3a021b3762a7ddeb365a0a660a88f4187497ffb6 |
|
29-Mar-2018 |
Rubin Xu <rubinxu@google.com> |
Remove password blacklist API Bug: 73750934 Test: compiles Change-Id: I4a73ea47285b7d0be06f84d45a5166a6642c29cf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
5416468217e5c79b54d795cb6227e5b9312c24d6 |
|
09-Mar-2018 |
Michael Wachenschwanz <mwachens@google.com> |
Change MeteredDataDisabled function names for clarity Add the word Packages to several functions to clarify Metered Data is disabled on a per Package basis. setMeteredDataDisabled to setMeteredDataDisabledPackages getMeteredDataDisabled to getMeteredDataDisabledPackages isMeteredDataDisabledForUser to isMeteredDataDisabledForUserPackage Change-Id: Ied755b4422f8689e34bdb68d733d60fbfc47c692 Fixes: 73803958 Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetMeteredDataDisabledPackages Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testSetMeteredDataDisabledPackages Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest#testSetGetMeteredDataDisabledPackages
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
26449eda7a5595bfb97e59d0734b61e1bbe6f55d |
|
23-Feb-2018 |
Christine Franks <christyfranks@google.com> |
Add DevicePolicyManager#setDefaultSmsApplication Bug: 73788187 Test: make -j100 Change-Id: I4f379743b9d12109bb8ecae109591abb922463ec
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
622b9f921278b308e9497675e63159f926764c91 |
|
25-Jan-2018 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Make printing policy a restriction. Use existing API instead of creating new method. Bug: 64140119 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPrintingPolicy Change-Id: I9ff94f4d73824e7bf9aedbb64811ad60fccf9779
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
5bb5a6219dae39d929bca08623c23fc5800dd3b7 |
|
31-Jan-2018 |
Pavel Grafov <pgrafov@google.com> |
Introduce "adb shell dpm force-security-logs" This command fetches the most recent batch of the logs and makes them available to the DPC. Primary purpose is to make security logging testable in CTS without having to either wait for 2 hours or relying on implementation details. To prevent the user from abusing the command and annoying the DPC, it is throttled if run more than once per 10 seconds. Waiting happens in Dpm command. Test: adb shell dpm force-security-logs Bug: 70886042 Bug: 62251154 Change-Id: Ic5acd5a3e5c3b060881385c472df2b972961b626
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
596c2880b3ae0aae1bde030650c1511119da9917 |
|
29-Jan-2018 |
Alex Chau <alexchau@google.com> |
API Review: Return status code for user management APIs - Replaced boolean return value with error code Bug: 71866621 Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_StartInBackground Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_StartInBackground_MaxRunningUsers Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_CannotStopCurrentUser Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_StopUser Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_LogoutUser Test: com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest#testCannotStartManagedProfileInBackground Test: com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest#testCannotStopManagedProfile Test: com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest#testCannotLogoutManagedProfile Change-Id: Iddc3e33c91c3f9584d53e537dbab3f61b8772fb1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
5be44ff31c4cdd68d5b131beeb3df9924cef9c82 |
|
24-Jan-2018 |
Sudheer Shanka <sudheersai@google.com> |
Add a DPM api to check if a pkg is restricted to use metered data. We need this so that Settings can check if an app is restricted by admin from using metered data. Bug: 63700027 Test: manual Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest Change-Id: I9a2ea9c458b0f10a3c3c6edcbe82da9eccaa51c3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
29b9a7d1f4168d888ee2f4a0ff3882523f655e6b |
|
11-Jan-2018 |
Rubin Xu <rubinxu@google.com> |
Add freeze period support in SystemUpdatePolicy Freeze period is defined as a pair of calendar dates (recurring annually) during which the system should block any incoming system updates, including security patches. They are set on top of existing system udpate policy types (automatic, windowed, postpone) such that outside the freeze periods existing policy semantics will still apply. They are created to allow admin to keep their device fleet from any destabilizing changes during critical period of the year, for example during Christmas sales period. Device Owner can set several freeze periods, although to prevent the device from not receiving OTAs indefinitely, each single freeze period is restricted to be at most 90 days, and adjacent freeze periods need to be at least 60 days apart. To properly enforce these restrictions, any freeze periods the device previously experienced is tracked by DevicePolicyManager and are validated against any new policy. This is to deal with corner cases such as the admin repeatedly set a short but overlapping freeze period on a rolling basis, hence bypassing the 90-day freeze period restriction. Test: runtest -c com.android.server.devicepolicy.SystemUpdatePolicyTest frameworks-services Bug: 64813061 Change-Id: I2864192797dc194edd9c183b881da6cfe3fdba5e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
2a5a43d61cba5d57e367f74dff51743ab0cded37 |
|
24-Jan-2018 |
Antoan Angelov <arangelov@google.com> |
Merge changes from topic "dpc-migration-atomic" * changes: Notify DO after PO ownership transfer when they belong to affiliated users. Tests for owner transfer atomicity. Make owner transfer an atomic operation.
