c2176389a68fdd48fd41d0e3ca7efef2c9fcf557 |
15-Aug-2017 |
Tony Mak <tonymak@google.com> |
DPC should not be allowed to grant development permission Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant_developmentPermission Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant_developmentPermission Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant Test: Run "Permissions lockdown" test in CtsVerifier Merged-In: If83d8edd0eea99145421e967ae47fdc264a5cf7c Merged-In: I129bfe850981cf0b3646b7c1cf19c8a3ec69f512 Bug: 62623498 Change-Id: Ief96a23fa49f1ea923574840f8ff590a5ea2456e (cherry picked from commit bd0dcada2a545760033cb638b397d2dc51cca5f2)
evicepolicy/DevicePolicyManagerService.java
|
542bba3f35775c48aca35e959a2eb213b2697c43 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. Saving device policy managers settings to clear out password stats was happening before initializing mAdminList so could wipe active admins. Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 34277435 Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e (cherry picked from commit adbda7474cc1968b66e9948aee566dc346e71340)
evicepolicy/DevicePolicyManagerService.java
|
f806d65e615b942c268a5f68d44bde9d55634972 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev fix conflict in nyc-mr2-release Change-Id: I97ef31536cd06495a08a3f94f81df2d1376186e0
evicepolicy/DevicePolicyManagerService.java
|
0f2c853889f382d5ea321028b5bd40dd74db25a3 |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev am: 42f2e80293 am: 824c8284ce am: 72074e3ab9 am: f85a20702a Change-Id: If9e569ba66dc9e5876fab5ffd2a6c9b0a9fb923b
|
f85a20702aaefcf06769f007a4a6a786a71df5da |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev am: 42f2e80293 am: 824c8284ce am: 72074e3ab9 Change-Id: I1cd4db65e0fe8c92628f22f94fe937cf64f2da04
|
72074e3ab91f60105b9b3e15f7b05d3979854fe9 |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev am: 42f2e80293 am: 824c8284ce Change-Id: If4dfa2d7af980c91ec3d3f8faa7e7f4a39350c82
|
824c8284ce3734ae7b37bcad5b4251861d94f27b |
10-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri" into nyc-dev am: 42f2e80293 Change-Id: Ic167e10a205b5c8f9df81cd20a6f08359d3807f4
|
d78a0d21cb7b845be55a7d7e917be249d606a69e |
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Allow any device with a device_owner to execute setDeviceOwnerSystemPropertyLocked(). am: 735b4dc0af Change-Id: I5c8ca6d0a63af83cde91c17d10a634469c726442
|
735b4dc0af2571926d4ca573377881959237a6a4 |
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Allow any device with a device_owner to execute setDeviceOwnerSystemPropertyLocked(). BUG: 34824902 Change-Id: I95fbe0a352c48a3fff5af57b91325901a16d3d89
evicepolicy/DevicePolicyManagerService.java
|
66af3515dee796d8303c313ca999ee957675c310 |
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked() am: c7b18342ea Change-Id: I692fee4165de9a274d8eb8f0deaf49762974bb22
|
c7b18342eafa53a741e3e8d8cfc85f35f9416b12 |
08-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked() BUG: 34824902 Change-Id: I49d4d7043829862e1abacb3f400a6690f454d6c0
evicepolicy/DevicePolicyManagerService.java
|
ca53b27c3407e71b74a7771f2d03ad111e2dcca2 |
06-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Fix uri permission grant on remote bug report uri System server is no longer allowed to grant uri permission directly. As a result we use grantUriPermissionFromIntent() to grant permission from the shell UID, who is the owner of the bug report content. Also fix a security bug where the broadcast to notify user consent of remote bug report mismatches the <protected-broadcast> definition, causing it to be sendable by anyone. Bug: 34159108 Test: manual - Install TestDPC and request bugreport, try accept and decline once the report is ready (Bullhead). Merged-In: I66e3f2a16d4547549f09d3c96d52aed2330caedf Change-Id: I66e3f2a16d4547549f09d3c96d52aed2330caedf
evicepolicy/DevicePolicyManagerService.java
|
f1e276384dddcef7c28080c88696707b4a52442f |
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc am: 01f971dcdc am: 963cba5b5b Change-Id: I3a1421f656d1a90970eac6156e0840625662fb17
|
963cba5b5b1feea9d66239df6e86fa21c32fd6fd |
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc am: 01f971dcdc Change-Id: If5f5e5d47b97e2b8480adc5ca2cb08702056ca87
|
01f971dcdc836b487e31ff064143a4593afa149b |
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc Change-Id: Id3441141d4feea4c7291350c9670bd59ec017240
|
2317451acc84174cbe30d1899428d1b2953a4363 |
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held Note DPM.wipeData() on a secondary user is now blocking, just like it's been always blocking on the primary user. Test: Manually tested wipeData() with ApiDemos, both on 1) the primary user, 2) a secondary user and 3) work profile. Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug 30681079 Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838 Merged-in: Ia832bed0f22396998d6307ab46e262dae9463838 (cherry picked from commit efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee)
evicepolicy/DevicePolicyManagerService.java
|
efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee |
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
Do not call RecoverySystem with DPMS lock held Note DPM.wipeData() on a secondary user is now blocking, just like it's been always blocking on the primary user. Test: Manually tested wipeData() with ApiDemos, both on 1) the primary user, 2) a secondary user and 3) work profile. Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug 30681079 Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838 Merged-in: Ib97a92a6af87a5589d2643b9ae0522395735e1a5
evicepolicy/DevicePolicyManagerService.java
|
1710e5f0794466cdd293e8fd883dc4b8ea0491b7 |
25-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Change batch finalization timeout mechanism from Handler#sendMessageDelayed() to a wakeful alarm Messages sent with Handler#sendMessageDelayed() didn't get delivered until the device woke up after being idle, which resulted in potentially very long windows of logs accumulation and highly possible network log loss from before the device becaming idle. Bug: 34157435 Test: manual with decreased timeout over a few timeout iterations Change-Id: I22d9cc743acb1a478d2da5407c5718e7f95e89cb
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLoggingHandler.java
|
189463286449b618633ea928de39113499a08c03 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a am: b275a205af am: ee9f03d1ed Change-Id: Ic724588cbab8d4282eeb5bc806f8c67791189a05
|
ee9f03d1ed263d975fea213453204729ec80730f |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a am: b275a205af Change-Id: I01487d9c39f4e82b63961cdd43df238f2bfd2b89
|
b275a205af6014c67a34507240ce0fc1026815b5 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a Change-Id: I7f816c164548df86f9607c86772902efd0d53620
|
f98ed6863a7f64c535a66006852a934b05d550bc |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. Saving device policy managers settings to clear out password stats was happening before initializing mAdminList so could wipe active admins. Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 34277435 Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e (cherry picked from commit adbda7474cc1968b66e9948aee566dc346e71340)
evicepolicy/DevicePolicyManagerService.java
|
adbda7474cc1968b66e9948aee566dc346e71340 |
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. Saving device policy managers settings to clear out password stats was happening before initializing mAdminList so could wipe active admins. Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 34277435 Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e
evicepolicy/DevicePolicyManagerService.java
|
3c9b36482f0120756ddcc3b6fe5f57d3136c7902 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev am: eb35ad9969 am: 3aac3ebee1 Change-Id: Id7be6d9656b292ec1bf526750db8081022267c4a
|
3aac3ebee1079ba56afde5d149b0653c891cb5a8 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev am: eb35ad9969 Change-Id: I4fd9ce4c79db5a10f28008c89205fc9c8ef2888f
|
eb35ad9969a173ac4d6279a5e322e8176c2ae6d1 |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev Change-Id: I97ef31536cd06495a08a3f94f81df2d1376186e0
|
ad4aa1ce7d3dd2dd8d5690eb2f7653ca3c27000e |
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of e4cefbf4fce4 to nyc-dr1-dev Change-Id: Ib536a33ba381c28397320edd516d52727e5bdacc
|
4da4a5d0c8f9b0179636257e19c99a55a9ece353 |
12-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] Improvements to the network logs batch finalization mechanism The full batch will still be available to DPC if there were no network logs pending. Added some more debug logging to better investigate the issues. Test: manual for both cases - pending batch was empty and non-empty, with locally decreased timeout Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser Bug: 34245471 Bug: 29748723 Change-Id: Iee229d74d4b0a06025b305a15687f336a0aa337e
evicepolicy/NetworkLogger.java
evicepolicy/NetworkLoggingHandler.java
|
e4cefbf4fce458489b5f1bebc79dfaf566bcc5d5 |
02-Dec-2016 |
Andrew Scull <ascull@google.com> |
Don't save password metrics to disk. On FBE devices, don't save the metrics to disk but compute them when the password is first entered and only store them in RAM. Merged-in: 5daf273b7e3272269c53eda20ce494d0e7a365b5 Bug: 32793550 Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
evicepolicy/DevicePolicyManagerService.java
|
df7bfcfc22fd131623e081f98f2c8c0fd33655c8 |
10-Jan-2017 |
phweiss <phweiss@google.com> |
Add ticker text for network logging notification Set ticker text to title for accessibility. Bug:31207965 Test: manual Change-Id: I0b78f9e6464dd470b74e0db97813623b335835d9 (cherry picked from commit d4a54bbfd1902dccb0e4de03f15bfbbba50b9531)
evicepolicy/DevicePolicyManagerService.java
|
971236480c2a95db94b073877c8595c274d28893 |
09-Jan-2017 |
phweiss <phweiss@google.com> |
Dismiss network logging notification when disabling logging Bug:34116213 Bug:29748723 Test: CTSVerifier in a separate CL. Change-Id: Ie652505ff57665f626712c67837577833f1595d6 (cherry picked from commit 82ed31c1efeb98acba60d79d1fc0a291b1440dc2)
evicepolicy/DevicePolicyManagerService.java
|
fd24353d75adbb0237fa13d209abe6b790535b8b |
15-Dec-2016 |
Makoto Onuki <omakoto@google.com> |
Get account features before taking lock (cherry-pick from master) Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest * without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 * Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug: 33481725 Change-Id: Ie2fe9aea87d1a7167581f4cd74ae063ef24a4567 Merged-in: I1e4dd9701a76ca366f86fdaf2fc6c282e9dbe5c1
evicepolicy/DevicePolicyManagerService.java
|
923d2cc9d9915b18a8d29e9087add48dbe820eeb |
14-Dec-2016 |
phweiss <phweiss@google.com> |
DO NOT MERGE Show notification when network logging is enabled A notification is shown after network logging is enabled and after the next three reboots that are at least one day apart. Clicking it sends an intent to quick settings to shown its device monitoring dialog. Cherry-picked from master. Bug: 29748723 Bug: 33126577 (cherry-picked from commit a0cb251ca6a8ea8df17ff8089573bc50f2f1849f) Test: Manual, CTS-Verifier tests will be added later Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
evicepolicy/DevicePolicyManagerService.java
|
f84f98c4e2fc1b49e441ac0a63cd1abac2c03a51 |
19-Dec-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "DO NOT MERGE Add network logging icon to Quicksettings when enabled" into nyc-mr2-dev
|
c94b63730584dd4dd2e1c19266d6bbe1bbf56174 |
24-Nov-2016 |
phweiss <phweiss@google.com> |
DO NOT MERGE Add network logging icon to Quicksettings when enabled Add the network logging icon in Quick Settings' footer if network logging is enabled, possible next to the VPN icon. Quicksettings has to be able to tell that network logging is enabled, so this CL changes DPM.isNetworkLoggingEnabled() to be callable from the device owner or from any app with the MANAGE_USERS permission. The icon is only a placeholder until the official icon is finished. CTS Verifier tests will be added when all Network logging UX changes are done. Cherry-picked from master, and then modified to work in N: I had to remove the QSFooterTest change because the testing infrastructure is not there in N. Also, I had to add DPMS.enforceDeviceOwnerOrManageUsers() to which did not exist in N before. BUG: 33126618 BUG: 29748723 Test: Manual, CTS-Verifier tests will be added in a follow-up (cherry picked from commit a4e169ed68ee57aa249e5e79fcd6bff5df46199e) Change-Id: Ib35d323605ab11f883a4b6199d1db79b9e53c49b
evicepolicy/DevicePolicyManagerService.java
|
a775ad997bac7a46140a56a4ab7ad0c464b32495 |
16-Dec-2016 |
Michal Karpinski <mkarpinski@google.com> |
Initialize AtomicBoolean for NetworkLogger#mIsLoggingEnabled Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser Bug: 29748723 (cherry picked from commit e4dfd2d0028ff1c7088ec58a4d3eaf8f222311e6) Change-Id: Ib175f1d57093590b0080f32dc5f6c60ea50066e0
evicepolicy/NetworkLogger.java
|
92cd0ce92d92f1ebf94aa19b3ce19c76e4f53366 |
15-Dec-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Make NetworkLogger.mIsLoggingEnabled an AtomicBoolean Fixes a potential race condition - when enabling/disabling the logging some events might have been lost. Bug: 29748723 Change-Id: I8a436d525393b2314805e287eddcea26d4ec073b
evicepolicy/NetworkLogger.java
|
c4e7c320631446e25909635f2d49022a5bf9948d |
25-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Logging when the new batch of network logs broadcast is sent to DO Test: this only adds a log message Bug: 29748723 (cherry picked from commit bcf1c58ec25f275fa25f8aab1c265da868e64e29) Change-Id: Iad57528c60f35d4820a2f0196cccc92f7c4d3830
evicepolicy/NetworkLoggingHandler.java
|
504fa62f9ec2eab7e6ec88002735940575c89f08 |
16-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Disable DO single user features when clearDeviceOwner() is called regardless of the amount of users Bug: 32901196 Bug: 29748723 Change-Id: Ie419b5e496e23656cbe5436942d9aba402bfe68e
evicepolicy/DevicePolicyManagerService.java
|
5c64223da4265aef87a63f7a04dab313eb345e14 |
15-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Fix disabling DO single user features when clearDeviceOwner() is called We should disable those features before the DO is actually cleared. Bug: 32901196 Bug: 29748723 (cherry picked from commit c44e67961170ddfb668372dc6e9ce6b391e3740f) Change-Id: I74679abc26753585f302f3d52bca81fe21e2e668
evicepolicy/DevicePolicyManagerService.java
|
896b9db8ed14bdfa88d5dce96405361e78dee80e |
14-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] Minor code fixes in NetworkLoggingHandler Added a comment and renamed field to follow mConvention. Test: will be CTS tested once APIs unhidden Bug: 29748723 (cherry picked from commit aabe96db87838501d3abeb96c25a4b1c50b9c12c) Change-Id: I7ef118723d13ce1d313c3c56299c2dca2411eee6
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLoggingHandler.java
|
bbf352a2c136bfeb1fa7ad751df75d3069e9fdb0 |
03-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] DO uses batch token to retrieve network logs, and can retrieve the same batch many times This allows DO to: a) know that some logs were dropped (by trying with token and not getting anything) b) know how many logs were there in each batch (useful especially for the dropped ones) c) retry batch retrieval if it failed Test: will be CTS tested once APIs unhidden Bug: 29748723 (cherry picked from commit a9ff206af26871695bfce54969428b8ad03e31e6) Change-Id: Iac10e61cdf3b100719a9c029ff897bd5ef5c8e2f
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLogger.java
evicepolicy/NetworkLoggingHandler.java
|
4c47adef60ca0326bdbe124dfdd335382e5c0787 |
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] Management and retrieval of network logs This CL follows up on ag/1530343 and adds: 1) Various network events. 2) Retrieval method in DPM and APIs in DeviceAdminReceiver. 3) Extension of NetworkLogger and it's NetworkLoggingHandler. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java Bug: 29748723 Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLogger.java
evicepolicy/NetworkLoggingHandler.java
|
c3abd34cfed63d5b71366901d19f6d9cd8319306 |
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] DO can start network logging and listen for events This CL adds: 1) Setter and getter in DPM to manipulate logging switch (retrieval method to come in a subsequent CL(s)). 2) A way for DPM to register to listen for events. 3) Skeleton of NetworkLogger class (more to come in subsequent CL(s)). Bug: 29748723 Change-Id: I5c04662ccc6febd2ba294b0eaca1ed1da9c16e47
evicepolicy/DevicePolicyManagerService.java
evicepolicy/NetworkLogger.java
|
34fb70ab88408b629350a80f6f68648a95db62bf |
01-Nov-2016 |
Greg Plesur <plesur@google.com> |
If the current device is a watch, fix DeviceOwner/ProfileOwner logic. In this case, don't require the device to have gone through the Setup Wizard before disqualifying DO/PO if there's an incompatible account on the device. BUG: 32438704,32438210 Change-Id: I6858db13c8df6e95d01d18a903f4343f70370e8b
evicepolicy/DevicePolicyManagerService.java
|
bc755da55cc00110a3c77b013c350a9b62c1f1cd |
14-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant am: 6dbf67fc48 Change-Id: Iacbe9a2de7024e29e9c2c98594ebca828b855a43
|
a6b3caf58e8ab18f4c3164afb8fba25e9954198b |
14-Oct-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Don't expose default strong auth timeout as constant" into nyc-mr1-dev
|
216ee1f0e76f6a36bebb5490c951db2a5513ae03 |
13-Oct-2016 |
Greg Plesur <plesur@google.com> |
Merge "DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should return 'false' for Wear devices after pairing/upgrade." into cw-f-dev
|
35144049846e115b7d1e03fb6c935ed497d83cb2 |
10-Oct-2016 |
Greg Plesur <plesur@google.com> |
DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should return 'false' for Wear devices after pairing/upgrade. BUG: 32019375 Change-Id: I2563efe58c98c5dd8440891e478c89e093d8d9ac
evicepolicy/DevicePolicyManagerService.java
|
98a145b5afb71b5fb95092d9df0e6453dad77f79 |
13-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Revert "Fix backup for users hit by erroneous backup disabling" am: 9f61d17e6a Change-Id: I460fbb670fbc7a724c981c4fceae0048ff4c9ded
|
b24489e20aefaaaeb8251491fc5845b555952139 |
13-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Merge "Revert "Fix backup for users hit by erroneous backup disabling"" into nyc-mr1-dev
|
6dbf67fc4889c49151415e986be98f70816f81ec |
06-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant The admin can instead use the value of 0 to reset to default. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Bug: 31430135 Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c (cherry picked from commit 943aabd11cce3ab453762d3912395363720e1f5d)
evicepolicy/DevicePolicyManagerService.java
|
9f61d17e6a41e80732fb78a8a8fb723b92498a15 |
05-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Revert "Fix backup for users hit by erroneous backup disabling" BUG=31754835 This reverts commit 1975021d88da6623a570a6ddab8b2397b1c0e59f. Change-Id: I5cf7862126755a34cf3b4d70436529401fddc87f
evicepolicy/DevicePolicyManagerService.java
|
cfaef4287d87e8c7d8faf0f6605c5a9f02f1b4fd |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix logic in disabling BackupTransport in DO mode. am: bbaadc0166 Change-Id: I89c0a7fb44bc50efedf2e8dc5eabaa4711b2687b
|
56d7022d48d67b133491dd803876c632d4aae87a |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix backup for users hit by erroneous backup disabling am: 1975021d88 Change-Id: I4421e9642c2e89bf17535ef3212617d268c1c9d2
|
cd339f211ae976d0ffeaffcceb178b45804556a9 |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Merge "Fix logic in disabling BackupTransport in DO mode." into nyc-mr1-dev
|
1975021d88da6623a570a6ddab8b2397b1c0e59f |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix backup for users hit by erroneous backup disabling BUG=31754835 Change-Id: I89dd08b7958dd8fe20d70bc50f2c89996ae46cc5
evicepolicy/DevicePolicyManagerService.java
|
bbaadc01663495736fa597305525e874a896ade4 |
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix logic in disabling BackupTransport in DO mode. We were disabling backup in consumer mode as well. BUG=31754835 TEST=android.content.pm.cts.shortcuthost.ShortcutManagerBackupTest Change-Id: I42e5cfa512fda1b471eb62c7eb8bc346383da2fa
evicepolicy/DevicePolicyManagerService.java
|
2f78ab5387341982b81259ec574cfca09ee7085a |
23-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message. am: 6ad5f92512 Change-Id: Ieab914cf8538e3086fb32cc351e45e6a5c2017c5
|
18fb24c5d3e8f9e2a66e78f13a7fa2567fbd3231 |
23-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix DPM unit tests, also fix a log message." into nyc-mr1-dev
|
369672b8bb5e65ad926314c6d6a1c0e28c3e2d1b |
23-Sep-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fingerprint Strong auth timeout am: 0b72a722ed Change-Id: I70a4c0288aa2d98c02706a055a5dda710ace2ae2
|
69659cb96df2b149bbb0577179f16712054a8bc2 |
23-Sep-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Fingerprint Strong auth timeout" into nyc-mr1-dev
|
8a4808526741b8058a361e5c8aad810b0e412802 |
22-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Add DevicePolicyManager.setBackupServiceEnabled as hidden API. am: 5a122a1ce9 Change-Id: I134891f0b24cc666c34ae54cb3c937ba2f16648e
|
6ad5f92512462f774a2ff7e59abdf5edbfd215b3 |
19-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message. Bug 31446501 Change-Id: I37debbe2f4e983fb8bad026f8dd9bd91b7448dce
evicepolicy/DevicePolicyManagerService.java
|
0b72a722edacfd790178a2a6183bb985656b2887 |
21-Jun-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fingerprint Strong auth timeout Allows PO and DO configure strong auth timeout for fingerprint. Bug: 31430135 Change-Id: Ie6451d49aa95527adc3720d9a2a0848f58940510 (cherry picked from commit 8f010dd25d18151cc47accc7d853b4f8f7fe8491)
evicepolicy/DevicePolicyManagerService.java
|
5a122a1ce90c8c09fd579147061cb7b4cd8b23e9 |
06-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Add DevicePolicyManager.setBackupServiceEnabled as hidden API. BUG=28628532 Change-Id: I48c3423734e54b6a4d70e58d50c98c3e17790e0d (based on a8202524608a4fc9178e6b18e13602c5a8abb404)
evicepolicy/DevicePolicyManagerService.java
|
c146ed5d2611c09bc90005c0c982c00d36ec4dfa |
12-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Persist package's test-only flag and always use it am: 46ea8e7f9d Change-Id: Ib6a24171828bbdf884c9d71ab8c07622a8f1fddb
|
46ea8e7f9d24d1fab4824f570400d6fb7bf355e0 |
09-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Persist package's test-only flag and always use it Bug 31382361 Change-Id: Ie48aba5827074d2a6efb6966f61af30444376384
evicepolicy/DevicePolicyManagerService.java
|
12c4d4132f6bab5eecfb7b8fc8cfdc55e0f8ab77 |
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2 am: ec5ceae174 am: 32daa7a95c Change-Id: I8580890ee0fcd6b1fb80352b4437d2a1379dfaee
|
32daa7a95cd49cbedf00c006cf80929518cc5465 |
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2 am: ec5ceae174 Change-Id: Ic4bbce08944881f0d20a08c1ebb4db5531208f23
|
ec5ceae1743b64822cb7ca35d5938109a8beb370 |
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2 Change-Id: Ia76391f710e42e9634010bd211a0370230b318e3
|
9d46e5e044541bbe470ae72074a7aa18b862c827 |
07-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Allow DO/PO to be installed with certain preconfigured accounts. am: 5e7e0670c7 Change-Id: I9191a60bf4071b8205c04131cb2d97ef1a32fb19
|
5e7e0670c7b4b0f15c812fc83991afcc7fa24bf9 |
02-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Allow DO/PO to be installed with certain preconfigured accounts. - Non-test-only DO/PO still can't be installed when there are accounts. - Test-only DO/PO can be installed even when there are accounts, as long as all the accounts have the "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED" feature. Some authenticators claim to have any features, so to detect it, we also check android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED and disallow installing if any of the accounts have it. - Also add logs on certain important events in DPMS. Bug 28928996 Change-Id: I62efce10e9cc22e994ea8cae91a4fafcce25dd77
evicepolicy/DevicePolicyManagerService.java
|
0737c2b4c2ae6415eced00926235f848d1957bae |
08-Aug-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass Bypassing work challenge in freeform mode was trivial by just keeping work apps open in freeform mode and then switching focus to them from another app. Because the only interception point is startActivity this never triggered work challenge. The solution is to trigger the check on focus change events and also to allow passing the result back into the freeform stack instead of dumping our user out into the homescreen. Change-Id: I141ecf90b5f0e708a21d27141b6fec6074e5d475 Fix: 30693465
evicepolicy/DevicePolicyManagerService.java
|
fce4b4acfc7dd4408ff60e898313406495facbf0 |
25-Aug-2016 |
Andrew Scull <ascull@google.com> |
Only check password length for relevant qualities. am: 83ab85410b Change-Id: I89354ab06c70fd7b23d32aeebf84df85f6375765
|
b038c4f617ef15d5f691adee51e5684677e3073e |
25-Aug-2016 |
Andrew Scull <ascull@google.com> |
Merge "Only check password length for relevant qualities." into nyc-mr1-dev
|
67d9c792a8122204775e2e18289fe1b7ce0c2693 |
08-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Merge "Fixing NPE in device policy tests" into cw-f-dev
|
68a2a0feed79e8e8928785461740525f6e384960 |
05-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing NPE in device policy tests Bug: 30224255 Change-Id: I5c21f8d0e5660cca1cf7861649195672348f802c
evicepolicy/DevicePolicyManagerService.java
|
9704e409dfe1c1fc582d98837f2a315886a1cd61 |
05-Aug-2016 |
Suprabh Shukla <suprabh@google.com> |
Not trying to remove admins already being removed If someone calls removeActiveAdminLocked more than once, it is possible for the device policy data to end up with more than one copy of an admin in the list mRemovingAdmins. Due to extra entries, once the admin component is removed, it is not being allowed to be set as an admin again, until the device reboots or mRemovingAdmins is cleared from the memory due to some other reason. Fixing this by making sure we do not add duplicate entries to mRemovingAdmins Bug: 30369197 Change-Id: I1d53c41312171425bbd6e6e4153148276f1b098d
evicepolicy/DevicePolicyManagerService.java
|
83ab85410b98bb6e4e01be5db54ec244aeeb3182 |
20-Jul-2016 |
Andrew Scull <ascull@google.com> |
Only check password length for relevant qualities. The minimum password length is only required for certain password qualities so only check the minimum length in those cases. Bug: 30109030 Change-Id: I330c88fc0b22179e126fc1241a9c58d5e0d73e8e
evicepolicy/DevicePolicyManagerService.java
|
c1205111a92b52283078f1a2e86c8d32c5928b92 |
22-Jul-2016 |
Tony Mak <tonymak@google.com> |
Persist master volume mute across reboot Fix: 30133263 Change-Id: I53450a504e40e55516acc88550f369a74a244eaf
evicepolicy/DevicePolicyManagerService.java
|
0b4b58f5077562c8f2d084974d001d0f714bcaad |
16-Jul-2016 |
Makoto Onuki <omakoto@google.com> |
Remove the DMAgent whitelisting Bug 30075554 Change-Id: Ib089353ff9f58eb175a7b5d9addfb371655afc6b
evicepolicy/DevicePolicyManagerService.java
|
2aa9bab8a1edd7a9dc62f4a2ae51defa026a7de6 |
11-Jul-2016 |
Benjamin Franz <bfranz@google.com> |
Add hidden API to store whether provisioning config has been applied Bug: 29629204 Change-Id: Iaf4164357868b17dbc6615a77babb0e7cbc183b7
evicepolicy/DevicePolicyManagerService.java
|
790d198860dc550f2dbaa5ac502cbcda1f8530c9 |
07-Jul-2016 |
Mahaver Chopra <mahaver@google.com> |
Add an api to verify if ro.device_owner was set Currently for OobConfig app we used DEVICE_PROVISIONED Global setting to verify if device was provisioned. This setting can be modified using adb. we just need to know if it was set atleast once. Added an api in DPM to return whether system property "ro.device_owner" was set. Bug: 29935702 Change-Id: I9a2b5217c0bc2cc11d68282e05a5450ea3f6cf21
evicepolicy/DevicePolicyManagerService.java
|
ca081ca39642e507588e284dfe98ff3ad4bc12d1 |
06-Jul-2016 |
Rubin Xu <rubinxu@google.com> |
Bump ACTION_CHOOSE_PRIVATE_KEY_ALIAS broadcast to foreground Bug: 29966726 Change-Id: Ifdbdd26df40518d9e50f9a0b0dfc5c01cb9accb2
evicepolicy/DevicePolicyManagerService.java
|
f8c04cbe959e6bb6fed2c2779ad45185f66b8855 |
28-Jun-2016 |
Suprabh Shukla <suprabh@google.com> |
Enabling auto-ota in retail demo mode Bug: 29542384 Change-Id: If7c94cf8a8e5851011f23dc5d64fc795f9a07b22
evicepolicy/DevicePolicyManagerService.java
|
d04aaa323c3a788d26f18fc66e0a59b47e525b38 |
13-Jun-2016 |
Amith Yamasani <yamasani@google.com> |
More thorough cleansing of expired users If any /data/system_[c|d]e folders were not erased when the user was removed (maybe due to a reboot), make sure they're cleaned up on restart as well as when the userId is recycled later. Mark the users' system folders with the correct serial number for later verification. AccountManager shouldn't be querying accounts of partially created/destroyed users. Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb Fixes: 29285673
evicepolicy/Owners.java
|
26704957fe48d75a5b4f3a51cff520a9e4d8b82c |
13-Jun-2016 |
Makoto Onuki <omakoto@google.com> |
Don't take the DPMS lock in DPMI.createPackageSuspendedDialogIntent This method is called by AM with the lock held, so can't take the DPMS lock. It still takes a different lock, but we don't call into the external world while holding this lock, so this is fine. Bug 29242568 Change-Id: Idbecdd7d97385ca66c693903443471fdbae833e6
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
c29f62c7388f550da2c7368c5dbc0aec7d1564fe |
