| c2176389a68fdd48fd41d0e3ca7efef2c9fcf557 |
15-Aug-2017 |
Tony Mak <tonymak@google.com> |
DPC should not be allowed to grant development permission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant
Test: Run "Permissions lockdown" test in CtsVerifier
Merged-In: If83d8edd0eea99145421e967ae47fdc264a5cf7c
Merged-In: I129bfe850981cf0b3646b7c1cf19c8a3ec69f512
Bug: 62623498
Change-Id: Ief96a23fa49f1ea923574840f8ff590a5ea2456e
(cherry picked from commit bd0dcada2a545760033cb638b397d2dc51cca5f2)
evicepolicy/DevicePolicyManagerService.java
|
| 542bba3f35775c48aca35e959a2eb213b2697c43 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading.
Saving device policy managers settings to clear out
password stats was happening before initializing mAdminList
so could wipe active admins.
Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 34277435
Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e
(cherry picked from commit adbda7474cc1968b66e9948aee566dc346e71340)
evicepolicy/DevicePolicyManagerService.java
|
| f806d65e615b942c268a5f68d44bde9d55634972 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev
fix conflict in nyc-mr2-release
Change-Id: I97ef31536cd06495a08a3f94f81df2d1376186e0
evicepolicy/DevicePolicyManagerService.java
|
| 0f2c853889f382d5ea321028b5bd40dd74db25a3 |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev am: 42f2e80293 am: 824c8284ce am: 72074e3ab9
am: f85a20702a
Change-Id: If9e569ba66dc9e5876fab5ffd2a6c9b0a9fb923b
|
| f85a20702aaefcf06769f007a4a6a786a71df5da |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev am: 42f2e80293 am: 824c8284ce
am: 72074e3ab9
Change-Id: I1cd4db65e0fe8c92628f22f94fe937cf64f2da04
|
| 72074e3ab91f60105b9b3e15f7b05d3979854fe9 |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev am: 42f2e80293
am: 824c8284ce
Change-Id: If4dfa2d7af980c91ec3d3f8faa7e7f4a39350c82
|
| 824c8284ce3734ae7b37bcad5b4251861d94f27b |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev
am: 42f2e80293
Change-Id: Ic167e10a205b5c8f9df81cd20a6f08359d3807f4
|
| d78a0d21cb7b845be55a7d7e917be249d606a69e |
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Allow any device with a device_owner to execute setDeviceOwnerSystemPropertyLocked().
am: 735b4dc0af
Change-Id: I5c8ca6d0a63af83cde91c17d10a634469c726442
|
| 735b4dc0af2571926d4ca573377881959237a6a4 |
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Allow any device with a device_owner to execute setDeviceOwnerSystemPropertyLocked().
BUG: 34824902
Change-Id: I95fbe0a352c48a3fff5af57b91325901a16d3d89
evicepolicy/DevicePolicyManagerService.java
|
| 66af3515dee796d8303c313ca999ee957675c310 |
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked()
am: c7b18342ea
Change-Id: I692fee4165de9a274d8eb8f0deaf49762974bb22
|
| c7b18342eafa53a741e3e8d8cfc85f35f9416b12 |
08-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked()
BUG: 34824902
Change-Id: I49d4d7043829862e1abacb3f400a6690f454d6c0
evicepolicy/DevicePolicyManagerService.java
|
| ca53b27c3407e71b74a7771f2d03ad111e2dcca2 |
06-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Fix uri permission grant on remote bug report uri
System server is no longer allowed to grant uri permission directly. As a result
we use grantUriPermissionFromIntent() to grant permission from the shell UID,
who is the owner of the bug report content.
Also fix a security bug where the broadcast to notify user consent of remote
bug report mismatches the <protected-broadcast> definition, causing it to be
sendable by anyone.
Bug: 34159108
Test: manual - Install TestDPC and request bugreport, try accept and decline
once the report is ready (Bullhead).
Merged-In: I66e3f2a16d4547549f09d3c96d52aed2330caedf
Change-Id: I66e3f2a16d4547549f09d3c96d52aed2330caedf
evicepolicy/DevicePolicyManagerService.java
|
| f1e276384dddcef7c28080c88696707b4a52442f |
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc am: 01f971dcdc
am: 963cba5b5b
Change-Id: I3a1421f656d1a90970eac6156e0840625662fb17
|
| 963cba5b5b1feea9d66239df6e86fa21c32fd6fd |
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc
am: 01f971dcdc
Change-Id: If5f5e5d47b97e2b8480adc5ca2cb08702056ca87
|
| 01f971dcdc836b487e31ff064143a4593afa149b |
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am: 2317451acc
Change-Id: Id3441141d4feea4c7291350c9670bd59ec017240
|
| 2317451acc84174cbe30d1899428d1b2953a4363 |
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Test: Manually tested wipeData() with ApiDemos, both on 1) the primary user,
2) a secondary user and 3) work profile.
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Bug 30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Merged-in: Ia832bed0f22396998d6307ab46e262dae9463838
(cherry picked from commit efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee)
evicepolicy/DevicePolicyManagerService.java
|
| efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee |
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Test: Manually tested wipeData() with ApiDemos, both on 1) the primary user,
2) a secondary user and 3) work profile.
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Bug 30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Merged-in: Ib97a92a6af87a5589d2643b9ae0522395735e1a5
evicepolicy/DevicePolicyManagerService.java
|
| 1710e5f0794466cdd293e8fd883dc4b8ea0491b7 |
25-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Change batch finalization timeout mechanism from
Handler#sendMessageDelayed() to a wakeful alarm
Messages sent with Handler#sendMessageDelayed() didn't get delivered
until the device woke up after being idle, which resulted in
potentially very long windows of logs accumulation and highly possible
network log loss from before the device becaming idle.
Bug: 34157435
Test: manual with decreased timeout over a few timeout iterations
Change-Id: I22d9cc743acb1a478d2da5407c5718e7f95e89cb
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLoggingHandler.java
|
| 189463286449b618633ea928de39113499a08c03 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a am: b275a205af
am: ee9f03d1ed
Change-Id: Ic724588cbab8d4282eeb5bc806f8c67791189a05
|
| ee9f03d1ed263d975fea213453204729ec80730f |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a
am: b275a205af
Change-Id: I01487d9c39f4e82b63961cdd43df238f2bfd2b89
|
| b275a205af6014c67a34507240ce0fc1026815b5 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading.
am: f98ed6863a
Change-Id: I7f816c164548df86f9607c86772902efd0d53620
|
| f98ed6863a7f64c535a66006852a934b05d550bc |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading.
Saving device policy managers settings to clear out
password stats was happening before initializing mAdminList
so could wipe active admins.
Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 34277435
Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e
(cherry picked from commit adbda7474cc1968b66e9948aee566dc346e71340)
evicepolicy/DevicePolicyManagerService.java
|
| adbda7474cc1968b66e9948aee566dc346e71340 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading.
Saving device policy managers settings to clear out
password stats was happening before initializing mAdminList
so could wipe active admins.
Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 34277435
Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e
evicepolicy/DevicePolicyManagerService.java
|
| 3c9b36482f0120756ddcc3b6fe5f57d3136c7902 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev am: eb35ad9969
am: 3aac3ebee1
Change-Id: Id7be6d9656b292ec1bf526750db8081022267c4a
|
| 3aac3ebee1079ba56afde5d149b0653c891cb5a8 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev
am: eb35ad9969
Change-Id: I4fd9ce4c79db5a10f28008c89205fc9c8ef2888f
|
| eb35ad9969a173ac4d6279a5e322e8176c2ae6d1 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev
Change-Id: I97ef31536cd06495a08a3f94f81df2d1376186e0
|
| ad4aa1ce7d3dd2dd8d5690eb2f7653ca3c27000e |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of e4cefbf4fce4 to nyc-dr1-dev
Change-Id: Ib536a33ba381c28397320edd516d52727e5bdacc
|
| 4da4a5d0c8f9b0179636257e19c99a55a9ece353 |
12-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] Improvements to the network logs batch finalization mechanism
The full batch will still be available to DPC if there were no
network logs pending.
Added some more debug logging to better investigate the issues.
Test: manual for both cases - pending batch was empty and non-empty,
with locally decreased timeout
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser
Bug: 34245471
Bug: 29748723
Change-Id: Iee229d74d4b0a06025b305a15687f336a0aa337e
evicepolicy/NetworkLogger.java
evicepolicy/NetworkLoggingHandler.java
|
| e4cefbf4fce458489b5f1bebc79dfaf566bcc5d5 |
02-Dec-2016 |
Andrew Scull <ascull@google.com> |
Don't save password metrics to disk.
On FBE devices, don't save the metrics to disk but compute them when the
password is first entered and only store them in RAM.
Merged-in: 5daf273b7e3272269c53eda20ce494d0e7a365b5
Bug: 32793550
Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
evicepolicy/DevicePolicyManagerService.java
|
| df7bfcfc22fd131623e081f98f2c8c0fd33655c8 |
10-Jan-2017 |
phweiss <phweiss@google.com> |
Add ticker text for network logging notification
Set ticker text to title for accessibility.
Bug:31207965
Test: manual
Change-Id: I0b78f9e6464dd470b74e0db97813623b335835d9
(cherry picked from commit d4a54bbfd1902dccb0e4de03f15bfbbba50b9531)
evicepolicy/DevicePolicyManagerService.java
|
| 971236480c2a95db94b073877c8595c274d28893 |
09-Jan-2017 |
phweiss <phweiss@google.com> |
Dismiss network logging notification when disabling logging
Bug:34116213
Bug:29748723
Test: CTSVerifier in a separate CL.
Change-Id: Ie652505ff57665f626712c67837577833f1595d6
(cherry picked from commit 82ed31c1efeb98acba60d79d1fc0a291b1440dc2)
evicepolicy/DevicePolicyManagerService.java
|
| fd24353d75adbb0237fa13d209abe6b790535b8b |
15-Dec-2016 |
Makoto Onuki <omakoto@google.com> |
Get account features before taking lock (cherry-pick from master)
Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest
* without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 *
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Bug: 33481725
Change-Id: Ie2fe9aea87d1a7167581f4cd74ae063ef24a4567
Merged-in: I1e4dd9701a76ca366f86fdaf2fc6c282e9dbe5c1
evicepolicy/DevicePolicyManagerService.java
|
| 923d2cc9d9915b18a8d29e9087add48dbe820eeb |
14-Dec-2016 |
phweiss <phweiss@google.com> |
DO NOT MERGE Show notification when network logging is enabled
A notification is shown after network logging is enabled
and after the next three reboots that are at least one day apart.
Clicking it sends an intent to quick settings to shown its device monitoring
dialog.
Cherry-picked from master.
Bug: 29748723
Bug: 33126577
(cherry-picked from commit a0cb251ca6a8ea8df17ff8089573bc50f2f1849f)
Test: Manual, CTS-Verifier tests will be added later
Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
evicepolicy/DevicePolicyManagerService.java
|
| f84f98c4e2fc1b49e441ac0a63cd1abac2c03a51 |
19-Dec-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "DO NOT MERGE Add network logging icon to Quicksettings when enabled" into nyc-mr2-dev
|
| c94b63730584dd4dd2e1c19266d6bbe1bbf56174 |
24-Nov-2016 |
phweiss <phweiss@google.com> |
DO NOT MERGE Add network logging icon to Quicksettings when enabled
Add the network logging icon in Quick Settings' footer if
network logging is enabled, possible next to the VPN icon.
Quicksettings has to be able to tell that network logging
is enabled, so this CL changes DPM.isNetworkLoggingEnabled() to be
callable from the device owner or from any app with the MANAGE_USERS
permission.
The icon is only a placeholder until the official icon is finished.
CTS Verifier tests will be added when all Network logging UX changes are
done.
Cherry-picked from master, and then modified to work in N:
I had to remove the QSFooterTest change because the testing infrastructure
is not there in N. Also, I had to add DPMS.enforceDeviceOwnerOrManageUsers()
to which did not exist in N before.
BUG: 33126618
BUG: 29748723
Test: Manual, CTS-Verifier tests will be added in a follow-up
(cherry picked from commit a4e169ed68ee57aa249e5e79fcd6bff5df46199e)
Change-Id: Ib35d323605ab11f883a4b6199d1db79b9e53c49b
evicepolicy/DevicePolicyManagerService.java
|
| a775ad997bac7a46140a56a4ab7ad0c464b32495 |
16-Dec-2016 |
Michal Karpinski <mkarpinski@google.com> |
Initialize AtomicBoolean for NetworkLogger#mIsLoggingEnabled
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser
Bug: 29748723
(cherry picked from commit e4dfd2d0028ff1c7088ec58a4d3eaf8f222311e6)
Change-Id: Ib175f1d57093590b0080f32dc5f6c60ea50066e0
evicepolicy/NetworkLogger.java
|
| 92cd0ce92d92f1ebf94aa19b3ce19c76e4f53366 |
15-Dec-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Make NetworkLogger.mIsLoggingEnabled an AtomicBoolean
Fixes a potential race condition - when enabling/disabling the logging
some events might have been lost.
Bug: 29748723
Change-Id: I8a436d525393b2314805e287eddcea26d4ec073b
evicepolicy/NetworkLogger.java
|
| c4e7c320631446e25909635f2d49022a5bf9948d |
25-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Logging when the new batch of network logs broadcast is sent to DO
Test: this only adds a log message
Bug: 29748723
(cherry picked from commit bcf1c58ec25f275fa25f8aab1c265da868e64e29)
Change-Id: Iad57528c60f35d4820a2f0196cccc92f7c4d3830
evicepolicy/NetworkLoggingHandler.java
|
| 504fa62f9ec2eab7e6ec88002735940575c89f08 |
16-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Disable DO single user features when clearDeviceOwner() is called
regardless of the amount of users
Bug: 32901196
Bug: 29748723
Change-Id: Ie419b5e496e23656cbe5436942d9aba402bfe68e
evicepolicy/DevicePolicyManagerService.java
|
| 5c64223da4265aef87a63f7a04dab313eb345e14 |
15-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Fix disabling DO single user features when clearDeviceOwner() is called
We should disable those features before the DO is actually cleared.
Bug: 32901196
Bug: 29748723
(cherry picked from commit c44e67961170ddfb668372dc6e9ce6b391e3740f)
Change-Id: I74679abc26753585f302f3d52bca81fe21e2e668
evicepolicy/DevicePolicyManagerService.java
|
| 896b9db8ed14bdfa88d5dce96405361e78dee80e |
14-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] Minor code fixes in NetworkLoggingHandler
Added a comment and renamed field to follow mConvention.
Test: will be CTS tested once APIs unhidden
Bug: 29748723
(cherry picked from commit aabe96db87838501d3abeb96c25a4b1c50b9c12c)
Change-Id: I7ef118723d13ce1d313c3c56299c2dca2411eee6
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLoggingHandler.java
|
| bbf352a2c136bfeb1fa7ad751df75d3069e9fdb0 |
03-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] DO uses batch token to retrieve network logs, and can retrieve
the same batch many times
This allows DO to:
a) know that some logs were dropped (by trying with token and not
getting anything)
b) know how many logs were there in each batch (useful especially
for the dropped ones)
c) retry batch retrieval if it failed
Test: will be CTS tested once APIs unhidden
Bug: 29748723
(cherry picked from commit a9ff206af26871695bfce54969428b8ad03e31e6)
Change-Id: Iac10e61cdf3b100719a9c029ff897bd5ef5c8e2f
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLogger.java
evicepolicy/NetworkLoggingHandler.java
|
| 4c47adef60ca0326bdbe124dfdd335382e5c0787 |
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] Management and retrieval of network logs
This CL follows up on ag/1530343 and adds:
1) Various network events.
2) Retrieval method in DPM and APIs in DeviceAdminReceiver.
3) Extension of NetworkLogger and it's NetworkLoggingHandler.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java
Bug: 29748723
Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLogger.java
evicepolicy/NetworkLoggingHandler.java
|
| c3abd34cfed63d5b71366901d19f6d9cd8319306 |
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] DO can start network logging and listen for events
This CL adds:
1) Setter and getter in DPM to manipulate logging switch (retrieval
method to come in a subsequent CL(s)).
2) A way for DPM to register to listen for events.
3) Skeleton of NetworkLogger class (more to come in subsequent CL(s)).
Bug: 29748723
Change-Id: I5c04662ccc6febd2ba294b0eaca1ed1da9c16e47
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLogger.java
|
| 34fb70ab88408b629350a80f6f68648a95db62bf |
01-Nov-2016 |
Greg Plesur <plesur@google.com> |
If the current device is a watch, fix DeviceOwner/ProfileOwner logic.
In this case, don't require the device to have gone through the
Setup Wizard before disqualifying DO/PO if there's an incompatible
account on the device.
BUG: 32438704,32438210
Change-Id: I6858db13c8df6e95d01d18a903f4343f70370e8b
evicepolicy/DevicePolicyManagerService.java
|
| bc755da55cc00110a3c77b013c350a9b62c1f1cd |
14-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant
am: 6dbf67fc48
Change-Id: Iacbe9a2de7024e29e9c2c98594ebca828b855a43
|
| a6b3caf58e8ab18f4c3164afb8fba25e9954198b |
14-Oct-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Don't expose default strong auth timeout as constant" into nyc-mr1-dev
|
| 216ee1f0e76f6a36bebb5490c951db2a5513ae03 |
13-Oct-2016 |
Greg Plesur <plesur@google.com> |
Merge "DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should return 'false' for Wear devices after pairing/upgrade." into cw-f-dev
|
| 35144049846e115b7d1e03fb6c935ed497d83cb2 |
10-Oct-2016 |
Greg Plesur <plesur@google.com> |
DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should
return 'false' for Wear devices after pairing/upgrade.
BUG: 32019375
Change-Id: I2563efe58c98c5dd8440891e478c89e093d8d9ac
evicepolicy/DevicePolicyManagerService.java
|
| 98a145b5afb71b5fb95092d9df0e6453dad77f79 |
13-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Revert "Fix backup for users hit by erroneous backup disabling"
am: 9f61d17e6a
Change-Id: I460fbb670fbc7a724c981c4fceae0048ff4c9ded
|
| b24489e20aefaaaeb8251491fc5845b555952139 |
13-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Merge "Revert "Fix backup for users hit by erroneous backup disabling"" into nyc-mr1-dev
|
| 6dbf67fc4889c49151415e986be98f70816f81ec |
06-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant
The admin can instead use the value of 0 to reset to default.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Bug: 31430135
Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c
(cherry picked from commit 943aabd11cce3ab453762d3912395363720e1f5d)
evicepolicy/DevicePolicyManagerService.java
|
| 9f61d17e6a41e80732fb78a8a8fb723b92498a15 |
05-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Revert "Fix backup for users hit by erroneous backup disabling"
BUG=31754835
This reverts commit 1975021d88da6623a570a6ddab8b2397b1c0e59f.
Change-Id: I5cf7862126755a34cf3b4d70436529401fddc87f
evicepolicy/DevicePolicyManagerService.java
|
| cfaef4287d87e8c7d8faf0f6605c5a9f02f1b4fd |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix logic in disabling BackupTransport in DO mode.
am: bbaadc0166
Change-Id: I89c0a7fb44bc50efedf2e8dc5eabaa4711b2687b
|
| 56d7022d48d67b133491dd803876c632d4aae87a |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix backup for users hit by erroneous backup disabling
am: 1975021d88
Change-Id: I4421e9642c2e89bf17535ef3212617d268c1c9d2
|
| cd339f211ae976d0ffeaffcceb178b45804556a9 |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Merge "Fix logic in disabling BackupTransport in DO mode." into nyc-mr1-dev
|
| 1975021d88da6623a570a6ddab8b2397b1c0e59f |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix backup for users hit by erroneous backup disabling
BUG=31754835
Change-Id: I89dd08b7958dd8fe20d70bc50f2c89996ae46cc5
evicepolicy/DevicePolicyManagerService.java
|
| bbaadc01663495736fa597305525e874a896ade4 |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix logic in disabling BackupTransport in DO mode.
We were disabling backup in consumer mode as well.
BUG=31754835
TEST=android.content.pm.cts.shortcuthost.ShortcutManagerBackupTest
Change-Id: I42e5cfa512fda1b471eb62c7eb8bc346383da2fa
evicepolicy/DevicePolicyManagerService.java
|
| 2f78ab5387341982b81259ec574cfca09ee7085a |
23-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message.
am: 6ad5f92512
Change-Id: Ieab914cf8538e3086fb32cc351e45e6a5c2017c5
|
| 18fb24c5d3e8f9e2a66e78f13a7fa2567fbd3231 |
23-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix DPM unit tests, also fix a log message." into nyc-mr1-dev
|
| 369672b8bb5e65ad926314c6d6a1c0e28c3e2d1b |
23-Sep-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fingerprint Strong auth timeout
am: 0b72a722ed
Change-Id: I70a4c0288aa2d98c02706a055a5dda710ace2ae2
|
| 69659cb96df2b149bbb0577179f16712054a8bc2 |
23-Sep-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Fingerprint Strong auth timeout" into nyc-mr1-dev
|
| 8a4808526741b8058a361e5c8aad810b0e412802 |
22-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Add DevicePolicyManager.setBackupServiceEnabled as hidden API.
am: 5a122a1ce9
Change-Id: I134891f0b24cc666c34ae54cb3c937ba2f16648e
|
| 6ad5f92512462f774a2ff7e59abdf5edbfd215b3 |
19-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message.
Bug 31446501
Change-Id: I37debbe2f4e983fb8bad026f8dd9bd91b7448dce
evicepolicy/DevicePolicyManagerService.java
|
| 0b72a722edacfd790178a2a6183bb985656b2887 |
21-Jun-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fingerprint Strong auth timeout
Allows PO and DO configure strong auth timeout for fingerprint.
Bug: 31430135
Change-Id: Ie6451d49aa95527adc3720d9a2a0848f58940510
(cherry picked from commit 8f010dd25d18151cc47accc7d853b4f8f7fe8491)
evicepolicy/DevicePolicyManagerService.java
|
| 5a122a1ce90c8c09fd579147061cb7b4cd8b23e9 |
06-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Add DevicePolicyManager.setBackupServiceEnabled as hidden API.
BUG=28628532
Change-Id: I48c3423734e54b6a4d70e58d50c98c3e17790e0d
(based on a8202524608a4fc9178e6b18e13602c5a8abb404)
evicepolicy/DevicePolicyManagerService.java
|
| c146ed5d2611c09bc90005c0c982c00d36ec4dfa |
12-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Persist package's test-only flag and always use it
am: 46ea8e7f9d
Change-Id: Ib6a24171828bbdf884c9d71ab8c07622a8f1fddb
|
| 46ea8e7f9d24d1fab4824f570400d6fb7bf355e0 |
09-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Persist package's test-only flag and always use it
Bug 31382361
Change-Id: Ie48aba5827074d2a6efb6966f61af30444376384
evicepolicy/DevicePolicyManagerService.java
|
| 12c4d4132f6bab5eecfb7b8fc8cfdc55e0f8ab77 |
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2 am: ec5ceae174
am: 32daa7a95c
Change-Id: I8580890ee0fcd6b1fb80352b4437d2a1379dfaee
|
| 32daa7a95cd49cbedf00c006cf80929518cc5465 |
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2
am: ec5ceae174
Change-Id: Ic4bbce08944881f0d20a08c1ebb4db5531208f23
|
| ec5ceae1743b64822cb7ca35d5938109a8beb370 |
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass
am: 0737c2b4c2
Change-Id: Ia76391f710e42e9634010bd211a0370230b318e3
|
| 9d46e5e044541bbe470ae72074a7aa18b862c827 |
07-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Allow DO/PO to be installed with certain preconfigured accounts.
am: 5e7e0670c7
Change-Id: I9191a60bf4071b8205c04131cb2d97ef1a32fb19
|
| 5e7e0670c7b4b0f15c812fc83991afcc7fa24bf9 |
02-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Allow DO/PO to be installed with certain preconfigured accounts.
- Non-test-only DO/PO still can't be installed when there are
accounts.
- Test-only DO/PO can be installed even when there are accounts,
as long as all the accounts have the
"android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED" feature.
Some authenticators claim to have any features, so to detect it,
we also check android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED
and disallow installing if any of the accounts have it.
- Also add logs on certain important events in DPMS.
Bug 28928996
Change-Id: I62efce10e9cc22e994ea8cae91a4fafcce25dd77
evicepolicy/DevicePolicyManagerService.java
|
| 0737c2b4c2ae6415eced00926235f848d1957bae |
08-Aug-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass
Bypassing work challenge in freeform mode was trivial by just keeping
work apps open in freeform mode and then switching focus to them from
another app.
Because the only interception point is startActivity this never
triggered work challenge.
The solution is to trigger the check on focus change events and also to
allow passing the result back into the freeform stack instead of dumping
our user out into the homescreen.
Change-Id: I141ecf90b5f0e708a21d27141b6fec6074e5d475
Fix: 30693465
evicepolicy/DevicePolicyManagerService.java
|
| fce4b4acfc7dd4408ff60e898313406495facbf0 |
25-Aug-2016 |
Andrew Scull <ascull@google.com> |
Only check password length for relevant qualities.
am: 83ab85410b
Change-Id: I89354ab06c70fd7b23d32aeebf84df85f6375765
|
| b038c4f617ef15d5f691adee51e5684677e3073e |
25-Aug-2016 |
Andrew Scull <ascull@google.com> |
Merge "Only check password length for relevant qualities." into nyc-mr1-dev
|
| 67d9c792a8122204775e2e18289fe1b7ce0c2693 |
08-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Merge "Fixing NPE in device policy tests" into cw-f-dev
|
| 68a2a0feed79e8e8928785461740525f6e384960 |
05-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing NPE in device policy tests
Bug: 30224255
Change-Id: I5c21f8d0e5660cca1cf7861649195672348f802c
evicepolicy/DevicePolicyManagerService.java
|
| 9704e409dfe1c1fc582d98837f2a315886a1cd61 |
05-Aug-2016 |
Suprabh Shukla <suprabh@google.com> |
Not trying to remove admins already being removed
If someone calls removeActiveAdminLocked more than once, it is possible
for the device policy data to end up with more than one copy of an admin
in the list mRemovingAdmins. Due to extra entries, once the admin
component is removed, it is not being allowed to be set as an admin again,
until the device reboots or mRemovingAdmins is cleared from the memory
due to some other reason. Fixing this by making sure we do not add
duplicate entries to mRemovingAdmins
Bug: 30369197
Change-Id: I1d53c41312171425bbd6e6e4153148276f1b098d
evicepolicy/DevicePolicyManagerService.java
|
| 83ab85410b98bb6e4e01be5db54ec244aeeb3182 |
20-Jul-2016 |
Andrew Scull <ascull@google.com> |
Only check password length for relevant qualities.
The minimum password length is only required for certain password
qualities so only check the minimum length in those cases.
Bug: 30109030
Change-Id: I330c88fc0b22179e126fc1241a9c58d5e0d73e8e
evicepolicy/DevicePolicyManagerService.java
|
| c1205111a92b52283078f1a2e86c8d32c5928b92 |
22-Jul-2016 |
Tony Mak <tonymak@google.com> |
Persist master volume mute across reboot
Fix: 30133263
Change-Id: I53450a504e40e55516acc88550f369a74a244eaf
evicepolicy/DevicePolicyManagerService.java
|
| 0b4b58f5077562c8f2d084974d001d0f714bcaad |
16-Jul-2016 |
Makoto Onuki <omakoto@google.com> |
Remove the DMAgent whitelisting
Bug 30075554
Change-Id: Ib089353ff9f58eb175a7b5d9addfb371655afc6b
evicepolicy/DevicePolicyManagerService.java
|
| 2aa9bab8a1edd7a9dc62f4a2ae51defa026a7de6 |
11-Jul-2016 |
Benjamin Franz <bfranz@google.com> |
Add hidden API to store whether provisioning config has been applied
Bug: 29629204
Change-Id: Iaf4164357868b17dbc6615a77babb0e7cbc183b7
evicepolicy/DevicePolicyManagerService.java
|
| 790d198860dc550f2dbaa5ac502cbcda1f8530c9 |
07-Jul-2016 |
Mahaver Chopra <mahaver@google.com> |
Add an api to verify if ro.device_owner was set
Currently for OobConfig app we used DEVICE_PROVISIONED Global setting to
verify if device was provisioned. This setting can be modified using
adb. we just need to know if it was set atleast once. Added an api in
DPM to return whether system property "ro.device_owner" was set.
Bug: 29935702
Change-Id: I9a2b5217c0bc2cc11d68282e05a5450ea3f6cf21
evicepolicy/DevicePolicyManagerService.java
|
| ca081ca39642e507588e284dfe98ff3ad4bc12d1 |
06-Jul-2016 |
Rubin Xu <rubinxu@google.com> |
Bump ACTION_CHOOSE_PRIVATE_KEY_ALIAS broadcast to foreground
Bug: 29966726
Change-Id: Ifdbdd26df40518d9e50f9a0b0dfc5c01cb9accb2
evicepolicy/DevicePolicyManagerService.java
|
| f8c04cbe959e6bb6fed2c2779ad45185f66b8855 |
28-Jun-2016 |
Suprabh Shukla <suprabh@google.com> |
Enabling auto-ota in retail demo mode
Bug: 29542384
Change-Id: If7c94cf8a8e5851011f23dc5d64fc795f9a07b22
evicepolicy/DevicePolicyManagerService.java
|
| d04aaa323c3a788d26f18fc66e0a59b47e525b38 |
13-Jun-2016 |
Amith Yamasani <yamasani@google.com> |
More thorough cleansing of expired users
If any /data/system_[c|d]e folders were not erased
when the user was removed (maybe due to a reboot),
make sure they're cleaned up on restart as well
as when the userId is recycled later.
Mark the users' system folders with the correct
serial number for later verification.
AccountManager shouldn't be querying accounts of
partially created/destroyed users.
Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb
Fixes: 29285673
evicepolicy/Owners.java
|
| 26704957fe48d75a5b4f3a51cff520a9e4d8b82c |
13-Jun-2016 |
Makoto Onuki <omakoto@google.com> |
Don't take the DPMS lock in DPMI.createPackageSuspendedDialogIntent
This method is called by AM with the lock held, so can't take the
DPMS lock.
It still takes a different lock, but we don't call into the external
world while holding this lock, so this is fine.
