Esempio n. 1
0
  /**
   * Applies zygote security policy per bug #1042973. A root peer may spawn an instance with any
   * capabilities. All other uids may spawn instances with any of the capabilities in the peer's
   * permitted set but no more.
   *
   * @param args non-null; zygote spawner arguments
   * @param peer non-null; peer credentials
   * @throws ZygoteSecurityException
   */
  private static void applyCapabilitiesSecurityPolicy(
      Arguments args, Credentials peer, String peerSecurityContext) throws ZygoteSecurityException {

    if (args.permittedCapabilities == 0 && args.effectiveCapabilities == 0) {
      // nothing to check
      return;
    }

    boolean allowed =
        SELinux.checkSELinuxAccess(
            peerSecurityContext, peerSecurityContext, "zygote", "specifycapabilities");
    if (!allowed) {
      throw new ZygoteSecurityException("Peer may not specify capabilities");
    }

    if (peer.getUid() == 0) {
      // root may specify anything
      return;
    }

    long permittedCaps;

    try {
      permittedCaps = ZygoteInit.capgetPermitted(peer.getPid());
    } catch (IOException ex) {
      throw new ZygoteSecurityException("Error retrieving peer's capabilities.");
    }

    /*
     * Ensure that the client did not specify an effective set larger
     * than the permitted set. The kernel will enforce this too, but we
     * do it here to make the following check easier.
     */
    if (((~args.permittedCapabilities) & args.effectiveCapabilities) != 0) {
      throw new ZygoteSecurityException(
          "Effective capabilities cannot be superset of " + " permitted capabilities");
    }

    /*
     * Ensure that the new permitted (and thus the new effective) set is
     * a subset of the peer process's permitted set
     */

    if (((~permittedCaps) & args.permittedCapabilities) != 0) {
      throw new ZygoteSecurityException("Peer specified unpermitted capabilities");
    }
  }
Esempio n. 2
0
  /**
   * Applies zygote security policy per bugs #875058 and #1082165. Based on the credentials of the
   * process issuing a zygote command:
   *
   * <ol>
   *   <li>uid 0 (root) may specify any uid, gid, and setgroups() list
   *   <li>uid 1000 (Process.SYSTEM_UID) may specify any uid &gt; 1000 in normal operation. It may
   *       also specify any gid and setgroups() list it chooses. In factory test mode, it may
   *       specify any UID.
   *   <li>Any other uid may not specify any uid, gid, or setgroups list. The uid and gid will be
   *       inherited from the requesting process.
   * </ul>
   *
   * @param args non-null; zygote spawner arguments
   * @param peer non-null; peer credentials
   * @throws ZygoteSecurityException
   */
  private static void applyUidSecurityPolicy(
      Arguments args, Credentials peer, String peerSecurityContext) throws ZygoteSecurityException {

    int peerUid = peer.getUid();

    if (peerUid == 0) {
      // Root can do what it wants
    } else if (peerUid == Process.SYSTEM_UID) {
      // System UID is restricted, except in factory test mode
      String factoryTest = SystemProperties.get("ro.factorytest");
      boolean uidRestricted;

      /* In normal operation, SYSTEM_UID can only specify a restricted
       * set of UIDs. In factory test mode, SYSTEM_UID may specify any uid.
       */
      uidRestricted = !(factoryTest.equals("1") || factoryTest.equals("2"));

      if (uidRestricted && args.uidSpecified && (args.uid < Process.SYSTEM_UID)) {
        throw new ZygoteSecurityException(
            "System UID may not launch process with UID < " + Process.SYSTEM_UID);
      }
    } else {
      // Everything else
      if (args.uidSpecified || args.gidSpecified || args.gids != null) {
        throw new ZygoteSecurityException("App UIDs may not specify uid's or gid's");
      }
    }

    if (args.uidSpecified || args.gidSpecified || args.gids != null) {
      boolean allowed =
          SELinux.checkSELinuxAccess(
              peerSecurityContext, peerSecurityContext, "zygote", "specifyids");
      if (!allowed) {
        throw new ZygoteSecurityException("Peer may not specify uid's or gid's");
      }
    }