07-Jun-2016 |
Makoto Onuki <omakoto@google.com> |
Push DO/PO package names from DPMS to PM Bug 29126573 Change-Id: I95ea1559f6acf5d2f0e1b0953568cdfc938e83b9
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
90c9dbc91910a77b8660ec66de0725aee472e0ab |
31-May-2016 |
Ricky Wai <rickywai@google.com> |
Do not get device owner admin info when device owner is null Bug: 29043723 Change-Id: I355c549f891a5e71f654f42ed16a7139da86482a
evicepolicy/DevicePolicyManagerService.java
|
977ade26dd8bc6a442be2db2470459058246844f |
24-May-2016 |
Ricky Wai <rickywai@google.com> |
Do not allow DPM.resetPassword() when child profile exists or user is locked Bug: 28878708 Change-Id: Iaae2a9ba9c7c0ff388264c474c78a0dcd9fec258
evicepolicy/DevicePolicyManagerService.java
|
12753ded44813a77a4cad5114d34345bec7b21ef |
23-May-2016 |
Victor Chang <vichang@google.com> |
Fix Certificate authority installed notification is gone when turning off and on the work mode. cause: Work mode is turned on before entering USER_STOPPED state. Thus, BOOT_COMPLETED broadcast is not sent, but the notification has been dismissed. use USER_STARTED + USER_UNLOCKED because both are foreground. Bug: 28864104 Change-Id: I4796b61586e194d8367b9e52a9c56f858cbcbe7d
evicepolicy/DevicePolicyManagerService.java
|
93f8fd714ad89067bf81d2ce8be3b2f2e816dee2 |
05-May-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update RestrictedLockUtils to use UM.getUserRestrictionSource. Bug: 28269827 Change-Id: Ib4a1441b71986ca6637a9236136b60e18dbc1643
evicepolicy/DevicePolicyManagerService.java
|
bc73347152a3562a7f957a07433d64912f4acd83 |
17-May-2016 |
Robin Lee <rgl@google.com> |
Merge "Skip 'network may be monitored' if dying or locked" into nyc-dev
|
820ae5a47587f3d0a7bc4be9acb1c46c590c9860 |
12-May-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing a NPE in DevicePolicyManagerService Bug: 28786940 Change-Id: I73de8dea9221765ed0751039f3d472cf78d341af
evicepolicy/DevicePolicyManagerService.java
|
fe47b6eefa266e2a43294f6472e58698be711ee2 |
13-May-2016 |
Robin Lee <rgl@google.com> |
Skip 'network may be monitored' if dying or locked KeyChain isn't direct boot aware & attempting to bind to a service inside a dying user isn't going to end well. Change-Id: I5a0acc34f98c39705ec404765c87e7ac61ca9b71 Fix: 28725354
evicepolicy/DevicePolicyManagerService.java
|
090b5a8e8c6cbe069c9818eda25b1976da6426a9 |
11-May-2016 |
Victor Chang <vichang@google.com> |
Merge "Fix ConfirmCredential is not presented before trusting cert installed by PO/DO" into nyc-dev
|
8560a7c2a1681276ccf8cb04dfd02bfea6251af4 |
09-May-2016 |
Victor Chang <vichang@google.com> |
Fix ConfirmCredential is not presented before trusting cert installed by PO/DO - TrustedCredential is responsible to show ConfirmCredential - Show the MonitoringCerInfoActivity in personal side instead to avoid showing work challenge - put user id into extra Bug: 28619980 Change-Id: Iedbc0b721ef56675f3c9eb6f1d12daf1222ad080
evicepolicy/DevicePolicyManagerService.java
|
0fb6b9e18c4f9fad98c426ace0190017e8b2060a |
04-May-2016 |
Rubin Xu <rubinxu@google.com> |
Guard retrievePreRebootSecurityLogs with config flag Bug: 28160645 Change-Id: Ifce884c319019758dfaaa39bc239e9f30962c920
evicepolicy/DevicePolicyManagerService.java
|
fc0810b4d47b3cd679c5c761eb225be3d1351060 |
05-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Merge "Revert "Don't enforce this API - it's not sensitive"" into nyc-dev
|
9de713d42269a5888d31423b74d4203dce382853 |
03-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Revert "Don't enforce this API - it's not sensitive" This reverts commit 895504e55788c5c7fd90830dcf01c41a79ca7fe4. Also adds a change to device manager to prevent failure there as in the bug below. Bug: 28512889 Change-Id: I4a445ec365133e9e2764e2d625d61fc6ee2008ec
evicepolicy/DevicePolicyManagerService.java
|
dc67971a996c447c71ceb9ad983c79c96f598bcc |
03-May-2016 |
Robin Lee <rgl@google.com> |
Add lockdownEnabled parameter to always-on VPN API Allows callers to opt-out of blockading network traffic during boot and on VPN app failure. Bug: 26694104 Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
evicepolicy/DevicePolicyManagerService.java
|
ce18c8167766f92856f94a8e88e19de4698960e6 |
28-Apr-2016 |
Jeff Sharkey <jsharkey@android.com> |
Introduce "unlocking" vs "unlocked" nuance. There is a narrow window of time during user unlock where we're reconciling user storage and dispatching the "unlock" status to various internal system services. While in this "unlocking" state, apps need to be told that the user still isn't actually "unlocked" so they don't try making calls to AccountManager, etc. The majority of internal services are interested in merging together both the "unlocking" and "unlocked" state, so update them. Clarify naming in AccountManagerService to make it clear that a local list is being used, which mirrors the naming in MountService. To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch after the user is unlocked, but block BOOT_COMPLETED dispatch until after all PRE_BOOT receivers are finished to avoid ANRs. Bug: 28040947, 28164677 Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
evicepolicy/DevicePolicyManagerService.java
|
c0440e5f4dfa695d2347c68bbec787d3e16847eb |
22-Apr-2016 |
Victor Chang <vichang@google.com> |
Merge "Deleting lock screen clears all CA approvals" into nyc-dev
|
dc068eba6f577b0ec37f5830df5c19f4ff2e85cf |
21-Apr-2016 |
Victor Chang <vichang@google.com> |
Deleting lock screen clears all CA approvals When both screenlocks for profile user and parent user has been removed (both set to none), remove CA approvls on that user, and show the "Certificate authority installed" notification. Bug: 28161447 Change-Id: I3c78dc5cfcdf7c02c91b64abe44984ee790d8f3e
evicepolicy/DevicePolicyManagerService.java
|
38dcca51a739d3273b24e84ba5e89e505f45960c |
19-Apr-2016 |
Kenny Guy <kennyguy@google.com> |
Add test method to remove admins. Add test method to remove admins that declare FLAG_TEST_APP without informing them. The method will also remove the device and profile owner status of the admin. Bug: 28027468 Change-Id: Idb4d3299a9c6595c94bfb424546cd8a384131835
evicepolicy/DevicePolicyManagerService.java
|
fd580f7d1a5a19b062bea49602f0f6136bce7e5e |
13-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update {set,get}{Long,Short}SupportMessage APIs to use CharSequence." into nyc-dev
|
1271cef419bdb7577f64b1dfa05d5678df706ef5 |
13-Apr-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "API polish in DPM for organization color and name methods" into nyc-dev
|
caf566a5372b05230885b787997b98ff4508eadd |
13-Apr-2016 |
Victor Chang <vichang@google.com> |
Merge "Update display text in cert notification" into nyc-dev
|
74cd73079c6901f7e081fcac744a2597ed96a991 |
12-Apr-2016 |
Michal Karpinski <mkarpinski@google.com> |
API polish in DPM for organization color and name methods - Returning and accepting CharSequence instead of String - Enforcing 100% opacity and adjusting javadocs for color format - Adding @ColorInt annotations Bug: 27531295 Change-Id: Id27d4fd5e7bb4d746cc61288457eb4eb86224505
evicepolicy/DevicePolicyManagerService.java
|
3ccca91e6ee2106004c3762ee682deff7343c6d4 |
12-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update {set,get}{Long,Short}SupportMessage APIs to use CharSequence. Bug: 27531295 Change-Id: Ib28c509a3112046c14d812265ce43bc5b5574f12
evicepolicy/DevicePolicyManagerService.java
|
4c74334c4425e43dfb53bc2ef707eebb1bef7d5b |
11-Apr-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added getProfileIds method returning array of userIds" into nyc-dev
|
355d47697c346ad4c7f41a8af1febcdf4ff95988 |
07-Apr-2016 |
Victor Chang <vichang@google.com> |
Update display text in cert notification - Show DPC app name for PO - Check user id for DO - Update notification title for all cases - update symbols for private resource ssl_ca_cert_warning changed from string to plural - Pass number of certificate to MonitoringCertInfoActivity Bug: 25772443 Bug: 18224038 Change-Id: I68db06f55a24879c1d5f532e38b97e2932bf990e
evicepolicy/DevicePolicyManagerService.java
|
a078b4ba6a30532585e93b7d99f81fd0184aeb56 |
08-Apr-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Still return a package suspsended dialog if there is no owner." into nyc-dev
|
8aa48028f36a411192623881191c2591a009a997 |
08-Apr-2016 |
Nicolas Prevot <nprevot@google.com> |
Still return a package suspsended dialog if there is no owner. When an application cannot be started, and there is no profile/device owner, still return a PackageSuspendedDialog. BUG: 28042198 Change-Id: I5c30393f9481840a965bb815235af5181561a063
evicepolicy/DevicePolicyManagerService.java
|
7f98aa4aa93497692f200c553d2d6fff402e3de2 |
07-Apr-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Added getProfileIds method returning array of userIds Previously many usages of UserManager.getProfiles and getEnabledProfiles were only using ids of returned users. Given that the list of users needs to be parceled and unparceled for Binder calls, returning array of ids minimizes memory usage and serialization time. A new method getProfileIds was introduced which returns an array of userIds. Existing method calls were updated where appropriate. Bug: 27705805 Change-Id: Ic5d5decd77567ba0f749e48837a2c6fa10e812c0
evicepolicy/DevicePolicyManagerService.java
|
035e92447084b96ef2c9125e77105c237e20bad3 |
18-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Fix work profile screen timeout policy Settings screen should apply both primary and managed maximum timeout policy, even separate profile challenge is enabled. Bug: 27493348 Change-Id: Ia1ec1cafc7665c54816833af64e0f446a77a55b2
evicepolicy/DevicePolicyManagerService.java
|
dc283a897680ffd33c4d15535ebe778ba5b42c43 |
24-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Keymaster init for work profile Changes: (1) When unified work challenge is enabled and screen lock is secure - Store work profile secure key in primary profile - When primary user keystore unlocked, unlock work profile keystore - When primary user change lock to none, remove work secure key (2) When unified work challenge is enabled but screen lock is not secure - When screen lock changes to secure, store work secure key in primary (3) When user changes work challenge from unified to separated - Remove work secure key in primary (4) When user changes work challenge from separate to unified - Do (1) and (2) Bug: 27460698 Change-Id: I8f77bde5dc6b8e59c90256e75c5990100e93366b
evicepolicy/DevicePolicyManagerService.java
|
a01c1f0d90def31de9bdd21bada11a3dfc0444b0 |
06-Apr-2016 |
Tony Mak <tonymak@google.com> |
Merge "xxxTrustAgentConfiguration should be supported in the parent DPM instance" into nyc-dev
|
589b855719ce89ba68ce1a93f15a4c79a2461adc |
06-Apr-2016 |
Robin Lee <rgl@google.com> |
Merge "Remove bool return from setAlwaysOnVpnPackage" into nyc-dev
|
ee5eb934e349ee6a01a028cb431afac9018b8e56 |
05-Apr-2016 |
Robin Lee <rgl@google.com> |
Remove bool return from setAlwaysOnVpnPackage Bug: 27533151 Change-Id: I4c656488e69cb5247dbb9cfd62d6f6f7043f9a90
evicepolicy/DevicePolicyManagerService.java
|
73ebf33d76c1d06b275b011e043680c410fd70ac |
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
Merge "getProfiles should only returns non-partial user info" into nyc-dev
|
f4b30e2147671476564c8bba6edf33aa63334f6e |
05-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Remove the admin from the removing list when refreshing that admin." into nyc-dev
|
80189cdece046e2e915e07c0ee166b6375dbde84 |
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
getProfiles should only returns non-partial user info Bug: 26928524 Change-Id: I537bb0a9632cad603717a367b81d5e072452a6d7
evicepolicy/DevicePolicyManagerService.java
|
089d840383c511ed170a284ba343bd9a00db790e |
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
xxxTrustAgentConfiguration should be supported in the parent DPM instance 1. Fix trust agent config does not persist across reboot 2. xxxTrustAgentConfiguration now supported in parent DPM instance Bug: 27601827 Change-Id: I6ea4a089bf590d6c44be40318f3a69c35c54f796
evicepolicy/DevicePolicyManagerService.java
|
691b1a6005ed373ad75361aa5a1bd120f138f15c |
05-Apr-2016 |
Robin Lee <rgl@google.com> |
Merge "Switch to work challenge if MP calls resetPassword" into nyc-dev
|
7c9213313440be5925441b7bfbac4837336c6006 |
01-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Remove the admin from the removing list when refreshing that admin. Change-Id: I9b597a116db4f1fb894427b4e885f29c3e94abdb Fixes: 27909181
evicepolicy/DevicePolicyManagerService.java
|
ce5c4009cf555b1ece69356949f4c2c4b38cc25a |
23-Mar-2016 |
Robin Lee <rgl@google.com> |
Switch to work challenge if MP calls resetPassword If the profile owner wants to set a lock screen for a profile which they created, we should let them. This will cancel any lock screen unification that has been set up. Attempting to clear the password will continue to throw SecurityException if called from a managed profile. Bug: 26682008 Change-Id: Ia09aef879a21c074ccb517905e43f62696837998
evicepolicy/DevicePolicyManagerService.java
|
f1fe782e912d3feed9cded8fb80b179c4ee5d09c |
31-Mar-2016 |
Robin Lee <rgl@google.com> |
Merge "API to approve CA certificates" into nyc-dev
|
2f7e1e487c8ef486a16ad2398ffee413b53da04e |
21-Mar-2016 |
Robin Lee <rgl@google.com> |
API to approve CA certificates Bug: 18224038 Change-Id: Id928872cd70dac5a5ecfdcd52150fe6dea544e3b
evicepolicy/DevicePolicyManagerService.java
|
e04ac3d7d2027ea3149748ca6520405b7e1b1dbb |
31-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "Unit test for isProvisioningAllowed" into nyc-dev
|
aa604694450539b4c99901b0714efaa79db3c87d |
31-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "AfW - suspend apps - API polish" into nyc-dev
|
d2a968f9c31ba1864bc514bb88a9a939508fe794 |
31-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Return null value if getActiveAdminUncheckedLocked returns null." into nyc-dev
|
549b9692808cbd7d64e732b199b453b2b372dd32 |
31-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Return null value if getActiveAdminUncheckedLocked returns null. - Split per user version of getUserRestrictions into a separate method in DPMS and make the per-user version return null if the admin parameter is not a valid one. - Update isAccessibilityServicePermittedByAdmin and isInputMethodPermittedByAdmin to return false if the admin parameter is not a valid one. Bug: 27909087 Change-Id: I6f4cae6552cbfe02dc4a92b04eeeddf0314e0974
evicepolicy/DevicePolicyManagerService.java
|
3e794afb82228199c0a83bed5463dbeb3c48dd62 |
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Unit test for isProvisioningAllowed Note: DevicePolicyManagerService is changed to inject ContentObserver notifier Test: all test cases in DevicePolicyManagerTest pass BUG: 25710621 Change-Id: I347cec71769d0e9dd6a334d7d6339d5ce6a3fa6a
evicepolicy/DevicePolicyManagerService.java
|
5b7ca24f14ae4d1189ca7683fdad1ec0e62b88b8 |
30-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Merge "Add DevicePolicyManager API to install a client cert chain." into nyc-dev
|
30fb0534492478a3f95f6953b31bbb666ced8fe5 |
30-Mar-2016 |
Clara Bayarri <clarabayarri@google.com> |
Merge "Change default work challenge background color" into nyc-dev
|
8d0bd7fa634c090514ff27bbc0cd25a609c22b83 |
30-Mar-2016 |
Clara Bayarri <clarabayarri@google.com> |
Change default work challenge background color Requested by UX Bug: 27829562 Change-Id: I815c06784189e68b09e464e936521e82091c93c3
evicepolicy/DevicePolicyManagerService.java
|
b70ba1971c29db87e405434161489e2450309050 |
30-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "AfW custom lock screen message - API polish" into nyc-dev
|
b43659170824dd8d753d9249fe6ccfd37c6221ae |
23-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager API to install a client cert chain. When installing a keypair the caller will have the option to specify a certificate chain which will later be returned to whoever requests access to the keypair via KeyChain. Bug: 18239590 Change-Id: Id21ef026e31537db38d891cb9b712dd4fe7159c7
evicepolicy/DevicePolicyManagerService.java
|
efc4a344a173ae20ec72b8c05c45b794687fda87 |
22-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
AfW - suspend apps - API polish * renamed getPackageSuspended => isPackageSuspended * does not return false for an error, instead throws NameNotFoundException if the package could not be found, or if there is an unknown RemoteException, wraps it in a RuntimeException and rethrows. Bug: 27532430 Bug: 22776761 Change-Id: Iee00600089b1c0556a3312b10456826464fa8f9f
evicepolicy/DevicePolicyManagerService.java
|
81a95700e591d098d829df86eb25a77a70b23d79 |
29-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Fix SecurityException in getStorageEncryptionStatus Bug: 27892709 Change-Id: Ic6a3ccb8d266cfb04708413b767fe4f284219e57
evicepolicy/DevicePolicyManagerService.java
|
16187903b40014e28b97e2bd1429543e2c27ffb9 |
21-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
AfW custom lock screen message - API polish DevicePolicyManager: * getDeviceOwnerLockScreenInfo now returns CharSequence as it returns a string for display to a user * setDeviceOwnerLockScreenInfo ** accepts CharSequence, not String as this is a string displayed to the user ** Returns void; throws an appropriate runtime exception on failure Bug: 27531295 Change-Id: I30528569cfa66ee76f857fbee1c3196f821718fd
evicepolicy/DevicePolicyManagerService.java
|
fac4ddbd25e7ccaa763b9ac93ef1df5015b85628 |
28-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Work around buggy DMAgent. They're targeting new API level, but they aren't handling the new constants. Bug: 27785116 Change-Id: I8391294d963c86af1f948b91c7d1de6b7f44f66a
evicepolicy/DevicePolicyManagerService.java
|
a7c85adeda9283442b313c3e8a565b1655591c7a |
23-Mar-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Let the profile owner set lock-to-apps if the user is affiliated. BUG: 25632687 Change-Id: I76008b6a8e2194155154dc7693d43ce20f7e9fad
evicepolicy/DevicePolicyManagerService.java
|
d3c0cf50b6c8e71c0c409abcd3b8c32f98f7cb71 |
21-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "Api change of DPM.setApplicationRestrictionsManagingPackage()" into nyc-dev
|
cd14c0a9daa42a7ccacef345b3b2ef255790f993 |
16-Mar-2016 |
Victor Chang <vichang@google.com> |
Api change of DPM.setApplicationRestrictionsManagingPackage() Throws NameNotFoundException instead of IllegalArgumentException Can't throw NameNotFoundException directly from DPMS as aidl doesn't support checked exception Bug: 27532565 Change-Id: I202721f41057f92ad2dd851d4769ba4502a8f9b3
evicepolicy/DevicePolicyManagerService.java
|
8a372a0a280127743ce9a7ce4b6198c7a02d2a4f |
16-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Refactoring FBE APIs based on council feedback. Mostly consists of removing the word "encryption" from most APIs, since we can't actually make promises about the data being encrypted. Bug: 27531029 Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
evicepolicy/DevicePolicyManagerService.java
|
6235a94ffaed1d82cee2317481c18776f601da1b |
15-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Unifying method names and comments to security logging, not device logging Also move SecurityLog to android.app.admin package. Bug: 27531824 Bug: 27532560 Bug: 27532564 Bug: 27532425 Change-Id: I2677afdb5685bc5d21e52c41b381b57a41e364b6
evicepolicy/DevicePolicyManagerService.java
evicepolicy/SecurityLogMonitor.java
|
8a8e8ea19a825dd45117909df2f0140ca20565e7 |
15-Mar-2016 |
Mahaver Chopra <mahaver@google.com> |
Merge "Update DPM.reboot with new restriction" into nyc-dev
|
1216ae5d023e8f6e4f158a447a5764288e4ccc3e |
11-Mar-2016 |
Mahaver Chopra <mahaver@google.com> |
Update DPM.reboot with new restriction DPM.reboot() should not be called when there is an ongoing call on the device. Bug:27531799 Change-Id: Idc1fa4c7aa79b20ec9c2afcccf855455ee316787
evicepolicy/DevicePolicyManagerService.java
|
b5a4d9605f6ee009984165f1c894b3949dc8417a |
15-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Show admin support dialog if app is suspended." into nyc-dev
|
7a9c34bd7a65bf27a3a7ea83d7a1391667bae50a |
11-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Show admin support dialog if app is suspended. Bug: 26922950 Change-Id: I21f048873244df52d14910cc01a658af476d9149
evicepolicy/DevicePolicyManagerService.java
|
c4927b9fd43efab3f69c4cba90624153a885e0aa |
15-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Logging of setting ro.device_owner property Without logging of setting it's impossible to test the setup, unless device is rooted. Bug: 22860162 Change-Id: I0532654ef4e4b7272d2749b30590a1b47da9f645
evicepolicy/DevicePolicyManagerService.java
|
d4c9e541ec7110d3c842d6f92c3ec6beb0b6d997 |
26-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Add ENCRYPTION_STATUS_ACTIVE_PER_USER to... getStorageEncryptionStatus() Use StorageManager APIs to get the encryption state instead of from the system properties directly. Bug 26547262 Change-Id: Ic27baa9489d43a93873f8bb0428084f8886aed67
evicepolicy/DevicePolicyManagerService.java
|
03128dceab3a7cc517b7c253e740caac82e74033 |
10-Mar-2016 |
Paul Lawrence <paullawrence@google.com> |
Fix bug in new encryption API Bug: 27583871 Change-Id: I372f0a6a411704dc57ca9bcc53c4c5a10b236772
evicepolicy/DevicePolicyManagerService.java
|
2f79ae98afd895ec1179b38fccb538f64164b9fd |
09-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Tuning down wtf to warning for setting ro.device_owner property This was logged to often, especially while running CTS hostside tests and looked too scary to people. Bug: 27230864 Change-Id: I9e81d9efe87b4aed18aa473be647c560ff9cfa0d
evicepolicy/DevicePolicyManagerService.java
|
d5a3f3df4097e4a57e0d31fba994c91d8996abf8 |
09-Mar-2016 |
Paul Lawrence <paullawrence@google.com> |
Merge "Add API to IMountService to get encryption state" into nyc-dev
|
20be5d62471d520eed3a52d90c11944464a71c07 |
26-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Add API to IMountService to get encryption state Bug: 18002358 Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1
evicepolicy/DevicePolicyManagerService.java
|
97e89c624e19c0a0ebe3d76506a493cfe29c0558 |
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update DPM.getWifiMacAddress to take admin component as argument." into nyc-dev
|
29d6b9f0f73e980b9a4718b809ae0d34e5b2a5a4 |
08-Mar-2016 |
Tony Mak <tonymak@google.com> |
Merge "clear calling identity before calling getUserInfo" into nyc-dev
|
ed58f5f0aa580dd4a6dc0fd5dc957862309db8d9 |
08-Mar-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Introducing ShortcutManager" into nyc-dev
|
4d9abf92d4d5f77f025531b70ed1f58e7482acf5 |
08-Mar-2016 |
Tony Mak <tonymak@google.com> |
clear calling identity before calling getUserInfo Bug: 27523508 Change-Id: I243a5423de850477cf65968c8ea26cbb3ae896d5
evicepolicy/DevicePolicyManagerService.java
|
3cb4da16dcf07474acefb709d10b22cdfdefd81b |
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update DPM.getWifiMacAddress to take admin component as argument. Bug: 27532280 Change-Id: I3a5e9557c3c6ac43c458c911a5309bdb2655fb66
evicepolicy/DevicePolicyManagerService.java
|
1145cd26bd8acff6aced86a98819172fd7e4cbd1 |
07-Mar-2016 |
Kenny Guy <kennyguy@google.com> |
Don't crash if KeyChain can't be bound to. KeyChain can throw an assertion error if is not around, don't allow that to take down system. Bug: 27518175 Change-Id: I99418dfb65c58d3e07cbda91860cdb493b96a836
evicepolicy/DevicePolicyManagerService.java
|
fdc5ba8f43e09cfbc8f5de0bf819b7684094953e |
05-Mar-2016 |
Jeff Sharkey <jsharkey@google.com> |
Merge "Move more PM calls to ParceledListSlice." into nyc-dev
|
d5896630f6a2f21da107031cab216dc93bdcd851 |
05-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Move more PM calls to ParceledListSlice. Since the data returned by these calls can grow unbounded based on various GET flags, we need to switch 'em over. Bug: 27391893 Change-Id: Ie849ca30dbaaa91158da4c83675657715629a0ee
evicepolicy/DevicePolicyManagerService.java
|
6f7362d92573e4ae693bc513dca586d6a4eb087b |
04-Mar-2016 |
Makoto Onuki <omakoto@google.com> |
Introducing ShortcutManager What's supported: - Most APIs are implemented, except for SM.updateShortcuts(), the icon APIs in LA, and LA.startShortcut(). - Persisting information, except for icons - Throttling In addition, now PersistableBundle has a public copy constructor from a Bundle. (Do we want to @hide it?) TODOs: - Add icon support - Implement missing APIs - Listen to PACKAGE_* broadcasts and do clean-up - Support multi-launcher apps (pinned shortcuts per launcher) - Dev option to reset throttling - Load throttling config from Settings - Backup & restore - Figure out LauncherApps permissions (BIND_APPWIDGETS??) - Other minor TODOs in the code - Better javadoc Note: This requires Idf2f9ae816e1f3d822a6286a4cf738c14e29a45e Bug 27325877 Change-Id: Ia5aa555a4759df5f79a859338f1dc5e624cd0e35
evicepolicy/Owners.java
|
e1fd7f09d5149055b8ad7bcf24846ecd8d87027a |
04-Mar-2016 |
Suprabh Shukla <suprabh@google.com> |
Merge "Not clearing data for a package that is a DO or PO" into nyc-dev
|
0114263a1aff5dea92fdafbec81c1b40093e9aba |
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode" into nyc-dev
|
915d5245533c449550b9dae54b71414394ae2d74 |
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "isDeviceOwnerProvisioningAllowed implementation to match enforceCanSetDeviceOwnerLocked" into nyc-dev
|
e29cd4724ff41f1cd81c1493f02fb0ba2b2f8197 |
02-Mar-2016 |
Victor Chang <vichang@google.com> |
enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode Bug: 27453111 Change-Id: I1acdfecdf4474696e904a6a4df189453be306aa4
evicepolicy/DevicePolicyManagerService.java
|
5676ae256a15b73d724c38940356be324fc9647a |
02-Mar-2016 |
Victor Chang <vichang@google.com> |
isDeviceOwnerProvisioningAllowed implementation to match enforceCanSetDeviceOwnerLocked The main purpose is to fix the security flaw that user can force isDeviceOwnerProvisioningAllowed to return true by setting the device_provisioned without factory reset Check UserSetupComplete instead, as it's cached by DPMS if it's ever set to true Refactor common code of isDeviceOwnerProvisioningAllowed and enforceCanSetDeviceOwnerLocked The functionality of enforceCanSetDeviceOwnerLocked should be exactly the same. DPM Unit Test all pass Bug:27403225 Change-Id: I32dae8e222e01e08664abb313ead3a92d4186658
evicepolicy/DevicePolicyManagerService.java
|
d04525214b9a999339cd553a22b95b52debecde5 |
02-Mar-2016 |
Suprabh Shukla <suprabh@google.com> |
Not clearing data for a package that is a DO or PO Added a check inside PackageManagerService to make sure data for a package with a DO or PO for the running user is not cleared. Currently, the 'pm clear' command goes through without any such checks. Bug: b/27243904 Change-Id: I87d4ad2db031f47946f34627a5ee465ef144f85e
evicepolicy/DevicePolicyManagerService.java
|
ba24409033241e680d111e7dea6501e760d972c5 |
25-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Rework of remote bugreports UX New notifications, that open dialogs. Bug: 26226230 Change-Id: I50f9ab23b6c6d03892889d9081cabb0a3d858f91
evicepolicy/DevicePolicyManagerService.java
evicepolicy/RemoteBugreportUtils.java
|
8bbace3afcae7ca614fd8c8d86c4d48d47ded392 |
03-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Merge "Fix clearDeviceOwner() not working in split-user mode" into nyc-dev
|
e9aa6ec1cf57d20aaf4da5d90a78f891a8f0ca5b |
29-Feb-2016 |
Tony Mak <tonymak@google.com> |
Fix setBluetoothContactSharingDisabled does not persist The default value of bluetotoh contact sharing is true. So we should save when it is false. Bug: 27410265 Change-Id: Icaf4ceeda09eca46d160acfecc53834819b66a18
evicepolicy/DevicePolicyManagerService.java
|
45eb8bd9b9ab81273e23d64adb806542900bca02 |
25-Feb-2016 |
Ricky Wai <rickywai@google.com> |
Fix clearDeviceOwner() not working in split-user mode Bug: 25906481 Change-Id: Iefe004b4bac7a7fc79c613e61a42f916fce7230e
evicepolicy/DevicePolicyManagerService.java
|
a4fae1545ae38f61385e45e8f635994f447efca5 |
24-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Support safe mode properly." into nyc-dev
|
889c0880661bda16e3759995e03766ddf0350732 |
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Support safe mode properly. In safe mode, IPM.queryXxx() doesn't work. Use IPM.getReceiverInfo() directly instead. Bug 27108276 Change-Id: Ice8f882559b8f0596a19ddb3a16395a4dc538a25
evicepolicy/DevicePolicyManagerService.java
|
155a280e18200aeaa0e7d5e31d6b8b0115c58e42 |
24-Feb-2016 |
Robin Lee <rgl@google.com> |
Merge "DPM: installKeyPair variant: caller can self-grant" into nyc-dev
|
ce3399fbb46972d223b0cd154eaea3b68a16e051 |
24-Feb-2016 |
Robin Lee <rgl@google.com> |
DPM: installKeyPair variant: caller can self-grant If 'requestAccess' is true, the caller (either profile/device owner or a designated certificate installer) will be granted usage of the keypair on successful installation. This has no security implications for a profile/device owner which would already be able to self-grant. Delegated certificate installers did not have this ability before. This is only allowed at install-time- not afterward. Bug: 24746231 Change-Id: Ia0ec290bb0bcde1d8137c188e2667cb7718dbfd7
evicepolicy/DevicePolicyManagerService.java
|
515a6c7030f73aeb812b13e7073e814dcd35c297 |
24-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Merge "Throw UnsupportedOperationException when creating ephemeral user on a system without split system user." into nyc-dev
|
a0ea967d111b9f8e01ebbb1ac8d393270e1788b6 |
19-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Removing lock contention in SecurityLogMonitor After being interrupted the monitor thread tried to acquire a lock that is held by interrupting thread, resulting in timeouting on join(). Bug: 27061904 Change-Id: Ifbd578d5f5a266083b207fedd8ebb6d26ab08c31