Bug 29242568
Change-Id: Idbecdd7d97385ca66c693903443471fdbae833e6
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| c29f62c7388f550da2c7368c5dbc0aec7d1564fe |
07-Jun-2016 |
Makoto Onuki <omakoto@google.com> |
Push DO/PO package names from DPMS to PM
Bug 29126573
Change-Id: I95ea1559f6acf5d2f0e1b0953568cdfc938e83b9
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| 90c9dbc91910a77b8660ec66de0725aee472e0ab |
31-May-2016 |
Ricky Wai <rickywai@google.com> |
Do not get device owner admin info when device owner is null
Bug: 29043723
Change-Id: I355c549f891a5e71f654f42ed16a7139da86482a
evicepolicy/DevicePolicyManagerService.java
|
| 977ade26dd8bc6a442be2db2470459058246844f |
24-May-2016 |
Ricky Wai <rickywai@google.com> |
Do not allow DPM.resetPassword() when child profile exists or user is locked
Bug: 28878708
Change-Id: Iaae2a9ba9c7c0ff388264c474c78a0dcd9fec258
evicepolicy/DevicePolicyManagerService.java
|
| 12753ded44813a77a4cad5114d34345bec7b21ef |
23-May-2016 |
Victor Chang <vichang@google.com> |
Fix Certificate authority installed notification is gone when turning off and on the work mode.
cause: Work mode is turned on before entering USER_STOPPED state.
Thus, BOOT_COMPLETED broadcast is not sent, but the notification has been dismissed.
use USER_STARTED + USER_UNLOCKED because both are foreground.
Bug: 28864104
Change-Id: I4796b61586e194d8367b9e52a9c56f858cbcbe7d
evicepolicy/DevicePolicyManagerService.java
|
| 93f8fd714ad89067bf81d2ce8be3b2f2e816dee2 |
05-May-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update RestrictedLockUtils to use UM.getUserRestrictionSource.
Bug: 28269827
Change-Id: Ib4a1441b71986ca6637a9236136b60e18dbc1643
evicepolicy/DevicePolicyManagerService.java
|
| bc73347152a3562a7f957a07433d64912f4acd83 |
17-May-2016 |
Robin Lee <rgl@google.com> |
Merge "Skip 'network may be monitored' if dying or locked" into nyc-dev
|
| 820ae5a47587f3d0a7bc4be9acb1c46c590c9860 |
12-May-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing a NPE in DevicePolicyManagerService
Bug: 28786940
Change-Id: I73de8dea9221765ed0751039f3d472cf78d341af
evicepolicy/DevicePolicyManagerService.java
|
| fe47b6eefa266e2a43294f6472e58698be711ee2 |
13-May-2016 |
Robin Lee <rgl@google.com> |
Skip 'network may be monitored' if dying or locked
KeyChain isn't direct boot aware & attempting to bind to a service
inside a dying user isn't going to end well.
Change-Id: I5a0acc34f98c39705ec404765c87e7ac61ca9b71
Fix: 28725354
evicepolicy/DevicePolicyManagerService.java
|
| 090b5a8e8c6cbe069c9818eda25b1976da6426a9 |
11-May-2016 |
Victor Chang <vichang@google.com> |
Merge "Fix ConfirmCredential is not presented before trusting cert installed by PO/DO" into nyc-dev
|
| 8560a7c2a1681276ccf8cb04dfd02bfea6251af4 |
09-May-2016 |
Victor Chang <vichang@google.com> |
Fix ConfirmCredential is not presented before trusting cert installed by PO/DO
- TrustedCredential is responsible to show ConfirmCredential
- Show the MonitoringCerInfoActivity in personal side instead to avoid showing work challenge
- put user id into extra
Bug: 28619980
Change-Id: Iedbc0b721ef56675f3c9eb6f1d12daf1222ad080
evicepolicy/DevicePolicyManagerService.java
|
| 0fb6b9e18c4f9fad98c426ace0190017e8b2060a |
04-May-2016 |
Rubin Xu <rubinxu@google.com> |
Guard retrievePreRebootSecurityLogs with config flag
Bug: 28160645
Change-Id: Ifce884c319019758dfaaa39bc239e9f30962c920
evicepolicy/DevicePolicyManagerService.java
|
| fc0810b4d47b3cd679c5c761eb225be3d1351060 |
05-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Merge "Revert "Don't enforce this API - it's not sensitive"" into nyc-dev
|
| 9de713d42269a5888d31423b74d4203dce382853 |
03-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Revert "Don't enforce this API - it's not sensitive"
This reverts commit 895504e55788c5c7fd90830dcf01c41a79ca7fe4.
Also adds a change to device manager to prevent failure there
as in the bug below.
Bug: 28512889
Change-Id: I4a445ec365133e9e2764e2d625d61fc6ee2008ec
evicepolicy/DevicePolicyManagerService.java
|
| dc67971a996c447c71ceb9ad983c79c96f598bcc |
03-May-2016 |
Robin Lee <rgl@google.com> |
Add lockdownEnabled parameter to always-on VPN API
Allows callers to opt-out of blockading network traffic during boot and
on VPN app failure.
Bug: 26694104
Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
evicepolicy/DevicePolicyManagerService.java
|
| ce18c8167766f92856f94a8e88e19de4698960e6 |
28-Apr-2016 |
Jeff Sharkey <jsharkey@android.com> |
Introduce "unlocking" vs "unlocked" nuance.
There is a narrow window of time during user unlock where we're
reconciling user storage and dispatching the "unlock" status to
various internal system services. While in this "unlocking" state,
apps need to be told that the user still isn't actually "unlocked"
so they don't try making calls to AccountManager, etc.
The majority of internal services are interested in merging together
both the "unlocking" and "unlocked" state, so update them.
Clarify naming in AccountManagerService to make it clear that a local
list is being used, which mirrors the naming in MountService.
To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch
after the user is unlocked, but block BOOT_COMPLETED dispatch until
after all PRE_BOOT receivers are finished to avoid ANRs.
Bug: 28040947, 28164677
Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
evicepolicy/DevicePolicyManagerService.java
|
| c0440e5f4dfa695d2347c68bbec787d3e16847eb |
22-Apr-2016 |
Victor Chang <vichang@google.com> |
Merge "Deleting lock screen clears all CA approvals" into nyc-dev
|
| dc068eba6f577b0ec37f5830df5c19f4ff2e85cf |
21-Apr-2016 |
Victor Chang <vichang@google.com> |
Deleting lock screen clears all CA approvals
When both screenlocks for profile user and parent user has been removed (both set to none),
remove CA approvls on that user, and show the "Certificate authority installed" notification.
Bug: 28161447
Change-Id: I3c78dc5cfcdf7c02c91b64abe44984ee790d8f3e
evicepolicy/DevicePolicyManagerService.java
|
| 38dcca51a739d3273b24e84ba5e89e505f45960c |
19-Apr-2016 |
Kenny Guy <kennyguy@google.com> |
Add test method to remove admins.
Add test method to remove admins that declare
FLAG_TEST_APP without informing them.
The method will also remove the device and profile
owner status of the admin.
Bug: 28027468
Change-Id: Idb4d3299a9c6595c94bfb424546cd8a384131835
evicepolicy/DevicePolicyManagerService.java
|
| fd580f7d1a5a19b062bea49602f0f6136bce7e5e |
13-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update {set,get}{Long,Short}SupportMessage APIs to use CharSequence." into nyc-dev
|
| 1271cef419bdb7577f64b1dfa05d5678df706ef5 |
13-Apr-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "API polish in DPM for organization color and name methods" into nyc-dev
|
| caf566a5372b05230885b787997b98ff4508eadd |
13-Apr-2016 |
Victor Chang <vichang@google.com> |
Merge "Update display text in cert notification" into nyc-dev
|
| 74cd73079c6901f7e081fcac744a2597ed96a991 |
12-Apr-2016 |
Michal Karpinski <mkarpinski@google.com> |
API polish in DPM for organization color and name methods
- Returning and accepting CharSequence instead of String
- Enforcing 100% opacity and adjusting javadocs for color
format
- Adding @ColorInt annotations
Bug: 27531295
Change-Id: Id27d4fd5e7bb4d746cc61288457eb4eb86224505
evicepolicy/DevicePolicyManagerService.java
|
| 3ccca91e6ee2106004c3762ee682deff7343c6d4 |
12-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update {set,get}{Long,Short}SupportMessage APIs to use CharSequence.
Bug: 27531295
Change-Id: Ib28c509a3112046c14d812265ce43bc5b5574f12
evicepolicy/DevicePolicyManagerService.java
|
| 4c74334c4425e43dfb53bc2ef707eebb1bef7d5b |
11-Apr-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added getProfileIds method returning array of userIds" into nyc-dev
|
| 355d47697c346ad4c7f41a8af1febcdf4ff95988 |
07-Apr-2016 |
Victor Chang <vichang@google.com> |
Update display text in cert notification
- Show DPC app name for PO
- Check user id for DO
- Update notification title for all cases
- update symbols for private resource ssl_ca_cert_warning changed from string to plural
- Pass number of certificate to MonitoringCertInfoActivity
Bug: 25772443
Bug: 18224038
Change-Id: I68db06f55a24879c1d5f532e38b97e2932bf990e
evicepolicy/DevicePolicyManagerService.java
|
| a078b4ba6a30532585e93b7d99f81fd0184aeb56 |
08-Apr-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Still return a package suspsended dialog if there is no owner." into nyc-dev
|
| 8aa48028f36a411192623881191c2591a009a997 |
08-Apr-2016 |
Nicolas Prevot <nprevot@google.com> |
Still return a package suspsended dialog if there is no owner.
When an application cannot be started, and there is no profile/device
owner, still return a PackageSuspendedDialog.
BUG: 28042198
Change-Id: I5c30393f9481840a965bb815235af5181561a063
evicepolicy/DevicePolicyManagerService.java
|
| 7f98aa4aa93497692f200c553d2d6fff402e3de2 |
07-Apr-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Added getProfileIds method returning array of userIds
Previously many usages of UserManager.getProfiles and getEnabledProfiles
were only using ids of returned users. Given that the list of users needs
to be parceled and unparceled for Binder calls, returning array of ids
minimizes memory usage and serialization time.
A new method getProfileIds was introduced which returns an array of userIds.
Existing method calls were updated where appropriate.
Bug: 27705805
Change-Id: Ic5d5decd77567ba0f749e48837a2c6fa10e812c0
evicepolicy/DevicePolicyManagerService.java
|
| 035e92447084b96ef2c9125e77105c237e20bad3 |
18-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Fix work profile screen timeout policy
Settings screen should apply both primary and managed maximum
timeout policy, even separate profile challenge is enabled.
Bug: 27493348
Change-Id: Ia1ec1cafc7665c54816833af64e0f446a77a55b2
evicepolicy/DevicePolicyManagerService.java
|
| dc283a897680ffd33c4d15535ebe778ba5b42c43 |
24-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Keymaster init for work profile
Changes:
(1) When unified work challenge is enabled and screen lock is secure
- Store work profile secure key in primary profile
- When primary user keystore unlocked, unlock work profile keystore
- When primary user change lock to none, remove work secure key
(2) When unified work challenge is enabled but screen lock is not secure
- When screen lock changes to secure, store work secure key in primary
(3) When user changes work challenge from unified to separated
- Remove work secure key in primary
(4) When user changes work challenge from separate to unified
- Do (1) and (2)
Bug: 27460698
Change-Id: I8f77bde5dc6b8e59c90256e75c5990100e93366b
evicepolicy/DevicePolicyManagerService.java
|
| a01c1f0d90def31de9bdd21bada11a3dfc0444b0 |
06-Apr-2016 |
Tony Mak <tonymak@google.com> |
Merge "xxxTrustAgentConfiguration should be supported in the parent DPM instance" into nyc-dev
|
| 589b855719ce89ba68ce1a93f15a4c79a2461adc |
06-Apr-2016 |
Robin Lee <rgl@google.com> |
Merge "Remove bool return from setAlwaysOnVpnPackage" into nyc-dev
|
| ee5eb934e349ee6a01a028cb431afac9018b8e56 |
05-Apr-2016 |
Robin Lee <rgl@google.com> |
Remove bool return from setAlwaysOnVpnPackage
Bug: 27533151
Change-Id: I4c656488e69cb5247dbb9cfd62d6f6f7043f9a90
evicepolicy/DevicePolicyManagerService.java
|
| 73ebf33d76c1d06b275b011e043680c410fd70ac |
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
Merge "getProfiles should only returns non-partial user info" into nyc-dev
|
| f4b30e2147671476564c8bba6edf33aa63334f6e |
05-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Remove the admin from the removing list when refreshing that admin." into nyc-dev
|
| 80189cdece046e2e915e07c0ee166b6375dbde84 |
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
getProfiles should only returns non-partial user info
Bug: 26928524
Change-Id: I537bb0a9632cad603717a367b81d5e072452a6d7
evicepolicy/DevicePolicyManagerService.java
|
| 089d840383c511ed170a284ba343bd9a00db790e |
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
xxxTrustAgentConfiguration should be supported in the parent DPM instance
1. Fix trust agent config does not persist across reboot
2. xxxTrustAgentConfiguration now supported in parent DPM instance
Bug: 27601827
Change-Id: I6ea4a089bf590d6c44be40318f3a69c35c54f796
evicepolicy/DevicePolicyManagerService.java
|
| 691b1a6005ed373ad75361aa5a1bd120f138f15c |
05-Apr-2016 |
Robin Lee <rgl@google.com> |
Merge "Switch to work challenge if MP calls resetPassword" into nyc-dev
|
| 7c9213313440be5925441b7bfbac4837336c6006 |
01-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Remove the admin from the removing list when refreshing that admin.
Change-Id: I9b597a116db4f1fb894427b4e885f29c3e94abdb
Fixes: 27909181
evicepolicy/DevicePolicyManagerService.java
|
| ce5c4009cf555b1ece69356949f4c2c4b38cc25a |
23-Mar-2016 |
Robin Lee <rgl@google.com> |
Switch to work challenge if MP calls resetPassword
If the profile owner wants to set a lock screen for a profile which they
created, we should let them. This will cancel any lock screen
unification that has been set up.
Attempting to clear the password will continue to throw
SecurityException if called from a managed profile.
Bug: 26682008
Change-Id: Ia09aef879a21c074ccb517905e43f62696837998
evicepolicy/DevicePolicyManagerService.java
|
| f1fe782e912d3feed9cded8fb80b179c4ee5d09c |
31-Mar-2016 |
Robin Lee <rgl@google.com> |
Merge "API to approve CA certificates" into nyc-dev
|
| 2f7e1e487c8ef486a16ad2398ffee413b53da04e |
21-Mar-2016 |
Robin Lee <rgl@google.com> |
API to approve CA certificates
Bug: 18224038
Change-Id: Id928872cd70dac5a5ecfdcd52150fe6dea544e3b
evicepolicy/DevicePolicyManagerService.java
|
| e04ac3d7d2027ea3149748ca6520405b7e1b1dbb |
31-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "Unit test for isProvisioningAllowed" into nyc-dev
|
| aa604694450539b4c99901b0714efaa79db3c87d |
31-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "AfW - suspend apps - API polish" into nyc-dev
|
| d2a968f9c31ba1864bc514bb88a9a939508fe794 |
31-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Return null value if getActiveAdminUncheckedLocked returns null." into nyc-dev
|
| 549b9692808cbd7d64e732b199b453b2b372dd32 |
31-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Return null value if getActiveAdminUncheckedLocked returns null.
- Split per user version of getUserRestrictions into a separate method
in DPMS and make the per-user version return null if the admin
parameter is not a valid one.
- Update isAccessibilityServicePermittedByAdmin and
isInputMethodPermittedByAdmin to return false if the admin parameter
is not a valid one.
Bug: 27909087
Change-Id: I6f4cae6552cbfe02dc4a92b04eeeddf0314e0974
evicepolicy/DevicePolicyManagerService.java
|
| 3e794afb82228199c0a83bed5463dbeb3c48dd62 |
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Unit test for isProvisioningAllowed
Note:
DevicePolicyManagerService is changed to inject ContentObserver notifier
Test: all test cases in DevicePolicyManagerTest pass
BUG: 25710621
Change-Id: I347cec71769d0e9dd6a334d7d6339d5ce6a3fa6a
evicepolicy/DevicePolicyManagerService.java
|
| 5b7ca24f14ae4d1189ca7683fdad1ec0e62b88b8 |
30-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Merge "Add DevicePolicyManager API to install a client cert chain." into nyc-dev
|
| 30fb0534492478a3f95f6953b31bbb666ced8fe5 |
30-Mar-2016 |
Clara Bayarri <clarabayarri@google.com> |
Merge "Change default work challenge background color" into nyc-dev
|
| 8d0bd7fa634c090514ff27bbc0cd25a609c22b83 |
30-Mar-2016 |
Clara Bayarri <clarabayarri@google.com> |
Change default work challenge background color
Requested by UX
Bug: 27829562
Change-Id: I815c06784189e68b09e464e936521e82091c93c3
evicepolicy/DevicePolicyManagerService.java
|
| b70ba1971c29db87e405434161489e2450309050 |
30-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "AfW custom lock screen message - API polish" into nyc-dev
|
| b43659170824dd8d753d9249fe6ccfd37c6221ae |
23-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager API to install a client cert chain.
When installing a keypair the caller will have the option to specify a
certificate chain which will later be returned to whoever requests access
to the keypair via KeyChain.
Bug: 18239590
Change-Id: Id21ef026e31537db38d891cb9b712dd4fe7159c7
evicepolicy/DevicePolicyManagerService.java
|
| efc4a344a173ae20ec72b8c05c45b794687fda87 |
22-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
AfW - suspend apps - API polish
* renamed getPackageSuspended => isPackageSuspended
* does not return false for an error, instead throws
NameNotFoundException if the package could not be
found, or if there is an unknown RemoteException,
wraps it in a RuntimeException and rethrows.
Bug: 27532430
Bug: 22776761
Change-Id: Iee00600089b1c0556a3312b10456826464fa8f9f
evicepolicy/DevicePolicyManagerService.java
|
| 81a95700e591d098d829df86eb25a77a70b23d79 |
29-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Fix SecurityException in getStorageEncryptionStatus
Bug: 27892709
Change-Id: Ic6a3ccb8d266cfb04708413b767fe4f284219e57
evicepolicy/DevicePolicyManagerService.java
|
| 16187903b40014e28b97e2bd1429543e2c27ffb9 |
21-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
AfW custom lock screen message - API polish
DevicePolicyManager:
* getDeviceOwnerLockScreenInfo now returns CharSequence as it returns a string
for display to a user
* setDeviceOwnerLockScreenInfo
** accepts CharSequence, not String as this is a string displayed to the user
** Returns void; throws an appropriate runtime exception on failure
Bug: 27531295
Change-Id: I30528569cfa66ee76f857fbee1c3196f821718fd
evicepolicy/DevicePolicyManagerService.java
|
| fac4ddbd25e7ccaa763b9ac93ef1df5015b85628 |
28-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Work around buggy DMAgent.
They're targeting new API level, but they aren't handling the new
constants.
Bug: 27785116
Change-Id: I8391294d963c86af1f948b91c7d1de6b7f44f66a
evicepolicy/DevicePolicyManagerService.java
|
| a7c85adeda9283442b313c3e8a565b1655591c7a |
23-Mar-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Let the profile owner set lock-to-apps if the user is affiliated.
BUG: 25632687
Change-Id: I76008b6a8e2194155154dc7693d43ce20f7e9fad
evicepolicy/DevicePolicyManagerService.java
|
| d3c0cf50b6c8e71c0c409abcd3b8c32f98f7cb71 |
21-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "Api change of DPM.setApplicationRestrictionsManagingPackage()" into nyc-dev
|
| cd14c0a9daa42a7ccacef345b3b2ef255790f993 |
16-Mar-2016 |
Victor Chang <vichang@google.com> |
Api change of DPM.setApplicationRestrictionsManagingPackage()
Throws NameNotFoundException instead of IllegalArgumentException
Can't throw NameNotFoundException directly from DPMS as
aidl doesn't support checked exception
Bug: 27532565
Change-Id: I202721f41057f92ad2dd851d4769ba4502a8f9b3
evicepolicy/DevicePolicyManagerService.java
|
| 8a372a0a280127743ce9a7ce4b6198c7a02d2a4f |
16-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Refactoring FBE APIs based on council feedback.
Mostly consists of removing the word "encryption" from most APIs,
since we can't actually make promises about the data being encrypted.
Bug: 27531029
Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
evicepolicy/DevicePolicyManagerService.java
|
| 6235a94ffaed1d82cee2317481c18776f601da1b |
15-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Unifying method names and comments to security logging, not device logging
Also move SecurityLog to android.app.admin package.
Bug: 27531824
Bug: 27532560
Bug: 27532564
Bug: 27532425
Change-Id: I2677afdb5685bc5d21e52c41b381b57a41e364b6
evicepolicy/DevicePolicyManagerService.java
evicepolicy/SecurityLogMonitor.java
|
| 8a8e8ea19a825dd45117909df2f0140ca20565e7 |
15-Mar-2016 |
Mahaver Chopra <mahaver@google.com> |
Merge "Update DPM.reboot with new restriction" into nyc-dev
|
| 1216ae5d023e8f6e4f158a447a5764288e4ccc3e |
11-Mar-2016 |
Mahaver Chopra <mahaver@google.com> |
Update DPM.reboot with new restriction
DPM.reboot() should not be called when there is an ongoing call on the
device.
Bug:27531799
Change-Id: Idc1fa4c7aa79b20ec9c2afcccf855455ee316787
evicepolicy/DevicePolicyManagerService.java
|
| b5a4d9605f6ee009984165f1c894b3949dc8417a |
15-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Show admin support dialog if app is suspended." into nyc-dev
|
| 7a9c34bd7a65bf27a3a7ea83d7a1391667bae50a |
11-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Show admin support dialog if app is suspended.
Bug: 26922950
Change-Id: I21f048873244df52d14910cc01a658af476d9149
evicepolicy/DevicePolicyManagerService.java
|
| c4927b9fd43efab3f69c4cba90624153a885e0aa |
15-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Logging of setting ro.device_owner property
Without logging of setting it's impossible to test the setup, unless
device is rooted.
Bug: 22860162
Change-Id: I0532654ef4e4b7272d2749b30590a1b47da9f645
evicepolicy/DevicePolicyManagerService.java
|
| d4c9e541ec7110d3c842d6f92c3ec6beb0b6d997 |
26-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Add ENCRYPTION_STATUS_ACTIVE_PER_USER to...
getStorageEncryptionStatus()
Use StorageManager APIs to get the encryption
state instead of from the system properties
directly.
Bug 26547262
Change-Id: Ic27baa9489d43a93873f8bb0428084f8886aed67
evicepolicy/DevicePolicyManagerService.java
|
| 03128dceab3a7cc517b7c253e740caac82e74033 |
10-Mar-2016 |
Paul Lawrence <paullawrence@google.com> |
Fix bug in new encryption API
Bug: 27583871
Change-Id: I372f0a6a411704dc57ca9bcc53c4c5a10b236772
evicepolicy/DevicePolicyManagerService.java
|
| 2f79ae98afd895ec1179b38fccb538f64164b9fd |
09-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Tuning down wtf to warning for setting ro.device_owner property
This was logged to often, especially while running CTS hostside tests
and looked too scary to people.
Bug: 27230864
Change-Id: I9e81d9efe87b4aed18aa473be647c560ff9cfa0d
evicepolicy/DevicePolicyManagerService.java
|
| d5a3f3df4097e4a57e0d31fba994c91d8996abf8 |
09-Mar-2016 |
Paul Lawrence <paullawrence@google.com> |
Merge "Add API to IMountService to get encryption state" into nyc-dev
|
| 20be5d62471d520eed3a52d90c11944464a71c07 |
26-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Add API to IMountService to get encryption state
Bug: 18002358
Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1
evicepolicy/DevicePolicyManagerService.java
|
| 97e89c624e19c0a0ebe3d76506a493cfe29c0558 |
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update DPM.getWifiMacAddress to take admin component as argument." into nyc-dev
|
| 29d6b9f0f73e980b9a4718b809ae0d34e5b2a5a4 |
08-Mar-2016 |
Tony Mak <tonymak@google.com> |
Merge "clear calling identity before calling getUserInfo" into nyc-dev
|
| ed58f5f0aa580dd4a6dc0fd5dc957862309db8d9 |
08-Mar-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Introducing ShortcutManager" into nyc-dev
|
| 4d9abf92d4d5f77f025531b70ed1f58e7482acf5 |
08-Mar-2016 |
Tony Mak <tonymak@google.com> |
clear calling identity before calling getUserInfo
Bug: 27523508
Change-Id: I243a5423de850477cf65968c8ea26cbb3ae896d5
evicepolicy/DevicePolicyManagerService.java
|
| 3cb4da16dcf07474acefb709d10b22cdfdefd81b |
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update DPM.getWifiMacAddress to take admin component as argument.
Bug: 27532280
Change-Id: I3a5e9557c3c6ac43c458c911a5309bdb2655fb66
evicepolicy/DevicePolicyManagerService.java
|
| 1145cd26bd8acff6aced86a98819172fd7e4cbd1 |
07-Mar-2016 |
Kenny Guy <kennyguy@google.com> |
Don't crash if KeyChain can't be bound to.
KeyChain can throw an assertion error if
is not around, don't allow that to take down
system.
Bug: 27518175
Change-Id: I99418dfb65c58d3e07cbda91860cdb493b96a836
evicepolicy/DevicePolicyManagerService.java
|
| fdc5ba8f43e09cfbc8f5de0bf819b7684094953e |
05-Mar-2016 |
Jeff Sharkey <jsharkey@google.com> |
Merge "Move more PM calls to ParceledListSlice." into nyc-dev
|
| d5896630f6a2f21da107031cab216dc93bdcd851 |
05-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Move more PM calls to ParceledListSlice.
Since the data returned by these calls can grow unbounded based on
various GET flags, we need to switch 'em over.
Bug: 27391893
Change-Id: Ie849ca30dbaaa91158da4c83675657715629a0ee
evicepolicy/DevicePolicyManagerService.java
|
| 6f7362d92573e4ae693bc513dca586d6a4eb087b |
04-Mar-2016 |
Makoto Onuki <omakoto@google.com> |
Introducing ShortcutManager
What's supported:
- Most APIs are implemented, except for SM.updateShortcuts(),
the icon APIs in LA, and LA.startShortcut().
- Persisting information, except for icons
- Throttling
In addition, now PersistableBundle has a public copy
constructor from a Bundle. (Do we want to @hide it?)
TODOs:
- Add icon support
- Implement missing APIs
- Listen to PACKAGE_* broadcasts and do clean-up
- Support multi-launcher apps (pinned shortcuts per launcher)
- Dev option to reset throttling
- Load throttling config from Settings
- Backup & restore
- Figure out LauncherApps permissions (BIND_APPWIDGETS??)
- Other minor TODOs in the code
- Better javadoc
Note: This requires Idf2f9ae816e1f3d822a6286a4cf738c14e29a45e
Bug 27325877
Change-Id: Ia5aa555a4759df5f79a859338f1dc5e624cd0e35
evicepolicy/Owners.java
|
| e1fd7f09d5149055b8ad7bcf24846ecd8d87027a |
04-Mar-2016 |
Suprabh Shukla <suprabh@google.com> |
Merge "Not clearing data for a package that is a DO or PO" into nyc-dev
|
| 0114263a1aff5dea92fdafbec81c1b40093e9aba |
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode" into nyc-dev
|
| 915d5245533c449550b9dae54b71414394ae2d74 |
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "isDeviceOwnerProvisioningAllowed implementation to match enforceCanSetDeviceOwnerLocked" into nyc-dev
|
| e29cd4724ff41f1cd81c1493f02fb0ba2b2f8197 |
02-Mar-2016 |
Victor Chang <vichang@google.com> |
enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode
Bug: 27453111
Change-Id: I1acdfecdf4474696e904a6a4df189453be306aa4
evicepolicy/DevicePolicyManagerService.java
|
| 5676ae256a15b73d724c38940356be324fc9647a |
02-Mar-2016 |
Victor Chang <vichang@google.com> |
isDeviceOwnerProvisioningAllowed implementation to match enforceCanSetDeviceOwnerLocked
The main purpose is to fix the security flaw that
user can force isDeviceOwnerProvisioningAllowed to return true
by setting the device_provisioned without factory reset
Check UserSetupComplete instead, as it's cached by DPMS if it's ever set to true
Refactor common code of isDeviceOwnerProvisioningAllowed and enforceCanSetDeviceOwnerLocked
The functionality of enforceCanSetDeviceOwnerLocked should be exactly the same.
DPM Unit Test all pass
Bug:27403225
Change-Id: I32dae8e222e01e08664abb313ead3a92d4186658
evicepolicy/DevicePolicyManagerService.java
|
| d04525214b9a999339cd553a22b95b52debecde5 |
02-Mar-2016 |
Suprabh Shukla <suprabh@google.com> |
Not clearing data for a package that is a DO or PO
Added a check inside PackageManagerService to make sure data for a
package with a DO or PO for the running user is not cleared. Currently,
the 'pm clear' command goes through without any such checks.
Bug: b/27243904
Change-Id: I87d4ad2db031f47946f34627a5ee465ef144f85e
evicepolicy/DevicePolicyManagerService.java
|
| ba24409033241e680d111e7dea6501e760d972c5 |
25-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Rework of remote bugreports UX
New notifications, that open dialogs.
Bug: 26226230
Change-Id: I50f9ab23b6c6d03892889d9081cabb0a3d858f91
evicepolicy/DevicePolicyManagerService.java
evicepolicy/RemoteBugreportUtils.java
|
| 8bbace3afcae7ca614fd8c8d86c4d48d47ded392 |
03-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Merge "Fix clearDeviceOwner() not working in split-user mode" into nyc-dev
|
| e9aa6ec1cf57d20aaf4da5d90a78f891a8f0ca5b |
29-Feb-2016 |
Tony Mak <tonymak@google.com> |
Fix setBluetoothContactSharingDisabled does not persist
The default value of bluetotoh contact sharing is true.
So we should save when it is false.
Bug: 27410265
Change-Id: Icaf4ceeda09eca46d160acfecc53834819b66a18
evicepolicy/DevicePolicyManagerService.java
|
| 45eb8bd9b9ab81273e23d64adb806542900bca02 |
25-Feb-2016 |
Ricky Wai <rickywai@google.com> |
Fix clearDeviceOwner() not working in split-user mode
Bug: 25906481
Change-Id: Iefe004b4bac7a7fc79c613e61a42f916fce7230e
evicepolicy/DevicePolicyManagerService.java
|
| a4fae1545ae38f61385e45e8f635994f447efca5 |
24-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Support safe mode properly." into nyc-dev
|
| 889c0880661bda16e3759995e03766ddf0350732 |
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Support safe mode properly.
In safe mode, IPM.queryXxx() doesn't work. Use IPM.getReceiverInfo()
directly instead.
Bug 27108276
Change-Id: Ice8f882559b8f0596a19ddb3a16395a4dc538a25
evicepolicy/DevicePolicyManagerService.java
|
| 155a280e18200aeaa0e7d5e31d6b8b0115c58e42 |
24-Feb-2016 |
Robin Lee <rgl@google.com> |
Merge "DPM: installKeyPair variant: caller can self-grant" into nyc-dev
|
| ce3399fbb46972d223b0cd154eaea3b68a16e051 |
24-Feb-2016 |
Robin Lee <rgl@google.com> |
DPM: installKeyPair variant: caller can self-grant
If 'requestAccess' is true, the caller (either profile/device owner or a
designated certificate installer) will be granted usage of the keypair
on successful installation.
