android: add app_restrictions.xml and manifest entry (#248)

Fixes ENG-2926

Adds an `app_restrictions.xml` file with our available MDM policies, and a new entry to the AndroidManifest.xml file to declare its availability.

Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
pull/249/head
Andrea Gottardo 8 months ago committed by GitHub
parent cf6a203f7a
commit e511430f73
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -29,9 +29,9 @@
android:allowBackup="false" android:allowBackup="false"
android:banner="@drawable/tv_banner" android:banner="@drawable/tv_banner"
android:icon="@mipmap/ic_launcher" android:icon="@mipmap/ic_launcher"
android:theme="@style/Theme.AppCompat"
android:label="Tailscale" android:label="Tailscale"
android:roundIcon="@mipmap/ic_launcher_round"> android:roundIcon="@mipmap/ic_launcher_round"
android:theme="@style/Theme.AppCompat">
<activity <activity
android:name="MainActivity" android:name="MainActivity"
android:configChanges="orientation|screenSize|screenLayout|smallestScreenSize|keyboardHidden" android:configChanges="orientation|screenSize|screenLayout|smallestScreenSize|keyboardHidden"
@ -100,5 +100,9 @@
<action android:name="android.service.quicksettings.action.QS_TILE" /> <action android:name="android.service.quicksettings.action.QS_TILE" />
</intent-filter> </intent-filter>
</service> </service>
<meta-data
android:name="android.content.APP_RESTRICTIONS"
android:resource="@xml/app_restrictions" />
</application> </application>
</manifest> </manifest>

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string-array name="hidden_network_devices" translatable="false">
<item>current-user</item>
<item>other-users</item>
<item>tagged-devices</item>
</string-array>
<string-array name="hidden_network_devices_labels" translatable="true">
<item>Current user devices</item>
<item>Other users devices</item>
<item>Tagged devices</item>
</string-array>
<string-array name="always_never_userdecides" translatable="false">
<item>always</item>
<item>never</item>
<item>user-decides</item>
</string-array>
<string-array name="always_never_userdecides_labels" translatable="true">
<item>Always</item>
<item>Never</item>
<item>User Decides</item>
</string-array>
<string-array name="show_hide" translatable="false">
<item>show</item>
<item>hide</item>
</string-array>
<string-array name="show_hide_labels" translatable="true">
<item>Show</item>
<item>Hide</item>
</string-array>
</resources>

@ -131,4 +131,33 @@
<string name="nodes_available">nodes available</string> <string name="nodes_available">nodes available</string>
<string name="cities_available">cities available</string> <string name="cities_available">cities available</string>
<!-- Strings for MDM Settings Manifest (app_restrictions.xml) -->
<string name="prevents_the_user_from_disconnecting_tailscale">Prevents the user from disconnecting Tailscale.</string>
<string name="force_enabled_connection_toggle">Force Enabled Connection Toggle</string>
<string name="exit_node_id">Exit Node ID</string>
<string name="forces_the_tailscale_client_to_always_use_the_exit_node_with_the_given_id">Forces the Tailscale client to always use the exit node with the given ID.</string>
<string name="managed_by_organization_name">Managed By - Organization Name</string>
<string name="managed_by_caption">Managed By - Caption</string>
<string name="managed_by_url">Managed By - URL</string>
<string name="shows_a_button_to_open_support_resources_next_to_the_organization_name">Shows a button to open support resources next to the organization name.</string>
<string name="shows_the_given_caption_next_to_the_organization_name_in_the_client">Shows the given caption next to the organization name in the client.</string>
<string name="shows_the_given_organization_name_in_the_client">Shows the given organization name in the client.</string>
<string name="the_tailnet_policy_allows_the_organization_to_specify_a_tailnet">The Tailnet policy allows the organization to specify a tailnet, its identity provider will be used on the login page. If the policy value is prefixed with required:, Tailscale will force that identity provider to be used and wont allow logging in with anything else.</string>
<string name="required_suggested_tailnet">Required/Suggested Tailnet</string>
<string name="custom_control_server_url">Custom control server URL</string>
<string name="use_this_field_to_specify_a_custom_coordination_server_url_such_as_a_headscale_instance">Use this field to specify a custom coordination server URL, such as a Headscale instance.</string>
<string name="hidden_network_devices">Hidden Network Devices</string>
<string name="hides_the_specified_categories_of_network_devices_from_the_devices_list_in_the_client">Hides the specified categories of network devices from the devices list in the client.</string>
<string name="allow_lan_access_when_using_an_exit_node">Allow LAN Access when using an exit node</string>
<string name="enable_posture_checking">Enable Posture Checking</string>
<string name="use_tailscale_dns_settings">Use Tailscale DNS Settings</string>
<string name="use_tailscale_subnets">Use Tailscale Subnets</string>
<string name="allow_incoming_connections">Allow Incoming Connections</string>
<string name="exit_node_picker_visibility">Exit Node Picker Visibility</string>
<string name="shows_or_hides_the_exit_node_picker_in_the_main_view_of_the_app">Shows or hides the exit node picker in the main view of the app.</string>
<string name="shows_or_hides_the_tailnet_lock_configuration_ui">Shows or hides the Tailnet lock configuration UI.</string>
<string name="manage_tailnet_lock_visibility">Manage Tailnet lock visibility</string>
<string name="shows_or_hides_the_ui_to_run_the_android_device_as_an_exit_node">Shows or hides the UI to run the Android device as an exit node.</string>
<string name="run_as_exit_node_visibility">Run As Exit Node visibility</string>
</resources> </resources>

