09c529a9bc85bfd0d50b65f447472ad064eac16c |
|
01-May-2017 |
Makoto Onuki <omakoto@google.com> |
Reconnect to DAService after binding is dead - When the DO/PO process crashes twice with a short interval, AM gives up and the binding will be "died". Once binding is in this state it'll never be re-connected. (Still, DO/PO can disable and re-enable their DAS to force DPMS to bind again though.) - Detect this and re-connect after one hour. - Back-off time will be exponentially increased and never reset until DPMS explicitly re-connects, which happens when: -- the device rebooted, -- the user stopped and re-started, or -- the DAS is disabled and re-enabled. Test: adb shell am instrument -e class com.android.server.am.PersistentConnectionTest -w com.android.frameworks.servicestests Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyConstantsTest -w com.android.frameworks.servicestests Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Test: cts-tradefed run cts-dev --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -l VERBOSE -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceAdminServiceDeviceOwnerTest Test: cts-tradefed run cts-dev --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -l VERBOSE -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceAdminServiceProfileOwnerTest Bug 37711907 Change-Id: Ie0b227a94e6ce85d72a969a4dea1020baf734e2f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5bb8294f926dcaf4a7288ba4457d84d57bb4ab53 |
|
29-Apr-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add managed profile whitelist to control NotificationListenerServices" into oc-dev
|
2c20a0f8852f0d0d179614fbcb86be06833cd2aa |
|
28-Apr-2017 |
Andrew Scull <ascull@google.com> |
Merge "Expand abbreviation in constant identifier." into oc-dev
|
17e1b5da53d508c3eccc9a6be276f0b6dacfc246 |
|
25-Apr-2017 |
Andrew Scull <ascull@google.com> |
Expand abbreviation in constant identifier. The abbreviation is not in common use. Also remove FBE from documentation as it also isn't used elsewhere. Test: Build success Bug: 37621349 Change-Id: Icf19be5e96e71dcd45aa7cac8f58b05b6d77d02b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4f4f6f83c20162814e95e9ca0654eee89a818bde |
|
28-Mar-2017 |
Pavel Grafov <pgrafov@google.com> |
Introduce DISALLOW_BLUETOOTH_SHARING. When this restriction is enforced Bluetooth sharing option should not be present when the user tries to share something. Previously this was handled by explicitly disabling bluetooth sharing activity during managed provisioning, now this code is to be removed (see topic CLs) and the same behavior should be achieved by setting this restriction for profile owners by default. In Bluetooth: 1) Don't check restrictions on boot, it is invoked anyway through the listener during boot. 2) Ignore when the restriction is "changed" from true to true - i think it was the initial intent in that condition. 3) Disable the component for a particular user and not always the system user. This is something that has to be fixed in O I think since currently in secondary user the bluetooth itself gets disabled but the sharing thing still shows up. In DPMS: 1) Now ActiveAdmin for PO also contains a set of restrictions applied by default. 2) Now all ActiveAdmins for POs are loaded quite early. That shouldn't have huge impact though. Bug: 36249732 Test: run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testBluetoothSharingRestriction Test: run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testBluetoothRestriction Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java Change-Id: I78c4ffbd503c4a10138e8c0862a9f206f24c5631 Merged-in: I78c4ffbd503c4a10138e8c0862a9f206f24c5631 (cherry picked from commit 7f4ad75218bdd3f1bdf9022a146147eae032cc0c)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9c6458dd58106538e790bbc702dbc10798e1bd18 |
|
30-Mar-2017 |
Esteban Talavera <etalavera@google.com> |
Add managed profile whitelist to control NotificationListenerServices Only let notification listeners installed in the primary profile see work profile notification if allowed by policy Bug: 36657192 Test: runtest systemui-notification Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: If719151644380e9162180a24d12f798e42867c0a (cherry picked from commit 7e4cbadc6a561be62bf3b5e4c949bbb863018cc7)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
424dd39e256b880b0a18d8570daf399885a7567b |
|
27-Apr-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "setAffiliationIds and getAffiliationIds uses set instead of list" into oc-dev
|
3165743c5040fb47a32ef30ccb7ffe11275a547e |
|
25-Apr-2017 |
Tony Mak <tonymak@google.com> |
setAffiliationIds and getAffiliationIds uses set instead of list Didn't use @remove because java doesn't support two methods differs from the return type only. Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_unaffiliatedUser Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest Change-Id: Ic7c7221ef5e680a6765f028c2ab73d4c2f908c58 Fix: 37622682
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
eda0a9ae33273765afc7ec65081408f3c24c5640 |
|
25-Apr-2017 |
Tony Mak <tonymak@google.com> |
bindDeviceAdminService requires service to be proected by BIND_DEVICE_ADMIN Test: cts-tradefed cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest Fix: 37624960 Change-Id: I0df88d2a019a0c5f8f997db1efede35a20441fa8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ebb9fc309d4159d44a73be1397fd5f3aeb208e0b |
|
30-Mar-2017 |
phweiss <phweiss@google.com> |