This has no security implications for a profile/device owner which would
already be able to self-grant. Delegated certificate installers did not
have this ability before.
This is only allowed at install-time- not afterward.
Bug: 24746231
Change-Id: Ia0ec290bb0bcde1d8137c188e2667cb7718dbfd7
evicepolicy/DevicePolicyManagerService.java
|
| 515a6c7030f73aeb812b13e7073e814dcd35c297 |
24-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Merge "Throw UnsupportedOperationException when creating ephemeral user on a system without split system user." into nyc-dev
|
| a0ea967d111b9f8e01ebbb1ac8d393270e1788b6 |
19-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Removing lock contention in SecurityLogMonitor
After being interrupted the monitor thread tried to acquire
a lock that is held by interrupting thread, resulting in timeouting
on join().
Bug: 27061904
Change-Id: Ifbd578d5f5a266083b207fedd8ebb6d26ab08c31
evicepolicy/DevicePolicyManagerService.java
evicepolicy/SecurityLogMonitor.java
|
| 3dfe7f655d3707c0b89746ca8834a155de4e5e31 |
23-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Throw UnsupportedOperationException when creating ephemeral
user on a system without split system user.
BUG: 27143201
Change-Id: I7b7e634ba7fce576dd72a416e802c80939f05d3e
evicepolicy/DevicePolicyManagerService.java
|
| 27ee33482a2fdecbbbedbd33a137ceae3e93fa2a |
08-Feb-2016 |
phweiss <phweiss@google.com> |
Remove deprecated APIs DPM.createUser, createAndInitializeUser
They were deprecated in M and slated for removal in N.
Bug: 26974903
Change-Id: I7ae4d60bcf226c1e1de42852b378ad1ff71a914b
evicepolicy/DevicePolicyManagerService.java
|
| 024f979dfdae1938afc3c509ea9762c06784cef5 |
17-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Allow ephemeral users on the split-system-user systems only.
BUG: 27143201
Change-Id: I37f3ca7366648dbf07df39a7a972857e0ff78a9a
evicepolicy/DevicePolicyManagerService.java
|
| 4ab36372fb7f2f8236d9fa308ec508582fc52607 |
19-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Clean up on UserManagerService and DPMS" into nyc-dev
|
| 2a3c3da0fc07ef37abc45cfb0166bdf5f7f202b6 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Clean up on UserManagerService and DPMS
- Avoid the ART warning about 4.1 compatibility
- Avoid integer overflow in DPMS
Bug 27243525
Bug 27242859
Change-Id: I92af323287e348fbd0eff31e6cf9823be8e41024
evicepolicy/DevicePolicyManagerService.java
|
| 60949288064460894bdd288f4865cdb180c0e501 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Fix bugs in user restriction migration
Originally I didn't know user-0 could have PO, so I excluded this case
from migration. Now we handle it properly.
Also make sure only restrictions that can actually be set by each
owner moves to the owner restriction. (Because of this, we no longer
have to have DISALLOW_WALLPAPER in the exception list, because
owners can't set DISALLOW_WALLPAPER.)
Bug 27225996
Change-Id: I6ad79d90e6c4400abbb1e4feba6ba59e3b650815
evicepolicy/DevicePolicyManagerService.java
|
| aafff2f835ea7c6dd08cadea0d92dfa7288c8e09 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Ensure DO/PO are also DA." into nyc-dev
|
| 184db600df42c2b27a2d34deecab57d591434b22 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Ensure DO/PO are also DA.
Bug 24503508
Change-Id: Ib957b84d5bee185501636c406d9aaf4985a79d8d
evicepolicy/DevicePolicyManagerService.java
|
| fc482c30b7a3c2cf7bc14d5c86de758a16f6433d |
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "[framework] Don't allow apps on external storage to be active admin" into nyc-dev
|
| f34db0a17ee035c165a4e81e9192f73d2455bd1c |
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
[framework] Don't allow apps on external storage to be active admin
Bug 27149287
Change-Id: I6d959d2e66dc0b19f78e6135fbdcf45ca8551958
evicepolicy/DevicePolicyManagerService.java
|
| eb84b1843a3f6805c6109c1d9d023550229a3fc5 |
26-Jan-2016 |
Andrei Stingaceanu <stg@google.com> |
Suspend packages - one call for multiple packages
Refactor setPackageSuspended into setPackagesSuspended. The rationale
is that the consumers of this API are likely to want to remove
multiple packages at once. Rather than calling the API N times, call
it just once.
The good part is that we already have the broadcast intent for
suspended packages take an array so only one broadcast. Less stress
on the system.
Another good part is that (right now) we only have one consumer of
this API and it will be easy to make changes once this CL goes in.
As a shell command, for consistency only allowed one package at
a time.
Bug: 22776761
Change-Id: Ic8b8cf64d0a288ea3a282bb7b72f9d663b3b0049
evicepolicy/DevicePolicyManagerService.java
|
| 5ae4e73ef0747c2d08a901f1a76d8fb8ee64a53a |
17-Feb-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "Suspend packages - new API for retrieving the suspended status" into nyc-dev
|
| 910a367cbf36bd1f8d93416b9379224c76371dc8 |
17-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Remote bugreport notifications rework" into nyc-dev
|
| dafec11e698daf054730cfb04db64f3e31a0c9ff |
16-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Don't allow deactivating DAs when the user is not unlocked" into nyc-dev
|
| f79c887c5997f4a7735987a524869421a1a3ac2d |
16-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Let admin disable fingerprint for the work challenge" into nyc-dev
|
| e9377a7d84c23571342ea1c4dc6c12875eaaf3df |
15-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Remote bugreport notifications rework
Merging two notifications into one.
Bug: 27095707
Change-Id: Ib6582dabb7370f9b3b6e673b19ab43b70c73433a
evicepolicy/DevicePolicyManagerService.java
evicepolicy/RemoteBugreportUtils.java
|
| 355b232d7998cfc9b29d42a0356390e25191bcbd |
12-Feb-2016 |
Andrei Stingaceanu <stg@google.com> |
Suspend packages - new API for retrieving the suspended status
Instead of always rebuilding the full ApplicationInfo for a
package when callers are only interested in the suspended status
add a new fast API in Packagemanager (which only checks the
suspended user setting for the requested package and returns
a boolean) and change the appropriate caller code too.
Bug: 26794775
Bug: 22776761
Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a
evicepolicy/DevicePolicyManagerService.java
|
| 115d2c189a46f535778d9dd0923f703ff2f888fe |
16-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Add feature versions for devices and apps.
We're starting to see more instances of device features that will
increment separately from the SDK API level, such as camera HAL,
GPU capabilities, Bluetooth, and other hardware standards.
This change adds the ability for device features to specify a
version, which is defined to be backwards compatible. That is, apps
requesting an older version of a feature must continue working on
devices with a newer version of that same feature.
When a version is undefined, we assume the default version "0".
Bug: 27162500
Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
evicepolicy/DevicePolicyManagerService.java
|
| eff90bd5ff6bd50325149a5010183277bd76f4c6 |
15-Feb-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Allow privileged apps to set the organization color." into nyc-dev
|
| 1a5ee776ee51ae6fba30c8f3b33e26eb7f9dedc6 |
13-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Don't allow deactivating DAs when the user is not unlocked
Bug 27149570
Change-Id: I772d9cbd6edc822c8f7b1988905b702e05e674cd
evicepolicy/DevicePolicyManagerService.java
|
| 29b13190cd57bd823eb803f6fca03f671a32a5fe |
12-Feb-2016 |
Clara Bayarri <clarabayarri@google.com> |
Merge "Add support for current failed lock attempts and max attempts" into nyc-dev
|
| 51e41ad887a2e30a1366f0a3b4750f0204912b8e |
11-Feb-2016 |
Clara Bayarri <clarabayarri@google.com> |
Add support for current failed lock attempts and max attempts
This is needed from Settings to show a message informing the user
of the number of attempts before their work profile gets wiped
when using ConfirmDeviceCredentials.
Bug: 26677759
Change-Id: I4b16f7dc2f415d0ce0215a3b7a646f98fabece33
evicepolicy/DevicePolicyManagerService.java
|
| d6c90a88831af5c8d3a3587173873031cf6f5d7f |
12-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix testApplicationRestrictionsManagingApp unit test" into nyc-dev
|
| 8f7698aaf630787693ec7edb4779a27fdd2b888b |
11-Feb-2016 |
Nicolas Prevot <nprevot@google.com> |
Allow privileged apps to set the organization color.
BUG:26923835
Change-Id: I97b0cbbc0d4fb9e9ca0e3d335a9d15eb5a1f9602
evicepolicy/DevicePolicyManagerService.java
|
| 5f05cf96127ee1acb6d80efdc0a87fad2a9daa02 |
11-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "If package has no active admins, just uninstall right away" into nyc-dev
|
| 641ea634eeebc52b7bdc825b32dc22881d63ae30 |
11-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
Merge "DPMS shouldn't remove admins that aren't crypto aware." into nyc-dev
|
| 44fc4aeb1f3a6fcc6c1b8532530cb0589b2815c4 |
11-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
DPMS shouldn't remove admins that aren't crypto aware.
DevicePolicyManagerService checks admins on boot
and removes ones that aren't found so it needs
to match crypto and non-crypto admins.
Match non-crypto aware apps when admin is enabling
system apps.
Bug: 27126412
Change-Id: Ibb20841679fb660de281782964b068d5a13b8fe9
evicepolicy/DevicePolicyManagerService.java
|
| ed1928a981cbff9a67b5c1786ded8cbdf848056b |
11-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Fix testApplicationRestrictionsManagingApp unit test
The API now requires the app restriction manager app to exist
on the current user when it is called.
Change-Id: I809816d4f5d73378c23b18d7b74ebb282b7dc444
evicepolicy/DevicePolicyManagerService.java
|
| 09f856805902078931aa5de006bc5e2c5403dfa6 |
11-Feb-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "DPM.createAndManageUser should work even with DISALLOW_ADD_USER set" into nyc-dev
|
| 2547071ff8d83dc51c915a56202081ca3a100b23 |
11-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Let admin disable fingerprint for the work challenge
Also, reworked the logic a bit:
* Admins can only set flags that affect the parent on the
parent DPM instance (i.e. no unredacted notifications)
* Admins can set flags not supported on the work challenge on
the regular DPM instance. If there is a work challenge,
they will have no effect (as managed profile policies don't
affect the regular lockscreen if there is a work challenge).
If there is no work challenge, they'll affect the parent profile.
Bug: 26891832
Change-Id: I8978e1aa6abe9c8dc07e030dfd069b5f4e1301f6
evicepolicy/DevicePolicyManagerService.java
|
| e9c440638e27a123a82feb5e4677ce1242785288 |
10-Feb-2016 |
phweiss <phweiss@google.com> |
DPM.createAndManageUser should work even with DISALLOW_ADD_USER set
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
evicepolicy/DevicePolicyManagerService.java
|
| ed5c8f0216bf97e896936e2a2e24fc3fb18303a1 |
09-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Log strength of auth method used into security log
As approved by Android Security team, added logging of
strength of auth method as well as logging of fingerprint
keyguard actions.
Bug: 26841997
Change-Id: Ic8e3f125f775a7585fe56003f4c6442390edea61
evicepolicy/DevicePolicyManagerService.java
|
| ed9fa2ca3c9d0ed5f656a6aca459acf6f170660d |
11-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
If package has no active admins, just uninstall right away
Also fix the bug where removeAdminArtifacts() is called
for all active admins on the target user.
Bug 27107878
Change-Id: I6edbdadffe8c75628539976d304e39d6abed73a4
evicepolicy/DevicePolicyManagerService.java
|
| 338c1d860772edc3101ed4860a149e7f3c5fe493 |
10-Feb-2016 |
Suprabh Shukla <suprabh@google.com> |
Merge "Added an api to uninstall a packge with active DAs" into nyc-dev
|
| 8212ae0aee1700b9c287ebadf15af8dacdc8eae6 |
10-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for internal storage APIs.
Also completely remove a few confusingly named deprecated APIs.
Change-Id: Ia7e4ea3190a97f0a7dfa9bebf2118da0866ec38f
evicepolicy/Owners.java
|
| a2ae2238e506d5b092015440792d5a885b7a7b1d |
29-Jan-2016 |
Suprabh Shukla <suprabh@google.com> |
Added an api to uninstall a packge with active DAs
The api deactivates all the active admins in the package, then force
stops the package and starts the uninstall intent for the package. This
is intended to provide an easy way for a user to delete a misbehaving
Device Admin
Bug: b/22359208
cherrypick of Ic7ddd89ef6db53e7e76f805808d9e806100374db
Change-Id: I0d677839120c46f22231a7d6f9cf6630cb020227
evicepolicy/DevicePolicyManagerService.java
|
| 66a320d368e93a03d5aee33eac85807a227c0a3c |
10-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Check for null on app restrictions managing app APIs" into nyc-dev
|
| f03d0a6bfcff0f36a623b4fad7bd505d94b22e9a |
10-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Require delegated cert installer and app restriction manager to exist
Enforce that apps with delegated powers to exist on device before
empowering them. This is consistent with DevicePolicyManagerService's
internal logic to clear the delegation power once the package is removed.
For delegated cert installer, only enforce this new restriction on
device admins targeting N or later.
Bug: 26233778
Change-Id: Ia8f45dfd5290958cebb36991c4b6baa03e8c28ae
evicepolicy/DevicePolicyManagerService.java
|
| 48e64f20f328a40505f35062f870a7f6e5ab9ff6 |
10-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Check for null on app restrictions managing app APIs
Change-Id: I3d3cc9b4a4bd6a2526fd0bd7d8662c6b07183208
evicepolicy/DevicePolicyManagerService.java
|
| e28e5a9d3b3115ec00c1209bec393a397d359a9f |
05-Feb-2016 |
Nicolas Prevot <nprevot@google.com> |
Fail if setProfileEnabled is called outside a managed profile.
BUG:26709495
Change-Id: I98adf2dab1e7b27fef926144c460af8823fe96e7
evicepolicy/DevicePolicyManagerService.java
|
| 57218cbbf773f389e5e9493623dd3d017e459590 |
04-Feb-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Made changes to fix some policy transparency options."
|
| 569258689a0d28f25cbdf7189038833d45a63a80 |
28-Jan-2016 |
Sudheer Shanka <sudheersai@google.com> |
Made changes to fix some policy transparency options.
Add isInputMethodPermittedByAdmin and
isAccessibilityServicePermittedByAdmin APIs in DevicePolicyManager.
And update utility methods in RestrictedLockUtils to use the correct
userId when checking if disabled by admin.
Bug: 26897250
Bug: 26767564
Bug: 26966213
Change-Id: I0b74b3e57904a82f8ce72d856769d35b5e8403e5
evicepolicy/DevicePolicyManagerService.java
|
| 8c41a1c9bc9c61b7b63ce7ab1a6b2f0a099dbf01 |
03-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
Match non-crypto aware admins when registering.
Profile owners are registered before the user is
started and unlocked, so we need to check for
components that aren't cryptoware when looking
for the admin.
Bug: 26924254
Change-Id: I61fca0a3d6e490ca6fea9a7bdc8f2c44efde74f2
evicepolicy/DevicePolicyManagerService.java
|
| a0fddc1ed41a4bb14fc33e5bdbc4de1317dc79b7 |
03-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Ignore unknown user restrictions and WTF instead."
|
| 939be877760f1a3f32c96fbd34eed37a0fcf656c |
03-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Slightly change the "pre-N" so it's CTS-friendly.
Right now, the value of VERSION_CODES.N is 10000, but I'm writing
a caller app with target SDK level 24 for CTS, and the previous
logic didn't work for it.
Bug 25506830
Change-Id: I73613f30b437fb19406736f897d01d59b1f84c9d
evicepolicy/DevicePolicyManagerService.java
|
| 1f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Ignore unknown user restrictions and WTF instead.
Bug 23902097
Change-Id: I1ac147ecd0286a8eb674d6f9f527edfea6e1198e
evicepolicy/DevicePolicyManagerService.java
|
| 90b896533eb6a8867e7951bbbdbbacd9b520199c |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
DO / PO Shouldn't be removed as active admin...
even if they asked.
Also clear(Device|Profile)Owner should remove them as the active admin
too.
Also add some more unit tests.
Bug 26858840
Change-Id: I7b3ed92e1b4cbe803381ed6e3f64d8de17b2ebb0
evicepolicy/DevicePolicyManagerService.java
|
| 49caead1c2608f57ac6c260396c6bfd058b921ae |
02-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Call SecurityLog methods via Injector
This is to make sure the unit test can mock them out.
Bug: 26911599
Change-Id: I07a1a8b43ad5716a4b667bc5266b3b03997268c5
evicepolicy/DevicePolicyManagerService.java
|
| fe13c5fbe11a6ee004d1b4e6b27a44fafbe22bd4 |
02-Feb-2016 |
Victor Chang <vichang@google.com> |
Merge "Fix that can't launch managed QuickContact in ContactSearch"
|
| d38308e4d0599836f9c5446ba9d6edbc0713c428 |
02-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix DPM unit tests"
|
| 3f3657a61b54d495bf2e692289eb92a48fe5a0b2 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests
Bug 26911599
Change-Id: I874c9cd4f63c79bc984777ef3b1b654a414c4911
evicepolicy/DevicePolicyManagerService.java
|
| 70b1751d14610c18439c5d0c4a8dce704eb819a8 |
01-Feb-2016 |
Victor Chang <vichang@google.com> |
Fix that can't launch managed QuickContact in ContactSearch
It happens when caller id is disabled but contacts search is enabled
BUG=26740020
Change-Id: I4ca79c82ed27f6f1da514b31d8d89fc71fd243fb
evicepolicy/DevicePolicyManagerService.java
|
| b4ec8aaaba6ee5f564875741217bdfaf53a10d5f |
01-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Revert "Throw for unknown user restrictions.""
|
| 2ec157d928b7804367091ee6c146b196ac6841e2 |
01-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Revert "Throw for unknown user restrictions."
This reverts commit 3861bf7e73fab9e39e8d1f6e5194f3600ed929a0.
Bug 26896902
Change-Id: I26fa0159b5bb832048ccd013054a01f91b54947b
evicepolicy/DevicePolicyManagerService.java
|
| c3cd05f8a45ab789aae1cb553df86f94667d595a |
11-Jan-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager APIs for process logging.
Add Device Owner APIs for controlling and retrieving the logs. Retrieving the
logs should be rate limited unless we are at the risk of losing logs due to
constrained buffer space.
Bug: 22860162
Change-Id: I80658f5a14e86d7cfd42402fbc5e98dc11698c0e
evicepolicy/DevicePolicyManagerService.java
evicepolicy/SecurityLogMonitor.java
|
| f3bc593a627b67425b3b103ff148cf1f3da0fd29 |
29-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Throw for unknown user restrictions."
|
| 3861bf7e73fab9e39e8d1f6e5194f3600ed929a0 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Throw for unknown user restrictions.
Bug 23902097
Change-Id: I78a4b09db880134577d690be0c50ee9a64e6a309
evicepolicy/DevicePolicyManagerService.java
|
| dd231a16a1152beacdece7d32a9b85803e0cdb67 |
29-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Merge "Add policy to set the organization name"
|
| 3e8a7090642d58dcd435121650a243dca262c96a |
25-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Add policy to set the organization name
We allow the profile owner of a managed profile to set the name of the
managed organization.
This name is used as the default header message shown in the confirm
credentials screen a.k.a. work challenge.
Bug: 26638631
Change-Id: I03c5acc9fffe06cdb9d0d60dd1580b20e21783b1
evicepolicy/DevicePolicyManagerService.java
|
| d4efab1173a55618e307f3cef078efa727270955 |
28-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Fix exception when calling setPasswordExpirationTimeout"
|
| d07438f300a0321bde09b3fffafa6ffd8771269b |
28-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Fix exception when calling setPasswordExpirationTimeout
Prevent exception when calling setPasswordExpirationTimeout on the parent
DPM instance. Callen setExpirationAlarmCheckLocked with the parent userHandle
was breaking because getPasswordExpirationLocked was trying to call getProfiles
on a different user.
Bug: 26847085
Change-Id: I9d584573245aba65af7ecf236f2021b47afb5d7e
evicepolicy/DevicePolicyManagerService.java
|
| bc0ce990435fe02a356b3e43272f692709f633ed |
28-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Logging of keyguard actions into security log"
|
| 31502d3d95610930b56bb7931dbd57a997f9ce8f |
25-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Logging of keyguard actions into security log
Bug: 22860162
Change-Id: I7dbe68fff7d9d45b6c417d960cf025c8d0694917
evicepolicy/DevicePolicyManagerService.java
|
| ca3f6fae604880db14c3f3eb5bc8908c339be0a8 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Fix exception message
Change-Id: I6fe4b8b745414ed589337079e2893d87dadb34f5
evicepolicy/DevicePolicyManagerService.java
|
| 1244ece2e345aea5a64c15c87b107c01dca3f9c9 |
27-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Make DPM.clearProfileOwner() public."
|
| 5bf68027cf502c2835ad258aec05544958fcd354 |
27-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Make DPM.clearProfileOwner() public.
Bug 26827204
Change-Id: Ib32e5370b493aa3e36b869d9ed3d78782df4c895
evicepolicy/DevicePolicyManagerService.java
|
| f348e8e22bed4b56fdb0c02702d12b36467dedd7 |
07-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Add policy for enforcing that all users are ephemeral.
BUG: 24883058
Change-Id: I8e53ca677c935a6c828dd6ece00b345d0eff182a
evicepolicy/DevicePolicyManagerService.java
|
| a269c5d584a572d91a0640bb8f8f58885ff9d71b |
27-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Merge "Add a flag for creating an ephemeral user with DevicePolicyManager#createAndManageUser."
|
| c8202c8d1d7c9bc2ee44cec538dc7fa4f95f960f |
26-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Add a flag for creating an ephemeral user with
DevicePolicyManager#createAndManageUser.
BUG: 24883058
Change-Id: I225ee6f1f6692663349040676e7a6c742b3ede79
evicepolicy/DevicePolicyManagerService.java
|
| d7693917a7c7348cb12692116d2693314c29e809 |
22-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Check if the profile password would comply as the device lock
Bug: 26801330
Change-Id: Ide31464dd0292ca97b03abe08cdde5b41d517b66
evicepolicy/DevicePolicyManagerService.java
|
| 697815eddb0139e6d4284b72f9393cf46c6e544b |
26-Jan-2016 |
Victor Chang <vichang@google.com> |
Merge "Launch managed quick contacts without contact id"
|
| 44a18081546345a0655748717862a89ae6dd7948 |
26-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Merge "Add explicit and persistent user provisioning state."
|
| a92e1216ca3af5d03e17734b6b990be5116d07a9 |
25-Jan-2016 |
phweiss <phweiss@google.com> |
Make API createAndManageUser public
Remove @hide, and add parameter for specifying profile owner. The PO
has to live in the same package as the device owner.
Bug: 25288732
Bug: 25860170
Change-Id: I40e8984a71ee9d1ff74e57d4e79e298deef9bc35
evicepolicy/DevicePolicyManagerService.java
|
| 97bdacc6d124f08a3f1c362fc35a5eed16af9880 |
21-Jan-2016 |
Victor Chang <vichang@google.com> |
Launch managed quick contacts without contact id
set contact id to enterprise base contact id if it's enterprise uri
BUG=26176780
Change-Id: Ie1160bef22d44c90eb4015783fafdafd160bcdd8
evicepolicy/DevicePolicyManagerService.java
|
| ab83fd5739bf475c07e8e7ff140489cdcdcb73be |
25-Jan-2016 |
Robin Lee <rgl@google.com> |
Merge "DPMS organisation API - Add a missing checkNotNull"
|
| 5f09616e6bb793e789167e3281478b13413d0932 |
25-Jan-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "Add new API function createAndManageUser"
|
| d48788c1011893fbe13c5f64db906f140a66dd0b |
25-Jan-2016 |
Robin Lee <rgl@google.com> |
DPMS organisation API - Add a missing checkNotNull
Corrects a failing test.
Change-Id: I6be8a23caef53d1e9681733e5b340237952bd3e5
evicepolicy/DevicePolicyManagerService.java
|
| afad8783699b1ba6f3c7ee5961d6ddc2bd771dc1 |
19-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Add explicit and persistent user provisioning state.
Add explicit modelling of provisioning state so that integration
of management provisioning flows with packages such as setup-wizard
are cleaner, and can be more direct. Previously we relied upon
USER_SETUP_COMPLETE secure setting and HOME intents to signal intent,
but this is not very clear and can be fragile.
Bug: 25858670
Change-Id: Idc56a040f710c3aee281db420f21717da3960722
evicepolicy/DevicePolicyManagerService.java
|
| 343fb33a9be819bbf33eae2c3f93bc44b3477ecd |
25-Jan-2016 |
phweiss <phweiss@google.com> |
Add new API function createAndManageUser
This is a reduced version of the (deprecated) function
createAndInitializeUser, that allows the device owner to create a
new user and pass a bundle with information for initialization. The
new version of the function has the same functionality, but the
profile owner of the new user is always the device owner.
A flag can be specified to skip the setup wizard for the new user.
The new user is not started in the background, as opposed to how
createAndInitializeUser did it. Instead, the bundle with
initialization information is stored and will be broadcast when the
user is started for the first time.
Bug: 25288732, 25860170
Change-Id: I4e1aea6d2b7821b412c131e88454dff5934192aa
evicepolicy/DevicePolicyManagerService.java
|
| fe434a15d6bde9299b51dc284b336944e5cf8a1c |
25-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Add additional APIs supported work on the parent DPM instance"
|
| 4c052f237a108457fca3d3864c5654ebd4505111 |
25-Jan-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Implement user affiliation
A user/profile is considered affiliated if it is managed by the same
entity as the device. This is determined by having the device owner and
profile owners specify a set of opaque affiliation ids each. If the sets
intersect, they must have come from the same source, which means that the
device owner and profile owner are controlled by the same entity.
BUG=25599229
Change-Id: I393fe0de70272307ed3c811aaba4b48a5109c562
evicepolicy/DevicePolicyManagerService.java
|
| 623999185029a2c5baf29efe4ebdcbcdebcca294 |
11-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Add additional APIs supported work on the parent DPM instance
Bug: 22543972
Change-Id: I05061e34d120c64d5c49ca6b7b4014d7dadb68f4
evicepolicy/DevicePolicyManagerService.java
|
| 947f3557a5917617a6a738e3e2c4a2f055601270 |
22-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Merge "Add profile policy to set work challenge background color"
|
| 59720bb2a67dae70cd2e46a9f611d66e4a3f7221 |
18-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Add profile policy to set work challenge background color
Adding a policy for profile owners to set the background color of the
confirm credential screen for the managed profile.
Bug: 26638631
Change-Id: Iea36b94c5a42b6ae12cc36921ec5f840306e81a1
evicepolicy/DevicePolicyManagerService.java
|
| b7cc096fd49e99c01a9e963a895f6d26d685e474 |
21-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Merge "Added restriction if a user is allowed to change the icon. BUG: 25305966"
|
| 7f1f1dfc8713fbecbab60cfbe14ab4d97d27deee |
18-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Added restriction if a user is allowed to change the icon.
BUG: 25305966
Change-Id: I3d527224f00087b2bd959879ebb143e2ecb9c914
evicepolicy/DevicePolicyManagerService.java
|
| 0fdcd3df83b4af1e6cd89246b5f38401d8062148 |
13-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Added new password quality constant PASSWORD_QUALITY_MANAGED to make it possible
to prevent user from unlock modification.
BUG: 25549437
Change-Id: Iae9adccbb8f9e1db8a21d596137f69f6cad54988
evicepolicy/DevicePolicyManagerService.java
|
| 45aab9d974d896e56cf66e4078c1841b7c90907f |
15-Dec-2015 |
Michal Karpinski <mkarpinski@google.com> |
Applying finalized strings for remote bugreports
Bug: 26226230
Change-Id: I0764a2d8c67a5d14d91c3e3162f407c74adb7bf8
evicepolicy/RemoteBugreportUtils.java
|
| a8c8851caa0d1d44eccfcae2e01a2b6e7235d290 |
18-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "DPM changes to support remote bugreports"
|
| 206747d9f60a0f554aac71c9da9ccfe1a6582c80 |
15-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Fix Device policy crashes after adding the account while checking isActivePasswordSufficient
The calls to LockPatternUtils#isSeparateProfileChallengeEnabled
require MANAGE_USERS permission, wrapped them in a clear identity
Bug: 26565169
Change-Id: I4a18cec3ae7beb13320350d4c3fdc63e4a7d741d
evicepolicy/DevicePolicyManagerService.java
|
| b68d2d5b68dc58fb7b75ce94af74de58a1b9d3f9 |
14-Jan-2016 |
Robin Lee <rgl@google.com> |
Merge "Always-on app VPNs"
|
| 3fc437e89b018f258a3dee1a83014555aa156dc4 |
15-Dec-2015 |
Michal Karpinski <mkarpinski@google.com> |
DPM changes to support remote bugreports
Bug: 22860136
Change-Id: If984318e421f511d9b0fc7138aacd36d5334698f
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
evicepolicy/RemoteBugreportUtils.java
|
| a1771110d67fa7361f92d92f2e91019882ce3305 |
18-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create Work Challenge per-user condition
Change the current static condition to a per-user condition so we
can check and enable/disable the work challenge properly. Also add
an isAllowed API, as the Work Challenge can only be used when the
user's DPC targets N or above to maintain backwards compatibility.
Change-Id: I0cb8b475838816801868ffb24726407aa257b4de
evicepolicy/DevicePolicyManagerService.java
|
| 244ce8ef5f201cf403bab43df8281671a9e94512 |
05-Jan-2016 |
Robin Lee <rgl@google.com> |
Always-on app VPNs
Bug: 22547950
Change-Id: I46b204170bfac58d944f39b22f815b080de71a58
evicepolicy/DevicePolicyManagerService.java
|
| c754dffe1980cb6c3be96fb258b046dfcdf82353 |
12-Jan-2016 |
Victor Chang <vichang@google.com> |
Merge "Create a new device policy for controlling work contacts search"
|
| 1060c61866d57bd82cc474447205471c15e0d901 |
04-Jan-2016 |
Victor Chang <vichang@google.com> |
Create a new device policy for controlling work contacts search
BUG=25981902
Change-Id: I5cea59d7d09bf54051ae0e56e824e4d3a08a49e7
evicepolicy/DevicePolicyManagerService.java
|
| 3e826effedc89e326114a7abcbdd4ac7b3e125c0 |
14-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create parent APIs in DevicePolicyManager
This change creates the infrastructure for a parent
DPM and implements the actual parent APIs for
- set/getPasswordQuality
- isActivePasswordSufficient
This is part of the Separate Work Challenge
Change-Id: I0477051b3162cbb26aac79467da08932f22fd1b7
evicepolicy/DevicePolicyManagerService.java
|
| 51f3908c6a788f82d8188762c0680594a54b17ae |
06-Jan-2016 |
Jeff Sharkey <jsharkey@google.com> |
Merge "Consistent naming for PackageManager methods."
|
| e06b4d1d9f718b9fe02980fea794a36831a16db2 |
06-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for PackageManager methods.
