5277deaa591cabb163fa7ad0b139219c3f13313c |
18-May-2017 |
Jorim Jaggi <jjaggi@google.com> |
Fix ordering of notifying dismiss callback Otherwise all unlocks will result in onDismissCancelled. Also fixes a race condition bug where we call reportKeyguardShowingChanged but we don't wait until the state is updated. Then, we called onDismissSucceeded such that KeyguardManager.isDeviceLocked would still return true. Fix this by waiting for the message to be processed. Note that delays shouldn't be a problem here as we are soon calling reportKeyguardShowingChanged from the UiOffloadThread. Test: KeyguardLockedTests Change-Id: I0b312a5f02be3a3d1028d8bf0cd1b8e6a33476ce Fixes: 38219395
rustManagerService.java
|
b884bb28b1416f8d0d93403eeac11af74b9f9968 |
03-May-2017 |
Adrian Roos <roosa@google.com> |
TrustManagerService: Fix service binding leak Fixes an issue where TrustAgentWrapper was created too early. If we later decide to not actually start that agent, it is already bound to, and then we just drop the TrustAgentWrapper class, never unbinding. In addition, this can also create a rebind loop where we are constantly trying to rebind to the trust agent. Bug: 37853858 Test: force-lock, observe that trust agents are properly unbound and not constantly trying to rebind Change-Id: I4d383f9cb499874803a7f024915baf85b3682631
rustManagerService.java
|
fe9a53bc45fd0124a876dc0a49680aaf86641d3e |
31-Mar-2017 |
Jeff Sharkey <jsharkey@android.com> |
Consistent dump() permission checking. This change introduces new methods on DumpUtils that can check if the caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all existing dump() methods to use these checks so that we emit consistent error messages. Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest Bug: 32806790 Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
rustManagerService.java
|
44196d3136e3f6d2eba6cef347d516bcd8f8a321 |
18-Feb-2017 |
Lingjun Li <lingjunl@google.com> |
Null check before calling TrustAgentService and throw Security exception if the API is not allowed. Test: manual Change-Id: I5dfe6bc4347459e0e4349c7624afdde86fce0000
rustAgentWrapper.java
|
93a145f6880f71332b8288774671392259a9b6df |
24-Jan-2017 |
Lingjun Li <lingjunl@google.com> |
Add escrow token APIs to TrustAgentService Security review: b/31273740 Design doc: go/auto_login Test: manual Change-Id: Ib11d4146135a58f1dc451ae8e081977a8f8e6ace
rustAgentWrapper.java
rustManagerService.java
|
327323d2b337077433fe02438a79cc98e91799e3 |
12-Jan-2017 |
Zachary Iqbal <zacharyi@google.com> |
Added an onDeviceUnlockLockout callback to TrustAgentService. Test: Manually tested onDeviceUnlockLockout being called with an actual TestAgentService implementation. Notes: - Active Trust Agents are no longer killed/unbinded from when a temporary device lockout occurs. Instead, the onDeviceUnlockLockout callback of the agent is called. Change-Id: Ifa0984d1d7e5153568334d736e9ebd5a00ef1297 Bug: 34198873
rustAgentWrapper.java
rustManagerService.java
|
85a63bc1a06870b5a86926b0bce94a2bf559e3f0 |
24-Oct-2016 |
Andrew Scull <ascull@google.com> |
Evict CE key on request and when work mode is turned off. DPMS.lockNow takes a flag which can request the managed profile CE key to be evicted. Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction* Bug: 31000719 Change-Id: I68f4d6eed4b041c39fd13375f7f284f5d6ac33da
rustManagerService.java
|
20914d79393aead044848a337ff4f802e4afb48e |
15-Nov-2016 |
Lingjun Li <lingjunl@google.com> |
Adding unlockProfile to trust-agent meta data and makes TrustAgent runnable under direct boot Test: manual Change-Id: I1f0ccafac08be2cc3f4540232e764ef21d4fed38
rustManagerService.java
|
dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0 |
11-Nov-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update usage of ActivityManagerNative. - Remove references to ActivityManagerProxy. - Add isSystemReady to ActivityManager. Bug: 30977067 Test: cts/hostsidetests/services/activityandwindowmanager/util/run-test android.server.cts adb shell am instrument -e class com.android.server.am.ActivityManagerTest,com.android.server.am.TaskStackChangedListenerTest \ -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I07390b6124fb1515821f5c0b37baf6ae74adc8fa