    // If not otherwise specified, uid and gid are inherited from peer
    if (!args.uidSpecified) {
      args.uid = peer.getUid();
      args.uidSpecified = true;
    }
    if (!args.gidSpecified) {
      args.gid = peer.getGid();
      args.gidSpecified = true;
    }
  }
Esempio n. 3
0
  /**
   * Constructs instance from connected socket.
   *
   * @param socket non-null; connected socket
   * @throws IOException
   */
  ZygoteConnection(LocalSocket socket) throws IOException {
    mSocket = socket;

    mSocketOutStream = new DataOutputStream(socket.getOutputStream());

    mSocketReader = new BufferedReader(new InputStreamReader(socket.getInputStream()), 256);

    mSocket.setSoTimeout(CONNECTION_TIMEOUT_MILLIS);

    try {
      peer = mSocket.getPeerCredentials();
    } catch (IOException ex) {
      Log.e(TAG, "Cannot read peer credentials", ex);
      throw ex;
    }

    peerSecurityContext = SELinux.getPeerContext(mSocket.getFileDescriptor());
  }
Esempio n. 4
0
  /**
   * Applies zygote security policy. Based on the credentials of the process issuing a zygote
   * command:
   *
   * <ol>
   *   <li>uid 0 (root) may specify --invoke-with to launch Zygote with a wrapper command.
   *   <li>Any other uid may not specify any invoke-with argument.
   * </ul>
   *
   * @param args non-null; zygote spawner arguments
   * @param peer non-null; peer credentials
   * @throws ZygoteSecurityException
   */
  private static void applyInvokeWithSecurityPolicy(
      Arguments args, Credentials peer, String peerSecurityContext) throws ZygoteSecurityException {
    int peerUid = peer.getUid();

    if (args.invokeWith != null && peerUid != 0) {
      throw new ZygoteSecurityException(
          "Peer is not permitted to specify " + "an explicit invoke-with wrapper command");
    }

    if (args.invokeWith != null) {
      boolean allowed =
          SELinux.checkSELinuxAccess(
              peerSecurityContext, peerSecurityContext, "zygote", "specifyinvokewith");
      if (!allowed) {
        throw new ZygoteSecurityException(
            "Peer is not permitted to specify " + "an explicit invoke-with wrapper command");
      }
    }
  }
Esempio n. 5
0
  /**
   * Applies zygote security policy per bug #1042973. Based on the credentials of the process
   * issuing a zygote command:
   *
   * <ol>
   *   <li>peers of uid 0 (root) and uid 1000 (Process.SYSTEM_UID) may specify any rlimits.
   *   <li>All other uids may not specify rlimits.
   * </ul>
   *
   * @param args non-null; zygote spawner arguments
   * @param peer non-null; peer credentials
   * @throws ZygoteSecurityException
   */
  private static void applyRlimitSecurityPolicy(
      Arguments args, Credentials peer, String peerSecurityContext) throws ZygoteSecurityException {

    int peerUid = peer.getUid();

    if (!(peerUid == 0 || peerUid == Process.SYSTEM_UID)) {
      // All peers with UID other than root or SYSTEM_UID
      if (args.rlimits != null) {
        throw new ZygoteSecurityException("This UID may not specify rlimits.");
      }
    }

    if (args.rlimits != null) {
      boolean allowed =
          SELinux.checkSELinuxAccess(
              peerSecurityContext, peerSecurityContext, "zygote", "specifyrlimits");
      if (!allowed) {
        throw new ZygoteSecurityException("Peer may not specify rlimits");
      }
    }
  }
Esempio n. 6
0
  /**
   * Applies zygote security policy for SEAndroid information.
   *
   * @param args non-null; zygote spawner arguments
   * @param peer non-null; peer credentials
   * @throws ZygoteSecurityException
   */
  private static void applyseInfoSecurityPolicy(
      Arguments args, Credentials peer, String peerSecurityContext) throws ZygoteSecurityException {
    int peerUid = peer.getUid();