When hidden PackageManager methods take a userId argument, they
should be named explicitly with the "AsUser" suffix. This fixes
several lagging examples so that we can pave the way to safely
start passing flags to new methods without scary overloading.
Also fix spacing issues in various logging statements.
Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
evicepolicy/DevicePolicyManagerService.java
|
| 06de4e77c20be239384262b1508f0cf53bedb145 |
22-Dec-2015 |
Kenny Guy <kennyguy@google.com> |
Add support message for device admins
Allow admins to set a long and short support
message for settings to display.
Bug: 25659579
Change-Id: Ib645490785642e49c69d8dbc65455eb3398547ee
evicepolicy/DevicePolicyManagerService.java
|
| 137241c714734d5559b3a3b3bd1d5c900ca7a879 |
30-Dec-2015 |
Sudheer Shanka <sudheersai@google.com> |
Update an error message.
Change-Id: Ifc32120ccccd14e8e821770995de91008ed518d7
evicepolicy/DevicePolicyManagerService.java
|
| f3378a29e9c270f1cbfebb126de6f14355ccba08 |
17-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Merge "Device or profile owner can let another app manage app restrictions"
|
| 699d537d1b7410268c639653e66746398101ff81 |
17-Dec-2015 |
Mahaver Chopra <mahaver@google.com> |
Merge "Adding DPM.reboot"
|
| bf60f728cc7ed326fb8978afd9f589a685bb87b7 |
10-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Device or profile owner can let another app manage app restrictions
The device or profile owner can allow another
package to set app restrictions for any app in that user
Similar to the way it can give permission to access
CA certificate related APIs from M.
Bug: 22541936
Change-Id: I0c1b0804ad300dfa4fbdc1c7721c5d8653d77861
evicepolicy/DevicePolicyManagerService.java
|
| 1e2839188fb49575b86646d3aadb355c81ef9cc5 |
26-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Wire call to suspend a package
Adds APIs in DevicePolicyManager and PackageManager for allowing
a device admin to suspend a package. PackageManagerService sets
or unsets a new PackageUserState 'suspended' setting. Terminal
command to suspend/unsuspend has been added via
PackageManagerShellCommand (as root).
Next steps:
* use the new 'suspended' setting for denying access to start app
(probably in ActivityStackSupervisor)
* broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up
* remove app from recents (go further and kill it if it is running)
* erase existing notifications for this app
Bug: 22776576
Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
evicepolicy/DevicePolicyManagerService.java
|
| 1ce53bc571563d8bf448a81a38da342ed5413ee4 |
14-Dec-2015 |
Mahaver Chopra <mahaver@google.com> |
Adding DPM.reboot
Adding new policy in DPM to trigger reboot on the device.
Requirement: Device owner can reboot the device if it is stuck or is
not useable due to some unresponsive UI.
Bug: 25304994
Change-Id: I7a6d5c8ad611de9c1cf6619378e492a306b41626
evicepolicy/DevicePolicyManagerService.java
|
| 5b9f167a8e7395ca54fc0ef78af4523858de87a7 |
11-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Only system can set application restrictions via UserManager
Preventing apps with MANAGE_USERS from managing application
restrictions via UserManager. Application restrictions should
only be set via DevicePolicyManager.setApplicationRestrictions,
or via Settings (for restricted profiles).
Bug: 22541936
Change-Id: Ieed51ef54b4c23a73f383465e9af9b3bcf18a514
evicepolicy/DevicePolicyManagerService.java
|
| 055d8396ef6b99f9dcd639e98cce6029fca1c145 |
11-Dec-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Allow PO to set DO restrictions if it's on user 0"
|
| 5485ed46ff337769589c6e06b3469246e60b9e3b |
09-Dec-2015 |
Makoto Onuki <omakoto@google.com> |
Allow PO to set DO restrictions if it's on user 0
Bug 26091525
Change-Id: Ie6d2cd4ade076d8d2ec47243ff1280b95b7c9044
evicepolicy/DevicePolicyManagerService.java
|
| 55c46f291dda5012e7ed0548653d7b8ca7a424e2 |
25-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Clean up DPM/DPMS to reduce code size.
Change-Id: Id6c1666ef4cdba795e3b6e4ddcb9c32e6ee90665
evicepolicy/DevicePolicyManagerService.java
|
| fbc65644b9bda216699f5f1f883d6dfa2668e545 |
03-Aug-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy API to remove an installed KeyPair
The keypair is specified by alias and removed via a call to the
KeyChainService, which will have installed the pair in the first place.
Bug: 22541933
Change-Id: I37317e7c22e89816156e6e9a7abf4c5a59e8440a
evicepolicy/DevicePolicyManagerService.java
|
| ee3a437464026219ceec03c633e61b55e2f12a1d |
19-Nov-2015 |
Robin Lee <rgl@google.com> |
Send pwchange broadcast to caller only in FBE case
When per-user encryption is set up and we change the password of a
profile, the parent and other profiles shouldn't receive an
ACTION_PASSWORD_CHANGED as they have their own distinct passwords.
Change-Id: I70d4ec81277a9bdc3ac6cd952b84cd769a2800b4
evicepolicy/DevicePolicyManagerService.java
|
| 10ad84a17d7248488c1653bacc9f20d3a7193999 |
01-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create a separate Work Challenge check
This allows us to tell lock checks from FBE checks separately,
and will be useful when dealing with password unification.
Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8
evicepolicy/DevicePolicyManagerService.java
|
| 29fcf1b1dbb7740836eb78e06d3ef4fc5769623d |
26-Nov-2015 |
Clara Bayarri <clarabayarri@google.com> |
Apply Admin password restrictions to work profile
When the Work Challenge is in place, re-route the
enforcing of Admin policies on the password to the
work profile. The Admin should not be allowed to
dictate policies on the device lock in this case.
This is part of the Separate Work Challenge feature.
Change-Id: I757973e540797b5fb10bea7a2fd1925561655bc9
evicepolicy/DevicePolicyManagerService.java
|
| 968dea0969c6aec651b91845e8d63462c5f20609 |
03-Dec-2015 |
Robin Lee <rgl@google.com> |
DPMS: Replace ArrayList<>(1) with SingletonList
Change-Id: I78f8230d959f17c3aa2f248122973a8cd5c96693
evicepolicy/DevicePolicyManagerService.java
|
| 574f038a571ec9e1fd26db35a187b2f06b7484fd |
02-Dec-2015 |
Robin Lee <rgl@google.com> |
Resolve merge conflicts of 5ec51457e1 to master.
Change-Id: I70c12ad663c3b4d3b5e3b8f40bc659cb94d82c14
|
| 9c165d76010d9f79f5cd71978742a335b6b8d1b4 |
02-Dec-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add optional permission review for legacy apps - framework
For some markets we have to allow the user to review permissions
for legacy apps at runtime despite them not supporting the new
permission model. This is achieved by showing a review UI before
launching any app component. If an update is installed the user
should see a permission review UI for the newly requested
permissions.
To allow distinguishing which permissions need a review we set
a special flag in the permission flags that a review is required.
This flag is set if a runtime permission is granted to a legacy
app and the system does not launch any app components until this
flag is cleared. Since install permissions are shared across all
users the dangerous permissions for legacy apps in review mode
are represented as always granted runtime permissions since the
reivew requirement is on a per user basis.
Whether the build supports permission review for legacy apps is
determined by a build constant allowing us to compile away the
unnecessary code for markets that do not require a permissions
review.
If an app launches an activity in another app that has some
permissions needing review, we launch the permissions review
UI and pass it a pending intent to launch the activity after
the review is completed.
If an app sends a broadcast to another app that has some permissions
needing review, we do not deliver the broadcast and if the sending
app is in the foreground plus the broadcast is explicit (has a
component) we launch the review UI giving it a pending intent to
send the broadcast after the review is completed.
If an app starts a service in another app that has some permissions
needing review, we do not start the service and if the calling app
is in the foreground we launch the review UI and pass it a pending
intent to start the service after the review is completed.
If an app binds to a service in another app that has some permissions
needing review, we schedule the binding but do not spin the target
service's process and we launch the review UI and pass it a callback
to invoke after the review is completed which spins the service
process and completes the binding.
If an app requests a content provider in another app that has some
permissions needing review we do not return the provider and if
the calling app is in the foreground we show the review UI.
Change-Id: I550f5ff6cadc46a98a1d1a7b8415eca551203acf
evicepolicy/DevicePolicyManagerService.java
|
| 28860b7570d2b3e7bc6a136a7bb7312e5aaf6e61 |
26-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Fix for being able to setup Managed User from system user.
Also move feature flag check to ensure it is used in all cases.
Change-Id: If42787c5bc9ab824449c70f90fb827cf2da7507f
evicepolicy/DevicePolicyManagerService.java
|
| 777ef95ebf18c61ff09e7567a06058d351c530ca |
26-Nov-2015 |
Yohei Yukawa <yukawa@google.com> |
Use Context.getSystemService(Class<T>) for InputMethodManager.
This is a mechanical replacement of Context.getSystemService(String)
with Context.getSystemService(Class<T>) when retrieving
InputMethodManager. Note those are bundled code. Hence we don't need
to make sure Build.VERSION.SDK_INT >= 23.
Change-Id: Icc64942ad8f11e44bf84f8d4fe476b2fdd1257f3
evicepolicy/DevicePolicyManagerService.java
|
| e7927da1b6dc4f96714aa9bc4fbb71b3659f8cea |
25-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Don't call DPM from UserManager to avoid lock inversion
- Also make sure DPMS.mOwners is always guarded with DPMS.this.
(and remove synchronization from Owners.)
Bug 25796840
Change-Id: I83f7b78e7b437d9c2a2b1d6e714346cd15f95330
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| 3ab6f2e219c167fd35f16b6cf233ae6a39d9de02 |
05-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DA receiver should be protected with BIND_DEVICE_ADMIN.
- DPM.setActiveAdmin() will not accept DAs without BIND_DEVICE_ADMIN
when it's targeting NYC or above.
- DAs without BIND_DEVICE_ADMIN targeting MNC or below will still be
accepted. (with a logcat warning)
- DAs that are already set on a device without BIND_DEVICE_ADMIN
will still be accepted regardless of the target API level, even when
it's upgraded to a version targeting NYC.
Bug 24168653
Change-Id: I1914c2ec99135d9dd8cbac3f6914f9e43bafacc8
evicepolicy/DevicePolicyManagerService.java
|
| a31ebbc439364a4993e79fd385cf6373408a42fe |
24-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Add DO API to get wifi mac address
Bug 25496044
Change-Id: Ib1f0ce4ca10951edcfaa0aa79ae5c2d142a74599
evicepolicy/DevicePolicyManagerService.java
|
| c8a5a555f1482d0f45b538eb898d6ee7e26552a6 |
19-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user
- Previously on MNC, they would return the same result regardless who
the calling user is.
- Now they properly take DO user-id into account. Meaning, they'll
always return false and null respectively, if the calling user doesn't
run device owner.
- Note isDeviceOwnerApp() is a public API and getDeviceOwner() is
a system API. Meaning we're changing the behavior or non-private
APIs.
- Also cleaned up hidden APIs, and gave them explicit suffixes
to avoid confusion. Bundled code should prefer them for clarity.
Now we have:
* APIs that work cross-users: They all require MANAGE_USERS.
boolean isDeviceOwnerAppOnAnyUser(String packageName)
ComponentName getDeviceOwnerComponentOnAnyUser()
int getDeviceOwnerUserId()
boolean isDeviceOwnedByDeviceOwner()
String getDeviceOwnerNameOnAnyUser()
* APIs that work within user. No permissions are required.
boolean isDeviceOwnerAppOnCallingUser(String packageName)
ComponentName getDeviceOwnerComponentOnCallingUser()
Bug 24676413
Change-Id: I751a907c7aaf7b019335d67065d183236effaa80
evicepolicy/DevicePolicyManagerService.java
|
| 15a46b07c5734b14df60ea28ab7a7cd26df2fc17 |
11-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Add method isManagedProfile and isSystemOnlyUser
Adding method isManagedProfile() and isSystemOnlyUser() for DPC to know
if running in a managed profile or system only user
Bug: 24464823
Change-Id: I79974fdfd60d2bfe52dee3b4c95becf47a5bf0b1
evicepolicy/DevicePolicyManagerService.java
|
| 42490c074dc8ff568d0459ed0f9247d55ad95c2f |
23-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Remove UserManager.setSystemControlledUserRestriction()"
|
| ac65e1e1dba1cf0ea237a389220ec818ade07a16 |
21-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Remove UserManager.setSystemControlledUserRestriction()
Now that we don't have UM.setUserRestriction*s*() that could remove
all existing restrictions, there's almost no point handling
DISALLOW_RECORD_AUDIO differently.
Now DISALLOW_RECORD_AUDIO is handled just like other restrictions,
except we don't persist it.
Bug 24954662
Change-Id: I27875b4a74dd95a3ce6bb774081eeaf718eaec15
evicepolicy/DevicePolicyManagerService.java
|
| 883f12ac5ac818e678af46b64a3f6e97b51caabe |
23-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Merge "Revert "Disable multiple user for corp-liable mode""
|
| 86e5d6b868aec6fa4d3070f36d458798968c85f9 |
23-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Revert "Disable multiple user for corp-liable mode"
This reverts commit 1dc510eb5bc7f279002a3479f24761f08cc390f7.
Change-Id: I12ea8275369cbdc4e95b21c7f5d51b4f0e5da7b2
evicepolicy/DevicePolicyManagerService.java
|
| 9aa233899f7cf5c1cdf4181412a9e197d83ab1a3 |
23-Nov-2015 |
Ricky Wai <rickywai@google.com> |
Merge "Add work contacts directory support in Quick Contacts API"
|
| 494b95d30266335044a854845219b6e34cf43edb |
20-Nov-2015 |
Ricky Wai <rickywai@google.com> |
Add work contacts directory support in Quick Contacts API
Bug: 25764505
Change-Id: I61f9d13ea03352e3df1686ee4b3bcc43e9a9a760
evicepolicy/DevicePolicyManagerService.java
|
| 71c84e515e73f6a3cb30d68fc81f88e1bd02b5e3 |
23-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Merge "Disable multiple user for corp-liable mode"
|
| 09b108e2bb6b585947249eda92c047d0b582e8a0 |
21-Nov-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added keep-uninstalled-packages DO policy"
|
| cb6fd80721253ffa9dcab5cf8c2f4e9b9cd17ccc |
05-Nov-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Added keep-uninstalled-packages DO policy
This policy allows DO to specify a list of apps to cache even without being
installed on any user.
Bug: 23938464
Change-Id: I2eeab7f148409739fc23a5c44e955ad12b63fd04
evicepolicy/DevicePolicyManagerService.java
|
| 1dc510eb5bc7f279002a3479f24761f08cc390f7 |
19-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Disable multiple user for corp-liable mode
Bug: 25443050
Change-Id: Iad34e7ad0d3679626880f905f9bab9b6c2a192ed
evicepolicy/DevicePolicyManagerService.java
|
| d7b43dd4bb315d9456f6eb74097d60a806b2db70 |
20-Nov-2015 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Add per-user version of DevicePolicyManager.getUserRestrictions."
|
| 1fae502824dfb77a109fedd80dad61fe094d8284 |
19-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "More work on layered user restrictions."
|
| 1a2cd74526113b45d9108b6997609122c4311fb1 |
16-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
More work on layered user restrictions.
- Now when DO/PO sets a user restriction, DPMS pushes it to UMS and
then UMS persists it, in order for UserManager.hasUserRestriction()
to never have to talk with DPMS, which would cause lock inversion.
- Also apply user restrictions when a user start.
- This is an updated version of the abandoned CL -- the difference
is, ActivityManager no longer has to call DPMS.
- Also removed an unnecessary write to userlist.xml in UMS.
upgradeIfNecessaryLP().
Bug 23902097
Bug 25388912
Bug 25354031
Bug 25641040
Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| 5145df278bc7b607599e81370a2aecbfe0834c0c |
19-Nov-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy: Always send ACTION_PASSWORD_CHANGED
The old check looks a lot like an equality check, but it's not valid
because two passwords can share the same parameters.
For example:
'11Aa' and
'Y99z'
Are not different according to the old logic.
Bug: 25319928
Change-Id: Ia69861d9103670d1fc1dbf0130516e18e85e8de0
evicepolicy/DevicePolicyManagerService.java
|
| ba51235ef5c598d845b77fcf14491329493da34f |
13-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
More file-based encryption work.
Add new "am unlock-user" command so we can trigger changes from the
command line.
Move FBE check to static method so it can safely be called early
during boot before the mount service is ready. Move FBE emulation
to persisted system property, and start reading/writing that value.
Change default permission grants to ignore current encryption-aware
flags, since many of the target apps aren't crypto aware.
Always prepare package data directories, which is how we create the
new "user_de" paths during boot.
Bug: 22358539
Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621
evicepolicy/DevicePolicyManagerService.java
|
| a87401054fc6960c4b0ac2d361ddbcf415350b33 |
17-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Allow PO to clear password even if the same apk has DA"
|
| c2f521a7d8eb40d92ae32f7828f14fb26be63c1a |
17-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Allow PO to clear password even if the same apk has DA
Bug 25645900
Change-Id: I7d2d9fbf6a4dc65ac63fb14e6ee6b9abc1f1c0e7
evicepolicy/DevicePolicyManagerService.java
|
| 1c277a5d8f79ebf8beeb80f67b67512d9217d953 |
11-Nov-2015 |
Sudheer Shanka <sudheersai@google.com> |
Add per-user version of DevicePolicyManager.getUserRestrictions.
Bug: 25663001
Change-Id: Ic5b34fee7b57670c338f11263330a1c702002edc
evicepolicy/DevicePolicyManagerService.java
|
| 0c9ce28c12c187f44ba0a7cba5fa2b452de0bcee |
17-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Fix edge-cases for split-user provisioning cases.
Split-user systems will allow for combinations of management modes,
specifically managed-{user,profile} on systems with a device-owner.
Bug: 25671630
Bug: 25680065
Change-Id: I5716f55eb6c8318129b4614adc22897d53901bee
evicepolicy/DevicePolicyManagerService.java
|
| 46dd449420c52a8bb30f5bfe839c6043392381a1 |
09-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Add new ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE intent action.
Bug: 25462877
Change-Id: I14bcabf993436d9936091aa82fab698eced9e4d6
evicepolicy/DevicePolicyManagerService.java
|
| 70f929eedec10b154170ad66c9d53f18bfc4f613 |
11-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Disallow DA to reset password, also fix all DO checks
Now pure DA (not PO, not DO) aren't allowed to change the password
if one is already set.
Also update "isDeviceOwner" check and make sure we always take
user-id into account. If one really wishes to check the package name
only, then use getgetDeviceOwner() instead.
Also change the enforceNotManagedProfile() check to what's more
generic in the FBE world.
Bug 25645900
Bug 25547523
Bug 25643916
Change-Id: I588ecf9452fe3acc1fb0b4ca0457ad662382fcd2
evicepolicy/DevicePolicyManagerService.java
|
| bfd2290824069b6eaeae4fdfd9a52c60bd73689e |
12-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Merge "Introduce APIs in DPM for setting/getting the device owner info"
|
| 54b5f25b85e4bf4df82cb7450114fb9849f1ae58 |
12-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Revert "Do not call into ActivityManager from DPMS within DPMS lock""
|
| 219bbafc3fa40dae163d652365cc4a97d613011f |
12-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Revert "Do not call into ActivityManager from DPMS within DPMS lock"
Bug 25567963
This reverts commit 53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd.
Change-Id: I4faaa0b4c50d75e208f37b99bc1d6e2f0fff8127
evicepolicy/DevicePolicyManagerService.java
|
| 6644cd9630be363a25af5e1327f41e16ca868556 |
10-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Introduce APIs in DPM for setting/getting the device owner info
This information, if set, will be shown in the lock screen instead
of the user owner information and the settings tile will be made readonly
(implementation in following CLs).
Bug: 22547309
Change-Id: Ic826d8049bc67f5e8fcfa6a91aa2017247c93b11
evicepolicy/DevicePolicyManagerService.java
|
| 246b5a0993978202b19a7c02d355fddfd9506798 |
10-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Do not call into ActivityManager from DPMS within DPMS lock"
|
| 53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd |
07-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Do not call into ActivityManager from DPMS within DPMS lock
This will allow AMS to call into DPMS within the AMS lock instead,
which will help I1537bd57b34696768ee81a979d53bb396efbc12a.
- AM.clearApplicationUserData() will not be allowed for any DA
apps.
Bug 25567963
Change-Id: I9f0d071c815a011be4f4c85c502c39d0fe0fe5e8
evicepolicy/DevicePolicyManagerService.java
|
| 5e73256a48cdb10fc72779ce1644d2e13b6669b7 |
05-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Add ACTION_PROVISION_MANAGED_USER
Adding ACTION_PROVISION_MANAGED_USER to DevicePolicyManager.
Bug: 25462684
Change-Id: Ic90c3471f3a9c431d728197a19ab25b9946f090a
evicepolicy/DevicePolicyManagerService.java
|
| d59262667cbcdfedd9b03dccaa26a9a000486350 |
09-Nov-2015 |
Nicolas Prévot <nprevot@google.com> |
Merge "Add method to tell the dpc if provisioning is allowed."
|
| 6d2beef6a819aebed4119ca06cb2369bc56dd214 |
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Add DPM.getUserRestrictions()"
|
| 3a3092fab0ccb631bc70de64f3bbe5c076a1f94b |
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Add DPM.getUserRestrictions()
This returns per-DO/PO restrictions.
Bug 23902097
Change-Id: I225c1b01444fe2f60e5a6674d327182cc9bb15dc
evicepolicy/DevicePolicyManagerService.java
|
| 86cd001e364d0d0a8253cf4ee14acd13915cbd9a |
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and"
|
| 0953033842333532eaa529c53cbf7a94c79a7a97 |
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Do not allow DO and PO running on the same user."
|
| 803d6757fd23096e437e6fecd51ea6dda918b536 |
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Do not allow DO and PO running on the same user.
Bug 25346603
Change-Id: Ic5fbed82466a538fbf64ef802fc2624dd67313bb
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| d45a4a2ecb18701b4cfadcb4a26663f2eab642fe |
03-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and
... DISALLOW_ADJUST_VOLUME, instead of UserManager pushing
new settings to AudioService.
Also:
- Allow PO to set these two restrictions.
- Now AS.setMasterMuteInternal() respects mUseFixedVolume to make
it consistent with readPersistedSettings().
- When a user switches and restores the mute state in
AS.readPersistedSettings(), also check the current user restrictions
in addition to system settings. Because of the delay in AudioService
before persisting the mute settings in setMasterMuteInternal() and
setMicrophoneMute(), there's was an edge case
DISALLOW_UNMUTE_MICROPHONE and DISALLOW_ADJUST_VOLUME would be ignored
when the user switches right after they are set.
Bug 24981972
Change-Id: I4d9b709a0a0e6812319204568c6e44d6664bdeb4
evicepolicy/DevicePolicyManagerService.java
|
| 07387fedfafa72bcb68defd801eef82f1f494d7c |
30-Oct-2015 |
Nicolas Prevot <nprevot@google.com> |
Add method to tell the dpc if provisioning is allowed.
The DPC can use it to tell if provisioning a managed profile or for
device owner would work or not.
BUG:25338478
Change-Id: I09ea6a9f23a8e88e4ed37c048170b2a68213086e
evicepolicy/DevicePolicyManagerService.java
|
| 965da39942f9a8736f785f7c57a6c351a8c89d6b |
28-Oct-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create a File Based Encryption check API
Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31
evicepolicy/DevicePolicyManagerService.java
|
| 82402753815ff4633cc572713ae490a17d9129e5 |
28-Oct-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Introduced short-term lock for UMS internal state
Added mUsersLock - short-term lock for internal state, when interaction and
synchronization with PM is not required. Modifications to mUsers and
mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and
mUsersLock. While reads can use mUsersLock.
Testing revealed that the following methods in UMS often cause contention:
- exists
- getUserInfo
- getProfileParent
They all now use a short-term lock mUsersLock for reads.
Bug: 24979571
Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
evicepolicy/DevicePolicyManagerService.java
|
| 4f16073556f7978708fb71c87628cfe1692412d5 |
28-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Make UserManager enforce user restrictions, not DPM.
- Now even if a user restriction is set via UserManager, it'll be correctly
enforced.
- Changed the way AudioService enforces the OP_MUTE_MICROPHONE and
OP_AUDIO_MASTER_VOLUME app ops -- previously, when they're set, even a muting
call would be rejected. This was why DPMS.setUserRestriction() used different
calling orders for DISALLOW_UNMUTE_MICROPHONE/DISALLOW_ADJUST_VOLUME depending
on setting them or clearing them.
Now, even when the app ops are set, we still allow muting calls.
Bug 23902097
Bug 24981972
Change-Id: I865b5de43e15f5955f94006475a5ec6254904d31
evicepolicy/DevicePolicyManagerService.java
|
| 759a763f5f03fda86b96d238faedb870fbee24ec |
29-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Allow DO to disable camera device-wise.
Bug 24538855
Change-Id: I421690f14ee57fa818d2b233fe48a90a0a575a9e
evicepolicy/DevicePolicyManagerService.java
|
| 068c54a5be697c3df4657dcda33cd17c4b547710 |
13-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Layer user restrictions
- Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin.
- User restrictions set by DO/PO will no longer be saved by UserManger. Instead,
when needed, UMS will consult DPMS to build "effective" user restrictions.
- UM.getUserRestrictions() will now always return "effective" user restrictions.
- DPMS migrates existing user restrictions per the eng spec.
- Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has
been removed.
This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no
longer be a valid use like it used to be.
- Also introduced a fined-grained lock for user restrictions in UM to avoid
deadlock between DPMS and also for better performance.
Bug 23902097
Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| 6655630c962c68e5ca510f4d3249d00e819336f8 |
21-Oct-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Clean up UserHandle.isOwner() in frameworks
Bug: 24869636
Change-Id: Ibebd7d0762f5375ee93ec101e7ab5578769bd9f6
evicepolicy/DevicePolicyManagerService.java
|
| 07b668e3abbc752028e92759b9b55ecf63fc91c3 |
13-Oct-2015 |
Clara Bayarri <clarabayarri@google.com> |
Enable Work Profile passphrase verify/write with FBE
When File Based Encryption is present, allow the verify/write of
passphrases to be per-user (it used to always bubble up to the parent
user assuming it is a per-device passphrase).
This is part of the work for the Separate Work Challenge.
Change-Id: I5ae6b7b6ed1dd25aed0843d495b6f5f36e01c4eb
evicepolicy/DevicePolicyManagerService.java
|
| a52562ca9a4144cf30e6d5c6ffe856cc8e284464 |
02-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
setDeviceOwner() now requires a full component name.
Bug 20149907
Change-Id: I24e66159d1d966925aa3a494b1e2839b07cdafa2
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| a4f119790e32fcce56586e7324d508e35cb30a2a |
01-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
First cut of user restriction layering.
- Start persisting restrictions set by DO/PO.
- Also dump user restrictions on dumpsys
- More changes will follow, including migration.
- Now System settings are mockable.
Bug 23902097
Bug 23902477
Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| e7ee54ee7f4985bc743053d38d21f33c70220f05 |
21-Sep-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove device initializer agent
Bug: 23216982
Change-Id: I867c0b5f4165983d1ed2623a655f6a2a5e3770bb
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| 72a3a0c7d24f629bca38ee2652491307e4e706da |
26-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Fix OwnersTest when run with -e package
It was because UserManager.get() returns a static cached instance but
we should always be using the mock instance that's created for each test.
Bug 24378326
Change-Id: Id4663e7676d2d0130622055a97fbde0884714349
evicepolicy/Owners.java
|
| b643fb0e67460344ade2e3db92738999f8168496 |
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Use a factory class for dependency injection, add more tests.
- Extracting into a factory allows us to use mocks in other classes.
(Such as Owners.)
- Also removed broken test ApplicationRestrictionsTest. Instead added a new
simplified test to DevicePolicyManagerTest.
- Also stop caching rarely used instances in DPMS.
Bug 24061108
Bug 24275172
Change-Id: Ice9e57204b18e7b5f6b115126dab2209041439c2
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| f76b06a6b546f430cf85e561858ed12eedc32b81 |
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Test more DPM APIs.
Bug 24061108
Change-Id: Ia9da19f62c0f4edf53ca1f4c213f0368ec1983ba
evicepolicy/DevicePolicyManagerService.java
|
| f85c97741485a53c1cca5d9d6192a9436d91a044 |
23-Sep-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Cleanup USER_OWNER in DPMS
This cl assumes device owner will continue running under user 0.
Bug: 19913735
Change-Id: I65c97f6f14fb362acbdcb6588b73787291100698
evicepolicy/DevicePolicyManagerService.java
|
| cc4bbeb76af92a8484fe05f37c4ff412b4c47ccc |
17-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Make DPM/DPMS unit-testable
- Now all services that DPMS uses are injectable.
- Introduce some wrappers to make static methods and final class mockable.
(e.g. for Binder.getCallingUid())
- In unit tests we replace those with Mockito mocks, except we use a partial
mock for PackageManager, because we use way too many methods of this and
most of them are okay to use directly.
- To install a partial mock to PackageManager, I needed to make
ApplicationPackageManager @hide public non-final.
- For a starter, added tests for DPM.setAmin().
Bug 24061108
Change-Id: I2afd51d8bc0038992d5f9be38c686260be775b75
evicepolicy/DevicePolicyManagerService.java
|
| 287971d613b647c0990f8680945ef4ba64f290ca |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Make sure DO user is running even if caller is shell/root.
Bug 23827706
Bug 23994401
Change-Id: Ie2fbc3ab07901e3d0a9898c910c69d993583084e
evicepolicy/DevicePolicyManagerService.java
|
| cb150cd81a66d2b59fc2ba05d788c307cad22207 |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix the "User not running: 0" issue"
|
| 299878c9cf9bafdee4b0715de3202bd633162d03 |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Fix the "User not running: 0" issue
Bug 23994401
Change-Id: I580730e7c895f00adf278a2d6709284fff0fc28b
evicepolicy/DevicePolicyManagerService.java
|
| 688b5f4f29f623258fe12c99166c978db0bf128b |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Cleanup: rename loadDeviceOwner() to loadOwners()"
|
| 58b684f1cdc52467b71c42cfae18433a19ce7d0b |
04-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
[split system] Tentatively support running DO on meat user
- setDeviceOwner() now takes a user ID. (We can infer it from Binder, but
we still need it for the dpm command.)
- Change broadcast target UID for DO to the DO user
- Start the DO user on boot complete.
TODO Investigate whether this is actually the good timing.