rustManagerService.java
|
ae025828bba3328c6fc958154348c297b4c3e4e8 |
03-Nov-2016 |
Adrian Roos <roosa@google.com> |
Trust: Add missing cleanup upon removing user Change-Id: I4a1d9d38344aea54d1f0ae6d6834a45b2e73cb1c Fixes: 31995569
rustManagerService.java
|
92b83c6495abb3c091474b3a2f16dcbd949d6da7 |
31-Aug-2016 |
Robin Lee <rgl@google.com> |
Redact work notifications separately from personal This will strictly decrease the set of cases where work notifications can be shown. They will continue to honour the parent profile's settings, but will also get redacted/hidden if the work profile has stricter settings than the parent or when the parent is unlocked but the profile is still locked. Bug: 31001762 Change-Id: I2152631dbb8beb7a9899d6406b05f4447d757010
rustManagerService.java
|
e07813326b59ec1ce359c9650f5539f6283c2592 |
19-Aug-2016 |
Rubin Xu <rubinxu@google.com> |
Add missing clearCallingIdentity Bug: 30728557 Change-Id: Ie978b63cd60ae419d5e3171918badad3a89fcca0
rustManagerService.java
|
83a15bca70884e3dcbf7d4ee23492fe531374ee7 |
10-Aug-2016 |
Rubin Xu <rubinxu@google.com> |
Set DeviceLockedForUser state synchronously Setting DeviceLockedForUser on the handler thread will lead to a race condition where an immedidate read might see a stale value. Bug: 30728557 Change-Id: Id9d510d7ad4dbcde6344a044e45f4b2feac19257
rustManagerService.java
|
367e0761c5af88b3b82ffd1c62bad374f40514e0 |
11-Aug-2016 |
Adrian Roos <roosa@google.com> |
Only disable trust agents after lockout am: 9d6fc9246b am: 73b2f5981e am: bbf52f2e85 Change-Id: I4606854b24313cc8231aaa0ce3ea33ea909f68b0
|
9d6fc9246ba0b726872a6a8dabe6c334292c3a10 |
11-Aug-2016 |
Adrian Roos <roosa@google.com> |
Only disable trust agents after lockout Previously trust agents would be disabled even after one wrong attempt. Now we wait for the cooldown (usually 5 attempts), the same as fingerprint. Also adds a TrustArchive entry of when device policy changes are sent to trust agents. Bug: 30037948 Change-Id: I9e284d994ddae45ef66b5b8b601297c63d8ba667
rustArchive.java
rustManagerService.java
|
5d639783a3619ef5f70af31b4ed420455d1e7329 |
21-Jul-2016 |
Adrian Roos <roosa@google.com> |
TrustAgents: Improve debug logging Bug: 30037948 Change-Id: If374c6d4b4fb6e5341986dc42a2f7debb60a4955
rustAgentWrapper.java
rustManagerService.java
|
605733b09a187b1d520ebe125d6a03ef04c303b5 |
20-May-2016 |
Xiaohui Chen <xiaohuic@google.com> |
Initialize device locked state during boot Bug: 28682128 Change-Id: I4d56d6935b5f122b5eb8c33cfdb6e21f9c71807e (cherry picked from commit 91df2a912af717176f5b6238741071222d60d5c7)
rustManagerService.java
|
68771eb837b0a7b94c120a450624d392496413ce |
03-May-2016 |
Adrian Roos <roosa@google.com> |
Fix Trust Agent discovery for FBE Trust agent discovery happens earlier than unlocking the user's key for file based encryption (FBE), so we need to explicitly also ask for non-direct-boot-aware packages. Additionally, never run trust agents for a user that hasn't been unlocked yet. Change-Id: Ice8a6510f163508abecfd83d627658f7aaa5107f Fixes: 28537596
rustManagerService.java
|
428fdd104c6877889da1af2d35af41d5c14833c9 |
15-Apr-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Call notifyLockedProfile in TrustManagerService instead of KeyguardViewMediator." into nyc-dev
|
c662898a182ca8f13d73b71649feeeeceb574edd |
14-Apr-2016 |
Nicolas Prevot <nprevot@google.com> |
Call notifyLockedProfile in TrustManagerService instead of KeyguardViewMediator. Setting the profile as locked is not synchronous. In some cases, KeyguardViewMediator called notifyLockedProfile before TrustManagerService had actually marked the profile as locked. BUG:28161912 Change-Id: Ic2ad302c74806ae368d56050eb31503a8ef0bd38
rustManagerService.java
|
4ab7e595a5deef72448da950f2f973bc0c90fe18 |
14-Apr-2016 |
Adrian Roos <roosa@google.com> |
