Work app store #2553
Work app store #2553
Conversation
Co-authored-by: Marvin W <[email protected]>
Verify that work accounts are only added by device owners or profile owners. For instance, Microsoft Intune will create a work profile (moving itself to the work profile in the process) before using the work account servce to create a work account, so at that point it will already be profile owner. Apps that are not the profile owner will subsequently not be able to disable the work account authenticator or remove the work account. The personal account would not have an owner and thus no application could enable the work account provider there.
Nonfunctional attempt.
Allows downloading large applications
* reduces temporary storage usage * speeds up installation by a little bit
fynngodau
force-pushed
the
workaccount-store
branch
from
0f64199 to
09acd1a
Compare
Storage leaks can still happen if session commits have errors (for instance, because the device was shutdown during installation), as those sessions can still be reopened and retried according to docs. However, we may expect all dangling sessions to be cleared after a certain timespan in the magnitude of a day.
|
@fynngodau Can the download and notification process of game sub-packages be incorporated into this project? The corresponding functions have been implemented in #2506. |
|
@DaVinci9196 That would be beneficial, though I will not incorporate another PR into this one as it is already quite large. |
Auth files are now moved to `play-services-base-core` so they can be accessed by other the workaccount module.
Purchasing before downloading seems to be necessary in at least some cases for work profiles as well.
Support unexpected scenarios spotted in the wild on a best-effort basis: * Enterprise policies with apps missing policy fields * App not downloading due to not being purchased
| // Purchase app (only needs to be done once, in theory) | ||
| val parameters = mapOf( | ||
| "ot" to "1", | ||
| "doc" to app.packageName, | ||
| "vc" to app.versionCode.toString() | ||
| ) | ||
| client.post( | ||
| url = URL_PURCHASE, | ||
| headers = buildRequestHeaders(auth!!.authToken, auth!!.gsfId.toLong(16)), | ||
| params = parameters, | ||
| adapter = GoogleApiResponse.ADAPTER | ||
| ) |
There was a problem hiding this comment.
@fynngodau
I don't know the code enough but does it check the microG option before purchase?
There was a problem hiding this comment.
That wouldn't make sense to me, as this is neither in-app billing nor during an app license check.
There was a problem hiding this comment.
@fynngodau
If the existing option doesn't apply, I think we should add a new one, since anything that causes contact with a remote server (and thus potentially reduces privacy) should be able to be disabled by the user.
...rc/main/kotlin/com/google/android/gms/auth/account/authenticator/WorkAccountAuthenticator.kt
Outdated
Show resolved
Hide resolved
vending-app/src/main/java/org/microg/vending/ui/VendingActivity.kt
Outdated
Show resolved
Hide resolved
vending-app/src/main/java/org/microg/vending/ui/VendingActivity.kt
Outdated
Show resolved
Hide resolved
fynngodau
force-pushed
the
workaccount-store
branch
from
52559d4 to
04afa56
Compare
|
The PR is getting huge and there are still some issues with split install (can cause repeated downloads resulting in a lot of data usage). To get 0.3.6 out before Christmas, I moved this to 0.3.7. I'll see if we can split this up again and make sure that all the good code can land in 0.3.7 in January. |
|
Split Install Service is also used outside "work app store", without it some apps may not be able to download the necessary components so I think it should have priority in my opinion. Why not split it (the rewritten one) in a separate PR so it can be merged in less time? |
|
Hi, was wondering if there'd be any use for classes like https://review.calyxos.org/c/CalyxOS/platform_external_microg_GmsCore/+/33556/3/play-services-auth/src/main/java/com/google/android/gms/auth/account/WorkAccountApi.java ? |
Supersedes and contains #2500. Supersedes and contains #2521.
Allows users to download apps to their work profile using the special vending component "Work app store". This component is disabled, and enabled only when a work profile is added (which in turn can only be done by a device or profile admin).
Yet to do:
/getEnterpriseClientPolicyCurrent screenshot: