Skip to content

Commit 04fd66c

Browse files
committed
fix: force client logging on when any mdm is configured
Signed-off-by: Michael Nahkies <michael@nahkies.co.nz>
1 parent 0603fee commit 04fd66c

File tree

5 files changed

+39
-5
lines changed

5 files changed

+39
-5
lines changed

android/src/main/java/com/tailscale/ipn/App.kt

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -146,6 +146,10 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
146146
}
147147

148148
private fun initializeApp() {
149+
// Read MDM settings as early as possible, before starting the go backend.
150+
val rm = getSystemService(Context.RESTRICTIONS_SERVICE) as RestrictionsManager
151+
MDMSettings.update(this, rm, true)
152+
149153
// Check if a directory URI has already been stored.
150154
val storedUri = getStoredDirectoryUri()
151155
if (storedUri != null && storedUri.toString().startsWith("content://")) {
@@ -158,8 +162,6 @@ class App : UninitializedApp(), libtailscale.AppContext, ViewModelStoreOwner {
158162
NetworkChangeCallback.monitorDnsChanges(connectivityManager, dns)
159163
initViewModels()
160164
applicationScope.launch {
161-
val rm = getSystemService(Context.RESTRICTIONS_SERVICE) as RestrictionsManager
162-
MDMSettings.update(get(), rm)
163165
Notifier.state.collect { _ ->
164166
combine(Notifier.state, MDMSettings.forceEnabled.flow, Notifier.prefs, Notifier.netmap) {
165167
state,
@@ -545,6 +547,13 @@ open class UninitializedApp : Application() {
545547
}
546548

547549
fun getIsClientLoggingEnabled(): Boolean {
550+
551+
// Force client logging to be enabled, when the device is managed by MDM
552+
// Later this could become a dedicated MDMSetting / restriction.
553+
if (MDMSettings.isMDMConfigured) {
554+
return true
555+
}
556+
548557
return getUnencryptedPrefs().getBoolean(IS_CLIENT_LOGGING_ENABLED_KEY, true)
549558
}
550559

android/src/main/java/com/tailscale/ipn/mdm/MDMSettings.kt

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,11 @@ object MDMSettings {
1818
// to the backend.
1919
class NoSuchKeyException : Exception("no such key")
2020

21+
// We default this to true, so that stricter behavior is used during initialization,
22+
// prior to receiving MDM restrictions.
23+
var isMDMConfigured = true
24+
private set
25+
2126
val forceEnabled = BooleanMDMSetting("ForceEnabled", "Force Enabled Connection Toggle")
2227

2328
// Handled on the backed
@@ -117,10 +122,15 @@ object MDMSettings {
117122

118123
val allSettingsByKey by lazy { allSettings.associateBy { it.key } }
119124

120-
fun update(app: App, restrictionsManager: RestrictionsManager?) {
125+
fun update(app: App, restrictionsManager: RestrictionsManager?, skipNotify: Boolean = false) {
121126
val bundle = restrictionsManager?.applicationRestrictions
122127
val preferences = lazy { app.getEncryptedPrefs() }
123128
allSettings.forEach { it.setFrom(bundle, preferences) }
124-
app.notifyPolicyChanged()
129+
130+
isMDMConfigured = bundle?.isEmpty == true
131+
132+
if (!skipNotify) {
133+
app.notifyPolicyChanged()
134+
}
125135
}
126136
}

android/src/main/java/com/tailscale/ipn/mdm/MDMSettingsChangedReceiver.kt

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,16 @@ class MDMSettingsChangedReceiver : BroadcastReceiver() {
1616
TSLog.d("syspolicy", "MDM settings changed")
1717
val restrictionsManager =
1818
context?.getSystemService(Context.RESTRICTIONS_SERVICE) as RestrictionsManager
19+
20+
val previouslyIsMDMEnabled = MDMSettings.isMDMConfigured
21+
1922
MDMSettings.update(App.get(), restrictionsManager)
23+
24+
if (MDMSettings.isMDMConfigured && !previouslyIsMDMEnabled) {
25+
// async MDM settings updated from disabled -> enabled. restart to ensure
26+
// correctly applied (particularly forcing client logs on).
27+
// TODO: actually restart
28+
}
2029
}
2130
}
2231
}

android/src/main/java/com/tailscale/ipn/ui/view/SettingsView.kt

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,8 +111,13 @@ fun SettingsView(
111111
Lists.ItemDivider()
112112
Setting.Switch(
113113
R.string.client_remote_logging_enabled,
114-
subtitle = stringResource(R.string.client_remote_logging_enabled_subtitle),
114+
subtitle =
115+
stringResource(
116+
if (MDMSettings.isMDMConfigured)
117+
R.string.client_remote_logging_enabled_subtitle_mdm
118+
else R.string.client_remote_logging_enabled_subtitle),
115119
isOn = isClientRemoteLoggingEnabled,
120+
enabled = !MDMSettings.isMDMConfigured,
116121
onToggle = { viewModel.toggleIsClientRemoteLoggingEnabled() })
117122

118123
if (!AndroidTVUtil.isAndroidTV()) {

android/src/main/res/values/strings.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -348,6 +348,7 @@
348348
<string name="subnet_routing">Subnet routing</string>
349349
<string name="client_remote_logging_enabled">Remote client logging</string>
350350
<string name="client_remote_logging_enabled_subtitle">Whether debug logs are uploaded to Tailscale support. When disabled no support or network flow logs.\nChanges require restarting the app to take effect.</string>
351+
<string name="client_remote_logging_enabled_subtitle_mdm">Client logging is always enabled for devices under remote management.</string>
351352
<string name="specifies_a_device_name_to_be_used_instead_of_the_automatic_default">Specifies a device name to be used instead of the automatic default.</string>
352353
<string name="hostname">Hostname</string>
353354
<string name="failed_to_save">Failed to save</string>

0 commit comments

Comments
 (0)