue_shouldMandomizedMacAsDefault() {
 
         assertThat(privacySetting.getVisibility()).isEqualTo(View.VISIBLE);
         assertThat(privacySetting.getSelectedItemPosition()).isEqualTo(
-                PRIVACY_SPINNER_INDEX_RANDOMIZED_MAC);
+                PRIVACY_PREF_INDEX_PER_CONNECTION_RANDOMIZED_MAC);
     }
 
     @Test
@@ -432,8 +433,7 @@ private void checkSavedMacRandomizedValue(int macRandomizedValue) {
 
         assertThat(privacySetting.getVisibility()).isEqualTo(View.VISIBLE);
         assertThat(privacySetting.getSelectedItemPosition()).isEqualTo(
-                macRandomizedValue == WifiConfiguration.RANDOMIZATION_PERSISTENT
-                ? PRIVACY_SPINNER_INDEX_RANDOMIZED_MAC : PRIVACY_SPINNER_INDEX_DEVICE_MAC);
+                translateWifiEntryPrivacyToPrefValue(macRandomizedValue));
     }
 
     @Test
@@ -446,7 +446,7 @@ public void saveMacRandomizedValue_noChanged_shouldPersistentAsDefault() {
     @Test
     public void saveMacRandomizedValue_ChangedToDeviceMac_shouldGetNone() {
         final Spinner privacySetting = mView.findViewById(R.id.privacy_settings);
-        privacySetting.setSelection(PRIVACY_SPINNER_INDEX_DEVICE_MAC);
+        privacySetting.setSelection(PRIVACY_PREF_INDEX_DEVICE_MAC);
 
         WifiConfiguration config = mController.getConfig();
         assertThat(config.macRandomizationSetting).isEqualTo(WifiConfiguration.RANDOMIZATION_NONE);
diff --git a/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPageProviderTest.kt b/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPageProviderTest.kt
index 5c9a1a4a932..a3893a85c13 100644
--- a/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPageProviderTest.kt
+++ b/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPageProviderTest.kt
@@ -85,7 +85,7 @@ class WifiPrivacyPageProviderTest {
         composeTestRule.setContent {
             WifiPrivacyPage(mockWifiEntry)
         }
-        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries)
+        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries_ext)
         for (entry in wifiPrivacyEntries) {
             composeTestRule.onNodeWithText(
                 entry
@@ -98,7 +98,7 @@ class WifiPrivacyPageProviderTest {
         composeTestRule.setContent {
             WifiPrivacyPage(mockWifiEntry)
         }
-        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries)
+        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries_ext)
         for (entry in wifiPrivacyEntries) {
             composeTestRule.onNodeWithText(
                 entry
@@ -111,8 +111,8 @@ class WifiPrivacyPageProviderTest {
         composeTestRule.setContent {
             WifiPrivacyPage(mockWifiEntry)
         }
-        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries)
-        val wifiPrivacyValues = context.resources.getStringArray(R.array.wifi_privacy_values)
+        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries_ext)
+        val wifiPrivacyValues = context.resources.getStringArray(R.array.wifi_privacy_values_ext)
         composeTestRule.onNodeWithText(
             wifiPrivacyEntries[wifiPrivacyValues.indexOf("0")]
         ).assertIsSelected()
@@ -126,7 +126,7 @@ class WifiPrivacyPageProviderTest {
         composeTestRule.setContent {
             WifiPrivacyPage(mockWifiEntry)
         }
-        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries)
+        val wifiPrivacyEntries = context.resources.getStringArray(R.array.wifi_privacy_entries_ext)
         for (entry in wifiPrivacyEntries) {
             composeTestRule.onNodeWithText(entry).assertIsNotEnabled()
         }
@@ -176,4 +176,4 @@ class WifiPrivacyPageProviderTest {
             context.getString(R.string.wifi_privacy_send_device_name_toggle_title)
         ).assertIsOff()
     }
-}
\ No newline at end of file
+}
diff --git a/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2Test.kt b/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2Test.kt
index 9260409af37..983d5fe1414 100644
--- a/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2Test.kt
+++ b/tests/spa_unit/src/com/android/settings/wifi/details2/WifiPrivacyPreferenceController2Test.kt
@@ -45,11 +45,11 @@ class WifiPrivacyPreferenceController2Test {
     })
 
     private var preference = ListPreference(context).apply {
-        setEntries(R.array.wifi_privacy_entries)
-        setEntryValues(R.array.wifi_privacy_values)
+        setEntries(R.array.wifi_privacy_entries_ext)
+        setEntryValues(R.array.wifi_privacy_values_ext)
     }
 
-    private var preferenceStrings = context.resources.getStringArray(R.array.wifi_privacy_entries)
+    private var preferenceStrings = context.resources.getStringArray(R.array.wifi_privacy_entries_ext)
 
     @Test
     fun updateState_wifiPrivacy_setCorrectValue() {

From 9aaba4a377a9ce8c4f8c0696c14b2b75c3830e9f Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 17 Oct 2024 00:33:07 +0300
Subject: [PATCH 068/117] hide inaccurate "access private space when hidden"
 text

AOSP launcher doesn't have this feature.
---
 res/xml/private_space_hide_locked.xml         | 34 -------------------
 .../HidePrivateSpaceController.java           | 15 --------
 .../HidePrivateSpaceSettings.java             |  5 ---
 3 files changed, 54 deletions(-)

diff --git a/res/xml/private_space_hide_locked.xml b/res/xml/private_space_hide_locked.xml
index 56dd1514cad..ee7a2110aa5 100644
--- a/res/xml/private_space_hide_locked.xml
+++ b/res/xml/private_space_hide_locked.xml
@@ -18,12 +18,6 @@
     xmlns:settings="http://schemas.android.com/apk/res-auto"
     android:title="@string/private_space_hide_page_title">
 
-    <com.android.settingslib.widget.IllustrationPreference
-        android:key="private_space_hide_illustration"
-        settings:searchable="false"
-        settings:lottie_rawRes="@raw/private_space_hide_when_locked_illustration"
-        settings:controller="com.android.settings.privatespace.HidePrivateSpaceIllustrationController"/>
-
     <com.android.settingslib.widget.MainSwitchPreference
         android:key="hide_when_locked"
         android:title="@string/private_space_hide_when_locked"
@@ -35,32 +29,4 @@
         android:selectable="false"
         settings:searchable="false" />
 
-    <PreferenceCategory
-        android:key="private_space_access"
-        android:title="@string/private_space_access_header"
-        settings:controller="com.android.settings.privatespace.HidePrivateSpaceCategoryController">
-
-        <Preference
-        android:key="search_when_locked_footer"
-        android:icon="@drawable/counter_1_24dp"
-        android:title="@string/private_space_search_description"
-        android:selectable="false"
-        settings:searchable="false" />
-
-        <Preference
-            android:key="tap_tile_footer"
-            android:icon="@drawable/counter_2_24dp"
-            android:title="@string/private_space_tap_tile_description"
-            android:selectable="false"
-            settings:searchable="false" />
-
-        <Preference
-            android:key="unlock_profile_footer"
-            android:icon="@drawable/counter_3_24dp"
-            android:title="@string/private_space_unlock_description"
-            android:selectable="false"
-            settings:searchable="false" />
-
-    </PreferenceCategory>
-
 </PreferenceScreen>
diff --git a/src/com/android/settings/privatespace/HidePrivateSpaceController.java b/src/com/android/settings/privatespace/HidePrivateSpaceController.java
index 81814adc9db..f0c9e044031 100644
--- a/src/com/android/settings/privatespace/HidePrivateSpaceController.java
+++ b/src/com/android/settings/privatespace/HidePrivateSpaceController.java
@@ -63,9 +63,6 @@ public boolean setChecked(boolean isChecked) {
         mPrivateSpaceMaintainer.setHidePrivateSpaceEntryPointSetting(
                 isChecked ? HIDE_PRIVATE_SPACE_ENTRY_POINT_ENABLED_VAL
                         : HIDE_PRIVATE_SPACE_ENTRY_POINT_DISABLED_VAL);
-        if (isChecked) {
-            showAlertDialog();
-        }
         return true;
     }
 
@@ -73,16 +70,4 @@ public boolean setChecked(boolean isChecked) {
     public int getSliceHighlightMenuRes() {
         return 0;
     }
-
-    private void showAlertDialog() {
-        new AlertDialog.Builder(mContext)
-                .setTitle(R.string.private_space_hide_dialog_title)
-                .setMessage(R.string.private_space_hide_dialog_message)
-                .setPositiveButton(
-                        R.string.private_space_hide_dialog_button,
-                        (DialogInterface dialog, int which) -> {
-                            dialog.dismiss();
-                        })
-                .show();
-    }
 }
diff --git a/src/com/android/settings/privatespace/HidePrivateSpaceSettings.java b/src/com/android/settings/privatespace/HidePrivateSpaceSettings.java
index 0c24db5e6ed..c6abf822575 100644
--- a/src/com/android/settings/privatespace/HidePrivateSpaceSettings.java
+++ b/src/com/android/settings/privatespace/HidePrivateSpaceSettings.java
@@ -35,8 +35,6 @@
 public class HidePrivateSpaceSettings extends DashboardFragment {
     private static final String TAG = "HidePrivateSpaceSettings";
     private static final int IMPORTANT_FOR_ACCESSIBILITY_ITEM_COUNT = 5;
-    private static final String PRIVATE_SPACE_HIDE_ILLUSTRATION_KEY =
-            "private_space_hide_illustration";
 
     @Override
     public void onCreate(Bundle icicle) {
@@ -85,9 +83,6 @@ public void onStart() {
     @Override
     public void onResume() {
         super.onResume();
-        final IllustrationPreference illustrationPreference =
-                getPreferenceScreen().findPreference(PRIVATE_SPACE_HIDE_ILLUSTRATION_KEY);
-        illustrationPreference.applyDynamicColor();
     }
 
     @Override

From ef06f07b71eea41f0a85d6fa17f65b4e6e3c9fe0 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Fri, 18 Oct 2024 11:39:47 +0300
Subject: [PATCH 069/117] don't enable "send device name" option by default for
 new Wi-Fi networks

---
 src/com/android/settings/wifi/WifiConfigController2.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
index 1ea0103c28e..ed1d56d3ec6 100644
--- a/src/com/android/settings/wifi/WifiConfigController2.java
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
@@ -313,6 +313,13 @@ private void initWifiConfigController2(WifiEntry wifiEntry) {
             mPrivacySettingsSpinner = mView.findViewById(R.id.privacy_settings);
             if (Flags.androidVWifiApi()) {
                 mDhcpSettingsSpinner = mView.findViewById(R.id.dhcp_settings);
+                if (mDhcpSettingsSpinner != null) {
+                    int selection = 1;
+                    if (WifiPrivacyPreferenceController.Companion.translatePrefValueToSendDhcpHostnameEnabled(selection)) {
+                        throw new IllegalStateException("unexpected order of DHCP hostname setting entries");
+                    }
+                    mDhcpSettingsSpinner.setSelection(selection);
+                }
             }
             mView.findViewById(R.id.privacy_settings_fields).setVisibility(View.VISIBLE);
         }

From ee37312006fba81b9c2fc2702f048e9048414e0e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 19 Oct 2024 15:33:00 +0300
Subject: [PATCH 070/117] run a one-time task to remove leftover Vanadium
 library state

---
 .../android/settings/SettingsApplication.java |   2 +
 .../settings/VanadiumLibraryCleanup.java      | 114 ++++++++++++++++++
 2 files changed, 116 insertions(+)
 create mode 100644 src/com/android/settings/VanadiumLibraryCleanup.java

diff --git a/src/com/android/settings/SettingsApplication.java b/src/com/android/settings/SettingsApplication.java
index 99d3d922a0c..42bd349c35e 100644
--- a/src/com/android/settings/SettingsApplication.java
+++ b/src/com/android/settings/SettingsApplication.java
@@ -74,6 +74,8 @@ protected void attachBaseContext(Context base) {
     public void onCreate() {
         super.onCreate();
 
+        VanadiumLibraryCleanup.maybeRun(this);
+
         if (Flags.catalyst()) {
             PreferenceScreenRegistry.INSTANCE.setPreferenceScreensSupplier(
                     this::getPreferenceScreens);
diff --git a/src/com/android/settings/VanadiumLibraryCleanup.java b/src/com/android/settings/VanadiumLibraryCleanup.java
new file mode 100644
index 00000000000..79d44934827
--- /dev/null
+++ b/src/com/android/settings/VanadiumLibraryCleanup.java
@@ -0,0 +1,114 @@
+package com.android.settings;
+
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.SigningInfo;
+import android.os.UserHandle;
+import android.util.Log;
+
+import com.android.settingslib.utils.ThreadUtils;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HexFormat;
+import java.util.List;
+
+// Due to a bug in boot-time package verification extensions (PackageVerityExt), Vanadium Trichrome
+// static shared library was removed in some cases in an incorrect way. Only the library APK was
+// removed, all library package state was left behind: package setting, per-user package state,
+// per-user permission state etc.
+//
+// PackageVerityExt bug is now fixed. This one-time cleanup task removes leftover package states.
+public class VanadiumLibraryCleanup {
+    private static final String TAG = VanadiumLibraryCleanup.class.getSimpleName();
+
+    private static final String MARKER_FILE_NAME = "vanadium_trichrome_library_cleanup_done2";
+
+    public static void maybeRun(Context ctx) {
+        if (ctx.getUserId() != UserHandle.USER_SYSTEM) {
+            return;
+        }
+
+        ThreadUtils.postOnBackgroundThread(() -> {
+            try {
+                run(ctx);
+            } catch (Throwable e) {
+                // don't crash, removing these leftovers is not that important
+                Log.e(TAG, "", e);
+            }
+        });
+    }
+
+    private static void run(Context ctx) {
+        File markerFile = new File(ctx.getFilesDir(), MARKER_FILE_NAME);
+        if (markerFile.isFile()) {
+            return;
+        }
+
+        // MATCH_ANY_USER is needed in case the user has manually uninstalled these entries in USER_SYSTEM
+        int baseFlags = PackageManager.MATCH_ANY_USER | PackageManager.MATCH_UNINSTALLED_PACKAGES;
+
+        PackageManager pm = ctx.getPackageManager();
+        List<ApplicationInfo> installedPkgs =
+                pm.getInstalledApplications(baseFlags);
+
+        byte[] vanadiumCertDigest = HexFormat.of()
+                .parseHex("c6adb8b83c6d4c17d292afde56fd488a51d316ff8f2c11c5410223bff8a7dbb3");
+
+        var deleteObserver = new DeleteObserver();
+
+        for (ApplicationInfo appInfo : installedPkgs) {
+            String pkgName = appInfo.packageName;
+            // Static shared libraries have a synthetic package name:
+            // <package name> <underscore> <package version>
+            if (!pkgName.startsWith("app.vanadium.trichromelibrary_")) {
+                continue;
+            }
+
+            Log.d(TAG, "processing " + pkgName);
+            PackageInfo pkgInfo;
+            try {
+                pkgInfo = pm.getPackageInfo(pkgName, baseFlags | PackageManager.GET_SIGNING_CERTIFICATES);
+            } catch (PackageManager.NameNotFoundException e) {
+                Log.e(TAG, "", e);
+                continue;
+            }
+            SigningInfo signingInfo = pkgInfo.signingInfo;
+            if (signingInfo == null) {
+                Log.w(TAG, "signingInfo is null");
+                continue;
+            }
+            if (!signingInfo.getSigningDetails().hasSha256Certificate(vanadiumCertDigest)) {
+                Log.w(TAG, "unknown signing certificate");
+                continue;
+            }
+
+            if (appInfo.sourceDir != null) {
+                Log.w(TAG, "base APK is not null");
+                continue;
+            }
+            // there's no need to check whether this ApplicationInfo represents an actual static
+            // shared library, they are filtered out by default
+
+            pm.deletePackage(pkgName, deleteObserver, PackageManager.DELETE_ALL_USERS);
+        }
+
+        try {
+            if (!markerFile.createNewFile()) {
+                Log.w(TAG, "markerFile.createNewFile() returned false");
+            }
+        } catch (IOException e) {
+            Log.w(TAG, "unable to create markerFile", e);
+        }
+    }
+
+    static class DeleteObserver extends android.content.pm.IPackageDeleteObserver.Stub {
+        @Override
+        public void packageDeleted(String packageName, int returnCode) {
+            Log.d(TAG, "packageDeleted callback for " + packageName
+                    + ", result " + PackageManager.deleteStatusToString(returnCode));
+        }
+    }
+}

From f526905f1e0c87b01a25a0b12febfa21b85b0b90 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 9 Nov 2024 19:16:53 +0200
Subject: [PATCH 071/117] fix Private Space handling in Passwords & accounts >
 Additional services

"Additional services" category shows available CredentialProvider services. It should use the
Private Space userId, not the Owner userId.

Original change: https://github.com/GrapheneOS/platform_packages_apps_Settings/pull/297
---
 .../CredentialManagerPreferenceController.java        | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/com/android/settings/applications/credentials/CredentialManagerPreferenceController.java b/src/com/android/settings/applications/credentials/CredentialManagerPreferenceController.java
index f07241a2fe4..cfe0bb67ed5 100644
--- a/src/com/android/settings/applications/credentials/CredentialManagerPreferenceController.java
+++ b/src/com/android/settings/applications/credentials/CredentialManagerPreferenceController.java
@@ -120,6 +120,7 @@ public class CredentialManagerPreferenceController extends BasePreferenceControl
     private Optional<Boolean> mSimulateHiddenForTests = Optional.empty();
     private boolean mIsWorkProfile = false;
     private boolean mSimulateConnectedForTests = false;
+    private boolean mIsPrivateSpace;
 
     public CredentialManagerPreferenceController(Context context, String preferenceKey) {
         super(context, preferenceKey);
@@ -207,6 +208,7 @@ public void init(
         fragment.getSettingsLifecycle().addObserver(this);
         mFragmentManager = fragmentManager;
         mIsWorkProfile = isWorkProfile;
+        mIsPrivateSpace = fragment instanceof com.android.settings.accounts.AccountPrivateDashboardFragment;
 
         setDelegate(delegate);
         verifyReceivedIntent(launchIntent);
@@ -892,6 +894,15 @@ protected int getUser() {
                 return workProfile.getIdentifier();
             }
         }
+
+        if (mIsPrivateSpace) {
+            UserHandle user = com.android.settings.privatespace.PrivateSpaceMaintainer
+                    .getInstance(mContext).getPrivateProfileHandle();
+            if (user != null) {
+                return user.getIdentifier();
+            }
+        }
+
         return UserHandle.myUserId();
     }
 

From c25ee29c963b356b30055133147be36cf0d65932 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 17 Oct 2024 17:56:54 +0300
Subject: [PATCH 072/117] opt-out Wi-Fi testing activities from edge-to-edge

---
 AndroidManifest.xml   | 2 ++
 res/values/themes.xml | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 229a9f4fa24..ab4f41568c2 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -621,6 +621,7 @@
         </activity>
 
         <activity android:name=".wifi.WifiConfigInfo"
+            android:theme="@style/Theme.DeviceDefault.DayNight.NoEdgeToEdge"
             android:exported="true">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN"/>
@@ -643,6 +644,7 @@
         </activity>
 
         <activity android:name=".wifi.WifiStatusTest"
+            android:theme="@style/Theme.DeviceDefault.DayNight.NoEdgeToEdge"
             android:exported="true">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN"/>
diff --git a/res/values/themes.xml b/res/values/themes.xml
index 4f20d8c9091..ba67211b138 100644
--- a/res/values/themes.xml
+++ b/res/values/themes.xml
@@ -247,4 +247,8 @@
         <item name="colorPrimary">@*android:color/primary_device_default_settings_light</item>
         <item name="colorAccent">@*android:color/accent_device_default_light</item>
     </style>
+
+    <style name="Theme.DeviceDefault.DayNight.NoEdgeToEdge" parent="@android:style/Theme.DeviceDefault.DayNight">
+        <item name="android:windowOptOutEdgeToEdgeEnforcement">true</item>
+    </style>
 </resources>

From 91598a67a1d5229c7e3e6229841f96888ac2dcbe Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 19 Nov 2024 19:33:21 +0200
Subject: [PATCH 073/117] opt-out dev options app picker activity from
 edge-to-edge

"None" app picker option was invisible because this activity wasn't updated to support edge-to-edge.
---
 AndroidManifest.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index ab4f41568c2..5843af042db 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -3253,6 +3253,7 @@
         </activity>
 
         <activity android:name=".development.AppPicker"
+                  android:theme="@style/Theme.DeviceDefault.DayNight.NoEdgeToEdge"
                   android:label="@string/select_application" />
 
         <activity android:name=".development.AdbQrCodeActivity" />

From e10b7fcf6a1148f4403f359c3e7b9f8053b89e2d Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 27 Nov 2024 17:21:50 +0200
Subject: [PATCH 074/117] fix contacts access toggle in pairing dialog for BT
 hands-free devices

There was a mismatch between checks in getContactSharingState() and setContactSharingState(),
which led to contacts access being granted by default when the user accepted a background
pairing request for a hands-free device, despite the contacts access toggle indicating that the
contacts access will not be granted.

Fix this check mismatch by removing the confusing setContactSharingState() method and switching code
that depends on setContactSharingState() to use the value of getContactSharingState() instead.
---
 .../bluetooth/BluetoothPairingController.java | 31 +++++--------------
 .../BluetoothPairingDialogFragment.java       |  6 ++--
 2 files changed, 10 insertions(+), 27 deletions(-)

diff --git a/src/com/android/settings/bluetooth/BluetoothPairingController.java b/src/com/android/settings/bluetooth/BluetoothPairingController.java
index f141bccd594..d15026154d2 100644
--- a/src/com/android/settings/bluetooth/BluetoothPairingController.java
+++ b/src/com/android/settings/bluetooth/BluetoothPairingController.java
@@ -117,11 +117,8 @@ public BluetoothPairingController(Intent intent, Context context) {
 
     @Override
     public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
-        if (isChecked) {
-            mPbapAllowed = true;
-        } else {
-            mPbapAllowed = false;
-        }
+        mPbapAllowed = isChecked;
+        Log.d(TAG, "phonebook access permission toggle isChecked: " + isChecked);
     }
 
     @Override
@@ -227,37 +224,23 @@ public boolean isContactSharingVisible() {
      * contacts
      */
     public boolean getContactSharingState() {
-        switch (mDevice.getPhonebookAccessPermission()) {
+        int permission = mDevice.getPhonebookAccessPermission();
+        switch (permission) {
             case BluetoothDevice.ACCESS_ALLOWED:
                 return true;
             case BluetoothDevice.ACCESS_REJECTED:
                 return false;
-            default:
+            case BluetoothDevice.ACCESS_UNKNOWN:
                 if (BluetoothUtils.isDeviceClassMatched(
                         mDevice, BluetoothClass.Device.AUDIO_VIDEO_HANDSFREE)) {
                     return BluetoothDevice.EXTRA_PAIRING_INITIATOR_FOREGROUND == mInitiator;
                 }
                 return false;
+            default:
+                throw new IllegalStateException("getPhonebookAccessPermission returned " + permission);
         }
     }
 
-    /**
-     * Update Phone book permission
-     *
-     */
-     public void setContactSharingState() {
-         final int permission = mDevice.getPhonebookAccessPermission();
-         if (permission == BluetoothDevice.ACCESS_ALLOWED
-                 || (permission == BluetoothDevice.ACCESS_UNKNOWN
-                 && BluetoothUtils.isDeviceClassMatched(mDevice,
-                 BluetoothClass.Device.AUDIO_VIDEO_HANDSFREE))) {
-             onCheckedChanged(null, true);
-         } else {
-             onCheckedChanged(null, false);
-         }
-
-     }
-
     /**
      * A method for querying if the provided editable is a valid passkey/pin format for this device.
      *
diff --git a/src/com/android/settings/bluetooth/BluetoothPairingDialogFragment.java b/src/com/android/settings/bluetooth/BluetoothPairingDialogFragment.java
index e6b197c4d81..3db85d74a17 100644
--- a/src/com/android/settings/bluetooth/BluetoothPairingDialogFragment.java
+++ b/src/com/android/settings/bluetooth/BluetoothPairingDialogFragment.java
@@ -260,7 +260,7 @@ private View createPinEntryView() {
 
         contactSharing.setVisibility(
                 mPairingController.isContactSharingVisible() ? View.VISIBLE : View.GONE);
-        mPairingController.setContactSharingState();
+        // OnCheckedChangeListener has to be registered before the initial setChecked()
         contactSharing.setOnCheckedChangeListener(mPairingController);
         contactSharing.setChecked(mPairingController.getContactSharingState());
 
@@ -350,9 +350,9 @@ private View createView() {
                 view.findViewById(R.id.phonebook_sharing_message_confirm_pin);
         view.findViewById(R.id.phonebook_sharing).setVisibility(
                 mPairingController.isContactSharingVisible() ? View.VISIBLE : View.GONE);
-        mPairingController.setContactSharingState();
-        contactSharing.setChecked(mPairingController.getContactSharingState());
+        // OnCheckedChangeListener has to be registered before the initial setChecked()
         contactSharing.setOnCheckedChangeListener(mPairingController);
+        contactSharing.setChecked(mPairingController.getContactSharingState());
 
         messagePairing.setVisibility(mPairingController.isDisplayPairingKeyVariant()
                 ? View.VISIBLE : View.GONE);

From cd1477891bb92706136b37b232a83dbe1e9efff8 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 27 Nov 2024 17:29:25 +0200
Subject: [PATCH 075/117] never allow contacts access by default in Bluetooth
 pairing dialog

Before this change, contacts access toggle was turned on by default in foreground pairing dialogs
for hands-free devices.
---
 .../settings/bluetooth/BluetoothPairingController.java       | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/com/android/settings/bluetooth/BluetoothPairingController.java b/src/com/android/settings/bluetooth/BluetoothPairingController.java
index d15026154d2..e54837b1313 100644
--- a/src/com/android/settings/bluetooth/BluetoothPairingController.java
+++ b/src/com/android/settings/bluetooth/BluetoothPairingController.java
@@ -229,12 +229,7 @@ public boolean getContactSharingState() {
             case BluetoothDevice.ACCESS_ALLOWED:
                 return true;
             case BluetoothDevice.ACCESS_REJECTED:
-                return false;
             case BluetoothDevice.ACCESS_UNKNOWN:
-                if (BluetoothUtils.isDeviceClassMatched(
-                        mDevice, BluetoothClass.Device.AUDIO_VIDEO_HANDSFREE)) {
-                    return BluetoothDevice.EXTRA_PAIRING_INITIATOR_FOREGROUND == mInitiator;
-                }
                 return false;
             default:
                 throw new IllegalStateException("getPhonebookAccessPermission returned " + permission);

From cd1f29e8694822a2d4e399e8fb4f156d45940fee Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 5 Dec 2024 15:22:43 +0200
Subject: [PATCH 076/117] add App info > Storage > Manage storage button for
 apps that support it

There's a "Clear storage" button in App info > Storage & cache. When app implements a "manage
storage space" activity, that button opens it instead of actually clearing the storage.

"Manage space" activity might not provide an option to clear app storage or it might not work at
all.

This change adds a separate button to launch that activity and makes the "Clear storage" button
ignore its presence.
---
 res/values/strings.xml                        |  1 +
 .../applications/AppStorageSettings.java      | 34 ++++++++++++-------
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/res/values/strings.xml b/res/values/strings.xml
index 305f3e12bb9..ffef0ee046a 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -4265,6 +4265,7 @@
     <string name="enable_text">Enable</string>
     <!-- Manage applications, individual application info screen, button label under Storage heading. Button to clear all data associated with tis app (for example, remove all cached emails for an Email app) -->
     <string name="clear_user_data_text">Clear storage</string>
+    <string name="manage_storage_text">Manage storage</string>
     <!-- Manage applications, restore updated system application to factory version -->
     <string name="app_factory_reset">Uninstall updates</string>
     <!-- [CHAR LIMIT=50] Manage applications, unlock restricted setting from lock screen title -->
diff --git a/src/com/android/settings/applications/AppStorageSettings.java b/src/com/android/settings/applications/AppStorageSettings.java
index 0f52053b336..a4bec5e69bb 100644
--- a/src/com/android/settings/applications/AppStorageSettings.java
+++ b/src/com/android/settings/applications/AppStorageSettings.java
@@ -207,10 +207,14 @@ void handleClearCacheClick() {
 
     @VisibleForTesting
     void handleClearDataClick() {
+        handleClearDataClick(false);
+    }
+
+    private void handleClearDataClick(boolean ignoreAppActivity) {
         if (mAppsControlDisallowedAdmin != null && !mAppsControlDisallowedBySystem) {
             RestrictedLockUtils.sendShowAdminSupportDetailsIntent(
                     getActivity(), mAppsControlDisallowedAdmin);
-        } else if (mAppEntry.info.manageSpaceActivityName != null) {
+        } else if (!ignoreAppActivity && mAppEntry.info.manageSpaceActivityName != null) {
             if (!Utils.isMonkeyRunning()) {
                 Intent intent = new Intent(Intent.ACTION_DEFAULT);
                 intent.setClassName(mAppEntry.info.packageName,
@@ -296,15 +300,7 @@ private void initDataButtons() {
                 (mAppEntry.info.flags & (FLAG_SYSTEM | FLAG_ALLOW_CLEAR_USER_DATA)) == FLAG_SYSTEM;
         final boolean appRestrictsClearingData = isNonClearableSystemApp || appHasActiveAdmins;
 
-        final Intent intent = new Intent(Intent.ACTION_DEFAULT);
-        if (appHasSpaceManagementUI) {
-            intent.setClassName(mAppEntry.info.packageName, mAppEntry.info.manageSpaceActivityName);
-        }
-        final boolean isManageSpaceActivityAvailable =
-                getPackageManager().resolveActivity(intent, 0) != null;
-
-        if ((!appHasSpaceManagementUI && appRestrictsClearingData)
-                || !isManageSpaceActivityAvailable) {
+        if (appRestrictsClearingData) {
             mButtonsPref
                     .setButton1Text(R.string.clear_user_data_text)
                     .setButton1Icon(R.drawable.ic_settings_delete)
@@ -313,11 +309,25 @@ private void initDataButtons() {
         } else {
             mButtonsPref.setButton1Text(R.string.clear_user_data_text);
             mButtonsPref.setButton1Icon(R.drawable.ic_settings_delete)
-                    .setButton1OnClickListener(v -> handleClearDataClick());
+                    .setButton1OnClickListener(v -> handleClearDataClick(true));
+        }
+
+        if (appHasSpaceManagementUI) {
+            final Intent intent = new Intent(Intent.ACTION_DEFAULT);
+            intent.setClassName(mAppEntry.info.packageName, mAppEntry.info.manageSpaceActivityName);
+            final boolean isManageSpaceActivityAvailable = getPackageManager().resolveActivity(intent, 0) != null;
+
+            if (isManageSpaceActivityAvailable) {
+                ActionButtonsPreference bp = mButtonsPref;
+                bp.setButton3Text(R.string.manage_storage_text);
+                bp.setButton3Icon(R.drawable.ic_settings_open);
+                bp.setButton3OnClickListener(v -> handleClearDataClick(false));
+            }
         }
 
         if (mAppsControlDisallowedBySystem || AppUtils.isMainlineModule(mPm, mPackageName)) {
             mButtonsPref.setButton1Enabled(false);
+            mButtonsPref.setButton3Enabled(false);
         }
     }
 
@@ -574,7 +584,7 @@ void updateUiWithSize(AppStorageStats result) {
                 mButtonsPref.setButton1Enabled(false);
             } else {
                 mButtonsPref.setButton1Enabled(true)
-                        .setButton1OnClickListener(v -> handleClearDataClick());
+                        .setButton1OnClickListener(v -> handleClearDataClick(true));
             }
             if (cacheSize <= 0 || mCacheCleared) {
                 mButtonsPref.setButton2Enabled(false);

From 1aa757ffae56af928760a9569a243dcda348d3ed Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 10 Dec 2024 19:52:17 +0200
Subject: [PATCH 077/117] show current app battery usage mode in summary of App
 battery usage item

---
 .../spa/app/appinfo/AppBatteryPreference.kt   | 47 +++++++++++++++----
 1 file changed, 39 insertions(+), 8 deletions(-)

diff --git a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
index af4fc176940..ea13a025075 100644
--- a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
@@ -35,6 +35,7 @@ import com.android.settings.R
 import com.android.settings.Utils
 import com.android.settings.core.SubSettingLauncher
 import com.android.settings.fuelgauge.AdvancedPowerUsageDetail
+import com.android.settings.fuelgauge.BatteryOptimizeUtils
 import com.android.settings.fuelgauge.batteryusage.BatteryChartPreferenceController
 import com.android.settings.fuelgauge.batteryusage.BatteryDiffEntry
 import com.android.settingslib.spa.widget.preference.Preference
@@ -43,6 +44,7 @@ import com.android.settingslib.spaprivileged.model.app.installed
 import com.android.settingslib.spaprivileged.model.app.userHandle
 import com.android.settingslib.spaprivileged.model.app.userId
 import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.async
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
 
@@ -63,7 +65,7 @@ fun AppBatteryPreference(app: ApplicationInfo) {
 }
 
 private class AppBatteryPresenter(private val context: Context, private val app: ApplicationInfo) {
-    private var batteryDiffEntryState: LoadingState<BatteryDiffEntry?>
+    private var batteryDiffEntryState: LoadingState<Pair<BatteryDiffEntry?, Int>>
         by mutableStateOf(LoadingState.Loading)
 
     @Composable
@@ -82,12 +84,17 @@ private class AppBatteryPresenter(private val context: Context, private val app:
         }
     }
 
-    private suspend fun getBatteryDiffEntry(): BatteryDiffEntry? = withContext(Dispatchers.IO) {
-        BatteryChartPreferenceController.getAppBatteryUsageData(
-            context, app.packageName, app.userId
-        ).also {
-            Log.d(TAG, "loadBatteryDiffEntries():\n$it")
+    private suspend fun getBatteryDiffEntry(): Pair<BatteryDiffEntry?, Int> = withContext(Dispatchers.IO) {
+        val batteryDiffEntry = async {
+            BatteryChartPreferenceController.getAppBatteryUsageData(
+                context, app.packageName, app.userId
+            ).also {
+                Log.d(TAG, "loadBatteryDiffEntries():\n$it")
+            }
         }
+        val optimizationMode = BatteryOptimizeUtils(context, app.uid, app.packageName)
+            .getAppOptimizationMode(false, false);
+        Pair(batteryDiffEntry.await(), optimizationMode)
     }
 
     val enabled = { batteryDiffEntryState is LoadingState.Done }
@@ -97,7 +104,31 @@ private class AppBatteryPresenter(private val context: Context, private val app:
             batteryDiffEntryState.let { batteryDiffEntryState ->
                 when (batteryDiffEntryState) {
                     is LoadingState.Loading -> context.getString(R.string.summary_placeholder)
-                    is LoadingState.Done -> batteryDiffEntryState.result.getSummary()
+                    is LoadingState.Done -> {
+                        val optimizationMode = when (batteryDiffEntryState.result.second) {
+                            BatteryOptimizeUtils.MODE_RESTRICTED ->
+                                R.string.manager_battery_usage_restricted_title
+                            BatteryOptimizeUtils.MODE_UNRESTRICTED ->
+                                R.string.manager_battery_usage_unrestricted_title
+                            BatteryOptimizeUtils.MODE_OPTIMIZED ->
+                                R.string.manager_battery_usage_optimized_title
+                            else -> 0
+                        }
+                        val b = StringBuilder()
+                        val bde = batteryDiffEntryState.result.first
+                        if (optimizationMode != 0) {
+                            b.append(context.getString(optimizationMode))
+                        }
+
+                        val bdeSummary = bde.getSummary()
+                        if (b.isNotEmpty() && bdeSummary.isNotEmpty()) {
+                            b.append('\n')
+                            b.append(bdeSummary)
+                            return@let b.toString()
+                        }
+
+                        return@let bdeSummary
+                    }
                 }
             }
         } else ""
@@ -111,7 +142,7 @@ private class AppBatteryPresenter(private val context: Context, private val app:
         } ?: context.getString(R.string.no_battery_summary)
 
     fun startActivity() {
-        batteryDiffEntryState.resultOrNull?.run {
+        batteryDiffEntryState.resultOrNull?.first?.run {
             startBatteryDetailPage()
             return
         }

From c79ab1b019caea675e7d9e50d5b886bcb7f6179f Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 29 Dec 2024 18:39:56 +0200
Subject: [PATCH 078/117] add separate feature factory for Google devices

---
 src/com/android/settings/SettingsApplication.java           | 4 ++++
 .../android/settings/overlay/FeatureFactoryGoogleImpl.kt    | 6 ++++++
 2 files changed, 10 insertions(+)
 create mode 100644 src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt

diff --git a/src/com/android/settings/SettingsApplication.java b/src/com/android/settings/SettingsApplication.java
index 42bd349c35e..f182a237dc3 100644
--- a/src/com/android/settings/SettingsApplication.java
+++ b/src/com/android/settings/SettingsApplication.java
@@ -40,6 +40,7 @@
 import com.android.settings.localepicker.LocaleNotificationDataManager;
 import com.android.settings.overlay.FeatureFactory;
 import com.android.settings.overlay.FeatureFactoryImpl;
+import com.google.android.settings.overlay.FeatureFactoryGoogleImpl;
 import com.android.settings.spa.SettingsSpaEnvironment;
 import com.android.settingslib.applications.AppIconCacheManager;
 import com.android.settingslib.datastore.BackupRestoreStorageManager;
@@ -123,6 +124,9 @@ public void onTerminate() {
 
     @NonNull
     protected FeatureFactory getFeatureFactory() {
+        if ("Google".equals(android.os.Build.MANUFACTURER)) {
+            return new FeatureFactoryGoogleImpl();
+        }
         return new FeatureFactoryImpl();
     }
 
diff --git a/src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt b/src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt
new file mode 100644
index 00000000000..f92bed4abb9
--- /dev/null
+++ b/src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt
@@ -0,0 +1,6 @@
+package com.google.android.settings.overlay
+
+import com.android.settings.overlay.FeatureFactoryImpl
+
+class FeatureFactoryGoogleImpl : FeatureFactoryImpl() {
+}

From 4300a246ef27507e81a39b90b6823a5dab1ccb85 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 29 Dec 2024 19:34:13 +0200
Subject: [PATCH 079/117] add battery charge limit setting

---
 Android.bp                                    |  1 +
 res/values/strings_google.xml                 | 33 +++++++
 res/xml/power_usage_summary.xml               |  7 ++
 .../BatteryChargingOptimizationFragment.java  | 85 +++++++++++++++++++
 ...eryChargingOptimizationPrefController.java | 51 +++++++++++
 ...terySettingsFeatureProviderGoogleImpl.java | 61 +++++++++++++
 .../settings/fuelgauge/GoogleBattery.java     | 23 +++++
 .../PowerUsageFeatureProviderGoogleImpl.java  | 53 ++++++++++++
 .../overlay/FeatureFactoryGoogleImpl.kt       | 10 +++
 9 files changed, 324 insertions(+)
 create mode 100644 res/values/strings_google.xml
 create mode 100644 src/com/android/settings/fuelgauge/BatteryChargingOptimizationFragment.java
 create mode 100644 src/com/android/settings/fuelgauge/BatteryChargingOptimizationPrefController.java
 create mode 100644 src/com/google/android/settings/fuelgauge/BatterySettingsFeatureProviderGoogleImpl.java
 create mode 100644 src/com/google/android/settings/fuelgauge/GoogleBattery.java
 create mode 100644 src/com/google/android/settings/fuelgauge/PowerUsageFeatureProviderGoogleImpl.java

diff --git a/Android.bp b/Android.bp
index 094784690a1..32b1c90b3c5 100644
--- a/Android.bp
+++ b/Android.bp
@@ -92,6 +92,7 @@ android_library {
         "WindowManager-Shell-shared-desktopMode",
 
         // Settings dependencies
+        "google_battery",
         "FingerprintManagerInteractor",
         "MediaDrmSettingsFlagsLib",
         "ReverseWirelessCharging",
diff --git a/res/values/strings_google.xml b/res/values/strings_google.xml
new file mode 100644
index 00000000000..39878d07922
--- /dev/null
+++ b/res/values/strings_google.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <!-- SettingsGoogle -->
+    <string name="charging_optimization_charge_label"/>
+    <string name="charging_optimization_reach_limit_charge_label"/>
+    <string name="charging_optimization_reach_limit_remaining_time_label"/>
+    <string name="charging_optimization_remaining_time_label"/>
+    <string name="charging_optimization_wireless_reach_limit_remaining_time_label"/>
+    <string name="charging_optimization_wireless_remaining_time_label"/>
+
+    <!-- SettingsIntelligenceGoogle -->
+    <string name="charge_limit_indexing_keywords"/>
+    <string name="charge_limit_mode_key"/>
+    <string name="charge_limit_mode_summary"/>
+    <string name="charge_limit_mode_title"/>
+    <string name="charging_optimization_category_key"/>
+    <string name="charging_optimization_footer_adaptive"/>
+    <string name="charging_optimization_footer_charge_limit"/>
+    <string name="charging_optimization_footer_key"/>
+    <string name="charging_optimization_footer_learn_more_adaptive_charging"/>
+    <string name="charging_optimization_footer_learn_more_charge_limit"/>
+    <string name="charging_optimization_footer_learn_more_default"/>
+    <string name="charging_optimization_footer_off"/>
+    <string name="charging_optimization_illustration_key"/>
+    <string name="charging_optimization_main_switch_title"/>
+    <string name="charging_optimization_main_switch_title_charge_limit_only"/>
+    <string name="charging_optimization_summary_adaptive"/>
+    <string name="charging_optimization_summary_charge_limit"/>
+    <string name="charging_optimization_summary_off"/>
+    <string name="charging_optimization_switch_key"/>
+    <string name="charging_optimization_title"/>
+    <string name="url_help_article_charging_optimization"/>
+</resources>
diff --git a/res/xml/power_usage_summary.xml b/res/xml/power_usage_summary.xml
index c86ff0ac78f..24bde0f0f97 100644
--- a/res/xml/power_usage_summary.xml
+++ b/res/xml/power_usage_summary.xml
@@ -57,6 +57,13 @@
         settings:keywords="@string/keywords_battery_saver"
         settings:controller="com.android.settings.fuelgauge.BatterySaverController" />
 
+    <Preference
+        android:fragment="com.android.settings.fuelgauge.BatteryChargingOptimizationFragment"
+        android:key="charging_optimization"
+        android:title="@string/charging_optimization_title"
+        settings:keywords="@string/charge_limit_indexing_keywords"
+        settings:controller="com.android.settings.fuelgauge.BatteryChargingOptimizationPrefController" />
+
     <Preference
         android:fragment="com.android.settings.fuelgauge.SmartBatterySettings"
         android:key="smart_battery_manager"
diff --git a/src/com/android/settings/fuelgauge/BatteryChargingOptimizationFragment.java b/src/com/android/settings/fuelgauge/BatteryChargingOptimizationFragment.java
new file mode 100644
index 00000000000..f207a67f575
--- /dev/null
+++ b/src/com/android/settings/fuelgauge/BatteryChargingOptimizationFragment.java
@@ -0,0 +1,85 @@
+package com.android.settings.fuelgauge;
+
+import android.ext.power.BatteryChargeLimit;
+import android.ext.settings.BoolSetting;
+import android.icu.text.MessageFormat;
+import android.os.IBinder;
+import android.os.RemoteException;
+import android.os.ServiceManager;
+import android.util.Log;
+
+import com.android.settings.R;
+import com.android.settings.ext.BoolSettingFragment;
+import com.android.settingslib.widget.FooterPreference;
+import com.google.android.settings.fuelgauge.GoogleBattery;
+
+import java.util.Map;
+
+import vendor.google.google_battery.IGoogleBattery;
+
+public class BatteryChargingOptimizationFragment extends BoolSettingFragment {
+    private static final String TAG = "BatteryChargingOptimizationFragment";
+
+    @Override
+    protected boolean interceptMainSwitchChange(boolean newValue) {
+        int policy = newValue ?
+                IGoogleBattery.BatteryChargingPolicy.LONGLIFE :
+                IGoogleBattery.BatteryChargingPolicy.DEFAULT;
+
+        // block setting update if policy update fails
+        return !setChargingPolicy(policy);
+    }
+
+    static boolean setChargingPolicy(int policy) {
+        IGoogleBattery service = GoogleBattery.getService();
+        if (service == null) {
+            return false;
+        }
+        try {
+            service.setChargingPolicy(policy);
+            Log.d(TAG, "setChargingPolicy to " + policy);
+            return true;
+        } catch (RemoteException e) {
+            Log.e(TAG, "", e);
+            return false;
+        }
+    }
+
+    @Override
+    protected BoolSetting getSetting() {
+        return BatteryChargeLimit.getSetting();
+    }
+
+    @Override
+    protected CharSequence getTitle() {
+        return getText(R.string.charging_optimization_title);
+    }
+
+    @Override
+    protected CharSequence getMainSwitchTitle() {
+        return MessageFormat.format(
+                requireContext().getString(R.string.charging_optimization_summary_charge_limit),
+                Map.of("batteryLimitLevel", Integer.valueOf(BatteryChargeLimit.CHARGE_LEVEL)));
+    }
+
+    @Override
+    protected void onMainSwitchChanged(boolean state) {
+        footer.setVisible(getSetting().get(requireContext()));
+    }
+
+    private FooterPreference footer;
+
+    @Override
+    protected FooterPreference makeFooterPref(FooterPreference.Builder builder) {
+        String text = MessageFormat.format(
+                requireContext().getString(R.string.charging_optimization_footer_charge_limit),
+                Map.of("batteryLimitLevel", Integer.valueOf(BatteryChargeLimit.CHARGE_LEVEL)));
+
+        builder.setTitle(text);
+
+        FooterPreference pref = builder.build();
+        pref.setVisible(getSetting().get(requireContext()));
+        this.footer = pref;
+        return pref;
+    }
+}
diff --git a/src/com/android/settings/fuelgauge/BatteryChargingOptimizationPrefController.java b/src/com/android/settings/fuelgauge/BatteryChargingOptimizationPrefController.java
new file mode 100644
index 00000000000..7a1a0a37ace
--- /dev/null
+++ b/src/com/android/settings/fuelgauge/BatteryChargingOptimizationPrefController.java
@@ -0,0 +1,51 @@
+package com.android.settings.fuelgauge;
+
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.ext.power.BatteryChargeLimit;
+import android.icu.text.MessageFormat;
+import android.os.IBinder;
+import android.os.RemoteException;
+import android.os.ServiceManager;
+import android.util.Log;
+
+import com.android.settings.R;
+import com.android.settings.ext.BoolSettingFragmentPrefController;
+import com.android.settings.ext.ExtSettingControllerHelper;
+
+import java.util.Map;
+
+import vendor.google.google_battery.IGoogleBattery;
+
+public class BatteryChargingOptimizationPrefController extends BoolSettingFragmentPrefController {
+    private static final String TAG = "BatteryChargeLimitPrefController";
+
+    public BatteryChargingOptimizationPrefController(Context ctx, String key) {
+        super(ctx, key, BatteryChargeLimit.getSetting());
+    }
+
+    @Override
+    protected CharSequence getSummaryOn() {
+        return MessageFormat.format(
+                mContext.getString(R.string.charging_optimization_summary_charge_limit),
+                Map.of("batteryLimitLevel", Integer.valueOf(BatteryChargeLimit.CHARGE_LEVEL)));
+    }
+
+    @Override
+    protected CharSequence getSummaryOff() {
+        return mContext.getString(R.string.charging_optimization_summary_off);
+    }
+
+    static int getAvailabilityStatus(Context ctx) {
+        if (!BatteryChargeLimit.isGoogleDevice()) {
+            return UNSUPPORTED_ON_DEVICE;
+        }
+        return ExtSettingControllerHelper.getGlobalSettingAvailability(ctx);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        return getAvailabilityStatus(mContext);
+    }
+}
diff --git a/src/com/google/android/settings/fuelgauge/BatterySettingsFeatureProviderGoogleImpl.java b/src/com/google/android/settings/fuelgauge/BatterySettingsFeatureProviderGoogleImpl.java
new file mode 100644
index 00000000000..fcbc1a740f7
--- /dev/null
+++ b/src/com/google/android/settings/fuelgauge/BatterySettingsFeatureProviderGoogleImpl.java
@@ -0,0 +1,61 @@
+package com.google.android.settings.fuelgauge;
+
+import android.content.Context;
+import android.ext.power.BatteryChargeLimit;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+
+import com.android.settings.R;
+import com.android.settings.fuelgauge.BatterySettingsFeatureProviderImpl;
+import com.android.settingslib.utils.PowerUtil;
+
+// based on code from SettingsGoogle app
+public class BatterySettingsFeatureProviderGoogleImpl extends BatterySettingsFeatureProviderImpl {
+
+    @Override
+    public boolean isChargingOptimizationMode(@NonNull Context context) {
+        return BatteryChargeLimit.isChargeLimitEnabled(context);
+    }
+
+    @Nullable
+    @Override
+    public CharSequence getChargingOptimizationRemainingLabel(
+            @NonNull Context context,
+            int batteryLevel,
+            int pluggedStatus,
+            long chargeRemainingTimeMs,
+            long currentTimeMs) {
+        if (batteryLevel >= BatteryChargeLimit.CHARGE_LEVEL) {
+            return context.getString(R.string.charging_optimization_reach_limit_remaining_time_label);
+        }
+        if (chargeRemainingTimeMs <= 0) {
+            return null;
+        }
+        String targetTime = PowerUtil.getTargetTimeShortString(context,
+                chargeRemainingTimeMs, currentTimeMs);
+
+        return context.getString(R.string.charging_optimization_remaining_time_label, targetTime);
+    }
+
+    @Nullable
+    @Override
+    public CharSequence getChargingOptimizationChargeLabel(
+            @NonNull Context context,
+            int batteryLevel,
+            String batteryPercentageString,
+            long chargeRemainingTimeMs,
+            long currentTimeMs) {
+        if (batteryLevel >= BatteryChargeLimit.CHARGE_LEVEL) {
+            return context.getString(R.string.charging_optimization_reach_limit_charge_label,
+                    batteryPercentageString);
+        }
+        if (chargeRemainingTimeMs > 0) {
+            String targetTime = PowerUtil.getTargetTimeShortString(context,
+                    chargeRemainingTimeMs, currentTimeMs);
+            return context.getString(R.string.charging_optimization_charge_label,
+                    batteryPercentageString, targetTime);
+        }
+        return null;
+    }
+}
diff --git a/src/com/google/android/settings/fuelgauge/GoogleBattery.java b/src/com/google/android/settings/fuelgauge/GoogleBattery.java
new file mode 100644
index 00000000000..2608297a5c8
--- /dev/null
+++ b/src/com/google/android/settings/fuelgauge/GoogleBattery.java
@@ -0,0 +1,23 @@
+package com.google.android.settings.fuelgauge;
+
+import android.annotation.Nullable;
+import android.os.IBinder;
+import android.os.ServiceManager;
+import android.util.Log;
+
+import vendor.google.google_battery.IGoogleBattery;
+
+public class GoogleBattery {
+    static final String TAG = "GoogleBattery";
+
+    @Nullable
+    public static IGoogleBattery getService() {
+        String svc = IGoogleBattery.DESCRIPTOR + "/default";
+        IBinder binder = ServiceManager.getService(svc);
+        if (binder == null) {
+            Log.w(TAG, svc + " is null");
+            return null;
+        }
+        return IGoogleBattery.Stub.asInterface(binder);
+    }
+}
diff --git a/src/com/google/android/settings/fuelgauge/PowerUsageFeatureProviderGoogleImpl.java b/src/com/google/android/settings/fuelgauge/PowerUsageFeatureProviderGoogleImpl.java
new file mode 100644
index 00000000000..d8d974905b2
--- /dev/null
+++ b/src/com/google/android/settings/fuelgauge/PowerUsageFeatureProviderGoogleImpl.java
@@ -0,0 +1,53 @@
+package com.google.android.settings.fuelgauge;
+
+import android.content.Context;
+import android.os.RemoteException;
+import android.text.TextUtils;
+import android.util.Log;
+
+import com.android.settings.fuelgauge.BatteryInfo;
+import com.android.settings.fuelgauge.PowerUsageFeatureProviderImpl;
+
+import vendor.google.google_battery.IGoogleBattery;
+
+// based on code from SettingsGoogle app
+public class PowerUsageFeatureProviderGoogleImpl extends PowerUsageFeatureProviderImpl {
+    private static final String TAG = "PowerUsageFeatureProviderGoogleImpl";
+
+    public PowerUsageFeatureProviderGoogleImpl(Context context) {
+        super(context);
+    }
+
+    private static final String DWELL_DEFEND_TRIGGER_KEY = "ACTIVE";
+    private static final String TEMP_DEFEND_TRIGGER_KEY = " t=1";
+
+    @Override
+    public boolean isBatteryDefend(BatteryInfo info) {
+        IGoogleBattery googleBattery = GoogleBattery.getService();
+        if (googleBattery == null) {
+            return false;
+        }
+
+        try {
+            String dwellStatus = fetchFeatureStatus(googleBattery, 3);
+            String tempStatus = fetchFeatureStatus(googleBattery, 1);
+            Log.d(TAG, "dwell status: " + dwellStatus + ", temp status: " + tempStatus);
+            boolean isDwellDefend = DWELL_DEFEND_TRIGGER_KEY.equals(dwellStatus);
+            boolean isTempDefend = tempStatus != null && tempStatus.contains(TEMP_DEFEND_TRIGGER_KEY);
+            return isDwellDefend || isTempDefend;
+        } catch (Exception e) {
+            Log.e(TAG, "", e);
+            return false;
+        }
+    }
+
+    private static final int GOOGLE_BATTERY_PROPERTY_STATE = 18;
+
+    private static String fetchFeatureStatus(IGoogleBattery googleBattery, int feature) {
+        try {
+            return googleBattery.getStringProperty(feature, GOOGLE_BATTERY_PROPERTY_STATE);
+        } catch (RemoteException e) {
+            throw e.rethrowAsRuntimeException();
+        }
+    }
+}
diff --git a/src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt b/src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt
index f92bed4abb9..15822de1358 100644
--- a/src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt
+++ b/src/com/google/android/settings/overlay/FeatureFactoryGoogleImpl.kt
@@ -1,6 +1,16 @@
 package com.google.android.settings.overlay
 
+import com.google.android.settings.fuelgauge.BatterySettingsFeatureProviderGoogleImpl
 import com.android.settings.overlay.FeatureFactoryImpl
+import com.google.android.settings.fuelgauge.PowerUsageFeatureProviderGoogleImpl
 
 class FeatureFactoryGoogleImpl : FeatureFactoryImpl() {
+
+    override val powerUsageFeatureProvider by lazy {
+        PowerUsageFeatureProviderGoogleImpl(appContext)
+    }
+
+    override val batterySettingsFeatureProvider by lazy {
+        BatterySettingsFeatureProviderGoogleImpl()
+    }
 }

From f2c9b7ac5fd84fa5c59343ed91553c867c8b5c5b Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 29 Dec 2024 18:34:18 +0200
Subject: [PATCH 080/117] add app battery optimization settings link to Battery
 screen

---
 res/xml/power_usage_summary.xml               |  5 +++
 .../AppBatteryUsagePrefController.java        | 32 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 src/com/android/settings/fuelgauge/AppBatteryUsagePrefController.java

diff --git a/res/xml/power_usage_summary.xml b/res/xml/power_usage_summary.xml
index 24bde0f0f97..03f875b4d5a 100644
--- a/res/xml/power_usage_summary.xml
+++ b/res/xml/power_usage_summary.xml
@@ -50,6 +50,11 @@
         android:title="@string/advanced_battery_preference_title"
         settings:keywords="@string/keywords_battery_usage" />
 
+    <Preference
+        android:key="app_battery_usage"
+        android:title="@string/app_battery_usage_title"
+        settings:controller="com.android.settings.fuelgauge.AppBatteryUsagePrefController" />
+
     <Preference
         android:fragment="com.android.settings.fuelgauge.batterysaver.BatterySaverSettings"
         android:key="battery_saver_summary"
diff --git a/src/com/android/settings/fuelgauge/AppBatteryUsagePrefController.java b/src/com/android/settings/fuelgauge/AppBatteryUsagePrefController.java
new file mode 100644
index 00000000000..d2ea1044d0e
--- /dev/null
+++ b/src/com/android/settings/fuelgauge/AppBatteryUsagePrefController.java
@@ -0,0 +1,32 @@
+package com.android.settings.fuelgauge;
+
+import android.content.Context;
+import android.text.TextUtils;
+
+import androidx.preference.Preference;
+
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.spa.SpaActivity;
+import com.android.settings.spa.app.battery.BatteryOptimizationModeAppListPageProvider;
+
+public class AppBatteryUsagePrefController extends BasePreferenceController {
+
+    public AppBatteryUsagePrefController(Context context, String key) {
+        super(context, key);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        return AVAILABLE;
+    }
+
+    @Override
+    public boolean handlePreferenceTreeClick(Preference preference) {
+        if (!TextUtils.equals(preference.getKey(), getPreferenceKey())) {
+            return false;
+        }
+
+        SpaActivity.startSpaActivity(mContext, BatteryOptimizationModeAppListPageProvider.INSTANCE.getName());
+        return true;
+    }
+}

From a4e6c7d195076a376fb819fbb1813ccddec8b4b7 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 29 Dec 2024 18:35:36 +0200
Subject: [PATCH 081/117] reorder spinner entries on the battery optimization
 app list screen

---
 .../battery/BatteryOptimizationModeAppListPageProvider.kt   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/com/android/settings/spa/app/battery/BatteryOptimizationModeAppListPageProvider.kt b/src/com/android/settings/spa/app/battery/BatteryOptimizationModeAppListPageProvider.kt
index 5c27f5bfad0..b9531f90f1d 100644
--- a/src/com/android/settings/spa/app/battery/BatteryOptimizationModeAppListPageProvider.kt
+++ b/src/com/android/settings/spa/app/battery/BatteryOptimizationModeAppListPageProvider.kt
@@ -156,8 +156,8 @@ class BatteryOptimizationModeAppListModel(
 }
 
 private enum class OptimizationModeSpinnerItem(val stringResId: Int) {
-    All(R.string.filter_all_apps),
-    Restricted(R.string.filter_battery_restricted_title),
+    Unrestricted(R.string.filter_battery_unrestricted_title),
     Optimized(R.string.filter_battery_optimized_title),
-    Unrestricted(R.string.filter_battery_unrestricted_title);
+    Restricted(R.string.filter_battery_restricted_title),
+    All(R.string.filter_all_apps);
 }

From 1f9923d9d1702affeeb374112edebe5623a44fca Mon Sep 17 00:00:00 2001
From: Fred Underwood <underwoodfred@proton.me>
Date: Mon, 23 Dec 2024 12:31:59 +1000
Subject: [PATCH 082/117] return credential from ConfirmLockPassword

---
 src/com/android/settings/password/ConfirmLockPassword.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java
index a09db22c215..7c8b0bc1fe5 100644
--- a/src/com/android/settings/password/ConfirmLockPassword.java
+++ b/src/com/android/settings/password/ConfirmLockPassword.java
@@ -549,6 +549,9 @@ private void startVerifyPassword(LockscreenCredential credential, final Intent i
                                 ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
                                 response.getGatekeeperHAT());
                     }
+                    if (isInternalActivity()) {
+                        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, credential);
+                    }
                 }
                 mCredentialCheckResultTracker.setResult(matched, intent, timeoutMs,
                         localEffectiveUserId);

From b4a55da0e4c02686e28b4eefe209f8b5751dd423 Mon Sep 17 00:00:00 2001
From: Fred Underwood <underwoodfred@proton.me>
Date: Mon, 23 Dec 2024 12:34:23 +1000
Subject: [PATCH 083/117] allow newly-set credential to be optionally returned

---
 .../settings/password/ChooseLockGeneric.java  |  6 ++-
 .../settings/password/ChooseLockPassword.java | 12 +++++-
 .../password/SaveAndFinishWorker.java         | 16 +++++++-
 .../password/SaveAndFinishWorkerTest.java     | 41 +++++++++++++++++++
 4 files changed, 71 insertions(+), 4 deletions(-)

diff --git a/src/com/android/settings/password/ChooseLockGeneric.java b/src/com/android/settings/password/ChooseLockGeneric.java
index ef6a9ad7559..eddf2d99f9c 100644
--- a/src/com/android/settings/password/ChooseLockGeneric.java
+++ b/src/com/android/settings/password/ChooseLockGeneric.java
@@ -167,6 +167,7 @@ public static class ChooseLockGenericFragment extends SettingsPreferenceFragment
         private LockPatternUtils mLockPatternUtils;
         private DevicePolicyManager mDpm;
         private boolean mRequestGatekeeperPasswordHandle = false;
+        private boolean mReturnCredentials = false;
         private boolean mPasswordConfirmed = false;
         private boolean mBiometricsAuthSuccessful = false;
         private boolean mWaitingForConfirmation = false;
@@ -256,6 +257,8 @@ public void onCreate(Bundle savedInstanceState) {
 
             mRequestGatekeeperPasswordHandle = intent.getBooleanExtra(
                     ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false);
+            mReturnCredentials = intent.getBooleanExtra(
+                    ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false);
             mForFingerprint = intent.getBooleanExtra(
                     ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
             mForFace = intent.getBooleanExtra(
@@ -814,7 +817,8 @@ protected Intent getLockPasswordIntent(int quality) {
                             .setForFace(mForFace)
                             .setForBiometrics(mForBiometrics)
                             .setUserId(mUserId)
-                            .setRequestGatekeeperPasswordHandle(mRequestGatekeeperPasswordHandle);
+                            .setRequestGatekeeperPasswordHandle(mRequestGatekeeperPasswordHandle)
+                            .setReturnCredentials(mReturnCredentials);
             if (mUserPassword != null) {
                 builder.setPassword(mUserPassword);
             }
diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java
index 04bd03c6661..bda850b208b 100644
--- a/src/com/android/settings/password/ChooseLockPassword.java
+++ b/src/com/android/settings/password/ChooseLockPassword.java
@@ -179,6 +179,12 @@ public IntentBuilder setPasswordRequirement(@PasswordComplexity int level,
             return this;
         }
 
+        public IntentBuilder setReturnCredentials(boolean returnCredentials) {
+            mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS,
+                    returnCredentials);
+            return this;
+        }
+
         /**
          * Configures the launch such that at the end of the password enrollment, one of its
          * managed profile (specified by {@code profileId}) will have its lockscreen unified
@@ -242,6 +248,7 @@ public static class ChooseLockPasswordFragment extends InstrumentedFragment
         private LockscreenCredential mChosenPassword;
         private boolean mRequestGatekeeperPassword;
         private boolean mRequestWriteRepairModePassword;
+        private boolean mReturnCredentials;
         private ImeAwareEditText mPasswordEntry;
         private TextViewInputDisabler mPasswordEntryInputDisabler;
 
@@ -603,6 +610,8 @@ public void onViewCreated(View view, Bundle savedInstanceState) {
                     ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false);
             mRequestWriteRepairModePassword = intent.getBooleanExtra(
                     ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_WRITE_REPAIR_MODE_PW, false);
+            mReturnCredentials = intent.getBooleanExtra(
+                    ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false);
             if (savedInstanceState == null) {
                 updateStage(Stage.Introduction);
                 if (confirmCredentials) {
@@ -1110,7 +1119,8 @@ private void startSaveAndFinish() {
             mSaveAndFinishWorker
                     .setListener(this)
                     .setRequestGatekeeperPasswordHandle(mRequestGatekeeperPassword)
-                    .setRequestWriteRepairModePassword(mRequestWriteRepairModePassword);
+                    .setRequestWriteRepairModePassword(mRequestWriteRepairModePassword)
+                    .setReturnCredentials(mReturnCredentials);
 
             getFragmentManager().beginTransaction().add(mSaveAndFinishWorker,
                     FRAGMENT_TAG_SAVE_AND_FINISH).commit();
diff --git a/src/com/android/settings/password/SaveAndFinishWorker.java b/src/com/android/settings/password/SaveAndFinishWorker.java
index 40054b77645..5033eaccfe0 100644
--- a/src/com/android/settings/password/SaveAndFinishWorker.java
+++ b/src/com/android/settings/password/SaveAndFinishWorker.java
@@ -47,6 +47,7 @@ public class SaveAndFinishWorker extends Fragment {
     private LockPatternUtils mUtils;
     private boolean mRequestGatekeeperPassword;
     private boolean mRequestWriteRepairModePassword;
+    private boolean mReturnCredentials;
     private boolean mWasSecureBefore;
     private int mUserId;
     private int mUnificationProfileId = UserHandle.USER_NULL;
@@ -128,11 +129,17 @@ Pair<Boolean, Intent> saveAndVerifyInBackground() {
         if (mRequestWriteRepairModePassword) {
             flags |= LockPatternUtils.VERIFY_FLAG_WRITE_REPAIR_MODE_PW;
         }
+        Intent result = new Intent();
+        if (mReturnCredentials) {
+            // Need to duplicate as the original gets zeroized. Leaving the duplicate in memory is
+            // unavoidable when it is being returned as result data.
+            result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
+                    mChosenCredential.duplicate());
+        }
         if (flags == 0) {
-            return Pair.create(true, null);
+            return Pair.create(true, mReturnCredentials ? result : null);
         }
 
-        Intent result = new Intent();
         final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenCredential,
                 userId, flags);
         if (response.isMatched()) {
@@ -176,6 +183,11 @@ public SaveAndFinishWorker setRequestWriteRepairModePassword(boolean value) {
         return this;
     }
 