    if (args.seInfo == null) {
      // nothing to check
      return;
    }

    if (!(peerUid == 0 || peerUid == Process.SYSTEM_UID)) {
      // All peers with UID other than root or SYSTEM_UID
      throw new ZygoteSecurityException("This UID may not specify SEAndroid info.");
    }

    boolean allowed =
        SELinux.checkSELinuxAccess(
            peerSecurityContext, peerSecurityContext, "zygote", "specifyseinfo");
    if (!allowed) {
      throw new ZygoteSecurityException("Peer may not specify SEAndroid info");
    }

    return;
  }
  @Override
  public void onCreate(Bundle icicle) {
    super.onCreate(icicle);

    addPreferencesFromResource(R.xml.device_info_settings);

    setStringSummary(KEY_FIRMWARE_VERSION, Build.VERSION.RELEASE);
    findPreference(KEY_FIRMWARE_VERSION).setEnabled(true);
    setValueSummary(KEY_BASEBAND_VERSION, "gsm.version.baseband");
    setStringSummary(KEY_DEVICE_MODEL, Build.MODEL + getMsvSuffix());
    setValueSummary(KEY_EQUIPMENT_ID, PROPERTY_EQUIPMENT_ID);
    setStringSummary(KEY_DEVICE_MODEL, Build.MODEL);
    setStringSummary(KEY_BUILD_NUMBER, Build.DISPLAY);
    findPreference(KEY_BUILD_NUMBER).setEnabled(true);
    findPreference(KEY_KERNEL_VERSION).setSummary(getFormattedKernelVersion());
    setValueSummary(KEY_MOD_VERSION, "ro.cm.version");
    findPreference(KEY_MOD_VERSION).setEnabled(true);
    setValueSummary(KEY_MOD_BUILD_DATE, "ro.build.date");

    if (!SELinux.isSELinuxEnabled()) {
      String status = getResources().getString(R.string.selinux_status_disabled);
      setStringSummary(KEY_SELINUX_STATUS, status);
    } else if (!SELinux.isSELinuxEnforced()) {
      String status = getResources().getString(R.string.selinux_status_permissive);
      setStringSummary(KEY_SELINUX_STATUS, status);
    }
    findPreference(KEY_SELINUX_STATUS).setEnabled(true);

    if (MSimTelephonyManager.getDefault().isMultiSimEnabled()) {
      findPreference(KEY_STATUS)
          .getIntent()
          .setClassName("com.android.settings", "com.android.settings.deviceinfo.msim.MSimStatus");
    }

    // Remove selinux information if property is not present
    removePreferenceIfPropertyMissing(
        getPreferenceScreen(), KEY_SELINUX_STATUS, PROPERTY_SELINUX_STATUS);

    String cpuInfo = getCPUInfo();
    String memInfo = getMemInfo();

    // Only the owner should see the Updater settings, if it exists
    if (UserHandle.myUserId() == UserHandle.USER_OWNER) {
      removePreferenceIfPackageNotInstalled(findPreference(KEY_CM_UPDATES));
    } else {
      getPreferenceScreen().removePreference(findPreference(KEY_CM_UPDATES));
    }

    if (cpuInfo != null) {
      setStringSummary(KEY_DEVICE_CPU, cpuInfo);
    } else {
      getPreferenceScreen().removePreference(findPreference(KEY_DEVICE_CPU));
    }

    if (memInfo != null) {
      setStringSummary(KEY_DEVICE_MEMORY, memInfo);
    } else {
      getPreferenceScreen().removePreference(findPreference(KEY_DEVICE_MEMORY));
    }

    // Remove Safety information preference if PROPERTY_URL_SAFETYLEGAL is not set
    removePreferenceIfPropertyMissing(
        getPreferenceScreen(), "safetylegal", PROPERTY_URL_SAFETYLEGAL);