|
91201bdbcab8a1010bf66e3dd03375bc4082ab18 |
|
04-Jan-2018 |
arangelov <arangelov@google.com> |
Make owner transfer an atomic operation. Test: bit FrameworksServicesTests:com.android.server.devicepolicy.TransferOwnershipMetadataManagerTest Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/OwnerTransferParamsManagerTest.java Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_noMetadataFile Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_adminAndDeviceMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_deviceNotMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_adminAndDeviceNotMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_noMetadataFile Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_adminAndProfileMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_profileNotMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_adminAndProfileNotMigrated Bug: 69543005 (cherry picked from commit 5a6d391dedcdec13fcc4cf1770e7bf9fc1be8643) Change-Id: Ic2d729d48fdb47b0ebd60030b45615b0cec174a2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
fef75eee1d7389f3bcff41fb8fded4f1801a2b92 |
|
22-Jan-2018 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix Printing policy in profile owner. Sometimes app inside profile can't get package info for its owner. Instead of relying on calling user id, we make PrintManagerService switch to system id and pass user that called print() explicitly. Bug: 72309652 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPrintingPolicy Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPrintingPolicy Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedProfileOwnerTest#testPrintingPolicy Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest Change-Id: Ib97018f56693549fbca506dba6efaadb6dd010b3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
e3d9c099e5b27779ea112408e5a74599d1cfc8ec |
|
11-Jan-2018 |
yuemingw <yuemingw@google.com> |
Add APIs to manipulate Override APN. Add APIs to add, update, query and remove Override APN. Add APIs to enable Override APNs or query if Override APNs are currently enabled. Bug: 68208301 Test: cts test in b/68208416 Change-Id: I65ebbb948d2ac4e31a73e1e761e32dc8ba1502c3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
04d61ae6c3ea1ddba22a8557f2fa372cd13b26ef |
|
17-Jan-2018 |
Sudheer Shanka <sudheersai@google.com> |
Add DPM API to block apps from using metered data. Bug: 63700027 Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t \ com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetMeteredDataDisabled Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t \ com.android.cts.devicepolicy.MixedProfileOwnerTest#testSetMeteredDataDisabled Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest#testSetGetMeteredDataDisabled Change-Id: I147399d316f375c68b415dc6ede837c53cd1aad0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
c53c47fa3a2fa0650ffe6c3f7eba8008004f6aa4 |
|
16-Jan-2018 |
Sudheer Shanka <sudheersai@google.com> |
Load admin data in DPMS asynchronously during boot. Bug: 71902030 Bug: 71710099 Test: atest services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: Ran boot tests - go/run-boottest Test: manual Change-Id: I34970c6f41877c7e3ece4843d47831374d455067
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
792d58fbcef3da36dbde5fd8b0cf5a5b972bd12e |
|
15-Jan-2018 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Implement Policy to disable printing. This adds a new "isPrintingEnabled" policy (true by default) and hooks it into PrintManagerService. Bug: 64140119 Test: manual Change-Id: Ifb0f6772af51e6185135e9dcf5551e9ef0d88af3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
93ae42b04debca35cdc23feef0cf54c9e6ca4400 |
|
11-Jan-2018 |
Alex Chau <alexchau@google.com> |
Customize user switch dialog - Introduced DevicePolicyManager to set messaging for switching out of and into user 0 - Introduced coressponeding API to get the message Bug: 71787514 Test: Set start and end session message with TestDPC, change is reflected Test: Restart the device, switch message is still enforced Test: Clear the message with TestDPC, reverted back to default Change-Id: I527eca6f151cee35459abad7ae9dcdeef486148f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
b6ef86985dd79923c08ea6ecb1c8c56fa76b5193 |
|
09-Jan-2018 |
Alex Chau <alexchau@google.com> |