Decrease number of network logging notifications shown Now, network logging will show one notification when it is enabled and one after the next reboot. Bug: 36254499 Test: CTS Verifier > Managed Provisioning > Device Owner Tests > Network Logging UI Change-Id: I60fc64e96ceb0ec0ae7ca832b74ac8b47e581be4 (cherry picked from commit 55dba53ed433d713a075ba0de15504a1ed42852b)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dcc792a13feeb6c79d8740c1fcb875fbeb76b4bc |
|
03-Apr-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Persistent connection to DO/PO service." into oc-dev
|
fe9a53bc45fd0124a876dc0a49680aaf86641d3e |
|
31-Mar-2017 |
Jeff Sharkey <jsharkey@android.com> |
Consistent dump() permission checking. This change introduces new methods on DumpUtils that can check if the caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all existing dump() methods to use these checks so that we emit consistent error messages. Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest Bug: 32806790 Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fc73d799e95f512628da326b0e69ea314f92a5aa |
|
22-Mar-2017 |
Makoto Onuki <omakoto@google.com> |
Persistent connection to DO/PO service. Test: Manual test with customize API tests; CTS coming. Change-Id: I1d7eaa4b1fdd20726c1832c736d32f934c6a82f9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
282cfefea0fbbd299839e353e6d30affdcd4a55c |
|
27-Mar-2017 |
Chris Wren <cwren@android.com> |
standardize system notification IDs All the trivial cases, plus some fixes to try to mitigate collisions with the complex ones. Complex services to follow in another CL, Bug: 32584866 Test: make framework services Change-Id: Ie9663600171d8ede11676e9d66f009dbb06def03
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0ec0000c225370375c9813c95651d55ee753e600 |
|
24-Mar-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Allow system UID to call isSecurityLoggingEnabled() This CL allows code running under the system UID to call isSecurityLoggingEnabled(), so that Settings can find out whether logging is on or off. Bug: 36584321 Test: m RunSettingsRoboTests Change-Id: Icf8b7d6cef0f4e23f57bcf0498ffdcf124d16d38
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
74cb00696e27924de4fc7052a90aa2348b536b2d |
|
21-Mar-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Exfiltrate cert code from DevicePolicyManager"
|
c8aeef6ae6469c1db5e7a67eb2e968d29c84e908 |
|
20-Mar-2017 |
Edman Anjos <edmanp@google.com> |
Remove leftover DO/PO check in isPackageSuspended We already check if the caller is a DO, PO, or a delegate in enforceCanManageScope, the additional call to getActiveAdminForCallerLocked makes this function inaccessible to delegate applications and was removed. Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation Change-Id: I5df0f19a017a3b6e130329940c79b12cbb95ec9e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
088d7aa9c1e9b73ea9dce1616b4958f0c41ca05e |
|
17-Mar-2017 |
Robin Lee <rgl@google.com> |
Exfiltrate cert code from DevicePolicyManager The intent is for this not to cause any behaviour changes, just to make it easier to see what is going on with the code. Permissions are checked in DevicePolicyManagerService. All calls to CertificateMonitor are privileged. Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: I98224087315a62234732f08b53fe91884be86386
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e5b9d366c1bfc3a7e575ea2211570a32dae695b2 |
|
17-Mar-2017 |
phweiss <phweiss@google.com> |
Finalize Strings and Icon for Network Logging Notification Replace network logging icon with generic info icon as the network logging icon will be deprecated. Bug: 36254499 Test: CtsVerifier > Managed Provisioning0 > Device Owner Tests > Network Logging UI Change-Id: I648f160c09761a007948491f5b4ca772beddad70
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b64daad73365f181f4c4bacf379c779e7e95bbf3 |
|
13-Mar-2017 |
Chad Brubaker <cbrubaker@google.com> |
Explicitly disallow Instant App admins Instant Apps have no business being device admins, reject any attempt to install one as an admin. Bug: 33387067 Test: None currently -- Instant apps already cannot request becoming device admin. Change-Id: Ia1daaff659990ff25f16e8cbad240747b67242e2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
172f7801c7376a33d7cfe07c8cb4525d14db0c8f |
|
06-Mar-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Rename DPM.isDefaultInputMethodSetByOwner() Settings.Secure.DEFAULT_INPUT_METHOD is a misnomer. It does not really record a permanent default of any sort - it just indicates the currently chosen IME. Thus, isDefaultInputMethodSetByOwner() should more appropriately be called isCurrentInputMethodSetByOwner(). Furthermore, it turns out that setting a different IME for a user and the user's work profile is unsupported. Thus, it is sufficient for the intended use case to just retrieve the calling user's default IME. There is no need for a |user| parameter. Bug: 32692748 Test: unit tests (see DevicePolicyManagerTest.java for invocation) Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: Ia0846d38a1361042429dae7430a8b055575ef2e0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
05dc9f764c9d399add8b7495e680f66d098c55eb |
|
22-Feb-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add API for checking which CA certs were installed by the DO/PO With this API, the system can determine whether a CA cert was installed by the user or the user's DO/PO. Bug: 32692748 Test: unit tests (see DevicePolicyManagerTest.java for invocation) Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: I3bcae5ac18ec2b110154184fc515df804fd73da6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
af759c52ce01fe6b5144957e38da956af01a217b |
|
15-Feb-2017 |
Geoffrey Pitsch <gpitsch@google.com> |