StrongAuthTracker: Don't rely on USER_PRESENT USER_PRESENT is sent via the background queue. A delay there can cause us not to recognize that the user has unlocked and prompt for the credential again, when trust or fingerprint would be sufficient. Also removes an obsolete reference to USER_PRESENT from TrustManagerService. Change-Id: Ie8d1a180170df5f0c8f9e71660504fd71eeacd99 Fixes: 27830458
rustManagerService.java
|
035e92447084b96ef2c9125e77105c237e20bad3 |
18-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Fix work profile screen timeout policy Settings screen should apply both primary and managed maximum timeout policy, even separate profile challenge is enabled. Bug: 27493348 Change-Id: Ia1ec1cafc7665c54816833af64e0f446a77a55b2
rustAgentWrapper.java
|
517b3a4d9f76e4e351632b442f2fc68bd8100c46 |
03-Mar-2016 |
Adrian Roos <roosa@google.com> |
Start trust agents earlier on successful unlocks Frequently, trust agents are not running because a successful unlock is required for them to start. Unfortunately, that means they were not able to receive the successful unlock. To fix this, we'll now override StrongAuth requirements and start agents early if we detect a successful unlock. Bug: 23021202 Change-Id: Ie85f78d9ce2823dd5c9b6215a52db069fb796d91
rustAgentWrapper.java
rustManagerService.java
|
a7aa4d6f0b91e050c083c19459b0c8b265c92617 |
20-Jan-2016 |
Rakesh Iyer <rni@google.com> |
Allow smart unlock right after boot. This change enables relaxing the constraint by which strong authentication is needed after device reboot. There are very limited use cases where this might be safe, one of which is in a car. Cars head units usually are protected physically by the car and have hardware anti-theft mechanisms so we can potentially allow for Android to allow users to use smart unlock to avoid the lockscreen just after boot. This change adds in a config flag that sets the default trust flags, which can be set to allow smart unlock after boot for car head units. Bug: 26559008 Change-Id: Id6338a97b617ddaf3d2fae5d51235429a42b81cc
rustManagerService.java
|
c13723f22e476b4558061942c001ee62eaca79e4 |
12-Jan-2016 |
Adrian Roos <roosa@google.com> |
Improved trust error messaging (1/2) Tracks why trust agents are disabled and shows a generic message on the keyguard. Dedicated strings in follow-up. Bug: 22704995 Change-Id: Ibb4fd9c9386c4dc12f0734004502b9a9cc6ded79
rustManagerService.java
|
078e91b03a14b9e84f811a9941ca412f5d281dab |
15-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Fix crash in KeyguardManager.isDeviceLocked A missing clearCallingIdentity was causing crashes when isDeviceLocked is queried. Bug: 26576080 Change-Id: I2d78e803873a02861335a95b1bbf13a4d9b45655
rustManagerService.java
|
00a9b890853e9660dde5854fe786b80f6c3e616c |
13-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Protect TrustManager.setDeviceLockedForUser with permission Bug: 26535793 Change-Id: I172f1ec7d9285213ecd70564728c7328a3a675ff
rustManagerService.java
|
8d35de84456cec0c0e0c340d6444dcd4f46663b8 |
12-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Fix missing MANAGE_USER error on calls to isDeviceSecure A poorly placed clear identity was causing some crashes as apps were required to have the MANAGE_USERS permission to query if the current user is secured. Change-Id: I1120b1e4405e78389fcbcb3e7d1dba8c80500da3
rustManagerService.java
|
a1771110d67fa7361f92d92f2e91019882ce3305 |
18-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create Work Challenge per-user condition Change the current static condition to a per-user condition so we can check and enable/disable the work challenge properly. Also add an isAllowed API, as the Work Challenge can only be used when the user's DPC targets N or above to maintain backwards compatibility. Change-Id: I0cb8b475838816801868ffb24726407aa257b4de
rustManagerService.java
|
b3987bd7e9d9ed6e2b336c239b1d8019f8ffe073 |
19-Nov-2015 |
Clara Bayarri <clarabayarri@google.com> |
