platform_frameworks_base icon indicating copy to clipboard operation
platform_frameworks_base copied to clipboard
verified publisher icon GrapheneOS

add optional installation of play apps into work profile

Open mkg20001 opened this issue 1 year ago • 1 comments

continuation of https://github.com/GrapheneOS/platform_frameworks_base-old/pull/559

mkg20001 avatar Sep 11 '24 15:09 mkg20001

The commit f9ebbcd (#4) can already be merged as-is. It adds REQUEST_INSTALL_PACKAGES to GmsCore so it can install Android Device Policy apk when adding a work profile (for whatever reason that's done through GmsCore and not play store)

I'm still working on this, but the changes are in gapps-work-profile-wip. Once they work I'll push them to this branch aswell. I'm keeping the working version arround in this pr so people can try it / hack on it.

mkg20001 avatar Sep 16 '24 19:09 mkg20001

Keeping this all tied in, two threads that could potentially benefit from this merge, thanks again for your efforts to get this going in future!:-

https://discuss.grapheneos.org/d/1841-ms-intune-company-portal-with-work-profile-not-working/5

https://discuss.grapheneos.org/d/1581-sandboxes-gplay-services-in-a-work-profile/7

xxxsskxxx avatar Oct 24 '24 12:10 xxxsskxxx

@muhomorr

I added signature checks through extended app info and moved most of the code to it's own class so it's more maintainable

I do get your idea to move it out of the service but I couldn't figure out how to

Currently play store is getting installed into the profile right after it's created. This is happening in the service so I can't do it "before".

I'm not sure if doing it afterwards work out or where I'd best move my code. Without pointers I'm honestly lost on this.

mkg20001 avatar Nov 23 '24 23:11 mkg20001

I can either keep the permission USER_TRUSTED_SOURCE or replace it with just a check if it's play store trying to install an app and make sure it has an exception for device policy unknown source restriction.

I don't really have other ideas of how to make it non-google-specific. Adding a custom "is this from play store" check would be easier then having this permission arround. (It would still require the "allow from this source" toggle to be on it would just skip play store being blocked by device policy by ignoring the unknown sources restriction for play store)

Edit: I could also add a DPC api for adding trusted unknown sources, but since it would be grapheneos-specific it would only make sense if AOSP were to adopt it.

mkg20001 avatar Nov 24 '24 00:11 mkg20001

Any updates on this? I'd like to be able to have a work profile set up on GrapheneOS.

saiarcot895 avatar Mar 10 '25 15:03 saiarcot895

This will need to be reopened against 15-qpr2.

thestinger avatar Mar 14 '25 00:03 thestinger

I'm hoping someone can re-open this. I too need this PR to merge to be able to use GrapheneOS with a work profile

ajstimson avatar Mar 24 '25 17:03 ajstimson

See https://github.com/GrapheneOS/platform_frameworks_base/pull/147.

thestinger avatar Mar 24 '25 17:03 thestinger