+    public SaveAndFinishWorker setReturnCredentials(boolean value) {
+        mReturnCredentials = value;
+        return this;
+    }
+
     public SaveAndFinishWorker setBlocking(boolean blocking) {
         mBlocking = blocking;
         return this;
diff --git a/tests/unit/src/com/android/settings/password/SaveAndFinishWorkerTest.java b/tests/unit/src/com/android/settings/password/SaveAndFinishWorkerTest.java
index 88e31508155..4f46fdedd5c 100644
--- a/tests/unit/src/com/android/settings/password/SaveAndFinishWorkerTest.java
+++ b/tests/unit/src/com/android/settings/password/SaveAndFinishWorkerTest.java
@@ -34,6 +34,47 @@
 
 @RunWith(AndroidJUnit4.class)
 public class SaveAndFinishWorkerTest {
+    // Unsure if this is still passing as unit tests are failing to run.
+    @Test
+    public void saveAndVerifyInBackground_returnCredentialsTrue_returnsCredentials() {
+        int userId = 0;
+        var chosenCredential = LockscreenCredential.createPassword("1234");
+        var currentCredential = LockscreenCredential.createNone();
+        var worker = new SaveAndFinishWorker();
+        var lpu = mock(LockPatternUtils.class);
+
+        when(lpu.setLockCredential(chosenCredential, currentCredential, userId)).thenReturn(true);
+
+        worker.setReturnCredentials(true);
+        worker.prepare(lpu, chosenCredential, currentCredential, userId);
+        var result = worker.saveAndVerifyInBackground();
+
+        verify(lpu).setLockCredential(chosenCredential, currentCredential, userId);
+        assertThat(result.first).isTrue();
+        assertThat(result.second.getParcelableExtra(
+                ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, LockscreenCredential.class))
+                .isEqualTo(chosenCredential);
+    }
+
+    // Unsure if this is still passing as unit tests are failing to run.
+    @Test
+    public void saveAndVerifyInBackground_returnCredentialsFalse_notReturnCredentials() {
+        int userId = 0;
+        var chosenCredential = LockscreenCredential.createPassword("1234");
+        var currentCredential = LockscreenCredential.createNone();
+        var worker = new SaveAndFinishWorker();
+        var lpu = mock(LockPatternUtils.class);
+
+        when(lpu.setLockCredential(chosenCredential, currentCredential, userId)).thenReturn(true);
+
+        worker.prepare(lpu, chosenCredential, currentCredential, userId);
+        var result = worker.saveAndVerifyInBackground();
+
+        verify(lpu).setLockCredential(chosenCredential, currentCredential, userId);
+        assertThat(result.first).isTrue();
+        assertThat(result.second).isNull();
+    }
+
     @Test
     public void testSetRequestWriteRepairModePassword_setLockCredentialFail() {
         int userId = 0;

From 12f12ce6b92bb4b01e39893b94a97f51c3eadfc5 Mon Sep 17 00:00:00 2001
From: Fred Underwood <underwoodfred@proton.me>
Date: Mon, 23 Dec 2024 12:38:28 +1000
Subject: [PATCH 084/117] add second factor to PinPrivacyPreferenceController

---
 .../security/screenlock/PinPrivacyPreferenceController.kt     | 4 ++--
 .../settings/security/screenlock/ScreenLockSettings.java      | 3 ++-
 .../screenlock/PinPrivacyPreferenceControllerTest.java        | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/com/android/settings/security/screenlock/PinPrivacyPreferenceController.kt b/src/com/android/settings/security/screenlock/PinPrivacyPreferenceController.kt
index 78656e88416..626a2b29bff 100644
--- a/src/com/android/settings/security/screenlock/PinPrivacyPreferenceController.kt
+++ b/src/com/android/settings/security/screenlock/PinPrivacyPreferenceController.kt
@@ -20,15 +20,15 @@ import android.content.Context
 import android.provider.Settings
 import androidx.preference.Preference
 import androidx.preference.TwoStatePreference
-import com.android.internal.widget.LockPatternUtils
 import com.android.internal.widget.LockPatternUtils.*
+import com.android.internal.widget.WrappedLockPatternUtils
 import com.android.settings.core.PreferenceControllerMixin
 import com.android.settingslib.core.AbstractPreferenceController
 
 class PinPrivacyPreferenceController(
     context: Context,
     private val userId: Int,
-    private val lockPatternUtils: LockPatternUtils
+    private val lockPatternUtils: WrappedLockPatternUtils,
 ) : AbstractPreferenceController(context), PreferenceControllerMixin,
     Preference.OnPreferenceChangeListener {
 
diff --git a/src/com/android/settings/security/screenlock/ScreenLockSettings.java b/src/com/android/settings/security/screenlock/ScreenLockSettings.java
index ae3caac6ba6..88cb4a66470 100644
--- a/src/com/android/settings/security/screenlock/ScreenLockSettings.java
+++ b/src/com/android/settings/security/screenlock/ScreenLockSettings.java
@@ -27,6 +27,7 @@
 import androidx.annotation.Nullable;
 
 import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.WrappedLockPatternUtils;
 import com.android.settings.R;
 import com.android.settings.dashboard.DashboardFragment;
 import com.android.settings.search.BaseSearchIndexProvider;
@@ -83,7 +84,7 @@ private static List<AbstractPreferenceController> buildPreferenceControllers(Con
         controllers.add(new PatternVisiblePreferenceController(
                 context, MY_USER_ID, lockPatternUtils));
         controllers.add(new PinPrivacyPreferenceController(
-                context, MY_USER_ID, lockPatternUtils));
+                context, MY_USER_ID, new WrappedLockPatternUtils(lockPatternUtils, Primary)));
         controllers.add(new PowerButtonInstantLockPreferenceController(
                 context, MY_USER_ID, lockPatternUtils));
         controllers.add(new LockAfterTimeoutPreferenceController(
diff --git a/tests/robotests/src/com/android/settings/security/screenlock/PinPrivacyPreferenceControllerTest.java b/tests/robotests/src/com/android/settings/security/screenlock/PinPrivacyPreferenceControllerTest.java
index f7bd108e798..85122928b59 100644
--- a/tests/robotests/src/com/android/settings/security/screenlock/PinPrivacyPreferenceControllerTest.java
+++ b/tests/robotests/src/com/android/settings/security/screenlock/PinPrivacyPreferenceControllerTest.java
@@ -29,7 +29,7 @@
 
 import androidx.preference.SwitchPreference;
 
-import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.WrappedLockPatternUtils;
 
 import org.junit.Before;
 import org.junit.Ignore;
@@ -46,7 +46,7 @@ public class PinPrivacyPreferenceControllerTest {
     private static final int TEST_USER_ID = 0;
 
     @Mock
-    private LockPatternUtils mLockPatternUtils;
+    private WrappedLockPatternUtils mLockPatternUtils;
     private Context mContext;
     private PinPrivacyPreferenceController mController;
     private SwitchPreference mPreference;

From 6bfb9d1680715fae78c75defedc94ee364b82fb2 Mon Sep 17 00:00:00 2001
From: Fred Underwood <underwoodfred@proton.me>
Date: Mon, 23 Dec 2024 12:44:37 +1000
Subject: [PATCH 085/117] add second factor PIN choosing

---
 AndroidManifest.xml                           |   6 +
 .../choose_biometric_second_factor_pin.xml    |  90 +++
 res/values/dimens.xml                         |   3 +
 res/values/strings.xml                        |  10 +
 ...metricSecondFactorSaveAndFinishWorker.java | 126 ++++
 .../ChooseBiometricSecondFactorPin.java       | 705 ++++++++++++++++++
 6 files changed, 940 insertions(+)
 create mode 100644 res/layout/choose_biometric_second_factor_pin.xml
 create mode 100644 src/com/android/settings/password/BiometricSecondFactorSaveAndFinishWorker.java
 create mode 100644 src/com/android/settings/password/ChooseBiometricSecondFactorPin.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 5843af042db..5770c914f8a 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -3086,6 +3086,12 @@
             android:enableOnBackInvokedCallback="false"
             android:windowSoftInputMode="stateVisible|adjustResize"/>
 
+        <activity android:name=".password.ChooseBiometricSecondFactorPin"
+            android:exported="false"
+            android:theme="@style/GlifTheme.Light"
+            android:enableOnBackInvokedCallback="false"
+            android:windowSoftInputMode="stateVisible|adjustResize"/>
+
         <activity
             android:name=".Settings$StorageDashboardActivity"
             android:label="@string/storage_settings"
diff --git a/res/layout/choose_biometric_second_factor_pin.xml b/res/layout/choose_biometric_second_factor_pin.xml
new file mode 100644
index 00000000000..c2eb13ae537
--- /dev/null
+++ b/res/layout/choose_biometric_second_factor_pin.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+    Copyright (C) 2014 The Android Open Source Project
+
+    Licensed under the Apache License, Version 2.0 (the "License")
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<com.google.android.setupdesign.GlifLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:settings="http://schemas.android.com/apk/res-auto"
+    android:id="@+id/setup_wizard_layout"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:icon="@drawable/ic_lock"
+    android:importantForAutofill="noExcludeDescendants">
+
+    <LinearLayout
+        style="@style/SudContentFrame"
+        android:layout_width="match_parent"
+        android:layout_height="match_parent"
+        android:clipChildren="false"
+        android:clipToPadding="false"
+        android:gravity="center_horizontal"
+        android:orientation="vertical">
+
+        <TextView
+            android:id="@+id/sud_layout_description"
+            style="@style/SudDescription.Glif"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:minLines="2"/>
+
+        <LinearLayout
+            android:id="@+id/password_container"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="16dp"
+            android:clipChildren="false"
+            android:clipToPadding="false"
+            android:orientation="vertical"
+            android:layoutMode="opticalBounds"
+            android:paddingBottom="8dp">
+
+            <!-- Password entry field -->
+            <com.android.settings.widget.ScrollToParentEditText
+                android:id="@+id/password_entry"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_gravity="center"
+                android:gravity="center"
+                android:inputType="textPassword"
+                android:imeOptions="actionNext|flagNoExtractUi|flagForceAscii"
+                style="@style/TextAppearance.PasswordEntry"/>
+
+            <CheckBox
+                android:id="@+id/auto_pin_confirm_enabler"
+                android:layout_marginTop="8dp"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_gravity="center_horizontal"
+                android:gravity="center"
+                android:text="@string/auto_pin_confirm_user_message"
+                android:textSize="16sp"
+                android:button="@drawable/checkbox_circle_shape"
+                android:visibility="gone" />
+
+        </LinearLayout>
+
+        <TextView
+            android:id="@+id/auto_pin_confirm_security_message"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="24dp"
+            android:gravity="center"
+            android:text="@string/auto_pin_confirm_opt_in_security_message"
+            android:textSize="16sp"
+            android:visibility="gone" />
+
+    </LinearLayout>
+
+</com.google.android.setupdesign.GlifLayout>
diff --git a/res/values/dimens.xml b/res/values/dimens.xml
index 3a3bcff794c..b4fe2539bb5 100755
--- a/res/values/dimens.xml
+++ b/res/values/dimens.xml
@@ -292,6 +292,9 @@
     <!-- Choose lock Password requirement dimensions -->
     <dimen name="password_requirement_view_margin_top">16dp</dimen>
 
+    <!-- Margin above biometric second factor PIN requirements -->
+    <dimen name="biometric_second_factor_pin_requirement_view_margin_top">44dp</dimen>
+
     <!-- Screen lock option button dimensions -->
     <dimen name="screen_lock_options_button_margin_top">32dp</dimen>
 
diff --git a/res/values/strings.xml b/res/values/strings.xml
index ffef0ee046a..1f7ff2f680a 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -912,6 +912,16 @@
     <string name="setup_fingerprint_enroll_skip_after_adding_lock_text">Fingerprint setup only takes a minute or two. If you skip this, you can add your fingerprint later in settings.</string>
     <!-- Title of dialog shown when the user tries to skip setting up a screen lock, warning them of potential consequences of not doing so [CHAR LIMIT=30]-->
 
+    <!-- Header on first screen of choose biometric second factor PIN flow [CHAR LIMIT=40] -->
+    <string name="biometric_second_factor_pin_choose_header">Set a second factor PIN</string>
+    <!-- Header on biometric second factor PIN confirm screen [CHAR LIMIT=40] -->
+    <string name="biometric_second_factor_confirm_header">Re-enter your second factor PIN</string>
+    <!-- Description of biometric second factor PIN -->
+    <string name="biometric_second_factor_pin_description">This PIN will be required in addition to your fingerprint when attempting to enter the device from the lockscreen.</string>
+    <string name="biometric_second_factor_pin_description_empty"></string>
+    <!-- Toast for a failed biometric second factor PIN change attempt [CHAR LIMIT=120]-->
+    <string name="biometric_second_factor_pin_change_failed">Unable to change second factor PIN!</string>
+
     <!-- Introduction detail message shown in fingerprint enrollment introduction screen in setup wizard. [CHAR LIMIT=NONE]-->
     <string name="security_settings_fingerprint_v2_enroll_introduction_message_setup">When you see this icon, use your fingerprint for authentication, like when you sign in to apps or approve a purchase</string>
     <!-- Introduction subtitle message shown in fingerprint enrollment introduction screen in setup wizard. [CHAR LIMIT=NONE]-->
diff --git a/src/com/android/settings/password/BiometricSecondFactorSaveAndFinishWorker.java b/src/com/android/settings/password/BiometricSecondFactorSaveAndFinishWorker.java
new file mode 100644
index 00000000000..66b262ff480
--- /dev/null
+++ b/src/com/android/settings/password/BiometricSecondFactorSaveAndFinishWorker.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2010 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.password;
+
+import static com.android.internal.widget.LockDomain.Secondary;
+
+import android.os.AsyncTask;
+import android.os.Bundle;
+import android.util.Log;
+import android.widget.Toast;
+
+import androidx.fragment.app.Fragment;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.settings.R;
+
+/**
+ * An invisible retained worker fragment to track the AsyncWork that saves the chosen biometric
+ * second factor.
+ * Based on upstream's SaveAndFinishWorker.
+ */
+public class BiometricSecondFactorSaveAndFinishWorker extends Fragment {
+    private static final String TAG = "BiometricSecondFactorSaveAndFinishWorker";
+
+    private Listener mListener;
+    private boolean mFinished;
+
+    private LockPatternUtils mUtils;
+
+    private int mUserId;
+    private LockscreenCredential mChosenCredential;
+    private LockscreenCredential mPrimaryCredential;
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        setRetainInstance(true);
+    }
+
+    public BiometricSecondFactorSaveAndFinishWorker setListener(Listener listener) {
+        if (mListener == listener) {
+            return this;
+        }
+
+        mListener = listener;
+        if (mFinished && mListener != null) {
+            mListener.onChosenLockSaveFinished();
+        }
+        return this;
+    }
+
+    private void prepare(LockPatternUtils utils, LockscreenCredential chosenCredential,
+            LockscreenCredential primaryCredential, int userId) {
+        mUtils = utils;
+        mUserId = userId;
+        mFinished = false;
+
+        mChosenCredential = chosenCredential;
+        mPrimaryCredential = primaryCredential;
+    }
+
+    public void start(LockPatternUtils utils, LockscreenCredential chosenCredential,
+            LockscreenCredential primaryCredential, int userId) {
+        prepare(utils, chosenCredential, primaryCredential, userId);
+        new BiometricSecondFactorSaveAndFinishWorker.Task().execute();
+    }
+
+    private boolean saveAndVerifyInBackground() {
+        final int userId = mUserId;
+        try {
+            if (!mUtils.setLockCredential(mChosenCredential, mPrimaryCredential, Secondary,
+                    userId)) {
+                return false;
+            }
+        } catch (RuntimeException e) {
+            Log.e(TAG, "Failed to set credential", e);
+            return false;
+        }
+
+        return true;
+    }
+
+    private void finish() {
+        mFinished = true;
+        if (mListener != null) {
+            mListener.onChosenLockSaveFinished();
+        }
+    }
+
+    private class Task extends AsyncTask<Void, Void, Boolean> {
+
+        @Override
+        protected Boolean doInBackground(Void... params){
+            return saveAndVerifyInBackground();
+        }
+
+        @Override
+        protected void onPostExecute(Boolean result) {
+            if (!result) {
+                Toast.makeText(getContext(),
+                        R.string.biometric_second_factor_pin_change_failed, Toast.LENGTH_LONG)
+                        .show();
+            }
+            finish();
+        }
+    }
+
+    interface Listener {
+        void onChosenLockSaveFinished();
+    }
+}
diff --git a/src/com/android/settings/password/ChooseBiometricSecondFactorPin.java b/src/com/android/settings/password/ChooseBiometricSecondFactorPin.java
new file mode 100644
index 00000000000..fe6fc18bdae
--- /dev/null
+++ b/src/com/android/settings/password/ChooseBiometricSecondFactorPin.java
@@ -0,0 +1,705 @@
+/*
+ * Copyright (C) 2010 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.password;
+
+import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE;
+import static android.view.View.ACCESSIBILITY_LIVE_REGION_POLITE;
+import static com.android.internal.widget.LockDomain.Secondary;
+import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE;
+
+import android.app.Activity;
+import android.app.admin.DevicePolicyManager.PasswordComplexity;
+import android.app.admin.PasswordMetrics;
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.content.Intent;
+import android.graphics.Insets;
+import android.graphics.Typeface;
+import android.os.Bundle;
+import android.os.Handler;
+import android.os.Message;
+import android.text.Editable;
+import android.text.InputType;
+import android.text.Selection;
+import android.text.Spannable;
+import android.text.TextUtils;
+import android.text.TextWatcher;
+import android.util.Log;
+import android.view.KeyEvent;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.view.WindowManager;
+import android.view.inputmethod.EditorInfo;
+import android.widget.CheckBox;
+import android.widget.ImeAwareEditText;
+import android.widget.LinearLayout;
+import android.widget.TextView;
+import android.widget.TextView.OnEditorActionListener;
+
+import androidx.annotation.Nullable;
+import androidx.fragment.app.Fragment;
+import androidx.recyclerview.widget.LinearLayoutManager;
+import androidx.recyclerview.widget.RecyclerView;
+
+import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.internal.widget.PasswordValidationError;
+import com.android.internal.widget.TextViewInputDisabler;
+import com.android.settings.R;
+import com.android.settings.SettingsActivity;
+import com.android.settings.SetupWizardUtils;
+import com.android.settings.core.InstrumentedFragment;
+import com.android.settings.overlay.FeatureFactory;
+import com.google.android.setupcompat.template.FooterBarMixin;
+import com.google.android.setupcompat.template.FooterButton;
+import com.google.android.setupdesign.GlifLayout;
+import com.google.android.setupdesign.util.ThemeHelper;
+
+import java.util.List;
+
+/**
+ * Activity that allows the user to set/choose their biometric second factor PIN.
+ * Based on upstream's ChooseLockPassword.
+ */
+public class ChooseBiometricSecondFactorPin extends SettingsActivity {
+    private static final String TAG = "ChooseLockPassword";
+
+    private static final String EXTRA_KEY_PRIMARY_CREDENTIAL = "primary_credential";
+    // Not using Intent.EXTRA_USER_ID as we want to make this private to force use of the
+    // IntentBuilder.
+    private static final String EXTRA_USER_ID = "user_id";
+
+    @Override
+    public Intent getIntent() {
+        Intent modIntent = new Intent(super.getIntent());
+        modIntent.putExtra(EXTRA_SHOW_FRAGMENT, getFragmentClass().getName());
+        return modIntent;
+    }
+
+    public static class IntentBuilder {
+
+        private final Intent mIntent;
+
+        public IntentBuilder(Context context) {
+            mIntent = new Intent(context, ChooseBiometricSecondFactorPin.class);
+        }
+
+        public IntentBuilder setUserId(int userId) {
+            mIntent.putExtra(EXTRA_USER_ID, userId);
+            return this;
+        }
+
+        public IntentBuilder setPrimaryCredential(LockscreenCredential primaryCredential) {
+            mIntent.putExtra(EXTRA_KEY_PRIMARY_CREDENTIAL, primaryCredential);
+            return this;
+        }
+
+        public Intent build() {
+            return mIntent;
+        }
+    }
+
+    @Override
+    protected boolean isValidFragment(String fragmentName) {
+        if (ChooseBiometricSecondFactorPinFragment.class.getName().equals(fragmentName)) return true;
+        return false;
+    }
+
+    @Override
+    protected boolean isToolbarEnabled() {
+        return false;
+    }
+
+    /* package */ Class<? extends Fragment> getFragmentClass() {
+        return ChooseBiometricSecondFactorPinFragment.class;
+    }
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        setTheme(SetupWizardUtils.getTheme(this, getIntent()));
+        ThemeHelper.trySetDynamicColor(this);
+        super.onCreate(savedInstanceState);
+        findViewById(R.id.content_parent).setFitsSystemWindows(false);
+        getWindow().addFlags(WindowManager.LayoutParams.FLAG_SECURE);
+    }
+
+    public static class ChooseBiometricSecondFactorPinFragment extends InstrumentedFragment
+            implements OnEditorActionListener, TextWatcher,
+            BiometricSecondFactorSaveAndFinishWorker.Listener {
+        private static final String KEY_FIRST_PASSWORD = "first_password";
+        private static final String KEY_UI_STAGE = "ui_stage";
+        private static final String KEY_PRIMARY_CREDENTIAL = "primary_credential";
+        private static final String FRAGMENT_BIOMETRIC_SECOND_FACTOR_TAG_SAVE_AND_FINISH =
+                "save_and_finish_worker";
+        private static final String KEY_IS_AUTO_CONFIRM_CHECK_MANUALLY_CHANGED =
+                "auto_confirm_option_set_manually";
+
+        private static final int MIN_AUTO_PIN_REQUIREMENT_LENGTH = 6;
+
+        private LockscreenCredential mPrimaryCredential;
+        private LockscreenCredential mChosenPassword;
+        private ImeAwareEditText mPasswordEntry;
+        private TextViewInputDisabler mPasswordEntryInputDisabler;
+
+        private List<PasswordValidationError> mValidationErrors;
+
+        protected int mUserId;
+
+        private LockPatternUtils mLockPatternUtils;
+        private BiometricSecondFactorSaveAndFinishWorker mSaveAndFinishWorker;
+
+        protected Stage mUiStage = Stage.Introduction;
+        private PasswordRequirementAdapter mPasswordRequirementAdapter;
+        private GlifLayout mLayout;
+
+        private LockscreenCredential mFirstPassword;
+        private RecyclerView mPasswordRestrictionView;
+        protected FooterButton mSkipOrClearButton;
+        private FooterButton mNextButton;
+        private TextView mMessage;
+        protected CheckBox mAutoPinConfirmOption;
+        protected TextView mAutoConfirmSecurityMessage;
+        protected boolean mIsAutoPinConfirmOptionSetManually;
+
+        private TextChangedHandler mTextChangedHandler;
+
+        public static final int RESULT_FINISHED = RESULT_FIRST_USER;
+        public static final int RESULT_NOT_FOREGROUND = RESULT_FIRST_USER + 1;
+
+        private boolean mIsErrorTooShort = true;
+
+        /**
+         * Keep track internally of where the user is in choosing a pattern.
+         */
+        protected enum Stage {
+
+            Introduction(
+                    R.string.biometric_second_factor_pin_choose_header,
+                    R.string.next_label),
+
+            NeedToConfirm(
+                    R.string.biometric_second_factor_confirm_header,
+                    R.string.lockpassword_confirm_label),
+
+            ConfirmWrong(
+                    R.string.lockpassword_confirm_pins_dont_match,
+                    R.string.lockpassword_confirm_label);
+
+            Stage(int hintInNumeric, int nextButtonText) {
+                this.numericHint = hintInNumeric;
+                this.buttonText = nextButtonText;
+            }
+
+            public final int numericHint;
+            public final int buttonText;
+
+            public String getHint(Context context) {
+                return context.getString(numericHint);
+            }
+        }
+
+        // required constructor for fragments
+        public ChooseBiometricSecondFactorPinFragment() {
+
+        }
+
+        @Override
+        public void onCreate(Bundle savedInstanceState) {
+            super.onCreate(savedInstanceState);
+            Intent intent = getActivity().getIntent();
+            if (!(getActivity() instanceof ChooseBiometricSecondFactorPin)) {
+                throw new SecurityException("Fragment contained in wrong activity");
+            }
+
+            Bundle extras = intent.getExtras();
+            extras.getInt(EXTRA_USER_ID, -1);
+
+            mLockPatternUtils = FeatureFactory.getFeatureFactory()
+                    .getSecurityFeatureProvider()
+                    .getLockPatternUtils(getContext());
+
+            mUserId = intent.getIntExtra(EXTRA_USER_ID, -1);
+
+            mTextChangedHandler = new TextChangedHandler();
+        }
+
+        @Override
+        public View onCreateView(LayoutInflater inflater, ViewGroup container,
+                Bundle savedInstanceState) {
+            return inflater.inflate(R.layout.choose_biometric_second_factor_pin, container, false);
+        }
+
+        @Override
+        public void onViewCreated(View view, Bundle savedInstanceState) {
+            super.onViewCreated(view, savedInstanceState);
+
+            mLayout = (GlifLayout) view;
+
+            // Make the password container consume the optical insets so the edit text is aligned
+            // with the sides of the parent visually.
+            ViewGroup container = view.findViewById(R.id.password_container);
+            container.setOpticalInsets(Insets.NONE);
+
+            final FooterBarMixin mixin = mLayout.getMixin(FooterBarMixin.class);
+            mixin.setSecondaryButton(
+                    new FooterButton.Builder(getActivity())
+                            .setText(R.string.lockpassword_clear_label)
+                            .setListener(this::onSkipOrClearButtonClick)
+                            .setButtonType(FooterButton.ButtonType.SKIP)
+                            .setTheme(
+                                    com.google.android.setupdesign.R.style.SudGlifButton_Secondary)
+                            .build()
+            );
+            mixin.setPrimaryButton(
+                    new FooterButton.Builder(getActivity())
+                            .setText(R.string.next_label)
+                            .setListener(this::onNextButtonClick)
+                            .setButtonType(FooterButton.ButtonType.NEXT)
+                            .setTheme(com.google.android.setupdesign.R.style.SudGlifButton_Primary)
+                            .build()
+            );
+            mSkipOrClearButton = mixin.getSecondaryButton();
+            mNextButton = mixin.getPrimaryButton();
+
+            mMessage = view.findViewById(R.id.sud_layout_description);
+            mLayout.setIcon(getActivity().getDrawable(R.drawable.ic_lock));
+
+            final LinearLayout headerLayout = view.findViewById(
+                    com.google.android.setupdesign.R.id.sud_layout_header);
+            setupPasswordRequirementsView(headerLayout);
+
+            mPasswordRestrictionView.setLayoutManager(new LinearLayoutManager(getActivity()));
+            mPasswordEntry = view.findViewById(R.id.password_entry);
+            mPasswordEntry.setOnEditorActionListener(this);
+            mPasswordEntry.addTextChangedListener(this);
+            mPasswordEntry.requestFocus();
+            mPasswordEntryInputDisabler = new TextViewInputDisabler(mPasswordEntry);
+
+            // Fetch the AutoPinConfirmOption
+            mAutoPinConfirmOption = view.findViewById(R.id.auto_pin_confirm_enabler);
+            mAutoConfirmSecurityMessage = view.findViewById(R.id.auto_pin_confirm_security_message);
+            mIsAutoPinConfirmOptionSetManually = false;
+            setOnAutoConfirmOptionClickListener();
+            if (mAutoPinConfirmOption != null) {
+                mAutoPinConfirmOption.setAccessibilityLiveRegion(ACCESSIBILITY_LIVE_REGION_POLITE);
+                mAutoPinConfirmOption.setVisibility(View.GONE);
+                mAutoPinConfirmOption.setChecked(false);
+            }
+
+            final Activity activity = getActivity();
+
+            mPasswordEntry.setInputType(
+                    InputType.TYPE_CLASS_NUMBER | InputType.TYPE_NUMBER_VARIATION_PASSWORD);
+
+            mPasswordEntry.setContentDescription(
+                    getString(R.string.unlock_set_unlock_pin_title));
+
+            // Can't set via XML since setInputType resets the fontFamily to null
+            mPasswordEntry.setTypeface(Typeface.create(
+                    getContext().getString(com.android.internal.R.string.config_headlineFontFamily),
+                    Typeface.NORMAL));
+
+            Intent intent = getActivity().getIntent();
+            mPrimaryCredential = intent.getParcelableExtra(EXTRA_KEY_PRIMARY_CREDENTIAL);
+            if (savedInstanceState == null) {
+                updateStage(Stage.Introduction);
+            } else {
+                // restore from previous state
+                mFirstPassword = savedInstanceState.getParcelable(KEY_FIRST_PASSWORD);
+                final String state = savedInstanceState.getString(KEY_UI_STAGE);
+                if (state != null) {
+                    mUiStage = Stage.valueOf(state);
+                    updateStage(mUiStage);
+                }
+                mIsAutoPinConfirmOptionSetManually =
+                        savedInstanceState.getBoolean(KEY_IS_AUTO_CONFIRM_CHECK_MANUALLY_CHANGED);
+
+                mPrimaryCredential = savedInstanceState.getParcelable(KEY_PRIMARY_CREDENTIAL);
+
+                // Re-attach to the exiting worker if there is one.
+                mSaveAndFinishWorker = (BiometricSecondFactorSaveAndFinishWorker)
+                        getFragmentManager().findFragmentByTag(
+                                FRAGMENT_BIOMETRIC_SECOND_FACTOR_TAG_SAVE_AND_FINISH);
+            }
+
+            if (activity instanceof SettingsActivity) {
+                final SettingsActivity sa = (SettingsActivity) activity;
+                String title = Stage.Introduction.getHint(getContext());
+                sa.setTitle(title);
+                mLayout.setHeaderText(title);
+            }
+        }
+
+        @Override
+        public void onDestroy() {
+            super.onDestroy();
+            if (mPrimaryCredential != null) {
+                mPrimaryCredential.zeroize();
+            }
+            // Force a garbage collection immediately to remove remnant of user password shards
+            // from memory.
+            System.gc();
+            System.runFinalization();
+            System.gc();
+        }
+
+        private void setupPasswordRequirementsView(@Nullable ViewGroup view) {
+            if (view == null) {
+                return;
+            }
+
+            createHintMessageView(view);
+            mPasswordRestrictionView.setLayoutManager(new LinearLayoutManager(getActivity()));
+            mPasswordRequirementAdapter = new PasswordRequirementAdapter(getActivity());
+            mPasswordRestrictionView.setAdapter(mPasswordRequirementAdapter);
+            view.addView(mPasswordRestrictionView);
+        }
+
+        private void createHintMessageView(ViewGroup view) {
+            if (mPasswordRestrictionView != null) {
+                return;
+            }
+
+            final TextView sucTitleView = view.findViewById(R.id.suc_layout_title);
+            final ViewGroup.MarginLayoutParams titleLayoutParams =
+                    (ViewGroup.MarginLayoutParams) sucTitleView.getLayoutParams();
+            mPasswordRestrictionView = new RecyclerView(getActivity());
+            final LinearLayout.LayoutParams lp = new LinearLayout.LayoutParams(
+                    LinearLayout.LayoutParams.MATCH_PARENT,
+                    LinearLayout.LayoutParams.WRAP_CONTENT);
+            lp.setMargins(titleLayoutParams.leftMargin, getResources().getDimensionPixelSize(
+                    R.dimen.biometric_second_factor_pin_requirement_view_margin_top),
+                    titleLayoutParams.leftMargin, 0);
+            mPasswordRestrictionView.setLayoutParams(lp);
+        }
+
+        @Override
+        public int getMetricsCategory() {
+            return SettingsEnums.PAGE_UNKNOWN;
+        }
+
+        @Override
+        public void onResume() {
+            super.onResume();
+            updateStage(mUiStage);
+            if (mSaveAndFinishWorker != null) {
+                mSaveAndFinishWorker.setListener(this);
+            } else {
+                mPasswordEntry.requestFocus();
+                mPasswordEntry.scheduleShowSoftInput();
+            }
+        }
+
+        @Override
+        public void onPause() {
+            if (mSaveAndFinishWorker != null) {
+                mSaveAndFinishWorker.setListener(null);
+            }
+            super.onPause();
+        }
+
+        @Override
+        public void onStop() {
+            super.onStop();
+            if (!getActivity().isChangingConfigurations()) {
+                getActivity().setResult(RESULT_NOT_FOREGROUND);
+                getActivity().finish();
+            }
+        }
+
+        @Override
+        public void onSaveInstanceState(Bundle outState) {
+            super.onSaveInstanceState(outState);
+            outState.putString(KEY_UI_STAGE, mUiStage.name());
+            outState.putParcelable(KEY_FIRST_PASSWORD, mFirstPassword);
+            outState.putParcelable(KEY_PRIMARY_CREDENTIAL, mPrimaryCredential.duplicate());
+            outState.putBoolean(KEY_IS_AUTO_CONFIRM_CHECK_MANUALLY_CHANGED,
+                    mIsAutoPinConfirmOptionSetManually);
+        }
+
+        protected void updateStage(Stage stage) {
+            final Stage previousStage = mUiStage;
+            mUiStage = stage;
+            updateUi();
+
+            // If the stage changed, announce the header for accessibility. This
+            // is a no-op when accessibility is disabled.
+            if (previousStage != stage) {
+                mLayout.announceForAccessibility(mLayout.getHeaderText());
+            }
+        }
+
+        /**
+         * Validates PIN and returns the validation result and updates mValidationErrors
+         * to reflect validation results.
+         *
+         * @param credential credential the user typed in.
+         * @return whether password satisfies all the requirements.
+         */
+        @VisibleForTesting
+        boolean validatePassword(LockscreenCredential credential) {
+            PasswordMetrics minMetrics = new PasswordMetrics(CREDENTIAL_TYPE_NONE);
+            @PasswordComplexity int minComplexity = PASSWORD_COMPLEXITY_NONE;
+            mValidationErrors = PasswordMetrics.validateCredential(minMetrics, minComplexity,
+                    credential);
+            return mValidationErrors.isEmpty();
+        }
+
+        public void handleNext() {
+            if (mSaveAndFinishWorker != null) return;
+            // TODO(b/120484642): This is a point of entry for passwords from the UI
+            final Editable passwordText = mPasswordEntry.getText();
+            if (TextUtils.isEmpty(passwordText)) {
+                return;
+            }
+            mChosenPassword = LockscreenCredential.createPin(passwordText);
+            if (mUiStage == Stage.Introduction) {
+                if (validatePassword(mChosenPassword)) {
+                    mFirstPassword = mChosenPassword;
+                    mPasswordEntry.setText("");
+                    updateStage(Stage.NeedToConfirm);
+                } else {
+                    mChosenPassword.zeroize();
+                }
+            } else if (mUiStage == Stage.NeedToConfirm) {
+                if (mChosenPassword.equals(mFirstPassword)) {
+                    startSaveAndFinish();
+                } else {
+                    CharSequence tmp = mPasswordEntry.getText();
+                    if (tmp != null) {
+                        Selection.setSelection((Spannable) tmp, 0, tmp.length());
+                    }
+                    updateStage(Stage.ConfirmWrong);
+                    mChosenPassword.zeroize();
+                }
+            }
+        }
+
+        protected void setNextEnabled(boolean enabled) {
+            mNextButton.setEnabled(enabled);
+        }
+
+        protected void setNextText(int text) {
+            mNextButton.setText(getActivity(), text);
+        }
+
+        protected void onSkipOrClearButtonClick(View view) {
+            mPasswordEntry.setText("");
+        }
+
+        protected void onNextButtonClick(View view) {
+            handleNext();
+        }
+
+        public boolean onEditorAction(TextView v, int actionId, KeyEvent event) {
+            // Check if this was the result of hitting the enter or "done" key
+            if (actionId == EditorInfo.IME_NULL
+                    || actionId == EditorInfo.IME_ACTION_DONE
+                    || actionId == EditorInfo.IME_ACTION_NEXT) {
+                handleNext();
+                return true;
+            }
+            return false;
+        }
+
+    String[] convertErrorCodeToMessages() {
+        var pvec =
+                new ChooseLockPassword.ChooseLockPasswordFragment.PasswordValidationErrorConverter(
+                        getContext(), false, mValidationErrors);
+        String[] res = pvec.convertErrorCodeToMessages();
+        mIsErrorTooShort = pvec.mIsErrorTooShort;
+        return res;
+    }
+
+        /**
+         * Update the hint based on current Stage and length of password entry
+         */
+        protected void updateUi() {
+            final boolean canInput = mSaveAndFinishWorker == null;
+
+            LockscreenCredential password = LockscreenCredential.createPin(mPasswordEntry.getText());
+            final int length = password.size();
+            if (mUiStage == Stage.Introduction) {
+                mLayout.setDescriptionText(R.string.biometric_second_factor_pin_description);
+                mPasswordRestrictionView.setVisibility(View.VISIBLE);
+                final boolean passwordCompliant = validatePassword(password);
+                String[] messages = convertErrorCodeToMessages();
+                // Update the fulfillment of requirements.
+                mPasswordRequirementAdapter.setRequirements(messages, mIsErrorTooShort);
+                // set the visibility of pin_auto_confirm option accordingly
+                setAutoPinConfirmOption(passwordCompliant, length);
+                // Enable/Disable the next button accordingly.
+                setNextEnabled(passwordCompliant);
+            } else {
+                mLayout.setDescriptionText(
+                        R.string.biometric_second_factor_pin_description_empty);
+                // Hide password requirement view when we are just asking user to confirm the pw.
+                mPasswordRestrictionView.setVisibility(View.GONE);
+                setHeaderText(mUiStage.getHint(getContext()));
+                setNextEnabled(canInput && length >= LockPatternUtils.MIN_LOCK_PASSWORD_SIZE);
+                mSkipOrClearButton.setVisibility(toVisibility(canInput && length > 0));
+
+                // Hide the pin_confirm option when we are just asking user to confirm the pwd.
+                mAutoPinConfirmOption.setVisibility(View.GONE);
+                mAutoConfirmSecurityMessage.setVisibility(View.GONE);
+            }
+            mMessage.setVisibility(View.GONE);
+
+            setNextText(mUiStage.buttonText);
+            mPasswordEntryInputDisabler.setInputEnabled(canInput);
+            password.zeroize();
+        }
+
+        protected int toVisibility(boolean visibleOrGone) {
+            return visibleOrGone ? View.VISIBLE : View.GONE;
+        }
+
+        private void setAutoPinConfirmOption(boolean enabled, int length) {
+            // This feature is enabled in the backend, but we don't allow the user to set it yet.
+            if (true || !LockPatternUtils.isAutoPinConfirmFeatureAvailable()
+                    || mAutoPinConfirmOption == null) {
+                return;
+            }
+            if (enabled && isAutoPinConfirmPossible(length)) {
+                mAutoPinConfirmOption.setVisibility(View.VISIBLE);
+                mAutoConfirmSecurityMessage.setVisibility(View.VISIBLE);
+            } else {
+                mAutoPinConfirmOption.setVisibility(View.GONE);
+                mAutoConfirmSecurityMessage.setVisibility(View.GONE);
+                mAutoPinConfirmOption.setChecked(false);
+            }
+        }
+
+        private boolean isAutoPinConfirmPossible(int currentPinLength) {
+            return currentPinLength >= MIN_AUTO_PIN_REQUIREMENT_LENGTH;
+        }
+
+        private void setOnAutoConfirmOptionClickListener() {
+            if (mAutoPinConfirmOption != null) {
+                mAutoPinConfirmOption.setOnClickListener((v) -> {
+                    mIsAutoPinConfirmOptionSetManually = true;
+                });
+            }
+        }
+
+        private void setHeaderText(String text) {
+            // Only set the text if it is different than the existing one to avoid announcing again.
+            if (!TextUtils.isEmpty(mLayout.getHeaderText())
+                    && mLayout.getHeaderText().toString().equals(text)) {
+                return;
+            }
+            mLayout.setHeaderText(text);
+        }
+
+        public void afterTextChanged(Editable s) {
+            // Changing the text while error displayed resets to NeedToConfirm state
+            if (mUiStage == Stage.ConfirmWrong) {
+                mUiStage = Stage.NeedToConfirm;
+            }
+            // Schedule the UI update.
+            mTextChangedHandler.notifyAfterTextChanged();
+        }
+
+        public void beforeTextChanged(CharSequence s, int start, int count, int after) {
+
+        }
+
+        public void onTextChanged(CharSequence s, int start, int before, int count) {
+
+        }
+
+        private void startSaveAndFinish() {
+            if (mSaveAndFinishWorker != null) {
+                Log.w(TAG, "startSaveAndFinish with an existing " +
+                        "BiometricSecondFactorSaveAndFinishWorker.");
+                return;
+            }
+
+            ConfirmDeviceCredentialUtils.hideImeImmediately(
+                    getActivity().getWindow().getDecorView());
+
+            mPasswordEntryInputDisabler.setInputEnabled(false);
+            mSaveAndFinishWorker = new BiometricSecondFactorSaveAndFinishWorker();
+            mSaveAndFinishWorker
+                    .setListener(this);
+
+            getFragmentManager().beginTransaction().add(mSaveAndFinishWorker,
+                    FRAGMENT_BIOMETRIC_SECOND_FACTOR_TAG_SAVE_AND_FINISH).commit();
+            getFragmentManager().executePendingTransactions();
+
+            // update the setting before triggering the password save workflow,
+            // so that pinLength information is stored accordingly when setting is turned on.
+            mLockPatternUtils.setAutoPinConfirm(
+                    (mAutoPinConfirmOption != null && mAutoPinConfirmOption.isChecked()),
+                    mUserId, Secondary);
+
+            mSaveAndFinishWorker.start(mLockPatternUtils,
+                    mChosenPassword, mPrimaryCredential, mUserId);
+        }
+
+        @Override
+        public void onChosenLockSaveFinished() {
+            getActivity().setResult(RESULT_FINISHED);
+
+            if (mChosenPassword != null) {
+                mChosenPassword.zeroize();
+            }
+
+            if (mPrimaryCredential != null) {
+                mPrimaryCredential.zeroize();
+            }
+            if (mFirstPassword != null) {
+                mFirstPassword.zeroize();
+            }
+
+            mPasswordEntry.setText("");
+
+            if (mLayout != null) {
+                mLayout.announceForAccessibility(
+                        getString(R.string.accessibility_setup_password_complete));
+            }
+
+            getActivity().finish();
+        }
+
+        class TextChangedHandler extends Handler {
+            private static final int ON_TEXT_CHANGED = 1;
+            private static final int DELAY_IN_MILLISECOND = 100;
+
+            /**
+             * With the introduction of delay, we batch processing the text changed event to reduce
+             * unnecessary UI updates.
+             */
+            private void notifyAfterTextChanged() {
+                removeMessages(ON_TEXT_CHANGED);
+                sendEmptyMessageDelayed(ON_TEXT_CHANGED, DELAY_IN_MILLISECOND);
+            }
+
+            @Override
+            public void handleMessage(Message msg) {
+                if (getActivity() == null) {
+                    return;
+                }
+                if (msg.what == ON_TEXT_CHANGED) {
+                    updateUi();
+                }
+            }
+        }
+    }
+}