Move startUserInBackground to standalone and avoid user from being stopped unnecessarily - Removed START_USER_IN_BACKGROUND in createAndMaangeUser - Added startUserInBackground that can return whether user is started. It checks for whether more users can be started without stopping existing users. - Added canStartMoreUsers in UserController and ActivityManagerService - Updated javadoc of a few user management API in DevicePolicyManager - In UserController.startUser, return false if maximum running user limit is reached when starting user in background - Only stop guest or ephemeral user that is being switched out in stopGuestOrEphemeralUserIfBackground Bug: 71694116 Test: Create 3 ephemeral users, can startUserInBackground for first two but failed for the third. Test: Switch to first user, second user is not affected. Test: Switch out first user, second and third user is not affected. Can startUserInBackground for third user at this point. Change-Id: I46aa1d8788851b10b5b169ac656cb982791de479
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
5b9f065754d670d5e6389422894385b322b78acc |
|
11-Jan-2018 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update DPMS to push active admins info to UsageStatsService."
|
101c353a7d039b352cbfe9146807f072ff340469 |
|
09-Jan-2018 |
Sudheer Shanka <sudheersai@google.com> |
Update DPMS to push active admins info to UsageStatsService. Bug: 71710099 Test: atest services/tests/servicestests/src/com/android/server/usage/AppStandbyControllerTests.java Test: atest services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Change-Id: Ia46be9008470b0228978306b9992560fc4f2c586
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
8bae4eaa4db74c71d5658d8ee1905be8ecf4dfc2 |
|
20-Dec-2017 |
arangelov <arangelov@google.com> |
Call PROFILE/DEVICE_OWNER_CHANGED broadcast and onTransferCompleted callback upon a successful transfer. Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedProfileOwnerHostSideTransferTest#testTransferOwnerChangedBroadcast Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedProfileOwnerHostSideTransferTest#testTransferCompleteCallback Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedDeviceOwnerHostSideTransferTest#testTransferOwnerChangedBroadcast Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedDeviceOwnerHostSideTransferTest#testTransferCompleteCallback Bug: 69542936 Bug: 69543044 Change-Id: Ifbe3ac0029794eba185e538e5a490073d5309f0b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
94d56761249a8e8c073867c17bba59b4a898f113 |
|
21-Dec-2017 |
Eran Messeri <eranm@google.com> |
DPM: Implement Device ID attestation Enable requesting inclusion of device identifiers in the attestation record issued for keys generated by generateKeyPair. This is done by passing an array of flags with values indicating which identifiers should be included. Since the attestation record will include sensitive identifiers, it can only be requested by the DPC in Device Owner mode or by the Delegated Cert Installer in Device Owner mode. Design note: DevicePolicyManager defines its own set of constants for the different identifier types (ID_TYPE_*) and prior to calling DevicePolicyManagerService it translates them to the values defined by AttestationUtils (which is not a public class). The reason is to allow re-use of code in AttestationUtils for preparing the attestation arguments. In theory, these constants could be moved from AttestationUtils to DevicePolicyManager, however that would create a dependency on DPM from Keystore, which logically does not make sense as Keystore is independent of the DPM (and in a lower level of the system, conceptually). Bug: 63388672 Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement; runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest#testTranslationOfIdAttestationFlag Change-Id: Ifb42e8e813fa812a08203b4a81d15b1f91152354
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
a82824272cc0d7c522fed96cf9d0b97dc2087a33 |
|
20-Dec-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "DPM: Implement installing certificates for generated keys"
|
7f31bb047820bd5bbf3baab461d24d49f1128052 |
|
07-Sep-2017 |
Alexandru-Andrei Rotaru <rotaru@google.com> |
DPMS: password blacklist Allows admins to blacklist passwords so they cannot be enrolled by the user or the admin. Test: bit FrameworksServicesTests:com.android.server.devicepolicy.PasswordBlacklistTest Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPasswordBlacklist Test: cts-tradefed run cts -m CtsAdminTestCases -t android.admin.cts.DevicePolicyManagerTest Bug: 63578054 Change-Id: I8949ac929c760b66dc719cb058a9f88dc9cad727