Make ConfirmCredentials take user into account when creating intent The existing implementation returned null if the device was not locked, but when using ConfirmCredentials for the Work Profile we need to take into account the user we want to confirm credentials for, given that the device user might not have a lock but the work profile will. Change-Id: Ifb5882846b0a62c73ac7cc04d90d1a4d9b103e63
rustManagerService.java
|
10ad84a17d7248488c1653bacc9f20d3a7193999 |
01-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create a separate Work Challenge check This allows us to tell lock checks from FBE checks separately, and will be useful when dealing with password unification. Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8
rustManagerService.java
|
56878a93989a49538fabccfb7218face645030bf |
29-Oct-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create work challenge timeout The work challenge should be locked whenever the device goes to sleep + admin timeout or when the power button is pressed if the lock setting is on. This change creates the infrastructure to lock a specific user instead of the device and uses it in these cases. Then, the current code that brings up the work challenge can check to only show it if the user is locked. Change-Id: I89b4342b1458d97734d7afa66be52bf04ec3a3d4
rustManagerService.java
|
e3b07451c3ca7064cb70f1829cf35963cba74bd8 |
22-Aug-2015 |
Adrian Roos <roosa@google.com> |
resolved conflicts for merge of bcc26c02 to master Change-Id: I4260ff0d090cfa9741fd3adcfcadcbbff6839388
|
b5e4722891e7bbf2fffcd995af02838667a3abab |
15-Aug-2015 |
Adrian Roos <roosa@google.com> |
Add StrongAuthTracker Bug: 22846469 Bug: 22115393 Change-Id: I6ef5322d02e540fc043e7f20d3aabf595ce7c224
rustManagerService.java
|
10fe83a9b9fd4e9d1a560dfaf6505de7f14f9d67 |
19-Aug-2015 |
Jim Miller <jaggies@google.com> |
am 8978d9ac: am 309fef16: am e11fbc08: am 33a5c807: resolved conflicts for merge of 448216e7 to mnc-dr-dev * commit '8978d9acbaaa89be3c14ed758e7c8a8d06071779': Revert "Disable fingerprint when remotely reset by DPM"
|
deb050706c5964800461333881b48ebb7329c536 |
18-Aug-2015 |
Jim Miller <jaggies@google.com> |
Revert "Disable fingerprint when remotely reset by DPM" This reverts commit 8ae1be120806d0189f65a492004a7b5416aa6c6f. Fixes bug 23187090 Change-Id: Idd9798895b08618f7d272b818818a45d3c9dc7d2
rustManagerService.java
|
86fff063eb3014ec96b05ca3ff1cc341210b3a05 |
07-Aug-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Merge "Clean up USER_OWNER in TrustManagerService"
|
4f50d59580983c90accfc3bfff1930a81fecbdfd |
06-Aug-2015 |
Jim Miller <jaggies@google.com> |
am 40fa4070: am 4a66bbf7: am 5f96eb0c: am 6fdb85d3: am 120fc2c7: Merge "Disable fingerprint when remotely reset by DPM" into mnc-dev * commit '40fa4070c70d9ddde681b2fb28627b8a4889080e': Disable fingerprint when remotely reset by DPM
|
8ae1be120806d0189f65a492004a7b5416aa6c6f |
05-Aug-2015 |
Jim Miller <jaggies@google.com> |
Disable fingerprint when remotely reset by DPM When the device is lost or stolen, it's safer to fall back to strong authentication (pin, pattern or password). This disables fingerprint like we do with trust agents. Fixes bug 21620081 Change-Id: I7bbe54be3721b2f160b783daeb3acbe434705046
rustManagerService.java
|
09e02917ff7bb36b89d13fd5df10d2d3c43d5fe9 |
05-Aug-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Clean up USER_OWNER in TrustManagerService Bug: 19913735 Change-Id: I4d0ce3d7f68772faed166818978156c663cebdc9
rustManagerService.java
|
7cb69df507f5f7956c52a2868a0d6e89aec6dde2 |
14-Jul-2015 |
Xiaohui Chen <xiaohuic@google.com> |
sys user split: refactor systemui user switcher BUG:19913735 Change-Id: I017dd1b03fd163c266b8080b969fb7a2e934e26c
rustManagerService.java
|
53a6b06e4bc5ea5edcb1e95ab82c99ab6778b091 |
30-Jun-2015 |
Adrian Roos <roosa@google.com> |
Trust: Track separate user has authenticated since boot Bug: 22115393 Change-Id: Ieb907ec988da1b92c7178c00ecdc40c48d1348db
rustManagerService.java
|
237b061182d36fd3bf2238092ccf3d529ec8877b |
01-May-2015 |
Jorim Jaggi <jjaggi@google.com> |