From aaf3f15b6e8cec758e51cd654fe2d40fd40e9064 Mon Sep 17 00:00:00 2001
From: Fred Underwood <underwoodfred@proton.me>
Date: Mon, 23 Dec 2024 12:47:04 +1000
Subject: [PATCH 086/117] add second factor PIN settings

---
 res/values/strings.xml                        |  15 ++
 .../biometric_second_factor_pin_settings.xml  |  40 ++++
 .../BiometricSecondFactorPinSettings.java     | 182 ++++++++++++++++++
 ...icSecondFactorPinPreferenceController.java |  80 ++++++++
 ...icSecondFactorPinPreferenceController.java | 138 +++++++++++++
 5 files changed, 455 insertions(+)
 create mode 100644 res/xml/biometric_second_factor_pin_settings.xml
 create mode 100644 src/com/android/settings/security/screenlock/BiometricSecondFactorPinSettings.java
 create mode 100644 src/com/android/settings/security/screenlock/ChangeBiometricSecondFactorPinPreferenceController.java
 create mode 100644 src/com/android/settings/security/screenlock/DeleteBiometricSecondFactorPinPreferenceController.java

diff --git a/res/values/strings.xml b/res/values/strings.xml
index 1f7ff2f680a..98b6e9fb0eb 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -922,6 +922,21 @@
     <!-- Toast for a failed biometric second factor PIN change attempt [CHAR LIMIT=120]-->
     <string name="biometric_second_factor_pin_change_failed">Unable to change second factor PIN!</string>
 
+    <!--  Title of biometric second factor PIN settings page -->
+    <string name="biometric_second_factor_pin_settings_title">Second factor PIN</string>
+    <!--  Title of biometric second factor PIN settings page -->
+    <string name="biometric_second_factor_pin_settings_category_title">Settings</string>
+    <!-- Title of preference within biometric second factor PIN settings to change the PIN -->
+    <string name="biometric_second_factor_pin_change_title">Change PIN</string>
+    <!-- Title of preference within biometric second factor PIN settings to delete the PIN -->
+    <string name="biometric_second_factor_pin_delete_title">Delete PIN</string>
+    <!-- Title of the confirmation dialog displayed to the user when they attempt to delete biometric second factor PIN -->
+    <string name="biometric_second_factor_pin_delete_confirmation_dialog_title">Delete second factor PIN?</string>
+    <!-- Message of the confirmation dialog displayed to the user when they attempt to delete biometric second factor PIN -->
+    <string name="biometric_second_factor_pin_delete_confirmation_dialog_message">It is recommended to always have a second factor PIN when biometric unlock is enabled. Deleting this will make your device less secure.</string>
+    <!-- Positive button of the confirmation dialog displayed to the user when they attempt to delete biometric second factor PIN -->
+    <string name="biometric_second_factor_pin_delete_confirmation_dialog_positive_button">Delete</string>
+
     <!-- Introduction detail message shown in fingerprint enrollment introduction screen in setup wizard. [CHAR LIMIT=NONE]-->
     <string name="security_settings_fingerprint_v2_enroll_introduction_message_setup">When you see this icon, use your fingerprint for authentication, like when you sign in to apps or approve a purchase</string>
     <!-- Introduction subtitle message shown in fingerprint enrollment introduction screen in setup wizard. [CHAR LIMIT=NONE]-->
diff --git a/res/xml/biometric_second_factor_pin_settings.xml b/res/xml/biometric_second_factor_pin_settings.xml
new file mode 100644
index 00000000000..4fca3a8db79
--- /dev/null
+++ b/res/xml/biometric_second_factor_pin_settings.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<PreferenceScreen
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:settings="http://schemas.android.com/apk/res-auto"
+    android:key="biometric_second_factor_pin_settings"
+    android:title="@string/biometric_second_factor_pin_settings_title"
+    settings:searchable="false">
+
+    <androidx.preference.Preference
+        android:key="change_pin"
+        android:title="@string/biometric_second_factor_pin_change_title" />
+
+    <androidx.preference.Preference
+        android:key="delete_pin"
+        android:title="@string/biometric_second_factor_pin_delete_title" />
+
+    <PreferenceCategory
+        android:title="@string/biometric_second_factor_pin_settings_category_title">
+
+        <SwitchPreferenceCompat
+            android:key="scramble_pin_layout"
+            android:title="@string/scramble_pin_title" />
+
+        <SwitchPreferenceCompat
+            android:key="enhancedPinPrivacy"
+            android:title="@string/lockpattern_settings_enhanced_pin_privacy_title"
+            android:summary="@string/lockpattern_settings_enhanced_pin_privacy_summary" />
+
+    </PreferenceCategory>
+
+    <PreferenceCategory>
+
+        <com.android.settingslib.widget.FooterPreference
+            android:title="@string/biometric_second_factor_pin_description"
+            android:selectable="false" />
+
+    </PreferenceCategory>
+
+</PreferenceScreen>
diff --git a/src/com/android/settings/security/screenlock/BiometricSecondFactorPinSettings.java b/src/com/android/settings/security/screenlock/BiometricSecondFactorPinSettings.java
new file mode 100644
index 00000000000..832d08a28b1
--- /dev/null
+++ b/src/com/android/settings/security/screenlock/BiometricSecondFactorPinSettings.java
@@ -0,0 +1,182 @@
+package com.android.settings.security.screenlock;
+
+import static android.app.Activity.RESULT_FIRST_USER;
+import static com.android.internal.widget.LockDomain.Secondary;
+
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Bundle;
+
+import androidx.preference.Preference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.internal.widget.WrappedLockPatternUtils;
+import com.android.settings.R;
+import com.android.settings.core.SubSettingLauncher;
+import com.android.settings.dashboard.DashboardFragment;
+import com.android.settings.overlay.FeatureFactory;
+import com.android.settings.password.ChooseBiometricSecondFactorPin;
+import com.android.settingslib.core.AbstractPreferenceController;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Fragment that allows the user to configure the settings of their biometric second factor PIN.
+ * Based on upstream's ScreenLockSettings.
+ */
+public class BiometricSecondFactorPinSettings extends DashboardFragment
+        implements DeleteBiometricSecondFactorPinPreferenceController.DeleteConfirmedCallback {
+
+    private static final String TAG = "BiometricSecondFactorPinSettings";
+
+    public static final int REQUEST_CHANGE_PIN = 1;
+
+    public static final int RESULT_NOT_FOREGROUND = RESULT_FIRST_USER;
+
+    private static final String EXTRA_PRIMARY_CREDENTIAL = "primary_credential";
+    // Not using Intent.EXTRA_USER_ID as we want to make this private to force use of the
+    // IntentBuilder.
+    private static final String EXTRA_USER_ID = "user_id";
+
+    private DeleteBiometricSecondFactorPinPreferenceController
+            mDeleteBiometricSecondFactorPinPreferenceController;
+
+    private boolean mLaunchedChooseBiometricSecondFactorPin;
+
+    private int mUserId;
+    private LockscreenCredential mPrimaryCredential;
+
+    public static class IntentBuilder {
+
+        private final SubSettingLauncher mLauncher;
+        private final Bundle mExtras;
+
+
+        public IntentBuilder(Context context) {
+            mLauncher = new SubSettingLauncher(context);
+            mLauncher.setDestination(BiometricSecondFactorPinSettings.class.getName());
+            mExtras = new Bundle();
+            mLauncher.setExtras(mExtras);
+        }
+
+        public IntentBuilder setUserId(int userId) {
+            mExtras.putInt(EXTRA_USER_ID, userId);
+            return this;
+        }
+
+        public IntentBuilder setPrimaryCredential(LockscreenCredential primaryCredential) {
+            mExtras.putParcelable(EXTRA_PRIMARY_CREDENTIAL, primaryCredential);
+            return this;
+        }
+
+        public IntentBuilder setSourceMetricsCateogry(int sourceMetricsCateogry) {
+            mLauncher.setSourceMetricsCategory(sourceMetricsCateogry);
+            return this;
+        }
+
+        public Intent build() {
+            return mLauncher.toIntent();
+        }
+    }
+
+    private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
+            DashboardFragment parent, LockPatternUtils lockPatternUtils,
+            LockscreenCredential primaryCredential, int userId) {
+
+        final List<AbstractPreferenceController> controllers = new ArrayList<>();
+        controllers.add(new PinPrivacyPreferenceController(context, userId,
+                new WrappedLockPatternUtils(lockPatternUtils, Secondary)));
+        controllers.add(new PinScramblingPrefController(context, Secondary));
+        controllers.add(new DeleteBiometricSecondFactorPinPreferenceController(context, parent,
+                userId, primaryCredential));
+        controllers.add(new ChangeBiometricSecondFactorPinPreferenceController(context, parent,
+                userId, REQUEST_CHANGE_PIN, primaryCredential));
+
+        return controllers;
+    }
+
+    @Override
+    protected List<AbstractPreferenceController> createPreferenceControllers(Context context) {
+        LockPatternUtils lpu = FeatureFactory.getFeatureFactory()
+                .getSecurityFeatureProvider()
+                .getLockPatternUtils(getContext());
+        List<AbstractPreferenceController> controllers =  buildPreferenceControllers(context,
+                this /* parent */, lpu, mPrimaryCredential, mUserId);
+
+        for (AbstractPreferenceController controller : controllers) {
+            if (controller.getPreferenceKey() ==
+                    DeleteBiometricSecondFactorPinPreferenceController.PREF_KEY) {
+                mDeleteBiometricSecondFactorPinPreferenceController =
+                        (DeleteBiometricSecondFactorPinPreferenceController) controller;
+            }
+        }
+
+        return controllers;
+    }
+
+    @Override
+    protected int getPreferenceScreenResId() {
+        return R.xml.biometric_second_factor_pin_settings;
+    }
+
+    @Override
+    public int getMetricsCategory() {
+        return SettingsEnums.PAGE_UNKNOWN;
+    }
+
+    @Override
+    protected String getLogTag() {
+        return TAG;
+    }
+
+    @Override
+    public void onAttach(Context context) {
+        // These must be set here so that #createPreferenceControllers can access them.
+        mPrimaryCredential = getIntent().getParcelableExtra(
+                EXTRA_PRIMARY_CREDENTIAL, LockscreenCredential.class);
+        mUserId = getIntent().getIntExtra(EXTRA_USER_ID, -1);
+
+        super.onAttach(context);
+    }
+
+    @Override
+    public void onStop() {
+        super.onStop();
+        if (!getActivity().isChangingConfigurations() && !mLaunchedChooseBiometricSecondFactorPin) {
+            setResult(RESULT_NOT_FOREGROUND);
+            finish();
+        }
+    }
+
+    @Override
+    public boolean onPreferenceTreeClick(Preference pref) {
+        String key = pref.getKey();
+        if (ChangeBiometricSecondFactorPinPreferenceController.PREF_KEY.equals(key)) {
+            mLaunchedChooseBiometricSecondFactorPin = true;
+        }
+        return super.onPreferenceTreeClick(pref);
+    }
+
+    @Override
+    public void onActivityResult(int requestCode, int resultCode, Intent data) {
+        super.onActivityResult(requestCode, resultCode, data);
+
+        if (requestCode == REQUEST_CHANGE_PIN) {
+            mLaunchedChooseBiometricSecondFactorPin = false;
+            if (resultCode == ChooseBiometricSecondFactorPin
+                    .ChooseBiometricSecondFactorPinFragment.RESULT_NOT_FOREGROUND) {
+                setResult(RESULT_NOT_FOREGROUND);
+                finish();
+            }
+        }
+    }
+
+    @Override
+    public void onBiometricSecondFactorPinDeleteConfirmed() {
+        mDeleteBiometricSecondFactorPinPreferenceController
+                .onBiometricSecondFactorPinDeleteConfirmed();
+    }
+}
diff --git a/src/com/android/settings/security/screenlock/ChangeBiometricSecondFactorPinPreferenceController.java b/src/com/android/settings/security/screenlock/ChangeBiometricSecondFactorPinPreferenceController.java
new file mode 100644
index 00000000000..1b2f37dd666
--- /dev/null
+++ b/src/com/android/settings/security/screenlock/ChangeBiometricSecondFactorPinPreferenceController.java
@@ -0,0 +1,80 @@
+package com.android.settings.security.screenlock;
+
+import static com.android.internal.widget.LockDomain.Secondary;
+
+import android.content.Context;
+import android.content.Intent;
+import android.text.TextUtils;
+
+import androidx.fragment.app.Fragment;
+import androidx.preference.Preference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.overlay.FeatureFactory;
+import com.android.settings.password.ChooseBiometricSecondFactorPin;
+
+/**
+ * Controller for launching an Activity to allow the user to choose a new biometric second factor
+ * PIN.
+ */
+public class ChangeBiometricSecondFactorPinPreferenceController extends BasePreferenceController {
+
+    public static final String PREF_KEY = "change_pin";
+
+    private final Fragment mHost;
+
+    private final LockPatternUtils mLockPatternUtils;
+
+    // The result that mHost's Activity will return to indicate that the user requested a change of
+    // PIN.
+    private final int mChangePinRequestCode;
+
+    private final int mUserId;
+    private final LockscreenCredential mPrimaryCredential;
+
+    public ChangeBiometricSecondFactorPinPreferenceController(Context context, Fragment host,
+            int userId, int changePinRequestCode, LockscreenCredential primaryCredential) {
+        super(context, PREF_KEY);
+        mHost = host;
+        mUserId = userId;
+        mChangePinRequestCode = changePinRequestCode;
+        mPrimaryCredential = primaryCredential;
+        mLockPatternUtils = FeatureFactory.getFeatureFactory()
+                .getSecurityFeatureProvider()
+                .getLockPatternUtils(context);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (mLockPatternUtils.isSecure(mUserId, Secondary)) {
+            return AVAILABLE;
+        }
+        return CONDITIONALLY_UNAVAILABLE;
+    }
+
+    public void launchChoose() {
+        mHost.startActivityForResult(getChooseIntent(), mChangePinRequestCode);
+    }
+
+    private Intent getChooseIntent() {
+        ChooseBiometricSecondFactorPin.IntentBuilder builder =
+                new ChooseBiometricSecondFactorPin.IntentBuilder(mContext)
+                        .setUserId(mUserId)
+                        .setPrimaryCredential(mPrimaryCredential);
+
+        return builder.build();
+    }
+
+    @Override
+    public boolean handlePreferenceTreeClick(Preference preference) {
+        if (!TextUtils.equals(preference.getKey(), getPreferenceKey())) {
+            return super.handlePreferenceTreeClick(preference);
+        }
+
+        launchChoose();
+
+        return true;
+    }
+}
diff --git a/src/com/android/settings/security/screenlock/DeleteBiometricSecondFactorPinPreferenceController.java b/src/com/android/settings/security/screenlock/DeleteBiometricSecondFactorPinPreferenceController.java
new file mode 100644
index 00000000000..1f11ecc4aa1
--- /dev/null
+++ b/src/com/android/settings/security/screenlock/DeleteBiometricSecondFactorPinPreferenceController.java
@@ -0,0 +1,138 @@
+package com.android.settings.security.screenlock;
+
+import static com.android.internal.widget.LockDomain.Secondary;
+
+import android.app.Activity;
+import android.app.Dialog;
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.os.Bundle;
+import android.text.TextUtils;
+
+import androidx.annotation.NonNull;
+import androidx.appcompat.app.AlertDialog;
+import androidx.fragment.app.Fragment;
+import androidx.fragment.app.FragmentManager;
+import androidx.preference.Preference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.settings.R;
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
+import com.android.settings.overlay.FeatureFactory;
+
+/**
+ * Controller for deleting a user's biometric second factor PIN after they confirm the delete by
+ * way of confirmation dialog.
+ */
+public class DeleteBiometricSecondFactorPinPreferenceController extends BasePreferenceController {
+
+    public static final String PREF_KEY = "delete_pin";
+
+    public static final String TAG_DELETE_BIOMETRIC_SECOND_FACTOR_PIN_CONFIRM_DIALOG =
+            "delete_biometric_second_factor_pin_confirm_dialog";
+
+    private final Fragment mHost;
+
+    private final LockPatternUtils mLockPatternUtils;
+
+    private final int mUserId;
+    private final LockscreenCredential mPrimaryCredential;
+
+    public interface DeleteConfirmedCallback {
+        void onBiometricSecondFactorPinDeleteConfirmed();
+    }
+
+    public DeleteBiometricSecondFactorPinPreferenceController(Context context, Fragment host,
+            int userId, LockscreenCredential primaryCredential) {
+        super(context, PREF_KEY);
+        mHost = host;
+        mUserId = userId;
+        mPrimaryCredential = primaryCredential;
+        mLockPatternUtils = FeatureFactory.getFeatureFactory()
+                .getSecurityFeatureProvider()
+                .getLockPatternUtils(context);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (mLockPatternUtils.isSecure(mUserId, Secondary)) {
+            return AVAILABLE;
+        }
+        return CONDITIONALLY_UNAVAILABLE;
+    }
+
+    public void onBiometricSecondFactorPinDeleteConfirmed() {
+        mLockPatternUtils.setLockCredential(
+                LockscreenCredential.createNone(), mPrimaryCredential, Secondary, mUserId);
+        mHost.getActivity().setResult(Activity.RESULT_OK);
+        mHost.getActivity().finish();
+    }
+
+    @Override
+    public boolean handlePreferenceTreeClick(Preference preference) {
+        if (!TextUtils.equals(preference.getKey(), getPreferenceKey())) {
+            return super.handlePreferenceTreeClick(preference);
+        }
+
+        DeleteBiometricSecondFactorPinConfirmationDialog.newInstance(
+                R.string.biometric_second_factor_pin_delete_confirmation_dialog_title,
+                R.string.biometric_second_factor_pin_delete_confirmation_dialog_message)
+                .show(mHost.getChildFragmentManager(),
+                        TAG_DELETE_BIOMETRIC_SECOND_FACTOR_PIN_CONFIRM_DIALOG);
+
+        return true;
+    }
+
+    /**
+     * Dialog for confirming that the user wants to delete their biometric second factor PIN.
+     * Based on upstream's ChooseLockGeneric.FactoryResetProtectionWarningDialog.
+     */
+    public static class DeleteBiometricSecondFactorPinConfirmationDialog
+            extends InstrumentedDialogFragment {
+
+        private static final String ARG_TITLE_RES = "titleRes";
+        private static final String ARG_MESSAGE_RES = "messageRes";
+
+        public static DeleteBiometricSecondFactorPinConfirmationDialog newInstance(
+                int titleRes, int messageRes) {
+            DeleteBiometricSecondFactorPinConfirmationDialog frag =
+                    new DeleteBiometricSecondFactorPinConfirmationDialog();
+            Bundle args = new Bundle();
+            args.putInt(ARG_TITLE_RES, titleRes);
+            args.putInt(ARG_MESSAGE_RES, messageRes);
+            frag.setArguments(args);
+            return frag;
+        }
+
+        @Override
+        public void show(FragmentManager manager, String tag) {
+            if (manager.findFragmentByTag(tag) == null) {
+                // Prevent opening multiple dialogs if tapped on button quickly
+                super.show(manager, tag);
+            }
+        }
+
+        @NonNull
+        @Override
+        public Dialog onCreateDialog(Bundle savedInstanceState) {
+            final Bundle args = getArguments();
+
+            return new AlertDialog.Builder(getActivity())
+                    .setTitle(args.getInt(ARG_TITLE_RES))
+                    .setMessage(args.getInt(ARG_MESSAGE_RES))
+                    .setPositiveButton(
+                            R.string.biometric_second_factor_pin_delete_confirmation_dialog_positive_button,
+                            (dialog, whichButton) -> ((DeleteConfirmedCallback) getParentFragment())
+                                    .onBiometricSecondFactorPinDeleteConfirmed())
+                    .setNegativeButton(R.string.cancel, (dialog, whichButton) -> dismiss())
+                    .create();
+        }
+
+        @Override
+        public int getMetricsCategory() {
+            return SettingsEnums.PAGE_UNKNOWN;
+        }
+    }
+}

From 40eada695e3970e77cf822aefdf20a4ceebfa3fe Mon Sep 17 00:00:00 2001
From: Fred Underwood <underwoodfred@proton.me>
Date: Mon, 23 Dec 2024 12:48:35 +1000
Subject: [PATCH 087/117] add second factor PIN preference to
 FingerprintSettings

---
 res/values/strings.xml                        |   7 +
 res/xml/security_settings_fingerprint.xml     |   5 +
 ...icSecondFactorPinPreferenceController.java | 138 ++++++++++++++++++
 .../fingerprint/FingerprintSettings.java      | 117 ++++++++++++++-
 .../FingerprintSettingsFragmentTest.java      |  17 +++
 .../shadow/ShadowLockPatternUtils.java        |  14 +-
 6 files changed, 293 insertions(+), 5 deletions(-)
 create mode 100644 src/com/android/settings/biometrics/fingerprint/BiometricSecondFactorPinPreferenceController.java

diff --git a/res/values/strings.xml b/res/values/strings.xml
index 98b6e9fb0eb..09edc320b2b 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -937,6 +937,13 @@
     <!-- Positive button of the confirmation dialog displayed to the user when they attempt to delete biometric second factor PIN -->
     <string name="biometric_second_factor_pin_delete_confirmation_dialog_positive_button">Delete</string>
 
+    <!-- Title of preference within fingerprint settings for biometric second factor PIN -->
+    <string name="biometric_second_factor_pin_title">Second factor PIN</string>
+    <!-- Summary of preference within fingerprint settings for biometric second factor PIN when setup is needed -->
+    <string name="biometric_second_factor_pin_setup_summary">Setup needed</string>
+    <!-- Summary of preference within fingerprint settings for biometric second factor PIN when it has been setup -->
+    <string name="biometric_second_factor_pin_empty_summary"></string>
+
     <!-- Introduction detail message shown in fingerprint enrollment introduction screen in setup wizard. [CHAR LIMIT=NONE]-->
     <string name="security_settings_fingerprint_v2_enroll_introduction_message_setup">When you see this icon, use your fingerprint for authentication, like when you sign in to apps or approve a purchase</string>
     <!-- Introduction subtitle message shown in fingerprint enrollment introduction screen in setup wizard. [CHAR LIMIT=NONE]-->
diff --git a/res/xml/security_settings_fingerprint.xml b/res/xml/security_settings_fingerprint.xml
index 4fdd4b9fb04..e275fa7ab80 100644
--- a/res/xml/security_settings_fingerprint.xml
+++ b/res/xml/security_settings_fingerprint.xml
@@ -55,6 +55,11 @@
             android:title="@string/keyguard_fingerprint_title"
             android:summary="@string/keyguard_fingerprint_summary"
             settings:controller="com.android.settings.biometrics.fingerprint.FingerprintSettingsKeyguardPreferenceController" />
+
+        <androidx.preference.Preference
+            android:key="biometric_second_factor_pin"
+            android:title="@string/biometric_second_factor_pin_title" />
+
     </PreferenceCategory>
 