evicepolicy/DevicePolicyManagerService.java
evicepolicy/SecurityLogMonitor.java
|
3dfe7f655d3707c0b89746ca8834a155de4e5e31 |
23-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Throw UnsupportedOperationException when creating ephemeral user on a system without split system user. BUG: 27143201 Change-Id: I7b7e634ba7fce576dd72a416e802c80939f05d3e
evicepolicy/DevicePolicyManagerService.java
|
27ee33482a2fdecbbbedbd33a137ceae3e93fa2a |
08-Feb-2016 |
phweiss <phweiss@google.com> |
Remove deprecated APIs DPM.createUser, createAndInitializeUser They were deprecated in M and slated for removal in N. Bug: 26974903 Change-Id: I7ae4d60bcf226c1e1de42852b378ad1ff71a914b
evicepolicy/DevicePolicyManagerService.java
|
024f979dfdae1938afc3c509ea9762c06784cef5 |
17-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Allow ephemeral users on the split-system-user systems only. BUG: 27143201 Change-Id: I37f3ca7366648dbf07df39a7a972857e0ff78a9a
evicepolicy/DevicePolicyManagerService.java
|
4ab36372fb7f2f8236d9fa308ec508582fc52607 |
19-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Clean up on UserManagerService and DPMS" into nyc-dev
|
2a3c3da0fc07ef37abc45cfb0166bdf5f7f202b6 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Clean up on UserManagerService and DPMS - Avoid the ART warning about 4.1 compatibility - Avoid integer overflow in DPMS Bug 27243525 Bug 27242859 Change-Id: I92af323287e348fbd0eff31e6cf9823be8e41024
evicepolicy/DevicePolicyManagerService.java
|
60949288064460894bdd288f4865cdb180c0e501 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Fix bugs in user restriction migration Originally I didn't know user-0 could have PO, so I excluded this case from migration. Now we handle it properly. Also make sure only restrictions that can actually be set by each owner moves to the owner restriction. (Because of this, we no longer have to have DISALLOW_WALLPAPER in the exception list, because owners can't set DISALLOW_WALLPAPER.) Bug 27225996 Change-Id: I6ad79d90e6c4400abbb1e4feba6ba59e3b650815
evicepolicy/DevicePolicyManagerService.java
|
aafff2f835ea7c6dd08cadea0d92dfa7288c8e09 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Ensure DO/PO are also DA." into nyc-dev
|
184db600df42c2b27a2d34deecab57d591434b22 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Ensure DO/PO are also DA. Bug 24503508 Change-Id: Ib957b84d5bee185501636c406d9aaf4985a79d8d
evicepolicy/DevicePolicyManagerService.java
|
fc482c30b7a3c2cf7bc14d5c86de758a16f6433d |
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "[framework] Don't allow apps on external storage to be active admin" into nyc-dev
|
f34db0a17ee035c165a4e81e9192f73d2455bd1c |
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
[framework] Don't allow apps on external storage to be active admin Bug 27149287 Change-Id: I6d959d2e66dc0b19f78e6135fbdcf45ca8551958
evicepolicy/DevicePolicyManagerService.java
|
eb84b1843a3f6805c6109c1d9d023550229a3fc5 |
26-Jan-2016 |
Andrei Stingaceanu <stg@google.com> |
Suspend packages - one call for multiple packages Refactor setPackageSuspended into setPackagesSuspended. The rationale is that the consumers of this API are likely to want to remove multiple packages at once. Rather than calling the API N times, call it just once. The good part is that we already have the broadcast intent for suspended packages take an array so only one broadcast. Less stress on the system. Another good part is that (right now) we only have one consumer of this API and it will be easy to make changes once this CL goes in. As a shell command, for consistency only allowed one package at a time. Bug: 22776761 Change-Id: Ic8b8cf64d0a288ea3a282bb7b72f9d663b3b0049
evicepolicy/DevicePolicyManagerService.java
|
5ae4e73ef0747c2d08a901f1a76d8fb8ee64a53a |
17-Feb-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "Suspend packages - new API for retrieving the suspended status" into nyc-dev
|
910a367cbf36bd1f8d93416b9379224c76371dc8 |
17-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Remote bugreport notifications rework" into nyc-dev
|
dafec11e698daf054730cfb04db64f3e31a0c9ff |
16-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Don't allow deactivating DAs when the user is not unlocked" into nyc-dev
|
f79c887c5997f4a7735987a524869421a1a3ac2d |
16-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Let admin disable fingerprint for the work challenge" into nyc-dev
|
e9377a7d84c23571342ea1c4dc6c12875eaaf3df |
15-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Remote bugreport notifications rework Merging two notifications into one. Bug: 27095707 Change-Id: Ib6582dabb7370f9b3b6e673b19ab43b70c73433a
evicepolicy/DevicePolicyManagerService.java
evicepolicy/RemoteBugreportUtils.java
|
355b232d7998cfc9b29d42a0356390e25191bcbd |
12-Feb-2016 |
Andrei Stingaceanu <stg@google.com> |
Suspend packages - new API for retrieving the suspended status Instead of always rebuilding the full ApplicationInfo for a package when callers are only interested in the suspended status add a new fast API in Packagemanager (which only checks the suspended user setting for the requested package and returns a boolean) and change the appropriate caller code too. Bug: 26794775 Bug: 22776761 Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a
evicepolicy/DevicePolicyManagerService.java
|
115d2c189a46f535778d9dd0923f703ff2f888fe |
16-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Add feature versions for devices and apps. We're starting to see more instances of device features that will increment separately from the SDK API level, such as camera HAL, GPU capabilities, Bluetooth, and other hardware standards. This change adds the ability for device features to specify a version, which is defined to be backwards compatible. That is, apps requesting an older version of a feature must continue working on devices with a newer version of that same feature. When a version is undefined, we assume the default version "0". Bug: 27162500 Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
evicepolicy/DevicePolicyManagerService.java
|
eff90bd5ff6bd50325149a5010183277bd76f4c6 |
15-Feb-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Allow privileged apps to set the organization color." into nyc-dev
|
1a5ee776ee51ae6fba30c8f3b33e26eb7f9dedc6 |
13-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Don't allow deactivating DAs when the user is not unlocked Bug 27149570 Change-Id: I772d9cbd6edc822c8f7b1988905b702e05e674cd
evicepolicy/DevicePolicyManagerService.java
|
29b13190cd57bd823eb803f6fca03f671a32a5fe |
12-Feb-2016 |
Clara Bayarri <clarabayarri@google.com> |
Merge "Add support for current failed lock attempts and max attempts" into nyc-dev
|
51e41ad887a2e30a1366f0a3b4750f0204912b8e |
11-Feb-2016 |
Clara Bayarri <clarabayarri@google.com> |
Add support for current failed lock attempts and max attempts This is needed from Settings to show a message informing the user of the number of attempts before their work profile gets wiped when using ConfirmDeviceCredentials. Bug: 26677759 Change-Id: I4b16f7dc2f415d0ce0215a3b7a646f98fabece33
evicepolicy/DevicePolicyManagerService.java
|
d6c90a88831af5c8d3a3587173873031cf6f5d7f |
12-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix testApplicationRestrictionsManagingApp unit test" into nyc-dev
|
8f7698aaf630787693ec7edb4779a27fdd2b888b |
11-Feb-2016 |
Nicolas Prevot <nprevot@google.com> |
Allow privileged apps to set the organization color. BUG:26923835 Change-Id: I97b0cbbc0d4fb9e9ca0e3d335a9d15eb5a1f9602
evicepolicy/DevicePolicyManagerService.java
|
5f05cf96127ee1acb6d80efdc0a87fad2a9daa02 |
11-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "If package has no active admins, just uninstall right away" into nyc-dev
|
641ea634eeebc52b7bdc825b32dc22881d63ae30 |
11-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
Merge "DPMS shouldn't remove admins that aren't crypto aware." into nyc-dev
|
44fc4aeb1f3a6fcc6c1b8532530cb0589b2815c4 |
11-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
DPMS shouldn't remove admins that aren't crypto aware. DevicePolicyManagerService checks admins on boot and removes ones that aren't found so it needs to match crypto and non-crypto admins. Match non-crypto aware apps when admin is enabling system apps. Bug: 27126412 Change-Id: Ibb20841679fb660de281782964b068d5a13b8fe9
evicepolicy/DevicePolicyManagerService.java
|
ed1928a981cbff9a67b5c1786ded8cbdf848056b |
11-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Fix testApplicationRestrictionsManagingApp unit test The API now requires the app restriction manager app to exist on the current user when it is called. Change-Id: I809816d4f5d73378c23b18d7b74ebb282b7dc444
evicepolicy/DevicePolicyManagerService.java
|
09f856805902078931aa5de006bc5e2c5403dfa6 |
11-Feb-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "DPM.createAndManageUser should work even with DISALLOW_ADD_USER set" into nyc-dev
|
2547071ff8d83dc51c915a56202081ca3a100b23 |
11-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Let admin disable fingerprint for the work challenge Also, reworked the logic a bit: * Admins can only set flags that affect the parent on the parent DPM instance (i.e. no unredacted notifications) * Admins can set flags not supported on the work challenge on the regular DPM instance. If there is a work challenge, they will have no effect (as managed profile policies don't affect the regular lockscreen if there is a work challenge). If there is no work challenge, they'll affect the parent profile. Bug: 26891832 Change-Id: I8978e1aa6abe9c8dc07e030dfd069b5f4e1301f6
evicepolicy/DevicePolicyManagerService.java
|
e9c440638e27a123a82feb5e4677ce1242785288 |
10-Feb-2016 |
phweiss <phweiss@google.com> |
DPM.createAndManageUser should work even with DISALLOW_ADD_USER set For this, the DPM calls a new function UserManagerInternal.createUserEvenWhenDisallowed() instead of UserManager.createUser(). This calls UserManagerService.createUserInternalUnchecked(). Also, only the system user is allowed to call this method, otherwise a security exception is thrown. Bug: 26952210 Bug: 26786199 Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
evicepolicy/DevicePolicyManagerService.java
|
ed5c8f0216bf97e896936e2a2e24fc3fb18303a1 |
09-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Log strength of auth method used into security log As approved by Android Security team, added logging of strength of auth method as well as logging of fingerprint keyguard actions. Bug: 26841997 Change-Id: Ic8e3f125f775a7585fe56003f4c6442390edea61
evicepolicy/DevicePolicyManagerService.java
|
ed9fa2ca3c9d0ed5f656a6aca459acf6f170660d |
11-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
If package has no active admins, just uninstall right away Also fix the bug where removeAdminArtifacts() is called for all active admins on the target user. Bug 27107878 Change-Id: I6edbdadffe8c75628539976d304e39d6abed73a4
evicepolicy/DevicePolicyManagerService.java
|
338c1d860772edc3101ed4860a149e7f3c5fe493 |
10-Feb-2016 |
Suprabh Shukla <suprabh@google.com> |
Merge "Added an api to uninstall a packge with active DAs" into nyc-dev
|
8212ae0aee1700b9c287ebadf15af8dacdc8eae6 |
10-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for internal storage APIs. Also completely remove a few confusingly named deprecated APIs. Change-Id: Ia7e4ea3190a97f0a7dfa9bebf2118da0866ec38f
evicepolicy/Owners.java
|
a2ae2238e506d5b092015440792d5a885b7a7b1d |
29-Jan-2016 |
Suprabh Shukla <suprabh@google.com> |
Added an api to uninstall a packge with active DAs The api deactivates all the active admins in the package, then force stops the package and starts the uninstall intent for the package. This is intended to provide an easy way for a user to delete a misbehaving Device Admin Bug: b/22359208 cherrypick of Ic7ddd89ef6db53e7e76f805808d9e806100374db Change-Id: I0d677839120c46f22231a7d6f9cf6630cb020227
evicepolicy/DevicePolicyManagerService.java
|
66a320d368e93a03d5aee33eac85807a227c0a3c |
10-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Check for null on app restrictions managing app APIs" into nyc-dev
|
f03d0a6bfcff0f36a623b4fad7bd505d94b22e9a |
10-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Require delegated cert installer and app restriction manager to exist Enforce that apps with delegated powers to exist on device before empowering them. This is consistent with DevicePolicyManagerService's internal logic to clear the delegation power once the package is removed. For delegated cert installer, only enforce this new restriction on device admins targeting N or later. Bug: 26233778 Change-Id: Ia8f45dfd5290958cebb36991c4b6baa03e8c28ae
evicepolicy/DevicePolicyManagerService.java
|
48e64f20f328a40505f35062f870a7f6e5ab9ff6 |
10-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Check for null on app restrictions managing app APIs Change-Id: I3d3cc9b4a4bd6a2526fd0bd7d8662c6b07183208
evicepolicy/DevicePolicyManagerService.java
|
e28e5a9d3b3115ec00c1209bec393a397d359a9f |
05-Feb-2016 |
Nicolas Prevot <nprevot@google.com> |
Fail if setProfileEnabled is called outside a managed profile. BUG:26709495 Change-Id: I98adf2dab1e7b27fef926144c460af8823fe96e7
evicepolicy/DevicePolicyManagerService.java
|
57218cbbf773f389e5e9493623dd3d017e459590 |
04-Feb-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Made changes to fix some policy transparency options."
|
569258689a0d28f25cbdf7189038833d45a63a80 |
28-Jan-2016 |
Sudheer Shanka <sudheersai@google.com> |
Made changes to fix some policy transparency options. Add isInputMethodPermittedByAdmin and isAccessibilityServicePermittedByAdmin APIs in DevicePolicyManager. And update utility methods in RestrictedLockUtils to use the correct userId when checking if disabled by admin. Bug: 26897250 Bug: 26767564 Bug: 26966213 Change-Id: I0b74b3e57904a82f8ce72d856769d35b5e8403e5
evicepolicy/DevicePolicyManagerService.java
|
8c41a1c9bc9c61b7b63ce7ab1a6b2f0a099dbf01 |
03-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
Match non-crypto aware admins when registering. Profile owners are registered before the user is started and unlocked, so we need to check for components that aren't cryptoware when looking for the admin. Bug: 26924254 Change-Id: I61fca0a3d6e490ca6fea9a7bdc8f2c44efde74f2
evicepolicy/DevicePolicyManagerService.java
|
a0fddc1ed41a4bb14fc33e5bdbc4de1317dc79b7 |
03-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Ignore unknown user restrictions and WTF instead."
|
939be877760f1a3f32c96fbd34eed37a0fcf656c |
03-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Slightly change the "pre-N" so it's CTS-friendly. Right now, the value of VERSION_CODES.N is 10000, but I'm writing a caller app with target SDK level 24 for CTS, and the previous logic didn't work for it. Bug 25506830 Change-Id: I73613f30b437fb19406736f897d01d59b1f84c9d
evicepolicy/DevicePolicyManagerService.java
|
1f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Ignore unknown user restrictions and WTF instead. Bug 23902097 Change-Id: I1ac147ecd0286a8eb674d6f9f527edfea6e1198e
evicepolicy/DevicePolicyManagerService.java
|
90b896533eb6a8867e7951bbbdbbacd9b520199c |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
DO / PO Shouldn't be removed as active admin... even if they asked. Also clear(Device|Profile)Owner should remove them as the active admin too. Also add some more unit tests. Bug 26858840 Change-Id: I7b3ed92e1b4cbe803381ed6e3f64d8de17b2ebb0
evicepolicy/DevicePolicyManagerService.java
|
49caead1c2608f57ac6c260396c6bfd058b921ae |
02-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Call SecurityLog methods via Injector This is to make sure the unit test can mock them out. Bug: 26911599 Change-Id: I07a1a8b43ad5716a4b667bc5266b3b03997268c5
evicepolicy/DevicePolicyManagerService.java
|
fe13c5fbe11a6ee004d1b4e6b27a44fafbe22bd4 |
02-Feb-2016 |
Victor Chang <vichang@google.com> |
Merge "Fix that can't launch managed QuickContact in ContactSearch"
|
d38308e4d0599836f9c5446ba9d6edbc0713c428 |
02-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix DPM unit tests"
|
3f3657a61b54d495bf2e692289eb92a48fe5a0b2 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests Bug 26911599 Change-Id: I874c9cd4f63c79bc984777ef3b1b654a414c4911
evicepolicy/DevicePolicyManagerService.java
|
70b1751d14610c18439c5d0c4a8dce704eb819a8 |
01-Feb-2016 |
Victor Chang <vichang@google.com> |
Fix that can't launch managed QuickContact in ContactSearch It happens when caller id is disabled but contacts search is enabled BUG=26740020 Change-Id: I4ca79c82ed27f6f1da514b31d8d89fc71fd243fb
evicepolicy/DevicePolicyManagerService.java
|
b4ec8aaaba6ee5f564875741217bdfaf53a10d5f |
01-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Revert "Throw for unknown user restrictions.""
|
2ec157d928b7804367091ee6c146b196ac6841e2 |
01-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Revert "Throw for unknown user restrictions." This reverts commit 3861bf7e73fab9e39e8d1f6e5194f3600ed929a0. Bug 26896902 Change-Id: I26fa0159b5bb832048ccd013054a01f91b54947b
evicepolicy/DevicePolicyManagerService.java
|
c3cd05f8a45ab789aae1cb553df86f94667d595a |
11-Jan-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager APIs for process logging. Add Device Owner APIs for controlling and retrieving the logs. Retrieving the logs should be rate limited unless we are at the risk of losing logs due to constrained buffer space. Bug: 22860162 Change-Id: I80658f5a14e86d7cfd42402fbc5e98dc11698c0e
evicepolicy/DevicePolicyManagerService.java
evicepolicy/SecurityLogMonitor.java
|
f3bc593a627b67425b3b103ff148cf1f3da0fd29 |
29-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Throw for unknown user restrictions."
|
3861bf7e73fab9e39e8d1f6e5194f3600ed929a0 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Throw for unknown user restrictions. Bug 23902097 Change-Id: I78a4b09db880134577d690be0c50ee9a64e6a309
evicepolicy/DevicePolicyManagerService.java
|
dd231a16a1152beacdece7d32a9b85803e0cdb67 |
29-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Merge "Add policy to set the organization name"
|
3e8a7090642d58dcd435121650a243dca262c96a |
25-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Add policy to set the organization name We allow the profile owner of a managed profile to set the name of the managed organization. This name is used as the default header message shown in the confirm credentials screen a.k.a. work challenge. Bug: 26638631 Change-Id: I03c5acc9fffe06cdb9d0d60dd1580b20e21783b1
evicepolicy/DevicePolicyManagerService.java
|
d4efab1173a55618e307f3cef078efa727270955 |
28-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Fix exception when calling setPasswordExpirationTimeout"
|
d07438f300a0321bde09b3fffafa6ffd8771269b |
28-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Fix exception when calling setPasswordExpirationTimeout Prevent exception when calling setPasswordExpirationTimeout on the parent DPM instance. Callen setExpirationAlarmCheckLocked with the parent userHandle was breaking because getPasswordExpirationLocked was trying to call getProfiles on a different user. Bug: 26847085 Change-Id: I9d584573245aba65af7ecf236f2021b47afb5d7e
evicepolicy/DevicePolicyManagerService.java
|
bc0ce990435fe02a356b3e43272f692709f633ed |
28-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Logging of keyguard actions into security log"
|
31502d3d95610930b56bb7931dbd57a997f9ce8f |
25-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Logging of keyguard actions into security log Bug: 22860162 Change-Id: I7dbe68fff7d9d45b6c417d960cf025c8d0694917
evicepolicy/DevicePolicyManagerService.java
|
ca3f6fae604880db14c3f3eb5bc8908c339be0a8 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Fix exception message Change-Id: I6fe4b8b745414ed589337079e2893d87dadb34f5
evicepolicy/DevicePolicyManagerService.java
|
1244ece2e345aea5a64c15c87b107c01dca3f9c9 |
27-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Make DPM.clearProfileOwner() public."
|
5bf68027cf502c2835ad258aec05544958fcd354 |
27-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Make DPM.clearProfileOwner() public. Bug 26827204 Change-Id: Ib32e5370b493aa3e36b869d9ed3d78782df4c895
evicepolicy/DevicePolicyManagerService.java
|
f348e8e22bed4b56fdb0c02702d12b36467dedd7 |
07-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Add policy for enforcing that all users are ephemeral. BUG: 24883058 Change-Id: I8e53ca677c935a6c828dd6ece00b345d0eff182a
evicepolicy/DevicePolicyManagerService.java
|
a269c5d584a572d91a0640bb8f8f58885ff9d71b |
27-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Merge "Add a flag for creating an ephemeral user with DevicePolicyManager#createAndManageUser."
|
c8202c8d1d7c9bc2ee44cec538dc7fa4f95f960f |
26-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Add a flag for creating an ephemeral user with DevicePolicyManager#createAndManageUser. BUG: 24883058 Change-Id: I225ee6f1f6692663349040676e7a6c742b3ede79
evicepolicy/DevicePolicyManagerService.java
|
d7693917a7c7348cb12692116d2693314c29e809 |
22-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Check if the profile password would comply as the device lock Bug: 26801330 Change-Id: Ide31464dd0292ca97b03abe08cdde5b41d517b66
evicepolicy/DevicePolicyManagerService.java
|
697815eddb0139e6d4284b72f9393cf46c6e544b |
26-Jan-2016 |
Victor Chang <vichang@google.com> |
Merge "Launch managed quick contacts without contact id"
|
44a18081546345a0655748717862a89ae6dd7948 |
26-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Merge "Add explicit and persistent user provisioning state."
|
a92e1216ca3af5d03e17734b6b990be5116d07a9 |
25-Jan-2016 |
phweiss <phweiss@google.com> |
Make API createAndManageUser public Remove @hide, and add parameter for specifying profile owner. The PO has to live in the same package as the device owner. Bug: 25288732 Bug: 25860170 Change-Id: I40e8984a71ee9d1ff74e57d4e79e298deef9bc35
evicepolicy/DevicePolicyManagerService.java
|
97bdacc6d124f08a3f1c362fc35a5eed16af9880 |
21-Jan-2016 |
Victor Chang <vichang@google.com> |
Launch managed quick contacts without contact id set contact id to enterprise base contact id if it's enterprise uri BUG=26176780 Change-Id: Ie1160bef22d44c90eb4015783fafdafd160bcdd8
evicepolicy/DevicePolicyManagerService.java
|
ab83fd5739bf475c07e8e7ff140489cdcdcb73be |
25-Jan-2016 |
Robin Lee <rgl@google.com> |
Merge "DPMS organisation API - Add a missing checkNotNull"
|
5f09616e6bb793e789167e3281478b13413d0932 |
25-Jan-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "Add new API function createAndManageUser"
|
d48788c1011893fbe13c5f64db906f140a66dd0b |
25-Jan-2016 |
Robin Lee <rgl@google.com> |
DPMS organisation API - Add a missing checkNotNull Corrects a failing test. Change-Id: I6be8a23caef53d1e9681733e5b340237952bd3e5
evicepolicy/DevicePolicyManagerService.java
|
afad8783699b1ba6f3c7ee5961d6ddc2bd771dc1 |
19-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Add explicit and persistent user provisioning state. Add explicit modelling of provisioning state so that integration of management provisioning flows with packages such as setup-wizard are cleaner, and can be more direct. Previously we relied upon USER_SETUP_COMPLETE secure setting and HOME intents to signal intent, but this is not very clear and can be fragile. Bug: 25858670 Change-Id: Idc56a040f710c3aee281db420f21717da3960722
evicepolicy/DevicePolicyManagerService.java
|
343fb33a9be819bbf33eae2c3f93bc44b3477ecd |
25-Jan-2016 |
phweiss <phweiss@google.com> |
Add new API function createAndManageUser This is a reduced version of the (deprecated) function createAndInitializeUser, that allows the device owner to create a new user and pass a bundle with information for initialization. The new version of the function has the same functionality, but the profile owner of the new user is always the device owner. A flag can be specified to skip the setup wizard for the new user. The new user is not started in the background, as opposed to how createAndInitializeUser did it. Instead, the bundle with initialization information is stored and will be broadcast when the user is started for the first time. Bug: 25288732, 25860170 Change-Id: I4e1aea6d2b7821b412c131e88454dff5934192aa
evicepolicy/DevicePolicyManagerService.java
|
fe434a15d6bde9299b51dc284b336944e5cf8a1c |
25-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Add additional APIs supported work on the parent DPM instance"
|
4c052f237a108457fca3d3864c5654ebd4505111 |
25-Jan-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Implement user affiliation A user/profile is considered affiliated if it is managed by the same entity as the device. This is determined by having the device owner and profile owners specify a set of opaque affiliation ids each. If the sets intersect, they must have come from the same source, which means that the device owner and profile owner are controlled by the same entity. BUG=25599229 Change-Id: I393fe0de70272307ed3c811aaba4b48a5109c562
evicepolicy/DevicePolicyManagerService.java
|
623999185029a2c5baf29efe4ebdcbcdebcca294 |
11-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Add additional APIs supported work on the parent DPM instance Bug: 22543972 Change-Id: I05061e34d120c64d5c49ca6b7b4014d7dadb68f4
evicepolicy/DevicePolicyManagerService.java
|
947f3557a5917617a6a738e3e2c4a2f055601270 |
22-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Merge "Add profile policy to set work challenge background color"
|
59720bb2a67dae70cd2e46a9f611d66e4a3f7221 |
18-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Add profile policy to set work challenge background color Adding a policy for profile owners to set the background color of the confirm credential screen for the managed profile. Bug: 26638631 Change-Id: Iea36b94c5a42b6ae12cc36921ec5f840306e81a1
evicepolicy/DevicePolicyManagerService.java
|
b7cc096fd49e99c01a9e963a895f6d26d685e474 |
21-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Merge "Added restriction if a user is allowed to change the icon. BUG: 25305966"
|
7f1f1dfc8713fbecbab60cfbe14ab4d97d27deee |
18-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Added restriction if a user is allowed to change the icon. BUG: 25305966 Change-Id: I3d527224f00087b2bd959879ebb143e2ecb9c914
evicepolicy/DevicePolicyManagerService.java
|
0fdcd3df83b4af1e6cd89246b5f38401d8062148 |
13-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Added new password quality constant PASSWORD_QUALITY_MANAGED to make it possible to prevent user from unlock modification. BUG: 25549437 Change-Id: Iae9adccbb8f9e1db8a21d596137f69f6cad54988
evicepolicy/DevicePolicyManagerService.java
|
45aab9d974d896e56cf66e4078c1841b7c90907f |
15-Dec-2015 |
Michal Karpinski <mkarpinski@google.com> |
Applying finalized strings for remote bugreports Bug: 26226230 Change-Id: I0764a2d8c67a5d14d91c3e3162f407c74adb7bf8
evicepolicy/RemoteBugreportUtils.java
|
a8c8851caa0d1d44eccfcae2e01a2b6e7235d290 |
18-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "DPM changes to support remote bugreports"
|
206747d9f60a0f554aac71c9da9ccfe1a6582c80 |
15-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Fix Device policy crashes after adding the account while checking isActivePasswordSufficient The calls to LockPatternUtils#isSeparateProfileChallengeEnabled require MANAGE_USERS permission, wrapped them in a clear identity Bug: 26565169 Change-Id: I4a18cec3ae7beb13320350d4c3fdc63e4a7d741d
evicepolicy/DevicePolicyManagerService.java
|
b68d2d5b68dc58fb7b75ce94af74de58a1b9d3f9 |
14-Jan-2016 |
Robin Lee <rgl@google.com> |
Merge "Always-on app VPNs"
|
3fc437e89b018f258a3dee1a83014555aa156dc4 |
15-Dec-2015 |
Michal Karpinski <mkarpinski@google.com> |
DPM changes to support remote bugreports Bug: 22860136 Change-Id: If984318e421f511d9b0fc7138aacd36d5334698f
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
evicepolicy/RemoteBugreportUtils.java
|
a1771110d67fa7361f92d92f2e91019882ce3305 |
18-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create Work Challenge per-user condition Change the current static condition to a per-user condition so we can check and enable/disable the work challenge properly. Also add an isAllowed API, as the Work Challenge can only be used when the user's DPC targets N or above to maintain backwards compatibility. Change-Id: I0cb8b475838816801868ffb24726407aa257b4de
evicepolicy/DevicePolicyManagerService.java
|
244ce8ef5f201cf403bab43df8281671a9e94512 |
05-Jan-2016 |
Robin Lee <rgl@google.com> |
Always-on app VPNs Bug: 22547950 Change-Id: I46b204170bfac58d944f39b22f815b080de71a58
evicepolicy/DevicePolicyManagerService.java
|
c754dffe1980cb6c3be96fb258b046dfcdf82353 |
12-Jan-2016 |
Victor Chang <vichang@google.com> |
Merge "Create a new device policy for controlling work contacts search"
|
1060c61866d57bd82cc474447205471c15e0d901 |
04-Jan-2016 |
Victor Chang <vichang@google.com> |
Create a new device policy for controlling work contacts search BUG=25981902 Change-Id: I5cea59d7d09bf54051ae0e56e824e4d3a08a49e7
evicepolicy/DevicePolicyManagerService.java
|
3e826effedc89e326114a7abcbdd4ac7b3e125c0 |
14-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create parent APIs in DevicePolicyManager This change creates the infrastructure for a parent DPM and implements the actual parent APIs for - set/getPasswordQuality - isActivePasswordSufficient This is part of the Separate Work Challenge Change-Id: I0477051b3162cbb26aac79467da08932f22fd1b7
evicepolicy/DevicePolicyManagerService.java
|
51f3908c6a788f82d8188762c0680594a54b17ae |
06-Jan-2016 |
Jeff Sharkey <jsharkey@google.com> |
Merge "Consistent naming for PackageManager methods."
