Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Work app store #2553

Open
wants to merge 82 commits into
base: master
Choose a base branch
from
Open

Work app store #2553

wants to merge 82 commits into from

Conversation

fynngodau
Copy link
Contributor

@fynngodau fynngodau commented Sep 22, 2024
edited
Loading

Supersedes and contains #2500. Supersedes and contains #2521.

Allows users to download apps to their work profile using the special vending component "Work app store". This component is disabled, and enabled only when a work profile is added (which in turn can only be done by a device or profile admin).

Yet to do:

  • rewrite download code for components (Implement SplitInstallService #2500 (comment))
    • don't allocate RAM for the entire download
    • download directly to installer session
  • add meaningful progress information
    • to store app
    • while downloading in the background through store app
    • while splitinstalling
  • determine and verify meaning of policy field in /getEnterpriseClientPolicy
  • test additional dpc services
  • show Work app store only after adding work account
  • automatic dependency installation (i.e. installing Google Chrome), see https://gitlab.com/AuroraOSS/AuroraStore/-/issues/346)
  • acquire user consent before provisioning work account → new settings screen in microG UI, is shared across accounts (note that custom ROM vendors are expected to grant microG the INTERACT_ACROSS_USERS permission for this)
  • automatically install / remove apps on demand of dpc controller → for future investigations

Mostly up-to-date screenshot:

Screenshot_1727017306

DaVinci9196 and others added 30 commits August 19, 2024 19:22
@DaVinci9196
SplitInstallService Additions
34ccbe2
@DaVinci9196
add permission
5e6f01e
@DaVinci9196
ISplitInstallServiceCallback added
1962f33
@DaVinci9196
remove Phenotype / Experiment
c9bfbc0
@DaVinci9196
Merge branch 'microg:master' into split_install_service
796c3ab
@DaVinci9196
Optimizing the code
e8a0058
@DaVinci9196
SplitInstallService add call super.onBind
b8d2b20
@DaVinci9196
Fixed the issue that multiple versions of language packs could not be…
6cdd488 
… downloaded
@DaVinci9196
Formatting Code
36651db
@DaVinci9196
Formatting Code
ff837d9
@DaVinci9196
Execute processing suggestions
8a68044
@DaVinci9196
cleanup
5a9f1b3
@mar-v-in @fynngodau
Location/Huawei: Fix permission notification cancelling
7df6f93
@DaVinci9196 @mar-v-in @fynngodau
Added the automatic login function for Games (microg#2435)
bc57d78 
Co-authored-by: Marvin W <[email protected]>
@mar-v-in @fynngodau
Location: Make sure current interval and configured interval stay in …
a7a2584 
…sync
@fynngodau
Create Work Account service
c5b7383
@jonathanklee @fynngodau
Introduce WorkAccountAuthenticatorService
686ab6d
@fynngodau
Work account POC
96e6b0c
@fynngodau
Work profile: use correct AIDL
7f4f252
@fynngodau
Call account creation when app is using API to create work account
762fa53
@fynngodau
Work account: Fix rough edges
999e1d3
@fynngodau
Work account: Add security checks
3af3991 
Verify that work accounts are only added by device owners or profile
owners.

For instance, Microsoft Intune will create a work profile (moving itself
to the work profile in the process) before using the work account servce
to create a work account, so at that point it will already be profile
owner. Apps that are not the profile owner will subsequently not be able
to disable the work account authenticator or remove the work account.
The personal account would not have an owner and thus no application
could enable the work account provider there.
@fynngodau
Work account: Redeem token when signing in to account
5e2c9d3
@fynngodau
Add license identifiers and remove unwanted changes
3128c06
@fynngodau
Work account: Fix NewApi lint failure
30f4858
@fynngodau
Deduplicate work account service declaration
482038a
@fynngodau
POC: Test activity in companion app to show client policy
5a39c65
@fynngodau
Improve visuals of vending activity
0db6eed
@fynngodau
Fetch bulk details for apps retrieved from policy
c621098 
Nonfunctional attempt.
@fynngodau
Load app details using getItems
1e17cc1
@Uldiniad
Copy link
Contributor

Hi, was wondering if there'd be any use for classes like https://review.calyxos.org/c/CalyxOS/platform_external_microg_GmsCore/+/33556/3/play-services-auth/src/main/java/com/google/android/gms/auth/account/WorkAccountApi.java ?

@Iey4iej3
Copy link

Split Install Service is also used outside "work app store", without it some apps may not be able to download the necessary components so I think it should have priority in my opinion.

Why not split it (the rewritten one) in a separate PR so it can be merged in less time?

Agree with this.

@ale5000-git ale5000-git mentioned this pull request Feb 16, 2025
Open
@fynngodau
Copy link
Contributor Author

Hi, was wondering if there'd be any use for classes like https://review.calyxos.org/c/CalyxOS/platform_external_microg_GmsCore/+/33556/3/play-services-auth/src/main/java/com/google/android/gms/auth/account/WorkAccountApi.java ?

@Uldiniad As far as I can tell, these classes from https://developers.google.com/android/reference/com/google/android/gms/auth/account/WorkAccount are used as an interface for the consumer of the DPC controller library, aren't they? I don't think we need to implement those in microG, as they seem not to be part of the library-to-GMS API.

@DaVinci9196 DaVinci9196 mentioned this pull request Feb 28, 2025
Closed
fynngodau added 6 commits March 6, 2025 12:09
@fynngodau
Transfer settings provider URI from primary to work profile
63c8154
@fynngodau
Fix too long app name pushing out icons
9ff41af
@fynngodau
Dependency installation (experimental)
0ae381d
@fynngodau
Send URI as response data rather than activity creation data
c2732da 
URI is only rewritten to reference the correct user ID (to become
`content://[email protected]`) if it is set to an
response intent's data, not if it is data of an intent that creates an
activity cross-profile. (Suspected platform bug.)
@fynngodau
Improve documentation
a85efb1
@fynngodau
Create request activity even outside of activity contexts
423f762
@mar-v-in mar-v-in removed this from the 0.3.7 milestone Mar 12, 2025
@fynngodau fynngodau requested a review from jonathanklee March 20, 2025 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ale5000-git ale5000-git ale5000-git left review comments

@lucasmz-dev lucasmz-dev lucasmz-dev left review comments

@jonathanklee jonathanklee Awaiting requested review from jonathanklee

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@fynngodau @ale5000-git @DaVinci9196 @mar-v-in @Uldiniad @Iey4iej3 @jonathanklee @lucasmz-dev