TODO Prevent the DO user from being killed
Bug 23827706
Change-Id: I227dbd444f1f4e94d98c317489d151554fe79d91
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| f024f048dee270252bcc728350f0ac1ad3a8e420 |
04-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Cleanup: rename loadDeviceOwner() to loadOwners()
Change-Id: I68e3367b1e70022f9501cf998e1860a6ce7d496b
evicepolicy/DevicePolicyManagerService.java
|
| 2714d448b12797a5050834f952fd1166246e558e |
03-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Replace all occurrences of HashMap/HashSet with ArrayMap/ArraySet.
Also fix the command line for OwnersTest in javadoc.
Change-Id: I53c222aa13eee179c5abf7e6ba95c6cbe9a7f47f
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| c9754cf0dfa66d39ce9ea0d2eeab5f7c442a9686 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Add unit tests for file persisting in Onwers.
Bug 23432442
Change-Id: If10ed5a46084695b2aca1286713b8baea8c2a418
evicepolicy/Owners.java
|
| 28988383182073aad6b96688db5b2801c42b11d7 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Fix bug in Owners
It was always failing to read policy files.
Bug 23432442
Change-Id: Ia71a746bbed279c4b27a9ebdf454a3cb4dfa786d
evicepolicy/Owners.java
|
| 99aeac27ebc5ad54c0095122251cc0258713c263 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Rename DeviceOwner to Owners
Bug 23432442
Change-Id: Ic59c880d45126fbcf50b1bd31e37b2b64e2f3a6d
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
| 39e784dd46fe4c7257bf63d0a60167abb2b28f79 |
22-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Split device owner config files
DPMS.mDeviceOwner is now always non-null, so no null checks are needed.
Bug 22802261
Bug 23432442
Change-Id: Ia8e5f114ecfc0add44b0d1be7d043ef6e37019ef
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| ed969e18f8e9a0d9ec9a7dc423a1105899a1fb57 |
24-Aug-2015 |
Rubin Xu <rubinxu@google.com> |
Reactivate backup service after device owner is cleared.
Bug: 23474411
Change-Id: I99da846493eb749828517d27f4384ab3fe647df5
evicepolicy/DevicePolicyManagerService.java
|
| e3b07451c3ca7064cb70f1829cf35963cba74bd8 |
22-Aug-2015 |
Adrian Roos <roosa@google.com> |
resolved conflicts for merge of bcc26c02 to master
Change-Id: I4260ff0d090cfa9741fd3adcfcadcbbff6839388
|
| b5e4722891e7bbf2fffcd995af02838667a3abab |
15-Aug-2015 |
Adrian Roos <roosa@google.com> |
Add StrongAuthTracker
Bug: 22846469
Bug: 22115393
Change-Id: I6ef5322d02e540fc043e7f20d3aabf595ce7c224
evicepolicy/DevicePolicyManagerService.java
|
| 4afb83e912fc46db64297a1734f1d5959e3caff4 |
21-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Clear cross-profile intent filters in the right user.
Clear them in the parent, who is not always the owner.
BUG:23105562
Change-Id: Iae2adbfa6b4d6e982f6f2a4075dd8bd55b11c37e
evicepolicy/DevicePolicyManagerService.java
|
| 741abfc12074623d24297ebb67d98cb2d9126add |
11-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Fix cross-profile intent filters with system-user split.
Don't assume that the parent is always the user owner.
BUG:23105562
Change-Id: Ia98ed608e2b6d1d82d95a73110134d85274c6abf
evicepolicy/DevicePolicyManagerService.java
|
| 2af03d2a7ac0eff78d1646b66e242b17e12165cd |
10-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Send the MANAGE_PROFILE_ADDED broadcast to the correct user.
Send it to the parent, who is not always the user owner.
BUG:22753960
Change-Id: Ibd0edb78be4b3bdfc9fc31fd05e50fe3bf8bb493
evicepolicy/DevicePolicyManagerService.java
|
| c1836bb0f1bf3e5ef0911719525da0bab3e53507 |
31-Jul-2015 |
Dianne Hackborn <hackbod@google.com> |
Merge "Change MNC codename to just M." into mnc-dev
|
| 9a81a182df634ab7a087752c9a10db67c5d0f256 |
31-Jul-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Don't always transfer device owner status to other users." into mnc-dev
|
| e2a4a6ff8a83a4216824b2d40a323e56814d0463 |
28-Jul-2015 |
Nicolas Prevot <nprevot@google.com> |
Don't always transfer device owner status to other users.
A device owner cannot use device or profile owner policies on
other users unless it is profile owner there. Also limit device
initializer to system apps only.
Bug: 21800830
Change-Id: Ie1abbd891945b91b17ecdf7f73ba93aaa19819be
evicepolicy/DevicePolicyManagerService.java
|
| 0e3de6cacaffcfeda4d6353be61e2f1f9ed80705 |
30-Jul-2015 |
Dianne Hackborn <hackbod@google.com> |
Change MNC codename to just M.
Change-Id: I4281d200ff6560791c47cf9073ceea1cb509361e
evicepolicy/DevicePolicyManagerService.java
|
| 00799008832e11f06f9ddc0bf721799edee99f28 |
27-Jul-2015 |
Nicolas Prevot <nprevot@google.com> |
Send a public broadcast when the device owner is set.
Make it a protected broadcast.
BUG: 22623518
Change-Id: Ia36e8f0b80a6301d7d8e0461476842c78762b5e8
evicepolicy/DevicePolicyManagerService.java
|
| c1aebfa02c393471fb344c3a94ee2ae62bb78f93 |
09-Jul-2015 |
Jeff Brown <jeffbrown@google.com> |
Merge "Clean up USB Manager and fix ADB." into mnc-dev
|
| 460a146eb8f827e4e70f2dd93d1ba852d0feb06b |
01-Jul-2015 |
Jeff Brown <jeffbrown@google.com> |
Clean up USB Manager and fix ADB.
Moved functions which parse the USB functions list into one common
place on UsbManager.
Deleted the no longer supported USB_FUNCTION_MASS_STORAGE.
Ensured that the UserManager.DISALLOW_USB_FILE_TRANSFER rule is
consistently applied during user switch and when changing the
current USB functions and make sure it only affects MTP and PTP.
Collapsed the boot completed and user switched receivers to
ensure consistent ordering of side-effects.
Validate the list of functions passed to setCurrentFunction() so
that the separation of concerns is clearer. It was somewhat
ambiguous as to whether functions such as ADB could / should be
enabled through that interface. Improved the docs for clarity.
Fixed a bunch of broken stuff related to the USB config
persistent property (list of default functions) that could cause
ADB and other functions to not work at all. Added new failsafes
to ensure that we reliably get back into a happy state.
Bug: 22206076
Change-Id: I02915ddfce7193a8f67a14f0d76bab22fc575dfa
evicepolicy/DevicePolicyManagerService.java
|
| 70e0c58c2269cd29dfd6420d690da13dc03fd457 |
30-Jun-2015 |
Kenny Guy <kennyguy@google.com> |
Mute correct user from device policy manager.
Add per user versions of mute methods so
device policy manager can mute the correct
user.
Just persist change if the calling user
isn't the current user.
Treat calls to audio manager coming from uid
1000 as if they were coming from current user
rather than user 0 so that the correct user's
user restriction is checked.
Bug: 21782066
Bug: 21778905
Change-Id: I51469b741096d8a2ffdc520eaf5b3fd754f2c819
evicepolicy/DevicePolicyManagerService.java
|
| 7ce2bd2161405cef9740a6f14d586a8964dad3e0 |
30-Jun-2015 |
Alex Chau <alexchau@google.com> |
Clear "profile wiped" notification when a new porfile is created
Make use of ACTION_MANAGED_PROFILE_ADDED to clear the notification.
Bug: 22186884
Change-Id: I08514ebc308f2e2fb61f837500e2ba712ccf8703
evicepolicy/DevicePolicyManagerService.java
|
| fef8cbd6a643a621a97f8e5616977e1fb65d9a5f |
30-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Merge "Marking some globals from setGlobalSetting as not supported" into mnc-dev
|
| 656fa7f5d1ce9299cb63043de80f2b4db9bff497 |
29-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Marking some globals from setGlobalSetting as not supported
Those globals don't have the intended behaviour any more.
Bug: 19967818
Change-Id: I8c7891e59280f9deb88b1f0ffead3de07f4eca56
evicepolicy/DevicePolicyManagerService.java
|
| e8490f1d78a62826742ddf4af8943e6666a1a8d0 |
25-Jun-2015 |
Rubin Xu <rubinxu@google.com> |
Use StorageManager.wipeAdoptableDisks to wipe external disks
Retire FORMAT_AND_FACTORY_RESET which is more fragile.
Bug: 9433509
Change-Id: I158ee987274bb4db41d466de9f1e3c60ffc1d140
evicepolicy/DevicePolicyManagerService.java
|
| 28b9570d0235eca305dc76c006a54c8a85cf5db8 |
24-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Reset permission policy to default when device owner goes away
Otherwise after the Device Owner is gone, runtime
permissions might still be auto granted/denied.
I understand that there are many other policies that
we don't reset after the device/profile owner goes
away (e.g. keyguard enabled/disabled). At least now
we have a single method when we could clear the
ones that we care about.
Bug: 21889278
Change-Id: I6997655e6ef6d474bd25ae1c323eca5b17944b16
evicepolicy/DevicePolicyManagerService.java
|
| 0bf8f7cc3982164a9e11ea4a25ed930e466f1dd8 |
22-Jun-2015 |
Amith Yamasani <yamasani@google.com> |
Runtime permissions cannot be set on legacy apps by device policy
Clarify docs that runtime permissions can be granted or revoked by
a profile owner/device owner only for MNC apps and not legacy apps.
Check the targetSdkVersion and return false if legacy app.
Remove all policy flags from permissions when cleaning up
a device or profile owner.
Bug: 21835304
Bug: 21889278
Change-Id: I4271394737990983449048d112a1830f9d0f2d78
evicepolicy/DevicePolicyManagerService.java
|
| 2c3c66a2cf06b4d081f539a1fa01b44780cc65dc |
23-Jun-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN" into mnc-dev
|
| 58e706d754adaeb59ccea9b8d496d54240c37caf |
23-Jun-2015 |
Robin Lee <rgl@google.com> |
Merge "Let device owners handle onChoosePrivateKey" into mnc-dev
|
| deee7735d81107380e8af5e35d4339e85530ee98 |
20-Jun-2015 |
Robin Lee <rgl@google.com> |
Let device owners handle onChoosePrivateKey
Bug: 21959745
Change-Id: Ifad3901015937d2ea700124bb5f61982cd580ad8
evicepolicy/DevicePolicyManagerService.java
|
| 1046ba518b07e42eb5d3474f1ff9ca1181c331d5 |
17-Jun-2015 |
Benjamin Franz <bfranz@google.com> |
Add DISALLOW_CREATE_WINDOWS to Device Owner only user restrictions
Even though the documentation of DISALLOW_CREATE_WINDOWS says it is for
Device Owners and Profile Owners on User 0 only, it was previously not
part of DEVICE_OWNER_USER_RESTRICTIONS and was therefore callable from
a profile owner on a managed profile or secondary user.
Bug: 19726884
Change-Id: If6443eacbc28b7ee6c0845754923573a79f8bde3
evicepolicy/DevicePolicyManagerService.java
|
| 2cc03e5606ad7cd473283898400506d5ac2237ba |
20-Mar-2015 |
Jeff Sharkey <jsharkey@android.com> |
Yet another user restriction.
Change-Id: Ia2952da19cb974a6a9ba0271a298a10df58b8d18
evicepolicy/DevicePolicyManagerService.java
|
| b24f01f473b98e98f0c80b1a937a18921cf0521a |
12-Jun-2015 |
Alex Chau <alexchau@google.com> |
Merge "Notification shown upon work profile deletion" into mnc-dev
|
| 77b2d49abb38fafb91fb99ce603a92f189553cd7 |
11-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Merge "Remove device initializer status messages" into mnc-dev
|
| c51b72acc064ec5f62b2e468f2e7c5e0c96cfc8a |
09-Jun-2015 |
Alex Chau <alexchau@google.com> |
Notification shown upon work profile deletion
Bug: 18543323
Change-Id: Ibd9bd20637a7bd019e080da306a19c94d9e82576
evicepolicy/DevicePolicyManagerService.java
|
| 83881bdbdee14cc9726c89019490a0514686f314 |
10-Jun-2015 |
Robin Lee <rgl@google.com> |
Policy: make bulk CA uninstalls happen in service
Fewer round trips, only one point of contact for bugs to creep in.
Bug: 21650477
Change-Id: I1764faa753bd674ecb0d13149d778d99bd2ff4c4
evicepolicy/DevicePolicyManagerService.java
|
| cedd53adc3875fe1b4275afa35ec5c3ede7b6c39 |
09-Jun-2015 |
Julia Reynolds <juliacr@google.com> |
Remove the ability to set a preferred setup activity.
Bug: 21557327
Change-Id: I8c1809d25c5f5fcd186dfc0636d8ac47ed5fc903
evicepolicy/DevicePolicyManagerService.java
|
| 4045d24971fea4f1506ac8f16d4deeb76ac415fe |
27-May-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN
This setting controls whether WiFi configurations created by a Device Owner app
should be locked down (that is, editable or removable only by the Device Owner).
Bug: 21427528
Change-Id: I0f8fb72bf9da1597e08d3dfc631d37b6b4178ff5
evicepolicy/DevicePolicyManagerService.java
|
| 369d65653399f01e83a6cbb6dfa4eb7b356af648 |
05-Jun-2015 |
Amith Yamasani <yamasani@google.com> |
Fix permission check in DPM.getPermissionGrantState
It was querying for permission of user 0 instead of the calling user.
Switched to passing in the explicity userId.
Also set the flags before granting/revoking permission from DPM.
Bug: 21430988
Change-Id: Id0d2dc65e20108cefa3eeb4363f866d49c791cc4
evicepolicy/DevicePolicyManagerService.java
|
| 240e64828f68064b2a1074a1dda1fc41fe19d711 |
02-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove device initializer status messages
- Remove ManagedProvision Bluetooth extras from
DevicePolicyManager
- Remove ManagedProvisioning device initializer status
action and extras from DevicePolicyManager.
- Remove DIA status update protected-broadcast
and permission
- Remove DPM.sendDeviceInitializerStatus method
Bug: 21559093
Change-Id: Ibb651ebb2772ace6a16a5830f82f75465150e6e3
evicepolicy/DevicePolicyManagerService.java
|
| e3e314df4d52881225326d426a76e3e7f1bc40d3 |
20-Apr-2015 |
Stuart Scott <stuartscott@google.com> |
Network Reset should have a lockdown like Factory Reset.
bug:20332322
Change-Id: I7c61a011d11e89513757f112abf320bb2a785edb
(cherry picked from commit 94b038bbb291431a7b39611d72f206b07e839891)
evicepolicy/DevicePolicyManagerService.java
|
| 81c73e121ef2ff44a3916628d9ff11385db85bd6 |
27-May-2015 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Clear caller identity before setting all the user restrictions." into mnc-dev
|
| 184b3753de54241c67799089f5bc59a1ede4438a |
22-May-2015 |
Amith Yamasani <yamasani@google.com> |
Add getPermissionGrantState method in device policy
This is to have a way to query what permission state was set by
the profile owner.
Bug: 21356830
Change-Id: Ie396e946b4285267c1d95f82b9d9765b43697d3c
evicepolicy/DevicePolicyManagerService.java
|
| d8ecc5aee49874ac1f100f69be94906a3e99b951 |
20-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Allow DO/PO to go back to normal permission state.
We have APIs for a DO/PO to fix a permission in a granted or
denied state in which the user cannot manage this permission
through the UI. However, there is no way to go back to the
default state in which the user gets to choose the permission
grant state.
Change-Id: I2562a1d8b1385cd740b44812844ef14c895c2902
evicepolicy/DevicePolicyManagerService.java
|
| 21d9ef6dc71886209965f70728b563fd7d78d6c8 |
20-May-2015 |
Sudheer Shanka <sudheersai@google.com> |
Clear caller identity before setting all the user restrictions.
Bug: 19687895
Change-Id: Ieaa1f4e5a39395f11bf4cf797332a2d9d495bc0a
evicepolicy/DevicePolicyManagerService.java
|
| 6e1c17a3dfd62f3ae2a16ac64b8575fc3aa4a7a2 |
14-May-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "clear caller identify before sending system update notification" into mnc-dev
|
| 2c84cc2ea2ffa1fcd3dbd9a1b5e3880571fba1b8 |
14-May-2015 |
Rubin Xu <rubinxu@google.com> |
clear caller identify before sending system update notification
Because DeviceAdminReceiver is protected by BIND_DEVICE_ADMIN permission,
in order to send broadcast to it, we need to clear the caller's identity
and call sendBroadcastAsUser() as system.
Bug: 20213644
Change-Id: Icc7b239b9005e286012ade6580ec92a0a57198e0
evicepolicy/DevicePolicyManagerService.java
|
| 9e9e2e73c6ec7bece20268196dc89ad0c8bafad4 |
08-May-2015 |
Wojciech Staszkiewicz <staszkiewicz@google.com> |
Pass charset to XmlPullParser.setInput instead of null
Passing null to XmlPullParser.setInput forces it to do additional
work, which can be easily avoided if we know the charset beforehand.
bug: b/20849543
Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 39087b1cec6a54e96ab9eafe8317952720790533 |
05-May-2015 |
Robin Lee <rgl@google.com> |
Replace String host:port/url args with Uri arg
Uri provides a stronger guarantee of well-formedness and lets apps do
nice extra things like specifying scheme etc. without twisting any
expectations.
Bug: 20820034
Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
evicepolicy/DevicePolicyManagerService.java
|
| 9831fad6768135dbd982d6dca78d7f6de81bb320 |
14-May-2015 |
Nick Kralevich <nnk@google.com> |
Merge "Modify how USB connections are handled." into mnc-dev
|
| fcf10f7c12cb3107bdfedce6f76a8c866d154f3c |
13-May-2015 |
Nick Kralevich <nnk@google.com> |
Modify how USB connections are handled.
* Introduce a new "charger only" mode. In this mode, MTP is disabled,
and no file transfers can occur.
* Make charger only mode the default.
* Modify "persist.sys.usb.config" so it now only holds the adb status.
* Make the USB settings non-persistent. Unplugging the USB connection will
reset the device back to "charger only" mode.
* Fixup wording per UI guidelines.
TODO: Re-implement MDM restrictions for USB / MTP access controls.
Bug: 18905620
Change-Id: I99a50d9132a81e98187f431166fd9fef4d437e4f
evicepolicy/DevicePolicyManagerService.java
|
| 467eb0566ff1df320c9a9be3da0f44ee3d6bc9fa |
13-May-2015 |
Kenny Guy <kennyguy@google.com> |
Merge "Allowing profile to set a subset of keyguard restrictions." into mnc-dev
|
| 396d944001f0b897b1689baa0bd7d3e04046b3ca |
13-May-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Remove initiator name param." into mnc-dev
|
| 9fc8bb63d8c15ecfcd3a72a685eaec6c8ec0aa6e |
12-May-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Tweak SystemUpdatePolicy according to API review." into mnc-dev
|
| 8c7f700a59ad26e75c9791335d78f14322cad49a |
07-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add permission meta-state flags to support grant/revoke permission policy.
We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:
1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.
2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.
3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.
Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
evicepolicy/DevicePolicyManagerService.java
|
| 731051e36bb2d420a29cd889a38e02c88c930aad |
11-May-2015 |
Julia Reynolds <juliacr@google.com> |
Remove initiator name param.
This won't be shown in the UI; it's not needed.
Bug: 20820224
Change-Id: I51ecd0a9151a49e26faf52e792a0b316a8facc8e
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 0b7dd1e6c8422da0a21c1631244bec7a2af5085a |
12-Mar-2015 |
Kenny Guy <kennyguy@google.com> |
Allowing profile to set a subset of keyguard restrictions.
Allow admins in managed profiles disable trust related
keyguard features (trust agents and finger prints) for the
parent user.
Allow admins in managed profiles to control whether notifications
from the profile are redacted on the keyguard.
Bug: 18581512
Change-Id: Ic2323671f63781630206cc2efcc8e27ee58c38e6
evicepolicy/DevicePolicyManagerService.java
|
| d86d58cd010b087d6d481062f84c894e0ced7bbc |
05-May-2015 |
Rubin Xu <rubinxu@google.com> |
Tweak SystemUpdatePolicy according to API review.
Make SystemUpdatePolicy Parcelable; hide public constructor and
expose static builder methods.
Bug: 20820025
Change-Id: I594ba3c7e5514551134ba6c866b24498b66506bf
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 4e401fa49875e083d18b46e0250be37ad565071c |
07-May-2015 |
Craig Lafayette <craiglafa@google.com> |
DevicePolicyManager API review changes
Renamed DO_NOT_ASK_CREDENTIALS_ON_BOOT to
RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT.
Bug: 20820907
Change-Id: I6455f9a6d370afbd5154505f402b409dba3b7918
evicepolicy/DevicePolicyManagerService.java
|
| 94fb2024b013522e95a880e02b73886fa7d01222 |
06-May-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Rename functions that disable status bar and keyguard" into mnc-dev
|
| bece80645e2b2d84ea65aabfa7fc01d5ad633708 |
06-May-2015 |
Benjamin Franz <bfranz@google.com> |
Rename functions that disable status bar and keyguard
Rename the DevicePolicyManager functions setKeyguardEnabledState and
setStatusBarEnabledState to setKeyguardDisabled and
setStatusBarDisabled respectively.
Bug: 20820039
Change-Id: I06f6a19ac55b24e66e9f2cb340ead5d940cb2235
evicepolicy/DevicePolicyManagerService.java
|
| 6f36d42dcc46eae3a0388828b13314a823e3ce57 |
06-May-2015 |
Amith Yamasani <yamasani@google.com> |
Permission policies are for profile and device owners
Not just device owners
Change-Id: I78ad815651e9bdc4bd78e61d634a5067935fa33f
evicepolicy/DevicePolicyManagerService.java
|
| ddd553f2aee4f3821a2f17636bb86d9fa5af9bd7 |
30-Apr-2015 |
Robin Lee <rgl@google.com> |
Device policy: use owner label instead of name
Managed provisioning does not currently set a meaningful profile owner
name. This changes to use the application label as returned by
PackageManager.getApplicationLabel which should be more descriptive.
Bug: 20679292
Change-Id: I5a0e87ef05b62879a73814e6d338e8b984b81c94
evicepolicy/DevicePolicyManagerService.java
|
| c4aa3c781a0ddce64853cd5d88bf97f8a9faf98b |
29-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Add status bar flag to disable quick settings" into mnc-dev
|
| d49489b3af01c13d3b13af1cd04d53787185cc0a |
28-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Permissions control via profile/device owner admin
Profile owners and Device owners can set policies for runtime
permissions. Blanket grant/deny policy can be set for a user.
They can also explicitly grant/revoke permissions for specific apps
which cannot be overridden by the user and will not be prompted.
[More implementation required in PackageManagerService and
PackageInstaller]
Bug: 20666663
Change-Id: I2c25c18c2a195db9023a17716d5896970848bb45
evicepolicy/DevicePolicyManagerService.java
|
| 27cf146361125d1233c487ec215d5d794f5dde17 |
23-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Add status bar flag to disable quick settings
Bug: 20331928
Change-Id: I79dc7f2c9e64245bdeeea3916d339985a8b17f92
evicepolicy/DevicePolicyManagerService.java
|
| 13c58bacc8f1ff35bb24ba19069bab8a41aabf68 |
20-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Allow device initializers to set a preferred setup activity.
This activity will launch by default on device reboot or user switch
during user initialization, even if there are higher priority 'home'
activities.
Bug: 20223050
Change-Id: I335aeb010a1ae5db07a4343d26e160c74bd299e1
evicepolicy/DevicePolicyManagerService.java
|
| f7d3a766f0cd8a9efb51a62a27db78a3bb04d41f |
25-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Only skip unrecognized tags."
|
| 6afa666c9f9c8d1e9eff85464230585dfef060bb |
23-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Only skip unrecognized tags.
This fixes policy loss seen on device reboot when device admins
applied certain policies.
Bug: 20516960
Change-Id: I6e2a3b8de610c00ea1a2edbb026523bfdc365775
evicepolicy/DevicePolicyManagerService.java
|
| 2806374f9531490296547d4e884ce9163f4ac867 |
08-Jan-2015 |
Nicolas Prevot <nprevot@google.com> |
Restrict setting the profile/device owner with a signature-level permission.
Create the new permission MANAGE_PROFILE_OWNERS to restrict setting
the profile/device owner.
BUG:19838376
Change-Id: Ib55a2db85fcb6f34e3b88c398683bddb0ad66868
evicepolicy/DevicePolicyManagerService.java
|
| 917c4e4d453f9f36fb6945cf1e3e11f45314d602 |
24-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Merge "Clear binder identity before reaching into keyguard settings"
|
| 5bd5d4c2b0b12fcd76b58dfb3d834f1159ff054e |
24-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Clear binder identity before reaching into keyguard settings
Change-Id: I80eeaed235acc165ddd4799ba46700afea2dff55
evicepolicy/DevicePolicyManagerService.java
|
| 1513ff171ae43d141295a235e42d99071e144cdb |
23-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Fix NPE when load() returns nulls.
Fixes bug 20528625.
Change-Id: I825c95fd212a1928a34e9ed0e20d2f7563939cbb
evicepolicy/DevicePolicyManagerService.java
|
| 015c5e57b58d26ae53849c02d3aebfcd52d85c3d |
23-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Disallow data clearing of DeviceOwner.
There are OEM provided apps that are able to clear the data of the
device owner. That creates a security hole that this fixes.
Fixes bug 20107015.
Change-Id: I4ef313b394bd8059d19d20aa6533396305d1357d
evicepolicy/DevicePolicyManagerService.java
|
| 5173dc28f341fee92705b07543cf9d2c9694ee3c |
16-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Add and remove DeviceInitializer from whitelist
Add the DeviceInitializer to the locktask whitelist when set or when a
new user is created. Remove DeviceInitializer from whitelist when
user setup complete.
Fixes bug 20267837.
Change-Id: I8a33bceb6e6f3d0316a1227b2ed2b713f4ca3a9e
evicepolicy/DevicePolicyManagerService.java
|
| dc105cc91c63c27479d73a21702cd4ba0304acc4 |
15-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Enable system service to notify device owners about pending update
Create a DevicePolicyManager API which can be used by OTA subsystem
to tell device owners about pending updates. Device owners will get
a callback from its DeviceAdminReceiver when the update service sends
out such notifications.
Bug: 20213644
Change-Id: Ifcc755655e4f441980cf77d76175a046112ca9ae
evicepolicy/DevicePolicyManagerService.java
|
| 07ba37a713212e603be3098f1035f2b736fae679 |
22-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Recover status bar enabled state for all users"
|
| 6d6290d2821c6b1e497e4990c5d42aee1dbc8a29 |
22-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Check for null packages in setLockTaskPackages"
|
| 837f1035a608d2d36aef5fb448ec1fbd1d927f5f |
21-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Recover status bar enabled state for all users
Move the update of status bar enabled setting to loadSettingsLocked and
thereby recovering the enabled state for all users, not only the user
owner.
Bug: 20416833
Change-Id: Iee3d6e0f3ea8ebc5d72c0ed165bea4595ed073ba
evicepolicy/DevicePolicyManagerService.java
|
| 4eb6a36922f5e98fe181c0326cc5721f0e7589ca |
02-Apr-2015 |
Andrei Kapishnikov <kapishnikov@google.com> |
Introduced DO_NOT_ASK_CREDENTIALS_ON_BOOT flag
A new flag for DPM.resetPassword() method that specifies that the
device should be decrypted without asking for the password or pattern.
Bug 19250601
Related CL in Settings App: https://googleplex-android-review.git.corp.google.com/#/c/670206
Change-Id: I9ca3472dc18e66e618ff772dee16ca4a450e9997
evicepolicy/DevicePolicyManagerService.java
|
| 78c05f97426e941b1a398e0d00b53603603f292b |
21-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Check for null packages in setLockTaskPackages
Bug: 20416611
Change-Id: Ibbadc952da29a34de0cf02408093b7bfc01f8779
evicepolicy/DevicePolicyManagerService.java
|
| 5faad8e4cdf04211239f076b5d073e26d0ae3207 |
20-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Rename public OTA policy APIs in DevicePolicyManager
Use the term "SystemUpdate" instead of "OTA", in public
DevicePolicyManager APIs that handle OTA policies.
Bug: 19650524
Change-Id: Iebdaea91337d617147cb411b6f47e0f3fae8671c
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 15df08abd8190353e1430f88c2ed6462d72a5b25 |
01-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Introduce android:lockTaskMode
The ability for tasks to be started in locktask mode or pinned is
dependent on the value of android:lockTaskMode for the root activity
of the task.
For bug 19995702
Change-Id: I514a144a3a0ff7dbdd4987da5361b94bdfe9a437
evicepolicy/DevicePolicyManagerService.java
|
| 47af53ed95070063f5ec299b957420a91fcd5292 |
15-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Introduce device owner API to disable the status bar"
|
| ea2ec97f37c649881f2be8a5cc40bf44080cc632 |
16-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Introduce device owner API to disable the status bar
Let the device owner disable the status bar to achieve multi-app single purpose
mode. When the status bar is disabled, quick settings, notifications and the
assist gesture are blocked.
Bug: 19533026
Change-Id: I72830798135136e5edc53e5e2221aebb9a7c7d57
evicepolicy/DevicePolicyManagerService.java
|
| b4e218832173229ca2cb25e420c557f919a8ef09 |
15-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Fix a SecurityException in setKeyguardEnabledState"
|
| 3223106dab67ba38027590a600edaa02efb6e461 |
14-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Fix a SecurityException in setKeyguardEnabledState
A SecurityException is currently thrown when calling this API as
LockPatternUtils.isSecure requires a permission that the DO does not
have.
Bug: 19533026
Change-Id: I28bebb647e46bb631cc4fa1a7c9571eadda69086
evicepolicy/DevicePolicyManagerService.java
|
| 317918e206b89f4a49bfa35af57607764f322347 |
14-Apr-2015 |
Andres Morales <anmorales@google.com> |
Merge changes from topic 'lss-update'
* changes:
Add challenge to IGateKeeperService
Wire up GateKeeper to LockSettingsService
|
| e36087e5b6eeb92607f4ad5b3b1662bef9bafa4c |
07-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Introduce device owner API to disable the keyguard
Let the device owner disable the keyguard to achieve undisturbed single
use mode with multiple apps. Calling this API has no effect if a
password
has been set for the calling user.
