Cross Reference: /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java

History log of /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
3a021b3762a7ddeb365a0a660a88f4187497ffb6	29-Mar-2018	Rubin Xu <rubinxu@google.com>	Remove password blacklist API Bug: 73750934 Test: compiles Change-Id: I4a73ea47285b7d0be06f84d45a5166a6642c29cf /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
5416468217e5c79b54d795cb6227e5b9312c24d6	09-Mar-2018	Michael Wachenschwanz <mwachens@google.com>	Change MeteredDataDisabled function names for clarity Add the word Packages to several functions to clarify Metered Data is disabled on a per Package basis. setMeteredDataDisabled to setMeteredDataDisabledPackages getMeteredDataDisabled to getMeteredDataDisabledPackages isMeteredDataDisabledForUser to isMeteredDataDisabledForUserPackage Change-Id: Ied755b4422f8689e34bdb68d733d60fbfc47c692 Fixes: 73803958 Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetMeteredDataDisabledPackages Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testSetMeteredDataDisabledPackages Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest#testSetGetMeteredDataDisabledPackages /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
26449eda7a5595bfb97e59d0734b61e1bbe6f55d	23-Feb-2018	Christine Franks <christyfranks@google.com>	Add DevicePolicyManager#setDefaultSmsApplication Bug: 73788187 Test: make -j100 Change-Id: I4f379743b9d12109bb8ecae109591abb922463ec /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
622b9f921278b308e9497675e63159f926764c91	25-Jan-2018	Vladislav Kuzkokov <vkuzkokov@google.com>	Make printing policy a restriction. Use existing API instead of creating new method. Bug: 64140119 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPrintingPolicy Change-Id: I9ff94f4d73824e7bf9aedbb64811ad60fccf9779 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
5bb5a6219dae39d929bca08623c23fc5800dd3b7	31-Jan-2018	Pavel Grafov <pgrafov@google.com>	Introduce "adb shell dpm force-security-logs" This command fetches the most recent batch of the logs and makes them available to the DPC. Primary purpose is to make security logging testable in CTS without having to either wait for 2 hours or relying on implementation details. To prevent the user from abusing the command and annoying the DPC, it is throttled if run more than once per 10 seconds. Waiting happens in Dpm command. Test: adb shell dpm force-security-logs Bug: 70886042 Bug: 62251154 Change-Id: Ic5acd5a3e5c3b060881385c472df2b972961b626 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
596c2880b3ae0aae1bde030650c1511119da9917	29-Jan-2018	Alex Chau <alexchau@google.com>	API Review: Return status code for user management APIs - Replaced boolean return value with error code Bug: 71866621 Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_StartInBackground Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_StartInBackground_MaxRunningUsers Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_CannotStopCurrentUser Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_StopUser Test: com.android.cts.devicepolicy.DeviceOwnerTest#testCreateAndManageUser_LogoutUser Test: com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest#testCannotStartManagedProfileInBackground Test: com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest#testCannotStopManagedProfile Test: com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest#testCannotLogoutManagedProfile Change-Id: Iddc3e33c91c3f9584d53e537dbab3f61b8772fb1 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
5be44ff31c4cdd68d5b131beeb3df9924cef9c82	24-Jan-2018	Sudheer Shanka <sudheersai@google.com>	Add a DPM api to check if a pkg is restricted to use metered data. We need this so that Settings can check if an app is restricted by admin from using metered data. Bug: 63700027 Test: manual Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest Change-Id: I9a2ea9c458b0f10a3c3c6edcbe82da9eccaa51c3 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
29b9a7d1f4168d888ee2f4a0ff3882523f655e6b	11-Jan-2018	Rubin Xu <rubinxu@google.com>	Add freeze period support in SystemUpdatePolicy Freeze period is defined as a pair of calendar dates (recurring annually) during which the system should block any incoming system updates, including security patches. They are set on top of existing system udpate policy types (automatic, windowed, postpone) such that outside the freeze periods existing policy semantics will still apply. They are created to allow admin to keep their device fleet from any destabilizing changes during critical period of the year, for example during Christmas sales period. Device Owner can set several freeze periods, although to prevent the device from not receiving OTAs indefinitely, each single freeze period is restricted to be at most 90 days, and adjacent freeze periods need to be at least 60 days apart. To properly enforce these restrictions, any freeze periods the device previously experienced is tracked by DevicePolicyManager and are validated against any new policy. This is to deal with corner cases such as the admin repeatedly set a short but overlapping freeze period on a rolling basis, hence bypassing the 90-day freeze period restriction. Test: runtest -c com.android.server.devicepolicy.SystemUpdatePolicyTest frameworks-services Bug: 64813061 Change-Id: I2864192797dc194edd9c183b881da6cfe3fdba5e /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
2a5a43d61cba5d57e367f74dff51743ab0cded37	24-Jan-2018	Antoan Angelov <arangelov@google.com>	Merge changes from topic "dpc-migration-atomic" * changes: Notify DO after PO ownership transfer when they belong to affiliated users. Tests for owner transfer atomicity. Make owner transfer an atomic operation.