@ -0,0 +1,113 @@
<?xml version="1.0" encoding="utf-8"?>
<restrictions xmlns:android="http://schemas.android.com/apk/res/android">
<restriction
android:defaultValue="true"
android:description="@string/prevents_the_user_from_disconnecting_tailscale"
android:key="ForceEnabled"
android:restrictionType="bool"
android:title="@string/force_enabled_connection_toggle" />
<restriction
android:description="@string/forces_the_tailscale_client_to_always_use_the_exit_node_with_the_given_id"
android:key="ExitNodeID"
android:restrictionType="string"
android:title="@string/exit_node_id" />
<restriction
android:description="@string/shows_the_given_organization_name_in_the_client"
android:key="ManagedByOrganizationName"
android:restrictionType="string"
android:title="@string/managed_by_organization_name" />
<restriction
android:description="@string/shows_the_given_caption_next_to_the_organization_name_in_the_client"
android:key="ManagedByCaption"
android:restrictionType="string"
android:title="@string/managed_by_caption" />
<restriction
android:description="@string/shows_a_button_to_open_support_resources_next_to_the_organization_name"
android:key="ManagedByURL"
android:restrictionType="string"
android:title="@string/managed_by_url" />
<restriction
android:description="@string/the_tailnet_policy_allows_the_organization_to_specify_a_tailnet"
android:key="Tailnet"
android:restrictionType="string"
android:title="@string/required_suggested_tailnet" />
<restriction
android:description="@string/use_this_field_to_specify_a_custom_coordination_server_url_such_as_a_headscale_instance"
android:key="LoginURL"
android:restrictionType="string"
android:title="@string/custom_control_server_url" />
<restriction
android:description="@string/hides_the_specified_categories_of_network_devices_from_the_devices_list_in_the_client"
android:entries="@array/hidden_network_devices_labels"
android:entryValues="@array/hidden_network_devices"
android:key="HiddenNetworkDevices"
android:restrictionType="multi-select"
android:title="@string/hidden_network_devices" />
<restriction
android:entries="@array/always_never_userdecides_labels"
android:entryValues="@array/always_never_userdecides"
android:key="ExitNodeAllowLANAccess"
android:restrictionType="choice"
android:title="@string/allow_lan_access_when_using_an_exit_node" />
<restriction
android:entries="@array/always_never_userdecides_labels"
android:entryValues="@array/always_never_userdecides"
android:key="PostureChecking"
android:restrictionType="choice"
android:title="@string/enable_posture_checking" />
<restriction
android:entries="@array/always_never_userdecides_labels"
android:entryValues="@array/always_never_userdecides"
android:key="UseTailscaleDNSSettings"
android:restrictionType="choice"
android:title="@string/use_tailscale_dns_settings" />
<restriction
android:entries="@array/always_never_userdecides_labels"
android:entryValues="@array/always_never_userdecides"
android:key="UseTailscaleSubnets"
android:restrictionType="choice"
android:title="@string/use_tailscale_subnets" />
<restriction
android:entries="@array/always_never_userdecides_labels"
android:entryValues="@array/always_never_userdecides"
android:key="AllowIncomingConnections"
android:restrictionType="choice"
android:title="@string/allow_incoming_connections" />
<restriction
android:description="@string/shows_or_hides_the_exit_node_picker_in_the_main_view_of_the_app"
android:entries="@array/show_hide_labels"
android:entryValues="@array/show_hide"
android:key="ExitNodesPicker"
android:restrictionType="choice"
android:title="@string/exit_node_picker_visibility" />
<restriction
android:description="@string/shows_or_hides_the_tailnet_lock_configuration_ui"
android:entries="@array/show_hide_labels"
android:entryValues="@array/show_hide"
android:key="ManageTailnetLock"
android:restrictionType="choice"
android:title="@string/manage_tailnet_lock_visibility" />
<restriction
android:description="@string/shows_or_hides_the_ui_to_run_the_android_device_as_an_exit_node"
android:entries="@array/show_hide_labels"
android:entryValues="@array/show_hide"
android:key="RunExitNode"
android:restrictionType="choice"
android:title="@string/run_as_exit_node_visibility" />
</restrictions>
Loading…
Cancel
Save