|
e06b4d1d9f718b9fe02980fea794a36831a16db2 |
06-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for PackageManager methods. When hidden PackageManager methods take a userId argument, they should be named explicitly with the "AsUser" suffix. This fixes several lagging examples so that we can pave the way to safely start passing flags to new methods without scary overloading. Also fix spacing issues in various logging statements. Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
evicepolicy/DevicePolicyManagerService.java
|
06de4e77c20be239384262b1508f0cf53bedb145 |
22-Dec-2015 |
Kenny Guy <kennyguy@google.com> |
Add support message for device admins Allow admins to set a long and short support message for settings to display. Bug: 25659579 Change-Id: Ib645490785642e49c69d8dbc65455eb3398547ee
evicepolicy/DevicePolicyManagerService.java
|
137241c714734d5559b3a3b3bd1d5c900ca7a879 |
30-Dec-2015 |
Sudheer Shanka <sudheersai@google.com> |
Update an error message. Change-Id: Ifc32120ccccd14e8e821770995de91008ed518d7
evicepolicy/DevicePolicyManagerService.java
|
f3378a29e9c270f1cbfebb126de6f14355ccba08 |
17-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Merge "Device or profile owner can let another app manage app restrictions"
|
699d537d1b7410268c639653e66746398101ff81 |
17-Dec-2015 |
Mahaver Chopra <mahaver@google.com> |
Merge "Adding DPM.reboot"
|
bf60f728cc7ed326fb8978afd9f589a685bb87b7 |
10-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Device or profile owner can let another app manage app restrictions The device or profile owner can allow another package to set app restrictions for any app in that user Similar to the way it can give permission to access CA certificate related APIs from M. Bug: 22541936 Change-Id: I0c1b0804ad300dfa4fbdc1c7721c5d8653d77861
evicepolicy/DevicePolicyManagerService.java
|
1e2839188fb49575b86646d3aadb355c81ef9cc5 |
26-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Wire call to suspend a package Adds APIs in DevicePolicyManager and PackageManager for allowing a device admin to suspend a package. PackageManagerService sets or unsets a new PackageUserState 'suspended' setting. Terminal command to suspend/unsuspend has been added via PackageManagerShellCommand (as root). Next steps: * use the new 'suspended' setting for denying access to start app (probably in ActivityStackSupervisor) * broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up * remove app from recents (go further and kill it if it is running) * erase existing notifications for this app Bug: 22776576 Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
evicepolicy/DevicePolicyManagerService.java
|
1ce53bc571563d8bf448a81a38da342ed5413ee4 |
14-Dec-2015 |
Mahaver Chopra <mahaver@google.com> |
Adding DPM.reboot Adding new policy in DPM to trigger reboot on the device. Requirement: Device owner can reboot the device if it is stuck or is not useable due to some unresponsive UI. Bug: 25304994 Change-Id: I7a6d5c8ad611de9c1cf6619378e492a306b41626
evicepolicy/DevicePolicyManagerService.java
|
5b9f167a8e7395ca54fc0ef78af4523858de87a7 |
11-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Only system can set application restrictions via UserManager Preventing apps with MANAGE_USERS from managing application restrictions via UserManager. Application restrictions should only be set via DevicePolicyManager.setApplicationRestrictions, or via Settings (for restricted profiles). Bug: 22541936 Change-Id: Ieed51ef54b4c23a73f383465e9af9b3bcf18a514
evicepolicy/DevicePolicyManagerService.java
|
055d8396ef6b99f9dcd639e98cce6029fca1c145 |
11-Dec-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Allow PO to set DO restrictions if it's on user 0"
|
5485ed46ff337769589c6e06b3469246e60b9e3b |
09-Dec-2015 |
Makoto Onuki <omakoto@google.com> |
Allow PO to set DO restrictions if it's on user 0 Bug 26091525 Change-Id: Ie6d2cd4ade076d8d2ec47243ff1280b95b7c9044
evicepolicy/DevicePolicyManagerService.java
|
55c46f291dda5012e7ed0548653d7b8ca7a424e2 |
25-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Clean up DPM/DPMS to reduce code size. Change-Id: Id6c1666ef4cdba795e3b6e4ddcb9c32e6ee90665
evicepolicy/DevicePolicyManagerService.java
|
fbc65644b9bda216699f5f1f883d6dfa2668e545 |
03-Aug-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy API to remove an installed KeyPair The keypair is specified by alias and removed via a call to the KeyChainService, which will have installed the pair in the first place. Bug: 22541933 Change-Id: I37317e7c22e89816156e6e9a7abf4c5a59e8440a
evicepolicy/DevicePolicyManagerService.java
|
ee3a437464026219ceec03c633e61b55e2f12a1d |
19-Nov-2015 |
Robin Lee <rgl@google.com> |
Send pwchange broadcast to caller only in FBE case When per-user encryption is set up and we change the password of a profile, the parent and other profiles shouldn't receive an ACTION_PASSWORD_CHANGED as they have their own distinct passwords. Change-Id: I70d4ec81277a9bdc3ac6cd952b84cd769a2800b4
evicepolicy/DevicePolicyManagerService.java
|
10ad84a17d7248488c1653bacc9f20d3a7193999 |
01-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create a separate Work Challenge check This allows us to tell lock checks from FBE checks separately, and will be useful when dealing with password unification. Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8
evicepolicy/DevicePolicyManagerService.java
|
29fcf1b1dbb7740836eb78e06d3ef4fc5769623d |
26-Nov-2015 |
Clara Bayarri <clarabayarri@google.com> |
Apply Admin password restrictions to work profile When the Work Challenge is in place, re-route the enforcing of Admin policies on the password to the work profile. The Admin should not be allowed to dictate policies on the device lock in this case. This is part of the Separate Work Challenge feature. Change-Id: I757973e540797b5fb10bea7a2fd1925561655bc9
evicepolicy/DevicePolicyManagerService.java
|
968dea0969c6aec651b91845e8d63462c5f20609 |
03-Dec-2015 |
Robin Lee <rgl@google.com> |
DPMS: Replace ArrayList<>(1) with SingletonList Change-Id: I78f8230d959f17c3aa2f248122973a8cd5c96693
evicepolicy/DevicePolicyManagerService.java
|
574f038a571ec9e1fd26db35a187b2f06b7484fd |
02-Dec-2015 |
Robin Lee <rgl@google.com> |
Resolve merge conflicts of 5ec51457e1 to master. Change-Id: I70c12ad663c3b4d3b5e3b8f40bc659cb94d82c14
|
9c165d76010d9f79f5cd71978742a335b6b8d1b4 |
02-Dec-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add optional permission review for legacy apps - framework For some markets we have to allow the user to review permissions for legacy apps at runtime despite them not supporting the new permission model. This is achieved by showing a review UI before launching any app component. If an update is installed the user should see a permission review UI for the newly requested permissions. To allow distinguishing which permissions need a review we set a special flag in the permission flags that a review is required. This flag is set if a runtime permission is granted to a legacy app and the system does not launch any app components until this flag is cleared. Since install permissions are shared across all users the dangerous permissions for legacy apps in review mode are represented as always granted runtime permissions since the reivew requirement is on a per user basis. Whether the build supports permission review for legacy apps is determined by a build constant allowing us to compile away the unnecessary code for markets that do not require a permissions review. If an app launches an activity in another app that has some permissions needing review, we launch the permissions review UI and pass it a pending intent to launch the activity after the review is completed. If an app sends a broadcast to another app that has some permissions needing review, we do not deliver the broadcast and if the sending app is in the foreground plus the broadcast is explicit (has a component) we launch the review UI giving it a pending intent to send the broadcast after the review is completed. If an app starts a service in another app that has some permissions needing review, we do not start the service and if the calling app is in the foreground we launch the review UI and pass it a pending intent to start the service after the review is completed. If an app binds to a service in another app that has some permissions needing review, we schedule the binding but do not spin the target service's process and we launch the review UI and pass it a callback to invoke after the review is completed which spins the service process and completes the binding. If an app requests a content provider in another app that has some permissions needing review we do not return the provider and if the calling app is in the foreground we show the review UI. Change-Id: I550f5ff6cadc46a98a1d1a7b8415eca551203acf
evicepolicy/DevicePolicyManagerService.java
|
28860b7570d2b3e7bc6a136a7bb7312e5aaf6e61 |
26-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Fix for being able to setup Managed User from system user. Also move feature flag check to ensure it is used in all cases. Change-Id: If42787c5bc9ab824449c70f90fb827cf2da7507f
evicepolicy/DevicePolicyManagerService.java
|
777ef95ebf18c61ff09e7567a06058d351c530ca |
26-Nov-2015 |
Yohei Yukawa <yukawa@google.com> |
Use Context.getSystemService(Class<T>) for InputMethodManager. This is a mechanical replacement of Context.getSystemService(String) with Context.getSystemService(Class<T>) when retrieving InputMethodManager. Note those are bundled code. Hence we don't need to make sure Build.VERSION.SDK_INT >= 23. Change-Id: Icc64942ad8f11e44bf84f8d4fe476b2fdd1257f3
evicepolicy/DevicePolicyManagerService.java
|
e7927da1b6dc4f96714aa9bc4fbb71b3659f8cea |
25-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Don't call DPM from UserManager to avoid lock inversion - Also make sure DPMS.mOwners is always guarded with DPMS.this. (and remove synchronization from Owners.) Bug 25796840 Change-Id: I83f7b78e7b437d9c2a2b1d6e714346cd15f95330
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
3ab6f2e219c167fd35f16b6cf233ae6a39d9de02 |
05-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DA receiver should be protected with BIND_DEVICE_ADMIN. - DPM.setActiveAdmin() will not accept DAs without BIND_DEVICE_ADMIN when it's targeting NYC or above. - DAs without BIND_DEVICE_ADMIN targeting MNC or below will still be accepted. (with a logcat warning) - DAs that are already set on a device without BIND_DEVICE_ADMIN will still be accepted regardless of the target API level, even when it's upgraded to a version targeting NYC. Bug 24168653 Change-Id: I1914c2ec99135d9dd8cbac3f6914f9e43bafacc8
evicepolicy/DevicePolicyManagerService.java
|
a31ebbc439364a4993e79fd385cf6373408a42fe |
24-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Add DO API to get wifi mac address Bug 25496044 Change-Id: Ib1f0ce4ca10951edcfaa0aa79ae5c2d142a74599
evicepolicy/DevicePolicyManagerService.java
|
c8a5a555f1482d0f45b538eb898d6ee7e26552a6 |
19-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user - Previously on MNC, they would return the same result regardless who the calling user is. - Now they properly take DO user-id into account. Meaning, they'll always return false and null respectively, if the calling user doesn't run device owner. - Note isDeviceOwnerApp() is a public API and getDeviceOwner() is a system API. Meaning we're changing the behavior or non-private APIs. - Also cleaned up hidden APIs, and gave them explicit suffixes to avoid confusion. Bundled code should prefer them for clarity. Now we have: * APIs that work cross-users: They all require MANAGE_USERS. boolean isDeviceOwnerAppOnAnyUser(String packageName) ComponentName getDeviceOwnerComponentOnAnyUser() int getDeviceOwnerUserId() boolean isDeviceOwnedByDeviceOwner() String getDeviceOwnerNameOnAnyUser() * APIs that work within user. No permissions are required. boolean isDeviceOwnerAppOnCallingUser(String packageName) ComponentName getDeviceOwnerComponentOnCallingUser() Bug 24676413 Change-Id: I751a907c7aaf7b019335d67065d183236effaa80
evicepolicy/DevicePolicyManagerService.java
|
15a46b07c5734b14df60ea28ab7a7cd26df2fc17 |
11-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Add method isManagedProfile and isSystemOnlyUser Adding method isManagedProfile() and isSystemOnlyUser() for DPC to know if running in a managed profile or system only user Bug: 24464823 Change-Id: I79974fdfd60d2bfe52dee3b4c95becf47a5bf0b1
evicepolicy/DevicePolicyManagerService.java
|
42490c074dc8ff568d0459ed0f9247d55ad95c2f |
23-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Remove UserManager.setSystemControlledUserRestriction()"
|
ac65e1e1dba1cf0ea237a389220ec818ade07a16 |
21-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Remove UserManager.setSystemControlledUserRestriction() Now that we don't have UM.setUserRestriction*s*() that could remove all existing restrictions, there's almost no point handling DISALLOW_RECORD_AUDIO differently. Now DISALLOW_RECORD_AUDIO is handled just like other restrictions, except we don't persist it. Bug 24954662 Change-Id: I27875b4a74dd95a3ce6bb774081eeaf718eaec15
evicepolicy/DevicePolicyManagerService.java
|
883f12ac5ac818e678af46b64a3f6e97b51caabe |
23-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Merge "Revert "Disable multiple user for corp-liable mode""
|
86e5d6b868aec6fa4d3070f36d458798968c85f9 |
23-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Revert "Disable multiple user for corp-liable mode" This reverts commit 1dc510eb5bc7f279002a3479f24761f08cc390f7. Change-Id: I12ea8275369cbdc4e95b21c7f5d51b4f0e5da7b2
evicepolicy/DevicePolicyManagerService.java
|
9aa233899f7cf5c1cdf4181412a9e197d83ab1a3 |
23-Nov-2015 |
Ricky Wai <rickywai@google.com> |
Merge "Add work contacts directory support in Quick Contacts API"
|
494b95d30266335044a854845219b6e34cf43edb |
20-Nov-2015 |
Ricky Wai <rickywai@google.com> |
Add work contacts directory support in Quick Contacts API Bug: 25764505 Change-Id: I61f9d13ea03352e3df1686ee4b3bcc43e9a9a760
evicepolicy/DevicePolicyManagerService.java
|
71c84e515e73f6a3cb30d68fc81f88e1bd02b5e3 |
23-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Merge "Disable multiple user for corp-liable mode"
|
09b108e2bb6b585947249eda92c047d0b582e8a0 |
21-Nov-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added keep-uninstalled-packages DO policy"
|
cb6fd80721253ffa9dcab5cf8c2f4e9b9cd17ccc |
05-Nov-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Added keep-uninstalled-packages DO policy This policy allows DO to specify a list of apps to cache even without being installed on any user. Bug: 23938464 Change-Id: I2eeab7f148409739fc23a5c44e955ad12b63fd04
evicepolicy/DevicePolicyManagerService.java
|
1dc510eb5bc7f279002a3479f24761f08cc390f7 |
19-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Disable multiple user for corp-liable mode Bug: 25443050 Change-Id: Iad34e7ad0d3679626880f905f9bab9b6c2a192ed
evicepolicy/DevicePolicyManagerService.java
|
d7b43dd4bb315d9456f6eb74097d60a806b2db70 |
20-Nov-2015 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Add per-user version of DevicePolicyManager.getUserRestrictions."
|
1fae502824dfb77a109fedd80dad61fe094d8284 |
19-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "More work on layered user restrictions."
|
1a2cd74526113b45d9108b6997609122c4311fb1 |
16-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
More work on layered user restrictions. - Now when DO/PO sets a user restriction, DPMS pushes it to UMS and then UMS persists it, in order for UserManager.hasUserRestriction() to never have to talk with DPMS, which would cause lock inversion. - Also apply user restrictions when a user start. - This is an updated version of the abandoned CL -- the difference is, ActivityManager no longer has to call DPMS. - Also removed an unnecessary write to userlist.xml in UMS. upgradeIfNecessaryLP(). Bug 23902097 Bug 25388912 Bug 25354031 Bug 25641040 Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
5145df278bc7b607599e81370a2aecbfe0834c0c |
19-Nov-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy: Always send ACTION_PASSWORD_CHANGED The old check looks a lot like an equality check, but it's not valid because two passwords can share the same parameters. For example: '11Aa' and 'Y99z' Are not different according to the old logic. Bug: 25319928 Change-Id: Ia69861d9103670d1fc1dbf0130516e18e85e8de0
evicepolicy/DevicePolicyManagerService.java
|
ba51235ef5c598d845b77fcf14491329493da34f |
13-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
More file-based encryption work. Add new "am unlock-user" command so we can trigger changes from the command line. Move FBE check to static method so it can safely be called early during boot before the mount service is ready. Move FBE emulation to persisted system property, and start reading/writing that value. Change default permission grants to ignore current encryption-aware flags, since many of the target apps aren't crypto aware. Always prepare package data directories, which is how we create the new "user_de" paths during boot. Bug: 22358539 Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621
evicepolicy/DevicePolicyManagerService.java
|
a87401054fc6960c4b0ac2d361ddbcf415350b33 |
17-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Allow PO to clear password even if the same apk has DA"
|
c2f521a7d8eb40d92ae32f7828f14fb26be63c1a |
17-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Allow PO to clear password even if the same apk has DA Bug 25645900 Change-Id: I7d2d9fbf6a4dc65ac63fb14e6ee6b9abc1f1c0e7
evicepolicy/DevicePolicyManagerService.java
|
1c277a5d8f79ebf8beeb80f67b67512d9217d953 |
11-Nov-2015 |
Sudheer Shanka <sudheersai@google.com> |
Add per-user version of DevicePolicyManager.getUserRestrictions. Bug: 25663001 Change-Id: Ic5b34fee7b57670c338f11263330a1c702002edc
evicepolicy/DevicePolicyManagerService.java
|
0c9ce28c12c187f44ba0a7cba5fa2b452de0bcee |
17-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Fix edge-cases for split-user provisioning cases. Split-user systems will allow for combinations of management modes, specifically managed-{user,profile} on systems with a device-owner. Bug: 25671630 Bug: 25680065 Change-Id: I5716f55eb6c8318129b4614adc22897d53901bee
evicepolicy/DevicePolicyManagerService.java
|
46dd449420c52a8bb30f5bfe839c6043392381a1 |
09-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Add new ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE intent action. Bug: 25462877 Change-Id: I14bcabf993436d9936091aa82fab698eced9e4d6
evicepolicy/DevicePolicyManagerService.java
|
70f929eedec10b154170ad66c9d53f18bfc4f613 |
11-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Disallow DA to reset password, also fix all DO checks Now pure DA (not PO, not DO) aren't allowed to change the password if one is already set. Also update "isDeviceOwner" check and make sure we always take user-id into account. If one really wishes to check the package name only, then use getgetDeviceOwner() instead. Also change the enforceNotManagedProfile() check to what's more generic in the FBE world. Bug 25645900 Bug 25547523 Bug 25643916 Change-Id: I588ecf9452fe3acc1fb0b4ca0457ad662382fcd2
evicepolicy/DevicePolicyManagerService.java
|
bfd2290824069b6eaeae4fdfd9a52c60bd73689e |
12-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Merge "Introduce APIs in DPM for setting/getting the device owner info"
|
54b5f25b85e4bf4df82cb7450114fb9849f1ae58 |
12-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Revert "Do not call into ActivityManager from DPMS within DPMS lock""
|
219bbafc3fa40dae163d652365cc4a97d613011f |
12-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Revert "Do not call into ActivityManager from DPMS within DPMS lock" Bug 25567963 This reverts commit 53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd. Change-Id: I4faaa0b4c50d75e208f37b99bc1d6e2f0fff8127
evicepolicy/DevicePolicyManagerService.java
|
6644cd9630be363a25af5e1327f41e16ca868556 |
10-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Introduce APIs in DPM for setting/getting the device owner info This information, if set, will be shown in the lock screen instead of the user owner information and the settings tile will be made readonly (implementation in following CLs). Bug: 22547309 Change-Id: Ic826d8049bc67f5e8fcfa6a91aa2017247c93b11
evicepolicy/DevicePolicyManagerService.java
|
246b5a0993978202b19a7c02d355fddfd9506798 |
10-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Do not call into ActivityManager from DPMS within DPMS lock"
|
53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd |
07-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Do not call into ActivityManager from DPMS within DPMS lock This will allow AMS to call into DPMS within the AMS lock instead, which will help I1537bd57b34696768ee81a979d53bb396efbc12a. - AM.clearApplicationUserData() will not be allowed for any DA apps. Bug 25567963 Change-Id: I9f0d071c815a011be4f4c85c502c39d0fe0fe5e8
evicepolicy/DevicePolicyManagerService.java
|
5e73256a48cdb10fc72779ce1644d2e13b6669b7 |
05-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Add ACTION_PROVISION_MANAGED_USER Adding ACTION_PROVISION_MANAGED_USER to DevicePolicyManager. Bug: 25462684 Change-Id: Ic90c3471f3a9c431d728197a19ab25b9946f090a
evicepolicy/DevicePolicyManagerService.java
|
d59262667cbcdfedd9b03dccaa26a9a000486350 |
09-Nov-2015 |
Nicolas Prévot <nprevot@google.com> |
Merge "Add method to tell the dpc if provisioning is allowed."
|
6d2beef6a819aebed4119ca06cb2369bc56dd214 |
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Add DPM.getUserRestrictions()"
|
3a3092fab0ccb631bc70de64f3bbe5c076a1f94b |
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Add DPM.getUserRestrictions() This returns per-DO/PO restrictions. Bug 23902097 Change-Id: I225c1b01444fe2f60e5a6674d327182cc9bb15dc
evicepolicy/DevicePolicyManagerService.java
|
86cd001e364d0d0a8253cf4ee14acd13915cbd9a |
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and"
|
0953033842333532eaa529c53cbf7a94c79a7a97 |
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Do not allow DO and PO running on the same user."
|
803d6757fd23096e437e6fecd51ea6dda918b536 |
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Do not allow DO and PO running on the same user. Bug 25346603 Change-Id: Ic5fbed82466a538fbf64ef802fc2624dd67313bb
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
d45a4a2ecb18701b4cfadcb4a26663f2eab642fe |
03-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and ... DISALLOW_ADJUST_VOLUME, instead of UserManager pushing new settings to AudioService. Also: - Allow PO to set these two restrictions. - Now AS.setMasterMuteInternal() respects mUseFixedVolume to make it consistent with readPersistedSettings(). - When a user switches and restores the mute state in AS.readPersistedSettings(), also check the current user restrictions in addition to system settings. Because of the delay in AudioService before persisting the mute settings in setMasterMuteInternal() and setMicrophoneMute(), there's was an edge case DISALLOW_UNMUTE_MICROPHONE and DISALLOW_ADJUST_VOLUME would be ignored when the user switches right after they are set. Bug 24981972 Change-Id: I4d9b709a0a0e6812319204568c6e44d6664bdeb4
evicepolicy/DevicePolicyManagerService.java
|
07387fedfafa72bcb68defd801eef82f1f494d7c |
30-Oct-2015 |
Nicolas Prevot <nprevot@google.com> |
Add method to tell the dpc if provisioning is allowed. The DPC can use it to tell if provisioning a managed profile or for device owner would work or not. BUG:25338478 Change-Id: I09ea6a9f23a8e88e4ed37c048170b2a68213086e
evicepolicy/DevicePolicyManagerService.java
|
965da39942f9a8736f785f7c57a6c351a8c89d6b |
28-Oct-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create a File Based Encryption check API Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31
evicepolicy/DevicePolicyManagerService.java
|
82402753815ff4633cc572713ae490a17d9129e5 |
28-Oct-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Introduced short-term lock for UMS internal state Added mUsersLock - short-term lock for internal state, when interaction and synchronization with PM is not required. Modifications to mUsers and mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and mUsersLock. While reads can use mUsersLock. Testing revealed that the following methods in UMS often cause contention: - exists - getUserInfo - getProfileParent They all now use a short-term lock mUsersLock for reads. Bug: 24979571 Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
evicepolicy/DevicePolicyManagerService.java
|
4f16073556f7978708fb71c87628cfe1692412d5 |
28-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Make UserManager enforce user restrictions, not DPM. - Now even if a user restriction is set via UserManager, it'll be correctly enforced. - Changed the way AudioService enforces the OP_MUTE_MICROPHONE and OP_AUDIO_MASTER_VOLUME app ops -- previously, when they're set, even a muting call would be rejected. This was why DPMS.setUserRestriction() used different calling orders for DISALLOW_UNMUTE_MICROPHONE/DISALLOW_ADJUST_VOLUME depending on setting them or clearing them. Now, even when the app ops are set, we still allow muting calls. Bug 23902097 Bug 24981972 Change-Id: I865b5de43e15f5955f94006475a5ec6254904d31
evicepolicy/DevicePolicyManagerService.java
|
759a763f5f03fda86b96d238faedb870fbee24ec |
29-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Allow DO to disable camera device-wise. Bug 24538855 Change-Id: I421690f14ee57fa818d2b233fe48a90a0a575a9e
evicepolicy/DevicePolicyManagerService.java
|
068c54a5be697c3df4657dcda33cd17c4b547710 |
13-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Layer user restrictions - Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin. - User restrictions set by DO/PO will no longer be saved by UserManger. Instead, when needed, UMS will consult DPMS to build "effective" user restrictions. - UM.getUserRestrictions() will now always return "effective" user restrictions. - DPMS migrates existing user restrictions per the eng spec. - Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has been removed. This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no longer be a valid use like it used to be. - Also introduced a fined-grained lock for user restrictions in UM to avoid deadlock between DPMS and also for better performance. Bug 23902097 Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
6655630c962c68e5ca510f4d3249d00e819336f8 |
21-Oct-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Clean up UserHandle.isOwner() in frameworks Bug: 24869636 Change-Id: Ibebd7d0762f5375ee93ec101e7ab5578769bd9f6
evicepolicy/DevicePolicyManagerService.java
|
07b668e3abbc752028e92759b9b55ecf63fc91c3 |
13-Oct-2015 |
Clara Bayarri <clarabayarri@google.com> |
Enable Work Profile passphrase verify/write with FBE When File Based Encryption is present, allow the verify/write of passphrases to be per-user (it used to always bubble up to the parent user assuming it is a per-device passphrase). This is part of the work for the Separate Work Challenge. Change-Id: I5ae6b7b6ed1dd25aed0843d495b6f5f36e01c4eb
evicepolicy/DevicePolicyManagerService.java
|
a52562ca9a4144cf30e6d5c6ffe856cc8e284464 |
02-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
setDeviceOwner() now requires a full component name. Bug 20149907 Change-Id: I24e66159d1d966925aa3a494b1e2839b07cdafa2
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
a4f119790e32fcce56586e7324d508e35cb30a2a |
01-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
First cut of user restriction layering. - Start persisting restrictions set by DO/PO. - Also dump user restrictions on dumpsys - More changes will follow, including migration. - Now System settings are mockable. Bug 23902097 Bug 23902477 Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
e7ee54ee7f4985bc743053d38d21f33c70220f05 |
21-Sep-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove device initializer agent Bug: 23216982 Change-Id: I867c0b5f4165983d1ed2623a655f6a2a5e3770bb
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
72a3a0c7d24f629bca38ee2652491307e4e706da |
26-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Fix OwnersTest when run with -e package It was because UserManager.get() returns a static cached instance but we should always be using the mock instance that's created for each test. Bug 24378326 Change-Id: Id4663e7676d2d0130622055a97fbde0884714349
evicepolicy/Owners.java
|
b643fb0e67460344ade2e3db92738999f8168496 |
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Use a factory class for dependency injection, add more tests. - Extracting into a factory allows us to use mocks in other classes. (Such as Owners.) - Also removed broken test ApplicationRestrictionsTest. Instead added a new simplified test to DevicePolicyManagerTest. - Also stop caching rarely used instances in DPMS. Bug 24061108 Bug 24275172 Change-Id: Ice9e57204b18e7b5f6b115126dab2209041439c2
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
f76b06a6b546f430cf85e561858ed12eedc32b81 |
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Test more DPM APIs. Bug 24061108 Change-Id: Ia9da19f62c0f4edf53ca1f4c213f0368ec1983ba
evicepolicy/DevicePolicyManagerService.java
|
f85c97741485a53c1cca5d9d6192a9436d91a044 |
23-Sep-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Cleanup USER_OWNER in DPMS This cl assumes device owner will continue running under user 0. Bug: 19913735 Change-Id: I65c97f6f14fb362acbdcb6588b73787291100698
evicepolicy/DevicePolicyManagerService.java
|
cc4bbeb76af92a8484fe05f37c4ff412b4c47ccc |
17-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Make DPM/DPMS unit-testable - Now all services that DPMS uses are injectable. - Introduce some wrappers to make static methods and final class mockable. (e.g. for Binder.getCallingUid()) - In unit tests we replace those with Mockito mocks, except we use a partial mock for PackageManager, because we use way too many methods of this and most of them are okay to use directly. - To install a partial mock to PackageManager, I needed to make ApplicationPackageManager @hide public non-final. - For a starter, added tests for DPM.setAmin(). Bug 24061108 Change-Id: I2afd51d8bc0038992d5f9be38c686260be775b75
evicepolicy/DevicePolicyManagerService.java
|
287971d613b647c0990f8680945ef4ba64f290ca |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Make sure DO user is running even if caller is shell/root. Bug 23827706 Bug 23994401 Change-Id: Ie2fbc3ab07901e3d0a9898c910c69d993583084e
evicepolicy/DevicePolicyManagerService.java
|
cb150cd81a66d2b59fc2ba05d788c307cad22207 |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix the "User not running: 0" issue"
|
299878c9cf9bafdee4b0715de3202bd633162d03 |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Fix the "User not running: 0" issue Bug 23994401 Change-Id: I580730e7c895f00adf278a2d6709284fff0fc28b
evicepolicy/DevicePolicyManagerService.java
|
688b5f4f29f623258fe12c99166c978db0bf128b |
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Cleanup: rename loadDeviceOwner() to loadOwners()"
|
58b684f1cdc52467b71c42cfae18433a19ce7d0b |
04-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
[split system] Tentatively support running DO on meat user - setDeviceOwner() now takes a user ID. (We can infer it from Binder, but we still need it for the dpm command.) - Change broadcast target UID for DO to the DO user - Start the DO user on boot complete. TODO Investigate whether this is actually the good timing. TODO Prevent the DO user from being killed Bug 23827706 Change-Id: I227dbd444f1f4e94d98c317489d151554fe79d91
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
f024f048dee270252bcc728350f0ac1ad3a8e420 |
04-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Cleanup: rename loadDeviceOwner() to loadOwners() Change-Id: I68e3367b1e70022f9501cf998e1860a6ce7d496b
evicepolicy/DevicePolicyManagerService.java
|
2714d448b12797a5050834f952fd1166246e558e |
03-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Replace all occurrences of HashMap/HashSet with ArrayMap/ArraySet. Also fix the command line for OwnersTest in javadoc. Change-Id: I53c222aa13eee179c5abf7e6ba95c6cbe9a7f47f
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
c9754cf0dfa66d39ce9ea0d2eeab5f7c442a9686 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Add unit tests for file persisting in Onwers. Bug 23432442 Change-Id: If10ed5a46084695b2aca1286713b8baea8c2a418
evicepolicy/Owners.java
|
28988383182073aad6b96688db5b2801c42b11d7 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Fix bug in Owners It was always failing to read policy files. Bug 23432442 Change-Id: Ia71a746bbed279c4b27a9ebdf454a3cb4dfa786d
evicepolicy/Owners.java
|
99aeac27ebc5ad54c0095122251cc0258713c263 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Rename DeviceOwner to Owners Bug 23432442 Change-Id: Ic59c880d45126fbcf50b1bd31e37b2b64e2f3a6d
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
evicepolicy/Owners.java
|
39e784dd46fe4c7257bf63d0a60167abb2b28f79 |
22-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Split device owner config files DPMS.mDeviceOwner is now always non-null, so no null checks are needed. Bug 22802261 Bug 23432442 Change-Id: Ia8e5f114ecfc0add44b0d1be7d043ef6e37019ef
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
ed969e18f8e9a0d9ec9a7dc423a1105899a1fb57 |
24-Aug-2015 |
Rubin Xu <rubinxu@google.com> |
Reactivate backup service after device owner is cleared. Bug: 23474411 Change-Id: I99da846493eb749828517d27f4384ab3fe647df5
evicepolicy/DevicePolicyManagerService.java
|
e3b07451c3ca7064cb70f1829cf35963cba74bd8 |