Only enable fingerprint auth after first regular auth - Add method hasUserAuthenticatedSinceBoot to TrustManagerService - Use this information to only enable fingerprint auth after the user has at least once authenticated with his regular authentication method. Change-Id: Icf073ac3b340d557b044f6bf27f1a7f8511048e2
rustManagerService.java
|
d69e4c1460017062e7c36be55801cb434ad19d97 |
24-Apr-2015 |
Dianne Hackborn <hackbod@google.com> |
Update use of procstate for services. Now that we have a separate foreground service proc state (above a sleeping top app), update various system services to put their bindings into this state when appropriate. There are two new bind flags for this -- one that just always makes it a foreground service, another that only does it when the device is awake (useful for things like the wallpaper). And with all of that, tweak network policy manager to only include apps that are at least foreground service state when in power save and device idle modes. This will allow us to further reduce the set of apps that have network access (in particular not giving access to the current top app when the screen is off), hopefully leading to even better battery life. Change-Id: I91d85a5c5ed64e856149e9a5d94a634a7925ec7f
rustAgentWrapper.java
|
94e15a59b757678949cccb5d783bee1638e84697 |
16-Apr-2015 |
Adrian Roos <roosa@google.com> |
Allow dismissing Keyguard from TrustAgentService Bug: 19900313 Change-Id: I44d13ee6fe65070327076e73a3ed96c94acdc108
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
|
82893681ad6530eec8f2a9b4ecd2e039addf48b7 |
02-Apr-2015 |
Adrian Roos <roosa@google.com> |
Add KeyguardManager.isDeviceSecure Bug: 19823211 Change-Id: I92a1d2542274bf1dc2d5757511ce495264f90733
rustManagerService.java
|
1221b0628d0b896102c20545b30fa7bafa08ae32 |
26-Mar-2015 |
Adrian Roos <roosa@google.com> |
Properly unregister TrustAgentWrapper's broadcast receiver Bug: 19820505 Change-Id: I6f9463a54aa1c33d485b8f55c5f22f18535b0d29
rustAgentWrapper.java
|
bd5e03b6d996aa39a6f607a55ffd0691a55b1cee |
11-Mar-2015 |
Adrian Roos <roosa@google.com> |
Merge "Notify TrustAgentService when device policy configuration no longer applies"
|
a43fd03b9b23f9ad0deae9ee69ee80aaa1433cdb |
09-Mar-2015 |
Adrian Roos <roosa@google.com> |
Notify TrustAgentService when device policy configuration no longer applies Also updates the outdated javadoc to match the current API. Bug: 19500731 Change-Id: I7976bbcc815b84e168718672377a963ffea68c51
rustAgentWrapper.java
|
dfdbad309f610c242931cd588a9c1ea1112b8bd0 |
05-Mar-2015 |
Adrian Roos <roosa@google.com> |
Prevent receiver leak in TrustAgentWrapper Bug: 19601687 Change-Id: Idfe5429926e1c849dc2d908b4877d8410335391c
rustAgentWrapper.java
|
7e2e40e127f5b421f946427071a20d0e9d88ca03 |
21-Nov-2014 |
Adrian Roos <roosa@google.com> |
Follow up to I96c68af9ccc9940acf9fab3b5bd39a3485f01045 Fix log spam and wrong log string. Bug: 18414067 Change-Id: I588ec7b62055d2374d311d3adf9edd500ca40380
rustManagerService.java
|
481a6df99fea124bc4354da34ff668750cdc9041 |
20-Nov-2014 |
Adrian Roos <roosa@google.com> |
Add device locked API for TrustAgentService Bug: 18414067 Change-Id: I96c68af9ccc9940acf9fab3b5bd39a3485f01045
rustAgentWrapper.java
rustManagerService.java
|
50bfeec868157106e8b60abf8964cb24462af182 |
20-Nov-2014 |
Adrian Roos <roosa@google.com> |
Update KeyguardManager.isDeviceLocked API Bug: 18414067 Change-Id: I0715714c2c9a122f578ec0c6f508faae12e6f752
rustManagerService.java
|
fc29e0b5829034d9c0a60882d2a21606b2f513b1 |
11-Nov-2014 |
Adrian Roos <roosa@google.com> |
Properly destroy TrustAgentWrapper when not bound Also fixes a potential issue where refreshing agents for a user that no longer exists would result in a crash. Bug: 18318629 Change-Id: I3589ea7e0f2e63fca02daeecf3ca964a8a8e4b3b
rustAgentWrapper.java
rustManagerService.java
|
e303bf443532c2ad756260133f00747bcff11e69 |
27-Aug-2014 |
Jim Miller <jaggies@google.com> |