Channels for Frameworks notifications Adapts all notifications used by system services to use channels. Channels are initialized by SystemServer after the NotificationService has started. Test: runtest systemui-notification Change-Id: I25c45293b786adb57787aeab4c2613c9d7c89dab
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a7aaae881cb3168641e3117a0de6db15b63b5a44 |
|
28-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Delete ParcelableString, add StringParceledListSlice"
|
3814d5d021981671de6912999488adb15d8e1b0a |
|
28-Feb-2017 |
Edman Anjos <edmanp@google.com> |
Merge "Fix is installed check condition in DevicePolicyManagerService"
|
abaa0695c5361b36a7a2cdbe87c77bf60be20af7 |
|
20-Feb-2017 |
Robin Lee <rgl@google.com> |
Delete ParcelableString, add StringParceledListSlice Both inherit from package private BaseParceledListSlice. This is still bad, but it's not as bad. The existing code that uses this can just do Foo.bar().getList() now instead of having to marshal to and from an oddball type at either end as well. In the longer term ParceledListSlice<> should be eliminated, but it's not clear how far into the future that is going to happen. Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: runtest -x core/tests/coretests/src/android/content/pm/ParceledListSliceTest.java Change-Id: Ie69b96b5215d6e04990f6d31345772cdfee21d78
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8732003f6918f725a115fdbc04aa6858d1a82337 |
|
27-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Make IKeyChainAliasCallback oneway"
|
3e7cf168a547982676f18d3308b83381abc95f06 |
|
25-Feb-2017 |
Robin Lee <rgl@google.com> |
Make IKeyChainAliasCallback oneway So it can be sent from devicepolicymanager (system_server) to keychain (a system_app) without waiting on the response and having to do everything in a background thread. Side-effect: the regular keychain => app callback is slightly more efficient now too. in case anyone particularly needs blazing fast private key user selections. Fix: 35675253 Test: cts-tradefed run cts --abi=arm64-v8a --skip-device-info --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement' </dev/null 2>&1 Change-Id: I6e9d96ca3c42e6489d879d8cfb0507eb94838bf1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ab6798951a12b55c309975dd9fe6eeb2de926420 |
|
24-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix broken RestrictedLockUtils KeyGuard APIs"
|
0423b8f72f69da200eab2efee6ca897dfabede31 |
|
24-Feb-2017 |
Edman Anjos <edmanp@google.com> |
Fix is installed check condition in DevicePolicyManagerService DPMS#setDelegatedScopes generally enforces the delegate is installed in the device, but this check should be skipped on DELEGATION_CERT_INSTALL scopes on pre-N. Additionally the check is also skipped when clearing up delegations on pre-N. The check was extracted to a separate function for clarity. Bug: 35234284 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.ProfileOwnerTestApi23#testDelegatedCertInstaller Change-Id: Ib723b58243f901af907e368017b1ae0bb101360d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
acdeac6809f4cb6c96f47b6cdf72572c9969c6eb |
|
21-Feb-2017 |
Robin Lee <rgl@google.com> |
Fix broken RestrictedLockUtils KeyGuard APIs They were all broken in that they returned profile admins for parent queries even when they clearly shouldn't. Examples: - disable unredacted notifications - disable fingerprint This doesn't seem to have been tested beyond the bare basics of one user with one device admin. Added some reasonable coverage. It could still do with more. Test: make RunSettingsLibRoboTests Bug: 34929375 Change-Id: I1b0e986056ffa62d47091c0010977ac810ebd690
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0b1356ff1f3cd2fd06d770af1ad466822173cc3a |
|
21-Feb-2017 |
Suprabh Shukla <suprabh@google.com> |
Fix 'Modifying dpm.setSecureSetting call for install_non_market_apps' The previous change was reverted as it broke work profile provisioning. Clearing binder calling identity before calling into settings provider should fix the issue. Test: runtest managed-provisioning Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: Manually tested that work profile is inflated with expected values of install_non_market_apps Bug: 33947615 Bug: 35590590 Change-Id: I3c31a73fef0c25c0e682e18f637272adad39b28d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5663e051099cdf442bc3316a88e1a7600c58aaaa |
|
20-Feb-2017 |
Victor Chang <vichang@google.com> |
Revert "Modifying dpm.setSecureSetting call for install_non_market_apps" This reverts commit 2e7d6d64b9b16ea27634bc0e8843717a465142b4. Bug: 35590590 Fix: 35590106 Test: runtest managed-provisioning Test: manual verified that work profile can be inflated Change-Id: Ie780b94053e65bca2f96b32055937c0c9e8beae8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e453d8e7629c422ab8982a871e5799fa5e8cff90 |
|
18-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Removing unnecessary call to ArraySet#toArray"
|
3dea1c7972ba350716b2f9b95de95ed4b2f3ea90 |
|
18-Feb-2017 |
Suprabh Shukla <suprabh@google.com> |
Removing unnecessary call to ArraySet#toArray Iterating over ArraySet using iterators is still more efficient than first calling ArraySet#toArray and then iterating over the array. Test: Minor optimization. make and existing tests should suffice. Change-Id: Ifc282bfca98cf89b047dddddd78a6de020f27381
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dd903d4f0ee4cebcef03e54f5b07f4bcc14c5dbc |
|
18-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Modifying dpm.setSecureSetting call for install_non_market_apps"
|
2e7d6d64b9b16ea27634bc0e8843717a465142b4 |
|
10-Feb-2017 |
Suprabh Shukla <suprabh@google.com> |