22-Aug-2015 |
Adrian Roos <roosa@google.com> |
resolved conflicts for merge of bcc26c02 to master Change-Id: I4260ff0d090cfa9741fd3adcfcadcbbff6839388
|
b5e4722891e7bbf2fffcd995af02838667a3abab |
15-Aug-2015 |
Adrian Roos <roosa@google.com> |
Add StrongAuthTracker Bug: 22846469 Bug: 22115393 Change-Id: I6ef5322d02e540fc043e7f20d3aabf595ce7c224
evicepolicy/DevicePolicyManagerService.java
|
4afb83e912fc46db64297a1734f1d5959e3caff4 |
21-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Clear cross-profile intent filters in the right user. Clear them in the parent, who is not always the owner. BUG:23105562 Change-Id: Iae2adbfa6b4d6e982f6f2a4075dd8bd55b11c37e
evicepolicy/DevicePolicyManagerService.java
|
741abfc12074623d24297ebb67d98cb2d9126add |
11-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Fix cross-profile intent filters with system-user split. Don't assume that the parent is always the user owner. BUG:23105562 Change-Id: Ia98ed608e2b6d1d82d95a73110134d85274c6abf
evicepolicy/DevicePolicyManagerService.java
|
2af03d2a7ac0eff78d1646b66e242b17e12165cd |
10-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Send the MANAGE_PROFILE_ADDED broadcast to the correct user. Send it to the parent, who is not always the user owner. BUG:22753960 Change-Id: Ibd0edb78be4b3bdfc9fc31fd05e50fe3bf8bb493
evicepolicy/DevicePolicyManagerService.java
|
c1836bb0f1bf3e5ef0911719525da0bab3e53507 |
31-Jul-2015 |
Dianne Hackborn <hackbod@google.com> |
Merge "Change MNC codename to just M." into mnc-dev
|
9a81a182df634ab7a087752c9a10db67c5d0f256 |
31-Jul-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Don't always transfer device owner status to other users." into mnc-dev
|
e2a4a6ff8a83a4216824b2d40a323e56814d0463 |
28-Jul-2015 |
Nicolas Prevot <nprevot@google.com> |
Don't always transfer device owner status to other users. A device owner cannot use device or profile owner policies on other users unless it is profile owner there. Also limit device initializer to system apps only. Bug: 21800830 Change-Id: Ie1abbd891945b91b17ecdf7f73ba93aaa19819be
evicepolicy/DevicePolicyManagerService.java
|
0e3de6cacaffcfeda4d6353be61e2f1f9ed80705 |
30-Jul-2015 |
Dianne Hackborn <hackbod@google.com> |
Change MNC codename to just M. Change-Id: I4281d200ff6560791c47cf9073ceea1cb509361e
evicepolicy/DevicePolicyManagerService.java
|
00799008832e11f06f9ddc0bf721799edee99f28 |
27-Jul-2015 |
Nicolas Prevot <nprevot@google.com> |
Send a public broadcast when the device owner is set. Make it a protected broadcast. BUG: 22623518 Change-Id: Ia36e8f0b80a6301d7d8e0461476842c78762b5e8
evicepolicy/DevicePolicyManagerService.java
|
c1aebfa02c393471fb344c3a94ee2ae62bb78f93 |
09-Jul-2015 |
Jeff Brown <jeffbrown@google.com> |
Merge "Clean up USB Manager and fix ADB." into mnc-dev
|
460a146eb8f827e4e70f2dd93d1ba852d0feb06b |
01-Jul-2015 |
Jeff Brown <jeffbrown@google.com> |
Clean up USB Manager and fix ADB. Moved functions which parse the USB functions list into one common place on UsbManager. Deleted the no longer supported USB_FUNCTION_MASS_STORAGE. Ensured that the UserManager.DISALLOW_USB_FILE_TRANSFER rule is consistently applied during user switch and when changing the current USB functions and make sure it only affects MTP and PTP. Collapsed the boot completed and user switched receivers to ensure consistent ordering of side-effects. Validate the list of functions passed to setCurrentFunction() so that the separation of concerns is clearer. It was somewhat ambiguous as to whether functions such as ADB could / should be enabled through that interface. Improved the docs for clarity. Fixed a bunch of broken stuff related to the USB config persistent property (list of default functions) that could cause ADB and other functions to not work at all. Added new failsafes to ensure that we reliably get back into a happy state. Bug: 22206076 Change-Id: I02915ddfce7193a8f67a14f0d76bab22fc575dfa
evicepolicy/DevicePolicyManagerService.java
|
70e0c58c2269cd29dfd6420d690da13dc03fd457 |
30-Jun-2015 |
Kenny Guy <kennyguy@google.com> |
Mute correct user from device policy manager. Add per user versions of mute methods so device policy manager can mute the correct user. Just persist change if the calling user isn't the current user. Treat calls to audio manager coming from uid 1000 as if they were coming from current user rather than user 0 so that the correct user's user restriction is checked. Bug: 21782066 Bug: 21778905 Change-Id: I51469b741096d8a2ffdc520eaf5b3fd754f2c819
evicepolicy/DevicePolicyManagerService.java
|
7ce2bd2161405cef9740a6f14d586a8964dad3e0 |
30-Jun-2015 |
Alex Chau <alexchau@google.com> |
Clear "profile wiped" notification when a new porfile is created Make use of ACTION_MANAGED_PROFILE_ADDED to clear the notification. Bug: 22186884 Change-Id: I08514ebc308f2e2fb61f837500e2ba712ccf8703
evicepolicy/DevicePolicyManagerService.java
|
fef8cbd6a643a621a97f8e5616977e1fb65d9a5f |
30-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Merge "Marking some globals from setGlobalSetting as not supported" into mnc-dev
|
656fa7f5d1ce9299cb63043de80f2b4db9bff497 |
29-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Marking some globals from setGlobalSetting as not supported Those globals don't have the intended behaviour any more. Bug: 19967818 Change-Id: I8c7891e59280f9deb88b1f0ffead3de07f4eca56
evicepolicy/DevicePolicyManagerService.java
|
e8490f1d78a62826742ddf4af8943e6666a1a8d0 |
25-Jun-2015 |
Rubin Xu <rubinxu@google.com> |
Use StorageManager.wipeAdoptableDisks to wipe external disks Retire FORMAT_AND_FACTORY_RESET which is more fragile. Bug: 9433509 Change-Id: I158ee987274bb4db41d466de9f1e3c60ffc1d140
evicepolicy/DevicePolicyManagerService.java
|
28b9570d0235eca305dc76c006a54c8a85cf5db8 |
24-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Reset permission policy to default when device owner goes away Otherwise after the Device Owner is gone, runtime permissions might still be auto granted/denied. I understand that there are many other policies that we don't reset after the device/profile owner goes away (e.g. keyguard enabled/disabled). At least now we have a single method when we could clear the ones that we care about. Bug: 21889278 Change-Id: I6997655e6ef6d474bd25ae1c323eca5b17944b16
evicepolicy/DevicePolicyManagerService.java
|
0bf8f7cc3982164a9e11ea4a25ed930e466f1dd8 |
22-Jun-2015 |
Amith Yamasani <yamasani@google.com> |
Runtime permissions cannot be set on legacy apps by device policy Clarify docs that runtime permissions can be granted or revoked by a profile owner/device owner only for MNC apps and not legacy apps. Check the targetSdkVersion and return false if legacy app. Remove all policy flags from permissions when cleaning up a device or profile owner. Bug: 21835304 Bug: 21889278 Change-Id: I4271394737990983449048d112a1830f9d0f2d78
evicepolicy/DevicePolicyManagerService.java
|
2c3c66a2cf06b4d081f539a1fa01b44780cc65dc |
23-Jun-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN" into mnc-dev
|
58e706d754adaeb59ccea9b8d496d54240c37caf |
23-Jun-2015 |
Robin Lee <rgl@google.com> |
Merge "Let device owners handle onChoosePrivateKey" into mnc-dev
|
deee7735d81107380e8af5e35d4339e85530ee98 |
20-Jun-2015 |
Robin Lee <rgl@google.com> |
Let device owners handle onChoosePrivateKey Bug: 21959745 Change-Id: Ifad3901015937d2ea700124bb5f61982cd580ad8
evicepolicy/DevicePolicyManagerService.java
|
1046ba518b07e42eb5d3474f1ff9ca1181c331d5 |
17-Jun-2015 |
Benjamin Franz <bfranz@google.com> |
Add DISALLOW_CREATE_WINDOWS to Device Owner only user restrictions Even though the documentation of DISALLOW_CREATE_WINDOWS says it is for Device Owners and Profile Owners on User 0 only, it was previously not part of DEVICE_OWNER_USER_RESTRICTIONS and was therefore callable from a profile owner on a managed profile or secondary user. Bug: 19726884 Change-Id: If6443eacbc28b7ee6c0845754923573a79f8bde3
evicepolicy/DevicePolicyManagerService.java
|
2cc03e5606ad7cd473283898400506d5ac2237ba |
20-Mar-2015 |
Jeff Sharkey <jsharkey@android.com> |
Yet another user restriction. Change-Id: Ia2952da19cb974a6a9ba0271a298a10df58b8d18
evicepolicy/DevicePolicyManagerService.java
|
b24f01f473b98e98f0c80b1a937a18921cf0521a |
12-Jun-2015 |
Alex Chau <alexchau@google.com> |
Merge "Notification shown upon work profile deletion" into mnc-dev
|
77b2d49abb38fafb91fb99ce603a92f189553cd7 |
11-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Merge "Remove device initializer status messages" into mnc-dev
|
c51b72acc064ec5f62b2e468f2e7c5e0c96cfc8a |
09-Jun-2015 |
Alex Chau <alexchau@google.com> |
Notification shown upon work profile deletion Bug: 18543323 Change-Id: Ibd9bd20637a7bd019e080da306a19c94d9e82576
evicepolicy/DevicePolicyManagerService.java
|
83881bdbdee14cc9726c89019490a0514686f314 |
10-Jun-2015 |
Robin Lee <rgl@google.com> |
Policy: make bulk CA uninstalls happen in service Fewer round trips, only one point of contact for bugs to creep in. Bug: 21650477 Change-Id: I1764faa753bd674ecb0d13149d778d99bd2ff4c4
evicepolicy/DevicePolicyManagerService.java
|
cedd53adc3875fe1b4275afa35ec5c3ede7b6c39 |
09-Jun-2015 |
Julia Reynolds <juliacr@google.com> |
Remove the ability to set a preferred setup activity. Bug: 21557327 Change-Id: I8c1809d25c5f5fcd186dfc0636d8ac47ed5fc903
evicepolicy/DevicePolicyManagerService.java
|
4045d24971fea4f1506ac8f16d4deeb76ac415fe |
27-May-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN This setting controls whether WiFi configurations created by a Device Owner app should be locked down (that is, editable or removable only by the Device Owner). Bug: 21427528 Change-Id: I0f8fb72bf9da1597e08d3dfc631d37b6b4178ff5
evicepolicy/DevicePolicyManagerService.java
|
369d65653399f01e83a6cbb6dfa4eb7b356af648 |
05-Jun-2015 |
Amith Yamasani <yamasani@google.com> |
Fix permission check in DPM.getPermissionGrantState It was querying for permission of user 0 instead of the calling user. Switched to passing in the explicity userId. Also set the flags before granting/revoking permission from DPM. Bug: 21430988 Change-Id: Id0d2dc65e20108cefa3eeb4363f866d49c791cc4
evicepolicy/DevicePolicyManagerService.java
|
240e64828f68064b2a1074a1dda1fc41fe19d711 |
02-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove device initializer status messages - Remove ManagedProvision Bluetooth extras from DevicePolicyManager - Remove ManagedProvisioning device initializer status action and extras from DevicePolicyManager. - Remove DIA status update protected-broadcast and permission - Remove DPM.sendDeviceInitializerStatus method Bug: 21559093 Change-Id: Ibb651ebb2772ace6a16a5830f82f75465150e6e3
evicepolicy/DevicePolicyManagerService.java
|
e3e314df4d52881225326d426a76e3e7f1bc40d3 |
20-Apr-2015 |
Stuart Scott <stuartscott@google.com> |
Network Reset should have a lockdown like Factory Reset. bug:20332322 Change-Id: I7c61a011d11e89513757f112abf320bb2a785edb (cherry picked from commit 94b038bbb291431a7b39611d72f206b07e839891)
evicepolicy/DevicePolicyManagerService.java
|
81c73e121ef2ff44a3916628d9ff11385db85bd6 |
27-May-2015 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Clear caller identity before setting all the user restrictions." into mnc-dev
|
184b3753de54241c67799089f5bc59a1ede4438a |
22-May-2015 |
Amith Yamasani <yamasani@google.com> |
Add getPermissionGrantState method in device policy This is to have a way to query what permission state was set by the profile owner. Bug: 21356830 Change-Id: Ie396e946b4285267c1d95f82b9d9765b43697d3c
evicepolicy/DevicePolicyManagerService.java
|
d8ecc5aee49874ac1f100f69be94906a3e99b951 |
20-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Allow DO/PO to go back to normal permission state. We have APIs for a DO/PO to fix a permission in a granted or denied state in which the user cannot manage this permission through the UI. However, there is no way to go back to the default state in which the user gets to choose the permission grant state. Change-Id: I2562a1d8b1385cd740b44812844ef14c895c2902
evicepolicy/DevicePolicyManagerService.java
|
21d9ef6dc71886209965f70728b563fd7d78d6c8 |
20-May-2015 |
Sudheer Shanka <sudheersai@google.com> |
Clear caller identity before setting all the user restrictions. Bug: 19687895 Change-Id: Ieaa1f4e5a39395f11bf4cf797332a2d9d495bc0a
evicepolicy/DevicePolicyManagerService.java
|
6e1c17a3dfd62f3ae2a16ac64b8575fc3aa4a7a2 |
14-May-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "clear caller identify before sending system update notification" into mnc-dev
|
2c84cc2ea2ffa1fcd3dbd9a1b5e3880571fba1b8 |
14-May-2015 |
Rubin Xu <rubinxu@google.com> |
clear caller identify before sending system update notification Because DeviceAdminReceiver is protected by BIND_DEVICE_ADMIN permission, in order to send broadcast to it, we need to clear the caller's identity and call sendBroadcastAsUser() as system. Bug: 20213644 Change-Id: Icc7b239b9005e286012ade6580ec92a0a57198e0
evicepolicy/DevicePolicyManagerService.java
|
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4 |
08-May-2015 |
Wojciech Staszkiewicz <staszkiewicz@google.com> |
Pass charset to XmlPullParser.setInput instead of null Passing null to XmlPullParser.setInput forces it to do additional work, which can be easily avoided if we know the charset beforehand. bug: b/20849543 Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
39087b1cec6a54e96ab9eafe8317952720790533 |
05-May-2015 |
Robin Lee <rgl@google.com> |
Replace String host:port/url args with Uri arg Uri provides a stronger guarantee of well-formedness and lets apps do nice extra things like specifying scheme etc. without twisting any expectations. Bug: 20820034 Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
evicepolicy/DevicePolicyManagerService.java
|
9831fad6768135dbd982d6dca78d7f6de81bb320 |
14-May-2015 |
Nick Kralevich <nnk@google.com> |
Merge "Modify how USB connections are handled." into mnc-dev
|
fcf10f7c12cb3107bdfedce6f76a8c866d154f3c |
13-May-2015 |
Nick Kralevich <nnk@google.com> |
Modify how USB connections are handled. * Introduce a new "charger only" mode. In this mode, MTP is disabled, and no file transfers can occur. * Make charger only mode the default. * Modify "persist.sys.usb.config" so it now only holds the adb status. * Make the USB settings non-persistent. Unplugging the USB connection will reset the device back to "charger only" mode. * Fixup wording per UI guidelines. TODO: Re-implement MDM restrictions for USB / MTP access controls. Bug: 18905620 Change-Id: I99a50d9132a81e98187f431166fd9fef4d437e4f
evicepolicy/DevicePolicyManagerService.java
|
467eb0566ff1df320c9a9be3da0f44ee3d6bc9fa |
13-May-2015 |
Kenny Guy <kennyguy@google.com> |
Merge "Allowing profile to set a subset of keyguard restrictions." into mnc-dev
|
396d944001f0b897b1689baa0bd7d3e04046b3ca |
13-May-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Remove initiator name param." into mnc-dev
|
9fc8bb63d8c15ecfcd3a72a685eaec6c8ec0aa6e |
12-May-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Tweak SystemUpdatePolicy according to API review." into mnc-dev
|
8c7f700a59ad26e75c9791335d78f14322cad49a |
07-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add permission meta-state flags to support grant/revoke permission policy. We now maintain a mata-state with each permission in the form of flags specyfying the policy for this permission. This enables support of the following use cases: 1. The user denies a permission with prejudice in which case an app cannot request the permission at runtime. If an app requests such a permssion it gets a denial unless the user grants the permission from settings. 2. A legacy app with disabled app-ops being upgraded to support runtime permissions. The disabled app ops are converted to permission revocations. The app ops manager is a part of the activity manger which sits on top of the package manager, hence the latter cannot have a dependency on the former. To avoid this the package installer which is the global permission managment authority marks the permission as revoked on upgrade and the package manager revokes it on upgrade. 3. A device policy fixing a permission in a granted or revoked state. This additional information is folded in the meta-state flags and neither apps can request such permissions if revoked not the user can change the permission state in the UI. Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
evicepolicy/DevicePolicyManagerService.java
|
731051e36bb2d420a29cd889a38e02c88c930aad |
11-May-2015 |
Julia Reynolds <juliacr@google.com> |
Remove initiator name param. This won't be shown in the UI; it's not needed. Bug: 20820224 Change-Id: I51ecd0a9151a49e26faf52e792a0b316a8facc8e
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
0b7dd1e6c8422da0a21c1631244bec7a2af5085a |
12-Mar-2015 |
Kenny Guy <kennyguy@google.com> |
Allowing profile to set a subset of keyguard restrictions. Allow admins in managed profiles disable trust related keyguard features (trust agents and finger prints) for the parent user. Allow admins in managed profiles to control whether notifications from the profile are redacted on the keyguard. Bug: 18581512 Change-Id: Ic2323671f63781630206cc2efcc8e27ee58c38e6
evicepolicy/DevicePolicyManagerService.java
|
d86d58cd010b087d6d481062f84c894e0ced7bbc |
05-May-2015 |
Rubin Xu <rubinxu@google.com> |
Tweak SystemUpdatePolicy according to API review. Make SystemUpdatePolicy Parcelable; hide public constructor and expose static builder methods. Bug: 20820025 Change-Id: I594ba3c7e5514551134ba6c866b24498b66506bf
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
4e401fa49875e083d18b46e0250be37ad565071c |
07-May-2015 |
Craig Lafayette <craiglafa@google.com> |
DevicePolicyManager API review changes Renamed DO_NOT_ASK_CREDENTIALS_ON_BOOT to RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT. Bug: 20820907 Change-Id: I6455f9a6d370afbd5154505f402b409dba3b7918
evicepolicy/DevicePolicyManagerService.java
|
94fb2024b013522e95a880e02b73886fa7d01222 |
06-May-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Rename functions that disable status bar and keyguard" into mnc-dev
|
bece80645e2b2d84ea65aabfa7fc01d5ad633708 |
06-May-2015 |
Benjamin Franz <bfranz@google.com> |
Rename functions that disable status bar and keyguard Rename the DevicePolicyManager functions setKeyguardEnabledState and setStatusBarEnabledState to setKeyguardDisabled and setStatusBarDisabled respectively. Bug: 20820039 Change-Id: I06f6a19ac55b24e66e9f2cb340ead5d940cb2235
evicepolicy/DevicePolicyManagerService.java
|
6f36d42dcc46eae3a0388828b13314a823e3ce57 |
06-May-2015 |
Amith Yamasani <yamasani@google.com> |
Permission policies are for profile and device owners Not just device owners Change-Id: I78ad815651e9bdc4bd78e61d634a5067935fa33f
evicepolicy/DevicePolicyManagerService.java
|
ddd553f2aee4f3821a2f17636bb86d9fa5af9bd7 |
30-Apr-2015 |
Robin Lee <rgl@google.com> |
Device policy: use owner label instead of name Managed provisioning does not currently set a meaningful profile owner name. This changes to use the application label as returned by PackageManager.getApplicationLabel which should be more descriptive. Bug: 20679292 Change-Id: I5a0e87ef05b62879a73814e6d338e8b984b81c94
evicepolicy/DevicePolicyManagerService.java
|
c4aa3c781a0ddce64853cd5d88bf97f8a9faf98b |
29-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Add status bar flag to disable quick settings" into mnc-dev
|
d49489b3af01c13d3b13af1cd04d53787185cc0a |
28-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Permissions control via profile/device owner admin Profile owners and Device owners can set policies for runtime permissions. Blanket grant/deny policy can be set for a user. They can also explicitly grant/revoke permissions for specific apps which cannot be overridden by the user and will not be prompted. [More implementation required in PackageManagerService and PackageInstaller] Bug: 20666663 Change-Id: I2c25c18c2a195db9023a17716d5896970848bb45
evicepolicy/DevicePolicyManagerService.java
|
27cf146361125d1233c487ec215d5d794f5dde17 |
23-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Add status bar flag to disable quick settings Bug: 20331928 Change-Id: I79dc7f2c9e64245bdeeea3916d339985a8b17f92
evicepolicy/DevicePolicyManagerService.java
|
13c58bacc8f1ff35bb24ba19069bab8a41aabf68 |
20-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Allow device initializers to set a preferred setup activity. This activity will launch by default on device reboot or user switch during user initialization, even if there are higher priority 'home' activities. Bug: 20223050 Change-Id: I335aeb010a1ae5db07a4343d26e160c74bd299e1
evicepolicy/DevicePolicyManagerService.java
|
f7d3a766f0cd8a9efb51a62a27db78a3bb04d41f |
25-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Only skip unrecognized tags."
|
6afa666c9f9c8d1e9eff85464230585dfef060bb |
23-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Only skip unrecognized tags. This fixes policy loss seen on device reboot when device admins applied certain policies. Bug: 20516960 Change-Id: I6e2a3b8de610c00ea1a2edbb026523bfdc365775
evicepolicy/DevicePolicyManagerService.java
|
2806374f9531490296547d4e884ce9163f4ac867 |
08-Jan-2015 |
Nicolas Prevot <nprevot@google.com> |
Restrict setting the profile/device owner with a signature-level permission. Create the new permission MANAGE_PROFILE_OWNERS to restrict setting the profile/device owner. BUG:19838376 Change-Id: Ib55a2db85fcb6f34e3b88c398683bddb0ad66868
evicepolicy/DevicePolicyManagerService.java
|
917c4e4d453f9f36fb6945cf1e3e11f45314d602 |
24-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Merge "Clear binder identity before reaching into keyguard settings"
|
5bd5d4c2b0b12fcd76b58dfb3d834f1159ff054e |
24-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Clear binder identity before reaching into keyguard settings Change-Id: I80eeaed235acc165ddd4799ba46700afea2dff55
evicepolicy/DevicePolicyManagerService.java
|
1513ff171ae43d141295a235e42d99071e144cdb |
23-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Fix NPE when load() returns nulls. Fixes bug 20528625. Change-Id: I825c95fd212a1928a34e9ed0e20d2f7563939cbb
evicepolicy/DevicePolicyManagerService.java
|
015c5e57b58d26ae53849c02d3aebfcd52d85c3d |
23-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Disallow data clearing of DeviceOwner. There are OEM provided apps that are able to clear the data of the device owner. That creates a security hole that this fixes. Fixes bug 20107015. Change-Id: I4ef313b394bd8059d19d20aa6533396305d1357d
evicepolicy/DevicePolicyManagerService.java
|
5173dc28f341fee92705b07543cf9d2c9694ee3c |
16-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Add and remove DeviceInitializer from whitelist Add the DeviceInitializer to the locktask whitelist when set or when a new user is created. Remove DeviceInitializer from whitelist when user setup complete. Fixes bug 20267837. Change-Id: I8a33bceb6e6f3d0316a1227b2ed2b713f4ca3a9e
evicepolicy/DevicePolicyManagerService.java
|
dc105cc91c63c27479d73a21702cd4ba0304acc4 |
15-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Enable system service to notify device owners about pending update Create a DevicePolicyManager API which can be used by OTA subsystem to tell device owners about pending updates. Device owners will get a callback from its DeviceAdminReceiver when the update service sends out such notifications. Bug: 20213644 Change-Id: Ifcc755655e4f441980cf77d76175a046112ca9ae
evicepolicy/DevicePolicyManagerService.java
|
07ba37a713212e603be3098f1035f2b736fae679 |
22-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Recover status bar enabled state for all users"
|
6d6290d2821c6b1e497e4990c5d42aee1dbc8a29 |
22-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Check for null packages in setLockTaskPackages"
|
837f1035a608d2d36aef5fb448ec1fbd1d927f5f |
21-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Recover status bar enabled state for all users Move the update of status bar enabled setting to loadSettingsLocked and thereby recovering the enabled state for all users, not only the user owner. Bug: 20416833 Change-Id: Iee3d6e0f3ea8ebc5d72c0ed165bea4595ed073ba
evicepolicy/DevicePolicyManagerService.java
|
4eb6a36922f5e98fe181c0326cc5721f0e7589ca |
02-Apr-2015 |
Andrei Kapishnikov <kapishnikov@google.com> |
Introduced DO_NOT_ASK_CREDENTIALS_ON_BOOT flag A new flag for DPM.resetPassword() method that specifies that the device should be decrypted without asking for the password or pattern. Bug 19250601 Related CL in Settings App: https://googleplex-android-review.git.corp.google.com/#/c/670206 Change-Id: I9ca3472dc18e66e618ff772dee16ca4a450e9997
evicepolicy/DevicePolicyManagerService.java
|
78c05f97426e941b1a398e0d00b53603603f292b |
21-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Check for null packages in setLockTaskPackages Bug: 20416611 Change-Id: Ibbadc952da29a34de0cf02408093b7bfc01f8779
evicepolicy/DevicePolicyManagerService.java
|
5faad8e4cdf04211239f076b5d073e26d0ae3207 |
20-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Rename public OTA policy APIs in DevicePolicyManager Use the term "SystemUpdate" instead of "OTA", in public DevicePolicyManager APIs that handle OTA policies. Bug: 19650524 Change-Id: Iebdaea91337d617147cb411b6f47e0f3fae8671c
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
15df08abd8190353e1430f88c2ed6462d72a5b25 |
01-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Introduce android:lockTaskMode The ability for tasks to be started in locktask mode or pinned is dependent on the value of android:lockTaskMode for the root activity of the task. For bug 19995702 Change-Id: I514a144a3a0ff7dbdd4987da5361b94bdfe9a437
evicepolicy/DevicePolicyManagerService.java
|
47af53ed95070063f5ec299b957420a91fcd5292 |
15-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Introduce device owner API to disable the status bar"
|
ea2ec97f37c649881f2be8a5cc40bf44080cc632 |
16-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Introduce device owner API to disable the status bar Let the device owner disable the status bar to achieve multi-app single purpose mode. When the status bar is disabled, quick settings, notifications and the assist gesture are blocked. Bug: 19533026 Change-Id: I72830798135136e5edc53e5e2221aebb9a7c7d57
evicepolicy/DevicePolicyManagerService.java
|
b4e218832173229ca2cb25e420c557f919a8ef09 |
15-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Fix a SecurityException in setKeyguardEnabledState"
|
3223106dab67ba38027590a600edaa02efb6e461 |
14-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Fix a SecurityException in setKeyguardEnabledState A SecurityException is currently thrown when calling this API as LockPatternUtils.isSecure requires a permission that the DO does not have. Bug: 19533026 Change-Id: I28bebb647e46bb631cc4fa1a7c9571eadda69086
evicepolicy/DevicePolicyManagerService.java
|
317918e206b89f4a49bfa35af57607764f322347 |
14-Apr-2015 |
Andres Morales <anmorales@google.com> |
Merge changes from topic 'lss-update' * changes: Add challenge to IGateKeeperService Wire up GateKeeper to LockSettingsService
|
e36087e5b6eeb92607f4ad5b3b1662bef9bafa4c |
07-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Introduce device owner API to disable the keyguard Let the device owner disable the keyguard to achieve undisturbed single use mode with multiple apps. Calling this API has no effect if a password has been set for the calling user. Bug: 19533026 Change-Id: I6b726b7f36efb669359e9da4b7e3db1f8031dad5
evicepolicy/DevicePolicyManagerService.java
|
c9c9f7b40ec77217ce595fd152a505481326dc9a |
14-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Add setOtaPolicy/getOtaPolicy API in DPMS"
|
0c606812c5102fd19eda4b3e1ffbc9e61fec6430 |
14-Apr-2015 |
Ricky Wai <rickywai@google.com> |
Merge "Add Bluetooth Contacts Sharing policy in DevicePolicyManager"
|
778ba135380cda90c4c9317c34e875c00e2743a3 |
31-Mar-2015 |
Ricky Wai <rickywai@google.com> |
Add Bluetooth Contacts Sharing policy in DevicePolicyManager Bug: 19990979 Change-Id: Ide9adf66eec5721e50573c03956a1b63b7e8b18b
evicepolicy/DevicePolicyManagerService.java
|
8027a4ffc285ba39df3a262abfff1cfdd6dd31db |
10-Mar-2015 |
Rubin Xu <rubinxu@google.com> |
Add setOtaPolicy/getOtaPolicy API in DPMS Allow device owners to set OTA policy for automatically accept/postpone incoming OTA system updates. This class only provides the setting and getting of OTA policy, the actual OTA subsystem should handle and respect the policy stored here. Bug: 19650524 Change-Id: I9b64949fab42097429b7da649039c13f42c10fd1
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
8fa5665f0e757cec0063fb4cf1354f1596f93a91 |
31-Mar-2015 |
Andres Morales <anmorales@google.com> |
Wire up GateKeeper to LockSettingsService Adds: - Communication to GKService - password upgrade flow - enroll takes previous credential Change-Id: I0161b64642be3d0e34ff4a9e6e3ca8569f2d7c0a
evicepolicy/DevicePolicyManagerService.java
|
c06bbbfe7ac3c848384cb667b23c42ce26cc5d95 |
14-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Grant cert installer access to installKeyPair()"
|
dbe31a6616f2e8cb8436ea235149d076302fb793 |
02-Apr-2015 |
Craig Lafayette <craiglafa@google.com> |
Send device initializer status. - Create method in DevicePolicyManager to send device provisioning status to ManagedProvisioning. - Define status updates used by ManagedProvisioning. Bug: 20001077 Change-Id: Ia98fc765d1ebb2ba9680636ca15c2c870d160261
evicepolicy/DevicePolicyManagerService.java
|
30b89849032eb57d1da93de40a6a9bd2a5f55a2e |
07-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Merge "No longer unlock activity manager to test whitelist"
|
e56007786ace2fe0615197d95317ccd7be4d1ca6 |
04-Apr-2015 |
Craig Mautner <cmautner@google.com> |
No longer unlock activity manager to test whitelist In order to check the DevicePolicyManagerService locktask whitelist the activity manager had to release its lock preserving internal state. That is undesirable and not scalable now that we need to check the whitelist at startup for bug 19995702. This change causes DPMS to update activity manager with the whitelist whenever it changes so that activity manager can check the whitelist without releasing the acitivty manager lock. Change-Id: I3ed6eb5ceae2cd7e7ae3280abd708d5ce43a2851
evicepolicy/DevicePolicyManagerService.java
|
16c9c249d5f06014442aa5c78254b702f6a034c5 |
05-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
Fix up ExternalStorageFormatter. It's not going to be around for much longer, so just fix enough to work correctly. Also teach about new "unmountable" state from vold. Bug: 19993667 Change-Id: Ib72c3e134092b2a895389dd5b056f4bb8043709a
evicepolicy/DevicePolicyManagerService.java
|
25da6b65b0e3be610e1223758b1910f4e7ad1ed2 |
03-Apr-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Do not log an error when app restriction file does not exist"
|
6f34d363c32ec3295fd77257648d1291ea31c33f |
02-Apr-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Do not log an error when app restriction file does not exist Bug: 20040207 Change-Id: Ibd257388a185020258e36bddf5b451dc24c0b7ee
evicepolicy/DevicePolicyManagerService.java
|
eaafdf72a410b445cee9fea274a57f31aec2509f |
02-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Store the device initializer componentname in addition to package. This removes ambiguity about which component in the initializer package handles device initialization when setting up secondary users. Bug: 19992262 Change-Id: I2e48168907725a56cd05d0b51c9f28b34fa28d1a
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
acdc1839cf73c5ee1672f19f7098b81abdd4f0bc |
02-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Grant cert installer access to installKeyPair() Bug: 20041977 Change-Id: Id0dc0bce8461c71d7220c1802dcca82933805996
evicepolicy/DevicePolicyManagerService.java
|
1040da1d4eb99fd2588e4c4d5b08b2e3fc0c7777 |
19-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Enterprise quick contact 1/2 Now openQuickContact goes thorough DPM. When a lookup URI is build with a lookup key returned by the enterprise lookup APIs for a corp contact, the lookup key will have a special prefix. In that case we go through DPM and have it launch QC on the managed profile, if the policy allows. For now we use the same DPM policy as enterprise-caller-id to disable this. Design doc: go/cp2-mnc-enterprise-dd Bug 19546108 Change-Id: I831a8190ae902ae3b1248cce6df02e3a48f602d2
evicepolicy/DevicePolicyManagerService.java
|
4fd8d4ab2aafe8ed73080408223e8b20a953cfc4 |
30-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Revert "Enterprise quick contact 1/2" This reverts commit 75a0882b946df6de4775c9e54ca023ff54f3f678. Change-Id: Ibe332885824b228bf1b1147d141c9395554ff67f
evicepolicy/DevicePolicyManagerService.java
|
75a0882b946df6de4775c9e54ca023ff54f3f678 |
19-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Enterprise quick contact 1/2 Now openQuickContact goes thorough DPM. When a lookup URI is build with a lookup key returned by the enterprise lookup APIs for a corp contact, the lookup key will have a special prefix. In that case we go through DPM and have it launch QC on the managed profile, if the policy allows. For now we use the same DPM policy as enterprise-caller-id to disable this. Design doc: go/cp2-mnc-enterprise-dd Bug 19546108 Change-Id: I4840e7fad8a6a60249df07d993d26d03619650d4
evicepolicy/DevicePolicyManagerService.java
|
dfb1c2f2053d233cb1bed17b77bbebceb246f3f5 |
26-Mar-2015 |
Amith Yamasani <yamasani@google.com> |
am 17b03239: am 8562a7a1: am eedf2fe0: am 0afd1905: Merge "Fix NPE if FPE service does not exist." into lmp-mr1-dev * commit '17b03239d3152cbcf450ec66f077f07e4c1870e1': Fix NPE if FPE service does not exist.