    // Remove Equipment id preference if FCC ID is not set by RIL
    removePreferenceIfPropertyMissing(
        getPreferenceScreen(), KEY_EQUIPMENT_ID, PROPERTY_EQUIPMENT_ID);

    // Remove Baseband version if wifi-only device
    if (Utils.isWifiOnly(getActivity())
        || (MSimTelephonyManager.getDefault().isMultiSimEnabled())) {
      getPreferenceScreen().removePreference(findPreference(KEY_BASEBAND_VERSION));
    }

    /*
     * Settings is a generic app and should not contain any device-specific
     * info.
     */
    final Activity act = getActivity();
    // These are contained in the "container" preference group
    PreferenceGroup parentPreference = (PreferenceGroup) findPreference(KEY_CONTAINER);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_TERMS,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_LICENSE,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_COPYRIGHT,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_TEAM,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);

    // These are contained by the root preference screen
    parentPreference = getPreferenceScreen();
    if (UserHandle.myUserId() == UserHandle.USER_OWNER) {
      Utils.updatePreferenceToSpecificActivityOrRemove(
          act,
          parentPreference,
          KEY_SYSTEM_UPDATE_SETTINGS,
          Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
      /* Make sure the activity is provided by who we want... */
      if (findPreference(KEY_SYSTEM_UPDATE_SETTINGS) != null)
        removePreferenceIfPackageNotInstalled(findPreference(KEY_SYSTEM_UPDATE_SETTINGS));
    } else {
      // Remove for secondary users
      removePreference(KEY_SYSTEM_UPDATE_SETTINGS);
    }
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_CONTRIBUTORS,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);

    // Read platform settings for additional system update setting
    removePreferenceIfBoolFalse(
        KEY_UPDATE_SETTING, R.bool.config_additional_system_update_setting_enable);

    // Remove regulatory information if not enabled.
    removePreferenceIfBoolFalse(KEY_REGULATORY_INFO, R.bool.config_show_regulatory_info);
  }
  @Override
  public boolean onPreferenceTreeClick(PreferenceScreen preferenceScreen, Preference preference) {
    if (preference.getKey().equals(KEY_FIRMWARE_VERSION)) {
      System.arraycopy(mHits, 1, mHits, 0, mHits.length - 1);
      mHits[mHits.length - 1] = SystemClock.uptimeMillis();
      if (mHits[0] >= (SystemClock.uptimeMillis() - 500)) {
        Intent intent = new Intent(Intent.ACTION_MAIN);
        intent.setClassName("android", com.android.internal.app.PlatLogoActivity.class.getName());
        try {
          startActivity(intent);
        } catch (Exception e) {
          Log.e(LOG_TAG, "Unable to start activity " + intent.toString());
        }
      }
    } else if (preference.getKey().equals(KEY_BUILD_NUMBER)) {
      // Don't enable developer options for secondary users.
      if (UserHandle.myUserId() != UserHandle.USER_OWNER) return true;