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
ecf0f22e5831832afb48c86abfaa81234c8db619 |
|
11-Dec-2017 |
Eran Messeri <eranm@google.com> |
DPM: Implement installing certificates for generated keys Add a new method in the DevicePolicyManager to associate certificates (and set the user-visibility) with a given key alias. Conceptually, the new method, setKeyPairCertificate is very similar to installKeyPair, except it does not install a key, only certificates. (The new setKeyPairCertificate, together with generateKeyPair is functionally equivalent to installKeyPair, except the keys are generated in hardware rather than supplied externally). Bug: 63388672 Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG Change-Id: Idbfe151f6e5311766decbc1a010bff78dc60249f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
c4f87e9ceb4d5ce78c1663912bc166e0d41554aa |
|
26-Oct-2017 |
Pavel Grafov <pgrafov@google.com> |
Introduce DISALLOW_UNIFIED_PASSWORD. When DISALLOW_UNIFIED_PASSWORD is enforced by managed profile owner, the user is disallowed to user single lock for both primary user and the profile. DMP.isUsingUnifiedPassword() can be called by DPC to check if this restriction is obeyed. Test: make cts-verifier Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testIsUsingUnifiedPassword Test: cts-tradefed run cts -m CtsAdminTestCases -t android.admin.cts.DevicePolicyManagerTest#testIsUsingUnifiedPassword_failIfNotProfileOwner Bug: 63909482 Change-Id: Ib758e32d4bf4012d805185bce874f481e17576ba
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
a173064047d304837d907b9b39ece5c14adf2b25 |
|
11-Dec-2017 |
Eran Messeri <eranm@google.com> |
DevicePolicyManager: Support attestation for generated keys. If the KeyGenParameterSpec passed into DevicePolicyManager.generateKeyPair contains an attestation challenge, request an attestation record for the newly-generated key with the challenge provided. This particular implementation was chosen, rather than letting the attestation record be generated at the same time as key generation, to avoid having the attestation chain stored in Keystore and associated with the generated alias. The rationale is that this is a key that is potentially accessible by multiple applications and the attestation chain may end up being sent as a TLS client certificate chain, for example. As the attestation challenge should be unique per device, to avoid the potential of sending / sharing unique device information, by explicitly requesting an attestation record after key generation, the attestation record is only returned to the generateKeyPair client and not persistend in Keystore. Bug: 63388672 Test: New CTS test to be run with: 'cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG' Change-Id: I95a9aef179173b571b533301ac438c675e8fe702
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
08841efcdf4ff8cf5d743fd5f6f995730b5f876f |
|
23-Nov-2017 |
arangelov <arangelov@google.com> |
Add profile owner transfer functionality. Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.TransferProfileOwnerTest Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest Bug: 69542817 Change-Id: I824fcb334e0ca3157fb67920f7583b309a14bf85
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
0de748d833bef8e08329ef1abb9b681391e34ac8 |
|
15-Nov-2017 |
yuemingw <yuemingw@google.com> |
Implement DevicePolicyManager.setSystemSettings. b/67627818 Bug: 67627818 Test: runtest -x services/tests/servicestests/src/ com/android/server/devicepolicy/DevicePolicyManagerTest.java design doc: https://docs.google.com/document/d/ 1rvEg5jE3lMhjH-OA0iTLBUY2opM96fg7BrP81MoPnmg/edit# Change-Id: If5f5c280957085480872f2d59ed59309cf288145
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|
031a2f1aafbc4e39ab5601567862d498e8949538 |
|
16-Oct-2017 |
Lenka Trochtova <ltrochtova@google.com> |
Make DevicePolicyManagerService more customizable (per-device). Add a config to override the DPMS implementation class to be instantiated from the Lifecycle. Add a hasFeature method to the Injector class. BUG: 63753860 Test: manual with TestDPC Change-Id: I71ef518c49b2233744defdfb7c31019cb228d678
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
|