Modifying dpm.setSecureSetting call for install_non_market_apps Starting from O, install_non_market_apps is deprecated and will not be checked by the package installer. Device admin apps should be using the user restriction instead. Since on managed profiles, the default value blocked install from unknown sources, the system will set the user restriction on behalf of the profile owners (if the profile has one). For non-managed profiles, the user had access to the settings to change the value of install_non_market_apps. So going forward, any request to change it's value by dpm#setSecureSetting in such users is going to be ignored. Test: Manually tested that: 1. For a profile with PO, when install_non_market_apps was set to 0, user restriction is set on upgrade 2. For a profile with PO, when install_non_market_apps was set to 1, user restriction is not set on upgrade 3. After upgrade, newly created managed profiles with PO have user restriction set Bug: 33947615 Change-Id: I063e9ee608b52086ffdf8ed2b24e2928574c58cd
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8c9a6b0089ff712df4e06454ade1443b77a4a9f4 |
|
17-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Revert "Revert "Per user setting for instant app"""
|
a4f3891d28054027cccbb1f34436046cf2b59d44 |
|
17-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Mark clearDeviceOwnerApp/clearProfileOwner as deprecated"
|
4f7e1fc9af698e08576c9beadef872f5c4ea04a8 |
|
17-Feb-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Merge "Add API for checking whether the default IME was set by the DO/PO"
|
939ccc3854d841e4aa1fc33017d49a2446315ca6 |
|
16-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Clear DISALLOW_ADD_USER in clearDeviceOwner for all cases"
|
be0b8896d1bc385d4c8fb54c21929745935dcbea |
|
15-Feb-2017 |
Todd Kennedy <toddke@google.com> |
Revert "Revert "Per user setting for instant app"" This reverts commit be9ffa15af9e1906e9ffb505768328d62d4a3793. Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest Change-Id: Ib21321cf157a79890de487060a093840f7182047
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
348f696d33ffc188459e6318c65c8f9058f8d974 |
|
30-Jan-2017 |
Victor Chang <vichang@google.com> |
Clear DISALLOW_ADD_USER in clearDeviceOwner for all cases We are not moving the restriction from system to the DO in the end. clearDeviceOwnerUserRestrictionLocked becomes the permanent solution for DeviceOwner CTS. Looks like no one setting DISALLOW_ADD_USER directly in UserManager except DO/PO, and so remove it when DO is clear Change-Id: I235bebebd02b5e0d9883eea6dd3a4e49b40fe043 Fix: 33476323 Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a5b0963c0c49e379912239755caee2fe5b873353 |
|
10-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Mark clearDeviceOwnerApp/clearProfileOwner as deprecated Bug: 33175679 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I05e10638d838ccf8dc67b7a01b3ffeb7cbea8500
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
aff5e9c21c28f21f7a3688d84e747727cf17f382 |
|
25-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add API for checking whether the default IME was set by the DO/PO With this API, the system can determine whether a user's default IME was set by the user or the user's DO/PO. Bug: 32692748 Test: DPMS unit tests and CTS CtsDevicePolicyManagerTestCases Change-Id: Ibd703ff5c9e4c072599ad8d6023c94a97d728109
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
824b073fbeee57154316c1e60d211e8e9ab54ac6 |
|
16-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Add escrow token API in DevicePolicyManager."
|
626ffb455650e334fff3fe407a31aa0fa437fdf2 |
|
15-Feb-2017 |
Guang Zhu <guangzhu@google.com> |
Merge "Revert "Per user setting for instant app""
|
be9ffa15af9e1906e9ffb505768328d62d4a3793 |
|
15-Feb-2017 |
Guang Zhu <guangzhu@google.com> |
Revert "Per user setting for instant app" Bug: 35390781 This reverts commit 2f5811dcfd840e149851a9333e27ef3cdddf7a46. Change-Id: Ibb1c8dacbdc6908fc7fa2bc5dca664f2455162bf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
aab7a4146ccd14f94ac87f4c52895f1bb5d37645 |
|
30-Dec-2016 |
Rubin Xu <rubinxu@google.com> |
Add escrow token API in DevicePolicyManager. Take advantage of the new authentication flow in LockSettingsService and allow PO or DO to provision escrow tokens on the device. The escrow token grants them the ability to change device lockscreen (if used by DO) or work profile challenge (if used by PO). The new password reset mechanism is even usable before user unlocks, and it preserves authentication-bound keys in keystore. Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testResetPasswordWithToken Bug: 33126620 Change-Id: Iaa684c51946f726cbd909e9ac70ad3e9ca3de1ac
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bf92b812dbe1c762ff2381ca4ba14290a5ece8b8 |
|
15-Feb-2017 |
Todd Kennedy <toddke@google.com> |
Merge "Per user setting for instant app"
|
2f5811dcfd840e149851a9333e27ef3cdddf7a46 |
|
30-Jan-2017 |
Todd Kennedy <toddke@google.com> |
Per user setting for instant app The same application can run as either an instant app or an installed app. Store this setting per-user instead of based upon the install location. Bug: 25119046 Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest Change-Id: Iff565bb1ac10d631499f0bd0f69b401cb073c10e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f5e107140d9f9dd0b0b5d5068f8a89bcadd53dd5 |
|
14-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Flush addPersistentPreferredActivity setting in DPMS"
|
723eac769eab985e052275f9e8ac4bc1965fed9f |
|
14-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Use DevicePolicyData#mUserSetupComplete for DPM's isDeviceProvisioned."