      if (mDevHitCountdown > 0) {
        mDevHitCountdown--;
        if (mDevHitCountdown == 0) {
          getActivity()
              .getSharedPreferences(DevelopmentSettings.PREF_FILE, Context.MODE_PRIVATE)
              .edit()
              .putBoolean(DevelopmentSettings.PREF_SHOW, true)
              .apply();
          if (mDevHitToast != null) {
            mDevHitToast.cancel();
          }
          mDevHitToast = Toast.makeText(getActivity(), R.string.show_dev_on, Toast.LENGTH_LONG);
          mDevHitToast.show();
        } else if (mDevHitCountdown > 0 && mDevHitCountdown < (TAPS_TO_BE_A_DEVELOPER - 2)) {
          if (mDevHitToast != null) {
            mDevHitToast.cancel();
          }
          mDevHitToast =
              Toast.makeText(
                  getActivity(),
                  getResources()
                      .getQuantityString(
                          R.plurals.show_dev_countdown, mDevHitCountdown, mDevHitCountdown),
                  Toast.LENGTH_SHORT);
          mDevHitToast.show();
        }
      } else if (mDevHitCountdown < 0) {
        if (mDevHitToast != null) {
          mDevHitToast.cancel();
        }
        mDevHitToast = Toast.makeText(getActivity(), R.string.show_dev_already, Toast.LENGTH_LONG);
        mDevHitToast.show();
      }
    } else if (preference.getKey().equals(KEY_MOD_VERSION)) {
      System.arraycopy(mHits, 1, mHits, 0, mHits.length - 1);
      mHits[mHits.length - 1] = SystemClock.uptimeMillis();
      if (mHits[0] >= (SystemClock.uptimeMillis() - 500)) {
        Intent intent = new Intent(Intent.ACTION_MAIN);
        intent.putExtra("is_cid", true);
        intent.setClassName("android", com.android.internal.app.PlatLogoActivity.class.getName());
        try {
          startActivity(intent);
        } catch (Exception e) {
          Log.e(LOG_TAG, "Unable to start activity " + intent.toString());
        }
      }
    } else if (preference.getKey().equals(KEY_SELINUX_STATUS)) {
      System.arraycopy(mHits, 1, mHits, 0, mHits.length - 1);
      mHits[mHits.length - 1] = SystemClock.uptimeMillis();
      if (mHits[0] >= (SystemClock.uptimeMillis() - 500)) {
        if (SELinux.isSELinuxEnabled()) {
          if (!SELinux.isSELinuxEnforced()) {
            /* Display the warning dialog */
            AlertDialog alertDialog = new AlertDialog.Builder(getActivity()).create();
            alertDialog.setTitle(R.string.selinux_enable_title);
            alertDialog.setMessage(getResources().getString(R.string.selinux_enable_warning));
            alertDialog.setButton(
                DialogInterface.BUTTON_POSITIVE,
                getResources().getString(com.android.internal.R.string.ok),
                new DialogInterface.OnClickListener() {
                  public void onClick(DialogInterface dialog, int which) {
                    SELinux.setSELinuxEnforce(true);
                    String status = getResources().getString(R.string.selinux_status_enforcing);
                    setStringSummary(KEY_SELINUX_STATUS, status);
                  }
                });
            alertDialog.setButton(
                DialogInterface.BUTTON_NEGATIVE,
                getResources().getString(com.android.internal.R.string.cancel),
                new DialogInterface.OnClickListener() {
                  public void onClick(DialogInterface dialog, int which) {}
                });
            alertDialog.setOnCancelListener(
                new DialogInterface.OnCancelListener() {
                  public void onCancel(DialogInterface dialog) {}
                });
            alertDialog.show();

          } else {
            SELinux.setSELinuxEnforce(false);
          }
        }

        if (!SELinux.isSELinuxEnabled()) {
          String status = getResources().getString(R.string.selinux_status_disabled);
          setStringSummary(KEY_SELINUX_STATUS, status);
        } else if (!SELinux.isSELinuxEnforced()) {
          String status = getResources().getString(R.string.selinux_status_permissive);
          setStringSummary(KEY_SELINUX_STATUS, status);
        } else if (SELinux.isSELinuxEnforced()) {
          String status = getResources().getString(R.string.selinux_status_enforcing);
          setStringSummary(KEY_SELINUX_STATUS, status);
        }
      }
    }
    return super.onPreferenceTreeClick(preferenceScreen, preference);
  }
  @Override
  public void onCreate(Bundle icicle) {
    super.onCreate(icicle);

    addPreferencesFromResource(R.xml.device_info_settings);

    setStringSummary(KEY_FIRMWARE_VERSION, Build.VERSION.RELEASE);
    findPreference(KEY_FIRMWARE_VERSION).setEnabled(true);
    setValueSummary(KEY_BASEBAND_VERSION, "gsm.version.baseband");
    setStringSummary(KEY_DEVICE_MODEL, Build.MODEL + getMsvSuffix());
    setValueSummary(KEY_EQUIPMENT_ID, PROPERTY_EQUIPMENT_ID);
    setStringSummary(KEY_DEVICE_MODEL, Build.MODEL);
    setStringSummary(KEY_BUILD_NUMBER, Build.DISPLAY);
    findPreference(KEY_BUILD_NUMBER).setEnabled(true);
    findPreference(KEY_KERNEL_VERSION).setSummary(getFormattedKernelVersion());
    setValueSummary(KEY_MOD_VERSION, "ro.aokp.version");
    findPreference(KEY_MOD_VERSION).setEnabled(true);