|
1181ed8a43c8364b19f4877ec58c4e2640d7dca8 |
23-Feb-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Add isActiveAdminWithPolicy to DevicePolicyManagerInternal This method will be used by other system services to decide whether an app is a profile owner or device owner. Change-Id: I9577700d03ce2c80c798a60c6c2f480fd1913f43
evicepolicy/DevicePolicyManagerService.java
|
a23995c233b3c336d0f405523902606f2583caea |
25-Mar-2015 |
Paul Crowley <paulcrowley@google.com> |
Fix NPE if FPE service does not exist. Bug: 19846662 Change-Id: I44e014c66a524b282cce0cfc9b7513fc0f553576
evicepolicy/DevicePolicyManagerService.java
|
ec32b56cc22658ecb549390fe0096fc6d7b5ac2a |
03-Mar-2015 |
Rubin Xu <rubinxu@google.com> |
Add DelegatedCertInstaller API in DPMS Allow device/profile owner to delegate certificate APIs to third-party certificate installer apps. Bug: 19551274 Change-Id: Iaf9abb5ecb1dc0975fa98ea14408fe392d52fbf4
evicepolicy/DevicePolicyManagerService.java
|
bff46bac807ae8a9ebdc22c449a8d4f78711b4d2 |
05-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Add DO policy to disable safe boot mode. Bug: 19615843 Change-Id: I14dbe911995ec216c57bd285d6b7b04c9684591a
evicepolicy/DevicePolicyManagerService.java
|
4a357cd2e55293402d7172766f7f9419815fc1e8 |
19-Mar-2015 |
Alan Viverette <alanv@google.com> |
Replace usages of deprecated Resources.getColor() and getColorStateList() Change-Id: I8f64fe6c4c44a92ff6d07250223ba590a1d691b0
evicepolicy/DevicePolicyManagerService.java
|
1cc84c992cacdfbe005f29fbaaa1d85e22e4459b |
17-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow initializers to clear reset protection data during device setup."
|
ee1f24ff2985a32b473244cc464b3ca7854de189 |
16-Mar-2015 |
Robin Lee <rgl@google.com> |
Merge "Recognise insecure encryption with a new constant"
|
8458e531bfc681ebb0de98476d782ca4d052a145 |
16-Mar-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Remove the owner userid of cross-profile intent filters."
|
916b1e503d50b87bcf724e975a4bc3d32bf31431 |
13-Mar-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Changed the logic of calculating effective password limits"
|
68cc42009e656b785420c531e39c131bbe6729cf |
11-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Allow DO to set Settings.Global.STAY_ON_WHILE_PLUGGED_IN Bug: 19704419 Change-Id: I3fc970eae8ef947775b6b565916bb245dea1b43b
evicepolicy/DevicePolicyManagerService.java
|
0a32d35ce2c9de8025ab842f3bc929d5fe287d17 |
12-Mar-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Changed the logic of calculating effective password limits Admins without limit-password policy or passwordQuality below PASSWORD_QUALITY_COMPLEX, should be excluded from the list when calculating effective limits. Bug: 19603660 Change-Id: I7b7d8498c8a072a4c050be48709ce34bddba39a5
evicepolicy/DevicePolicyManagerService.java
|
85865d55f06bade582313c83f27496e3180569a9 |
06-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Allow initializers to clear reset protection data during device setup. This allows initializers to recover from failures that occur after it has added an account on the primary user. Change-Id: I3444f16520eed4b315d6ea4761f598f55d1e6ddd
evicepolicy/DevicePolicyManagerService.java
|
f3ece36535d4999cf2bfd2175a33da6c3cdf298e |
11-Feb-2015 |
Benjamin Franz <bfranz@google.com> |
Block setting wallpapers from managed profiles. Silently fail when a managed profile app tries to change the wallpaper and return default values for getters in that case. This is implemented through a new AppOp that is controlled by a new user restriction that will be set during provisioning. Bug: 18725052 Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f
evicepolicy/DevicePolicyManagerService.java
|
2482100fed93eac82f7d4b759bd1ec418b55be58 |
06-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow device and profile owners to set a user icon."
|
1c3754a35c434e4102c7ac3dceb887fa137b153b |
05-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Add security check for clearDeviceInitializer in the service. Bug: 19230954 Change-Id: I5c648492bef0d2b579b6f59b91afc890e3092d36
evicepolicy/DevicePolicyManagerService.java
|
4b8d5821512c6a4fdaf442f6d48e1dc412539136 |
05-Mar-2015 |
Nicolas Prevot <nprevot@google.com> |
Remove the owner userid of cross-profile intent filters. The owner user id was used to identify in which user an app had set a cross-profile intent filter. But it's not really necessary. BUG:19505190 Change-Id: Iacc49d31c95e34efee1895e5fbe7224277dbc493
evicepolicy/DevicePolicyManagerService.java
|
75328b703f8f83fdd62f11105ecd61df2ebe4420 |
04-Mar-2015 |
John Spurlock <jspurlock@google.com> |
Merge "Audio: Remove the concept of master volume."
|
ee5ad729b90deff435f9875337cbc434be4f8fe7 |
03-Mar-2015 |
John Spurlock <jspurlock@google.com> |
Audio: Remove the concept of master volume. - Remove two config resources (use master volume, and volume ramp). - Remove master volume adjustments / getters / intents. - Retain @hidden setMasterMute, needed for device admin - Remove master volume logic in AudioService. - Remove master volume logic in VolumePanel. - Rename "getMasterStreamType" to "getUiSoundsStreamType" to avoid confusion. Bug: 19582978 Change-Id: Id02c8fa4898cff3b913147f5ac1b4038e2e7cc24
evicepolicy/DevicePolicyManagerService.java
|
e925440a551b66a3d3121ec8badaf948d71d66a1 |
11-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
DOs can clear the DI; rehide hasUserSetupCompleted. Bug: 19230954 Change-Id: I97467229b23f3c9be1c3c4fff1c888a812f14a95
evicepolicy/DevicePolicyManagerService.java
|
fca04ca0965d5e04dacc025b77f2b4881ee1afd8 |
17-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
Allow device and profile owners to set a user icon. Change-Id: I7c2bafb85cff3fa063af7a2f27b76c69172f0525
evicepolicy/DevicePolicyManagerService.java
|
20118f18c11c01c7743b5646cc1a0039c2e90037 |
11-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
Allow the device initializer to perform user setup tasks. A device initializer is an application that is allowed to run during user provisioning on device owner devices. During device provisioning (or, user provisioning of the first user of the device), a device initializer is granted device owner permissions. During secondary user provisioning, a device initializer is granted profile owner permissions. Once provisioning is complete for a user, all elevated permissions are removed from the device initializer and the device admin component of the app is disabled. Bug: 19230954 Change-Id: Ib6725fb3b09bb21e4198a5dc0b445ccebb40b27e
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
abc03c7ae8c9c628de319819a10ce2cbaedf1c86 |
26-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Fail silently when changing BLUETOOTH_ON/WIFI_ON directly"
|
41916d492c38055928ae5ad1e0b815ff79dc4f5c |
24-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Fail silently when changing BLUETOOTH_ON/WIFI_ON directly If the device owner tries to change BLUETOOTH_ON or WIFI_ON via DevicePolicyManager.setGlobalSetting, fail silently. There was not much point for the device owner to do it since it can also change bluetooth/wifi state via normal bluetooth and wifi apis. BUG:19311992 Change-Id: Ifba163800aa413865b8a2877cb21aacfa5cfc6c8
evicepolicy/DevicePolicyManagerService.java
|
4b7656f18370d1dd73aeca5ec7a45449ca4f00a0 |
24-Feb-2015 |
Esteban Talavera <etalavera@google.com> |
Allow setting a Device Owner via ADB on unprovisioned device with preinstalled account Some devices come from carriers with a preinstalled account. This means that we couldn't set a device owner via "adb shell dpm" commands, while the regular device owner flow worked (as the latter just checked whether the device was provisioned). Bug: 18354022 Change-Id: I9a677de9d34d073e218b9179ec4b0f5b4b82adc9
evicepolicy/DevicePolicyManagerService.java
|
3795fb0a13bfa3c76113b1ecec383e8767824ee3 |
16-Feb-2015 |
Robin Lee <rgl@google.com> |
Recognise insecure encryption with a new constant This is the default state on some devices which ship with encrypted key storage set up already but no initial password. Bug: 18048558 Change-Id: I055527fde21298bae2dbdca8c3a145f19b045aad
evicepolicy/DevicePolicyManagerService.java
|
f580c91618fa5d5f783f33db8136734cde6d6862 |
20-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Dump the profile/device owner when dumping device policy state."
|
fcc87275e3f6e6e84ca0677e3422c602686eef36 |
19-Feb-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Code cleanup"
|
22029f0a50f8bb08902054123153a215906483d5 |
19-Feb-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Code cleanup Use preconditions for argument checking. Change-Id: I2e9dcd8da1e0bdac917393376d1a7442ab63a638
evicepolicy/DevicePolicyManagerService.java
|
397999f084467e068eab357c4b47323e3cde0685 |
18-Feb-2015 |
Amith Yamasani <yamasani@google.com> |
Merge "Save per-user camera policy in different system properties"
|
abf3570f382b94d16cc8a06c4b7c434d7a7052aa |
17-Feb-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy: Make uid parameter an int This should not have been a long to begin with. Change-Id: Icbf6e2e97cb6301b968b3eb8b3f9a46331f7983e
evicepolicy/DevicePolicyManagerService.java
|
7a7f0c9756150b0b429fce41c9ce7c520e94f275 |
16-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Dump the profile/device owner when dumping device policy state. BUG:19363615 Change-Id: Icf04b39ce8c592544e69c52f229a2c1bdab661e2
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
f6901eb9e277491c9b3dc1fcc5b1f18b1a569ae3 |
16-Feb-2015 |
Robin Lee <rgl@google.com> |
Merge "Device Policy API to choose a private key silently"
|
509569807452e6d96b0c90abb092d5e8258afe66 |
13-Feb-2015 |
Amith Yamasani <yamasani@google.com> |
Save per-user camera policy in different system properties If a device admin for a user disables the device cameras, only apply that policy to that user and not globally. Corresponding change in CameraService looks into the per-user system property. This also fixes the bug that managed profile owner is able to disable camera for the personal profile. Bug: 19345698 Change-Id: Ibd5e438544a0409f26087ced247d50c706fcf843
evicepolicy/DevicePolicyManagerService.java
|
5cfd3d8b51b0e21c37d80e3cf5570bae8efe1bc1 |
11-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Avoid NullPointerException in enableSystemApp if the app is absent."
|
0413046f12316f36d12e91ba6dbafc53a7c20408 |
11-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Dont throw an exception for non-system apps when enabling system apps. In EnableSystemAppWithIntent: if a non-system app matches the intent: ignore it instead of throwing an exception. Change-Id: I64dc9a0bbc1a6bc5e2159a33b7273464ed2518c5
evicepolicy/DevicePolicyManagerService.java
|
637baaf0db76f9e1e51eeab077ffb85da0ff9308 |
10-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Avoid NullPointerException in enableSystemApp if the app is absent. In enableSystemApp: if the app is absent, throw a IllegalArgumentException instead of failing with a NullPointerException. BUG:19321306 Change-Id: I4ec09a0a77d29ca04e8d52f5546c1e4d0f8641e5
evicepolicy/DevicePolicyManagerService.java
|
3775a3f8861304073c2b2079f0b9a315a58c1d1a |
05-Feb-2015 |
Kenny Guy <kennyguy@google.com> |
am a2ced3e8: am 8d12d3da: Merge "Only switch user if current user is being wiped" into lmp-mr1-dev automerge: eeb43fb * commit 'a2ced3e879458786edf715a0016293791db7fd65': Only switch user if current user is being wiped
|
3798ed5e0b56ab03e7022a9922b50a4a25474033 |
03-Feb-2015 |
Robin Lee <rgl@google.com> |
Device Policy API to choose a private key silently Support for certificate chooser (keychain) to first query a profile owner (if one exists) for a silent credentials grant which will be passed back to the caller as an alias. Bug: 15065444 Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
evicepolicy/DevicePolicyManagerService.java
|
e9acb59a91f46c962151a58142448fd9f4101814 |
04-Feb-2015 |
Kenny Guy <kennyguy@google.com> |
Only switch user if current user is being wiped Only try and switch to owner if the current user is being removed. Bug: 19252449 Change-Id: I0143d87360db0834876821cbf52fec4933ecbd35
evicepolicy/DevicePolicyManagerService.java
|
babdb0dc36290ba3a9dd040a38f9a3649fb6d510 |
30-Jan-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Removed userHandle from setXXX methods"
|
bdc58c66af3440f963731cdcdf820d7108d9f98a |
29-Jan-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Removed userHandle from setXXX methods User handle is now extracted from UID of the calling process. Previously setXXX methods may not work properly, if userHandle parameter was different from a user of the calling process. In practice, this wouldn't have happened because setters were always called with a userHandle of the caller process. Bug:17202572 Change-Id: I1c08c54c975a04b8c54719a1e280ad3cfaff2e67
evicepolicy/DevicePolicyManagerService.java
|
4197cb60bc74629fe4c04ab10cb3b1c9a7427d24 |
22-Jan-2015 |
RoboErik <epastern@google.com> |
Move mute/unmute handling to adjust volume paths This deprecates the setStreamMute and setStreamSolo APIs. Soloing is no longer supported and muting is redirected through the adjust volume APIs. Also updates the hidden master versions of these APIs. Change-Id: I65d2a5d5fc15b386bd497abf8ca6869fec75a26a
evicepolicy/DevicePolicyManagerService.java
|
8e1b6d949be6d71cfb137f22d0b36bcf511568e2 |
26-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
am ad664808: am 6d16b861: Merge "Avoid NullPointerException if createUser returns null" into lmp-mr1-dev automerge: 2805669 * commit 'ad66480838189332b82cd2861bca4357aa2b93da': Avoid NullPointerException if createUser returns null
|
43daa008f3e5287b6bec27289c96440e71b5fbf7 |
26-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
am 20bd0c23: am 059b8ab6: am 414ea81e: Merge "Ensure notifications are sent when locking/unlocking location share" into lmp-mr1-dev * commit '20bd0c232cd4421affc871ccd01492ecd04316d0': Ensure notifications are sent when locking/unlocking location share
|
6d16b8614ac4c5aa44304e6fdcb9ed8aeec675fd |
26-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Avoid NullPointerException if createUser returns null" into lmp-mr1-dev
|
414ea81ea364d7b961cbfb885c30729595e3a7b2 |
26-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Ensure notifications are sent when locking/unlocking location share" into lmp-mr1-dev
|
f87b174dac87ed9e95e8522bfb836707f4a2239d |
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Avoid NullPointerException if createUser returns null If createUser returns null, we run into a NullPointerException in createAndInitializeUser. This can happen when the policy DISALLOW_ADD_USER is set. Bug: 19121141 Change-Id: Id4bda832a243fa42c31eb5a176ecaa248aee68f5
evicepolicy/DevicePolicyManagerService.java
|
cd7b506c19dff4a68b46631fcede73f55547f985 |
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
am bfca5f40: am 266303fd: Merge "Avoid SecurityException when calling getUserData" into lmp-mr1-dev automerge: 07b87e5 * commit '07b87e537da3ec658235fe1d874c7dba5b4d696d': Avoid SecurityException when calling getUserData
|
266303fdb02ca1cf6df348e1af6830675476fd78 |
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Avoid SecurityException when calling getUserData" into lmp-mr1-dev
|
871fa7343a2ff8de837a721eacfc576b19438e54 |
16-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Ensure notifications are sent when locking/unlocking location share When the restriction 'DISALLOW_SHARE_LOCATION' is applied or removed on a user it is important to send out notifications to content observers of LOCATION_PROVIDERS_ALLOWED. Bug: 18995405 Change-Id: I8b3910a423a012ea9d15470eec101723c9f0eaf7
evicepolicy/DevicePolicyManagerService.java
|
fadb2b3a27e4c23f5c566e6f7eadfaed9e23e68c |
14-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Avoid SecurityException when calling getUserData Currently we risk getting a SecurityException in a number of places, where getUserData is called for a different user than the calling user. To avoid this, the caller is cleared in a helper function. Bug: 18662452 Change-Id: Ibc131c602e52d9f013fe739a9c18e693181ded67
evicepolicy/DevicePolicyManagerService.java
|
2dc53c560bcba5d423eb4f87533897ac34047eee |
16-Jan-2015 |
Kenny Guy <kennyguy@google.com> |
am 4be433dc: am 10dd6eef: am fd846dfb: Merge "Sync file before using JournaledFile commit." into lmp-mr1-dev * commit '4be433dc0b817fd4129e2bd99edb4c484f980600': Sync file before using JournaledFile commit.
|
212037f7cdbf3ac3712ab16f885d62da7f850fe0 |
15-Jan-2015 |
Kenny Guy <kennyguy@google.com> |
Sync file before using JournaledFile commit. Ext4 doesn't guarantee that write file.new / close file.new rename file.new to file will mean data in file.new makes it to file atomically. The rename may happen with previous contents of file.new and then later update to new contents See docs for noauto_da_alloc So rebooting the device during JournaledFile.commit may mean we are left with an empty file. Bug: 18590558 Change-Id: I35322c82871bed30c2c6ebbd1388338f0471f3ba
evicepolicy/DevicePolicyManagerService.java
|
7f7ea82c28f01798b15686aa45733885beebcc6e |
08-Jan-2015 |
Robin Lee <rgl@google.com> |
Profile owner hint in warning for extra CAs The version of the warning with a named installer should be shown in the case of a managed profile, not only a managed device. Bug: 18224038 Change-Id: I27865f77e963b9b15416f2e4a4ffc38fed8f5532
evicepolicy/DevicePolicyManagerService.java
|
e53b7dd0667208f956e20b932f85ba670eb074f9 |
08-Jan-2015 |
Robin Lee <rgl@google.com> |
Revert "Profile owner hint in warning for extra CAs" This reverts commit e1d8dcd9e170c1ed8a13b6e1256ea1fb22c26c49. Something funny happened in the process of submitting this, swathes of strings.xml became mis-encoded. Bug: 18224038 Change-Id: I0276ff3f880fe749546e8cc7e3e2f41c22c27705
evicepolicy/DevicePolicyManagerService.java
|
dce0122ea2d27474890d5e18ba4b7e4d06303e53 |
07-Jan-2015 |
Adrian Roos <roosa@google.com> |
Explicitly specify user on LPU's private methods Also fixes a bug in DevicePolicyManagerService where the wrong user was used. Bug: 18931518 Change-Id: I7ae8ecfdb1c835cdee7eafa2b96e1ec8b712977b
evicepolicy/DevicePolicyManagerService.java
|
230635efe7ffb09d6dc56bfd9193aa1d89c8a898 |
07-Jan-2015 |
Adrian Roos <roosa@google.com> |
Purge biometric weak and keyguard widgets Bug: 18931518 Change-Id: I5da41908b1d6895a69f981e139f2d268327fafcd
evicepolicy/DevicePolicyManagerService.java
|
8e99586830640796209b935421868754f3ebf1d7 |
07-Jan-2015 |
Robin Lee <rgl@google.com> |
am 26e2da8f: am 374c358d: Merge "Profile owner hint in warning for extra CAs" into lmp-mr1-dev automerge: 23bb3f1 * commit '23bb3f11cbe4ca64337b5b75c333ea891760213f': Profile owner hint in warning for extra CAs
|
e1d8dcd9e170c1ed8a13b6e1256ea1fb22c26c49 |
05-Jan-2015 |
Robin Lee <rgl@google.com> |
Profile owner hint in warning for extra CAs The version of the warning with a named installer should be shown in the case of a managed profile, not only a managed device. Bug: 18224038 Change-Id: I58bddb162799481d5e8feb169b0c0bff17cbeeb7
evicepolicy/DevicePolicyManagerService.java
|
ea84327fa48a33e3729c290ffe0862d86deb24a4 |
29-Dec-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Remove deprecated version of setProfileOwner that takes packageName"
|
77f9a44adb07640762873ef0f80d32570771f154 |
28-Dec-2014 |
Robin Lee <rgl@google.com> |
am b4b14e39: Merge "Revert "DevicePolicy: Don\'t warn about managed profile CAs"" into lmp-mr1-dev automerge: c9db16c automerge: b6b7d42 * commit 'b6b7d4251cdab1843ae9b2ae167ac9276ada241e': Revert "DevicePolicy: Don't warn about managed profile CAs"
|
8add57224ffcf73705e507f1b73954e5de15eb88 |
23-Dec-2014 |
Esteban Talavera <etalavera@google.com> |
Remove deprecated version of setProfileOwner that takes packageName The ComponentName equivalent should be used instead. Bug: 17654371 Change-Id: I7001e86ab1709b824944148a3c44af5243dacb83
evicepolicy/DeviceOwner.java
|
b4b14e391dbcde537350ccf649b3603cafba1e6c |
23-Dec-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "DevicePolicy: Don't warn about managed profile CAs"" into lmp-mr1-dev
|
853964927c12926321911081217c5f0742e7e82a |
22-Dec-2014 |
Robin Lee <rgl@google.com> |
Revert "DevicePolicy: Don't warn about managed profile CAs" This reverts commit 80559f4aadb3419eecdf6bf61945af584cd2aa8a. Bug: 18224038 Change-Id: I108a4e8cf185401fef4806e1ad8c2cc78992e843
evicepolicy/DevicePolicyManagerService.java
|
77779aa3a5eea2d275c82035b025df85b7702f07 |
09-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
am d483a85e: am fed2812d: am 22afe626: Merge "Added isRemovingAdmin method" into lmp-mr1-dev * commit 'd483a85e69c3bb83b25473b93806e063b72c9315': Added isRemovingAdmin method
|
f66a43e398cc0be60aaf1a16a7b77f1cf0ff8f11 |
09-Dec-2014 |
Amith Yamasani <yamasani@google.com> |
am 81b27f4c: am b2905092: am 0702752c: Merge "Potential fix for accidental deactivation of profile owner" into lmp-mr1-dev * commit '81b27f4c9fcdb1e3379152d08a3abc0fb5e62c53': Potential fix for accidental deactivation of profile owner
|
22afe6261aab343070b63c60a1f4c7ce6f4383f9 |
05-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added isRemovingAdmin method" into lmp-mr1-dev
|
96fb932666539e2b3be26ef91eb248a9ace5678e |
02-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Added isRemovingAdmin method Added isRemovingAdmin method, so that clients can query if device admin is currently being removed. Bug: 17609838 Change-Id: I82547a9eeb228fcf8ac2a6e639ca1a75fa41d161
evicepolicy/DevicePolicyManagerService.java
|
a0116afeaf9363c5a662624dda77b550aa9172a8 |
04-Dec-2014 |
Amith Yamasani <yamasani@google.com> |
Potential fix for accidental deactivation of profile owner This is a safeguard to only check for changing packages when re-validating active admins. 1. If package is being removed, only check if it's not being replaced. 2. If package is changing, only check the changing package that matches one of the active admins. 3. If package is being added and is a replacement (update), then check if it affects any matching active admins and verify the validity of the receivers. If by any chance some package broadcast was occuring at a time when an admin was being updated, or the package removed broadcast was coming in much before the update was registered with package manager then this will help in avoiding accidental deactivation. Bug: 18590558 Change-Id: I7f4897e8836f81aa037b8be87d399942ce78b1a2
evicepolicy/DevicePolicyManagerService.java
|
5ff0e5fb6b339a7dea0cbc344e88673b7a99e593 |
26-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
am 0d122e26: am ba94fd5e: am 77e25331: Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev * commit '0d122e265c52ef25dbad652378b3a5e51a86f041': Add flag for wiping factory reset protection data.