|
288639860a8ab05cc7d09d3dc21b4224b3a832db |
|
13-Feb-2017 |
Tony Mak <tonymak@google.com> |
Flush addPersistentPreferredActivity setting in DPMS To fix the glitch that "kiosk mode" does not persist if device is rebooted within 10s after addPersistentPreferredActivity is called. Test: Manual Test 1. Using TestDPC to start kisok mode, reboot right away. Observed that TestDPC is launched in kiosk mode. 2. Stop the kiosk mode, reboot without 10s. Kisok mode is stopped. Fix: 28169791 Change-Id: I555fc18efe86380f2e028b698c2bdb01017bf9f5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a10b057bb869ca7c99938053ca5fe60029555b3b |
|
14-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "MonitoringCertTask no longer relies on software.device_admin"
|
5108f1efa6e4db4fac3b83047917f35192488d11 |
|
14-Feb-2017 |
Lenka Trochtova <ltrochtova@google.com> |
Use DevicePolicyData#mUserSetupComplete for DPM's isDeviceProvisioned. DevicePolicyData#mUserSetupComplete on user 0 us a more accurate and reliable indicator of whether the device has been provisioned than the currently used 'ro.device_owner' property. Test: gts-tradefed run gts -m GtsGmscoreHostTestCases --test com.google.android.gts.devicepolicy.DevicePolicyManagerTest BUG: 29935702 Change-Id: Iec62f2aebe865ac0ee69c2cc7177333ce5450474
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7f5c91c6bce6a8ff2414549219a321a98a98ab31 |
|
08-Feb-2017 |
Robin Lee <rgl@google.com> |
MonitoringCertTask no longer relies on software.device_admin Added a test to validate that it still works the way it should before and after the change. Bug: 33258404 Bug: 35196414 Fix: 35129745 Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: also manual, instructions: Test: (1) Disable software.device_admin from tablet_core_hardware, rebuild. Test: (2) Install CA cert. Notification should appear. Test: (3) Reboot. Notification should still be there. Change-Id: Id992725c1844a2fffbde4d8acaba531e99f853ad
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
33a119c94fbef9a185b82204fc58292e08c3d33d |
|
13-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix typo on DISALLOW_UNMUTE_DEVICE"
|
492b4724fb42adf29f3978f01ebc5238f893d194 |
|
13-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Fix typo on DISALLOW_UNMUTE_DEVICE Test: Builds sucessfully. Cannot find other usages in code search Change-Id: I83f85b4715b11630b0ce0b471be536aef46a2936
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
150a584aee758ccb23844115f9936035d7971bee |
|
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Allow any device with a device_owner to execute setDeviceOwnerSystemPropertyLocked(). am: 735b4dc0af am: d78a0d21cb am: 82a3793269 Change-Id: I3f7fe9ba2c572eb0dda23386a62c50f58a6a08f9
|
d78a0d21cb7b845be55a7d7e917be249d606a69e |
|
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Allow any device with a device_owner to execute setDeviceOwnerSystemPropertyLocked(). am: 735b4dc0af Change-Id: I5c8ca6d0a63af83cde91c17d10a634469c726442
|
735b4dc0af2571926d4ca573377881959237a6a4 |
|
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Allow any device with a device_owner to execute setDeviceOwnerSystemPropertyLocked(). BUG: 34824902 Change-Id: I95fbe0a352c48a3fff5af57b91325901a16d3d89
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c928e9fa5343bd11d477240c119268a980cdf229 |
|
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked() am: c7b18342ea am: b6323817db am: f206de957a Change-Id: Ic1f2bd765ecc3eb7239923147a93fc4afa6eb70c
|
f206de957a15420d25eefdca656ee9a0528dd93f |
|
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked() am: c7b18342ea am: b6323817db Change-Id: I5f3b6935af32ba94fef35d8db573d75925eee434
|
66af3515dee796d8303c313ca999ee957675c310 |
|
09-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked() am: c7b18342ea Change-Id: I692fee4165de9a274d8eb8f0deaf49762974bb22
|
c7b18342eafa53a741e3e8d8cfc85f35f9416b12 |
|
08-Feb-2017 |
Greg Plesur <plesur@google.com> |
Don't check device_provisioned on Wear devices in setDeviceOwnerSystemPropertyLocked() BUG: 34824902 Change-Id: I49d4d7043829862e1abacb3f400a6690f454d6c0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b94a914c9e2446f791cf165a38dd6683c4251f0a |
|
08-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Small tweaks in LockSettingsService"
|
84e706fb9b1cd6e3c7e6a4cd97bee6f22732b288 |
|
07-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Merge "Unhide getLockTaskPackages"
|
f810cc9a5b0f8f295cb53e31b4ba974a1598e233 |
|
07-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix uri permission grant on remote bug report uri"
|
bfb666da53c6ca65ab4c469fc6e2c0631aeaffc0 |
|
03-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Unhide getLockTaskPackages getLockTaskPackages is currently hidden, and can only be called by a device or profile owner, which doesn't make much sense. Unhidding it to be consistent with the rest of the DevicePolicyManager APIs that have a getter for each setter. Bug: 34614754 Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_affiliatedSecondaryUser Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_unaffiliatedUser Test: Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_deviceOwnerUser Change-Id: I6e03c2f47c0f9e7a635e798a1bf7f131a8e37c65