    if (!SELinux.isSELinuxEnabled()) {
      String status = getResources().getString(R.string.selinux_status_disabled);
      setStringSummary(KEY_SELINUX_STATUS, status);
    } else if (!SELinux.isSELinuxEnforced()) {
      String status = getResources().getString(R.string.selinux_status_permissive);
      setStringSummary(KEY_SELINUX_STATUS, status);
    }

    // Remove selinux information if property is not present
    removePreferenceIfPropertyMissing(
        getPreferenceScreen(), KEY_SELINUX_STATUS, PROPERTY_SELINUX_STATUS);

    addStringPreference(KEY_DEVICE_CHIPSET, SystemProperties.get("ro.device.chipset", null));
    addStringPreference(KEY_DEVICE_CPU, SystemProperties.get("ro.device.cpu", getCPUInfo()));
    addStringPreference(KEY_DEVICE_GPU, SystemProperties.get("ro.device.gpu", null));
    addStringPreference(KEY_DEVICE_MEMORY, getMemInfo());
    addStringPreference(KEY_DEVICE_FRONT_CAMERA, SystemProperties.get("ro.device.front_cam", null));
    addStringPreference(KEY_DEVICE_REAR_CAMERA, SystemProperties.get("ro.device.rear_cam", null));
    addStringPreference(
        KEY_DEVICE_SCREEN_RESOLUTION, SystemProperties.get("ro.device.screen_res", null));

    // Remove Safety information preference if PROPERTY_URL_SAFETYLEGAL is not set
    removePreferenceIfPropertyMissing(
        getPreferenceScreen(), "safetylegal", PROPERTY_URL_SAFETYLEGAL);

    // Remove Equipment id preference if FCC ID is not set by RIL
    removePreferenceIfPropertyMissing(
        getPreferenceScreen(), KEY_EQUIPMENT_ID, PROPERTY_EQUIPMENT_ID);

    // Remove Baseband version if wifi-only device
    if (Utils.isWifiOnly(getActivity())) {
      getPreferenceScreen().removePreference(findPreference(KEY_BASEBAND_VERSION));
    }

    /*
     * Settings is a generic app and should not contain any device-specific
     * info.
     */
    final Activity act = getActivity();
    // These are contained in the "container" preference group
    PreferenceGroup parentPreference = (PreferenceGroup) findPreference(KEY_CONTAINER);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_TERMS,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_LICENSE,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_COPYRIGHT,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_TEAM,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);

    // These are contained by the root preference screen
    parentPreference = getPreferenceScreen();
    if (UserHandle.myUserId() == UserHandle.USER_OWNER) {
      Utils.updatePreferenceToSpecificActivityOrRemove(
          act,
          parentPreference,
          KEY_SYSTEM_UPDATE_SETTINGS,
          Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);
    } else {
      // Remove for secondary users
      removePreference(KEY_SYSTEM_UPDATE_SETTINGS);
    }
    Utils.updatePreferenceToSpecificActivityOrRemove(
        act,
        parentPreference,
        KEY_CONTRIBUTORS,
        Utils.UPDATE_PREFERENCE_FLAG_SET_TITLE_TO_MATCHING_ACTIVITY);

    // Read platform settings for additional system update setting
    removePreferenceIfBoolFalse(
        KEY_UPDATE_SETTING, R.bool.config_additional_system_update_setting_enable);

    // Remove regulatory information if not enabled.
    removePreferenceIfBoolFalse(KEY_REGULATORY_INFO, R.bool.config_show_regulatory_info);
  }