91201bdbcab8a1010bf66e3dd03375bc4082ab18	04-Jan-2018	arangelov <arangelov@google.com>	Make owner transfer an atomic operation. Test: bit FrameworksServicesTests:com.android.server.devicepolicy.TransferOwnershipMetadataManagerTest Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/OwnerTransferParamsManagerTest.java Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_noMetadataFile Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_adminAndDeviceMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_deviceNotMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertDeviceOwnership_adminAndDeviceNotMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_noMetadataFile Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_adminAndProfileMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_profileNotMigrated Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest#testRevertProfileOwnership_adminAndProfileNotMigrated Bug: 69543005 (cherry picked from commit 5a6d391dedcdec13fcc4cf1770e7bf9fc1be8643) Change-Id: Ic2d729d48fdb47b0ebd60030b45615b0cec174a2 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
fef75eee1d7389f3bcff41fb8fded4f1801a2b92	22-Jan-2018	Vladislav Kuzkokov <vkuzkokov@google.com>	Fix Printing policy in profile owner. Sometimes app inside profile can't get package info for its owner. Instead of relying on calling user id, we make PrintManagerService switch to system id and pass user that called print() explicitly. Bug: 72309652 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPrintingPolicy Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPrintingPolicy Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedProfileOwnerTest#testPrintingPolicy Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest Change-Id: Ib97018f56693549fbca506dba6efaadb6dd010b3 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
e3d9c099e5b27779ea112408e5a74599d1cfc8ec	11-Jan-2018	yuemingw <yuemingw@google.com>	Add APIs to manipulate Override APN. Add APIs to add, update, query and remove Override APN. Add APIs to enable Override APNs or query if Override APNs are currently enabled. Bug: 68208301 Test: cts test in b/68208416 Change-Id: I65ebbb948d2ac4e31a73e1e761e32dc8ba1502c3 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
04d61ae6c3ea1ddba22a8557f2fa372cd13b26ef	17-Jan-2018	Sudheer Shanka <sudheersai@google.com>	Add DPM API to block apps from using metered data. Bug: 63700027 Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t \ com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetMeteredDataDisabled Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t \ com.android.cts.devicepolicy.MixedProfileOwnerTest#testSetMeteredDataDisabled Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest#testSetGetMeteredDataDisabled Change-Id: I147399d316f375c68b415dc6ede837c53cd1aad0 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
c53c47fa3a2fa0650ffe6c3f7eba8008004f6aa4	16-Jan-2018	Sudheer Shanka <sudheersai@google.com>	Load admin data in DPMS asynchronously during boot. Bug: 71902030 Bug: 71710099 Test: atest services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: Ran boot tests - go/run-boottest Test: manual Change-Id: I34970c6f41877c7e3ece4843d47831374d455067 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
792d58fbcef3da36dbde5fd8b0cf5a5b972bd12e	15-Jan-2018	Vladislav Kuzkokov <vkuzkokov@google.com>	Implement Policy to disable printing. This adds a new "isPrintingEnabled" policy (true by default) and hooks it into PrintManagerService. Bug: 64140119 Test: manual Change-Id: Ifb0f6772af51e6185135e9dcf5551e9ef0d88af3 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
93ae42b04debca35cdc23feef0cf54c9e6ca4400	11-Jan-2018	Alex Chau <alexchau@google.com>	Customize user switch dialog - Introduced DevicePolicyManager to set messaging for switching out of and into user 0 - Introduced coressponeding API to get the message Bug: 71787514 Test: Set start and end session message with TestDPC, change is reflected Test: Restart the device, switch message is still enforced Test: Clear the message with TestDPC, reverted back to default Change-Id: I527eca6f151cee35459abad7ae9dcdeef486148f /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