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7226c7dc9fd85bdd1639632b0e5761526fdcba30 |
|
06-Feb-2017 |
Rubin Xu <rubinxu@google.com> |
Fix uri permission grant on remote bug report uri System server is no longer allowed to grant uri permission directly. As a result we use grantUriPermissionFromIntent() to grant permission from the shell UID, who is the owner of the bug report content. Also fix a security bug where the broadcast to notify user consent of remote bug report mismatches the <protected-broadcast> definition, causing it to be sendable by anyone. Bug: 34159108 Test: manual - Install TestDPC and request bugreport, try accept and decline once the report is ready (Bullhead). Change-Id: I66e3f2a16d4547549f09d3c96d52aed2330caedf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4d600d150f60249995c2212cff5acc9d11cbfc80 |
|
06-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Clear affiliation ids and lock task packages when clearing DO/PO"
|
a7bd04e89271fe0bce7bb5136bc8df0466827c6c |
|
02-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Clear affiliation ids and lock task packages when clearing DO/PO Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I38eea34cff82766c7e3b8cd79dd9757a212bb451
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a55b168b5d5a0584b2411793f870a7849c5014f1 |
|
31-Jan-2017 |
Rubin Xu <rubinxu@google.com> |
Small tweaks in LockSettingsService Paves way for synthetic password flow: Two notable changes: 1. when unify/un-unify work challenges, provide the old work profile password. 2. when clearing lock, supply old credentials. Test: Unit test to be added in a follow up CL. Bug: 33126414 Change-Id: I2a9553c5e7cc701338436e99e5a1289cebd1eda9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f1e276384dddcef7c28080c88696707b4a52442f |
|
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc am: 01f971dcdc am: 963cba5b5b Change-Id: I3a1421f656d1a90970eac6156e0840625662fb17
|
963cba5b5b1feea9d66239df6e86fa21c32fd6fd |
|
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc am: 01f971dcdc Change-Id: If5f5e5d47b97e2b8480adc5ca2cb08702056ca87
|
01f971dcdc836b487e31ff064143a4593afa149b |
|
02-Feb-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am: 2317451acc Change-Id: Id3441141d4feea4c7291350c9670bd59ec017240
|
bdcada976298716b9fb566fd6264e31098df4391 |
|
01-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Affiliated profile owners can set lock task packages Mentioned that in the documentation, cleaned up the code a bit and added unit tests Bug: 34614754 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I91232bbe494398015094ab977c6a2adce339811f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2317451acc84174cbe30d1899428d1b2953a4363 |
|
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
DO NOT MERGE Do not call RecoverySystem with DPMS lock held Note DPM.wipeData() on a secondary user is now blocking, just like it's been always blocking on the primary user. Test: Manually tested wipeData() with ApiDemos, both on 1) the primary user, 2) a secondary user and 3) work profile. Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug 30681079 Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838 Merged-in: Ia832bed0f22396998d6307ab46e262dae9463838 (cherry picked from commit efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9e62c3111e6d32008332689066cc96e924868180 |
|
26-Jan-2017 |
Edman Anjos <edmanp@google.com> |
Update in DPM delegation documentation. Add note on DPM#setDelegatedScopes documentation regarding the broadcast sent to the delegate package to notify its new scopes; and change the admin ComponentName annotation to @Nullable in DPM#getDelegatedScopes. Bug: 33099995 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation Change-Id: I28fe3a631c05a9e6b8dae766ce6c42881f2e3a00
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a5ec280b4a684a5298279a0c303b85e47cd8763e |
|
26-Jan-2017 |
Edman Anjos <edmanp@google.com> |
Fix delegation broadcast to send an ArrayList<String> extra. Change DPMS to call Intent#putStringArrayListExtra to ensure the extra is sent as an array list of strings. Bug: 33099995 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation Change-Id: I1466fb457e34adbfb7704320c021210c1569f55f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b3231029b5642474264b3d574fb7d5b68b0bfc57 |
|
30-Jan-2017 |
Esteban Talavera <etalavera@google.com> |
Merge "Profile owners on a user can communicate with device owners"
|
efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee |
|
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
Do not call RecoverySystem with DPMS lock held Note DPM.wipeData() on a secondary user is now blocking, just like it's been always blocking on the primary user. Test: Manually tested wipeData() with ApiDemos, both on 1) the primary user, 2) a secondary user and 3) work profile. Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug 30681079 Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838 Merged-in: Ib97a92a6af87a5589d2643b9ae0522395735e1a5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