Update TrustAgentService API after review This change incorporates API council feedback and enables the TrustAgent whitelisting API. It also contains a minor cleanup of DPM's use of UserHandle to eliminate unnecessary object creation. Fixes bug 17008504 Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
rustAgentWrapper.java
rustManagerService.java
|
cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dce |
28-Oct-2014 |
Adrian Roos <roosa@google.com> |
Improve TrustManagerService user lifecycle - Only bind agents of running users - Explicitly clean up state when users are removed - Delay binding until third-party apps can actually run Bug: 18102460 Change-Id: I5017adc1634b249068099fc5779ba95904312438
rustManagerService.java
|
49d53452e744f03593093f6588cea12a405f9ff5 |
24-Oct-2014 |
Adrian Roos <roosa@google.com> |
Ensure trust agents are disabled in safe-mode Bug: 18070351 Change-Id: I71c5441bb501bb0996b557519328eb0847f043cf
rustManagerService.java
|
bcd076525ccb8a3dfe7d1002bcae059661c1d111 |
22-Oct-2014 |
Adrian Roos <roosa@google.com> |
Add API for querying trusted state Bug: 18084166 Change-Id: Ic755461cc6978943aef4943def93a0e38a1c96c0
rustManagerService.java
|
7b4a38b197ce43cb286d80fc6c4e9713b2807f13 |
21-Oct-2014 |
Adrian Roos <roosa@google.com> |
Delay discovery of system trust agents Waits for BOOT_COMPLETED when enabling system trust agents. This fixes an issue where no agents were discovered because the packages were not ready after an OTA. Bug: 18065140 Change-Id: Ibff9948e1536e07f868d6b29f432923a137091e6
rustManagerService.java
|
c727fb1fc2a0653f2f1355c2f5aa826a3126dcc4 |
10-Sep-2014 |
Adrian Roos <roosa@google.com> |
Merge "Only unbind agents of the user that is being refreshed" into lmp-dev
|
3870d451f7d3913a05ffa144d03167bde9221adb |
05-Sep-2014 |
Adrian Roos <roosa@google.com> |
Add system trust agents on first boot or when adding user While we're in there also call listeners when they're added so they know the state immediately. Bug: 17258031 Change-Id: I5f1186314795f3fafd78e1b3e2d5102cdaec65d6
rustManagerService.java
|
e681c27dc62006358102a250b46726b7a88efe06 |
08-Sep-2014 |
Adrian Roos <roosa@google.com> |
Only unbind agents of the user that is being refreshed Follow-up to I470261f659a573400b2eb1421eeb953c87e58b66. Bug: 17416492 Change-Id: If0da5f163049540476d84d147c0e733fab1ae6d5
rustManagerService.java
|
4e68f11672bdb2d11b0da5cef942cfc9bfabd696 |
29-Aug-2014 |
Marco Fucci <mfucci@google.com> |
Disconnect TrustAgent when not active. Bug: 17191952 Change-Id: I470261f659a573400b2eb1421eeb953c87e58b66
rustManagerService.java
|
1572ee379e1d070c7ad1c37a626ed25db5341a3e |
01-Sep-2014 |
Adrian Roos <roosa@google.com> |
Trust: Look at the security unlock method of the right user Follow up to Ic9e93862c722ebc529f5b2010b9cea941f569ce7. Bug: 17107213 Change-Id: I8f3c19aedeaca3f265c98a4fb60ab74b115fca47
rustManagerService.java
|
76b9b8b0ca537bad6c4da388d77a9e5dee023856 |
23-Aug-2014 |
Jim Miller <jaggies@google.com> |
Limit grantTrust() duration to DevicePolicy-imposed limit. Fixes bug 17046034 Change-Id: I5c512c2d05e7e0ed81eaf0dcafacc6f62a5c5937
rustAgentWrapper.java
|
d4efaac5d54cdb3735b032bb76a5639949f33216 |
15-Aug-2014 |
Jim Miller <jaggies@google.com> |
Update TrustAgentService API after review. Also documents timebase on related DevicePolicyManager API. Fixes bugs 16401527 and 17046034 Change-Id: I8ee6d0055ab6f52ec71630344d3232f7875d9c1d
rustAgentWrapper.java
|
4b9e324b6f59f49a8ca4bc4cd8b38a5ea005a6b2 |
20-Aug-2014 |
Adrian Roos <roosa@google.com> |
Only run TrustAgentServices for users with secure keyguards Bug: 17107213 Change-Id: Ic9e93862c722ebc529f5b2010b9cea941f569ce7
rustManagerService.java
|
9dbe190099a34c6420541a36425d8c68007bc86e |
13-Aug-2014 |
Adrian Roos <roosa@google.com> |
Trust: Insecure unlock also removes disable-trust-on-boot restriction Bug: 16485702 Change-Id: I437f619eb680fa9461a5e0d854db2d9f84dc602c
rustManagerService.java
|
2bb8bfd1e85c8359412159fde57dd5722f5be58c |
13-Aug-2014 |
Adrian Roos <roosa@google.com> |