     <PreferenceCategory
diff --git a/src/com/android/settings/biometrics/fingerprint/BiometricSecondFactorPinPreferenceController.java b/src/com/android/settings/biometrics/fingerprint/BiometricSecondFactorPinPreferenceController.java
new file mode 100644
index 00000000000..d6ca973f1c4
--- /dev/null
+++ b/src/com/android/settings/biometrics/fingerprint/BiometricSecondFactorPinPreferenceController.java
@@ -0,0 +1,138 @@
+package com.android.settings.biometrics.fingerprint;
+
+import static com.android.internal.widget.LockDomain.Secondary;
+
+import android.app.admin.DevicePolicyManager;
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.content.Intent;
+import android.text.TextUtils;
+
+import androidx.fragment.app.Fragment;
+import androidx.preference.Preference;
+
+import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
+import com.android.settings.R;
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.overlay.FeatureFactory;
+import com.android.settings.password.ChooseBiometricSecondFactorPin;
+import com.android.settings.security.screenlock.BiometricSecondFactorPinSettings;
+import com.android.settingslib.RestrictedLockUtils;
+import com.android.settingslib.RestrictedLockUtilsInternal;
+
+/**
+ * Controller for the biometric second factor PIN preference. If the user does not have a second
+ * factor PIN set, launches an Activity for creating one, otherwise launches the settings for the
+ * second factor PIN.
+ */
+public class BiometricSecondFactorPinPreferenceController extends BasePreferenceController {
+
+    private final LockPatternUtils mLockPatternUtils;
+
+    protected final Fragment mHost;
+
+    private int mUserId = -1;
+    private LockscreenCredential mPrimaryCredential;
+
+    private int mSettingsRequestCode;
+    private int mChooseRequestCode;
+
+    public BiometricSecondFactorPinPreferenceController(Context context, Fragment host, String key) {
+        super(context, key);
+
+        mHost = host;
+        mLockPatternUtils = FeatureFactory.getFeatureFactory()
+                .getSecurityFeatureProvider()
+                .getLockPatternUtils(context);
+
+    }
+
+    public void setUserId(int userId) {
+        mUserId = userId;
+    }
+    public void setPrimaryCredential(LockscreenCredential primaryCredential) {
+        mPrimaryCredential = primaryCredential;
+    }
+
+    public void setSettingsRequestCode(int value) {
+        mSettingsRequestCode = value;
+    }
+
+    public void setChooseRequestCode(int value) {
+        mChooseRequestCode = value;
+    }
+
+    @Override
+    public int getMetricsCategory() {
+        return SettingsEnums.FINGERPRINT;
+    }
+
+    @Override
+    public CharSequence getSummary() {
+        if (mLockPatternUtils.isSecure(mUserId, Secondary)) {
+            return mContext.getResources().getString(
+                    R.string.biometric_second_factor_pin_empty_summary);
+        }
+        return mContext.getResources().getString(
+                R.string.biometric_second_factor_pin_setup_summary);
+
+    }
+
+    @Override
+    public boolean handlePreferenceTreeClick(Preference preference) {
+        if (!TextUtils.equals(preference.getKey(), getPreferenceKey())) {
+            return super.handlePreferenceTreeClick(preference);
+        }
+
+        if (mLockPatternUtils.isSecure(mUserId, Secondary)) {
+            launchSettings();
+        } else {
+            launchChoose();
+        }
+
+        return true;
+    }
+
+    public void launchSettings() {
+        mHost.startActivityForResult(getSettingsIntent(), mSettingsRequestCode);
+    }
+
+    private Intent getSettingsIntent() {
+        BiometricSecondFactorPinSettings.IntentBuilder builder =
+                new BiometricSecondFactorPinSettings.IntentBuilder(mContext)
+                        .setSourceMetricsCateogry(getMetricsCategory())
+                        .setUserId(mUserId)
+                        .setPrimaryCredential(mPrimaryCredential);
+
+        return builder.build();
+    }
+
+    private void launchChoose() {
+        mHost.startActivityForResult(getChooseIntent(), mChooseRequestCode);
+    }
+
+    private Intent getChooseIntent() {
+        ChooseBiometricSecondFactorPin.IntentBuilder builder =
+                new ChooseBiometricSecondFactorPin.IntentBuilder(mContext)
+                        .setUserId(mUserId)
+                        .setPrimaryCredential(mPrimaryCredential);
+
+        return builder.build();
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        if (mLockPatternUtils.checkUserSupportsBiometricSecondFactor(mUserId, false)
+                && mLockPatternUtils.isBiometricKeyguardEnabled(mUserId)
+                && getRestrictingAdmin() == null) {
+            return AVAILABLE;
+        }
+        return DISABLED_FOR_USER;
+    }
+
+    protected RestrictedLockUtils.EnforcedAdmin getRestrictingAdmin() {
+        return RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled(
+                mContext, DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT, mUserId);
+    }
+}
diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java b/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java
index ec260c81576..3cdf70348df 100644
--- a/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java
+++ b/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java
@@ -42,6 +42,7 @@
 import android.hardware.fingerprint.FingerprintSensorPropertiesInternal;
 import android.os.Bundle;
 import android.os.Handler;
+import android.os.Looper;
 import android.os.UserHandle;
 import android.os.UserManager;
 import android.os.VibrationEffect;
@@ -67,6 +68,7 @@
 import androidx.preference.TwoStatePreference;
 
 import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.LockscreenCredential;
 import com.android.settings.R;
 import com.android.settings.SubSettings;
 import com.android.settings.Utils;
@@ -78,10 +80,12 @@
 import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
 import com.android.settings.dashboard.DashboardFragment;
 import com.android.settings.overlay.FeatureFactory;
+import com.android.settings.password.ChooseBiometricSecondFactorPin;
 import com.android.settings.password.ChooseLockGeneric;
 import com.android.settings.password.ChooseLockSettingsHelper;
 import com.android.settings.password.ConfirmDeviceCredentialActivity;
 import com.android.settings.search.BaseSearchIndexProvider;
+import com.android.settings.security.screenlock.BiometricSecondFactorPinSettings;
 import com.android.settingslib.HelpUtils;
 import com.android.settingslib.RestrictedLockUtils;
 import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
@@ -178,7 +182,7 @@ protected boolean isPageSearchEnabled(Context context) {
                     @Override
                     public List<AbstractPreferenceController>
                             createPreferenceControllers(Context context) {
-                        return createThePreferenceControllers(context);
+                        return createThePreferenceControllers(context, null);
                     }
 
                     private boolean hasEnrolledFingerprints(Context context) {
@@ -192,7 +196,7 @@ private boolean hasEnrolledFingerprints(Context context) {
                 };
 
         private static List<AbstractPreferenceController> createThePreferenceControllers(Context
-                context) {
+                context, FingerprintSettingsFragment host) {
             final List<AbstractPreferenceController> controllers = new ArrayList<>();
             FingerprintManager manager = Utils.getFingerprintManagerOrNull(context);
             if (manager == null || !manager.isHardwareDetected()) {
@@ -219,6 +223,16 @@ private static List<AbstractPreferenceController> createThePreferenceControllers
                     KEY_FINGERPRINTS_ENROLLED_CATEGORY));
             controllers.add(new FingerprintSettingsKeyguardPreferenceController(context,
                     KEY_FINGERPRINT_ENABLE_KEYGUARD_TOGGLE));
+
+            BiometricSecondFactorPinPreferenceController c =
+                    new BiometricSecondFactorPinPreferenceController(context, host,
+                            KEY_BIOMETRIC_SECOND_FACTOR_PIN);
+            c.setSettingsRequestCode(
+                    BIOMETRIC_SECOND_FACTOR_PIN_SETTINGS_REQUEST);
+            c.setChooseRequestCode(
+                    BIOMETRIC_SECOND_FACTOR_PIN_CHOOSE_REQUEST);
+            controllers.add(c);
+
             return controllers;
         }
 
@@ -239,6 +253,8 @@ private static class FooterColumn {
         private static final String KEY_LAUNCHED_CONFIRM = "launched_confirm";
         private static final String KEY_HAS_FIRST_ENROLLED = "has_first_enrolled";
         private static final String KEY_IS_ENROLLING = "is_enrolled";
+        private static final String KEY_LAUNCHED_BIOMETRIC_SECOND_FACTOR_PIN_ACTIVITY =
+                "launched_biometric_second_factor_pin_activity";
         @VisibleForTesting
         static final String KEY_REQUIRE_SCREEN_ON_TO_AUTH =
                 "security_settings_require_screen_on_to_auth";
@@ -253,6 +269,7 @@ private static class FooterColumn {
                 "security_settings_fingerprint_footer";
         private static final String KEY_BIOMETRICS_AUTHENTICATION_REQUESTED =
                 "biometrics_authentication_requested";
+        private static final String KEY_BIOMETRIC_SECOND_FACTOR_PIN = "biometric_second_factor_pin";
 
         private static final int MSG_REFRESH_FINGERPRINT_TEMPLATES = 1000;
         private static final int MSG_FINGER_AUTH_SUCCESS = 1001;
@@ -264,6 +281,8 @@ private static class FooterColumn {
         private static final int CONFIRM_REQUEST = 101;
         @VisibleForTesting
         static final int CHOOSE_LOCK_GENERIC_REQUEST = 102;
+        public static final int BIOMETRIC_SECOND_FACTOR_PIN_SETTINGS_REQUEST = 9999;
+        public static final int BIOMETRIC_SECOND_FACTOR_PIN_CHOOSE_REQUEST = 9998;
         @VisibleForTesting
         static final int ADD_FINGERPRINT_REQUEST = 10;
         private static final int AUTO_ADD_FIRST_FINGERPRINT_REQUEST = 11;
@@ -273,6 +292,8 @@ private static class FooterColumn {
         private List<AbstractPreferenceController> mControllers;
         private FingerprintUnlockCategoryController
                 mFingerprintUnlockCategoryPreferenceController;
+        private BiometricSecondFactorPinPreferenceController
+                mBiometricSecondFactorPinPreferenceController;
         private FingerprintSettingsRequireScreenOnToAuthPreferenceController
                 mRequireScreenOnToAuthPreferenceController;
         private FingerprintSettingsScreenOffUnlockUdfpsPreferenceController
@@ -283,12 +304,14 @@ private static class FooterColumn {
         private PreferenceCategory mFingerprintsEnrolledCategory;
         private PreferenceCategory mFingerprintUnlockCategory;
         private PreferenceCategory mFingerprintUnlockFooter;
+        private Preference mBiometricSecondFactorPin;
 
         private FingerprintManager mFingerprintManager;
         private FingerprintUpdater mFingerprintUpdater;
         private List<FingerprintSensorPropertiesInternal> mSensorProperties;
         private boolean mInFingerprintLockout;
         private byte[] mToken;
+        private LockscreenCredential mUserPassword;
         private boolean mLaunchedConfirm;
         private boolean mBiometricsAuthenticationRequested;
         private boolean mHasFirstEnrolled = true;
@@ -296,6 +319,7 @@ private static class FooterColumn {
         private int mUserId;
         private final List<FooterColumn> mFooterColumns = new ArrayList<>();
         private boolean mIsEnrolling;
+        private boolean mLaunchedBiometricSecondFactorPinActivity;
 
         private long mChallenge;
 
@@ -508,6 +532,15 @@ public void onCreate(Bundle savedInstanceState) {
                         mHasFirstEnrolled);
                 mBiometricsAuthenticationRequested = savedInstanceState.getBoolean(
                         KEY_BIOMETRICS_AUTHENTICATION_REQUESTED);
+                mLaunchedBiometricSecondFactorPinActivity = savedInstanceState.getBoolean(
+                        KEY_LAUNCHED_BIOMETRIC_SECOND_FACTOR_PIN_ACTIVITY
+                );
+                mUserPassword = savedInstanceState.getParcelable(
+                        ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
+                mBiometricSecondFactorPinPreferenceController.setPrimaryCredential(mUserPassword);
+                // This controller needs userId set in #onActivityResult, but upstream doesn't set
+                // them until #onResume.
+                mBiometricSecondFactorPinPreferenceController.setUserId(mUserId);
             }
 
             // (mLaunchedConfirm or mIsEnrolling) means that we are waiting an activity result.
@@ -651,6 +684,8 @@ private void addFingerprintPreferences(PreferenceGroup root) {
                     ((FingerprintUnlockCategoryController) controller).setUserId(mUserId);
                 } else if (controller instanceof FingerprintSettingsKeyguardPreferenceController c) {
                     c.setUserId(mUserId);
+                } else if (controller instanceof BiometricSecondFactorPinPreferenceController c) {
+                    c.setUserId(mUserId);
                 }
             }
 
@@ -746,6 +781,20 @@ private void updateFingerprintUnlockCategoryVisibility() {
             }
         }
 
+        private void updateSecondFactorPinVisibility() {
+            final boolean available =
+                    mBiometricSecondFactorPinPreferenceController.isAvailable();
+            if (mBiometricSecondFactorPin.isVisible() != available) {
+                mBiometricSecondFactorPin.setVisible(available);
+                if (available) {
+                    // Without this there will be no summary when preference was initially not
+                    // available.
+                    mBiometricSecondFactorPinPreferenceController.updateState(
+                            mBiometricSecondFactorPin);
+                }
+            }
+        }
+
         private FingerprintSettingsKeyguardPreferenceController mFingerprintKeyguardController;
 
         private void setupFingerprintUnlockCategoryPreferencesExt() {
@@ -753,10 +802,14 @@ private void setupFingerprintUnlockCategoryPreferencesExt() {
             keyguardFingerprintPref.setChecked(mFingerprintKeyguardController.isChecked());
             keyguardFingerprintPref.setOnPreferenceChangeListener((p, value) -> {
                 mFingerprintKeyguardController.setChecked((boolean) value);
+                updateSecondFactorPinVisibility();
                 return true;
             });
             // Without this, the preference will display even when it is not available.
             keyguardFingerprintPref.setVisible(mFingerprintKeyguardController.isAvailable());
+
+            mBiometricSecondFactorPin = findPreference(KEY_BIOMETRIC_SECOND_FACTOR_PIN);
+            updateSecondFactorPinVisibility();
         }
 
         private void setupFingerprintUnlockCategoryPreferencesForScreenOnToAuth() {
@@ -887,7 +940,8 @@ public void onPause() {
         @Override
         public void onStop() {
             super.onStop();
-            if (!getActivity().isChangingConfigurations() && !mLaunchedConfirm && !mIsEnrolling) {
+            if (!getActivity().isChangingConfigurations() && !mLaunchedConfirm && !mIsEnrolling &&
+                    !mLaunchedBiometricSecondFactorPinActivity) {
                 setResult(RESULT_TIMEOUT);
                 getActivity().finish();
             }
@@ -913,6 +967,10 @@ public void onSaveInstanceState(final Bundle outState) {
             outState.putBoolean(KEY_HAS_FIRST_ENROLLED, mHasFirstEnrolled);
             outState.putBoolean(KEY_BIOMETRICS_AUTHENTICATION_REQUESTED,
                     mBiometricsAuthenticationRequested);
+            outState.putBoolean(KEY_LAUNCHED_BIOMETRIC_SECOND_FACTOR_PIN_ACTIVITY,
+                    mLaunchedBiometricSecondFactorPinActivity);
+            outState.putParcelable(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,
+                    mUserPassword != null ? mUserPassword.duplicate() : null);
         }
 
         @Override
@@ -933,6 +991,8 @@ public boolean onPreferenceTreeClick(Preference pref) {
                 FingerprintPreference fpref = (FingerprintPreference) pref;
                 final Fingerprint fp = fpref.getFingerprint();
                 showRenameDialog(fp);
+            } else if (KEY_BIOMETRIC_SECOND_FACTOR_PIN.equals(key)) {
+                mLaunchedBiometricSecondFactorPinActivity = true;
             }
             return super.onPreferenceTreeClick(pref);
         }
@@ -1016,7 +1076,7 @@ protected List<AbstractPreferenceController> createPreferenceControllers(Context
 
         private List<AbstractPreferenceController> buildPreferenceControllers(Context context) {
             final List<AbstractPreferenceController> controllers =
-                    createThePreferenceControllers(context);
+                    createThePreferenceControllers(context, this);
             if (controllers == null) {
                 return controllers;
             }
@@ -1031,6 +1091,9 @@ private List<AbstractPreferenceController> buildPreferenceControllers(Context co
                         mFingerprintKeyguardController =
                                 (FingerprintSettingsKeyguardPreferenceController) controller;
                         continue;
+                    case KEY_BIOMETRIC_SECOND_FACTOR_PIN:
+                        mBiometricSecondFactorPinPreferenceController =
+                                (BiometricSecondFactorPinPreferenceController) controller;
                 }
             }
 
@@ -1069,6 +1132,16 @@ public void onActivityResult(int requestCode, int resultCode, Intent data) {
                 mLaunchedConfirm = false;
                 if (resultCode == RESULT_FINISHED || resultCode == RESULT_OK) {
                     if (BiometricUtils.containsGatekeeperPasswordHandle(data)) {
+                        if (data.hasExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD)) {
+                            mUserPassword = data.getParcelableExtra(
+                                    ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
+                            mBiometricSecondFactorPinPreferenceController.setPrimaryCredential(
+                                    mUserPassword);
+                        } else {
+                            Log.d(TAG, "Current primary credential missing");
+                            finish();
+                        }
+
                         if (!mHasFirstEnrolled && !mIsEnrolling) {
                             final Activity activity = getActivity();
                             if (activity != null) {
@@ -1182,6 +1255,32 @@ public void onActivityResult(int requestCode, int resultCode, Intent data) {
                         finish();
                     }
                 }
+            } else if (requestCode == BIOMETRIC_SECOND_FACTOR_PIN_CHOOSE_REQUEST) {
+                mLaunchedBiometricSecondFactorPinActivity = false;
+                // This technique of relying on the launched Activity to indicate timeout isn't
+                // perfect. If an app calls finish() for something other than RESULT_TIMEOUT, but
+                // the app is in background, then on returning to foreground there will be no
+                // RESULT_TIMEOUT. This is easily seen by adding a sleep(1000ms) before the finish()
+                // call and going to background during this time.
+                // The technique is used inconsistently throughout Settings app, such as
+                // ChooseLockGeneric using it, but not ChooseLockPassword. However, it is used
+                // consistently within FingerprintSettings, so I use it for second factor.
+                if (resultCode == ChooseBiometricSecondFactorPin
+                        .ChooseBiometricSecondFactorPinFragment.RESULT_NOT_FOREGROUND) {
+                    getActivity().setResult(RESULT_TIMEOUT);
+                    getActivity().finish();
+                } else if (resultCode == ChooseBiometricSecondFactorPin
+                        .ChooseBiometricSecondFactorPinFragment.RESULT_FINISHED) {
+                    mLaunchedBiometricSecondFactorPinActivity = true;
+                    mBiometricSecondFactorPinPreferenceController.launchSettings();
+                }
+            } else if (requestCode == BIOMETRIC_SECOND_FACTOR_PIN_SETTINGS_REQUEST) {
+                mLaunchedBiometricSecondFactorPinActivity = false;
+                if (resultCode ==
+                        BiometricSecondFactorPinSettings.RESULT_NOT_FOREGROUND) {
+                    getActivity().setResult(RESULT_TIMEOUT);
+                    getActivity().finish();
+                }
             }
         }
 
@@ -1191,6 +1290,15 @@ public void onDestroy() {
             if (getActivity().isFinishing()) {
                 mFingerprintManager.revokeChallenge(mUserId, mChallenge);
             }
+
+            if (mUserPassword != null) {
+                mUserPassword.zeroize();
+            }
+            new Handler(Looper.myLooper()).postDelayed(() -> {
+                System.gc();
+                System.runFinalization();
+                System.gc();
+            }, 5000);
         }
 
         private Drawable getHighlightDrawable() {
@@ -1249,6 +1357,7 @@ private void launchChooseOrConfirmLock() {
                         true);
                 intent.putExtra(Intent.EXTRA_USER_ID, mUserId);
                 intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true);
+                intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, true);
                 intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, true);
                 startActivityForResult(intent, CHOOSE_LOCK_GENERIC_REQUEST);
             }
diff --git a/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintSettingsFragmentTest.java b/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintSettingsFragmentTest.java
index 1086f85d45c..ba6caf71427 100644
--- a/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintSettingsFragmentTest.java
+++ b/tests/robotests/src/com/android/settings/biometrics/fingerprint/FingerprintSettingsFragmentTest.java
@@ -69,6 +69,8 @@
 import androidx.preference.Preference;
 import androidx.test.core.app.ApplicationProvider;
 
+import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.biometrics.fingerprint.feature.SfpsRestToUnlockFeature;
 import com.android.settings.password.ChooseLockSettingsHelper;
 import com.android.settings.password.ConfirmDeviceCredentialActivity;
 import com.android.settings.search.BaseSearchIndexProvider;
@@ -137,6 +139,12 @@ public class FingerprintSettingsFragmentTest {
     private FingerprintAuthenticateSidecar mFingerprintAuthenticateSidecar;
     private FingerprintRemoveSidecar mFingerprintRemoveSidecar;
 
+    private FakeFeatureFactory mFeatureFactory;
+    @Mock
+    private LockPatternUtils mLockPatternUtils;
+    @Mock
+    private SfpsRestToUnlockFeature mSfpsRestToUnlockFeature;
+
     @Before
     public void setUp() {
         ShadowUtils.setFingerprintManager(mFingerprintManager);
@@ -151,6 +159,15 @@ public void setUp() {
         when(mBiometricManager.canAuthenticate(PRIMARY_USER_ID,
                 BiometricManager.Authenticators.IDENTITY_CHECK))
                 .thenReturn(BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE);
+
+        // FeatureFactory mocking copied from ChangeScreenLockPreferenceControllerTest.
+        mFeatureFactory = FakeFeatureFactory.setupForTest();
+        when(mFeatureFactory.securityFeatureProvider.getLockPatternUtils(mContext))
+                .thenReturn(mLockPatternUtils);
+        when(mFeatureFactory.mFingerprintFeatureProvider.getSfpsRestToUnlockFeature(mContext))
+                .thenReturn(mSfpsRestToUnlockFeature);
+
+        when(mLockPatternUtils.checkUserSupportsBiometricSecondFactor(anyInt())).thenReturn(true);
     }
 
     @After
diff --git a/tests/robotests/testutils/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java b/tests/robotests/testutils/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java
index efea6fdeaaa..8f4b155bd6b 100644
--- a/tests/robotests/testutils/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java
+++ b/tests/robotests/testutils/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java
@@ -16,6 +16,8 @@
 
 package com.android.settings.testutils.shadow;
 
+import static com.android.internal.widget.LockDomain.Primary;
+
 import android.app.admin.DevicePolicyManager;
 import android.app.admin.PasswordMetrics;
 import android.content.ComponentName;
@@ -26,6 +28,7 @@
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 
+import com.android.internal.widget.LockDomain;
 import com.android.internal.widget.LockPatternUtils;
 import com.android.internal.widget.LockscreenCredential;
 
@@ -51,6 +54,8 @@ public class ShadowLockPatternUtils {
     private static Map<Integer, Boolean> sUserToBiometricAllowedMap = new HashMap<>();
     private static Map<Integer, Boolean> sUserToLockPatternEnabledMap = new HashMap<>();
     private static Map<Integer, Integer> sKeyguardStoredPasswordQualityMap = new HashMap<>();
+    private static Map<Integer, Integer> sKeyguardStoredPasswordQualityMapSecondary =
+            new HashMap<>();
 
     private static boolean sIsUserOwnsFrpCredential;
 
@@ -99,7 +104,14 @@ protected int getActivePasswordQuality(int userId) {
 
     @Implementation
     protected int getKeyguardStoredPasswordQuality(int userHandle) {
-        return sKeyguardStoredPasswordQualityMap.getOrDefault(userHandle, /* defaultValue= */ 1);
+        return getKeyguardStoredPasswordQuality(userHandle, Primary);
+    }
+
+    @Implementation
+    protected int getKeyguardStoredPasswordQuality(int userHandle, LockDomain lockDomain) {
+        Map<Integer, Integer> passwordQualityMap = lockDomain == Primary ?
+                sKeyguardStoredPasswordQualityMap : sKeyguardStoredPasswordQualityMapSecondary;
+        return passwordQualityMap.getOrDefault(userHandle, /* defaultValue= */ 1);
     }
 
     @Implementation

From 7d6031c281c7a277f710fa702de65dcd0dd68bc3 Mon Sep 17 00:00:00 2001
From: Fred Underwood <underwoodfred@proton.me>
Date: Mon, 23 Dec 2024 12:49:05 +1000
Subject: [PATCH 088/117] prevent tests from failing due to missing
 setupwizard.theme

---
 src/com/android/settings/sudconfig/SudConfigProvider.kt | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/com/android/settings/sudconfig/SudConfigProvider.kt b/src/com/android/settings/sudconfig/SudConfigProvider.kt
index ae2b4926f1f..1e19f7cec36 100644
--- a/src/com/android/settings/sudconfig/SudConfigProvider.kt
+++ b/src/com/android/settings/sudconfig/SudConfigProvider.kt
@@ -32,9 +32,12 @@ class SudConfigProvider : NonRelationalProvider() {
     override fun onCreate(): Boolean {
         // returns value of setupwizard.theme sysprop
         val theme: Optional<String> = android.sysprop.SetupWizardProperties.theme()
-        // setupwizard.theme should always be set to prevent inconsistencies in setupdesign UIs
-        check(theme.isPresent) { "missing setupwizard.theme sysprop" }
-        defaultThemeString = theme.get()
+        if (theme.isPresent) {
+            defaultThemeString = theme.get()
+        } else {
+            // Allows tests to run without having to manually set this.
+            defaultThemeString = "fallback"
+        }
         return true
     }
 

From 5767616e69b6818a60dc1e7af689112f37edddf9 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 29 Dec 2024 18:29:15 +0200
Subject: [PATCH 089/117] don't disable App info > Battery usage item while its
 summary is loading

---
 .../android/settings/spa/app/appinfo/AppBatteryPreference.kt   | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
index ea13a025075..a672e25c927 100644
--- a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
@@ -57,7 +57,6 @@ fun AppBatteryPreference(app: ApplicationInfo) {
     Preference(object : PreferenceModel {
         override val title = stringResource(R.string.battery_details_title)
         override val summary = presenter.summary
-        override val enabled = presenter.enabled
         override val onClick = presenter::startActivity
     })
 
@@ -97,8 +96,6 @@ private class AppBatteryPresenter(private val context: Context, private val app:
         Pair(batteryDiffEntry.await(), optimizationMode)
     }
 
-    val enabled = { batteryDiffEntryState is LoadingState.Done }
-
     val summary = {
         if (app.installed) {
             batteryDiffEntryState.let { batteryDiffEntryState ->

From 3a1ada6c97ec75961c14fa092ee45036efaec7e8 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sun, 29 Dec 2024 18:31:51 +0200
Subject: [PATCH 090/117] [temporary] don't show battery usage info in App info
 item summary

It takes more than 5 seconds to load in many cases due to an upstream regression.
---
 .../spa/app/appinfo/AppBatteryPreference.kt   | 72 +++----------------
 1 file changed, 8 insertions(+), 64 deletions(-)

diff --git a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
index a672e25c927..2911046eaf9 100644
--- a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
@@ -36,15 +36,11 @@ import com.android.settings.Utils
 import com.android.settings.core.SubSettingLauncher
 import com.android.settings.fuelgauge.AdvancedPowerUsageDetail
 import com.android.settings.fuelgauge.BatteryOptimizeUtils
-import com.android.settings.fuelgauge.batteryusage.BatteryChartPreferenceController
-import com.android.settings.fuelgauge.batteryusage.BatteryDiffEntry
 import com.android.settingslib.spa.widget.preference.Preference
 import com.android.settingslib.spa.widget.preference.PreferenceModel
 import com.android.settingslib.spaprivileged.model.app.installed
 import com.android.settingslib.spaprivileged.model.app.userHandle
-import com.android.settingslib.spaprivileged.model.app.userId
 import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.async
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
 
@@ -64,8 +60,7 @@ fun AppBatteryPreference(app: ApplicationInfo) {
 }
 
 private class AppBatteryPresenter(private val context: Context, private val app: ApplicationInfo) {
-    private var batteryDiffEntryState: LoadingState<Pair<BatteryDiffEntry?, Int>>
-        by mutableStateOf(LoadingState.Loading)
+    private var optimizationModeState: LoadingState<Int> by mutableStateOf(LoadingState.Loading)
 
     @Composable
     fun isAvailable() = remember {
@@ -78,90 +73,39 @@ private class AppBatteryPresenter(private val context: Context, private val app:
         val current = LocalLifecycleOwner.current
         LaunchedEffect(app) {
             current.repeatOnLifecycle(Lifecycle.State.STARTED) {
-                launch { batteryDiffEntryState = LoadingState.Done(getBatteryDiffEntry()) }
+                launch { optimizationModeState = LoadingState.Done(getBatteryDiffEntry()) }
             }
         }
     }
 
-    private suspend fun getBatteryDiffEntry(): Pair<BatteryDiffEntry?, Int> = withContext(Dispatchers.IO) {
-        val batteryDiffEntry = async {
-            BatteryChartPreferenceController.getAppBatteryUsageData(
-                context, app.packageName, app.userId
-            ).also {
-                Log.d(TAG, "loadBatteryDiffEntries():\n$it")
-            }
-        }
-        val optimizationMode = BatteryOptimizeUtils(context, app.uid, app.packageName)
+    private suspend fun getBatteryDiffEntry(): Int = withContext(Dispatchers.IO) {
+        return@withContext BatteryOptimizeUtils(context, app.uid, app.packageName)
             .getAppOptimizationMode(false, false);
-        Pair(batteryDiffEntry.await(), optimizationMode)
     }
 
     val summary = {
         if (app.installed) {
-            batteryDiffEntryState.let { batteryDiffEntryState ->
+            optimizationModeState.let { batteryDiffEntryState ->
                 when (batteryDiffEntryState) {
                     is LoadingState.Loading -> context.getString(R.string.summary_placeholder)
                     is LoadingState.Done -> {
-                        val optimizationMode = when (batteryDiffEntryState.result.second) {
+                        val optimizationMode = when (batteryDiffEntryState.result) {
                             BatteryOptimizeUtils.MODE_RESTRICTED ->
                                 R.string.manager_battery_usage_restricted_title
                             BatteryOptimizeUtils.MODE_UNRESTRICTED ->
                                 R.string.manager_battery_usage_unrestricted_title
                             BatteryOptimizeUtils.MODE_OPTIMIZED ->
                                 R.string.manager_battery_usage_optimized_title
-                            else -> 0
+                            else -> return@let ""
                         }
-                        val b = StringBuilder()
-                        val bde = batteryDiffEntryState.result.first
-                        if (optimizationMode != 0) {
-                            b.append(context.getString(optimizationMode))
-                        }
-
-                        val bdeSummary = bde.getSummary()
-                        if (b.isNotEmpty() && bdeSummary.isNotEmpty()) {
-                            b.append('\n')
-                            b.append(bdeSummary)
-                            return@let b.toString()
-                        }
-
-                        return@let bdeSummary
+                        return@let context.getString(optimizationMode)
                     }
                 }
             }
         } else ""
     }
 
-    private fun BatteryDiffEntry?.getSummary(): String =
-        this?.takeIf { mConsumePower > 0 }?.let {
-            context.getString(
-                R.string.battery_summary, Utils.formatPercentage(percentage, true)
-            )
-        } ?: context.getString(R.string.no_battery_summary)
-
     fun startActivity() {
-        batteryDiffEntryState.resultOrNull?.first?.run {
-            startBatteryDetailPage()
-            return
-        }
-
-        fallbackStartBatteryDetailPage()
-    }
-
-    private fun BatteryDiffEntry.startBatteryDetailPage() {
-        Log.i(TAG, "handlePreferenceTreeClick():\n$this")
-        AdvancedPowerUsageDetail.startBatteryDetailPage(
-            context,
-            AppInfoSettingsProvider.METRICS_CATEGORY,
-            this,
-            Utils.formatPercentage(percentage, true),
-            /*slotInformation=*/ null,
-            /*showTimeInformation=*/ false,
-            /*anomalyHintPrefKey=*/ null,
-            /*anomalyHintText=*/ null
-        )
-    }
-
-    private fun fallbackStartBatteryDetailPage() {
         Log.i(TAG, "Launch : ${app.packageName} with package name")
         val args = bundleOf(
             AdvancedPowerUsageDetail.EXTRA_PACKAGE_NAME to app.packageName,

From 5878c793f7e903dbe6fc83345b41890759ae19ef Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 25 Jan 2025 13:25:51 +0200
Subject: [PATCH 091/117] add per-app Play Integrity API settings