Bug: 19533026
Change-Id: I6b726b7f36efb669359e9da4b7e3db1f8031dad5
evicepolicy/DevicePolicyManagerService.java
|
| c9c9f7b40ec77217ce595fd152a505481326dc9a |
14-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Add setOtaPolicy/getOtaPolicy API in DPMS"
|
| 0c606812c5102fd19eda4b3e1ffbc9e61fec6430 |
14-Apr-2015 |
Ricky Wai <rickywai@google.com> |
Merge "Add Bluetooth Contacts Sharing policy in DevicePolicyManager"
|
| 778ba135380cda90c4c9317c34e875c00e2743a3 |
31-Mar-2015 |
Ricky Wai <rickywai@google.com> |
Add Bluetooth Contacts Sharing policy in DevicePolicyManager
Bug: 19990979
Change-Id: Ide9adf66eec5721e50573c03956a1b63b7e8b18b
evicepolicy/DevicePolicyManagerService.java
|
| 8027a4ffc285ba39df3a262abfff1cfdd6dd31db |
10-Mar-2015 |
Rubin Xu <rubinxu@google.com> |
Add setOtaPolicy/getOtaPolicy API in DPMS
Allow device owners to set OTA policy for automatically accept/postpone
incoming OTA system updates. This class only provides the setting
and getting of OTA policy, the actual OTA subsystem should handle
and respect the policy stored here.
Bug: 19650524
Change-Id: I9b64949fab42097429b7da649039c13f42c10fd1
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 8fa5665f0e757cec0063fb4cf1354f1596f93a91 |
31-Mar-2015 |
Andres Morales <anmorales@google.com> |
Wire up GateKeeper to LockSettingsService
Adds:
- Communication to GKService
- password upgrade flow
- enroll takes previous credential
Change-Id: I0161b64642be3d0e34ff4a9e6e3ca8569f2d7c0a
evicepolicy/DevicePolicyManagerService.java
|
| c06bbbfe7ac3c848384cb667b23c42ce26cc5d95 |
14-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Grant cert installer access to installKeyPair()"
|
| dbe31a6616f2e8cb8436ea235149d076302fb793 |
02-Apr-2015 |
Craig Lafayette <craiglafa@google.com> |
Send device initializer status.
- Create method in DevicePolicyManager to send device
provisioning status to ManagedProvisioning.
- Define status updates used by ManagedProvisioning.
Bug: 20001077
Change-Id: Ia98fc765d1ebb2ba9680636ca15c2c870d160261
evicepolicy/DevicePolicyManagerService.java
|
| 30b89849032eb57d1da93de40a6a9bd2a5f55a2e |
07-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Merge "No longer unlock activity manager to test whitelist"
|
| e56007786ace2fe0615197d95317ccd7be4d1ca6 |
04-Apr-2015 |
Craig Mautner <cmautner@google.com> |
No longer unlock activity manager to test whitelist
In order to check the DevicePolicyManagerService locktask whitelist
the activity manager had to release its lock preserving internal
state. That is undesirable and not scalable now that we need to check
the whitelist at startup for bug 19995702.
This change causes DPMS to update activity manager with the whitelist
whenever it changes so that activity manager can check the whitelist
without releasing the acitivty manager lock.
Change-Id: I3ed6eb5ceae2cd7e7ae3280abd708d5ce43a2851
evicepolicy/DevicePolicyManagerService.java
|
| 16c9c249d5f06014442aa5c78254b702f6a034c5 |
05-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
Fix up ExternalStorageFormatter.
It's not going to be around for much longer, so just fix enough to
work correctly.
Also teach about new "unmountable" state from vold.
Bug: 19993667
Change-Id: Ib72c3e134092b2a895389dd5b056f4bb8043709a
evicepolicy/DevicePolicyManagerService.java
|
| 25da6b65b0e3be610e1223758b1910f4e7ad1ed2 |
03-Apr-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Do not log an error when app restriction file does not exist"
|
| 6f34d363c32ec3295fd77257648d1291ea31c33f |
02-Apr-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Do not log an error when app restriction file does not exist
Bug: 20040207
Change-Id: Ibd257388a185020258e36bddf5b451dc24c0b7ee
evicepolicy/DevicePolicyManagerService.java
|
| eaafdf72a410b445cee9fea274a57f31aec2509f |
02-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Store the device initializer componentname in addition to package.
This removes ambiguity about which component in the initializer
package handles device initialization when setting up secondary users.
Bug: 19992262
Change-Id: I2e48168907725a56cd05d0b51c9f28b34fa28d1a
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| acdc1839cf73c5ee1672f19f7098b81abdd4f0bc |
02-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Grant cert installer access to installKeyPair()
Bug: 20041977
Change-Id: Id0dc0bce8461c71d7220c1802dcca82933805996
evicepolicy/DevicePolicyManagerService.java
|
| 1040da1d4eb99fd2588e4c4d5b08b2e3fc0c7777 |
19-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Enterprise quick contact 1/2
Now openQuickContact goes thorough DPM. When a lookup URI is build with
a lookup key returned by the enterprise lookup APIs for a corp contact, the
lookup key will have a special prefix. In that case we go through DPM
and have it launch QC on the managed profile, if the policy allows.
For now we use the same DPM policy as enterprise-caller-id to disable this.
Design doc: go/cp2-mnc-enterprise-dd
Bug 19546108
Change-Id: I831a8190ae902ae3b1248cce6df02e3a48f602d2
evicepolicy/DevicePolicyManagerService.java
|
| 4fd8d4ab2aafe8ed73080408223e8b20a953cfc4 |
30-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Revert "Enterprise quick contact 1/2"
This reverts commit 75a0882b946df6de4775c9e54ca023ff54f3f678.
Change-Id: Ibe332885824b228bf1b1147d141c9395554ff67f
evicepolicy/DevicePolicyManagerService.java
|
| 75a0882b946df6de4775c9e54ca023ff54f3f678 |
19-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Enterprise quick contact 1/2
Now openQuickContact goes thorough DPM. When a lookup URI is build with
a lookup key returned by the enterprise lookup APIs for a corp contact, the
lookup key will have a special prefix. In that case we go through DPM
and have it launch QC on the managed profile, if the policy allows.
For now we use the same DPM policy as enterprise-caller-id to disable this.
Design doc: go/cp2-mnc-enterprise-dd
Bug 19546108
Change-Id: I4840e7fad8a6a60249df07d993d26d03619650d4
evicepolicy/DevicePolicyManagerService.java
|
| dfb1c2f2053d233cb1bed17b77bbebceb246f3f5 |
26-Mar-2015 |
Amith Yamasani <yamasani@google.com> |
am 17b03239: am 8562a7a1: am eedf2fe0: am 0afd1905: Merge "Fix NPE if FPE service does not exist." into lmp-mr1-dev
* commit '17b03239d3152cbcf450ec66f077f07e4c1870e1':
Fix NPE if FPE service does not exist.
|
| 1181ed8a43c8364b19f4877ec58c4e2640d7dca8 |
23-Feb-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Add isActiveAdminWithPolicy to DevicePolicyManagerInternal
This method will be used by other system services to decide whether an
app is a profile owner or device owner.
Change-Id: I9577700d03ce2c80c798a60c6c2f480fd1913f43
evicepolicy/DevicePolicyManagerService.java
|
| a23995c233b3c336d0f405523902606f2583caea |
25-Mar-2015 |
Paul Crowley <paulcrowley@google.com> |
Fix NPE if FPE service does not exist.
Bug: 19846662
Change-Id: I44e014c66a524b282cce0cfc9b7513fc0f553576
evicepolicy/DevicePolicyManagerService.java
|
| ec32b56cc22658ecb549390fe0096fc6d7b5ac2a |
03-Mar-2015 |
Rubin Xu <rubinxu@google.com> |
Add DelegatedCertInstaller API in DPMS
Allow device/profile owner to delegate certificate APIs to third-party
certificate installer apps.
Bug: 19551274
Change-Id: Iaf9abb5ecb1dc0975fa98ea14408fe392d52fbf4
evicepolicy/DevicePolicyManagerService.java
|
| bff46bac807ae8a9ebdc22c449a8d4f78711b4d2 |
05-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Add DO policy to disable safe boot mode.
Bug: 19615843
Change-Id: I14dbe911995ec216c57bd285d6b7b04c9684591a
evicepolicy/DevicePolicyManagerService.java
|
| 4a357cd2e55293402d7172766f7f9419815fc1e8 |
19-Mar-2015 |
Alan Viverette <alanv@google.com> |
Replace usages of deprecated Resources.getColor() and getColorStateList()
Change-Id: I8f64fe6c4c44a92ff6d07250223ba590a1d691b0
evicepolicy/DevicePolicyManagerService.java
|
| 1cc84c992cacdfbe005f29fbaaa1d85e22e4459b |
17-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow initializers to clear reset protection data during device setup."
|
| ee1f24ff2985a32b473244cc464b3ca7854de189 |
16-Mar-2015 |
Robin Lee <rgl@google.com> |
Merge "Recognise insecure encryption with a new constant"
|
| 8458e531bfc681ebb0de98476d782ca4d052a145 |
16-Mar-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Remove the owner userid of cross-profile intent filters."
|
| 916b1e503d50b87bcf724e975a4bc3d32bf31431 |
13-Mar-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Changed the logic of calculating effective password limits"
|
| 68cc42009e656b785420c531e39c131bbe6729cf |
11-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Allow DO to set Settings.Global.STAY_ON_WHILE_PLUGGED_IN
Bug: 19704419
Change-Id: I3fc970eae8ef947775b6b565916bb245dea1b43b
evicepolicy/DevicePolicyManagerService.java
|
| 0a32d35ce2c9de8025ab842f3bc929d5fe287d17 |
12-Mar-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Changed the logic of calculating effective password limits
Admins without limit-password policy or passwordQuality below
PASSWORD_QUALITY_COMPLEX, should be excluded from the list when
calculating effective limits.
Bug: 19603660
Change-Id: I7b7d8498c8a072a4c050be48709ce34bddba39a5
evicepolicy/DevicePolicyManagerService.java
|
| 85865d55f06bade582313c83f27496e3180569a9 |
06-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Allow initializers to clear reset protection data during device setup.
This allows initializers to recover from failures that occur after
it has added an account on the primary user.
Change-Id: I3444f16520eed4b315d6ea4761f598f55d1e6ddd
evicepolicy/DevicePolicyManagerService.java
|
| f3ece36535d4999cf2bfd2175a33da6c3cdf298e |
11-Feb-2015 |
Benjamin Franz <bfranz@google.com> |
Block setting wallpapers from managed profiles.
Silently fail when a managed profile app tries to change the
wallpaper and return default values for getters in that case.
This is implemented through a new AppOp that is controlled by
a new user restriction that will be set during provisioning.
Bug: 18725052
Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f
evicepolicy/DevicePolicyManagerService.java
|
| 2482100fed93eac82f7d4b759bd1ec418b55be58 |
06-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow device and profile owners to set a user icon."
|
| 1c3754a35c434e4102c7ac3dceb887fa137b153b |
05-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Add security check for clearDeviceInitializer in the service.
Bug: 19230954
Change-Id: I5c648492bef0d2b579b6f59b91afc890e3092d36
evicepolicy/DevicePolicyManagerService.java
|
| 4b8d5821512c6a4fdaf442f6d48e1dc412539136 |
05-Mar-2015 |
Nicolas Prevot <nprevot@google.com> |
Remove the owner userid of cross-profile intent filters.
The owner user id was used to identify in which user an app had set
a cross-profile intent filter. But it's not really necessary.
BUG:19505190
Change-Id: Iacc49d31c95e34efee1895e5fbe7224277dbc493
evicepolicy/DevicePolicyManagerService.java
|
| 75328b703f8f83fdd62f11105ecd61df2ebe4420 |
04-Mar-2015 |
John Spurlock <jspurlock@google.com> |
Merge "Audio: Remove the concept of master volume."
|
| ee5ad729b90deff435f9875337cbc434be4f8fe7 |
03-Mar-2015 |
John Spurlock <jspurlock@google.com> |
Audio: Remove the concept of master volume.
- Remove two config resources (use master volume, and volume ramp).
- Remove master volume adjustments / getters / intents.
- Retain @hidden setMasterMute, needed for device admin
- Remove master volume logic in AudioService.
- Remove master volume logic in VolumePanel.
- Rename "getMasterStreamType" to "getUiSoundsStreamType" to avoid confusion.
Bug: 19582978
Change-Id: Id02c8fa4898cff3b913147f5ac1b4038e2e7cc24
evicepolicy/DevicePolicyManagerService.java
|
| e925440a551b66a3d3121ec8badaf948d71d66a1 |
11-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
DOs can clear the DI; rehide hasUserSetupCompleted.
Bug: 19230954
Change-Id: I97467229b23f3c9be1c3c4fff1c888a812f14a95
evicepolicy/DevicePolicyManagerService.java
|
| fca04ca0965d5e04dacc025b77f2b4881ee1afd8 |
17-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
Allow device and profile owners to set a user icon.
Change-Id: I7c2bafb85cff3fa063af7a2f27b76c69172f0525
evicepolicy/DevicePolicyManagerService.java
|
| 20118f18c11c01c7743b5646cc1a0039c2e90037 |
11-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
Allow the device initializer to perform user setup tasks.
A device initializer is an application that is allowed to run
during user provisioning on device owner devices. During
device provisioning (or, user provisioning of the first user
of the device), a device initializer is granted device owner
permissions. During secondary user provisioning, a device
initializer is granted profile owner permissions. Once
provisioning is complete for a user, all elevated permissions
are removed from the device initializer and the device admin
component of the app is disabled.
Bug: 19230954
Change-Id: Ib6725fb3b09bb21e4198a5dc0b445ccebb40b27e
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| abc03c7ae8c9c628de319819a10ce2cbaedf1c86 |
26-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Fail silently when changing BLUETOOTH_ON/WIFI_ON directly"
|
| 41916d492c38055928ae5ad1e0b815ff79dc4f5c |
24-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Fail silently when changing BLUETOOTH_ON/WIFI_ON directly
If the device owner tries to change BLUETOOTH_ON or WIFI_ON via
DevicePolicyManager.setGlobalSetting, fail silently.
There was not much point for the device owner to do it since it can
also change bluetooth/wifi state via normal bluetooth and wifi apis.
BUG:19311992
Change-Id: Ifba163800aa413865b8a2877cb21aacfa5cfc6c8
evicepolicy/DevicePolicyManagerService.java
|
| 4b7656f18370d1dd73aeca5ec7a45449ca4f00a0 |
24-Feb-2015 |
Esteban Talavera <etalavera@google.com> |
Allow setting a Device Owner via ADB on unprovisioned device with preinstalled account
Some devices come from carriers with a preinstalled account. This
means that we couldn't set a device owner via "adb shell dpm"
commands, while the regular device owner flow worked (as the
latter just checked whether the device was provisioned).
Bug: 18354022
Change-Id: I9a677de9d34d073e218b9179ec4b0f5b4b82adc9
evicepolicy/DevicePolicyManagerService.java
|
| 3795fb0a13bfa3c76113b1ecec383e8767824ee3 |
16-Feb-2015 |
Robin Lee <rgl@google.com> |
Recognise insecure encryption with a new constant
This is the default state on some devices which ship with encrypted key
storage set up already but no initial password.
Bug: 18048558
Change-Id: I055527fde21298bae2dbdca8c3a145f19b045aad
evicepolicy/DevicePolicyManagerService.java
|
| f580c91618fa5d5f783f33db8136734cde6d6862 |
20-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Dump the profile/device owner when dumping device policy state."
|
| fcc87275e3f6e6e84ca0677e3422c602686eef36 |
19-Feb-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Code cleanup"
|
| 22029f0a50f8bb08902054123153a215906483d5 |
19-Feb-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Code cleanup
Use preconditions for argument checking.
Change-Id: I2e9dcd8da1e0bdac917393376d1a7442ab63a638
evicepolicy/DevicePolicyManagerService.java
|
| 397999f084467e068eab357c4b47323e3cde0685 |
18-Feb-2015 |
Amith Yamasani <yamasani@google.com> |
Merge "Save per-user camera policy in different system properties"
|
| abf3570f382b94d16cc8a06c4b7c434d7a7052aa |
17-Feb-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy: Make uid parameter an int
This should not have been a long to begin with.
Change-Id: Icbf6e2e97cb6301b968b3eb8b3f9a46331f7983e
evicepolicy/DevicePolicyManagerService.java
|
| 7a7f0c9756150b0b429fce41c9ce7c520e94f275 |
16-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Dump the profile/device owner when dumping device policy state.
BUG:19363615
Change-Id: Icf04b39ce8c592544e69c52f229a2c1bdab661e2
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| f6901eb9e277491c9b3dc1fcc5b1f18b1a569ae3 |
16-Feb-2015 |
Robin Lee <rgl@google.com> |
Merge "Device Policy API to choose a private key silently"
|
| 509569807452e6d96b0c90abb092d5e8258afe66 |
13-Feb-2015 |
Amith Yamasani <yamasani@google.com> |
Save per-user camera policy in different system properties
If a device admin for a user disables the device cameras,
only apply that policy to that user and not globally.
Corresponding change in CameraService looks into the
per-user system property.
This also fixes the bug that managed profile owner is
able to disable camera for the personal profile.
Bug: 19345698
Change-Id: Ibd5e438544a0409f26087ced247d50c706fcf843
evicepolicy/DevicePolicyManagerService.java
|
| 5cfd3d8b51b0e21c37d80e3cf5570bae8efe1bc1 |
11-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Avoid NullPointerException in enableSystemApp if the app is absent."
|
| 0413046f12316f36d12e91ba6dbafc53a7c20408 |
11-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Dont throw an exception for non-system apps when enabling system apps.
In EnableSystemAppWithIntent: if a non-system app matches the intent:
ignore it instead of throwing an exception.
Change-Id: I64dc9a0bbc1a6bc5e2159a33b7273464ed2518c5
evicepolicy/DevicePolicyManagerService.java
|
| 637baaf0db76f9e1e51eeab077ffb85da0ff9308 |
10-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Avoid NullPointerException in enableSystemApp if the app is absent.
In enableSystemApp: if the app is absent, throw a IllegalArgumentException
instead of failing with a NullPointerException.
BUG:19321306
Change-Id: I4ec09a0a77d29ca04e8d52f5546c1e4d0f8641e5
evicepolicy/DevicePolicyManagerService.java
|
| 3775a3f8861304073c2b2079f0b9a315a58c1d1a |
05-Feb-2015 |
Kenny Guy <kennyguy@google.com> |
am a2ced3e8: am 8d12d3da: Merge "Only switch user if current user is being wiped" into lmp-mr1-dev automerge: eeb43fb
* commit 'a2ced3e879458786edf715a0016293791db7fd65':
Only switch user if current user is being wiped
|
| 3798ed5e0b56ab03e7022a9922b50a4a25474033 |
03-Feb-2015 |
Robin Lee <rgl@google.com> |
Device Policy API to choose a private key silently
Support for certificate chooser (keychain) to first query a profile
owner (if one exists) for a silent credentials grant which will be
passed back to the caller as an alias.
Bug: 15065444
Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
evicepolicy/DevicePolicyManagerService.java
|
| e9acb59a91f46c962151a58142448fd9f4101814 |
04-Feb-2015 |
Kenny Guy <kennyguy@google.com> |
Only switch user if current user is being wiped
Only try and switch to owner if the current user
is being removed.
Bug: 19252449
Change-Id: I0143d87360db0834876821cbf52fec4933ecbd35
evicepolicy/DevicePolicyManagerService.java
|
| babdb0dc36290ba3a9dd040a38f9a3649fb6d510 |
30-Jan-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Removed userHandle from setXXX methods"
|
| bdc58c66af3440f963731cdcdf820d7108d9f98a |
29-Jan-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Removed userHandle from setXXX methods
User handle is now extracted from UID of the calling process.
Previously setXXX methods may not work properly, if userHandle parameter
was different from a user of the calling process. In practice, this wouldn't
have happened because setters were always called with a userHandle of the
caller process.
Bug:17202572
Change-Id: I1c08c54c975a04b8c54719a1e280ad3cfaff2e67
evicepolicy/DevicePolicyManagerService.java
|
| 4197cb60bc74629fe4c04ab10cb3b1c9a7427d24 |
22-Jan-2015 |
RoboErik <epastern@google.com> |
Move mute/unmute handling to adjust volume paths
This deprecates the setStreamMute and setStreamSolo APIs. Soloing is no
longer supported and muting is redirected through the adjust volume APIs.
Also updates the hidden master versions of these APIs.
Change-Id: I65d2a5d5fc15b386bd497abf8ca6869fec75a26a
evicepolicy/DevicePolicyManagerService.java
|
| 8e1b6d949be6d71cfb137f22d0b36bcf511568e2 |
26-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
am ad664808: am 6d16b861: Merge "Avoid NullPointerException if createUser returns null" into lmp-mr1-dev automerge: 2805669
* commit 'ad66480838189332b82cd2861bca4357aa2b93da':
Avoid NullPointerException if createUser returns null
|
| 43daa008f3e5287b6bec27289c96440e71b5fbf7 |
26-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
am 20bd0c23: am 059b8ab6: am 414ea81e: Merge "Ensure notifications are sent when locking/unlocking location share" into lmp-mr1-dev
* commit '20bd0c232cd4421affc871ccd01492ecd04316d0':
Ensure notifications are sent when locking/unlocking location share
|
| 6d16b8614ac4c5aa44304e6fdcb9ed8aeec675fd |
26-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Avoid NullPointerException if createUser returns null" into lmp-mr1-dev
|
| 414ea81ea364d7b961cbfb885c30729595e3a7b2 |
26-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Ensure notifications are sent when locking/unlocking location share" into lmp-mr1-dev
|
| f87b174dac87ed9e95e8522bfb836707f4a2239d |
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Avoid NullPointerException if createUser returns null
If createUser returns null, we run into a NullPointerException
in createAndInitializeUser. This can happen when the policy
DISALLOW_ADD_USER is set.
Bug: 19121141
Change-Id: Id4bda832a243fa42c31eb5a176ecaa248aee68f5
evicepolicy/DevicePolicyManagerService.java
|
| cd7b506c19dff4a68b46631fcede73f55547f985 |
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
am bfca5f40: am 266303fd: Merge "Avoid SecurityException when calling getUserData" into lmp-mr1-dev
automerge: 07b87e5
* commit '07b87e537da3ec658235fe1d874c7dba5b4d696d':
Avoid SecurityException when calling getUserData
|
| 266303fdb02ca1cf6df348e1af6830675476fd78 |
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Avoid SecurityException when calling getUserData" into lmp-mr1-dev
|
| 871fa7343a2ff8de837a721eacfc576b19438e54 |
16-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Ensure notifications are sent when locking/unlocking location share
When the restriction 'DISALLOW_SHARE_LOCATION' is applied or removed on a user
it is important to send out notifications to content observers of
LOCATION_PROVIDERS_ALLOWED.
Bug: 18995405
Change-Id: I8b3910a423a012ea9d15470eec101723c9f0eaf7
evicepolicy/DevicePolicyManagerService.java
|
| fadb2b3a27e4c23f5c566e6f7eadfaed9e23e68c |
14-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Avoid SecurityException when calling getUserData
Currently we risk getting a SecurityException in a number of places,
where getUserData is called for a different user than the calling user.
To avoid this, the caller is cleared in a helper function.
Bug: 18662452
Change-Id: Ibc131c602e52d9f013fe739a9c18e693181ded67
evicepolicy/DevicePolicyManagerService.java
|
| 2dc53c560bcba5d423eb4f87533897ac34047eee |
16-Jan-2015 |
Kenny Guy <kennyguy@google.com> |
am 4be433dc: am 10dd6eef: am fd846dfb: Merge "Sync file before using JournaledFile commit." into lmp-mr1-dev
* commit '4be433dc0b817fd4129e2bd99edb4c484f980600':
Sync file before using JournaledFile commit.
|
| 212037f7cdbf3ac3712ab16f885d62da7f850fe0 |
15-Jan-2015 |
Kenny Guy <kennyguy@google.com> |
Sync file before using JournaledFile commit.
Ext4 doesn't guarantee that write file.new / close file.new
rename file.new to file will mean data in file.new makes it
to file atomically. The rename may happen with previous contents
of file.new and then later update to new contents
See docs for noauto_da_alloc
So rebooting the device during JournaledFile.commit may
mean we are left with an empty file.
Bug: 18590558
Change-Id: I35322c82871bed30c2c6ebbd1388338f0471f3ba
evicepolicy/DevicePolicyManagerService.java
|
| 7f7ea82c28f01798b15686aa45733885beebcc6e |
08-Jan-2015 |
Robin Lee <rgl@google.com> |
Profile owner hint in warning for extra CAs
The version of the warning with a named installer should be shown in
the case of a managed profile, not only a managed device.
Bug: 18224038
Change-Id: I27865f77e963b9b15416f2e4a4ffc38fed8f5532
evicepolicy/DevicePolicyManagerService.java
|
| e53b7dd0667208f956e20b932f85ba670eb074f9 |
08-Jan-2015 |
Robin Lee <rgl@google.com> |
Revert "Profile owner hint in warning for extra CAs"
This reverts commit e1d8dcd9e170c1ed8a13b6e1256ea1fb22c26c49.
Something funny happened in the process of submitting this,
swathes of strings.xml became mis-encoded.
Bug: 18224038
Change-Id: I0276ff3f880fe749546e8cc7e3e2f41c22c27705
evicepolicy/DevicePolicyManagerService.java
|
| dce0122ea2d27474890d5e18ba4b7e4d06303e53 |
07-Jan-2015 |
Adrian Roos <roosa@google.com> |
Explicitly specify user on LPU's private methods
Also fixes a bug in DevicePolicyManagerService where
the wrong user was used.
Bug: 18931518
Change-Id: I7ae8ecfdb1c835cdee7eafa2b96e1ec8b712977b
evicepolicy/DevicePolicyManagerService.java
|
| 230635efe7ffb09d6dc56bfd9193aa1d89c8a898 |
07-Jan-2015 |
Adrian Roos <roosa@google.com> |
Purge biometric weak and keyguard widgets
Bug: 18931518
Change-Id: I5da41908b1d6895a69f981e139f2d268327fafcd
evicepolicy/DevicePolicyManagerService.java
|
| 8e99586830640796209b935421868754f3ebf1d7 |
07-Jan-2015 |
Robin Lee <rgl@google.com> |
am 26e2da8f: am 374c358d: Merge "Profile owner hint in warning for extra CAs" into lmp-mr1-dev
automerge: 23bb3f1
* commit '23bb3f11cbe4ca64337b5b75c333ea891760213f':
Profile owner hint in warning for extra CAs
|
| e1d8dcd9e170c1ed8a13b6e1256ea1fb22c26c49 |
05-Jan-2015 |
Robin Lee <rgl@google.com> |
Profile owner hint in warning for extra CAs
The version of the warning with a named installer should be shown in
the case of a managed profile, not only a managed device.
Bug: 18224038
Change-Id: I58bddb162799481d5e8feb169b0c0bff17cbeeb7
evicepolicy/DevicePolicyManagerService.java
|
| ea84327fa48a33e3729c290ffe0862d86deb24a4 |
29-Dec-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Remove deprecated version of setProfileOwner that takes packageName"
|
| 77f9a44adb07640762873ef0f80d32570771f154 |
28-Dec-2014 |
Robin Lee <rgl@google.com> |
am b4b14e39: Merge "Revert "DevicePolicy: Don\'t warn about managed profile CAs"" into lmp-mr1-dev automerge: c9db16c
automerge: b6b7d42
* commit 'b6b7d4251cdab1843ae9b2ae167ac9276ada241e':
Revert "DevicePolicy: Don't warn about managed profile CAs"
|
| 8add57224ffcf73705e507f1b73954e5de15eb88 |
23-Dec-2014 |
Esteban Talavera <etalavera@google.com> |
Remove deprecated version of setProfileOwner that takes packageName
The ComponentName equivalent should be used instead.
Bug: 17654371
Change-Id: I7001e86ab1709b824944148a3c44af5243dacb83
evicepolicy/DeviceOwner.java
|
| b4b14e391dbcde537350ccf649b3603cafba1e6c |
23-Dec-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "DevicePolicy: Don't warn about managed profile CAs"" into lmp-mr1-dev
|
| 853964927c12926321911081217c5f0742e7e82a |
22-Dec-2014 |
Robin Lee <rgl@google.com> |
Revert "DevicePolicy: Don't warn about managed profile CAs"
This reverts commit 80559f4aadb3419eecdf6bf61945af584cd2aa8a.
Bug: 18224038
Change-Id: I108a4e8cf185401fef4806e1ad8c2cc78992e843
evicepolicy/DevicePolicyManagerService.java
|
| 77779aa3a5eea2d275c82035b025df85b7702f07 |
09-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
am d483a85e: am fed2812d: am 22afe626: Merge "Added isRemovingAdmin method" into lmp-mr1-dev
* commit 'd483a85e69c3bb83b25473b93806e063b72c9315':
Added isRemovingAdmin method
|
| f66a43e398cc0be60aaf1a16a7b77f1cf0ff8f11 |
09-Dec-2014 |
Amith Yamasani <yamasani@google.com> |
am 81b27f4c: am b2905092: am 0702752c: Merge "Potential fix for accidental deactivation of profile owner" into lmp-mr1-dev
* commit '81b27f4c9fcdb1e3379152d08a3abc0fb5e62c53':
Potential fix for accidental deactivation of profile owner
|
| 22afe6261aab343070b63c60a1f4c7ce6f4383f9 |
05-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added isRemovingAdmin method" into lmp-mr1-dev
|
| 96fb932666539e2b3be26ef91eb248a9ace5678e |
02-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Added isRemovingAdmin method
Added isRemovingAdmin method, so that clients can query if device
admin is currently being removed.
Bug: 17609838
Change-Id: I82547a9eeb228fcf8ac2a6e639ca1a75fa41d161
evicepolicy/DevicePolicyManagerService.java
|
| a0116afeaf9363c5a662624dda77b550aa9172a8 |
04-Dec-2014 |
Amith Yamasani <yamasani@google.com> |
Potential fix for accidental deactivation of profile owner
This is a safeguard to only check for changing packages when
re-validating active admins.
1. If package is being removed, only check if it's not being
replaced.
2. If package is changing, only check the changing package that
matches one of the active admins.
3. If package is being added and is a replacement (update), then
check if it affects any matching active admins and verify the
validity of the receivers.
If by any chance some package broadcast was occuring at a time when
an admin was being updated, or the package removed broadcast was
coming in much before the update was registered with package manager
then this will help in avoiding accidental deactivation.
Bug: 18590558
Change-Id: I7f4897e8836f81aa037b8be87d399942ce78b1a2
evicepolicy/DevicePolicyManagerService.java
|
| 5ff0e5fb6b339a7dea0cbc344e88673b7a99e593 |
26-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
am 0d122e26: am ba94fd5e: am 77e25331: Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev
* commit '0d122e265c52ef25dbad652378b3a5e51a86f041':
Add flag for wiping factory reset protection data.
|
| e07f2c01afbc2d38ce7252a9bbc55fae4b5ea1e6 |
26-Nov-2014 |
Robin Lee <rgl@google.com> |
am a7ffed86: am cc19e8b8: am 692e4933: Merge "DevicePolicy: Don\'t warn about managed profile CAs" into lmp-mr1-dev
* commit 'a7ffed86fce0a0cab8915bd6a727605959f08bb7':
DevicePolicy: Don't warn about managed profile CAs
|
| 77e25331ca7ad1fb69fbe7fbec69179824e46e59 |
25-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev
|
| a7e87acb2416d4212c84fb9c45353dbf6ee15e6a |
18-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
Add flag for wiping factory reset protection data.