695417c25275a555d2775d46d2dcb8f9210e7cbe |
|
27-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix DPM.getPermissionGrantState()"
|
2dbf9ae67a972e83f248eab06c583ff988da7422 |
|
27-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Fix DPM.getPermissionGrantState() The recent addition of DPM API access delegation introduced a bug in this method. When a system app (UID 1000) called the method, it would crash. Bug: 34760123 Test: DPM unit tests Change-Id: I69390ca30270d64a4d28a74c13a7679f14a62959
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2f897917fd47c07c11900daf1df75c45154aaff7 |
|
26-Jan-2017 |
Esteban Talavera <etalavera@google.com> |
Profile owners on a user can communicate with device owners Allow device owners and profile owners on a user to communicate with each other, rather than restricting it to device owners and managed profile owners as it is at the moment Bug: 34429083 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Test: cts-tradefed run cts -a armeabi-v7a --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest Change-Id: I81561a9838c3ccb623354a1b718da2fc6a5af1fe
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f32925405368ca5bbddf86436835c6c238b3b4ba |
|
26-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Change batch finalization timeout mechanism from Handler#sendMessageDelayed() to a wakeful alarm"
|
1710e5f0794466cdd293e8fd883dc4b8ea0491b7 |
|
25-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Change batch finalization timeout mechanism from Handler#sendMessageDelayed() to a wakeful alarm Messages sent with Handler#sendMessageDelayed() didn't get delivered until the device woke up after being idle, which resulted in potentially very long windows of logs accumulation and highly possible network log loss from before the device becaming idle. Bug: 34157435 Test: manual with decreased timeout over a few timeout iterations Change-Id: I22d9cc743acb1a478d2da5407c5718e7f95e89cb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9a2e4207d79dd4568c0f90dee6c775f598e24d95 |
|
25-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
Change batch finalization timeout mechanism from Handler#sendMessageDelayed() to a wakeful alarm Messages sent with Handler#sendMessageDelayed() didn't get delivered until the device woke up after being idle, which resulted in potentially very long windows of logs accumulation and highly possible network log loss from before the device becaming idle. Bug: 34157435 Test: manual with decreased timeout over a few timeout iterations Change-Id: I50b29b9f132856a629e28f46c022f21976bd92fb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
73145f4e60b874a408d26842d1cfc9c9506bfd9a |
|
17-Jan-2017 |
phweiss <phweiss@google.com> |
Create public API for policy transparency outside of Settings The new DPM.createAdminSupportIntent() returns an intent that shows the "This action was disabled by your admin"-dialog from settings. This enables apps to inform the user about the cause of restricted functionality. A new extra for the intent allows to specialize the dialog for different restricted features, instead of a generic message for all features. Bug: 31215663 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I3de7aeec0f88b8f013a63957aec803cd123fbedc
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
452efaac32a9c0d73abae1b9f0bbe5b1e99440d8 |
|
25-Jan-2017 |
Edman Anjos <edmanp@google.com> |
Merge changes I50d2903e,Ieb347ce3 * changes: Add DPMS delegation scopes. Add block uninstall delegation in DPMS.
|
8f3b34338aca7276a45033e362776678c2adf984 |
|
25-Jan-2017 |
Esteban Talavera <etalavera@google.com> |
Merge "Wipe device or profile if max failed attempt reached"
|
52088e4859ab81f2ec23a1063c1e1ffd8f23cf3f |
|
13-Jan-2017 |
Edman Anjos <edmanp@google.com> |
Add DPMS delegation scopes. Implement the permission grant, package access, enable system app, and keep uninstalled packages delegation scope APIs in the DevicePolicyManagerService. This feature gives a device owner or profile owner the ability to delegate some of its privileges to another application. Bug: 33105287, 33105284, 33105719 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation Change-Id: I50d2903eb73ae7844ec1f6fe07e41101ea2760ea
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a5f2fb1a43aebe0481c45376812ad7d58e699647 |
|
19-Dec-2016 |
Edman Anjos <edmanp@google.com> |
Add block uninstall delegation in DPMS. Implement the uninstall blocker delegation scope API in DevicePolicyManagerSercice. This feature gives a device owner or profile owner the ability to delegate some of its privileges to another application. Bug: 33105718 Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation Change-Id: Ieb347ce3fb6219fe7f04cafbcd1e6b7359b31a10
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4877b9c29810ee3049d1712624dc6156634f776b |
|
25-Jan-2017 |
Edman Anjos <edmanp@google.com> |
Merge "Refactor DPMS Cert Installer and App Restrictions delegation."