|
e07f2c01afbc2d38ce7252a9bbc55fae4b5ea1e6 |
26-Nov-2014 |
Robin Lee <rgl@google.com> |
am a7ffed86: am cc19e8b8: am 692e4933: Merge "DevicePolicy: Don\'t warn about managed profile CAs" into lmp-mr1-dev * commit 'a7ffed86fce0a0cab8915bd6a727605959f08bb7': DevicePolicy: Don't warn about managed profile CAs
|
77e25331ca7ad1fb69fbe7fbec69179824e46e59 |
25-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev
|
a7e87acb2416d4212c84fb9c45353dbf6ee15e6a |
18-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
Add flag for wiping factory reset protection data. Bug: 18366448 Change-Id: If8904888a6bf8611d34647e6d65d2347d824dbb3
evicepolicy/DevicePolicyManagerService.java
|
80559f4aadb3419eecdf6bf61945af584cd2aa8a |
25-Nov-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: Don't warn about managed profile CAs Setting up a managed profile should have included a step to warn about this sort of thing already. As the user should trust the profile owner anyway it's hard to argue this warning is needed. Bug: 18224038 Change-Id: Ie86ba26851af726c0dec30eb9c32894ed6bb4a00
evicepolicy/DevicePolicyManagerService.java
|
e1d84dd914ffe29fe821b814924b0a56506dc238 |
25-Nov-2014 |
Adrian Roos <roosa@google.com> |
am 9a4d0257: am 520d20c1: am 702d9e31: Merge "Fix DPM.resetPassword("")" into lmp-mr1-dev * commit '9a4d0257beadf53c706afbcb4abc76c17a44ff00': Fix DPM.resetPassword("")
|
702d9e31b1bcacff975a2b8e0d04160bbd6811ed |
24-Nov-2014 |
Adrian Roos <roosa@google.com> |
Merge "Fix DPM.resetPassword("")" into lmp-mr1-dev
|
9d4e6a83553b2d8cc8c6d4fcce6c2af2bf52c874 |
22-Nov-2014 |
Amith Yamasani <yamasani@google.com> |
am 1f26bf6b: am 108bdbc9: am efb2df69: Merge "Different messages when wiping user and not device" into lmp-mr1-dev * commit '1f26bf6bfd683b840f688b41d285fd9c942e6ed5': Different messages when wiping user and not device
|
3a3d212a51974ccec6100c1e117225291edc83cc |
29-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Different messages when wiping user and not device There are 3 types of users 1. Primary - device will be wiped 2. Managed profile - profile will be removed 3. Secondary user - user will be removed Show different messages for almost wipe and wipe in each of these 3 cases. Bug: 16843155 Change-Id: Icecfe520622773da9e45465bf2217e8ed38b266e
evicepolicy/DevicePolicyManagerService.java
|
ffba290a33b2b7a8c1bd393e0286686f99b2dbb8 |
21-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
am 5c374a58: am b3d0580f: am 08229e81: Merge "Shutdown backup manager service when device owner is set" into lmp-mr1-dev * commit '5c374a582ceff913e420d21d63e1d7b087d6fc56': Shutdown backup manager service when device owner is set
|
08229e817ecb67b0c7ebbd6b5b9ce4aef1b38cc2 |
21-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Shutdown backup manager service when device owner is set" into lmp-mr1-dev
|
f8f56bce428bb2b89d1d572ccd2d604761dbbce8 |
20-Nov-2014 |
Adrian Roos <roosa@google.com> |
Fix DPM.resetPassword("") While we're at it, also fix some multi-user issues in LockPatternUtils. Bug: 17496766 Change-Id: I8e557ea640fa589817c8f8f818c91463585d5ea7
evicepolicy/DevicePolicyManagerService.java
|
4221126b95db7fc81e4735a18a92aa40621bd2af |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
am 3c1d5e2f: am 40603baa: am 735f2285: Merge "Remove permission check in DevicePolicyManager.isUninstallBlocked()" into lmp-mr1-dev * commit '3c1d5e2f9d0724f0a10313244d0ef47957d855f2': Remove permission check in DevicePolicyManager.isUninstallBlocked()
|
dbf32fe93a4fa59961a83dfdc30c281978d22121 |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
am f978e667: am 0122db0a: am 3a7d3fc6: Merge "Fix equality test in getProfileOwnerAdmin()" into lmp-mr1-dev * commit 'f978e667a6395902be09f3dd6c5c6b8d17ce58da': Fix equality test in getProfileOwnerAdmin()
|
735f22850edcb5c2447c37cb96f048de8a742907 |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Remove permission check in DevicePolicyManager.isUninstallBlocked()" into lmp-mr1-dev
|
3a7d3fc60e1347ff9bdddb8040237e2818d67a0e |
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix equality test in getProfileOwnerAdmin()" into lmp-mr1-dev
|
a97855b784243c00b99dfcb6595164ab4a88d05c |
07-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Remove permission check in DevicePolicyManager.isUninstallBlocked() This is to allow Play to use this API to find out whether a package is uninstallable due to profile or device owner policy's restriction. Bug: 17914630 Change-Id: I4ce2963884ecdf3306805f36db80ed1ebf04d88f
evicepolicy/DevicePolicyManagerService.java
|
0477f716311ab03ef89ce9ecb288182c0aa25d4a |
14-Nov-2014 |
Fyodor Kupolov <fkupolov@google.com> |
am 70b2de7c: am 6dd9f86f: Merge "Added synchronization to handlePackagesChanged method" into lmp-mr1-dev automerge: a07bdda * commit '70b2de7c25a083a44042ddd0cb8b2a24dde53e6e': Added synchronization to handlePackagesChanged method
|
26ac6a6fd0ef43803c6edd786c8f1fa715ae3cca |
13-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Shutdown backup manager service when device owner is set Bug: 16641441 Change-Id: I3fe54e43324c15dabd56834a923e8e8cb4eea98d
evicepolicy/DevicePolicyManagerService.java
|
d01ff6d4c35edecd3d250d65ca1ab63699e0d642 |
12-Nov-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Added synchronization to handlePackagesChanged method Method handlePackagesChanged modifies the policy data without holding the lock. It also calls methods which expect a lock to be held - validatePasswordOwnerLocked, syncDeviceCapabilitiesLocked, saveSettingsLocked. Bug: 18262633 Change-Id: Ia4bdc6edc66bccf8a4288e048171ff20858ae2f6
evicepolicy/DevicePolicyManagerService.java
|
7c2f2422301f0fb84cbcccca353ecf291bb7f1e0 |
12-Nov-2014 |
Amith Yamasani <yamasani@google.com> |
am e73cab5f: Merge "Allow profile owners to set the unknown source setting" into lmp-mr1-dev automerge: 93ffd5d automerge: 15de62d * commit 'e73cab5f1226f7434fa8bbf341e91891916683c5': Allow profile owners to set the unknown source setting
|
70170261cbd966501a673ba5548dcab823037cfb |
12-Nov-2014 |
Jeff Brown <jeffbrown@google.com> |
am 32f7a6d8: Merge "Move device admin max screen off timeout to internal interface." into lmp-mr1-dev automerge: c1275e7 automerge: a473878 * commit 'a4738781584d58e133fc4d0f55d9b7ebcb246ff6': Move device admin max screen off timeout to internal interface.
|
52c39a16db077f5017ab20214e60a205e075f2d7 |
21-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Allow profile owners to set the unknown source setting This allows work profile MDM to enable unknown sources even if the user doesn't have UI for it. Installing an app from an unknown source will still prompt the user with the package installer dialog, so it's not like the MDM can now quietly install apps from non-market sources. Bug: 18316350 Change-Id: Ia8f4fe36f12a258aa888e085acc0b358925f4817
evicepolicy/DevicePolicyManagerService.java
|
5ce1cb240b13db98fbdc21e1ef069b5f9cec8d72 |
07-Nov-2014 |
Jeff Brown <jeffbrown@google.com> |
Move device admin max screen off timeout to internal interface. The setting was previously exposed in IPowerManager but it doesn't need to be there. Bug: 17656076 Change-Id: If3ed0cbe89f67c60aa00376be0c54b1bd9656144
evicepolicy/DevicePolicyManagerService.java
|
cc56956025c8e562513f63a3457a3fc0ee052405 |
06-Nov-2014 |
Jim Miller <jaggies@google.com> |
am 767ae175: am 6230cdf5: am 262dc4da: Merge "Update TrustAgentService API after review" into lmp-mr1-dev * commit '767ae175fab5a93f4948b3722549448eb4b55e41': Update TrustAgentService API after review
|
e303bf443532c2ad756260133f00747bcff11e69 |
27-Aug-2014 |
Jim Miller <jaggies@google.com> |
Update TrustAgentService API after review This change incorporates API council feedback and enables the TrustAgent whitelisting API. It also contains a minor cleanup of DPM's use of UserHandle to eliminate unnecessary object creation. Fixes bug 17008504 Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
evicepolicy/DevicePolicyManagerService.java
|
d7892e71a85989a3afc6388d917ab9961a607f24 |
30-Oct-2014 |
Rubin Xu <rubinxu@google.com> |
Fix equality test in getProfileOwnerAdmin() The equality test should compare a ComponentName, which admin.info is not. Bug: 18186447 Change-Id: If984ae2e0da958889564ba30716d65245a78d60f
evicepolicy/DevicePolicyManagerService.java
|
7e351fdae8e9f40a095fa16d9cf39ce9a463a652 |
27-Oct-2014 |
Yohei Yukawa <yukawa@google.com> |
Stop querying package names unnecessarily This is just a code clean-up. No behavior change is intended. BUG: 18131340 Change-Id: Ia88374cde7845553530ddd1176f983101e4ec13f
evicepolicy/DevicePolicyManagerService.java
|
f5c00c1c1136c9752b9c0157f9eca6385d7b9448 |
28-Oct-2014 |
Benjamin Franz <bfranz@google.com> |
Merge "Send ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED Broadcast when a user restriction has been changed." into lmp-mr1-dev
|
05720542613ec79c4b87453845231c838dbe0d03 |
15-Oct-2014 |
Benjamin Franz <bfranz@google.com> |
Send ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED Broadcast when a user restriction has been changed. Bug: 17916693 Change-Id: I6bca83ad6224ab6f1e4bdf41a10f514823c66755
evicepolicy/DevicePolicyManagerService.java
|
e69bdca44bbbd16b990b9be0eba24e88cbb7f8f8 |
20-Oct-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: Restore CA warning to K behaviour Some tests rely on this being dismissible. Additionally it turns out some users don't like having a hulking great notification follow them around everywhere. Bug: 17985258 Change-Id: If05a07b9eaa402a48f9a14647effc1df32c796e1
evicepolicy/DevicePolicyManagerService.java
|
cd410ba4e816b657020cafb23e69206734726b42 |
17-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Use the correct method to check if device is encrypted DPM's method will return false if encrypted by default password, preventing the changing of encryption password to lockscreen password. Check if the device is encrypted by some means, instead. Also fix a SecurityException when Device Admin queries encryption state (recent regression) Bug: 17881324 Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
evicepolicy/DevicePolicyManagerService.java
|
3836c9a4c145cd683151bd627a22958303a418c2 |
15-Oct-2014 |
Jim Miller <jaggies@google.com> |
Fix getStorageEncryptionStatus() in DevicePolicyManager This fixes a bug introduced by a change where the function ignores systems with default encryption where it's disabled. The fix also checks to see if vold thinks the device is secure. Fixes bug 17881324 Change-Id: I2c40f76cf990d90d1a825955aa3b080b21684426
evicepolicy/DevicePolicyManagerService.java
|
2c3886cb3463ff39c1986c5b85eba79748dd8c24 |
15-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Fix admin policies in managed profiles" into lmp-dev
|
242f4b125939276be866bb0a637b89bfbc5aa880 |
15-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Fix admin policies in managed profiles Some of the admin policies are throwing security exceptions in a managed profile without being documented correctly and others shouldn't be throwing security exceptions. Changed setCameraDisabled() to not throw an exception. It now just prevents work profile apps from using the camera. Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In secondary users/profiles, this is just going to remove the user, so the flag is harmless. Updated documentation for setKeyguardDisabledFeatures() and resetPassword() to indicate that they cannot be called in a managed profile. Bug: 17987913 Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
evicepolicy/DevicePolicyManagerService.java
|
28433dbdabd3f60224131039911a8f1def3fe670 |
15-Oct-2014 |
Svetoslav <svetoslavganov@google.com> |
Fix a NPE in device policy manager service. It is possible that the device does not have an owner. If there is no owner we get a NPE when asking the device policy manager for cross-profile widget providers. bug:17989189 Change-Id: I5759f2dec160ed8076ab47fdf09134f78c57458d
evicepolicy/DevicePolicyManagerService.java
|
d0130e85398aea84151765a8706109beedb20c37 |
06-Oct-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: One cert tracker warning per profile Shows one notification per profile instead of one notification per user or (previously) one notification per device. Bug: 17794425 Change-Id: I6f0d34a16fa2a45082941387ac765dd99eefa131
evicepolicy/DevicePolicyManagerService.java
|
baa05930ec0e7f9267380b98719e75b3e58f1df5 |
25-Sep-2014 |
Kenny Guy <kennyguy@google.com> |
Merge "Ignore badly formed ComponentNames when loading device_owner.xml" into lmp-dev
|
be16357f40406d32de6d9a1632910bcdfacc0d21 |
25-Sep-2014 |
Kenny Guy <kennyguy@google.com> |
Ignore badly formed ComponentNames when loading device_owner.xml In the past we wrote out badly formed ComponentNames with no class part. Loading these results in a null pointer exception blocking boot. Bug: 17652534 Change-Id: Iec592343425a23c7ada5f73cf30b8646d31eae81
evicepolicy/DeviceOwner.java
|
004a4b20f8d3116e6a711525960d433fcfea4ee4 |
24-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Include reason when wiping data. This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: If8413e5d6377773f37e8b34ae3d26347226a027c
evicepolicy/DevicePolicyManagerService.java
|
8d9f12161823f267179f46825734c188b6c75b09 |
19-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Allow primary user profile owner to set device restrictions" into lmp-dev
|
dd31a10c7f194d70411c8fb8ca8c0ab6751dccb2 |
16-Sep-2014 |
Jessica Hummel <jhummel@google.com> |
bug fix: Allow enableSystemApps to be called by profile and device owner. We had an additional check for managed profile in there, so it wasn't working for device owners. Also needed to look at uninstalled packages. Change-Id: I4813f23b00d7905e92ade582ce082a6f295a322d Bug: 17384318
evicepolicy/DevicePolicyManagerService.java
|
c34dc7cdeb5cae8ca4c731838aafe90ed4c9a2b8 |
18-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Allow primary user profile owner to set device restrictions In addition to device owners, profile owners on the primary user can also set user restrictions that are necessary to lock down the user. This is to enable the case of a profile owner registered after setup wizard is completed, on the primary user. Also make managed profile vs. profile wording consistent in the DevicePolicyManager docs. Bug: 17555025 Change-Id: Ib9d08b8af34a99b25e11757fa7dc83673a7deb32
evicepolicy/DevicePolicyManagerService.java
|
d616a3357872ca0142611576884df4495e7ccbd6 |
12-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Prevent device owner registration after setup is complete This change prevents adding a device owner after setupwizard has finished provisioning. Only the new dpm shell command can set a device owner. Bug: 17316711 Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
evicepolicy/DevicePolicyManagerService.java
|
d09fbafa9242e67450c2f85807a159152d4761c8 |
12-Sep-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Add new adb dpm (= DevicePolicyManager) command" into lmp-dev
|
b5ef162129ced7e9636052af6b7f08d677a01f13 |
08-Sep-2014 |
Esteban Talavera <etalavera@google.com> |
Add new adb dpm (= DevicePolicyManager) command Adds new adb command to execute DevicePolicyManager tasks. First subcommand allows us to set a device owner on a provisioned device (provided no accounts are associated with the device). This is required as GTS tests run on provisioned devices. We plan to add more subcomands required for new GTS tests, such as the ability to create a managed profile. Bug: 17312478, 17316711 Change-Id: I2613178ea82a6c6268e7f8012e74c4a852fea0d4
evicepolicy/DevicePolicyManagerService.java
|
26408ccd8e852d947e58021792bfc3b315e5948d |
08-Sep-2014 |
Bernhard Bauer <bauerb@google.com> |
Add DevicePolicyManager PrivateKey mgmt Additional device policy API to install keypairs to the keychain silently. Bug: 15065444 Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
evicepolicy/DevicePolicyManagerService.java
|
f58e532e015ef31d879ee51aeeb251349784717c |
11-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Apply cross-user restrictions to Shell" into lmp-dev
|
d86734b4695a92359ed38d6053ed1ce16a470634 |
11-Sep-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow device owners to update LOCATION_MODE." into lmp-dev
|
8cd28b57ed732656d002d97879e15c5695b54fff |
09-Jun-2014 |
Amith Yamasani <yamasani@google.com> |
Apply cross-user restrictions to Shell Even though Shell user is allowed to perform cross-user actions, lock that path down if the target user has restrictions imposed by the profile owner device admin that prevents access via adb. If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't allow the shell user to make the following types of calls: start activities, make service calls, access content providers, send broadcasts, block/unblock packages, clear user data, etc. Bug: 15086577 Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
evicepolicy/DevicePolicyManagerService.java
|
a240d8377a3a45ddd4daccdb6b34f51644296486 |
05-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Don't allow guests to install from unknown sources" into lmp-dev
|
82735bcb1400cb5ab2da763a236a55927d87ab00 |
04-Sep-2014 |
Julia Reynolds <juliacr@google.com> |
Allow device owners to update LOCATION_MODE. Bug: 17388933 Change-Id: If3267aa52c2611cf764a19bee019c312f6ebf5d1
evicepolicy/DevicePolicyManagerService.java
|
127343cb460c8d23f9fb59bcf4bcea6e9b9cea03 |
04-Sep-2014 |
Craig Mautner <cmautner@google.com> |
Merge "Eliminate deadlock by deferring wipe data call" into lmp-dev
|
66eb5218335886fed1978891bd0f2d04d2109563 |
04-Sep-2014 |
Craig Mautner <cmautner@google.com> |
Eliminate deadlock by deferring wipe data call The call to RecoverySystem.rebootWipeUserData() was made while holding the lock to DevicePolicyManagerService. But it blocks waiting for system_process' main thread to receive the ordered broadcast complete callback. It won't receive that callback because Keyguard is running on the main thread and is concurrently blocked on DevicePolicyManagerService. By moving the call to rebootWipeUserData() out of the synchronized block the deadlock is eliminated. Fixes bug 16870054. Change-Id: I3eb587211e5484859cc9dab7e80e5a1f6c85225d
evicepolicy/DevicePolicyManagerService.java
|
29ce85bab94a2d0dc98d9075ae86c8a282367117 |
04-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Don't allow guests to install from unknown sources Added a user restriction when creating a guest. Made sure that guests can't install profile owners that could undo the restriction. Bug: 17359648 Change-Id: Icdd919e8b1cbd79a69aacb76e573ec3449f18e4c
evicepolicy/DevicePolicyManagerService.java
|
808f6ef2ac2127ea0ea14e71c9599355b631a617 |
28-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Pass ComponentName to probing certificate methods Pass ComponentName and check whether that admin is a profile owner on DPM get/has certificate methods (requested on the API review). As per Change I55eec17e01489ab323f8a0e68b11592605a7b740, not keeping track of which admins installed which certificates for now: "Having per-admin CA certificates would be a fair bit of work. The only MDMs we're opening this up to for now are Device and Profile Owners which 100% manage the profile so will be the only admin. It seems like if we keep track of "who installed which certs" it'll be a little pointless because the answer will always be "the ProfileOwner" for every single one." Bug: 17005622 Change-Id: I45e9dac5236ab4ed235a341c208ac3cb6aba17da
evicepolicy/DevicePolicyManagerService.java
|
a8528c642090525f0e5f3c35dc3ba5a50ff17093 |
28-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Audio/Micrphone user restriction/multiuser updates." into lmp-dev
|
65c27970821f022d5c256eba8b764f584210e683 |
28-Aug-2014 |
Robin Lee <rgl@google.com> |
Relocate broken getCallingUserId() calls This should not be invoked while the calling identity is cleared because it will return the current user rather than the calling user. Bug: 17314802 Change-Id: I587daa420b0976d41928ab7c34eeda2329c1341e
evicepolicy/DevicePolicyManagerService.java
|
729b2a6c2f330c10674bb3fc0c4f2eb57e3d0a43 |
27-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Renamed getUninstallBlocked to isUninstallBlocked As per API review. Bug: 17297103 Change-Id: Icb4ceded317b0df4deb0f5221512541a632e150b
evicepolicy/DevicePolicyManagerService.java
|
b53453fae037d67e421011936c8fdffe7ba43922 |
22-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Audio/Micrphone user restriction/multiuser updates. 1. Persist microphone mute state. 2. Set mute state for correct user. 3. Check for settings restrictions as the correct user. Bug: 17177502 Bug: 16701642 Change-Id: Id8b6cd90c5caceb67fbec862f90aac7ec7a00b3c
evicepolicy/DevicePolicyManagerService.java
|
19d431f330bf1d89c92c0971dad5fa8f5950b16d |
27-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Limit the settings profile/device owners can update." into lmp-dev
|
9ed66da8dfd15001cebe8f7ef453718f41f9904d |
26-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Limit the settings profile/device owners can update. Bug: 16351901 Change-Id: Id33a57ad651b5b7b58de0549eb90d5a1fe5c19c5
evicepolicy/DevicePolicyManagerService.java
|
0ced6272911f440843e9ff8e89b9fafdb49b243b |
26-Aug-2014 |
Sander Alewijnse <salewijnse@google.com> |
Provide lockdown of date/time device owners. Fixed two minor issues with the screencapture as well. Updated documentation and added enforceCrossUserPermission. Bug:16948504 Change-Id: I9a645dcf480a4a044879ba481bce964d06fe5153
evicepolicy/DevicePolicyManagerService.java
|
de3af82ce0c533a284df8d5afc49a475b003ea46 |
21-Aug-2014 |
Jason Monk <jmonk@google.com> |
Merge "Write device owner name to XML" into lmp-dev
|
4e7a65f15c80c2601fdb24e596f4a9af4926546a |
21-Aug-2014 |
Jason Monk <jmonk@google.com> |
Write device owner name to XML So that it can be remembered. Bug: 17153003 Change-Id: I6fb96334f235348bc237cc52e09c2fe5ef1332b7
evicepolicy/DeviceOwner.java
|
d5c5c13c8505a27290a2540ff1f64c8753431cb1 |
20-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Rename get/setBlockUninstall() to get/setUninstallBlocked() As requested in the API review Bug: 17005622 Change-Id: I1332ad11e588ab3fa409f2a28222608936cb383e
evicepolicy/DevicePolicyManagerService.java
|
8c5c37364776266d9d91bb35094a9755707833f7 |
21-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Remove setApplicationsHidden" into lmp-dev
|
b9e468cb9d77abf57473436e29042e1b27d9f70b |
21-Aug-2014 |
Kenny Guy <kennyguy@google.com> |
Merge "Add apis for whitelisting IMEs and accessibility services." into lmp-dev
|
115cd65d2a3417b506563e6b2d60c269d69efaef |
21-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Remove setApplicationsHidden As requested in the API review. This version (the one that takes an Intent) was used only in the DeviceAdminSample and some CTS tests. Bug: 17005622 Change-Id: I9984b22836417ad4d025302f61bd91704e9345a4
evicepolicy/DevicePolicyManagerService.java
|
fa80a4faa3ab32f61742b684e832126dae8468e7 |
20-Aug-2014 |
Kenny Guy <kennyguy@google.com> |
Add apis for whitelisting IMEs and accessibility services. Adds apis for device / profile owners to white list the accessibility and input methods a user can enable. Bug: 14469005 Change-Id: I921888660d29a5370395db87adf75d4d106660c9
evicepolicy/DevicePolicyManagerService.java
|
6bd702538d90005add1cfc33746da19404090dc1 |
20-Aug-2014 |
Svet Ganov <svetoslavganov@google.com> |
Notify app widget hosts when cross-profile providers change. 1. Notify the hosts in the group if a package gets white-listed or un-white-listed for providing widgets across profiles. 2. Notify hosts in the group for provider changes when a profile is deleted. bug:17126070 Change-Id: Ic719c1c68e45842d50decc95603f1d61583b8f02
evicepolicy/DevicePolicyManagerService.java
|
afe7a2c9c30393c83304ad0d30a6a32072ba1845 |
20-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Prevent profile owners from setting certain user restrictions." into lmp-dev
|
2cb384f42569f36e19ecee60da259d69048fdd85 |
13-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Prevent profile owners from setting certain user restrictions. Bug: 16351901 Bug: 16701492 Change-Id: Ie866bc24d2d7cc15f86c5b50062a730e099612a1
evicepolicy/DevicePolicyManagerService.java
|
255dd04271088590fedc46c8e22b2fd4ab142d39 |
19-Aug-2014 |
Selim Cinek <cinek@google.com> |
Added notification color to all system notifications Bug: 17128331 Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
evicepolicy/DevicePolicyManagerService.java
|
95d9ad0f79c900db9bca1745100f14d0ec9cc133 |
18-Aug-2014 |
Jason Monk <jmonk@google.com> |
Merge "Fixes to lock task API from API review" into lmp-dev
|
3d9eb78fe91ab2479eb38443aed588e10421e31b |
11-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Apply lockdowns when user restrictions are set. Previously DMAgent would apply these lockdowns before/ after setting the matching user restrictions. Bug: 16701642 Bug: 16945830 Bug: 16944983 Change-Id: Ib4f7145055687f12408d6ccacd8e6380406a32b2
evicepolicy/DevicePolicyManagerService.java
|
48aacba761527a529c2b668c8151c7f98ff70524 |
13-Aug-2014 |
Jason Monk <jmonk@google.com> |
Fixes to lock task API from API review Adding ComponentNames and some splitting/renaming of broadcasts. Bug: 17005622 Change-Id: I9ece3553310fb20b0c3c3e4032b408e86384363a
evicepolicy/DevicePolicyManagerService.java
|
b8b4774e6185058b179a31f8c1a2dd806413e31b |
07-Aug-2014 |
Adrian Roos <roosa@google.com> |
Fix NPE in DevicePolicyManagerService that crashed SystemUI Bug: 16857795 Change-Id: I6234f03c4ee31311af9f9c556b790594ee1a8b2f
evicepolicy/DevicePolicyManagerService.java
|
00f201e41b5b496327b9578e6fb00fad8b4d9da9 |
07-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Wipe only managed profile when max number of incorrect passwords exceeded" into lmp-dev
|
fe0f24cc92b04e03cac3f807859721f1ce7ef54a |
06-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Wipe only managed profile when max number of incorrect passwords exceeded When the maximum number of retries that has been exceeded is not for the primary profile of the user, wipe only the profile that set that policy (e.g. the managed profile) rather than the entire user. At the moment the whole device is wiped if the max number of incorrect passwords for a managed profile is reached, as the password is shared with the USER_OWNER. Bug: 14453697 Change-Id: I5746de104133c0ea0a51d75b9c92e1516d365d8c
evicepolicy/DevicePolicyManagerService.java
|
318f91b784e8f71b25e6de2f22d8e24412477ae2 |
07-Aug-2014 |
Svetoslav <svetoslavganov@google.com> |
Fix NPE in device policy manager service. Change-Id: I796359f903077eb0ef825ed926557f1a13b2e4c4
evicepolicy/DevicePolicyManagerService.java
|
976e8bd2017d0263216c62111454438cc0f130e3 |
17-Jul-2014 |
Svetoslav <svetoslavganov@google.com> |
Allow adding widgets from user profiles. The goal of this change is to enable support for appwidget from user profiles to the user main profile. A user profile is a user which is associated as a child of the main user profile. For example, a user may have a personal (parent) and corporate (child) profile. The device policy should be able to control whether adding a widget from a child profile and given packages is allowed. This change assumes that all packages from managed profiles are white listed. Another change will add the device policy changes. Change-Id: I267260b55d74c48b112a29979a9f59eef7a8194e
evicepolicy/DevicePolicyManagerService.java
|
a87863a8bddb033ca9ace11e7d78932d70d08ce3 |
29-Jul-2014 |
Sander Alewijnse <salewijnse@google.com> |
Fix deadlock window manager and device policy manager. Removed all communication from wm to device policy manager. Added initialization of cache in wm by dpms. Change-Id: Ifa0b8bfcd625464b156d5cc0fb66d342deda1c27
evicepolicy/DevicePolicyManagerService.java
|
50c360790ca4c061aa6a1d94e06bd7e25b0f0436 |
30-Jul-2014 |
Robin Lee <rgl@google.com> |
Don't turn off screen after wiping user profiles The activity manager should know when to lock the screen. If an admin does want this to happen then they should be able to run both commands in succession. Also rectifies some creative code styling in the same DPM method. @bug 15558805 Change-Id: I8918184a4585aa8b061eb4a68edc2ec6805d8127
evicepolicy/DevicePolicyManagerService.java
|
bf3a9465483976dcd5692b619b47132c2b95f73e |
28-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Set profile owner via an intent priv apps can request to become a profile owner after setup has completed. This will pop up a consent dialog (in Settings). Also, clean up profile owner concept to be a component name. Change-Id: I5e8532866e8018f61836c4e84fbbadb6150218ae
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
604e7558ef32098644b2f9456d7743a07ae789dc |
19-Jul-2014 |
Jim Miller <jaggies@google.com> |
Add new DevicePolicyManager API to allow fine-grained TrustAgent management This adds a new feature that allows a device admin to specify a whitelist of features that are allowed for the given admin. Change-Id: I83f853318efbcf72308532d0a997374f73fa9c10
evicepolicy/DevicePolicyManagerService.java
|
ea4f01070a9c8f5147eb228c413a84de78d98973 |
28-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Remove the profile/device owner user restriction bypass." into lmp-dev
|
401de1785eccc946ed6c35e9b7fccab92b2022af |
25-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Remove the profile/device owner user restriction bypass. Bug: 16566096 Change-Id: I4a56046df44d36d82edc64fc727e8cad5dc75382
evicepolicy/DevicePolicyManagerService.java
|
0da218be00d37a20866059c54a3dd5e8bf17e20b |
25-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Don't update user's setup state unless it changed Eliminates an extra write on every boot. Bug: 16416936 Change-Id: I9ca16676c1b39dafeed3fc744a69c5bde819990c
evicepolicy/DevicePolicyManagerService.java
|
3f7777fa4f1d392e18bad39edcd4539880c52ff9 |
24-Jul-2014 |
Nicolas Prevot <nprevot@google.com> |
Storing the app who sets a CrossProfileIntentFilter. When we add a CrossProfileIntentFilter, we store the package and userId of the calling app inside the CrossProfileIntentFilter. When an app calls clearCrossProfileIntentFilters, we only remove the filters that the calling app has set itself. BUG: 16537557 Change-Id: I6e7bc859383ea66553d9f4230365df8ba27525f3
evicepolicy/DevicePolicyManagerService.java
|
d2a1eec400128f39e1b223a720a88dbd395f3e6e |
09-Jul-2014 |
Sander Alewijnse <salewijnse@google.com> |
Add Device Policy API to disable screen capture. WindowManager will set secure flag on SurfaceControl for all windows of a flagged user to prevent screen capture. API is consistent with the camera disable API. Change-Id: Ib180f67f1ad827b6f4aca2af615274256cce58f4
evicepolicy/DevicePolicyManagerService.java
|
8ddeee98b8b3d8b7379d9044b1ad0ad12ead004b |
23-Jul-2014 |
Dianne Hackborn <hackbod@google.com> |
Use foreground broadcast to get device admin msg. Using a background broadcast is bad, it can take a long time to get the message back, either accidentally (backed up behind other broadcasts) or from a deliberately malicious admin. Change-Id: Ib7491f8e27dacdc002562aef027ee4664e78e97b
evicepolicy/DevicePolicyManagerService.java
|
9c2be6c7ba3d7dce58e8f4ec1617698c54ae808e |
22-Jul-2014 |
Robin Lee <rgl@google.com> |
Stop double-loading device admins loadSettingsLocked() was being called twice for USER_OWNER at systemReady(), doubling the number of admin entries at every boot. Also guards against double-adding admins which appear twice in the same XML file, favouring more recently-refreshed entries for backward compatibility. Previously an application calling in with 'refreshing = true' would double-insert whatever admin was being refreshed into its user's list of device admins. This is fixed too. @bug 16416936 Change-Id: Idd147aa130e6bce7bcc40532f0a7fb07117b3151
evicepolicy/DevicePolicyManagerService.java
|
eee5094f96c630661ca563d70de244ccbbd53579 |
22-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Fix a security exception when checking cross-profile caller-id cap. No need to enforce that the caller is in the system process. We're only checking if the device policy is allowing access. Bug: 16301261 Change-Id: I87a7c808d116c86aa68cebb36631c46d0a54be96
evicepolicy/DevicePolicyManagerService.java
|
e5bcff624fb58b6f95be8ddff7f5b6b3bf5d19c7 |
20-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Rename setApplicationBlocked to setApplicationHidden This corrects the expected behavior of the app state. Hidden apps can be installed by the store to be brought out of hidden state. Bug: 16191518 Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
evicepolicy/DevicePolicyManagerService.java
|
c8fa3ae2ce238843496d7aa3f1c4042bb9bb98b4 |
17-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Merge "Create DPM APIs for cross profile callerId" into lmp-dev
|
210fe21e95cfff98734f5b849b205cdcb0706948 |
17-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Create DPM APIs for cross profile callerId Contact information in the managed profile is shown in the incoming call UI unless blocked using this API. TODO: Actually plumb this into the caller-id logic. Bug: 16301261 Change-Id: If03adc907d9558baa0a45a1833b857206b7bf96a
evicepolicy/DevicePolicyManagerService.java
|
999d394adee533c55fce38bd632ffd4f1af91362 |
03-Jul-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Ads per-user APIs to manage accounts through the AccountManager Bug: 16056552 Bug: 14642886 Change-Id: I17ff6c2515285e63c84cecf2f861d10666c393c5
evicepolicy/DevicePolicyManagerService.java
|
3f4f2fbcd0557e32464e393cb9acc28c2328614e |
17-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Keep track of user_setup_complete in DPMS" into lmp-dev
|
ed239cb950d05ae794999ca75cef0c5371016800 |
17-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Keep track of user_setup_complete in DPMS This is to ensure that some system app can't modify that state for purposes of changing the profile owner without user consent. Bug: 16207721 Change-Id: Ic5f454d7568cd824b83456eed0e2611779a9adf8
evicepolicy/DevicePolicyManagerService.java
|
655be2a98ea6285fc33aec4b223e90c2620927f1 |
14-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Revert "Remove enableSystemApp methods." We need to go back to uninstalling system apps so we can re-install non-default system applications through Play. This reverts commit e3dbcd138c07f2d32ac84229d0a49052cc18d424. Change-Id: I0a7af094614c4a10800971c82e10571f7312e079
evicepolicy/DevicePolicyManagerService.java
|
582d9111d76632027fed7af10d05d4b44df16c0c |
10-Jul-2014 |
Jason Monk <jmonk@google.com> |
Add API for device owner to switch users Once verified that caller is device owner just calls through to the activity manager and acts like that call. Change-Id: I34023313cd6742b73d2105655ec6b631879aa37a
evicepolicy/DevicePolicyManagerService.java
|
85516d028b2dcc7ebc09f4a68085836aa26191d5 |
01-Feb-2014 |
Jim Miller <jaggies@google.com> |
Add new "pin complex" type to supported keyguard PINs This adds a feature to allow DevicePolicyAdmins to prevent using simple PINs, which are defined as those containing more than 3 repeated values. Examples include '1234', '2468', '1111', '9876', etc. Bug 12081139 Change-Id: I4ebe1c76a48087dcd7c878e9bd79a4e3ee2a27fe
evicepolicy/DevicePolicyManagerService.java
|
fe0538098403b49ebd9219bf77236471bb5ca63b |
30-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Restrict factory reset with user restrictions. Bug: 15985879 Change-Id: I524bd8a790798a85a679aa195e634f6e0227d09f
evicepolicy/DevicePolicyManagerService.java
|
c13053bf1c05b980421611487ce67677c08db299 |
29-May-2014 |
Kenny Guy <kennyguy@google.com> |
Add package state to block uninstall. Add package state to allow profile or device owners to block uninstall of packages. Add API to DevicePolicyManager to set/get the state. Bug: 14127299 Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
evicepolicy/DevicePolicyManagerService.java
|
1333ea1ed7a95eb9e1be43c20a0c48e901654cac |
23-Jun-2014 |
Jessica Hummel <jhummel@google.com> |
Provide api to set the managed profile name. Instead of sending the profile name in the provisioning intent the mdm should set the profile name after provisioning has completed. This allows us to simplify the provisioning flow and the mdm can change the name of the profile later on if required. Change-Id: I821ef2300eae74e89872152ae1c89ac3ecbb82e7
evicepolicy/DevicePolicyManagerService.java
|
ef1de65117e8361cbeb188309dbb1a7953350c2a |
25-Jun-2014 |
Adrian Roos <roosa@google.com> |
Trust Agents: Disable until next unlock if device is locked by DPM Bug: 15871777 Change-Id: I1a6e43848e600ffa2092282081b18ddf92419d4a
evicepolicy/DevicePolicyManagerService.java
|
c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437 |
24-Jun-2014 |
Jason Monk <jmonk@google.com> |
The profile owner shouldn't control lock task Since managed profiles are started on bootup, the managed profile would be allowed to set an app (possibly itself) as a lock task app and then run itself on bootup and constantly control the device. This privelege should be restricted to device owners. Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
evicepolicy/DevicePolicyManagerService.java
|
aab72f3b0ab740e12b4a2576a99852081529feb5 |
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Revert "Publish DevicePolicyManager CA certificate APIs"""
|
306fe08ce2b06671336e67a87afaa0851f0105eb |
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Revert "Publish DevicePolicyManager CA certificate APIs"" This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936. Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
evicepolicy/DevicePolicyManagerService.java
|
2b5e917026fe4e6dec8712ee24bdffee8d62ab33 |
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Publish DevicePolicyManager CA certificate APIs" This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5. Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
evicepolicy/DevicePolicyManagerService.java
|
e7cd37e6138c5e769cc6cb398e632bca24d2d1ab |
19-Jun-2014 |
Nicolas Prevot <nprevot@google.com> |
Merge "Introducing crossProfileIntentFilters that skip the current profile."