Bug: 18366448
Change-Id: If8904888a6bf8611d34647e6d65d2347d824dbb3
evicepolicy/DevicePolicyManagerService.java
|
| 80559f4aadb3419eecdf6bf61945af584cd2aa8a |
25-Nov-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: Don't warn about managed profile CAs
Setting up a managed profile should have included a step to warn about
this sort of thing already. As the user should trust the profile owner
anyway it's hard to argue this warning is needed.
Bug: 18224038
Change-Id: Ie86ba26851af726c0dec30eb9c32894ed6bb4a00
evicepolicy/DevicePolicyManagerService.java
|
| e1d84dd914ffe29fe821b814924b0a56506dc238 |
25-Nov-2014 |
Adrian Roos <roosa@google.com> |
am 9a4d0257: am 520d20c1: am 702d9e31: Merge "Fix DPM.resetPassword("")" into lmp-mr1-dev
* commit '9a4d0257beadf53c706afbcb4abc76c17a44ff00':
Fix DPM.resetPassword("")
|
| 702d9e31b1bcacff975a2b8e0d04160bbd6811ed |
24-Nov-2014 |
Adrian Roos <roosa@google.com> |
Merge "Fix DPM.resetPassword("")" into lmp-mr1-dev
|
| 9d4e6a83553b2d8cc8c6d4fcce6c2af2bf52c874 |
22-Nov-2014 |
Amith Yamasani <yamasani@google.com> |
am 1f26bf6b: am 108bdbc9: am efb2df69: Merge "Different messages when wiping user and not device" into lmp-mr1-dev
* commit '1f26bf6bfd683b840f688b41d285fd9c942e6ed5':
Different messages when wiping user and not device
|
| 3a3d212a51974ccec6100c1e117225291edc83cc |
29-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Different messages when wiping user and not device
There are 3 types of users
1. Primary - device will be wiped
2. Managed profile - profile will be removed
3. Secondary user - user will be removed
Show different messages for almost wipe and wipe in each
of these 3 cases.
Bug: 16843155
Change-Id: Icecfe520622773da9e45465bf2217e8ed38b266e
evicepolicy/DevicePolicyManagerService.java
|
| ffba290a33b2b7a8c1bd393e0286686f99b2dbb8 |
21-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
am 5c374a58: am b3d0580f: am 08229e81: Merge "Shutdown backup manager service when device owner is set" into lmp-mr1-dev
* commit '5c374a582ceff913e420d21d63e1d7b087d6fc56':
Shutdown backup manager service when device owner is set
|
| 08229e817ecb67b0c7ebbd6b5b9ce4aef1b38cc2 |
21-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Shutdown backup manager service when device owner is set" into lmp-mr1-dev
|
| f8f56bce428bb2b89d1d572ccd2d604761dbbce8 |
20-Nov-2014 |
Adrian Roos <roosa@google.com> |
Fix DPM.resetPassword("")
While we're at it, also fix some multi-user issues in
LockPatternUtils.
Bug: 17496766
Change-Id: I8e557ea640fa589817c8f8f818c91463585d5ea7
evicepolicy/DevicePolicyManagerService.java
|
| 4221126b95db7fc81e4735a18a92aa40621bd2af |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
am 3c1d5e2f: am 40603baa: am 735f2285: Merge "Remove permission check in DevicePolicyManager.isUninstallBlocked()" into lmp-mr1-dev
* commit '3c1d5e2f9d0724f0a10313244d0ef47957d855f2':
Remove permission check in DevicePolicyManager.isUninstallBlocked()
|
| dbf32fe93a4fa59961a83dfdc30c281978d22121 |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
am f978e667: am 0122db0a: am 3a7d3fc6: Merge "Fix equality test in getProfileOwnerAdmin()" into lmp-mr1-dev
* commit 'f978e667a6395902be09f3dd6c5c6b8d17ce58da':
Fix equality test in getProfileOwnerAdmin()
|
| 735f22850edcb5c2447c37cb96f048de8a742907 |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Remove permission check in DevicePolicyManager.isUninstallBlocked()" into lmp-mr1-dev
|
| 3a7d3fc60e1347ff9bdddb8040237e2818d67a0e |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix equality test in getProfileOwnerAdmin()" into lmp-mr1-dev
|
| a97855b784243c00b99dfcb6595164ab4a88d05c |
07-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Remove permission check in DevicePolicyManager.isUninstallBlocked()
This is to allow Play to use this API to find out whether a package
is uninstallable due to profile or device owner policy's restriction.
Bug: 17914630
Change-Id: I4ce2963884ecdf3306805f36db80ed1ebf04d88f
evicepolicy/DevicePolicyManagerService.java
|
| 0477f716311ab03ef89ce9ecb288182c0aa25d4a |
14-Nov-2014 |
Fyodor Kupolov <fkupolov@google.com> |
am 70b2de7c: am 6dd9f86f: Merge "Added synchronization to handlePackagesChanged method" into lmp-mr1-dev automerge: a07bdda
* commit '70b2de7c25a083a44042ddd0cb8b2a24dde53e6e':
Added synchronization to handlePackagesChanged method
|
| 26ac6a6fd0ef43803c6edd786c8f1fa715ae3cca |
13-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Shutdown backup manager service when device owner is set
Bug: 16641441
Change-Id: I3fe54e43324c15dabd56834a923e8e8cb4eea98d
evicepolicy/DevicePolicyManagerService.java
|
| d01ff6d4c35edecd3d250d65ca1ab63699e0d642 |
12-Nov-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Added synchronization to handlePackagesChanged method
Method handlePackagesChanged modifies the policy data without holding the
lock. It also calls methods which expect a lock to be held -
validatePasswordOwnerLocked, syncDeviceCapabilitiesLocked, saveSettingsLocked.
Bug: 18262633
Change-Id: Ia4bdc6edc66bccf8a4288e048171ff20858ae2f6
evicepolicy/DevicePolicyManagerService.java
|
| 7c2f2422301f0fb84cbcccca353ecf291bb7f1e0 |
12-Nov-2014 |
Amith Yamasani <yamasani@google.com> |
am e73cab5f: Merge "Allow profile owners to set the unknown source setting" into lmp-mr1-dev automerge: 93ffd5d automerge: 15de62d
* commit 'e73cab5f1226f7434fa8bbf341e91891916683c5':
Allow profile owners to set the unknown source setting
|
| 70170261cbd966501a673ba5548dcab823037cfb |
12-Nov-2014 |
Jeff Brown <jeffbrown@google.com> |
am 32f7a6d8: Merge "Move device admin max screen off timeout to internal interface." into lmp-mr1-dev automerge: c1275e7
automerge: a473878
* commit 'a4738781584d58e133fc4d0f55d9b7ebcb246ff6':
Move device admin max screen off timeout to internal interface.
|
| 52c39a16db077f5017ab20214e60a205e075f2d7 |
21-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Allow profile owners to set the unknown source setting
This allows work profile MDM to enable unknown sources
even if the user doesn't have UI for it. Installing an
app from an unknown source will still prompt the user
with the package installer dialog, so it's not like the
MDM can now quietly install apps from non-market sources.
Bug: 18316350
Change-Id: Ia8f4fe36f12a258aa888e085acc0b358925f4817
evicepolicy/DevicePolicyManagerService.java
|
| 5ce1cb240b13db98fbdc21e1ef069b5f9cec8d72 |
07-Nov-2014 |
Jeff Brown <jeffbrown@google.com> |
Move device admin max screen off timeout to internal interface.
The setting was previously exposed in IPowerManager but it
doesn't need to be there.
Bug: 17656076
Change-Id: If3ed0cbe89f67c60aa00376be0c54b1bd9656144
evicepolicy/DevicePolicyManagerService.java
|
| cc56956025c8e562513f63a3457a3fc0ee052405 |
06-Nov-2014 |
Jim Miller <jaggies@google.com> |
am 767ae175: am 6230cdf5: am 262dc4da: Merge "Update TrustAgentService API after review" into lmp-mr1-dev
* commit '767ae175fab5a93f4948b3722549448eb4b55e41':
Update TrustAgentService API after review
|
| e303bf443532c2ad756260133f00747bcff11e69 |
27-Aug-2014 |
Jim Miller <jaggies@google.com> |
Update TrustAgentService API after review
This change incorporates API council feedback and enables the
TrustAgent whitelisting API.
It also contains a minor cleanup of DPM's use of UserHandle
to eliminate unnecessary object creation.
Fixes bug 17008504
Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
evicepolicy/DevicePolicyManagerService.java
|
| d7892e71a85989a3afc6388d917ab9961a607f24 |
30-Oct-2014 |
Rubin Xu <rubinxu@google.com> |
Fix equality test in getProfileOwnerAdmin()
The equality test should compare a ComponentName, which admin.info is not.
Bug: 18186447
Change-Id: If984ae2e0da958889564ba30716d65245a78d60f
evicepolicy/DevicePolicyManagerService.java
|
| 7e351fdae8e9f40a095fa16d9cf39ce9a463a652 |
27-Oct-2014 |
Yohei Yukawa <yukawa@google.com> |
Stop querying package names unnecessarily
This is just a code clean-up. No behavior change is intended.
BUG: 18131340
Change-Id: Ia88374cde7845553530ddd1176f983101e4ec13f
evicepolicy/DevicePolicyManagerService.java
|
| f5c00c1c1136c9752b9c0157f9eca6385d7b9448 |
28-Oct-2014 |
Benjamin Franz <bfranz@google.com> |
Merge "Send ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED Broadcast when a user restriction has been changed." into lmp-mr1-dev
|
| 05720542613ec79c4b87453845231c838dbe0d03 |
15-Oct-2014 |
Benjamin Franz <bfranz@google.com> |
Send ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED Broadcast when a user restriction has been changed.
Bug: 17916693
Change-Id: I6bca83ad6224ab6f1e4bdf41a10f514823c66755
evicepolicy/DevicePolicyManagerService.java
|
| e69bdca44bbbd16b990b9be0eba24e88cbb7f8f8 |
20-Oct-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: Restore CA warning to K behaviour
Some tests rely on this being dismissible. Additionally it turns out
some users don't like having a hulking great notification follow them
around everywhere.
Bug: 17985258
Change-Id: If05a07b9eaa402a48f9a14647effc1df32c796e1
evicepolicy/DevicePolicyManagerService.java
|
| cd410ba4e816b657020cafb23e69206734726b42 |
17-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Use the correct method to check if device is encrypted
DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.
Check if the device is encrypted by some means, instead.
Also fix a SecurityException when Device Admin queries encryption state
(recent regression)
Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
evicepolicy/DevicePolicyManagerService.java
|
| 3836c9a4c145cd683151bd627a22958303a418c2 |
15-Oct-2014 |
Jim Miller <jaggies@google.com> |
Fix getStorageEncryptionStatus() in DevicePolicyManager
This fixes a bug introduced by a change where the function
ignores systems with default encryption where it's disabled.
The fix also checks to see if vold thinks the device is secure.
Fixes bug 17881324
Change-Id: I2c40f76cf990d90d1a825955aa3b080b21684426
evicepolicy/DevicePolicyManagerService.java
|
| 2c3886cb3463ff39c1986c5b85eba79748dd8c24 |
15-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Fix admin policies in managed profiles" into lmp-dev
|
| 242f4b125939276be866bb0a637b89bfbc5aa880 |
15-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Fix admin policies in managed profiles
Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
evicepolicy/DevicePolicyManagerService.java
|
| 28433dbdabd3f60224131039911a8f1def3fe670 |
15-Oct-2014 |
Svetoslav <svetoslavganov@google.com> |
Fix a NPE in device policy manager service.
It is possible that the device does not have an owner. If there
is no owner we get a NPE when asking the device policy manager
for cross-profile widget providers.
bug:17989189
Change-Id: I5759f2dec160ed8076ab47fdf09134f78c57458d
evicepolicy/DevicePolicyManagerService.java
|
| d0130e85398aea84151765a8706109beedb20c37 |
06-Oct-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: One cert tracker warning per profile
Shows one notification per profile instead of one notification per
user or (previously) one notification per device.
Bug: 17794425
Change-Id: I6f0d34a16fa2a45082941387ac765dd99eefa131
evicepolicy/DevicePolicyManagerService.java
|
| baa05930ec0e7f9267380b98719e75b3e58f1df5 |
25-Sep-2014 |
Kenny Guy <kennyguy@google.com> |
Merge "Ignore badly formed ComponentNames when loading device_owner.xml" into lmp-dev
|
| be16357f40406d32de6d9a1632910bcdfacc0d21 |
25-Sep-2014 |
Kenny Guy <kennyguy@google.com> |
Ignore badly formed ComponentNames when loading device_owner.xml
In the past we wrote out badly formed ComponentNames with no
class part. Loading these results in a null pointer exception
blocking boot.
Bug: 17652534
Change-Id: Iec592343425a23c7ada5f73cf30b8646d31eae81
evicepolicy/DeviceOwner.java
|
| 004a4b20f8d3116e6a711525960d433fcfea4ee4 |
24-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Include reason when wiping data.
This will help us track down who requested a data wipe.
Bug: 17412160
Change-Id: If8413e5d6377773f37e8b34ae3d26347226a027c
evicepolicy/DevicePolicyManagerService.java
|
| 8d9f12161823f267179f46825734c188b6c75b09 |
19-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Allow primary user profile owner to set device restrictions" into lmp-dev
|
| dd31a10c7f194d70411c8fb8ca8c0ab6751dccb2 |
16-Sep-2014 |
Jessica Hummel <jhummel@google.com> |
bug fix: Allow enableSystemApps to be called by profile and device owner.
We had an additional check for managed profile in there, so it wasn't working for device owners. Also needed to look at uninstalled packages.
Change-Id: I4813f23b00d7905e92ade582ce082a6f295a322d
Bug: 17384318
evicepolicy/DevicePolicyManagerService.java
|
| c34dc7cdeb5cae8ca4c731838aafe90ed4c9a2b8 |
18-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Allow primary user profile owner to set device restrictions
In addition to device owners, profile owners on the primary user
can also set user restrictions that are necessary to lock down the
user.
This is to enable the case of a profile owner registered after setup
wizard is completed, on the primary user.
Also make managed profile vs. profile wording consistent in the
DevicePolicyManager docs.
Bug: 17555025
Change-Id: Ib9d08b8af34a99b25e11757fa7dc83673a7deb32
evicepolicy/DevicePolicyManagerService.java
|
| d616a3357872ca0142611576884df4495e7ccbd6 |
12-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Prevent device owner registration after setup is complete
This change prevents adding a device owner after setupwizard
has finished provisioning. Only the new dpm shell command
can set a device owner.
Bug: 17316711
Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
evicepolicy/DevicePolicyManagerService.java
|
| d09fbafa9242e67450c2f85807a159152d4761c8 |
12-Sep-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Add new adb dpm (= DevicePolicyManager) command" into lmp-dev
|
| b5ef162129ced7e9636052af6b7f08d677a01f13 |
08-Sep-2014 |
Esteban Talavera <etalavera@google.com> |
Add new adb dpm (= DevicePolicyManager) command
Adds new adb command to execute DevicePolicyManager tasks. First subcommand
allows us to set a device owner on a provisioned device (provided no accounts
are associated with the device). This is required as GTS tests run on provisioned
devices. We plan to add more subcomands required for new GTS tests, such as the
ability to create a managed profile.
Bug: 17312478, 17316711
Change-Id: I2613178ea82a6c6268e7f8012e74c4a852fea0d4
evicepolicy/DevicePolicyManagerService.java
|
| 26408ccd8e852d947e58021792bfc3b315e5948d |
08-Sep-2014 |
Bernhard Bauer <bauerb@google.com> |
Add DevicePolicyManager PrivateKey mgmt
Additional device policy API to install keypairs to the keychain
silently.
Bug: 15065444
Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
evicepolicy/DevicePolicyManagerService.java
|
| f58e532e015ef31d879ee51aeeb251349784717c |
11-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Apply cross-user restrictions to Shell" into lmp-dev
|
| d86734b4695a92359ed38d6053ed1ce16a470634 |
11-Sep-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow device owners to update LOCATION_MODE." into lmp-dev
|
| 8cd28b57ed732656d002d97879e15c5695b54fff |
09-Jun-2014 |
Amith Yamasani <yamasani@google.com> |
Apply cross-user restrictions to Shell
Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.
If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.
Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
evicepolicy/DevicePolicyManagerService.java
|
| a240d8377a3a45ddd4daccdb6b34f51644296486 |
05-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Don't allow guests to install from unknown sources" into lmp-dev
|
| 82735bcb1400cb5ab2da763a236a55927d87ab00 |
04-Sep-2014 |
Julia Reynolds <juliacr@google.com> |
Allow device owners to update LOCATION_MODE.
Bug: 17388933
Change-Id: If3267aa52c2611cf764a19bee019c312f6ebf5d1
evicepolicy/DevicePolicyManagerService.java
|
| 127343cb460c8d23f9fb59bcf4bcea6e9b9cea03 |
04-Sep-2014 |
Craig Mautner <cmautner@google.com> |
Merge "Eliminate deadlock by deferring wipe data call" into lmp-dev
|
| 66eb5218335886fed1978891bd0f2d04d2109563 |
04-Sep-2014 |
Craig Mautner <cmautner@google.com> |
Eliminate deadlock by deferring wipe data call
The call to RecoverySystem.rebootWipeUserData() was made while
holding the lock to DevicePolicyManagerService. But it blocks
waiting for system_process' main thread to receive the ordered
broadcast complete callback. It won't receive that callback
because Keyguard is running on the main thread and is concurrently
blocked on DevicePolicyManagerService.
By moving the call to rebootWipeUserData() out of the synchronized
block the deadlock is eliminated.
Fixes bug 16870054.
Change-Id: I3eb587211e5484859cc9dab7e80e5a1f6c85225d
evicepolicy/DevicePolicyManagerService.java
|
| 29ce85bab94a2d0dc98d9075ae86c8a282367117 |
04-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Don't allow guests to install from unknown sources
Added a user restriction when creating a guest.
Made sure that guests can't install profile owners that
could undo the restriction.
Bug: 17359648
Change-Id: Icdd919e8b1cbd79a69aacb76e573ec3449f18e4c
evicepolicy/DevicePolicyManagerService.java
|
| 808f6ef2ac2127ea0ea14e71c9599355b631a617 |
28-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Pass ComponentName to probing certificate methods
Pass ComponentName and check whether that admin is a profile owner on DPM
get/has certificate methods (requested on the API review).
As per Change I55eec17e01489ab323f8a0e68b11592605a7b740, not keeping track of
which admins installed which certificates for now:
"Having per-admin CA certificates would be a fair bit of work. The only MDMs
we're opening this up to for now are Device and Profile Owners which 100%
manage the profile so will be the only admin.
It seems like if we keep track of "who installed which certs" it'll be a little
pointless because the answer will always be "the ProfileOwner" for every single
one."
Bug: 17005622
Change-Id: I45e9dac5236ab4ed235a341c208ac3cb6aba17da
evicepolicy/DevicePolicyManagerService.java
|
| a8528c642090525f0e5f3c35dc3ba5a50ff17093 |
28-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Audio/Micrphone user restriction/multiuser updates." into lmp-dev
|
| 65c27970821f022d5c256eba8b764f584210e683 |
28-Aug-2014 |
Robin Lee <rgl@google.com> |
Relocate broken getCallingUserId() calls
This should not be invoked while the calling identity is cleared
because it will return the current user rather than the calling user.
Bug: 17314802
Change-Id: I587daa420b0976d41928ab7c34eeda2329c1341e
evicepolicy/DevicePolicyManagerService.java
|
| 729b2a6c2f330c10674bb3fc0c4f2eb57e3d0a43 |
27-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Renamed getUninstallBlocked to isUninstallBlocked
As per API review.
Bug: 17297103
Change-Id: Icb4ceded317b0df4deb0f5221512541a632e150b
evicepolicy/DevicePolicyManagerService.java
|
| b53453fae037d67e421011936c8fdffe7ba43922 |
22-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Audio/Micrphone user restriction/multiuser updates.
1. Persist microphone mute state.
2. Set mute state for correct user.
3. Check for settings restrictions as the correct user.
Bug: 17177502
Bug: 16701642
Change-Id: Id8b6cd90c5caceb67fbec862f90aac7ec7a00b3c
evicepolicy/DevicePolicyManagerService.java
|
| 19d431f330bf1d89c92c0971dad5fa8f5950b16d |
27-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Limit the settings profile/device owners can update." into lmp-dev
|
| 9ed66da8dfd15001cebe8f7ef453718f41f9904d |
26-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Limit the settings profile/device owners can update.
Bug: 16351901
Change-Id: Id33a57ad651b5b7b58de0549eb90d5a1fe5c19c5
evicepolicy/DevicePolicyManagerService.java
|
| 0ced6272911f440843e9ff8e89b9fafdb49b243b |
26-Aug-2014 |
Sander Alewijnse <salewijnse@google.com> |
Provide lockdown of date/time device owners.
Fixed two minor issues with the screencapture as well.
Updated documentation and added enforceCrossUserPermission.
Bug:16948504
Change-Id: I9a645dcf480a4a044879ba481bce964d06fe5153
evicepolicy/DevicePolicyManagerService.java
|
| de3af82ce0c533a284df8d5afc49a475b003ea46 |
21-Aug-2014 |
Jason Monk <jmonk@google.com> |
Merge "Write device owner name to XML" into lmp-dev
|
| 4e7a65f15c80c2601fdb24e596f4a9af4926546a |
21-Aug-2014 |
Jason Monk <jmonk@google.com> |
Write device owner name to XML
So that it can be remembered.
Bug: 17153003
Change-Id: I6fb96334f235348bc237cc52e09c2fe5ef1332b7
evicepolicy/DeviceOwner.java
|
| d5c5c13c8505a27290a2540ff1f64c8753431cb1 |
20-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Rename get/setBlockUninstall() to get/setUninstallBlocked()
As requested in the API review
Bug: 17005622
Change-Id: I1332ad11e588ab3fa409f2a28222608936cb383e
evicepolicy/DevicePolicyManagerService.java
|
| 8c5c37364776266d9d91bb35094a9755707833f7 |
21-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Remove setApplicationsHidden" into lmp-dev
|
| b9e468cb9d77abf57473436e29042e1b27d9f70b |
21-Aug-2014 |
Kenny Guy <kennyguy@google.com> |
Merge "Add apis for whitelisting IMEs and accessibility services." into lmp-dev
|
| 115cd65d2a3417b506563e6b2d60c269d69efaef |
21-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Remove setApplicationsHidden
As requested in the API review. This version (the one that takes an Intent) was used only in the DeviceAdminSample and some CTS tests.
Bug: 17005622
Change-Id: I9984b22836417ad4d025302f61bd91704e9345a4
evicepolicy/DevicePolicyManagerService.java
|
| fa80a4faa3ab32f61742b684e832126dae8468e7 |
20-Aug-2014 |
Kenny Guy <kennyguy@google.com> |
Add apis for whitelisting IMEs and accessibility services.
Adds apis for device / profile owners to white list
the accessibility and input methods a user can enable.
Bug: 14469005
Change-Id: I921888660d29a5370395db87adf75d4d106660c9
evicepolicy/DevicePolicyManagerService.java
|
| 6bd702538d90005add1cfc33746da19404090dc1 |
20-Aug-2014 |
Svet Ganov <svetoslavganov@google.com> |
Notify app widget hosts when cross-profile providers change.
1. Notify the hosts in the group if a package gets white-listed or
un-white-listed for providing widgets across profiles.
2. Notify hosts in the group for provider changes when a profile
is deleted.
bug:17126070
Change-Id: Ic719c1c68e45842d50decc95603f1d61583b8f02
evicepolicy/DevicePolicyManagerService.java
|
| afe7a2c9c30393c83304ad0d30a6a32072ba1845 |
20-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Prevent profile owners from setting certain user restrictions." into lmp-dev
|
| 2cb384f42569f36e19ecee60da259d69048fdd85 |
13-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Prevent profile owners from setting certain user restrictions.
Bug: 16351901
Bug: 16701492
Change-Id: Ie866bc24d2d7cc15f86c5b50062a730e099612a1
evicepolicy/DevicePolicyManagerService.java
|
| 255dd04271088590fedc46c8e22b2fd4ab142d39 |
19-Aug-2014 |
Selim Cinek <cinek@google.com> |
Added notification color to all system notifications
Bug: 17128331
Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
evicepolicy/DevicePolicyManagerService.java
|
| 95d9ad0f79c900db9bca1745100f14d0ec9cc133 |
18-Aug-2014 |
Jason Monk <jmonk@google.com> |
Merge "Fixes to lock task API from API review" into lmp-dev
|
| 3d9eb78fe91ab2479eb38443aed588e10421e31b |
11-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Apply lockdowns when user restrictions are set.
Previously DMAgent would apply these lockdowns before/
after setting the matching user restrictions.
Bug: 16701642
Bug: 16945830
Bug: 16944983
Change-Id: Ib4f7145055687f12408d6ccacd8e6380406a32b2
evicepolicy/DevicePolicyManagerService.java
|
| 48aacba761527a529c2b668c8151c7f98ff70524 |
13-Aug-2014 |
Jason Monk <jmonk@google.com> |
Fixes to lock task API from API review
Adding ComponentNames and some splitting/renaming of broadcasts.
Bug: 17005622
Change-Id: I9ece3553310fb20b0c3c3e4032b408e86384363a
evicepolicy/DevicePolicyManagerService.java
|
| b8b4774e6185058b179a31f8c1a2dd806413e31b |
07-Aug-2014 |
Adrian Roos <roosa@google.com> |
Fix NPE in DevicePolicyManagerService that crashed SystemUI
Bug: 16857795
Change-Id: I6234f03c4ee31311af9f9c556b790594ee1a8b2f
evicepolicy/DevicePolicyManagerService.java
|
| 00f201e41b5b496327b9578e6fb00fad8b4d9da9 |
07-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Wipe only managed profile when max number of incorrect passwords exceeded" into lmp-dev
|
| fe0f24cc92b04e03cac3f807859721f1ce7ef54a |
06-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Wipe only managed profile when max number of incorrect passwords exceeded
When the maximum number of retries that has been exceeded is not for the primary profile of the user, wipe only the profile that set that policy (e.g. the managed profile) rather than the entire user. At the moment the whole device is wiped if the max number of incorrect passwords for a managed profile is reached, as the password is shared with the USER_OWNER.
Bug: 14453697
Change-Id: I5746de104133c0ea0a51d75b9c92e1516d365d8c
evicepolicy/DevicePolicyManagerService.java
|
| 318f91b784e8f71b25e6de2f22d8e24412477ae2 |
07-Aug-2014 |
Svetoslav <svetoslavganov@google.com> |
Fix NPE in device policy manager service.
Change-Id: I796359f903077eb0ef825ed926557f1a13b2e4c4
evicepolicy/DevicePolicyManagerService.java
|
| 976e8bd2017d0263216c62111454438cc0f130e3 |
17-Jul-2014 |
Svetoslav <svetoslavganov@google.com> |
Allow adding widgets from user profiles.
The goal of this change is to enable support for appwidget from
user profiles to the user main profile. A user profile is a user
which is associated as a child of the main user profile. For example,
a user may have a personal (parent) and corporate (child) profile.
The device policy should be able to control whether adding a widget
from a child profile and given packages is allowed. This change
assumes that all packages from managed profiles are white listed.
Another change will add the device policy changes.
Change-Id: I267260b55d74c48b112a29979a9f59eef7a8194e
evicepolicy/DevicePolicyManagerService.java
|
| a87863a8bddb033ca9ace11e7d78932d70d08ce3 |
29-Jul-2014 |
Sander Alewijnse <salewijnse@google.com> |
Fix deadlock window manager and device policy manager.
Removed all communication from wm to device policy manager.
Added initialization of cache in wm by dpms.
Change-Id: Ifa0b8bfcd625464b156d5cc0fb66d342deda1c27
evicepolicy/DevicePolicyManagerService.java
|
| 50c360790ca4c061aa6a1d94e06bd7e25b0f0436 |
30-Jul-2014 |
Robin Lee <rgl@google.com> |
Don't turn off screen after wiping user profiles
The activity manager should know when to lock the screen. If an admin
does want this to happen then they should be able to run both commands
in succession.
Also rectifies some creative code styling in the same DPM method.
@bug 15558805
Change-Id: I8918184a4585aa8b061eb4a68edc2ec6805d8127
evicepolicy/DevicePolicyManagerService.java
|
| bf3a9465483976dcd5692b619b47132c2b95f73e |
28-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Set profile owner via an intent
priv apps can request to become a profile owner after setup has
completed. This will pop up a consent dialog (in Settings).
Also, clean up profile owner concept to be a component name.
Change-Id: I5e8532866e8018f61836c4e84fbbadb6150218ae
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 604e7558ef32098644b2f9456d7743a07ae789dc |
19-Jul-2014 |
Jim Miller <jaggies@google.com> |
Add new DevicePolicyManager API to allow fine-grained TrustAgent management
This adds a new feature that allows a device admin to specify a
whitelist of features that are allowed for the given admin.
Change-Id: I83f853318efbcf72308532d0a997374f73fa9c10
evicepolicy/DevicePolicyManagerService.java
|
| ea4f01070a9c8f5147eb228c413a84de78d98973 |
28-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Remove the profile/device owner user restriction bypass." into lmp-dev
|
| 401de1785eccc946ed6c35e9b7fccab92b2022af |
25-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Remove the profile/device owner user restriction bypass.
Bug: 16566096
Change-Id: I4a56046df44d36d82edc64fc727e8cad5dc75382
evicepolicy/DevicePolicyManagerService.java
|
| 0da218be00d37a20866059c54a3dd5e8bf17e20b |
25-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Don't update user's setup state unless it changed
Eliminates an extra write on every boot.
Bug: 16416936
Change-Id: I9ca16676c1b39dafeed3fc744a69c5bde819990c
evicepolicy/DevicePolicyManagerService.java
|
| 3f7777fa4f1d392e18bad39edcd4539880c52ff9 |
24-Jul-2014 |
Nicolas Prevot <nprevot@google.com> |
Storing the app who sets a CrossProfileIntentFilter.
When we add a CrossProfileIntentFilter, we store the package and userId of the calling app
inside the CrossProfileIntentFilter.
When an app calls clearCrossProfileIntentFilters, we only remove the filters that the calling app
has set itself.
BUG: 16537557
Change-Id: I6e7bc859383ea66553d9f4230365df8ba27525f3
evicepolicy/DevicePolicyManagerService.java
|
| d2a1eec400128f39e1b223a720a88dbd395f3e6e |
09-Jul-2014 |
Sander Alewijnse <salewijnse@google.com> |
Add Device Policy API to disable screen capture.
WindowManager will set secure flag on SurfaceControl for
all windows of a flagged user to prevent screen capture.
API is consistent with the camera disable API.