Dismiss bouncer when onTrustInitiatedByUser fires Also modifies the SampleTrustAgent to allow testing of the feature and adds the initiatedByUser flag to the dumpsys output. Bug: 16840500 Change-Id: I4c08ddcdcbd0ab02c694a1873f73cb9a250f98d7
rustArchive.java
|
3c9a3501651aa8ad4f289e89119a6c0b4bdaf78a |
06-Aug-2014 |
Adrian Roos <roosa@google.com> |
Pass initiatedByUser to TrustListeners Bug: 16840500 Change-Id: I8d9bd8fe9a305066f33ac5c888d8a41ce219a6f1
rustAgentWrapper.java
rustManagerService.java
|
8f21158fe64eb93ff005dc1b831b282b95531023 |
29-Jul-2014 |
Adrian Roos <roosa@google.com> |
Trust: Make setEnabledFeatures asynchronous Unsynchronizes the call into app code from setEnabledFeatures, replacing it with a callback mechanism. Also makes this actually work by fixing the check in TrustManagerService to take into account whitelisting. Change-Id: I0831752cd2d3158eda9c8404a5569498f11ac2ac
rustAgentWrapper.java
rustManagerService.java
|
7861c663fd64af33ec2a4c5ad653c806dc8bd994 |
25-Jul-2014 |
Adrian Roos <roosa@google.com> |
Add setManagingTrust and expose it on lockscreen Adds a facility for trust agents to indicate if they are ready to manage trust. Also adds an indication to the lock icon on the lockscreen to show whether trust is being managed. Bug: 15518469 Bug: 16123013 Change-Id: Ie17f588aebeafe66c81dea4a69c733b0d2c72fd4
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
|
604e7558ef32098644b2f9456d7743a07ae789dc |
19-Jul-2014 |
Jim Miller <jaggies@google.com> |
Add new DevicePolicyManager API to allow fine-grained TrustAgent management This adds a new feature that allows a device admin to specify a whitelist of features that are allowed for the given admin. Change-Id: I83f853318efbcf72308532d0a997374f73fa9c10
rustAgentWrapper.java
rustManagerService.java
|
b42fe576f6f4b194866fde51175cd7062a4a435d |
25-Jul-2014 |
Adrian Roos <roosa@google.com> |
am 5de758d3: am f8a01f5f: am 6468d5c2: Merge "Restart trust agents when updated or when they are dead" into lmp-dev * commit '5de758d3868b036f5067ad9f86ee7b02331e4818': Restart trust agents when updated or when they are dead
|
c5f95cea2639b698594a85acbde6a5519941d7b1 |
24-Jul-2014 |
Adrian Roos <roosa@google.com> |
Restart trust agents when updated or when they are dead ActivityManager restarts the trust agent service for us when it gets killed automatically. This does not apply when its process crashes too often or when its package gets updated however. To catch the update case, the trust agent connection is removed as soon as the package disappears, and then readded when the new package appears. To catch the repeated crashing case, the connection is reset if it hasn't successfully connected for several minutes. Also adds a button to SampleTrustAgent to simulate a crash. Bug: 16137258 Change-Id: I1b18fc7a3025e23e25ca1623b6af658d5430a94b
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
|
979a32e4a0133e0b55210247aa776f57c17b9b9a |
19-Jul-2014 |
Jay Civelli <jcivelli@google.com> |
Fix removeListener in TrustManagerService. The removeListener method was not removing listeners. Change-Id: Icd5366f03f8fc9c3d283c7b4416b9cff3c75cc59
rustManagerService.java
|
2c12cfa1d53b586ae8a8d6aca64a4de771dc85b0 |
25-Jun-2014 |
Adrian Roos <roosa@google.com> |
Trust Agents: Add facility to request credential entry Bug: 15871777 Change-Id: I43c80151f6403ff62961aeb3dc7aafe049e18a62
rustManagerService.java
|
800631affd5eaae69855f2a0c1ba24d1e4f3acbc |
19-Jun-2014 |
Jay Civelli <jcivelli@google.com> |
Reenabling permission check for TrustAgent. Now that master is using Manchego, the permission check for TrustAgent can be reenabled. Change-Id: I3c05a97de965684bef460ab3e3289657f9542af3
rustManagerService.java
|
abc40bbeeb9d8a183b296a7c7ac3a0c55ed8c636 |
11-Jun-2014 |
Jay Civelli <jcivelli@google.com> |
Temporary removing the Trust Agent permission change. Removing the permission check for Trust Agents, until the GMS core prebuilt has that permission. BUG: 15546358 Change-Id: Id42d3820d8d772b7788ea1f7431944bf13d4cc92
rustManagerService.java
|
b4df2f586ad7b5a0387489401de0c83203610ba9 |