b6ef86985dd79923c08ea6ecb1c8c56fa76b5193	09-Jan-2018	Alex Chau <alexchau@google.com>	Move startUserInBackground to standalone and avoid user from being stopped unnecessarily - Removed START_USER_IN_BACKGROUND in createAndMaangeUser - Added startUserInBackground that can return whether user is started. It checks for whether more users can be started without stopping existing users. - Added canStartMoreUsers in UserController and ActivityManagerService - Updated javadoc of a few user management API in DevicePolicyManager - In UserController.startUser, return false if maximum running user limit is reached when starting user in background - Only stop guest or ephemeral user that is being switched out in stopGuestOrEphemeralUserIfBackground Bug: 71694116 Test: Create 3 ephemeral users, can startUserInBackground for first two but failed for the third. Test: Switch to first user, second user is not affected. Test: Switch out first user, second and third user is not affected. Can startUserInBackground for third user at this point. Change-Id: I46aa1d8788851b10b5b169ac656cb982791de479 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
5b9f065754d670d5e6389422894385b322b78acc	11-Jan-2018	Sudheer Shanka <sudheersai@google.com>	Merge "Update DPMS to push active admins info to UsageStatsService."
101c353a7d039b352cbfe9146807f072ff340469	09-Jan-2018	Sudheer Shanka <sudheersai@google.com>	Update DPMS to push active admins info to UsageStatsService. Bug: 71710099 Test: atest services/tests/servicestests/src/com/android/server/usage/AppStandbyControllerTests.java Test: atest services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Change-Id: Ia46be9008470b0228978306b9992560fc4f2c586 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
8bae4eaa4db74c71d5658d8ee1905be8ecf4dfc2	20-Dec-2017	arangelov <arangelov@google.com>	Call PROFILE/DEVICE_OWNER_CHANGED broadcast and onTransferCompleted callback upon a successful transfer. Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedProfileOwnerHostSideTransferTest#testTransferOwnerChangedBroadcast Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedProfileOwnerHostSideTransferTest#testTransferCompleteCallback Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedDeviceOwnerHostSideTransferTest#testTransferOwnerChangedBroadcast Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.MixedDeviceOwnerHostSideTransferTest#testTransferCompleteCallback Bug: 69542936 Bug: 69543044 Change-Id: Ifbe3ac0029794eba185e538e5a490073d5309f0b /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
94d56761249a8e8c073867c17bba59b4a898f113	21-Dec-2017	Eran Messeri <eranm@google.com>	DPM: Implement Device ID attestation Enable requesting inclusion of device identifiers in the attestation record issued for keys generated by generateKeyPair. This is done by passing an array of flags with values indicating which identifiers should be included. Since the attestation record will include sensitive identifiers, it can only be requested by the DPC in Device Owner mode or by the Delegated Cert Installer in Device Owner mode. Design note: DevicePolicyManager defines its own set of constants for the different identifier types (ID_TYPE_*) and prior to calling DevicePolicyManagerService it translates them to the values defined by AttestationUtils (which is not a public class). The reason is to allow re-use of code in AttestationUtils for preparing the attestation arguments. In theory, these constants could be moved from AttestationUtils to DevicePolicyManager, however that would create a dependency on DPM from Keystore, which logically does not make sense as Keystore is independent of the DPM (and in a lower level of the system, conceptually). Bug: 63388672 Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement; runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest#testTranslationOfIdAttestationFlag Change-Id: Ifb42e8e813fa812a08203b4a81d15b1f91152354 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
a82824272cc0d7c522fed96cf9d0b97dc2087a33	20-Dec-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "DPM: Implement installing certificates for generated keys"
7f31bb047820bd5bbf3baab461d24d49f1128052	07-Sep-2017	Alexandru-Andrei Rotaru <rotaru@google.com>	DPMS: password blacklist Allows admins to blacklist passwords so they cannot be enrolled by the user or the admin. Test: bit FrameworksServicesTests:com.android.server.devicepolicy.PasswordBlacklistTest Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPasswordBlacklist Test: cts-tradefed run cts -m CtsAdminTestCases -t android.admin.cts.DevicePolicyManagerTest Bug: 63578054 Change-Id: I8949ac929c760b66dc719cb058a9f88dc9cad727 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