Change-Id: Ib180f67f1ad827b6f4aca2af615274256cce58f4
evicepolicy/DevicePolicyManagerService.java
|
| 8ddeee98b8b3d8b7379d9044b1ad0ad12ead004b |
23-Jul-2014 |
Dianne Hackborn <hackbod@google.com> |
Use foreground broadcast to get device admin msg.
Using a background broadcast is bad, it can take a long
time to get the message back, either accidentally (backed up
behind other broadcasts) or from a deliberately malicious
admin.
Change-Id: Ib7491f8e27dacdc002562aef027ee4664e78e97b
evicepolicy/DevicePolicyManagerService.java
|
| 9c2be6c7ba3d7dce58e8f4ec1617698c54ae808e |
22-Jul-2014 |
Robin Lee <rgl@google.com> |
Stop double-loading device admins
loadSettingsLocked() was being called twice for USER_OWNER at
systemReady(), doubling the number of admin entries at every boot.
Also guards against double-adding admins which appear twice in the
same XML file, favouring more recently-refreshed entries for
backward compatibility.
Previously an application calling in with 'refreshing = true' would
double-insert whatever admin was being refreshed into its user's list
of device admins. This is fixed too.
@bug 16416936
Change-Id: Idd147aa130e6bce7bcc40532f0a7fb07117b3151
evicepolicy/DevicePolicyManagerService.java
|
| eee5094f96c630661ca563d70de244ccbbd53579 |
22-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Fix a security exception when checking cross-profile caller-id cap.
No need to enforce that the caller is in the system process.
We're only checking if the device policy is allowing access.
Bug: 16301261
Change-Id: I87a7c808d116c86aa68cebb36631c46d0a54be96
evicepolicy/DevicePolicyManagerService.java
|
| e5bcff624fb58b6f95be8ddff7f5b6b3bf5d19c7 |
20-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Rename setApplicationBlocked to setApplicationHidden
This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.
Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
evicepolicy/DevicePolicyManagerService.java
|
| c8fa3ae2ce238843496d7aa3f1c4042bb9bb98b4 |
17-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Merge "Create DPM APIs for cross profile callerId" into lmp-dev
|
| 210fe21e95cfff98734f5b849b205cdcb0706948 |
17-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Create DPM APIs for cross profile callerId
Contact information in the managed profile is shown
in the incoming call UI unless blocked using this API.
TODO: Actually plumb this into the caller-id logic.
Bug: 16301261
Change-Id: If03adc907d9558baa0a45a1833b857206b7bf96a
evicepolicy/DevicePolicyManagerService.java
|
| 999d394adee533c55fce38bd632ffd4f1af91362 |
03-Jul-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Ads per-user APIs to manage accounts through the AccountManager
Bug: 16056552
Bug: 14642886
Change-Id: I17ff6c2515285e63c84cecf2f861d10666c393c5
evicepolicy/DevicePolicyManagerService.java
|
| 3f4f2fbcd0557e32464e393cb9acc28c2328614e |
17-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Keep track of user_setup_complete in DPMS" into lmp-dev
|
| ed239cb950d05ae794999ca75cef0c5371016800 |
17-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Keep track of user_setup_complete in DPMS
This is to ensure that some system app can't modify that
state for purposes of changing the profile owner without
user consent.
Bug: 16207721
Change-Id: Ic5f454d7568cd824b83456eed0e2611779a9adf8
evicepolicy/DevicePolicyManagerService.java
|
| 655be2a98ea6285fc33aec4b223e90c2620927f1 |
14-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Revert "Remove enableSystemApp methods."
We need to go back to uninstalling system apps so we can
re-install non-default system applications through Play.
This reverts commit e3dbcd138c07f2d32ac84229d0a49052cc18d424.
Change-Id: I0a7af094614c4a10800971c82e10571f7312e079
evicepolicy/DevicePolicyManagerService.java
|
| 582d9111d76632027fed7af10d05d4b44df16c0c |
10-Jul-2014 |
Jason Monk <jmonk@google.com> |
Add API for device owner to switch users
Once verified that caller is device owner just calls through to
the activity manager and acts like that call.
Change-Id: I34023313cd6742b73d2105655ec6b631879aa37a
evicepolicy/DevicePolicyManagerService.java
|
| 85516d028b2dcc7ebc09f4a68085836aa26191d5 |
01-Feb-2014 |
Jim Miller <jaggies@google.com> |
Add new "pin complex" type to supported keyguard PINs
This adds a feature to allow DevicePolicyAdmins to prevent using
simple PINs, which are defined as those containing more than 3
repeated values. Examples include '1234', '2468', '1111', '9876', etc.
Bug 12081139
Change-Id: I4ebe1c76a48087dcd7c878e9bd79a4e3ee2a27fe
evicepolicy/DevicePolicyManagerService.java
|
| fe0538098403b49ebd9219bf77236471bb5ca63b |
30-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Restrict factory reset with user restrictions.
Bug: 15985879
Change-Id: I524bd8a790798a85a679aa195e634f6e0227d09f
evicepolicy/DevicePolicyManagerService.java
|
| c13053bf1c05b980421611487ce67677c08db299 |
29-May-2014 |
Kenny Guy <kennyguy@google.com> |
Add package state to block uninstall.
Add package state to allow profile or device
owners to block uninstall of packages.
Add API to DevicePolicyManager to set/get the
state.
Bug: 14127299
Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
evicepolicy/DevicePolicyManagerService.java
|
| 1333ea1ed7a95eb9e1be43c20a0c48e901654cac |
23-Jun-2014 |
Jessica Hummel <jhummel@google.com> |
Provide api to set the managed profile name.
Instead of sending the profile name in the provisioning intent
the mdm should set the profile name after provisioning has completed.
This allows us to simplify the provisioning flow and the mdm can
change the name of the profile later on if required.
Change-Id: I821ef2300eae74e89872152ae1c89ac3ecbb82e7
evicepolicy/DevicePolicyManagerService.java
|
| ef1de65117e8361cbeb188309dbb1a7953350c2a |
25-Jun-2014 |
Adrian Roos <roosa@google.com> |
Trust Agents: Disable until next unlock if device is locked by DPM
Bug: 15871777
Change-Id: I1a6e43848e600ffa2092282081b18ddf92419d4a
evicepolicy/DevicePolicyManagerService.java
|
| c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437 |
24-Jun-2014 |
Jason Monk <jmonk@google.com> |
The profile owner shouldn't control lock task
Since managed profiles are started on bootup, the managed profile
would be allowed to set an app (possibly itself) as a lock task
app and then run itself on bootup and constantly control the
device. This privelege should be restricted to device owners.
Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
evicepolicy/DevicePolicyManagerService.java
|
| aab72f3b0ab740e12b4a2576a99852081529feb5 |
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Revert "Publish DevicePolicyManager CA certificate APIs"""
|
| 306fe08ce2b06671336e67a87afaa0851f0105eb |
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Revert "Publish DevicePolicyManager CA certificate APIs""
This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936.
Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
evicepolicy/DevicePolicyManagerService.java
|
| 2b5e917026fe4e6dec8712ee24bdffee8d62ab33 |
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Publish DevicePolicyManager CA certificate APIs"
This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5.
Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
evicepolicy/DevicePolicyManagerService.java
|
| e7cd37e6138c5e769cc6cb398e632bca24d2d1ab |
19-Jun-2014 |
Nicolas Prevot <nprevot@google.com> |
Merge "Introducing crossProfileIntentFilters that skip the current profile."
|
| 63798c596dc757135950313eb4bb44ca58696c68 |
27-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Introducing crossProfileIntentFilters that skip the current profile.
For these crossProfileIntentFilters, the activities in the current profile cannot
respond to the intent.
Only activities in the target profile can respond to the intent.
BUG: 14936725
Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
evicepolicy/DevicePolicyManagerService.java
|
| fbe6be4f653d73d5c51ee0a2fb40d2a34c2366fd |
18-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Notify any profile/device owners of lock task"
|
| 35c62a4668a85aa4318c9ec564f2e06e8a2d2a30 |
17-Jun-2014 |
Jason Monk <jmonk@google.com> |
Notify any profile/device owners of lock task
Add a method for DeviceAdminReceivers of profile/device owners to
be notified that lock task mode has entered or exited for an app
they have whitelisted.
Change-Id: Id124287d41564bbfccdacccf1977b7acb3ddec3f
evicepolicy/DevicePolicyManagerService.java
|
| 6d3912e2ef75a7794ac44839eef2569086cae104 |
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Publish DevicePolicyManager CA certificate APIs""
|
| d7b8621bde44857ebb07130693a00f5f777887d4 |
16-Jun-2014 |
Jason Monk <jmonk@google.com> |
Change lock-task DPM authorization to packages
Switch the DPM lock-task authorization to be controlled by a package
rather than a component.
Change-Id: Ife9bed068f31ff2449b4451ab69d3586a3f09d89
evicepolicy/DevicePolicyManagerService.java
|
| b12f1778d612a53e6b40e6d5873be1ccff2e52a5 |
17-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Publish DevicePolicyManager CA certificate APIs"
|
| 837304f6f6ae37dc475fa6e0e620f1c2321f2e11 |
11-Jun-2014 |
Robin Lee <rgl@google.com> |
Publish DevicePolicyManager CA certificate APIs
Exposes these methods:
- hasCaCertInstalled
- hasAnyCaCertsInstalled
- installCaCert
- uninstallCaCert
Allows device and profile owners to perform some certificate management
including querying for and enabling/disabling specific CA certificates.
Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
evicepolicy/DevicePolicyManagerService.java
|
| 4e81913a66c98bfd9939376640b89015a23580a1 |
12-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Allow device owner to configure secondary users"
|
| 03978a40b3a4c268329ae733eff8dfffd92f6e09 |
10-Jun-2014 |
Jason Monk <jmonk@google.com> |
Allow device owner to configure secondary users
Currently the device owner can create secondary users, but unless
it is a system app it will not be installed and will not be able
to pass data easily from the code that creates the user and any
code running on that user.
This allows the device owner to install itself while creating a
user and start up a service to configure that user. createUser
takes an bundle so that the device owner can pass across any
initial setup data it needs to, this bundle will be sent to
the admin receiver in onEnable.
Change-Id: Ic1f8565dd2a7bd85363527cf68b0ecd4dc9c3636
evicepolicy/DevicePolicyManagerService.java
|
| 122c595cd9ca00435b7265444e181f8cc78335e5 |
11-Jun-2014 |
Robin Lee <rgl@google.com> |
More meaningful errors for DPM calls by non-owners
Now throws an exception titled something like "Admin X does not own the
profile" instead of the rather unhelpful NullPointerException that was
thrown previously.
Change-Id: I33f6da5ea5eb70d8ea3939cfa280c794b01c3382
evicepolicy/DevicePolicyManagerService.java
|
| 4a21b25fad62e4f19d13ba814263841c931f56ef |
04-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Allow profile and device owners to change and get the master volume mute state.
Also protect muting master volume with op code OP_AUDIO_MASTER_VOLUME.
Bug: 13585918
Change-Id: I91fe7ee60cd291cca15966b3127c0bb8a4828f6a
evicepolicy/DevicePolicyManagerService.java
|
| b0dced8173a9a930bc0ea2a7a669a907aaffd735 |
06-Jun-2014 |
Jason Monk <jmonk@google.com> |
Add an API to clear the device owner.
Only the device owner will be able to clear itself.
Change-Id: Ie3231467d92e8c5d22ec51256177793f34110432
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| f10606a9a4193cb5ba56dd26db9983845855e8c3 |
06-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Add device-owner based setting of global proxy."
|
| 03bc9918345a977e9c45796bf3bb5bf9a3b87d25 |
13-May-2014 |
Jason Monk <jmonk@google.com> |
Add device-owner based setting of global proxy.
Re-hide the setGlobalProxy on the ConnectivityManager as it requires
CONNECTIVITY_INTERNAL. Instead add a function to the DevicePolicyManager
to set the global proxy, that can only be called by the device owner.
Change-Id: I9ffb2cc4f30a6dc9b868d86f056e1fbd512d8dfc
evicepolicy/DevicePolicyManagerService.java
|
| 56e0d8003bdeeddb8b5d355cea219d3d54e87bff |
06-Jun-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Merge "Clean up deleted users in DevicePolicyManagerService"
|
| 73a41d2c4e4184504959628ae5536a7e862e0f67 |
05-Jun-2014 |
Kenny Guy <kennyguy@google.com> |
Fix bug with sending intents to correct user for device admin.
Password change intents etc. were always being sent to
owner rather than user the device admin was installed for.
Also add TODO to not assume profile parent is OWNER.
Bug: 15442331
Change-Id: I7e58069bc4a6ab94f038ae1b80c044d666986318
evicepolicy/DevicePolicyManagerService.java
|
| 22745f4c9ad0e5abc58fe9ff93e9952a601cc6c9 |
04-Jun-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Clean up deleted users in DevicePolicyManagerService
Bug: 15405715
Change-Id: Icd958fe9378deb92f25622b341e0502d865b742f
evicepolicy/DevicePolicyManagerService.java
|
| 1b8737ee18f5d80adda41eafca6143a046a47a13 |
04-Jun-2014 |
Sander Alewijnse <salewijnse@google.com> |
Merge "Remove enableSystemApp() and enableSystemAppWithInten()."
|
| f20d640fa2b155a971ddfe0965fc803a73b5e53c |
25-May-2014 |
Amith Yamasani <yamasani@google.com> |
Restrictions Manager
Mechanism to register a provider for requesting an
administrator to respond to permission requests.
Request format and response format constants.
Description of manifest template for static restrictions.
Int type introduced in RestrictionEntry.
Needs more javadoc and better description of manifest templates,
including specifying the XML attributes.
Change-Id: I5a654d364e98379fc60f73db2e06bf9a8310263d
evicepolicy/DevicePolicyManagerService.java
|
| 866896df168d1382732c97e49617ab2f2995d376 |
27-May-2014 |
Sander Alewijnse <salewijnse@google.com> |
Remove enableSystemApp() and enableSystemAppWithInten().
Use setApplicationBlocked() and setApplicationsBlocked() instead.
Change-Id: I3d323d704db0a45e936f63675821707b4fddc48b
evicepolicy/DevicePolicyManagerService.java
|
| 8194899071e0a84c95ef10614bd1b9485b48f589 |
16-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Rename code related to cross-profile intents.
For example, replace ForwardingIntentFilter by CrossProfileIntentFilter
Bug: 15023443
Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
evicepolicy/DevicePolicyManagerService.java
|
| 1e958398232cb11935f5341d71df52c5455c620f |
16-May-2014 |
Julia Reynolds <juliacr@google.com> |
Create deviceowner gated APIs for creating and removing users in devicepolicymanager.
This will allow DMAgent to manage users for EDU's cart model user case.
Bug: 15015887
Change-Id: I1eadf1701cb75fc4b50eb1a0df1525eff818286e
evicepolicy/DevicePolicyManagerService.java
|
| a9e460aefcf3891af5acc7d8ae74da9eed49bfbd |
21-May-2014 |
Robin Lee <rgl@google.com> |
Remove enforceManagedProfile for listing keyguard features
Change-Id: Ic89f09ada046f64b089b977868b6f37bc0a6de91
evicepolicy/DevicePolicyManagerService.java
|
| d862ebb6036a769cb3be371b396e9e33f89ee365 |
21-May-2014 |
Narayan Kamath <narayan@google.com> |
resolved conflicts for merge of fcc4fed3 to master
Change-Id: Icebca982b01debd67a1470c02651ef8936f6e5b0
|
| c8e4b8107a21c5a782f959aa77fbf066d6e131be |
21-May-2014 |
Robin Lee <rgl@google.com> |
Merge "DPM: Disallow some DeviceAdmin policies for ProfileOwners"
|
| a9ee6729538941a2b866d83ecbd891645f0ccc16 |
20-May-2014 |
Robin Lee <rgl@google.com> |
DPM: Disallow some DeviceAdmin policies for ProfileOwners
A profile owner should only have control over the profile. All of the
following device admin APIs that affect the device beyond the profile
that they are called from are now disallowed:
- Camera enable/disable
- Keyguard
- Wipe external storage
@bug 14434826
Change-Id: I69acfdf6f654f48b5db91aeb3ea86662d7857075
evicepolicy/DevicePolicyManagerService.java
|
| 6d8fd27e51d799cf7418b14092b5e806d9792812 |
21-May-2014 |
Jeff Brown <jeffbrown@google.com> |
Make power button behavior configurable.
Allow power button to be used to either go to sleep as usual,
which may doze, or skip that completely and really go to sleep.
May also really go to sleep and go home all at once.
Bug: 14406056
Change-Id: Ia19e2551b9c2a72271bb2eddd5c0d1749761e019
evicepolicy/DevicePolicyManagerService.java
|
| 37f4e44ae614987c5ed953a1829c7181bb775e1f |
21-May-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Add Device/Profile Owner gated apis for setting/getting blocked packages."
|
| 966881e8951f9bb297689745dcaecfdc13432656 |
14-May-2014 |
Julia Reynolds <juliacr@google.com> |
Add Device/Profile Owner gated apis for setting/getting blocked packages.
DMAgent currently needs to live in /system/priv-app in order to
(among other things) set and get blocked packages. These APIs will
get us closer to being able to move DMAgent out of priv-app.
Bug: 14945334
Change-Id: I108e2013c67409dca554acf78e3a710745900706
evicepolicy/DevicePolicyManagerService.java
|
| da551653219092306fc7e1ce5743ab40683cee6f |
14-May-2014 |
Julia Reynolds <juliacr@google.com> |
Allow device/profile owners to update settings.
Device owners can update Settings.Secure and Settings.Global settings.
Profile owners can update Settings.Secure settings.
DMAgent currently needs to live in /system/priv-app in order to
(among other things) update global and secure settings. This change will
get us closer to being able to move DMAgent out of priv-app.
Bug: 14965414
Change-Id: If2cc3a56de91bffde33b838ab8ecea2c32412803
evicepolicy/DevicePolicyManagerService.java
|
| 3a483594436cc477529b3f7c31b3242ee4707705 |
17-May-2014 |
Amith Yamasani <yamasani@google.com> |
Use correct package name for profile owner
Fixes reboot loop when you have a managed profile on your device.
Change-Id: I935ded447f226ee0507d3dcf22a730a7fb61a0c0
evicepolicy/DevicePolicyManagerService.java
|
| 9fcff5aadd48206235d205c30cbdae47fc586e3b |
16-May-2014 |
Jason Monk <jmonk@google.com> |
Fix NPE in DevicePolicyManagerService
Bug: 15015897
Change-Id: Id9f6ae8b5abf96d35f799b150210813fb52da54c
evicepolicy/DevicePolicyManagerService.java
|
| 62062996dd256df8b575b2ba1f0bf97109c4e0ba |
06-May-2014 |
Jason Monk <jmonk@google.com> |
Notify AppOpsService of UserRestrictions and Owners
This makes the DevicePolicyManagerService and UserManagerService
push the DeviceOwner/ProfileOwners and user restrictions on boot
as well as on any change.
This also adds a list of restrictions that allow any op to connected with
a user restriction such that it will return MODE_IGNORED when the user
restriction is present (except for the device/profile owner).
Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 91da58ded2e7c0dd3d045244cc78eb0d788736a7 |
10-Apr-2014 |
Jessica Hummel <jhummel@google.com> |
Allow setting password restrictions from a managed profile.
A managed profile will now share password settings with its parent.
- the current password is always stored in the parent
- admins of profiles are notified if that password changes
- checks for password quality now take the requirements of admins on
the parent and its profiles into account
Todo:
- Currently KeyguardSecurityContainer wipes the whole device when
the maximum fails has been reached on any profile.
We need to limit the wipe to the profile for which the fails exceeded
the maximum number.
- Intents with ACTION_SET_NEW_PASSWORD need to be forwarded to the parent
of the profile when sent from a managed profile
Change-Id: I8532c59f753f8d9c61200f553f275214ad90276e
evicepolicy/DevicePolicyManagerService.java
|
| 511e0d8323d2d2ed341ba40b15bc646e134ac03b |
24-Mar-2014 |
justinzhang <justinzhang@google.com> |
DevicePolicyManager Authentication for Lock Task
Here we let DevicePolicyManager keep a list of tasks that are
allowed to start the lock task mode. This list can only be set by
a device owner app. The ActivityManager will call
DevicePolicyManager to check whether a given task can start the
lock task mode or not.
Change-Id: I650fdae43fc35bf9fd63452283f4e2bbadd11551
Bug: 14611303
evicepolicy/DevicePolicyManagerService.java
|
| 5c02db60be02cc0c4798ea6d9c2b0e6cf972c158 |
07-May-2014 |
Sander Alewijnse <salewijnse@google.com> |
Add API to disable account management for certain types
of accounts.
The account types with disabled account management are stored in a
blacklist in the active admin object, editable by profile owners.
Change-Id: I57dc5f709ad79674fa28dd006969283585daea24
evicepolicy/DevicePolicyManagerService.java
|
| 54a9ebb50946cd647843dbcc3d9714644926f0fc |
07-May-2014 |
Jason Monk <jmonk@google.com> |
Fix build
Change-Id: I87c037faee19b434be741104cdddb9c467f20606
evicepolicy/DevicePolicyManagerService.java
|
| 010cfd458121034075c7439020ffef4eedbcc0fc |
16-Apr-2014 |
Adam Connors <adamconnors@google.com> |
Add enableSystemApp methods to DevicePolicyManager
These methods allow profile or device owners to enable
systems apps pre-installed in the primary user in the
managed profile. Apps can be specified by either package
name or intent.
Bug: 13587051
Change-Id: Ifcbc68c139308506b6c18cf3c0ea62b8026ff75f
evicepolicy/DevicePolicyManagerService.java
|
| c79586ede6dcd6a167bc8360f058cb5cc655b33d |
06-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Cleaning code related to the forwarding intent filters.
Checking for INTERACT_ACROSS_USERS_FULL
Adding equivalent methods in the PackageManager
Change-Id: Iaa1328fa666613a78e67ca669ea045144275e895
evicepolicy/DevicePolicyManagerService.java
|
| 6fee7d4cf991a8d39bdefb782937250c87f60f25 |
01-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Introducing removable and non-removable ForwardingIntentFilters.
clearForwardingIntentFilters removes only non-removable IntentFilters.
The ForwardingIntentFilters set by the profile owner are always removable.
Change-Id: If950ccd7e69261b86360ea647fdb501c92f5440b
evicepolicy/DevicePolicyManagerService.java
|
| d83a096f299abd9c7fe5e441ef1bb169c314b575 |
03-May-2014 |
Dianne Hackborn <hackbod@google.com> |
Bump up priority of system receiving BOOT_COMPLETED.
Change-Id: I5166f88f11f781914312e867cb653c8ecbefa705
evicepolicy/DevicePolicyManagerService.java
|
| 3c4d9c56db5b24699956de0a5a841196185363cc |
01-May-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Merge "Adds an enabled state in UserInfo instead of DevicePolicyManager"
|
| df35d570ed25257c6782e632ab1bae5e1603855a |
09-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Adds an enabled state in UserInfo instead of DevicePolicyManager
Bug: 14377459
Change-Id: Ib4ec43d87da96c3dddaf9b7ae1796f261863a182
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 10fa67c77e11699391e27975fc2d276a0b8c7cbb |
24-Mar-2014 |
Nicolas Prevot <nprevot@google.com> |
Introduce forwarding intents across profiles.
The package manager service maintains, for some user ids, a list of forwarding intent filters.
A forwarding intent filter is an intent filter with a destination (a user id).
If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent.
When the package manager service is asked for components that resolve an intent:
If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent:
The package manager service also returns the IntentForwarderActivity.
This activity will forward the intent to the destination.
Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
evicepolicy/DevicePolicyManagerService.java
|
| f2a5bf88cd3cf8690e940e1e49b63e4bb1711781 |
29-Apr-2014 |
Nicolas Prevot <nprevot@google.com> |
Small fix in DeviceOwner.java.
Change-Id: Ibfa4ae7b1bc269bc51532026f8a6cc3c75cc42bf
evicepolicy/DeviceOwner.java
|
| be46532c9fbebf3ab6498c1b78013a33f620cd31 |
24-Apr-2014 |
Amith Yamasani <yamasani@google.com> |
Allow profile owners to set user restrictions
Pass the setting along to UserManager.
Fixes a security exception when fetching the profile's enabled state.
Change-Id: If71698cf32c52cce1158cf2027443a339bc58488
evicepolicy/DevicePolicyManagerService.java
|
| a4fcb4403304192e2a4889c43c4d089d76cd1252 |
24-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Fix two potential NPEs in DeviceInfo
Change-Id: Ic4b5b203af25cda9ae65b477c92c1fb5f31ab093
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 385124d8cee38dee00d4fac31e8fbe46fb30565b |
03-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Modify getUserProfiles to return only enabled profiles:
Add a new enabled state for a managed profile.
Expose that as a new API on DevicePolicyManager.
Set the new state when enabling the profile.
Return only enabled profiles from the user manager.
Bug: 13755441
Bug: 13755091
Change-Id: I2907b182e19b3562592da688b3f68ef5f4088557
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| 66e5d96cf9e689148b202787bdc269519c4b6f8f |
09-Apr-2014 |
Robin Lee <rgl@google.com> |
Allow ProfileOwner apps to manage app restrictions
Simple wrapper around the UserManager.{get|set}ApplicationRestrictions
APIs. Also added a new Intent to signal to running apps that the set
of restrictions has changed since startup.
Change-Id: Ifd108108a73f87325b499d9de2e1b2aacc59b264
evicepolicy/DevicePolicyManagerService.java
|
| 9944c2f85c9ec3fd634d8337afa54a065df51825 |
15-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Sends ACTION_MANAGED_PROFILE_ADDED intent at foreground priority to speedup the new profile ui.
Bug: 14073989
Change-Id: I06b57a4cb1b9975f28a5e1e676c76c9e6c5befe7
evicepolicy/DevicePolicyManagerService.java
|
| 512675b07d1643f018e84d66e4ee8b641d3e191c |
02-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Add new call to DevicePolicyManager to enable a profile.
Bug: 13755091
Change-Id: Idb6975431f842ededf78966c578b0533e6f186af
evicepolicy/DevicePolicyManagerService.java
|
| 5c921daa72c6915d036a03b3bda91725a3e30539 |
24-Mar-2014 |
Robin Lee <rgl@google.com> |
Fix privilege escalation for preferred activities
Passing in the name of an actual admin should be enough to pass the
security check as it was. This is now fixed as the caller is not
given the opportunity to spoof its own name any more.
Change-Id: Id8be4ca4c8bf3751a1ee8125cf119fa100c81d22
evicepolicy/DevicePolicyManagerService.java
|
| 627de95925b58e7602374a66ceba76200592ec11 |
24-Feb-2014 |
Sander Alewijnse <salewijnse@google.com> |
Merge "Enables a profile owner or device owner to set and clear default intent handler activities."
|
| f475ca33d9232785710aaa438f17915029dfa83b |
17-Feb-2014 |
Sander Alewijnse <salewijnse@google.com> |
Enables a profile owner or device owner to set and clear default intent handler activities.
Those intent handlers are persistent preferences. They will remain the default intent
handler even if the set of potential event handlers for the intent filter changes
and if the intent preferences are reset.
Change-Id: Id0cfae46f93c10d89e441f272096a205ec518dd0
evicepolicy/DevicePolicyManagerService.java
|
| 08fc72d0317fd39a6fa0b2d47c6a5b1529309629 |
20-Feb-2014 |
Robin Lee <rgl@google.com> |
Check DeviceOwner exists before using packageName
Creating a profile owner when there is no device owner present also
creates a new DeviceOwner object without packageName set -- this
situation can lead to a null pointer access when calling isDeviceOwner.
Change-Id: I31eab498d78cadc67a1aedd205b458dee2d27705
evicepolicy/DevicePolicyManagerService.java
|
| 661ec4710b30516a2c7a1101ba65ecac109af619 |
11-Feb-2014 |
Adam Connors <adamconnors@google.com> |
Change API for setProfileOwner to require userId
Previously the userId of the current process used but it
makes the provisioning process cleaner to be able to pass
it in explicitly.
Change-Id: I670c4cf3638f1340f6d0bf856c3e01045df8c29e
evicepolicy/DevicePolicyManagerService.java
|
| cab8617b8ccea3a99b1ee15e15915c512a10c738 |
11-Feb-2014 |
Jeff Brown <jeffbrown@google.com> |
am 25df673b: am 1b51c9cb: Merge "Make SystemService constructor take a Context." into klp-modular-dev
* commit '25df673b849de374cf1de40250dfd8a48b7ac28b':
Make SystemService constructor take a Context.
|
| b880d880c6cd989eacc28c365fc9a41d31900da1 |
11-Feb-2014 |
Jeff Brown <jeffbrown@google.com> |
Make SystemService constructor take a Context.
This change simplifies the process of initializing a SystemService
by folding the onCreate() step back into the constructor. It removes
some ambuiguity about what work should happen in the constructor and
should make it possible for services to retain most of their final
fields after refactoring into the new pattern.
Change-Id: I25f41af0321bc01898658ab44b369f9c5d16800b
evicepolicy/DevicePolicyManagerService.java
evicepolicy/DevicePolicyManagerSystemService.java
|
| 9348ac8249d2ef8d935e98053e5d135a2ff1ebcc |
10-Feb-2014 |
Amith Yamasani <yamasani@google.com> |
Fix NPE on removing a user
Bug: 12957232
Check for null mDeviceOwner.
Change-Id: I107dc24d1a8de121ebd2c1bb56e1af40bb1c55ac
evicepolicy/DevicePolicyManagerService.java
|
| 776c555d954d9494069f786785877c08add27327 |
09-Jan-2014 |
Adam Connors <adamconnors@google.com> |
Extend DeviceOwner concept to accommodate ProfileOwners
ProfileOwners, like DeviceOwners, are Device Admins that have
additional priviledges. ProfileOwners however are scoped per
user.
Change-Id: I1e22c85878e0672121e6ebbe97fca38591f992b2
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
| e58a49e411327e26b6ad9939833f53c7fa5aef20 |
21-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
Merge commit '817ec49e' into manualmerge
Conflicts:
services/print/java/com/android/server/print/PrintManagerService.java
Change-Id: I1b9bf364ca50ee3c48f53d87ae0ce23e7f3c2bc2
|
| 817ec49e7991d4cac50b2308cd7cf5f8641e1e29 |
20-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
Wrap some services into a SystemService
These services can now be excluded by modifying the list of REQUIRED_SERVICES (TB renamed)
Changed appwidget, devicepolicy, backup and print services.
Change-Id: Id8e2855d5c045cd57bdb02dca9ed75172803bce7
evicepolicy/DevicePolicyManagerSystemService.java
|
| 49782e46c0eb85a25ae2abcf80880c48dbab5aea |
20-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
am 9158825f: Move some system services to separate directories
* commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce':
Move some system services to separate directories
|
| 9158825f9c41869689d6b1786d7c7aa8bdd524ce |
22-Nov-2013 |
Amith Yamasani <yamasani@google.com> |
Move some system services to separate directories
Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.
Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
evicepolicy/DevicePolicyManagerService.java
|