---
 AndroidManifest.xml                           |  16 ++
 res/values/strings_ext.xml                    |  12 ++
 src/com/android/settings/Settings.java        |   2 +
 .../applications/AppManagePlayIntegrityApi.kt | 137 ++++++++++++++++++
 .../core/gateway/SettingsGateway.java         |   1 +
 .../settings/spa/SettingsSpaEnvironment.kt    |   1 +
 .../spa/app/appinfo/AppInfoSettings.kt        |   1 +
 7 files changed, 170 insertions(+)
 create mode 100644 src/com/android/settings/applications/AppManagePlayIntegrityApi.kt

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 5770c914f8a..4d94a50f03b 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5610,5 +5610,21 @@
                 android:value="@string/menu_key_apps"/>
         </activity>
 
+        <activity
+            android:name=".Settings$AppManagePlayIntegrityApiActivity"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="android.settings.OPEN_APP_MANAGE_PLAY_INTEGRITY_API_SETTINGS" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="package" />
+            </intent-filter>
+
+            <meta-data android:name="com.android.settings.FRAGMENT_CLASS"
+                android:value="com.android.settings.applications.AppManagePlayIntegrityApiFragment"/>
+            <meta-data android:name="com.android.settings.HIGHLIGHT_MENU_KEY"
+                android:value="@string/menu_key_apps"/>
+        </activity>
+
     </application>
 </manifest>
diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index ff3f75178c9..b53d947a169 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -200,4 +200,16 @@ Duress PIN works the same way duress password does."</string>
     <string name="alt_touchscreen_mode_confirm_message">Confirm that the touchscreen is working. Without confirmation, alternative touchscreen mode will be disabled after several seconds.</string>
     <string name="alt_touchscreen_mode_confirm_button">Confirm</string>
 
+    <string name="app_play_integrity_api">Play Integrity API</string>
+    <string name="app_play_integrity_top_intro">The Play Integrity API allows services to verify properties of a device through their app. Most services check for the device or strong integrity level which requires having the unmodified stock OS on a device licensing Google Mobile Services. Not every app using it will ban using GrapheneOS. GrapheneOS passes the basic integrity level and the miscellaneous checks for licensing, Play Protect, etc. work fine. We recommend leaving feedback for apps using it to ban GrapheneOS asking them to stop banning using a much more secure OS. Apps can use the standard Android hardware attestation API to verify the hardware, OS and app with GrapheneOS.</string>
+    <string name="app_play_integrity_contact_app_developer">Contact app developer</string>
+    <string name="app_play_integrity_show_usage_notifications">Show usage notifications</string>
+    <string name="app_play_integrity_block_usage_attempts">Block usage attempts</string>
+    <string name="app_play_integrity_block_usage_attempts_summary_on">
+        Play Integrity API usage attempts will fail with the “API is not available” error code
+    </string>
+    <string name="app_play_integrity_api_blocked">Blocked</string>
+    <string name="app_play_integrity_api_not_blocked">Not blocked</string>
+    <string name="app_play_integrity_see_all_apps">Show apps that used the Play Integrity API</string>
+
 </resources>
diff --git a/src/com/android/settings/Settings.java b/src/com/android/settings/Settings.java
index 2a05fcb1566..d1d511ba841 100644
--- a/src/com/android/settings/Settings.java
+++ b/src/com/android/settings/Settings.java
@@ -533,5 +533,7 @@ public static class AppNativeDebuggingActivity extends SettingsActivity {}
 
     public static class AppStorageDynCodeLoadingActivity extends SettingsActivity {}
 
+    public static class AppManagePlayIntegrityApiActivity extends SettingsActivity {}
+
     public static class ExploitProtectionActivity extends SettingsActivity {}
 }
diff --git a/src/com/android/settings/applications/AppManagePlayIntegrityApi.kt b/src/com/android/settings/applications/AppManagePlayIntegrityApi.kt
new file mode 100644
index 00000000000..41cfe5dcd1b
--- /dev/null
+++ b/src/com/android/settings/applications/AppManagePlayIntegrityApi.kt
@@ -0,0 +1,137 @@
+package com.android.settings.applications
+
+import android.app.compat.gms.GmsUtils
+import android.content.Context
+import android.content.Intent
+import android.content.pm.ApplicationInfo
+import android.content.pm.GosPackageState
+import android.content.pm.GosPackageStateFlag
+import android.content.pm.PackageManager.NameNotFoundException
+import android.ext.PackageId
+import android.ext.settings.app.AswBlockPlayIntegrityApi
+import android.net.Uri
+import android.os.Bundle
+import androidx.appcompat.app.AlertDialog
+import androidx.compose.runtime.Composable
+import androidx.compose.ui.platform.LocalContext
+import androidx.preference.Preference
+import androidx.preference.PreferenceScreen
+import androidx.preference.SwitchPreferenceCompat
+import com.android.settings.R
+import com.android.settings.spa.app.appinfo.AswPreference
+import com.android.settingslib.spaprivileged.model.app.userId
+import com.android.settingslib.widget.TopIntroPreference
+
+object AswAdapterManagePlayIntegrityApi : AswAdapter<AswBlockPlayIntegrityApi>() {
+    override fun getAppSwitch() = AswBlockPlayIntegrityApi.I
+
+    override fun getAswTitle(ctx: Context) = ctx.getText(R.string.app_play_integrity_api)
+    override fun getOnTitle(ctx: Context) = ctx.getText(R.string.app_play_integrity_api_blocked)
+    override fun getOffTitle(ctx: Context) = ctx.getText(R.string.app_play_integrity_api_not_blocked)
+
+    override fun getDetailFragmentClass() = AppManagePlayIntegrityApiFragment::class
+
+    override fun shouldIncludeInAppListPage(app: ApplicationInfo, gosPs: GosPackageState): Boolean {
+        return gosPs.hasFlag(GosPackageStateFlag.PLAY_INTEGRITY_API_USED_AT_LEAST_ONCE)
+    }
+}
+
+@Composable
+fun AppManagePlayIntegrityApiPreference(app: ApplicationInfo) {
+    if (GosPackageState.get(app.packageName, app.userId)
+            .hasFlag(GosPackageStateFlag.PLAY_INTEGRITY_API_USED_AT_LEAST_ONCE)) {
+        AswPreference(LocalContext.current, app, AswAdapterManagePlayIntegrityApi)
+    }
+}
+
+class AppManagePlayIntegrityApiFragment : AppInfoWithHeader() {
+    private lateinit var showUsageNotifsSwitch: SwitchPreferenceCompat
+    private lateinit var blockUsageAttemptsSwitch: SwitchPreferenceCompat
+
+    override fun onCreate(savedInstanceState: Bundle?) {
+        super.onCreate(savedInstanceState)
+
+        requireActivity().setTitle(R.string.app_play_integrity_api)
+
+        val prefCtx = prefContext
+        val screen: PreferenceScreen = preferenceManager.createPreferenceScreen(prefCtx)
+
+        TopIntroPreference(prefCtx).apply {
+            setTitle(R.string.app_play_integrity_top_intro)
+            screen.addPreference(this)
+        }
+        Preference(prefCtx).apply {
+            setTitle(R.string.app_play_integrity_contact_app_developer)
+            setOnPreferenceClickListener {
+                val pkgName = mPackageName
+                val intent: Intent
+                if (isPlayStoreAvailable()) {
+                    intent = GmsUtils.createAppPlayStoreIntent(pkgName)
+                } else {
+                    val uri = Uri.parse("https://play.google.com/store/apps/details?id=$pkgName")
+                    intent = Intent.createChooser(Intent(Intent.ACTION_VIEW, uri), null)
+                }
+                intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+                startActivity(intent)
+                true
+            }
+            screen.addPreference(this)
+        }
+        showUsageNotifsSwitch = SwitchPreferenceCompat(prefCtx).apply {
+            setTitle(R.string.app_play_integrity_show_usage_notifications)
+            setOnPreferenceChangeListener { _, value ->
+                val ed = GosPackageState.edit(mPackageName, mUserId)
+                AswBlockPlayIntegrityApi.I.setNotificationEnabled(ed, value as Boolean)
+                ed.apply()
+            }
+            screen.addPreference(this)
+        }
+        blockUsageAttemptsSwitch = SwitchPreferenceCompat(prefCtx).apply {
+            setTitle(R.string.app_play_integrity_block_usage_attempts)
+            setSummaryOn(R.string.app_play_integrity_block_usage_attempts_summary_on)
+            setOnPreferenceChangeListener { _, value ->
+                val ed = GosPackageState.edit(mPackageName, mUserId)
+                AswBlockPlayIntegrityApi.I.set(ed, value as Boolean)
+                ed.apply()
+            }
+            screen.addPreference(this)
+        }
+        AswAdapterManagePlayIntegrityApi.addAppListPageLink(
+                screen, getText(R.string.app_play_integrity_see_all_apps))
+
+        setPreferenceScreen(screen)
+    }
+
+    override fun refreshUi(): Boolean {
+        val appInfo = getAppInfo(mPackageName) ?: return false
+        val gosPs = GosPackageState.get(mPackageName, mUserId)
+
+        showUsageNotifsSwitch.isChecked = AswBlockPlayIntegrityApi.I.isNotificationEnabled(gosPs)
+
+        blockUsageAttemptsSwitch.isChecked = AswBlockPlayIntegrityApi.I
+                .get(requireContext(), mUserId, appInfo, gosPs)
+
+        return true
+    }
+
+    private fun isPlayStoreAvailable(): Boolean {
+        val appInfo = getAppInfo(PackageId.PLAY_STORE_NAME) ?: return false
+        if (!appInfo.enabled) {
+            return false
+        }
+        return appInfo.ext().packageId == PackageId.PLAY_STORE
+    }
+
+    private fun getAppInfo(pkgName: String): ApplicationInfo? {
+        val pkgManager = requireContext().packageManager
+        try {
+            return pkgManager.getApplicationInfoAsUser(pkgName, 0, mUserId)
+        } catch (e: NameNotFoundException) {
+            return null
+        }
+    }
+
+    override fun createDialog(id: Int, errorCode: Int): AlertDialog? = null
+
+    override fun getMetricsCategory(): Int = METRICS_CATEGORY_UNKNOWN
+}
diff --git a/src/com/android/settings/core/gateway/SettingsGateway.java b/src/com/android/settings/core/gateway/SettingsGateway.java
index a53f5f8ba37..e9f4794bce8 100644
--- a/src/com/android/settings/core/gateway/SettingsGateway.java
+++ b/src/com/android/settings/core/gateway/SettingsGateway.java
@@ -223,6 +223,7 @@ public class SettingsGateway {
             com.android.settings.applications.AppHardenedMallocFragment.class.getName(),
             com.android.settings.applications.AppMemoryDynCodeLoadingFragment.class.getName(),
             com.android.settings.applications.AppStorageDynCodeLoadingFragment.class.getName(),
+            com.android.settings.applications.AppManagePlayIntegrityApiFragment.class.getName(),
             com.android.settings.safetycenter.ExploitProtectionFragment.class.getName(),
             AdvancedConnectedDeviceDashboardFragment.class.getName(),
             CreateShortcut.class.getName(),
diff --git a/src/com/android/settings/spa/SettingsSpaEnvironment.kt b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
index 3576dfd7375..a9c0eaba232 100644
--- a/src/com/android/settings/spa/SettingsSpaEnvironment.kt
+++ b/src/com/android/settings/spa/SettingsSpaEnvironment.kt
@@ -109,6 +109,7 @@ open class SettingsSpaEnvironment(context: Context) : SpaEnvironment(context) {
         com.android.settings.applications.AswAdapterWebViewDynCodeLoading.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterMemoryDynCodeLoading.makeAppListPageProvider(),
         com.android.settings.applications.AswAdapterStorageDynCodeLoading.makeAppListPageProvider(),
+        com.android.settings.applications.AswAdapterManagePlayIntegrityApi.makeAppListPageProvider(),
         AllAppListPageProvider,
         AppInfoSettingsProvider,
         SpecialAppAccessPageProvider,
diff --git a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
index af8d40dd887..e1b94cff69f 100644
--- a/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppInfoSettings.kt
@@ -168,6 +168,7 @@ private fun AppInfoSettings(packageInfoPresenter: PackageInfoPresenter) {
         }
 
         Category(title = stringResource(R.string.advanced_apps)) {
+            com.android.settings.applications.AppManagePlayIntegrityApiPreference(app)
             UserAspectRatioAppPreference(app)
             DisplayOverOtherAppsAppListProvider.InfoPageEntryItem(app)
             ModifySystemSettingsAppListProvider.InfoPageEntryItem(app)

From 3953aed1fb2ca280b6894364fe6a30d569261e09 Mon Sep 17 00:00:00 2001
From: Pratyush <codelab@pratyush.dev>
Date: Wed, 12 Feb 2025 23:26:22 +0530
Subject: [PATCH 092/117] add "5G Only" and "4G or 5G only" Mode

---
 res/values/strings.xml                        |  6 +++
 ...nabledNetworkModePreferenceController.java | 42 +++++++++++++++++--
 2 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/res/values/strings.xml b/res/values/strings.xml
index 09edc320b2b..c9fc0053471 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -12196,6 +12196,12 @@
     <string name="network_lte">LTE (recommended)</string>
     <!-- Text for Network lte only [CHAR LIMIT=NONE] -->
     <string name="network_lte_only">LTE only</string>
+    <!-- Text for Network 5G only [CHAR LIMIT=NONE] -->
+    <string name="network_5g_only">5G only</string>
+    <!-- Text for Network 5G or LTE only [CHAR LIMIT=NONE] -->
+    <string name="network_5g_or_lte_only">5G or LTE only</string>
+    <!-- Text for Network 5G or 4G only [CHAR LIMIT=NONE] -->
+    <string name="network_5g_or_4g_only">5G or 4G only</string>
     <!-- Text for Network 4g [CHAR LIMIT=NONE] -->
     <string name="network_4G">4G (recommended)</string>
     <!-- Text for Network 4g only [CHAR LIMIT=NONE] -->
diff --git a/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java b/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java
index 120bd060cf8..24a6a579468 100644
--- a/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java
+++ b/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java
@@ -58,6 +58,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.IntStream;
 import java.util.stream.Stream;
 
@@ -466,9 +467,7 @@ void setPreferenceEntries() {
                         uiOptions.getType().name() + " index error.");
             }
 
-            if (!lteOnlyUnsupported) {
-                addLteOnlyEntry();
-            }
+            AtomicBoolean is5GSupported = new AtomicBoolean(false);
 
             // Compose options based on given values and formats.
             IntStream.range(0, formatList.size()).forEach(entryIndex -> {
@@ -511,19 +510,31 @@ void setPreferenceEntries() {
                         break;
                     case add5gEntry:
                         add5gEntry(addNrToLteNetworkMode(entryValuesInt[entryIndex]));
+                        is5GSupported.set(true);
                         break;
                     case add5gAnd4gEntry:
                         add5gEntry(addNrToLteNetworkMode(entryValuesInt[entryIndex]));
                         add4gEntry(entryValuesInt[entryIndex]);
+                        is5GSupported.set(true);
                         break;
                     case add5gAndLteEntry:
                         add5gEntry(addNrToLteNetworkMode(entryValuesInt[entryIndex]));
                         addLteEntry(entryValuesInt[entryIndex]);
+                        is5GSupported.set(true);
                         break;
                     default:
                         throw new IllegalArgumentException("Not supported ui options format.");
                 }
             });
+
+            if (!lteOnlyUnsupported) {
+                addLteOnlyEntry();
+            }
+
+            if (!lteOnlyUnsupported && is5GSupported.get()) {
+                addNrOrLteOnlyEntry();
+                addNrOnlyEntry();
+            }
         }
 
         private int getPreferredNetworkMode() {
@@ -730,7 +741,17 @@ void setPreferenceValueAndSummary(int networkMode) {
                     break;
 
                 case TelephonyManager.NETWORK_MODE_NR_ONLY:
+                    setSelectedEntry(
+                            TelephonyManager.NETWORK_MODE_NR_ONLY);
+                    setSummary(getResourcesForSubId().getString(R.string.network_5g_only));
+                    break;
                 case TelephonyManager.NETWORK_MODE_NR_LTE:
+                    setSelectedEntry(
+                            TelephonyManager.NETWORK_MODE_NR_LTE);
+                    setSummary(getResourcesForSubId().getString(mShow4gForLTE ?
+                            R.string.network_5g_or_4g_only : R.string.network_5g_or_lte_only)
+                    );
+                    break;
                 case TelephonyManager.NETWORK_MODE_NR_LTE_GSM_WCDMA:
                 case TelephonyManager.NETWORK_MODE_NR_LTE_WCDMA:
                     setSelectedEntry(TelephonyManager.NETWORK_MODE_NR_LTE_GSM_WCDMA);
@@ -857,6 +878,21 @@ private void addLteOnlyEntry() {
             }
         }
 
+        private void addNrOnlyEntry() {
+            mEntries.add(mContext.getString(R.string.network_5g_only));
+            mEntriesValue.add(TelephonyManager.NETWORK_MODE_NR_ONLY);
+        }
+
+        private void addNrOrLteOnlyEntry() {
+            if (mShow4gForLTE) {
+                mEntries.add(mContext.getString(R.string.network_5g_or_4g_only));
+                mEntriesValue.add(TelephonyManager.NETWORK_MODE_NR_LTE);
+            } else {
+                mEntries.add(mContext.getString(R.string.network_5g_or_lte_only));
+                mEntriesValue.add(TelephonyManager.NETWORK_MODE_NR_LTE);
+            }
+        }
+
         private void addCustomEntry(String name, int value) {
             mEntries.add(name);
             mEntriesValue.add(value);

From 093e359bf5d7be02ed10d1712e5ec9f934f70d63 Mon Sep 17 00:00:00 2001
From: soupslurpr <92235850+soupslurpr@users.noreply.github.com>
Date: Mon, 4 Nov 2024 20:32:27 -0800
Subject: [PATCH 093/117] add network location setting

---
 res/values/strings_ext.xml                    | 10 ++++++
 res/xml/location_services.xml                 |  6 ++++
 ...icesNetworkLocationPreferenceController.kt | 34 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 src/com/android/settings/location/LocationServicesNetworkLocationPreferenceController.kt

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index b53d947a169..5fa65a010c9 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -212,4 +212,14 @@ Duress PIN works the same way duress password does."</string>
     <string name="app_play_integrity_api_not_blocked">Not blocked</string>
     <string name="app_play_integrity_see_all_apps">Show apps that used the Play Integrity API</string>
 
+    <string name="network_location_title">Network location</string>
+    <string name="network_location_footer">
+"Network location is a method of determining your device’s location by using various nearby signals, such as Wi-Fi networks, Bluetooth devices, and cell towers. Your device scans for these signals and sends their identifiers to a server, which then provides positioning data that your device uses to estimate its location. Currently, only Wi-Fi networks are used.
+
+This method can be particularly useful when GNSS is unavailable or unreliable, such as indoors or in areas with poor satellite reception. Network location provides a quicker way to determine your location before a GNSS lock is acquired or when GNSS signals are weak."
+    </string>
+    <string name="network_location_enabled_grapheneos_proxy">GrapheneOS proxy</string>
+    <string name="network_location_enabled_apple_server">Apple server</string>
+    <string name="network_location_disabled">Off</string>
+
 </resources>
diff --git a/res/xml/location_services.xml b/res/xml/location_services.xml
index 917ef1d28f7..0c1027003ac 100644
--- a/res/xml/location_services.xml
+++ b/res/xml/location_services.xml
@@ -34,4 +34,10 @@
             android:title="@string/location_scanning_bluetooth_always_scanning_title"
             settings:controller="com.android.settings.location.LocationServicesBluetoothScanningPreferenceController"/>
 
+        <com.android.settingslib.RestrictedPreference
+            android:order="1002"
+            android:key="location_services_network_location"
+            android:title="@string/network_location_title"
+            settings:controller="com.android.settings.location.LocationServicesNetworkLocationPreferenceController"/>
+
 </PreferenceScreen>
diff --git a/src/com/android/settings/location/LocationServicesNetworkLocationPreferenceController.kt b/src/com/android/settings/location/LocationServicesNetworkLocationPreferenceController.kt
new file mode 100644
index 00000000000..3fa2a2644d5
--- /dev/null
+++ b/src/com/android/settings/location/LocationServicesNetworkLocationPreferenceController.kt
@@ -0,0 +1,34 @@
+package com.android.settings.location
+
+import android.content.Context
+import android.ext.settings.NetworkLocationSettings
+import androidx.preference.PreferenceScreen
+import com.android.settings.R
+import com.android.settings.ext.IntSettingPrefController
+import com.android.settings.ext.RadioButtonPickerFragment2
+
+/**
+ * Preference controller for Network location in Location Services.
+ */
+class LocationServicesNetworkLocationPreferenceController(ctx: Context, key: String?) :
+    IntSettingPrefController(ctx, key, NetworkLocationSettings.NETWORK_LOCATION_SETTING) {
+
+    override fun addPrefsAfterList(fragment: RadioButtonPickerFragment2, screen: PreferenceScreen) {
+        addFooterPreference(screen, R.string.network_location_footer)
+    }
+
+    override fun getEntries(entries: Entries) {
+        entries.add(
+            R.string.network_location_enabled_grapheneos_proxy,
+            NetworkLocationSettings.NETWORK_LOCATION_SERVER_GRAPHENEOS_PROXY
+        )
+        entries.add(
+            R.string.network_location_enabled_apple_server,
+            NetworkLocationSettings.NETWORK_LOCATION_SERVER_APPLE
+        )
+        entries.add(
+            R.string.network_location_disabled,
+            NetworkLocationSettings.NETWORK_LOCATION_DISABLED
+        )
+    }
+}

From 5f1aed1e3f5c7218fbffd8378533c6ce4100ebc3 Mon Sep 17 00:00:00 2001
From: Pratyush <codelab@pratyush.dev>
Date: Fri, 28 Feb 2025 01:44:50 +0530
Subject: [PATCH 094/117] restrict '5G Only' mode to standalone 5G supported
 carrier.

many carrier where 5G network options is available (in settings) doesn't really support standalone 5G and in that case setting it to 'NR/5G only' soft fails.

it is disabled for NSA carrier, calling options will be broken on NSA (non standalone 5G).
---
 .../EnabledNetworkModePreferenceController.java     | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java b/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java
index 24a6a579468..60ae65b1930 100644
--- a/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java
+++ b/src/com/android/settings/network/telephony/EnabledNetworkModePreferenceController.java
@@ -288,6 +288,7 @@ private final class PreferenceEntriesBuilder {
         private boolean mDisplay2gOptions;
         private boolean mDisplay3gOptions;
         private boolean mLteEnabled;
+        private boolean isNrSaAvailable; // Nr-Sa (5G standalone)
         private int mSelectedEntry;
         private int mSubId;
         private String mSummary;
@@ -351,6 +352,14 @@ public void updateConfig() {
                 }
 
                 mLteEnabled = carrierConfig.getBoolean(CarrierConfigManager.KEY_LTE_ENABLED_BOOL);
+                int[] supported5gOptions = carrierConfig.getIntArray(
+                        CarrierConfigManager.KEY_CARRIER_NR_AVAILABILITIES_INT_ARRAY);
+                isNrSaAvailable = supported5gOptions != null && com.google.common.primitives.Ints.contains(
+                        supported5gOptions,
+                        CarrierConfigManager.CARRIER_NR_AVAILABILITY_SA
+                ) && (mTelephonyManager.getAllowedNetworkTypesForReason(TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_USER)
+                        & TelephonyManager.NETWORK_TYPE_BITMASK_NR
+                ) > 0;
             }
             Log.d(LOG_TAG, "PreferenceEntriesBuilder: subId" + mSubId
                     + " ,Supported5gRadioAccessFamily :" + mSupported5gRadioAccessFamily
@@ -533,7 +542,9 @@ void setPreferenceEntries() {
 
             if (!lteOnlyUnsupported && is5GSupported.get()) {
                 addNrOrLteOnlyEntry();
-                addNrOnlyEntry();
+                if (isNrSaAvailable) {
+                    addNrOnlyEntry();
+                }
             }
         }
 

From e82036fcee468ef1da01ece7382fc80e216416f6 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 5 Mar 2025 14:48:18 +0200
Subject: [PATCH 095/117] Revert "Settings: Pass empty lottie resource for
 quickly open camera animation"

This reverts commit cdfab94fdab8287e47e6a24bb1700a85ee250484.
---
 res/drawable/quickly_open_camera.xml    | 3 +++
 res/raw/lottie_quickly_open_camera.json | 0
 res/xml/double_tap_power_settings.xml   | 2 +-
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 res/drawable/quickly_open_camera.xml
 delete mode 100644 res/raw/lottie_quickly_open_camera.json

diff --git a/res/drawable/quickly_open_camera.xml b/res/drawable/quickly_open_camera.xml
new file mode 100644
index 00000000000..dcbf9f4dc68
--- /dev/null
+++ b/res/drawable/quickly_open_camera.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<shape>
+</shape>
diff --git a/res/raw/lottie_quickly_open_camera.json b/res/raw/lottie_quickly_open_camera.json
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/res/xml/double_tap_power_settings.xml b/res/xml/double_tap_power_settings.xml
index a1e133d8e91..783d045b5d5 100644
--- a/res/xml/double_tap_power_settings.xml
+++ b/res/xml/double_tap_power_settings.xml
@@ -22,7 +22,7 @@
     <com.android.settingslib.widget.IllustrationPreference
         android:key="gesture_double_tap_power_video"
         settings:searchable="false"
-        settings:lottie_rawRes="@raw/lottie_quickly_open_camera"
+        settings:lottie_rawRes="@drawable/quickly_open_camera"
         settings:controller="com.android.settings.gestures.DoubleTapPowerIllustrationPreferenceController"/>
 
     <com.android.settingslib.widget.MainSwitchPreference

From 097e693df89dfe1495d99070ad80902baea4523e Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 5 Mar 2025 19:29:20 +0200
Subject: [PATCH 096/117] remove a large blank rectangle from "Quickly open
 camera" screen

---
 res/xml/double_tap_power_settings.xml                | 5 -----
 res/xml/double_tap_power_to_open_camera_settings.xml | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/res/xml/double_tap_power_settings.xml b/res/xml/double_tap_power_settings.xml
index 783d045b5d5..e892764a09e 100644
--- a/res/xml/double_tap_power_settings.xml
+++ b/res/xml/double_tap_power_settings.xml
@@ -19,11 +19,6 @@
     xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:settings="http://schemas.android.com/apk/res-auto"
     android:title="@string/double_tap_power_title">
-    <com.android.settingslib.widget.IllustrationPreference
-        android:key="gesture_double_tap_power_video"
-        settings:searchable="false"
-        settings:lottie_rawRes="@drawable/quickly_open_camera"
-        settings:controller="com.android.settings.gestures.DoubleTapPowerIllustrationPreferenceController"/>
 
     <com.android.settingslib.widget.MainSwitchPreference
         android:key="gesture_double_tap_power_enabled_main_switch"
diff --git a/res/xml/double_tap_power_to_open_camera_settings.xml b/res/xml/double_tap_power_to_open_camera_settings.xml
index 315c7f04da4..2613159a9cb 100644
--- a/res/xml/double_tap_power_to_open_camera_settings.xml
+++ b/res/xml/double_tap_power_to_open_camera_settings.xml
@@ -20,11 +20,6 @@
     xmlns:settings="http://schemas.android.com/apk/res-auto"
     android:title="@string/double_tap_power_for_camera_title">
 
-    <com.android.settingslib.widget.IllustrationPreference
-        android:key="gesture_double_tap_power_video"
-        settings:searchable="false"
-        settings:lottie_rawRes="@drawable/quickly_open_camera"/>
-
     <SwitchPreferenceCompat
         android:key="gesture_double_tap_power"
         android:title="@string/double_tap_power_for_camera_title"

From fb06a47162900d48a6c677a796c6b23540a88a79 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Wed, 5 Mar 2025 20:00:48 +0200
Subject: [PATCH 097/117] make "App info > App battery usage" item directly
 open the inner screen

---
 .../android/settings/spa/app/appinfo/AppBatteryPreference.kt   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
index 2911046eaf9..958937a6013 100644
--- a/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
+++ b/src/com/android/settings/spa/app/appinfo/AppBatteryPreference.kt
@@ -36,6 +36,7 @@ import com.android.settings.Utils
 import com.android.settings.core.SubSettingLauncher
 import com.android.settings.fuelgauge.AdvancedPowerUsageDetail
 import com.android.settings.fuelgauge.BatteryOptimizeUtils
+import com.android.settings.fuelgauge.PowerBackgroundUsageDetail
 import com.android.settingslib.spa.widget.preference.Preference
 import com.android.settingslib.spa.widget.preference.PreferenceModel
 import com.android.settingslib.spaprivileged.model.app.installed
@@ -113,7 +114,7 @@ private class AppBatteryPresenter(private val context: Context, private val app:
             AdvancedPowerUsageDetail.EXTRA_UID to app.uid,
         )
         SubSettingLauncher(context)
-            .setDestination(AdvancedPowerUsageDetail::class.java.name)
+            .setDestination(PowerBackgroundUsageDetail::class.java.name)
             .setTitleRes(R.string.battery_details_title)
             .setArguments(args)
             .setUserHandle(app.userHandle)

From 80464482abe00745a1d048ada841ee0633c5d009 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 11 Mar 2025 14:40:23 +0200
Subject: [PATCH 098/117] add Terminal app preference to System category when
 dev options are on

It's already present in Developer options, but they are not available in secondary users.
---
 res/xml/system_dashboard_fragment.xml          |  6 ++++++
 .../LinuxTerminalPreferenceController.java     | 14 +++++++++++++-
 .../system/SystemDashboardFragment.java        | 18 ++++++++++++++++++
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/res/xml/system_dashboard_fragment.xml b/res/xml/system_dashboard_fragment.xml
index 60e4eaa220d..66a6a82a0d8 100644
--- a/res/xml/system_dashboard_fragment.xml
+++ b/res/xml/system_dashboard_fragment.xml
@@ -111,6 +111,12 @@
         android:icon="@drawable/ic_device_diagnostics"
         settings:controller="com.android.settings.system.DeviceDiagnosticsPreferenceController"/>
 
+    <Preference
+        android:key="linux_terminal"
+        android:title="@string/enable_linux_terminal_title"
+        android:summary="@string/enable_linux_terminal_summary"
+        android:fragment="com.android.settings.development.linuxterminal.LinuxTerminalDashboardFragment" />
+
     <Preference
         android:key="reset_dashboard"
         android:title="@string/reset_dashboard_title"
diff --git a/src/com/android/settings/development/linuxterminal/LinuxTerminalPreferenceController.java b/src/com/android/settings/development/linuxterminal/LinuxTerminalPreferenceController.java
index 076a2832720..9c27c64a418 100644
--- a/src/com/android/settings/development/linuxterminal/LinuxTerminalPreferenceController.java
+++ b/src/com/android/settings/development/linuxterminal/LinuxTerminalPreferenceController.java
@@ -16,10 +16,12 @@
 
 package com.android.settings.development.linuxterminal;
 
+import android.content.ContentResolver;
 import android.content.Context;
 import android.content.pm.PackageManager;
 import android.os.Process;
 import android.os.storage.StorageManager;
+import android.provider.Settings;
 import android.text.TextUtils;
 import android.util.DataUnit;
 
@@ -63,13 +65,23 @@ public LinuxTerminalPreferenceController(@NonNull Context context) {
                         && storageManager.getPrimaryStorageSize() >= STORAGE_MIN_BYTES;
     }
 
+    public boolean mIsInSystemSettings;
+
     // Avoid lazy initialization because this may be called before displayPreference().
     @Override
     public boolean isAvailable() {
         // Check build flag RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES indirectly
         // by checking whether the terminal app is installed.
         // TODO(b/343795511): Add explicitly check for the flag when it's accessible from Java code.
-        return mTerminalPackageName != null && mIsDeviceCapable;
+        boolean res = mTerminalPackageName != null && mIsDeviceCapable;
+
+        if (res && mIsInSystemSettings) {
+            ContentResolver cr = mContext.getContentResolver();
+            String key = Settings.Global.DEVELOPMENT_SETTINGS_ENABLED;
+            res = Settings.Global.getInt(cr, key, 0) == 1;
+        }
+
+        return res;
     }
 
     @Override
diff --git a/src/com/android/settings/system/SystemDashboardFragment.java b/src/com/android/settings/system/SystemDashboardFragment.java
index 678b675e6ad..5cf77efc64e 100644
--- a/src/com/android/settings/system/SystemDashboardFragment.java
+++ b/src/com/android/settings/system/SystemDashboardFragment.java
@@ -16,6 +16,7 @@
 package com.android.settings.system;
 
 import android.app.settings.SettingsEnums;
+import android.content.Context;
 import android.os.Bundle;
 
 import androidx.preference.Preference;
@@ -24,9 +25,14 @@
 
 import com.android.settings.R;
 import com.android.settings.dashboard.DashboardFragment;
+import com.android.settings.development.linuxterminal.LinuxTerminalPreferenceController;
 import com.android.settings.search.BaseSearchIndexProvider;
+import com.android.settingslib.core.AbstractPreferenceController;
 import com.android.settingslib.search.SearchIndexable;
 