|
63798c596dc757135950313eb4bb44ca58696c68 |
27-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Introducing crossProfileIntentFilters that skip the current profile. For these crossProfileIntentFilters, the activities in the current profile cannot respond to the intent. Only activities in the target profile can respond to the intent. BUG: 14936725 Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
evicepolicy/DevicePolicyManagerService.java
|
fbe6be4f653d73d5c51ee0a2fb40d2a34c2366fd |
18-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Notify any profile/device owners of lock task"
|
35c62a4668a85aa4318c9ec564f2e06e8a2d2a30 |
17-Jun-2014 |
Jason Monk <jmonk@google.com> |
Notify any profile/device owners of lock task Add a method for DeviceAdminReceivers of profile/device owners to be notified that lock task mode has entered or exited for an app they have whitelisted. Change-Id: Id124287d41564bbfccdacccf1977b7acb3ddec3f
evicepolicy/DevicePolicyManagerService.java
|
6d3912e2ef75a7794ac44839eef2569086cae104 |
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Publish DevicePolicyManager CA certificate APIs""
|
d7b8621bde44857ebb07130693a00f5f777887d4 |
16-Jun-2014 |
Jason Monk <jmonk@google.com> |
Change lock-task DPM authorization to packages Switch the DPM lock-task authorization to be controlled by a package rather than a component. Change-Id: Ife9bed068f31ff2449b4451ab69d3586a3f09d89
evicepolicy/DevicePolicyManagerService.java
|
b12f1778d612a53e6b40e6d5873be1ccff2e52a5 |
17-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Publish DevicePolicyManager CA certificate APIs"
|
837304f6f6ae37dc475fa6e0e620f1c2321f2e11 |
11-Jun-2014 |
Robin Lee <rgl@google.com> |
Publish DevicePolicyManager CA certificate APIs Exposes these methods: - hasCaCertInstalled - hasAnyCaCertsInstalled - installCaCert - uninstallCaCert Allows device and profile owners to perform some certificate management including querying for and enabling/disabling specific CA certificates. Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
evicepolicy/DevicePolicyManagerService.java
|
4e81913a66c98bfd9939376640b89015a23580a1 |
12-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Allow device owner to configure secondary users"
|
03978a40b3a4c268329ae733eff8dfffd92f6e09 |
10-Jun-2014 |
Jason Monk <jmonk@google.com> |
Allow device owner to configure secondary users Currently the device owner can create secondary users, but unless it is a system app it will not be installed and will not be able to pass data easily from the code that creates the user and any code running on that user. This allows the device owner to install itself while creating a user and start up a service to configure that user. createUser takes an bundle so that the device owner can pass across any initial setup data it needs to, this bundle will be sent to the admin receiver in onEnable. Change-Id: Ic1f8565dd2a7bd85363527cf68b0ecd4dc9c3636
evicepolicy/DevicePolicyManagerService.java
|
122c595cd9ca00435b7265444e181f8cc78335e5 |
11-Jun-2014 |
Robin Lee <rgl@google.com> |
More meaningful errors for DPM calls by non-owners Now throws an exception titled something like "Admin X does not own the profile" instead of the rather unhelpful NullPointerException that was thrown previously. Change-Id: I33f6da5ea5eb70d8ea3939cfa280c794b01c3382
evicepolicy/DevicePolicyManagerService.java
|
4a21b25fad62e4f19d13ba814263841c931f56ef |
04-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Allow profile and device owners to change and get the master volume mute state. Also protect muting master volume with op code OP_AUDIO_MASTER_VOLUME. Bug: 13585918 Change-Id: I91fe7ee60cd291cca15966b3127c0bb8a4828f6a
evicepolicy/DevicePolicyManagerService.java
|
b0dced8173a9a930bc0ea2a7a669a907aaffd735 |
06-Jun-2014 |
Jason Monk <jmonk@google.com> |
Add an API to clear the device owner. Only the device owner will be able to clear itself. Change-Id: Ie3231467d92e8c5d22ec51256177793f34110432
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
f10606a9a4193cb5ba56dd26db9983845855e8c3 |
06-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Add device-owner based setting of global proxy."
|
03bc9918345a977e9c45796bf3bb5bf9a3b87d25 |
13-May-2014 |
Jason Monk <jmonk@google.com> |
Add device-owner based setting of global proxy. Re-hide the setGlobalProxy on the ConnectivityManager as it requires CONNECTIVITY_INTERNAL. Instead add a function to the DevicePolicyManager to set the global proxy, that can only be called by the device owner. Change-Id: I9ffb2cc4f30a6dc9b868d86f056e1fbd512d8dfc
evicepolicy/DevicePolicyManagerService.java
|
56e0d8003bdeeddb8b5d355cea219d3d54e87bff |
06-Jun-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Merge "Clean up deleted users in DevicePolicyManagerService"
|
73a41d2c4e4184504959628ae5536a7e862e0f67 |
05-Jun-2014 |
Kenny Guy <kennyguy@google.com> |
Fix bug with sending intents to correct user for device admin. Password change intents etc. were always being sent to owner rather than user the device admin was installed for. Also add TODO to not assume profile parent is OWNER. Bug: 15442331 Change-Id: I7e58069bc4a6ab94f038ae1b80c044d666986318
evicepolicy/DevicePolicyManagerService.java
|
22745f4c9ad0e5abc58fe9ff93e9952a601cc6c9 |
04-Jun-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Clean up deleted users in DevicePolicyManagerService Bug: 15405715 Change-Id: Icd958fe9378deb92f25622b341e0502d865b742f
evicepolicy/DevicePolicyManagerService.java
|
1b8737ee18f5d80adda41eafca6143a046a47a13 |
04-Jun-2014 |
Sander Alewijnse <salewijnse@google.com> |
Merge "Remove enableSystemApp() and enableSystemAppWithInten()."
|
f20d640fa2b155a971ddfe0965fc803a73b5e53c |
25-May-2014 |
Amith Yamasani <yamasani@google.com> |
Restrictions Manager Mechanism to register a provider for requesting an administrator to respond to permission requests. Request format and response format constants. Description of manifest template for static restrictions. Int type introduced in RestrictionEntry. Needs more javadoc and better description of manifest templates, including specifying the XML attributes. Change-Id: I5a654d364e98379fc60f73db2e06bf9a8310263d
evicepolicy/DevicePolicyManagerService.java
|
866896df168d1382732c97e49617ab2f2995d376 |
27-May-2014 |
Sander Alewijnse <salewijnse@google.com> |
Remove enableSystemApp() and enableSystemAppWithInten(). Use setApplicationBlocked() and setApplicationsBlocked() instead. Change-Id: I3d323d704db0a45e936f63675821707b4fddc48b
evicepolicy/DevicePolicyManagerService.java
|
8194899071e0a84c95ef10614bd1b9485b48f589 |
16-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Rename code related to cross-profile intents. For example, replace ForwardingIntentFilter by CrossProfileIntentFilter Bug: 15023443 Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
evicepolicy/DevicePolicyManagerService.java
|
1e958398232cb11935f5341d71df52c5455c620f |
16-May-2014 |
Julia Reynolds <juliacr@google.com> |
Create deviceowner gated APIs for creating and removing users in devicepolicymanager. This will allow DMAgent to manage users for EDU's cart model user case. Bug: 15015887 Change-Id: I1eadf1701cb75fc4b50eb1a0df1525eff818286e
evicepolicy/DevicePolicyManagerService.java
|
a9e460aefcf3891af5acc7d8ae74da9eed49bfbd |
21-May-2014 |
Robin Lee <rgl@google.com> |
Remove enforceManagedProfile for listing keyguard features Change-Id: Ic89f09ada046f64b089b977868b6f37bc0a6de91
evicepolicy/DevicePolicyManagerService.java
|
d862ebb6036a769cb3be371b396e9e33f89ee365 |
21-May-2014 |
Narayan Kamath <narayan@google.com> |
resolved conflicts for merge of fcc4fed3 to master Change-Id: Icebca982b01debd67a1470c02651ef8936f6e5b0
|
c8e4b8107a21c5a782f959aa77fbf066d6e131be |
21-May-2014 |
Robin Lee <rgl@google.com> |
Merge "DPM: Disallow some DeviceAdmin policies for ProfileOwners"
|
a9ee6729538941a2b866d83ecbd891645f0ccc16 |
20-May-2014 |
Robin Lee <rgl@google.com> |
DPM: Disallow some DeviceAdmin policies for ProfileOwners A profile owner should only have control over the profile. All of the following device admin APIs that affect the device beyond the profile that they are called from are now disallowed: - Camera enable/disable - Keyguard - Wipe external storage @bug 14434826 Change-Id: I69acfdf6f654f48b5db91aeb3ea86662d7857075
evicepolicy/DevicePolicyManagerService.java
|
6d8fd27e51d799cf7418b14092b5e806d9792812 |
21-May-2014 |
Jeff Brown <jeffbrown@google.com> |
Make power button behavior configurable. Allow power button to be used to either go to sleep as usual, which may doze, or skip that completely and really go to sleep. May also really go to sleep and go home all at once. Bug: 14406056 Change-Id: Ia19e2551b9c2a72271bb2eddd5c0d1749761e019
evicepolicy/DevicePolicyManagerService.java
|
37f4e44ae614987c5ed953a1829c7181bb775e1f |
21-May-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Add Device/Profile Owner gated apis for setting/getting blocked packages."
|
966881e8951f9bb297689745dcaecfdc13432656 |
14-May-2014 |
Julia Reynolds <juliacr@google.com> |
Add Device/Profile Owner gated apis for setting/getting blocked packages. DMAgent currently needs to live in /system/priv-app in order to (among other things) set and get blocked packages. These APIs will get us closer to being able to move DMAgent out of priv-app. Bug: 14945334 Change-Id: I108e2013c67409dca554acf78e3a710745900706
evicepolicy/DevicePolicyManagerService.java
|
da551653219092306fc7e1ce5743ab40683cee6f |
14-May-2014 |
Julia Reynolds <juliacr@google.com> |
Allow device/profile owners to update settings. Device owners can update Settings.Secure and Settings.Global settings. Profile owners can update Settings.Secure settings. DMAgent currently needs to live in /system/priv-app in order to (among other things) update global and secure settings. This change will get us closer to being able to move DMAgent out of priv-app. Bug: 14965414 Change-Id: If2cc3a56de91bffde33b838ab8ecea2c32412803
evicepolicy/DevicePolicyManagerService.java
|
3a483594436cc477529b3f7c31b3242ee4707705 |
17-May-2014 |
Amith Yamasani <yamasani@google.com> |
Use correct package name for profile owner Fixes reboot loop when you have a managed profile on your device. Change-Id: I935ded447f226ee0507d3dcf22a730a7fb61a0c0
evicepolicy/DevicePolicyManagerService.java
|
9fcff5aadd48206235d205c30cbdae47fc586e3b |
16-May-2014 |
Jason Monk <jmonk@google.com> |
Fix NPE in DevicePolicyManagerService Bug: 15015897 Change-Id: Id9f6ae8b5abf96d35f799b150210813fb52da54c
evicepolicy/DevicePolicyManagerService.java
|
62062996dd256df8b575b2ba1f0bf97109c4e0ba |
06-May-2014 |
Jason Monk <jmonk@google.com> |
Notify AppOpsService of UserRestrictions and Owners This makes the DevicePolicyManagerService and UserManagerService push the DeviceOwner/ProfileOwners and user restrictions on boot as well as on any change. This also adds a list of restrictions that allow any op to connected with a user restriction such that it will return MODE_IGNORED when the user restriction is present (except for the device/profile owner). Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
91da58ded2e7c0dd3d045244cc78eb0d788736a7 |
10-Apr-2014 |
Jessica Hummel <jhummel@google.com> |
Allow setting password restrictions from a managed profile. A managed profile will now share password settings with its parent. - the current password is always stored in the parent - admins of profiles are notified if that password changes - checks for password quality now take the requirements of admins on the parent and its profiles into account Todo: - Currently KeyguardSecurityContainer wipes the whole device when the maximum fails has been reached on any profile. We need to limit the wipe to the profile for which the fails exceeded the maximum number. - Intents with ACTION_SET_NEW_PASSWORD need to be forwarded to the parent of the profile when sent from a managed profile Change-Id: I8532c59f753f8d9c61200f553f275214ad90276e
evicepolicy/DevicePolicyManagerService.java
|
511e0d8323d2d2ed341ba40b15bc646e134ac03b |
24-Mar-2014 |
justinzhang <justinzhang@google.com> |
DevicePolicyManager Authentication for Lock Task Here we let DevicePolicyManager keep a list of tasks that are allowed to start the lock task mode. This list can only be set by a device owner app. The ActivityManager will call DevicePolicyManager to check whether a given task can start the lock task mode or not. Change-Id: I650fdae43fc35bf9fd63452283f4e2bbadd11551 Bug: 14611303
evicepolicy/DevicePolicyManagerService.java
|
5c02db60be02cc0c4798ea6d9c2b0e6cf972c158 |
07-May-2014 |
Sander Alewijnse <salewijnse@google.com> |
Add API to disable account management for certain types of accounts. The account types with disabled account management are stored in a blacklist in the active admin object, editable by profile owners. Change-Id: I57dc5f709ad79674fa28dd006969283585daea24
evicepolicy/DevicePolicyManagerService.java
|
54a9ebb50946cd647843dbcc3d9714644926f0fc |
07-May-2014 |
Jason Monk <jmonk@google.com> |
Fix build Change-Id: I87c037faee19b434be741104cdddb9c467f20606
evicepolicy/DevicePolicyManagerService.java
|
010cfd458121034075c7439020ffef4eedbcc0fc |
16-Apr-2014 |
Adam Connors <adamconnors@google.com> |
Add enableSystemApp methods to DevicePolicyManager These methods allow profile or device owners to enable systems apps pre-installed in the primary user in the managed profile. Apps can be specified by either package name or intent. Bug: 13587051 Change-Id: Ifcbc68c139308506b6c18cf3c0ea62b8026ff75f
evicepolicy/DevicePolicyManagerService.java
|
c79586ede6dcd6a167bc8360f058cb5cc655b33d |
06-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Cleaning code related to the forwarding intent filters. Checking for INTERACT_ACROSS_USERS_FULL Adding equivalent methods in the PackageManager Change-Id: Iaa1328fa666613a78e67ca669ea045144275e895
evicepolicy/DevicePolicyManagerService.java
|
6fee7d4cf991a8d39bdefb782937250c87f60f25 |
01-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Introducing removable and non-removable ForwardingIntentFilters. clearForwardingIntentFilters removes only non-removable IntentFilters. The ForwardingIntentFilters set by the profile owner are always removable. Change-Id: If950ccd7e69261b86360ea647fdb501c92f5440b
evicepolicy/DevicePolicyManagerService.java
|
d83a096f299abd9c7fe5e441ef1bb169c314b575 |
03-May-2014 |
Dianne Hackborn <hackbod@google.com> |
Bump up priority of system receiving BOOT_COMPLETED. Change-Id: I5166f88f11f781914312e867cb653c8ecbefa705
evicepolicy/DevicePolicyManagerService.java
|
3c4d9c56db5b24699956de0a5a841196185363cc |
01-May-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Merge "Adds an enabled state in UserInfo instead of DevicePolicyManager"
|
df35d570ed25257c6782e632ab1bae5e1603855a |
09-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Adds an enabled state in UserInfo instead of DevicePolicyManager Bug: 14377459 Change-Id: Ib4ec43d87da96c3dddaf9b7ae1796f261863a182
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
10fa67c77e11699391e27975fc2d276a0b8c7cbb |
24-Mar-2014 |
Nicolas Prevot <nprevot@google.com> |
Introduce forwarding intents across profiles. The package manager service maintains, for some user ids, a list of forwarding intent filters. A forwarding intent filter is an intent filter with a destination (a user id). If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent. When the package manager service is asked for components that resolve an intent: If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent: The package manager service also returns the IntentForwarderActivity. This activity will forward the intent to the destination. Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
evicepolicy/DevicePolicyManagerService.java
|
f2a5bf88cd3cf8690e940e1e49b63e4bb1711781 |
29-Apr-2014 |
Nicolas Prevot <nprevot@google.com> |
Small fix in DeviceOwner.java. Change-Id: Ibfa4ae7b1bc269bc51532026f8a6cc3c75cc42bf
evicepolicy/DeviceOwner.java
|
be46532c9fbebf3ab6498c1b78013a33f620cd31 |
24-Apr-2014 |
Amith Yamasani <yamasani@google.com> |
Allow profile owners to set user restrictions Pass the setting along to UserManager. Fixes a security exception when fetching the profile's enabled state. Change-Id: If71698cf32c52cce1158cf2027443a339bc58488
evicepolicy/DevicePolicyManagerService.java
|
a4fcb4403304192e2a4889c43c4d089d76cd1252 |
24-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Fix two potential NPEs in DeviceInfo Change-Id: Ic4b5b203af25cda9ae65b477c92c1fb5f31ab093
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
385124d8cee38dee00d4fac31e8fbe46fb30565b |
03-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Modify getUserProfiles to return only enabled profiles: Add a new enabled state for a managed profile. Expose that as a new API on DevicePolicyManager. Set the new state when enabling the profile. Return only enabled profiles from the user manager. Bug: 13755441 Bug: 13755091 Change-Id: I2907b182e19b3562592da688b3f68ef5f4088557
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
66e5d96cf9e689148b202787bdc269519c4b6f8f |
09-Apr-2014 |
Robin Lee <rgl@google.com> |
Allow ProfileOwner apps to manage app restrictions Simple wrapper around the UserManager.{get|set}ApplicationRestrictions APIs. Also added a new Intent to signal to running apps that the set of restrictions has changed since startup. Change-Id: Ifd108108a73f87325b499d9de2e1b2aacc59b264
evicepolicy/DevicePolicyManagerService.java
|
9944c2f85c9ec3fd634d8337afa54a065df51825 |
15-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Sends ACTION_MANAGED_PROFILE_ADDED intent at foreground priority to speedup the new profile ui. Bug: 14073989 Change-Id: I06b57a4cb1b9975f28a5e1e676c76c9e6c5befe7
evicepolicy/DevicePolicyManagerService.java
|
512675b07d1643f018e84d66e4ee8b641d3e191c |
02-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Add new call to DevicePolicyManager to enable a profile. Bug: 13755091 Change-Id: Idb6975431f842ededf78966c578b0533e6f186af
evicepolicy/DevicePolicyManagerService.java
|
5c921daa72c6915d036a03b3bda91725a3e30539 |
24-Mar-2014 |
Robin Lee <rgl@google.com> |
Fix privilege escalation for preferred activities Passing in the name of an actual admin should be enough to pass the security check as it was. This is now fixed as the caller is not given the opportunity to spoof its own name any more. Change-Id: Id8be4ca4c8bf3751a1ee8125cf119fa100c81d22
evicepolicy/DevicePolicyManagerService.java
|
627de95925b58e7602374a66ceba76200592ec11 |
24-Feb-2014 |
Sander Alewijnse <salewijnse@google.com> |
Merge "Enables a profile owner or device owner to set and clear default intent handler activities."
|
f475ca33d9232785710aaa438f17915029dfa83b |
17-Feb-2014 |
Sander Alewijnse <salewijnse@google.com> |
Enables a profile owner or device owner to set and clear default intent handler activities. Those intent handlers are persistent preferences. They will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset. Change-Id: Id0cfae46f93c10d89e441f272096a205ec518dd0
evicepolicy/DevicePolicyManagerService.java
|
08fc72d0317fd39a6fa0b2d47c6a5b1529309629 |
20-Feb-2014 |
Robin Lee <rgl@google.com> |
Check DeviceOwner exists before using packageName Creating a profile owner when there is no device owner present also creates a new DeviceOwner object without packageName set -- this situation can lead to a null pointer access when calling isDeviceOwner. Change-Id: I31eab498d78cadc67a1aedd205b458dee2d27705
evicepolicy/DevicePolicyManagerService.java
|
661ec4710b30516a2c7a1101ba65ecac109af619 |
11-Feb-2014 |
Adam Connors <adamconnors@google.com> |
Change API for setProfileOwner to require userId Previously the userId of the current process used but it makes the provisioning process cleaner to be able to pass it in explicitly. Change-Id: I670c4cf3638f1340f6d0bf856c3e01045df8c29e
evicepolicy/DevicePolicyManagerService.java
|
cab8617b8ccea3a99b1ee15e15915c512a10c738 |
11-Feb-2014 |
Jeff Brown <jeffbrown@google.com> |
am 25df673b: am 1b51c9cb: Merge "Make SystemService constructor take a Context." into klp-modular-dev * commit '25df673b849de374cf1de40250dfd8a48b7ac28b': Make SystemService constructor take a Context.
|
b880d880c6cd989eacc28c365fc9a41d31900da1 |
11-Feb-2014 |
Jeff Brown <jeffbrown@google.com> |
Make SystemService constructor take a Context. This change simplifies the process of initializing a SystemService by folding the onCreate() step back into the constructor. It removes some ambuiguity about what work should happen in the constructor and should make it possible for services to retain most of their final fields after refactoring into the new pattern. Change-Id: I25f41af0321bc01898658ab44b369f9c5d16800b
evicepolicy/DevicePolicyManagerService.java
evicepolicy/DevicePolicyManagerSystemService.java
|
9348ac8249d2ef8d935e98053e5d135a2ff1ebcc |
10-Feb-2014 |
Amith Yamasani <yamasani@google.com> |
Fix NPE on removing a user Bug: 12957232 Check for null mDeviceOwner. Change-Id: I107dc24d1a8de121ebd2c1bb56e1af40bb1c55ac
evicepolicy/DevicePolicyManagerService.java
|
776c555d954d9494069f786785877c08add27327 |
09-Jan-2014 |
Adam Connors <adamconnors@google.com> |
Extend DeviceOwner concept to accommodate ProfileOwners ProfileOwners, like DeviceOwners, are Device Admins that have additional priviledges. ProfileOwners however are scoped per user. Change-Id: I1e22c85878e0672121e6ebbe97fca38591f992b2
evicepolicy/DeviceOwner.java
evicepolicy/DevicePolicyManagerService.java
|
e58a49e411327e26b6ad9939833f53c7fa5aef20 |
21-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
Merge commit '817ec49e' into manualmerge Conflicts: services/print/java/com/android/server/print/PrintManagerService.java Change-Id: I1b9bf364ca50ee3c48f53d87ae0ce23e7f3c2bc2
|
817ec49e7991d4cac50b2308cd7cf5f8641e1e29 |
20-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
Wrap some services into a SystemService These services can now be excluded by modifying the list of REQUIRED_SERVICES (TB renamed) Changed appwidget, devicepolicy, backup and print services. Change-Id: Id8e2855d5c045cd57bdb02dca9ed75172803bce7
evicepolicy/DevicePolicyManagerSystemService.java
|
49782e46c0eb85a25ae2abcf80880c48dbab5aea |
20-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
am 9158825f: Move some system services to separate directories * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
|
9158825f9c41869689d6b1786d7c7aa8bdd524ce |
22-Nov-2013 |
Amith Yamasani <yamasani@google.com> |
Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
evicepolicy/DevicePolicyManagerService.java
|