04-Jun-2014 |
Adrian Roos <roosa@google.com> |
am b2302d43: Merge "Ensure trust agents are only provided by platform packages" into lmp-preview-dev * commit 'b2302d437fd636d9973f466062cfad145cdd042d': Ensure trust agents are only provided by platform packages
|
18ea893a2319e2a192188d2288bb881149c9b06e |
28-May-2014 |
Adrian Roos <roosa@google.com> |
Ensure trust agents are only provided by platform packages Prevents the TrustManagerService from binding to any non-platform trust agents and updates the SampleTrustAgent to use the new permission. Bug: 15287044 Change-Id: I38c3deebd5ad359075e68f52d19417bab5ab43db
rustManagerService.java
|
b9fc22029f766e5b5a19d5615b5d64f163476b20 |
28-May-2014 |
Adrian Roos <roosa@google.com> |
am 9fb0925e: Merge "Add and improve logged TrustAgent connection events" into lmp-preview-dev * commit '9fb0925e0ea64ac6124cc0c843db05155cc4ea64': Add and improve logged TrustAgent connection events
|
7d59b4f981e24a4a446522e9b8d3d6a7115c1459 |
27-May-2014 |
Adrian Roos <roosa@google.com> |
Add and improve logged TrustAgent connection events Adds events for when a TrustAgentService gets connected or is stopped. Also explicitly revokes trust when a trust agent gets disconnected, such that it shows up in dumpsys. Bug: 15281644 Change-Id: I5875a34da923345683279c1f755d43454ff6318d
rustAgentWrapper.java
rustArchive.java
|
995757e330237813a62e8d163a243e98984fc535 |
22-May-2014 |
Adrian Roos <roosa@google.com> |
Merge "Remove dead TrustListeners"
|
7a4f3d448b17b4bea190c906d7ecc7f8bec9ff80 |
02-May-2014 |
Adrian Roos <roosa@google.com> |
Add dumpsys facility and a history to TrustManagerService TrustManagerService now keeps track of all events that influence its state and reports them when it is dumped or a bugreport is collected. Bug: 15079129 Change-Id: Iac13de8a848d2b12c8d06168a6969f55b264144a
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
|
a4ba56ba879b83e2866c31b4eb395d38302a1769 |
20-May-2014 |
Adrian Roos <roosa@google.com> |
Remove dead TrustListeners Follow-up to I972a9134aed18fc160c919eac93e9d488b5691f1 Bug: 15092272 Change-Id: I46d718edcbad0e46416263dd21507fa8abeb8d7b
rustManagerService.java
|
577b6f6ae4c41ee5a5b79a82962f38df395e8752 |
20-May-2014 |
Jim Miller <jaggies@google.com> |
Fix infinite loop in TrustManagerService exception handler. Fixes bug 15092272 Change-Id: I972a9134aed18fc160c919eac93e9d488b5691f1
rustManagerService.java
|
7046bfd054b67fd3cfe8f462f7b9ea126652610f |
16-May-2014 |
Adrian Roos <roosa@google.com> |
Trust Agents: Withhold trust until user has authenticated Bug: 14229695 Change-Id: I40d9fa442aa05437c20081c007ed64f984042418
rustManagerService.java
|
ca36b95bd3e0cc8b6f1685bd57a09419db756b91 |
16-May-2014 |
Adrian Roos <roosa@google.com> |
Trust Agents: Implement DPM override Disable trust agents when a device policy disabling them is in effect. Bug: 14619289 Change-Id: I0920a17021cbf045d2362735df49ef4d013fcc7f
rustManagerService.java
|
7e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1 |
16-May-2014 |
Adrian Roos <roosa@google.com> |
Apply revised TrustAgent API Bug: 14997466 Change-Id: I81042e058a20f28603a11471882f3dcfc4f8b13c
rustAgentWrapper.java
rustManagerService.java
|
a5956424b817fbe3d20a22b994a693f0011cc632 |
30-Apr-2014 |
Adrian Roos <roosa@google.com> |
Fix broken trust agent reloading v2 Bug: 13723878 Change-Id: I61f313bfc7ff0dc502551b54d580a7ce8694f04d
rustManagerService.java
|
81e046645def5ded2cc72740b251df0ebe40334c |
30-Apr-2014 |
Adrian Roos <roosa@google.com> |
Fix broken trust agent reloading Bug: 13723878 Change-Id: I2f7f3fad5685e5e57dcddf2f2c3494bb95e38b15
rustManagerService.java
|
82142c21dd333307682d5f4bb09de3ab3ccfa06c |
27-Mar-2014 |
Adrian Roos <roosa@google.com> |
Define trust agent framework components Adds the TrustManager system service that allows registering for changes to the trust status and reporting events that are important to trust agents. Bug: 13723878 Change-Id: I7d0d2ea86fd755702d31aa5d49cac038a6cd4301
rustAgentWrapper.java
rustManagerService.java
|