+import java.util.ArrayList;
+import java.util.List;
+
 @SearchIndexable
 public class SystemDashboardFragment extends DashboardFragment {
 
@@ -43,6 +49,18 @@ public void onCreate(Bundle icicle) {
         }
     }
 
+    @Override
+    protected List<AbstractPreferenceController> createPreferenceControllers(Context context) {
+        List<AbstractPreferenceController> result = super.createPreferenceControllers(context);
+        if (result == null) {
+            result = new ArrayList<>();
+        }
+        var linuxTerminal = new LinuxTerminalPreferenceController(context);
+        linuxTerminal.mIsInSystemSettings = true;
+        result.add(linuxTerminal);
+        return result;
+    }
+
     @Override
     public int getMetricsCategory() {
         return SettingsEnums.SETTINGS_SYSTEM_CATEGORY;

From 4ef838adea1264667c5fcf577e523eca545c8e34 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Sat, 15 Mar 2025 17:31:33 +0200
Subject: [PATCH 099/117] set distinct UI name for
 override_desktop_mode_features toggle

Both override_desktop_mode_features and enable_freeform_support toggle had the same name UI name:
"Enable freeform windows".
---
 res/xml/development_settings.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/res/xml/development_settings.xml b/res/xml/development_settings.xml
index 25bc062e10c..fe9ef3effee 100644
--- a/res/xml/development_settings.xml
+++ b/res/xml/development_settings.xml
@@ -750,7 +750,7 @@
 
         <SwitchPreferenceCompat
             android:key="override_desktop_mode_features"
-            android:title="@string/enable_desktop_mode" />
+            android:title="Enable desktop mode support" />
 
         <SwitchPreferenceCompat
             android:key="enable_freeform_support"

From cef54751868a7dc065378897b275f49d296df52a Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sun, 27 Apr 2025 22:43:30 -0400
Subject: [PATCH 100/117] simplify PSDS setting post-Qualcomm-removal

---
 .../android/settings/location/GnssPsdsPrefController.java | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/com/android/settings/location/GnssPsdsPrefController.java b/src/com/android/settings/location/GnssPsdsPrefController.java
index 426b29b8fdc..73279f2d23a 100644
--- a/src/com/android/settings/location/GnssPsdsPrefController.java
+++ b/src/com/android/settings/location/GnssPsdsPrefController.java
@@ -43,13 +43,7 @@ public void addPrefsAfterList(RadioButtonPickerFragment2 fragment, PreferenceScr
     @Override
     protected void getEntries(Entries entries) {
         entries.add(R.string.psds_enabled_grapheneos_server, GnssSettings.PSDS_SERVER_GRAPHENEOS);
-        int standardServerString;
-        switch (psdsType) {
-            default:
-                standardServerString = R.string.psds_enabled_standard_server;
-                break;
-        }
-        entries.add(standardServerString, GnssSettings.PSDS_SERVER_STANDARD);
+        entries.add(R.string.psds_enabled_standard_server, GnssSettings.PSDS_SERVER_STANDARD);
         entries.add(R.string.psds_disabled, R.string.psds_disabled_summary, GnssSettings.PSDS_DISABLED);
     }
 }

From 2e4d91c9c2922d8d453b8de7b1531a93d9949048 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Wed, 2 Apr 2025 16:23:18 +0000
Subject: [PATCH 101/117] Set Private Space settings visible to secondary users
 now it's supported

---
 .../privatespace/PrivateSpaceSafetySource.java         | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java b/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java
index b79e42bf330..e4b7eb922c3 100644
--- a/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java
+++ b/src/com/android/settings/privatespace/PrivateSpaceSafetySource.java
@@ -58,10 +58,12 @@ public static void setSafetySourceData(Context context,
             }
         }
 
-        // Check the profile type - we don't want to show this for anything other than primary
-        // user.
-        if (userManager != null && !userManager.isMainUser()) {
-            Log.i(TAG, "setSafetySourceData not main user");
+        // Check the profile type - we don't want to show this for anything other than
+        // primary user and other users that can have private profiles
+        if (userManager != null && !userManager.isMainUser()
+                && !userManager.canHaveProfileOfType(UserManager.USER_TYPE_PROFILE_PRIVATE)) {
+            Log.i(TAG, "setSafetySourceData not main user," +
+                    " or user that can have private profiles");
             return;
         }
 

From 29871d15446cfb2f559165abb1f576de4af7ea22 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Wed, 2 Apr 2025 16:22:14 +0000
Subject: [PATCH 102/117] Update utility methods with some full users
 supporting some profile types

Secondary users now can have private profiles as its nested profile.
---
 src/com/android/settings/Utils.java | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/com/android/settings/Utils.java b/src/com/android/settings/Utils.java
index b3da71e226f..e94593331fe 100644
--- a/src/com/android/settings/Utils.java
+++ b/src/com/android/settings/Utils.java
@@ -431,6 +431,12 @@ public static UserHandle getProfileOfType(
             if (Objects.equals(umUserType, userInfo.userType)) {
                 return profile;
             }
+            if (userType == ProfileType.PERSONAL) {
+                if (userInfo.canHaveProfileOfType(USER_TYPE_PROFILE_PRIVATE)
+                        || userInfo.canHaveProfileOfType(USER_TYPE_PROFILE_MANAGED)) {
+                    return profile;
+                }
+            }
         }
         return null;
     }
@@ -447,6 +453,12 @@ public static boolean doesProfileOfTypeExists(
             if (Objects.equals(umUserType, profile.userType)) {
                 return true;
             }
+            if (userType == ProfileType.PERSONAL) {
+                if (profile.canHaveProfileOfType(USER_TYPE_PROFILE_PRIVATE)
+                        || profile.canHaveProfileOfType(USER_TYPE_PROFILE_MANAGED)) {
+                    return true;
+                }
+            }
         }
         return false;
     }

From 0853970714359f9f01fcd9069b90bde51e5968d1 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Wed, 2 Apr 2025 16:22:53 +0000
Subject: [PATCH 103/117] Update profile selector UI now with other user types
 can have some profile types

Secondary users now can have private profiles as its nested profile.
---
 .../ProfileSelectFragment.java                | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/dashboard/profileselector/ProfileSelectFragment.java b/src/com/android/settings/dashboard/profileselector/ProfileSelectFragment.java
index 270ab9c231e..30227eb43fc 100644
--- a/src/com/android/settings/dashboard/profileselector/ProfileSelectFragment.java
+++ b/src/com/android/settings/dashboard/profileselector/ProfileSelectFragment.java
@@ -238,7 +238,14 @@ int getTabId(Activity activity, Bundle bundle) {
             if (mainUser == null) {
                 mainUser = UserHandle.SYSTEM;
             }
-            final int userId = bundle.getInt(EXTRA_USER_ID, mainUser.getIdentifier());
+            UserHandle activityUser = activity.getUser();
+            final int userIdFallback;
+            if (mainUser.getIdentifier() != activityUser.getIdentifier()) {
+                userIdFallback = activityUser.getIdentifier();
+            } else {
+                userIdFallback = mainUser.getIdentifier();
+            }
+            final int userId = bundle.getInt(EXTRA_USER_ID, userIdFallback);
             final boolean isWorkProfile = UserManager.get(activity).isManagedProfile(userId);
             if (isWorkProfile) {
                 return WORK_TAB;
@@ -354,6 +361,18 @@ private CharSequence getPageTitle(int position) {
                                         userInfo.id,
                                         bundle != null ? bundle.deepCopy() : new Bundle(),
                                         privateFragmentConstructor));
+                        UserInfo parentUserInfo = userInfos.stream()
+                                .filter(info -> info.id == UserHandle.myUserId())
+                                .toList().get(0);
+                        if (!parentUserInfo.isMain() && parentUserInfo.canHaveProfileOfType(
+                                UserManager.USER_TYPE_PROFILE_PRIVATE)) {
+                            fragments.add(0,
+                                    createAndGetFragment(
+                                            ProfileType.PERSONAL,
+                                            parentUserInfo.id,
+                                            bundle != null ? bundle.deepCopy() : new Bundle(),
+                                            personalFragmentConstructor));
+                        }
                     }
                 } else {
                     Log.d(TAG, "Not showing tab for unsupported user " + userInfo);

From 6b6c204650618984e03b6957eb27cbae2e0407f8 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Wed, 26 Mar 2025 14:57:55 +0000
Subject: [PATCH 104/117] Declare IntSettingPrefController#getValue as
 non-final

---
 src/com/android/settings/ext/IntSettingPrefController.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/com/android/settings/ext/IntSettingPrefController.java b/src/com/android/settings/ext/IntSettingPrefController.java
index 1660f54bf0b..5106131a7fb 100644
--- a/src/com/android/settings/ext/IntSettingPrefController.java
+++ b/src/com/android/settings/ext/IntSettingPrefController.java
@@ -30,7 +30,7 @@ public int getAvailabilityStatus() {
     }
 
     @Override
-    protected final int getCurrentValue() {
+    protected int getCurrentValue() {
         return setting.get(mContext);
     }
 

From 604d4dea73595fb0c09da79df207454763ebacac Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Wed, 26 Mar 2025 14:58:36 +0000
Subject: [PATCH 105/117] Settings to toggle cross-profile shared clipboard
 behavior

---
 res/values/strings_ext.xml                    | 17 ++++++
 res/xml/private_space_settings.xml            |  6 ++
 ...PsCrossProfileClipboardAccessPrefCtrl.java | 55 +++++++++++++++++++
 3 files changed, 78 insertions(+)
 create mode 100644 src/com/android/settings/privatespace/users/PsCrossProfileClipboardAccessPrefCtrl.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 5fa65a010c9..9d3d0e81b0f 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -222,4 +222,21 @@ This method can be particularly useful when GNSS is unavailable or unreliable, s
     <string name="network_location_enabled_apple_server">Apple server</string>
     <string name="network_location_disabled">Off</string>
 
+    <string name="cross_profile_clipboard_access_title">Cross-profile shared clipboard</string>
+    <string name="cross_profile_clipboard_access_allow_defaults_title">Follow defaults</string>
+    <string name="cross_profile_clipboard_access_allow_defaults_summary">Allow system defaults sharing the clipboard from and to the parent user and its other child profiles.</string>
+    <string name="cross_profile_clipboard_access_allow_import_defaults_title">Follow import defaults</string>
+    <string name="cross_profile_clipboard_access_allow_import_defaults_summary">Allow system defaults sharing the clipboard from the parent user and its other child profiles.</string>
+    <string name="cross_profile_clipboard_access_allow_export_defaults_title">Follow export defaults</string>
+    <string name="cross_profile_clipboard_access_allow_export_defaults_summary">Allow system defaults sharing the clipboard to the parent user and its other child profiles.</string>
+    <string name="cross_profile_clipboard_access_disallow_title">Disallowed</string>
+    <string name="cross_profile_clipboard_access_disallow_summary">Disallow sharing the clipboard from and to the parent user and its other child profiles.</string>
+    <string name="cross_profile_clipboard_access_footer">This setting provides option for users
+        to allow or disallow sharing clipboard to and from other profiles of the same parent user including itself.
+        Once disallowed, future clipboard content updates between user profiles of the same parent user,
+        such as between private space profile and parent user, or between private space profile and work profile,
+        will not be accessible. Clipboard contents shared with other profiles prior to selecting a
+        stricter options remain accessible until clipboard contents have been updated.
+    </string>
+
 </resources>
diff --git a/res/xml/private_space_settings.xml b/res/xml/private_space_settings.xml
index 3f404d0db6c..7f592ebd40b 100644
--- a/res/xml/private_space_settings.xml
+++ b/res/xml/private_space_settings.xml
@@ -66,6 +66,12 @@
     <PreferenceCategory
         android:title="@string/private_space_category_system">
 
+        <Preference
+            android:key="private_space_cross_profile_clipboard_access_title"
+            android:title="@string/cross_profile_clipboard_access_title"
+            settings:controller="com.android.settings.privatespace.users.PsCrossProfileClipboardAccessPrefCtrl"
+            settings:searchable="false" />
+
         <Preference
             android:key="private_space_delete"
             android:title="@string/private_space_delete_title"
diff --git a/src/com/android/settings/privatespace/users/PsCrossProfileClipboardAccessPrefCtrl.java b/src/com/android/settings/privatespace/users/PsCrossProfileClipboardAccessPrefCtrl.java
new file mode 100644
index 00000000000..666cecf4558
--- /dev/null
+++ b/src/com/android/settings/privatespace/users/PsCrossProfileClipboardAccessPrefCtrl.java
@@ -0,0 +1,55 @@
+package com.android.settings.privatespace.users;
+
+import android.content.Context;
+import android.ext.settings.IntSetting;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+import com.android.settings.privatespace.PrivateSpaceMaintainer;
+
+import static android.ext.settings.CrossProfileClipboardAccessSettings.*;
+
+public class PsCrossProfileClipboardAccessPrefCtrl extends IntSettingPrefController {
+
+
+    public PsCrossProfileClipboardAccessPrefCtrl(Context ctx, String key) {
+        super(ctx, key, CROSS_PROFILE_CLIPBOARD_ACCESS_SETTINGS,
+                PrivateSpaceMaintainer.getInstance(ctx).getPrivateProfileHandle());
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        int r = super.getAvailabilityStatus();
+        if (r == AVAILABLE) {
+            boolean hasPrivateProfile =
+                    PrivateSpaceMaintainer.getInstance(mContext).getPrivateProfileHandle() != null;
+            return hasPrivateProfile ? AVAILABLE : DISABLED_FOR_USER;
+        }
+
+        return r;
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        entries.add(R.string.cross_profile_clipboard_access_allow_defaults_title,
+                R.string.cross_profile_clipboard_access_allow_defaults_summary,
+                FOLLOW_DEFAULT);
+        entries.add(R.string.cross_profile_clipboard_access_allow_import_defaults_title,
+                R.string.cross_profile_clipboard_access_allow_import_defaults_summary,
+                ALLOW_IMPORT_DEFAULTS_ONLY);
+        entries.add(R.string.cross_profile_clipboard_access_allow_export_defaults_title,
+                R.string.cross_profile_clipboard_access_allow_export_defaults_summary,
+                ALLOW_EXPORT_DEFAULTS_ONLY);
+        entries.add(R.string.cross_profile_clipboard_access_disallow_title,
+                R.string.cross_profile_clipboard_access_disallow_summary,
+                BLOCK);
+    }
+
+    @Override
+    public void addPrefsBeforeList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.cross_profile_clipboard_access_footer);
+    }
+}

From 8b379bce0582bf0d2524bf9f6a873b5d3914ab20 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Thu, 15 May 2025 13:14:59 +0000
Subject: [PATCH 106/117] tmp: Disable auto-locking of private profiles for
 secondary users

---
 .../AutoLockPreferenceController.java         | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/com/android/settings/privatespace/autolock/AutoLockPreferenceController.java b/src/com/android/settings/privatespace/autolock/AutoLockPreferenceController.java
index 3416e143d65..64c6daa1623 100644
--- a/src/com/android/settings/privatespace/autolock/AutoLockPreferenceController.java
+++ b/src/com/android/settings/privatespace/autolock/AutoLockPreferenceController.java
@@ -39,6 +39,12 @@ public AutoLockPreferenceController(@NonNull Context context, @NonNull String ke
 
     @Override
     public int getAvailabilityStatus() {
+        // TODO: Add proper support for auto locking for other eligible full users
+        //       that can have private profiles, such as full secondary users, by Android 16.
+        if (getImmutableValue() != null) {
+            return DISABLED_DEPENDENT_SETTING;
+        }
+
         return android.os.Flags.allowPrivateProfile()
                 && android.multiuser.Flags.supportAutolockForPrivateSpace()
                 && android.multiuser.Flags.enablePrivateSpaceFeatures()
@@ -49,6 +55,10 @@ public int getAvailabilityStatus() {
     @NonNull
     @Override
     public CharSequence getSummary() {
+        Integer immutableSettingValue = getImmutableValue();
+        if (immutableSettingValue != null) {
+            return mAutoLockRadioOptions[immutableSettingValue];
+        }
         try {
             return mAutoLockRadioOptions[mPrivateSpaceMaintainer.getPrivateSpaceAutoLockSetting()];
         } catch (ArrayIndexOutOfBoundsException exception) {
@@ -56,4 +66,14 @@ public CharSequence getSummary() {
         }
         return mAutoLockRadioOptions[PrivateSpaceMaintainer.PRIVATE_SPACE_AUTO_LOCK_DEFAULT_VAL];
     }
+
+    @android.provider.Settings.Secure.PrivateSpaceAutoLockOption
+    public Integer getImmutableValue() {
+        // Only disable it being immutable to system user, which is also the main user.
+        if (mContext.getUser().isSystem()) {
+            return null;
+        }
+
+        return android.provider.Settings.Secure.PRIVATE_SPACE_AUTO_LOCK_AFTER_DEVICE_RESTART;
+    }
 }

From 2de26dfe717d0f208c1f088aa0be71b5a658d242 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Wed, 30 Oct 2024 15:14:30 +0000
Subject: [PATCH 107/117] Helper class for Install Available apps feature

---
 .../settings/users/AppCopyFragment.java       |  3 +
 .../users/AppCopyFragmentHelperExt.java       | 69 +++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 src/com/android/settings/users/AppCopyFragmentHelperExt.java

diff --git a/src/com/android/settings/users/AppCopyFragment.java b/src/com/android/settings/users/AppCopyFragment.java
index 858de515ee9..f6cea8e8b48 100644
--- a/src/com/android/settings/users/AppCopyFragment.java
+++ b/src/com/android/settings/users/AppCopyFragment.java
@@ -200,6 +200,9 @@ private void populateApps() {
             if (app.packageName == null) continue;
 
             final AppSwitchPreference p = new AppSwitchPreference(getPrefContext());
+            if (AppCopyFragmentHelperExt.maybeSkipOrModifyAppSwitchPref(this, app, p)) {
+                continue;
+            }
             p.setIcon(app.icon != null ? app.icon.mutate() : null);
             p.setChecked(false);
             p.setTitle(app.appName);
diff --git a/src/com/android/settings/users/AppCopyFragmentHelperExt.java b/src/com/android/settings/users/AppCopyFragmentHelperExt.java
new file mode 100644
index 00000000000..14e8d43c66a
--- /dev/null
+++ b/src/com/android/settings/users/AppCopyFragmentHelperExt.java
@@ -0,0 +1,69 @@
+package com.android.settings.users;
+
+import android.annotation.UserIdInt;
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.os.Bundle;
+import android.os.UserManager;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+
+import com.android.settingslib.users.AppCopyHelper;
+import com.android.settingslib.widget.AppSwitchPreference;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class AppCopyFragmentHelperExt {
+
+    public static final String EXTRA_FOR_PRIVATE_SPACE = "com.android.settings.users.extra.FOR_PRIVATE_SPACE";
+    public static final String EXTRA_SHOW_USER_APPS_ONLY = "com.android.settings.users.extra.SHOW_USER_APPS_ONLY";
+
+    static boolean maybeSkipOrModifyAppSwitchPref(
+            @NonNull AppCopyFragment appCopyFragment,
+            @NonNull AppCopyHelper.SelectableAppInfo selectableAppInfo,
+            @NonNull AppSwitchPreference appSwitchPreference) {
+        Bundle args = appCopyFragment.getArguments();
+        if (args == null) {
+            return false;
+        }
+
+        boolean forPrivateSpace = args.getBoolean(EXTRA_FOR_PRIVATE_SPACE, false);
+        boolean showUserAppsOnly = args.getBoolean(EXTRA_SHOW_USER_APPS_ONLY, false);
+
+        maybeModifyAppSwitchPref(appCopyFragment, selectableAppInfo, appSwitchPreference);
+        if (selectableAppInfo.ext.systemApp()) {
+            if (showUserAppsOnly) {
+                if (!forPrivateSpace || !selectableAppInfo.ext.neededForPrivateProfile()
+                        || !appCopyFragment.mUserManager.getUserInfo(
+                                appCopyFragment.mUser.getIdentifier()).isPrivateProfile()) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    private static void maybeModifyAppSwitchPref(
+            @NonNull AppCopyFragment appCopyFragment,
+            @NonNull AppCopyHelper.SelectableAppInfo selectableAppInfo,
+            @NonNull AppSwitchPreference appSwitchPreference) {
+    }
+
+    public static Bundle appendArgs(
+            @Nullable Bundle bundle, @UserIdInt int userId,
+            boolean forPrivateSpace, boolean showUserAppsOnly) {
+        Bundle res = bundle != null ? bundle : new Bundle();
+        res.putInt(AppCopyFragment.EXTRA_USER_ID, userId);
+        res.putBoolean(EXTRA_FOR_PRIVATE_SPACE, forPrivateSpace);
+        res.putBoolean(EXTRA_SHOW_USER_APPS_ONLY, showUserAppsOnly);
+        return res;
+    }
+
+    private AppCopyFragmentHelperExt() {
+    }
+}

From e0c3100308a84d78cd5031c67d43cb5c8f03468e Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Fri, 27 Dec 2024 14:23:40 +0000
Subject: [PATCH 108/117] Port UI for "Install available apps" to private
 profile

---
 res/xml/private_space_settings.xml            |  7 ++
 .../PrivateSpaceAppCopyPrefController.java    | 99 +++++++++++++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 src/com/android/settings/privatespace/users/PrivateSpaceAppCopyPrefController.java

diff --git a/res/xml/private_space_settings.xml b/res/xml/private_space_settings.xml
index 7f592ebd40b..750540c63ca 100644
--- a/res/xml/private_space_settings.xml
+++ b/res/xml/private_space_settings.xml
@@ -72,6 +72,13 @@
             settings:controller="com.android.settings.privatespace.users.PsCrossProfileClipboardAccessPrefCtrl"
             settings:searchable="false" />
 
+        <Preference
+            android:key="private_space_ext_app_copying"
+            android:title="@string/user_copy_apps_menu_title"
+            settings:controller="com.android.settings.privatespace.users.PrivateSpaceAppCopyPrefController"
+            settings:fragment="com.android.settings.users.AppCopyFragment"
+            settings:searchable="false" />
+
         <Preference
             android:key="private_space_delete"
             android:title="@string/private_space_delete_title"
diff --git a/src/com/android/settings/privatespace/users/PrivateSpaceAppCopyPrefController.java b/src/com/android/settings/privatespace/users/PrivateSpaceAppCopyPrefController.java
new file mode 100644
index 00000000000..9a369eab172
--- /dev/null
+++ b/src/com/android/settings/privatespace/users/PrivateSpaceAppCopyPrefController.java
@@ -0,0 +1,99 @@
+
+package com.android.settings.privatespace.users;
+
+import static com.android.settings.dashboard.DashboardFragment.CATEGORY;
+
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.os.Bundle;
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.text.TextUtils;
+import android.util.Log;
+
+import androidx.preference.Preference;
+
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.core.SubSettingLauncher;
+import com.android.settings.privatespace.PrivateSpaceMaintainer;
+import com.android.settings.users.AppCopyFragmentHelperExt;
+import com.android.settings.users.UserRestrictions;
+
+public class PrivateSpaceAppCopyPrefController extends BasePreferenceController {
+
+    private static final String TAG = "PrivateSpaceAppCopyPrefCtrl";
+
+    private final PrivateSpaceMaintainer privateSpaceMaintainer;
+
+    public PrivateSpaceAppCopyPrefController(Context ctx, String key) {
+        super(ctx, key);
+        privateSpaceMaintainer = PrivateSpaceMaintainer.getInstance(ctx);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        UserHandle privateSpaceUserHandle = privateSpaceMaintainer.getPrivateProfileHandle();
+        if (privateSpaceUserHandle == null) {
+            Log.w(getLogTag(), "No private space user fetched, treating as unavailable");
+            return CONDITIONALLY_UNAVAILABLE;
+        }
+
+        return AVAILABLE;
+    }
+
+    private String getLogTag() {
+        return TAG;
+    }
+
+    @Override
+    public void updateState(Preference preference) {
+        super.updateState(preference);
+        preference.setVisible(isAvailable());
+        UserRestrictions userRestrictions = getUserRestrictions();
+        if (userRestrictions != null) {
+            preference.setEnabled(!userRestrictions.isSet(UserManager.DISALLOW_INSTALL_APPS));
+        }
+    }
+
+    private UserRestrictions getUserRestrictions() {
+        UserHandle privateSpaceUserHandle = privateSpaceMaintainer.getPrivateProfileHandle();
+        if (privateSpaceUserHandle == null) {
+            return null;
+        }
+
+        return UserRestrictions.createInstance(mContext, privateSpaceUserHandle.getIdentifier());
+    }
+
+    @Override
+    public boolean handlePreferenceTreeClick(Preference preference) {
+        if (!TextUtils.equals(preference.getKey(), getPreferenceKey())) {
+            return false;
+        }
+
+        UserHandle privateSpaceUserHandle = privateSpaceMaintainer.getPrivateProfileHandle();
+        if (privateSpaceUserHandle == null) {
+            return false;
+        }
+
+        if (privateSpaceMaintainer.isPrivateSpaceLocked()) {
+            return false;
+        }
+
+        String destName = preference.getFragment();
+        if (destName == null || destName.isEmpty()) {
+            return false;
+        }
+
+        boolean forPrivateSpace = true;
+        boolean showUserAppsOnly = true;
+        final Bundle args = AppCopyFragmentHelperExt.appendArgs(preference.getExtras(),
+                privateSpaceUserHandle.getIdentifier(), forPrivateSpace, showUserAppsOnly);
+
+        new SubSettingLauncher(preference.getContext())
+                .setDestination(destName)
+                .setSourceMetricsCategory(args.getInt(CATEGORY, SettingsEnums.PAGE_UNKNOWN))
+                .setArguments(args)
+                .launch();
+        return true;
+    }
+}

From 0f3142641da4c2b9f9274fcf0fd99c39043b3bd0 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Thu, 24 Oct 2024 11:15:05 +0000
Subject: [PATCH 109/117] fixup! Factor out common code for reading/writing
 UserManager restrictions

---
 .../users/UserAppsInstallSettings.java        | 12 +++--
 .../settings/users/UserDetailsSettings.java   |  2 +-
 .../settings/users/UserRestrictions.java      | 44 +++++++++++++++----
 3 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/src/com/android/settings/users/UserAppsInstallSettings.java b/src/com/android/settings/users/UserAppsInstallSettings.java
index 52312d90f5c..28a787f0385 100644
--- a/src/com/android/settings/users/UserAppsInstallSettings.java
+++ b/src/com/android/settings/users/UserAppsInstallSettings.java
@@ -8,6 +8,7 @@
 import android.os.Bundle;
 import android.os.UserHandle;
 import android.os.UserManager;
+import android.util.Log;
 
 import androidx.preference.Preference;
 import androidx.preference.PreferenceScreen;
@@ -27,6 +28,7 @@
 
 public class UserAppsInstallSettings extends RadioButtonPickerFragment {
 
+    private static final String TAG = "UserAppsInstallSettings";
     private static final String INSTALL_ENABLED = "install_apps_enabled";
     private static final String INSTALL_FIRST_PARTY_ENABLED = "install_apps_first_party_enabled";
     private static final String INSTALL_DISABLED = "install_apps_disabled";
@@ -75,11 +77,13 @@ static String getDescription(Context context, UserRestrictions userRestrictions)
     public void onCreate(Bundle savedInstanceState) {
         Bundle args = requireArguments();
         int userId = args.getInt(EXTRA_USER_ID, UserHandle.USER_NULL);
-
         Context ctx = requireContext();
-        UserManager userManager = ctx.getSystemService(UserManager.class);
-        UserInfo userInfo = userManager.getUserInfo(userId);
-        userRestrictions = new UserRestrictions(userManager, userInfo);
+        userRestrictions = UserRestrictions.createInstance(ctx, userId);
+        if (userRestrictions == null) {
+            Log.w(TAG, "Unable to fetch user info for provided userId");
+            finishFragment();
+            return;
+        }
 
         super.onCreate(savedInstanceState);
     }
diff --git a/src/com/android/settings/users/UserDetailsSettings.java b/src/com/android/settings/users/UserDetailsSettings.java
index d3d4692da50..79b473f8417 100644
--- a/src/com/android/settings/users/UserDetailsSettings.java
+++ b/src/com/android/settings/users/UserDetailsSettings.java
@@ -361,7 +361,7 @@ void initialize(Context context, Bundle arguments) {
         boolean isNewUser =
                 arguments.getBoolean(AppRestrictionsFragment.EXTRA_NEW_USER, false);
         mUserInfo = mUserManager.getUserInfo(userId);
-        userRestrictions = new UserRestrictions(mUserManager, mUserInfo);
+        userRestrictions = UserRestrictions.createInstance(mUserManager, mUserInfo);
 
         mSwitchUserPref = findPreference(KEY_SWITCH_USER);
         mPhonePref = findPreference(KEY_ENABLE_TELEPHONY);
diff --git a/src/com/android/settings/users/UserRestrictions.java b/src/com/android/settings/users/UserRestrictions.java
index 7db3161c201..6ab1b301118 100644
--- a/src/com/android/settings/users/UserRestrictions.java
+++ b/src/com/android/settings/users/UserRestrictions.java
@@ -1,23 +1,51 @@
 package com.android.settings.users;
 
+import android.content.Context;
 import android.content.pm.UserInfo;
 import android.os.Bundle;
-import android.os.UserHandle;
 import android.os.UserManager;
 
-import java.util.List;
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
 
-final class UserRestrictions {
+public final class UserRestrictions {
 
-    final UserManager userManager;
-    final UserInfo userInfo;
+    @NonNull
+    private final UserManager userManager;
+    @NonNull
+    public final UserInfo userInfo;
 
-    UserRestrictions(UserManager userManager, UserInfo userInfo) {
+    @Nullable
+    public static UserRestrictions createInstance(@NonNull Context ctx, int userId) {
+        UserManager userManager = ctx.getSystemService(UserManager.class);
+        if (userManager == null) {
+            return null;
+        }
+
+        return createInstance(userManager, userId);
+    }
+
+    @Nullable
+    public static UserRestrictions createInstance(@NonNull UserManager userManager, int userId) {
+        UserInfo userInfo = userManager.getUserInfo(userId);
+        if (userInfo == null) {
+            return null;
+        }
+
+        return new UserRestrictions(userManager, userInfo);
+    }
+
+    @NonNull
+    public static UserRestrictions createInstance(@NonNull UserManager userManager, @NonNull UserInfo userInfo) {
+        return new UserRestrictions(userManager, userInfo);
+    }
+
+    private UserRestrictions(@NonNull UserManager userManager, @NonNull UserInfo userInfo) {
         this.userManager = userManager;
         this.userInfo = userInfo;
     }
 
-    boolean isSet(String restrictionKey) {
+    public boolean isSet(String restrictionKey) {
         final boolean isSetFromUser = userManager.hasUserRestriction(restrictionKey, userInfo.getUserHandle());
         if (userInfo.isGuest()) {
             return isSetFromUser || userManager.getDefaultGuestRestrictions().getBoolean(restrictionKey);
@@ -26,7 +54,7 @@ boolean isSet(String restrictionKey) {
         return isSetFromUser;
     }
 
-    void set(String restrictionKey, boolean enableRestriction) {
+    public void set(String restrictionKey, boolean enableRestriction) {
         if (userInfo.isGuest()) {
             Bundle defaultGuestRestrictions = userManager.getDefaultGuestRestrictions();
             defaultGuestRestrictions.putBoolean(restrictionKey, enableRestriction);

From bf67e682ba47a2fd9442936c880a268303dc655d Mon Sep 17 00:00:00 2001
From: mrxx0 <0mrxx0@proton.me>
Date: Sat, 15 Mar 2025 14:28:26 +0100
Subject: [PATCH 110/117] add NFC auto-off setting

---
 res/values/strings_ext.xml                    |  3 ++
 res/xml/exploit_protection_settings.xml       |  5 +++
 .../nfc/NfcAutoOffPrefController.java         | 39 +++++++++++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 src/com/android/settings/nfc/NfcAutoOffPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 9d3d0e81b0f..71f368da664 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -93,6 +93,9 @@ No query or data is sent to the server. These files contain orbits and statuses
 There are HTTP, HTTPS, DNS, DNS-over-TLS and DNS-over-HTTPS connectivity checks.
     </string>
 
+    <string name="nfc_auto_off_title">Turn off NFC automatically</string>
+    <string name="nfc_auto_off_footer">If NFC is not used, it will be turned off after the selected timeout.</string>
+
     <string name="wifi_auto_off_title">Turn off Wi-Fi automatically</string>
     <string name="wifi_auto_off_footer">If Wi-Fi is disconnected, it will be turned off after the selected timeout.</string>
 
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 73038bbeded..78c1efca5f9 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -30,6 +30,11 @@
         android:title="@string/bluetooth_auto_off_title"
         settings:controller="com.android.settings.bluetooth.BluetoothAutoOffPrefController"/>
 
+    <Preference
+        android:key="nfc_auto_off"
+        android:title="@string/nfc_auto_off_title"
+        settings:controller="com.android.settings.nfc.NfcAutoOffPrefController"/>
+
     <PreferenceCategory
         android:key="app_exploit_protection_settings"
         android:title="@string/app_exploit_protection_category">
diff --git a/src/com/android/settings/nfc/NfcAutoOffPrefController.java b/src/com/android/settings/nfc/NfcAutoOffPrefController.java
new file mode 100644
index 00000000000..9c4b83d8965
--- /dev/null
+++ b/src/com/android/settings/nfc/NfcAutoOffPrefController.java
@@ -0,0 +1,39 @@
+package com.android.settings.nfc;
+
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.ext.settings.ExtSettings;
+
+import androidx.preference.PreferenceScreen;
+
+import com.android.settings.R;
+import com.android.settings.ext.AutoOffSetting;
+import com.android.settings.ext.IntSettingPrefController;
+import com.android.settings.ext.RadioButtonPickerFragment2;
+
+public class NfcAutoOffPrefController extends IntSettingPrefController {
+
+    public NfcAutoOffPrefController(Context ctx, String key) {
+        super(ctx, key, ExtSettings.NFC_AUTO_OFF);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        int r = super.getAvailabilityStatus();
+        if (r == AVAILABLE) {
+            return mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_NFC) ?
+                    AVAILABLE : UNSUPPORTED_ON_DEVICE;
+        }
+        return r;
+    }
+
+    @Override
+    public void addPrefsBeforeList(RadioButtonPickerFragment2 fragment, PreferenceScreen screen) {
+        addFooterPreference(screen, R.string.nfc_auto_off_footer);
+    }
+
+    @Override
+    protected void getEntries(Entries entries) {
+        AutoOffSetting.getEntries(entries);
+    }
+}
\ No newline at end of file

From 70b1053e16213f82e3fbe8f9e1749b4accf43833 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Sun, 18 May 2025 07:36:05 +0000
Subject: [PATCH 111/117] Revert "Declare IntSettingPrefController#getValue as
 non-final"

This reverts commit 6b6c204650618984e03b6957eb27cbae2e0407f8.
---
 src/com/android/settings/ext/IntSettingPrefController.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/com/android/settings/ext/IntSettingPrefController.java b/src/com/android/settings/ext/IntSettingPrefController.java
index 5106131a7fb..1660f54bf0b 100644
--- a/src/com/android/settings/ext/IntSettingPrefController.java
+++ b/src/com/android/settings/ext/IntSettingPrefController.java
@@ -30,7 +30,7 @@ public int getAvailabilityStatus() {
     }
 
     @Override
-    protected int getCurrentValue() {
+    protected final int getCurrentValue() {
         return setting.get(mContext);
     }
 

From 98e59389746264000737e750ca08e327d0aa1b03 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Sun, 18 May 2025 07:28:49 +0000
Subject: [PATCH 112/117] Support setting specific user for
 IntSettingPrefController

This is needed to set preferences on other profiles from a parent user,
such as Private Space settings configuration, setting settings for
private profile from its parent user.