ecf0f22e5831832afb48c86abfaa81234c8db619	11-Dec-2017	Eran Messeri <eranm@google.com>	DPM: Implement installing certificates for generated keys Add a new method in the DevicePolicyManager to associate certificates (and set the user-visibility) with a given key alias. Conceptually, the new method, setKeyPairCertificate is very similar to installKeyPair, except it does not install a key, only certificates. (The new setKeyPairCertificate, together with generateKeyPair is functionally equivalent to installKeyPair, except the keys are generated in hardware rather than supplied externally). Bug: 63388672 Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG Change-Id: Idbfe151f6e5311766decbc1a010bff78dc60249f /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
c4f87e9ceb4d5ce78c1663912bc166e0d41554aa	26-Oct-2017	Pavel Grafov <pgrafov@google.com>	Introduce DISALLOW_UNIFIED_PASSWORD. When DISALLOW_UNIFIED_PASSWORD is enforced by managed profile owner, the user is disallowed to user single lock for both primary user and the profile. DMP.isUsingUnifiedPassword() can be called by DPC to check if this restriction is obeyed. Test: make cts-verifier Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testIsUsingUnifiedPassword Test: cts-tradefed run cts -m CtsAdminTestCases -t android.admin.cts.DevicePolicyManagerTest#testIsUsingUnifiedPassword_failIfNotProfileOwner Bug: 63909482 Change-Id: Ib758e32d4bf4012d805185bce874f481e17576ba /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
a173064047d304837d907b9b39ece5c14adf2b25	11-Dec-2017	Eran Messeri <eranm@google.com>	DevicePolicyManager: Support attestation for generated keys. If the KeyGenParameterSpec passed into DevicePolicyManager.generateKeyPair contains an attestation challenge, request an attestation record for the newly-generated key with the challenge provided. This particular implementation was chosen, rather than letting the attestation record be generated at the same time as key generation, to avoid having the attestation chain stored in Keystore and associated with the generated alias. The rationale is that this is a key that is potentially accessible by multiple applications and the attestation chain may end up being sent as a TLS client certificate chain, for example. As the attestation challenge should be unique per device, to avoid the potential of sending / sharing unique device information, by explicitly requesting an attestation record after key generation, the attestation record is only returned to the generateKeyPair client and not persistend in Keystore. Bug: 63388672 Test: New CTS test to be run with: 'cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG' Change-Id: I95a9aef179173b571b533301ac438c675e8fe702 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
08841efcdf4ff8cf5d743fd5f6f995730b5f876f	23-Nov-2017	arangelov <arangelov@google.com>	Add profile owner transfer functionality. Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.TransferProfileOwnerTest Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest Bug: 69542817 Change-Id: I824fcb334e0ca3157fb67920f7583b309a14bf85 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
0de748d833bef8e08329ef1abb9b681391e34ac8	15-Nov-2017	yuemingw <yuemingw@google.com>	Implement DevicePolicyManager.setSystemSettings. b/67627818 Bug: 67627818 Test: runtest -x services/tests/servicestests/src/ com/android/server/devicepolicy/DevicePolicyManagerTest.java design doc: https://docs.google.com/document/d/ 1rvEg5jE3lMhjH-OA0iTLBUY2opM96fg7BrP81MoPnmg/edit# Change-Id: If5f5c280957085480872f2d59ed59309cf288145 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java
031a2f1aafbc4e39ab5601567862d498e8949538	16-Oct-2017	Lenka Trochtova <ltrochtova@google.com>	Make DevicePolicyManagerService more customizable (per-device). Add a config to override the DPMS implementation class to be instantiated from the Lifecycle. Add a hasFeature method to the Injector class. BUG: 63753860 Test: manual with TestDPC Change-Id: I71ef518c49b2233744defdfb7c31019cb228d678 /frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java