Comment this line and above once cleanup is being done for rebasing
changes, by adding # as prefix on this line and above.

fixup! add base classes for {Bool,Int}Setting preference controllers
---
 .../settings/ext/IntSettingPrefController.java  | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/ext/IntSettingPrefController.java b/src/com/android/settings/ext/IntSettingPrefController.java
index 1660f54bf0b..11ce3378922 100644
--- a/src/com/android/settings/ext/IntSettingPrefController.java
+++ b/src/com/android/settings/ext/IntSettingPrefController.java
@@ -7,6 +7,7 @@
 
 import android.content.Context;
 import android.ext.settings.IntSetting;
+import android.os.UserHandle;
 
 import androidx.annotation.NonNull;
 import androidx.lifecycle.LifecycleOwner;
@@ -15,13 +16,20 @@ public abstract class IntSettingPrefController extends AbstractListPreferenceCon
         implements ExtSettingPrefController<IntSetting>
 {
     private final IntSetting setting;
+    private final UserHandle user;
 
     private final ExtSettingControllerHelper<IntSetting> helper;
 
     protected IntSettingPrefController(Context ctx, String key, IntSetting setting) {
+        this(ctx, key, setting, ctx.getUser());
+    }
+
+    protected IntSettingPrefController(Context ctx, String key, IntSetting setting, UserHandle user) {
         super(ctx, key);
         this.setting = setting;
-        helper = new ExtSettingControllerHelper(ctx, setting);
+        this.user = user;
+        Context ctxForUser = ctx.getUser().equals(user) ? ctx : ctx.createContextAsUser(user, 0);
+        helper = new ExtSettingControllerHelper<>(ctxForUser, setting);
     }
 
     @Override
@@ -31,11 +39,18 @@ public int getAvailabilityStatus() {
 
     @Override
     protected final int getCurrentValue() {
+        if (!mContext.getUser().equals(user)) {
+            return setting.get(mContext, user.getIdentifier());
+        }
         return setting.get(mContext);
     }
 
     @Override
     protected boolean setValue(int val) {
+        if (!mContext.getUser().equals(user)) {
+            Context ctxForUser = mContext.createContextAsUser(user, 0);
+            return setting.put(ctxForUser, val);
+        }
         return setting.put(mContext, val);
     }
 

From 332af596437eeda8fcfc08a80f6252a475a93af2 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Sun, 18 May 2025 07:32:08 +0000
Subject: [PATCH 113/117] Support setting specific user for
 BoolSettingPrefController

This is needed to set preferences on other profiles from a parent user,
such as Private Space settings configuration, setting settings for
private profile from its parent user.

Comment this line and above once cleanup is being done for rebasing
changes, by adding # as prefix on this line and above.

fixup! add base classes for {Bool,Int}Setting preference controllers
---
 .../settings/ext/BoolSettingPrefController.java | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/com/android/settings/ext/BoolSettingPrefController.java b/src/com/android/settings/ext/BoolSettingPrefController.java
index 00d69fdfd2c..e96faee4c10 100644
--- a/src/com/android/settings/ext/BoolSettingPrefController.java
+++ b/src/com/android/settings/ext/BoolSettingPrefController.java
@@ -8,6 +8,7 @@
 import android.content.Context;
 import android.ext.settings.BoolSetting;
 import android.os.Bundle;
+import android.os.UserHandle;
 
 import androidx.annotation.NonNull;
 import androidx.lifecycle.LifecycleOwner;
@@ -24,12 +25,19 @@
 public class BoolSettingPrefController extends AbstractTogglePrefController
         implements ExtSettingPrefController<BoolSetting> {
     private final BoolSetting setting;
+    private final UserHandle user;
     private final ExtSettingControllerHelper<BoolSetting> helper;
 
     protected BoolSettingPrefController(Context ctx, String key, BoolSetting setting) {
+        this(ctx, key, setting, ctx.getUser());
+    }
+
+    protected BoolSettingPrefController(Context ctx, String key, BoolSetting setting, UserHandle user) {
         super(ctx, key);
-        helper = new ExtSettingControllerHelper(ctx, setting);
         this.setting = setting;
+        this.user = user;
+        Context ctxForUser = ctx.getUser().equals(user) ? ctx : ctx.createContextAsUser(user, 0);
+        helper = new ExtSettingControllerHelper<>(ctxForUser, setting);
     }
 
     @Override
@@ -39,11 +47,18 @@ public int getAvailabilityStatus() {
 
     @Override
     public final boolean isChecked() {
+        if (!mContext.getUser().equals(user)) {
+            return setting.get(mContext, user.getIdentifier());
+        }
         return setting.get(mContext);
     }
 
     @Override
     public boolean setChecked(boolean isChecked) {
+        if (!mContext.getUser().equals(user)) {
+            Context ctxForUser = mContext.createContextAsUser(user, 0);
+            return setting.put(ctxForUser, isChecked);
+        }
         return setting.put(mContext, isChecked);
     }
 

From 285e02c2ec30d1bb98398def7eb56caeac4079f1 Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Sun, 18 May 2025 03:27:16 +0000
Subject: [PATCH 114/117] Settings to toggle disallowing delayed storage
 locking on private profiles

---
 res/values/strings_ext.xml                    |  7 ++++
 res/xml/private_space_settings.xml            |  7 ++++
 ...sDisallowDelayedLockingPrefController.java | 34 +++++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 src/com/android/settings/privatespace/users/PsDisallowDelayedLockingPrefController.java

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 71f368da664..6d78e4fc588 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -242,4 +242,11 @@ This method can be particularly useful when GNSS is unavailable or unreliable, s
         stricter options remain accessible until clipboard contents have been updated.
     </string>
 
+    <string name="ps_disallow_delayed_locking_title">End session immediately on lock</string>
+    <string name="ps_disallow_delayed_locking_description">
+        Disallow delayed locking of storage when stopping or locking the current private profile.
+        This allows locking to work like end session to full secondary users
+        where strong authentication is required to unlock the storage.
+    </string>
+
 </resources>
diff --git a/res/xml/private_space_settings.xml b/res/xml/private_space_settings.xml
index 750540c63ca..1837b87e88c 100644
--- a/res/xml/private_space_settings.xml
+++ b/res/xml/private_space_settings.xml
@@ -79,6 +79,13 @@
             settings:fragment="com.android.settings.users.AppCopyFragment"
             settings:searchable="false" />
 
+        <SwitchPreferenceCompat
+            android:key="private_space_disallow_delayed_locking"
+            android:title="@string/ps_disallow_delayed_locking_title"
+            android:summary="@string/ps_disallow_delayed_locking_description"
+            settings:controller="com.android.settings.privatespace.users.PsDisallowDelayedLockingPrefController"
+            settings:searchable="false" />
+
         <Preference
             android:key="private_space_delete"
             android:title="@string/private_space_delete_title"
diff --git a/src/com/android/settings/privatespace/users/PsDisallowDelayedLockingPrefController.java b/src/com/android/settings/privatespace/users/PsDisallowDelayedLockingPrefController.java
new file mode 100644
index 00000000000..3276fd3d3dc
--- /dev/null
+++ b/src/com/android/settings/privatespace/users/PsDisallowDelayedLockingPrefController.java
@@ -0,0 +1,34 @@
+package com.android.settings.privatespace.users;
+
+import android.content.Context;
+import android.ext.settings.BoolSetting;
+import android.ext.settings.ExtSettings;
+import android.os.UserHandle;
+import android.util.Log;
+
+import androidx.lifecycle.LifecycleOwner;
+
+import com.android.settings.ext.BoolSettingPrefController;
+import com.android.settings.privatespace.PrivateSpaceMaintainer;
+
+public class PsDisallowDelayedLockingPrefController extends BoolSettingPrefController {
+
+    private static final String TAG = "PsDisallowDelayedLockingPrefCtrl";
+
+    public PsDisallowDelayedLockingPrefController(Context ctx, String key) {
+        super(ctx, key, ExtSettings.DISALLOW_DELAYED_LOCKING_ON_USER_STOP,
+                PrivateSpaceMaintainer.getInstance(ctx).getPrivateProfileHandle());
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        PrivateSpaceMaintainer privateSpaceMaintainer = PrivateSpaceMaintainer.getInstance(mContext);
+        UserHandle privateSpaceUserHandle = privateSpaceMaintainer.getPrivateProfileHandle();
+        if (privateSpaceUserHandle == null) {
+            Log.w(TAG, "No private space user fetched, treating as unavailable");
+            return CONDITIONALLY_UNAVAILABLE;
+        }
+
+        return AVAILABLE;
+    }
+}

From c52b451fb6eeec6229110f87b4f914d57e13d13c Mon Sep 17 00:00:00 2001
From: quh4gko8 <88831734+quh4gko8@users.noreply.github.com>
Date: Sun, 18 May 2025 15:12:19 +0000
Subject: [PATCH 115/117] Navigate back when Private Space is locked while in
 configuration UI

---
 .../PrivateSpaceDashboardFragment.java        | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/src/com/android/settings/privatespace/PrivateSpaceDashboardFragment.java b/src/com/android/settings/privatespace/PrivateSpaceDashboardFragment.java
index 906b01b15d4..7e500adaeaa 100644
--- a/src/com/android/settings/privatespace/PrivateSpaceDashboardFragment.java
+++ b/src/com/android/settings/privatespace/PrivateSpaceDashboardFragment.java
@@ -19,6 +19,10 @@
 import static com.android.settings.privatespace.PrivateSpaceAuthenticationActivity.EXTRA_SHOW_PRIVATE_SPACE_UNLOCKED;
 
 import android.app.settings.SettingsEnums;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
 import android.graphics.drawable.Drawable;
 import android.os.Bundle;
 import android.util.Log;
@@ -31,6 +35,21 @@
 public class PrivateSpaceDashboardFragment extends DashboardFragment {
     private static final String TAG = "PSDashboardFragment";
 
+    private final BroadcastReceiver mBroadcastReceiver =
+            new BroadcastReceiver() {
+                @Override
+                public void onReceive(Context context, Intent intent) {
+                    if (intent == null) {
+                        return;
+                    }
+                    String action = intent.getAction();
+                    if (Intent.ACTION_PROFILE_INACCESSIBLE.equals(action)
+                            || Intent.ACTION_PROFILE_UNAVAILABLE.equals(action)) {
+                        finishAndRemoveTaskIfLocked();
+                    }
+                }
+            };
+
     @Override
     public void onCreate(Bundle icicle) {
         if (android.os.Flags.allowPrivateProfile()
@@ -55,6 +74,25 @@ && getIntent().getBooleanExtra(EXTRA_SHOW_PRIVATE_SPACE_UNLOCKED, false)) {
     @Override
     public void onStart() {
         super.onStart();
+        finishAndRemoveTaskIfLocked();
+    }
+
+    @Override
+    public void onPause() {
+        super.onPause();
+        getActivity().unregisterReceiver(mBroadcastReceiver);
+    }
+
+    @Override
+    public void onResume() {
+        super.onResume();
+        final IntentFilter intentFilter = new IntentFilter();
+        intentFilter.addAction(Intent.ACTION_PROFILE_UNAVAILABLE);
+        intentFilter.addAction(Intent.ACTION_PROFILE_INACCESSIBLE);
+        getActivity().registerReceiver(mBroadcastReceiver, intentFilter);
+    }
+
+    private void finishAndRemoveTaskIfLocked() {
         if (PrivateSpaceMaintainer.getInstance(getContext()).isPrivateSpaceLocked()) {
             // To make sure the task is removed if it is the last activity in that stack.
             getActivity().finishAndRemoveTask();

From d4ee8a48c3ccf3112fc6b42bc8499aaa2de0cabe Mon Sep 17 00:00:00 2001
From: FID02 <99329251+FID02@users.noreply.github.com>
Date: Tue, 20 May 2025 10:58:22 +0200
Subject: [PATCH 116/117] fix typos in "Cross-profile shared clipboard"
 settings UI

---
 res/values/strings_ext.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/res/values/strings_ext.xml b/res/values/strings_ext.xml
index 6d78e4fc588..1ee444582d8 100644
--- a/res/values/strings_ext.xml
+++ b/res/values/strings_ext.xml
@@ -234,12 +234,12 @@ This method can be particularly useful when GNSS is unavailable or unreliable, s
     <string name="cross_profile_clipboard_access_allow_export_defaults_summary">Allow system defaults sharing the clipboard to the parent user and its other child profiles.</string>
     <string name="cross_profile_clipboard_access_disallow_title">Disallowed</string>
     <string name="cross_profile_clipboard_access_disallow_summary">Disallow sharing the clipboard from and to the parent user and its other child profiles.</string>
-    <string name="cross_profile_clipboard_access_footer">This setting provides option for users
+    <string name="cross_profile_clipboard_access_footer">This setting provides an option for users
         to allow or disallow sharing clipboard to and from other profiles of the same parent user including itself.
         Once disallowed, future clipboard content updates between user profiles of the same parent user,
         such as between private space profile and parent user, or between private space profile and work profile,
         will not be accessible. Clipboard contents shared with other profiles prior to selecting a
-        stricter options remain accessible until clipboard contents have been updated.
+        stricter option remain accessible until clipboard contents have been updated.
     </string>
 
     <string name="ps_disallow_delayed_locking_title">End session immediately on lock</string>

From 0dbd8e208ea7871ef1404c8450f264b2c1c34bea Mon Sep 17 00:00:00 2001
From: CipherTreat <pissthreat@pissmail.com>
Date: Tue, 27 May 2025 18:47:18 +0000
Subject: [PATCH 117/117] Added motion lock settings

Added motion lock settings implementation

del empty line
---
 res/values/arrays.xml                         | 13 +++
 res/values/strings.xml                        | 11 +++
 res/xml/exploit_protection_settings.xml       |  8 +-
 res/xml/motion_lock_sensitivity_settings.xml  | 26 +++++
 .../security/MotionLockConstants.java         |  8 ++
 .../security/MotionLockEnabledController.java | 38 ++++++++
 .../security/MotionLockPrefController.java    | 17 ++++
 .../security/MotionLockSensitivity.java       | 11 +++
 .../MotionLockSensitivityController.java      | 82 ++++++++++++++++
 .../MotionLockSensitivityFragment.java        | 94 +++++++++++++++++++
 .../settings/security/MotionLockState.java    | 10 ++
 11 files changed, 317 insertions(+), 1 deletion(-)
 create mode 100644 res/xml/motion_lock_sensitivity_settings.xml
 create mode 100644 src/com/android/settings/security/MotionLockConstants.java
 create mode 100644 src/com/android/settings/security/MotionLockEnabledController.java
 create mode 100644 src/com/android/settings/security/MotionLockPrefController.java
 create mode 100644 src/com/android/settings/security/MotionLockSensitivity.java
 create mode 100644 src/com/android/settings/security/MotionLockSensitivityController.java
 create mode 100644 src/com/android/settings/security/MotionLockSensitivityFragment.java
 create mode 100644 src/com/android/settings/security/MotionLockState.java

diff --git a/res/values/arrays.xml b/res/values/arrays.xml
index 88e67c476dc..049fa957d35 100644
--- a/res/values/arrays.xml
+++ b/res/values/arrays.xml
@@ -1634,4 +1634,17 @@
     </string-array>
     <string-array name="fingerprint_acquired_vendor" />
 
+    <!-- Motion Lock Sensitivity Options -->
+    <string-array name="motion_lock_sensitivity_entries">
+        <item>@string/motion_lock_sensitivity_low</item>
+        <item>@string/motion_lock_sensitivity_medium</item>
+        <item>@string/motion_lock_sensitivity_high</item>
+    </string-array>
+
+    <string-array name="motion_lock_sensitivity_values" translatable="false">
+        <item>0</item>
+        <item>1</item>
+        <item>2</item>
+    </string-array>
+
 </resources>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index c9fc0053471..f04652111aa 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -13983,4 +13983,15 @@
 
     <string name="battery_share_description">Charge other devices by placing them on the back of your phone</string>
     <string name="battery_share">Battery share</string>
+    
+    <!-- Motion Lock setting strings -->
+    <string name="motion_lock_summary">Lock your device when significant motion is detected</string>
+    <string name="motion_lock_title">Motion Lock</string>
+    <string name="motion_lock_enabled_summary">Enable or disable motion lock feature.</string>
+    <string name="motion_lock_enabled_title">Motion Lock Enabled</string>
+    <string name="motion_lock_sensitivity_low">Low</string>
+    <string name="motion_lock_sensitivity_medium">Medium</string>
+    <string name="motion_lock_sensitivity_high">High</string>
+    <string name="motion_lock_sensitivity_title">Sensitivity</string>
+    <string name="motion_lock_sensitivity_footer">Adjust the sensitivity for Motion Lock detection.\nPlease note that this feature may cause accidental screen locks.</string>
 </resources>
diff --git a/res/xml/exploit_protection_settings.xml b/res/xml/exploit_protection_settings.xml
index 78c1efca5f9..a29cc7d0498 100644
--- a/res/xml/exploit_protection_settings.xml
+++ b/res/xml/exploit_protection_settings.xml
@@ -34,6 +34,12 @@
         android:key="nfc_auto_off"
         android:title="@string/nfc_auto_off_title"
         settings:controller="com.android.settings.nfc.NfcAutoOffPrefController"/>
+    <Preference
+        android:key="motion_lock"
+        android:title="@string/motion_lock_title"
+        android:summary="@string/motion_lock_summary"
+        android:fragment="com.android.settings.security.MotionLockSensitivityFragment"
+        settings:controller="com.android.settings.security.MotionLockPrefController" />
 
     <PreferenceCategory
         android:key="app_exploit_protection_settings"
@@ -109,7 +115,7 @@
             android:title="@string/exec_spawning_title"
             android:fragment="com.android.settings.security.ExecSpawningFragment"
             settings:controller="com.android.settings.security.ExecSpawningPrefController" />
-
+        
     </PreferenceCategory>
 
 </PreferenceScreen>
diff --git a/res/xml/motion_lock_sensitivity_settings.xml b/res/xml/motion_lock_sensitivity_settings.xml
new file mode 100644
index 00000000000..0daafb135a6
--- /dev/null
+++ b/res/xml/motion_lock_sensitivity_settings.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto"
+    android:title="@string/motion_lock_title" 
+    android:key="motion_lock_sensitivity_screen">
+
+    <com.android.settingslib.widget.MainSwitchPreference
+        android:key="motion_lock_enabled"
+        android:title="@string/motion_lock_enabled_title"
+        android:summary="@string/motion_lock_enabled_summary"
+        android:defaultValue="false" />
+
+    <ListPreference
+        android:key="motion_lock_sensitivity"
+        android:title="@string/motion_lock_sensitivity_title" 
+        android:summary="%s"
+        android:entries="@array/motion_lock_sensitivity_entries"
+        android:entryValues="@array/motion_lock_sensitivity_values"
+        android:dependency="motion_lock_enabled"
+        android:defaultValue="1" /> 
+
+    <com.android.settingslib.widget.FooterPreference
+        android:key="motion_lock_footer"
+        android:title="@string/motion_lock_sensitivity_footer" />
+
+</PreferenceScreen>
\ No newline at end of file
diff --git a/src/com/android/settings/security/MotionLockConstants.java b/src/com/android/settings/security/MotionLockConstants.java
new file mode 100644
index 00000000000..79c872d9b46
--- /dev/null
+++ b/src/com/android/settings/security/MotionLockConstants.java
@@ -0,0 +1,8 @@
+package com.android.settings.security;
+
+public class MotionLockConstants {
+    public static final String PREF_ENABLED = "motion_lock_enabled";
+    public static final String SETTING_ENABLED = "motion_lock_enabled_setting";
+    public static final String KEY_MOTION_LOCK_SENSITIVITY = "motion_lock_sensitivity";
+    public static final int DEFAULT_SENSITIVITY = 1; // MEDIUM
+}
\ No newline at end of file
diff --git a/src/com/android/settings/security/MotionLockEnabledController.java b/src/com/android/settings/security/MotionLockEnabledController.java
new file mode 100644
index 00000000000..a51d453bd0c
--- /dev/null
+++ b/src/com/android/settings/security/MotionLockEnabledController.java
@@ -0,0 +1,38 @@
+package com.android.settings.security;
+
+import android.content.Context;
+import android.provider.Settings;
+import com.android.settings.core.TogglePreferenceController;
+import android.os.UserHandle;
+import android.os.UserManager;
+import com.android.settings.R;
+
+public class MotionLockEnabledController extends TogglePreferenceController {
+    private static final String KEY = "motion_lock_enabled";
+
+    public MotionLockEnabledController(Context context) {
+        super(context, KEY);
+    }
+
+    @Override
+    public boolean isChecked() {
+        return Settings.Secure.getIntForUser(mContext.getContentResolver(), KEY, 0, UserHandle.USER_SYSTEM) == 1;
+    }
+
+    @Override
+    public boolean setChecked(boolean isChecked) {
+        return Settings.Secure.putIntForUser(mContext.getContentResolver(), KEY, isChecked ? 1 : 0, UserHandle.USER_SYSTEM);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        UserManager userManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
+        // Only available to system user
+        return (UserHandle.myUserId() == UserHandle.USER_SYSTEM) ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
+    }
+
+    @Override
+    public int getSliceHighlightMenuRes() {
+        return R.string.menu_key_security;
+    }
+} 
\ No newline at end of file
diff --git a/src/com/android/settings/security/MotionLockPrefController.java b/src/com/android/settings/security/MotionLockPrefController.java
new file mode 100644
index 00000000000..8ed7c69c8f1
--- /dev/null
+++ b/src/com/android/settings/security/MotionLockPrefController.java
@@ -0,0 +1,17 @@
+package com.android.settings.security;
+
+import android.content.Context;
+import com.android.settings.core.BasePreferenceController;
+import android.os.UserHandle;
+
+public class MotionLockPrefController extends BasePreferenceController {
+    public MotionLockPrefController(Context context, String key) {
+        super(context, key);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        // Only available to system user
+        return (UserHandle.myUserId() == UserHandle.USER_SYSTEM) ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
+    }
+} 
\ No newline at end of file
diff --git a/src/com/android/settings/security/MotionLockSensitivity.java b/src/com/android/settings/security/MotionLockSensitivity.java
new file mode 100644
index 00000000000..ad419359a36
--- /dev/null
+++ b/src/com/android/settings/security/MotionLockSensitivity.java
@@ -0,0 +1,11 @@
+package com.android.settings.security;
+
+public class MotionLockSensitivity {
+    public static final int LOW = 0;
+    public static final int MEDIUM = 1;
+    public static final int HIGH = 2;
+
+    private MotionLockSensitivity() {
+        // Prevent instantiation
+    }
+} 
\ No newline at end of file
diff --git a/src/com/android/settings/security/MotionLockSensitivityController.java b/src/com/android/settings/security/MotionLockSensitivityController.java
new file mode 100644
index 00000000000..d3518446dbc
--- /dev/null
+++ b/src/com/android/settings/security/MotionLockSensitivityController.java
@@ -0,0 +1,82 @@
+package com.android.settings.security;
+
+import android.content.Context;
+import android.provider.Settings;
+import androidx.preference.ListPreference;
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settings.R;
+import com.android.settings.security.MotionLockConstants;
+import com.android.settings.security.MotionLockSensitivity;
+import android.os.UserHandle;
+import android.os.UserManager;
+
+public class MotionLockSensitivityController extends BasePreferenceController
+        implements PreferenceControllerMixin, Preference.OnPreferenceChangeListener {
+    private static final String KEY = "motion_lock_sensitivity";
+    private final MotionLockSensitivityFragment mFragment;
+
+    public MotionLockSensitivityController(Context context, MotionLockSensitivityFragment fragment) {
+        super(context, KEY);
+        mFragment = fragment;
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        UserManager userManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
+        // Only available to system user
+        return (UserHandle.myUserId() == UserHandle.USER_SYSTEM) ? AVAILABLE : UNSUPPORTED_ON_DEVICE;
+    }
+
+    @Override
+    public void displayPreference(PreferenceScreen screen) {
+        super.displayPreference(screen);
+        ListPreference preference = screen.findPreference(getPreferenceKey());
+        if (preference != null) {
+            preference.setEntries(R.array.motion_lock_sensitivity_entries);
+            preference.setEntryValues(R.array.motion_lock_sensitivity_values);
+            updateState(preference);
+        }
+    }
+
+    @Override
+    public void updateState(Preference preference) {
+        if (preference instanceof ListPreference) {
+            int value = Settings.Secure.getInt(mContext.getContentResolver(),
+                    MotionLockConstants.KEY_MOTION_LOCK_SENSITIVITY,
+                    MotionLockConstants.DEFAULT_SENSITIVITY);
+            
+            ListPreference listPreference = (ListPreference) preference;
+            listPreference.setValue(String.valueOf(value));
+            listPreference.setSummary(getSummaryForSensitivity(value));
+        }
+    }
+
+    @Override
+    public boolean onPreferenceChange(Preference preference, Object newValue) {
+        if (preference instanceof ListPreference) {
+            String value = (String) newValue;
+            Settings.Secure.putInt(mContext.getContentResolver(),
+                    MotionLockConstants.KEY_MOTION_LOCK_SENSITIVITY,
+                    Integer.parseInt(value));
+            updateState(preference);
+            return true;
+        }
+        return false;
+    }
+
+    private String getSummaryForSensitivity(int sensitivity) {
+        switch (sensitivity) {
+            case MotionLockSensitivity.LOW:
+                return mContext.getString(R.string.motion_lock_sensitivity_low);
+            case MotionLockSensitivity.MEDIUM:
+                return mContext.getString(R.string.motion_lock_sensitivity_medium);
+            case MotionLockSensitivity.HIGH:
+                return mContext.getString(R.string.motion_lock_sensitivity_high);
+            default:
+                return mContext.getString(R.string.motion_lock_sensitivity_medium);
+        }
+    }
+} 
\ No newline at end of file
diff --git a/src/com/android/settings/security/MotionLockSensitivityFragment.java b/src/com/android/settings/security/MotionLockSensitivityFragment.java
new file mode 100644
index 00000000000..4818af946b8
--- /dev/null
+++ b/src/com/android/settings/security/MotionLockSensitivityFragment.java
@@ -0,0 +1,94 @@
+package com.android.settings.security;
+
+import android.content.Context;
+import android.os.Bundle;
+import android.provider.Settings;
+import androidx.preference.ListPreference;
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+import com.android.settings.R;
+import com.android.settings.core.BasePreferenceController;
+import com.android.settings.core.PreferenceControllerMixin;
+import com.android.settings.dashboard.DashboardFragment;
+import com.android.settingslib.core.AbstractPreferenceController;
+import com.android.settingslib.core.lifecycle.Lifecycle;
+import com.android.settingslib.core.lifecycle.LifecycleObserver;
+import com.android.settingslib.core.lifecycle.events.OnCreate;
+import com.android.settingslib.core.lifecycle.events.OnResume;
+import com.android.settingslib.core.lifecycle.events.OnSaveInstanceState;
+import com.android.settingslib.core.lifecycle.events.OnStart;
+import com.android.settingslib.core.lifecycle.events.OnStop;
+import com.android.settingslib.widget.FooterPreference;
+import java.util.ArrayList;
+import java.util.List;
+import com.android.settings.security.MotionLockConstants;
+import com.android.settings.security.MotionLockSensitivity;
+import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
+
+public class MotionLockSensitivityFragment extends DashboardFragment {
+    private static final String TAG = "MotionLockSensitivityFragment";
+    private static final String KEY_MOTION_LOCK_SENSITIVITY = "motion_lock_sensitivity";
+    private static final String KEY_MOTION_LOCK_FOOTER = "motion_lock_footer";
+
+    private ListPreference mSensitivityPreference;
+    private FooterPreference mFooterPreference;
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        // No manual preference addition; rely on XML
+    }
+
+    private void loadSettings() {
+        final Context context = getContext();
+        if (context == null) return;
+
+        // Load sensitivity
+        final int value = Settings.Secure.getInt(context.getContentResolver(),
+                MotionLockConstants.KEY_MOTION_LOCK_SENSITIVITY,
+                MotionLockSensitivity.MEDIUM);
+        updateSensitivitySummary(value);
+    }
+
+    private void updateSensitivitySummary(int sensitivity) {
+        if (mSensitivityPreference == null) return;
+
+        String[] entries = getResources().getStringArray(R.array.motion_lock_sensitivity_entries);
+        String[] values = getResources().getStringArray(R.array.motion_lock_sensitivity_values);
+        for (int i = 0; i < values.length; i++) {
+            if (Integer.parseInt(values[i]) == sensitivity) {
+                mSensitivityPreference.setValue(values[i]);
+                mSensitivityPreference.setSummary(entries[i]);
+                break;
+            }
+        }
+    }
+
+    @Override
+    protected int getPreferenceScreenResId() {
+        return R.xml.motion_lock_sensitivity_settings;
+    }
+
+    @Override
+    protected String getLogTag() {
+        return TAG;
+    }
+
+    @Override
+    protected List<AbstractPreferenceController> createPreferenceControllers(Context context) {
+        return buildPreferenceControllers(context, this, getSettingsLifecycle());
+    }
+
+    private static List<AbstractPreferenceController> buildPreferenceControllers(
+            Context context, MotionLockSensitivityFragment fragment, Lifecycle lifecycle) {
+        final List<AbstractPreferenceController> controllers = new ArrayList<>();
+        controllers.add(new MotionLockEnabledController(context));
+        controllers.add(new MotionLockSensitivityController(context, fragment));
+        return controllers;
+    }
+
+    @Override
+    public int getMetricsCategory() {
+        return MetricsEvent.SECURITY;
+    }
+} 
\ No newline at end of file
diff --git a/src/com/android/settings/security/MotionLockState.java b/src/com/android/settings/security/MotionLockState.java
new file mode 100644
index 00000000000..24d71c34204
--- /dev/null
+++ b/src/com/android/settings/security/MotionLockState.java
@@ -0,0 +1,10 @@
+package com.android.settings.security;
+
+public class MotionLockState {
+    public static final int DISABLED = 0;
+    public static final int ENABLED = 1;
+ 
+    private MotionLockState() {
+        // Prevent instantiation
+    }
+} 
\ No newline at end of file