|
954cfce18d94c30c84899b38fed4e09aaa6e601d |
|
25-Jan-2017 |
Victor Chang <vichang@google.com> |
Merge "Send DEVICE_OWNER_CHANGED to manifest receivers in background"
|
b88f42b6b1414ae8107be13c0d2f3957549ecaaf |
|
24-Jan-2017 |
Esteban Talavera <etalavera@google.com> |
Wipe device or profile if max failed attempt reached If the device or profile owner have set a max password failed attempts policy, the device or profile should be wiped even if DISALLOW_FACTORY_RESET / DISALLOW_REMOVE_USER / DISALLOW_REMOVE_MANAGED_PROFILE was set by that admin. However it should still fail if another device admin set the policy - this is in line with what wipeData() does at the moment. Bug: 34450538 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest#testWipeData Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.ManagedProfileTest#testWipeData Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testDisallowFactoryReset Change-Id: Ifac240692ce74432f7b57f3dfbbbac2a7282297b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
94666c0570aff5f545592482ffdcae55c5b763cf |
|
24-Jan-2017 |
Victor Chang <vichang@google.com> |
Send DEVICE_OWNER_CHANGED to manifest receivers in background - DEVICE_OWNER_CHANGED is an event that could happen maximum of 2 times after device factory reset. The event rarely happens, and it shouldn't affect any system health Fix: 34446573 Test: adb shell am instrument -w -e class com.android.server.devicepolicy.DevicePolicyManagerTest com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ic1af2016f590e1200bb3e56f63caa0e0b12f71f8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f994677626a6babc5121647646f17a7de85065a7 |
|
28-Nov-2016 |
Edman Anjos <edmanp@google.com> |
Refactor DPMS Cert Installer and App Restrictions delegation. The DevicePolicyManagerService currently supports delegation of certificate installation and application restriction management, both of which are individually handled by DPMS. Upcoming framework features will add four more delegation types, namely: block uninstall; app permission management; app access management; and system app enabler. At this moment it makes sense to refactor the underlying delegation system in DPMS so that current and future delegates can be handled in a more generic way. Bug: 33099995 Test: DPMS unit tests Change-Id: I9e350143572c6690febdd59d1ed5149af8ee4388
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d37c4a99b2602dd4483ca2985e63b5316e8f4f63 |
|
23-Jan-2017 |
Nicolas Prevot <nprevot@google.com> |
Allow DO to provision even if it has set disallow remove mp. If the device owner has set DISALLOW_REMOVE_MANAGED_PROFILE, and there is already a managed profile: it should be allowed to provision a new managed profile by deleting the old one. Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner BUG:34116228 Change-Id: I9e6f39924107aee40b57d22e638487a1ea3132de
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
841cb0a37f5602de1b410f558930f8e5d09e013a |
|
17-Jan-2017 |
Jason Parks <jparks@google.com> |
Allow the profile owner to enforce auto time. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I1cb04cce5d232fba668535dd391459a050d62dd7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dea0c3b654abefa488edc1e037424fbbceb759ed |
|
13-Jan-2017 |
Charles He <qiurui@google.com> |
DPM: Notify DO/PO of security updates. We add a variant of notifyPendingSystemUpdate method which takes an additional isSecurityPatch boolean flag. This information, if available, will be persisted and available to device and profile owners when they call getPendingSystemUpdate method. Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.DeviceOwnerTest#testPendingSystemUpdate Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest#testPendingSystemUpdate Bug: 33102479 Bug: 30961046 Change-Id: If3f1b765bb18a359836ac43ac9a0a9f29e9f8428
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b271f34625c6661ed1ea7ec3886d491a4970d833 |
|
19-Jan-2017 |
Pavel Grafov <pgrafov@google.com> |
Merge "Store pending OTA state and make it accessible via polling api."
|
e24743203591fde0f3b1fe7d5e250f2b21ec0b6a |
|
18-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix test DevicePolicyManagerTest#testSetRequiredStrongAuthTimeout_DeviceOwner"
|
189463286449b618633ea928de39113499a08c03 |
|
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a am: b275a205af am: ee9f03d1ed Change-Id: Ic724588cbab8d4282eeb5bc806f8c67791189a05
|
ee9f03d1ed263d975fea213453204729ec80730f |
|
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a am: b275a205af Change-Id: I01487d9c39f4e82b63961cdd43df238f2bfd2b89
|
094119df3ebc49b7158aa448fe3cc24ad4267569 |
|
18-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Merge "Allow system to retrieve permission grant state"
|
4b0624fee452138951de919bbe74003258e9bc19 |
|
16-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Allow system to retrieve permission grant state To inform the user which apps were granted permissions by the admin, the Settings app needs to access this information without being a DO/PO. Bug: 32692748 Test: FrameworksServicesTests unit test Change-Id: I3770ec6343b85be9c6f7655675ed6db5cb50612c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b275a205af6014c67a34507240ce0fc1026815b5 |
|
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: f98ed6863a Change-Id: I7f816c164548df86f9607c86772902efd0d53620
|
d084ca5fad1cef70aac9eed8d5d79fc87d6e5397 |
|
18-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
Fix test DevicePolicyManagerTest#testSetRequiredStrongAuthTimeout_DeviceOwner 1) Started returning the default value for getLong() on SystemProperties mock 2) Added a test that the minimum timeout cannot be changed using a system property on non-debuggable builds 3) Added new within range test for completeness. 4) Started using TimeUnit instead of ms constants. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Bug: 34317979 Change-Id: I0409451ae39e74ec3d96a098042302291ec3408f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f98ed6863a7f64c535a66006852a934b05d550bc |
|
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. Saving device policy managers settings to clear out password stats was happening before initializing mAdminList so could wipe active admins. Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 34277435 Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e (cherry picked from commit adbda7474cc1968b66e9948aee566dc346e71340)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
eaed75d923c132f7bb7679d3246a89eff78e6811 |
|
18-Jan-2017 |
Pavel Grafov <pgrafov@google.com> |
Merge "Make ENSURE_VERIFY_APPS global even when set by PO."
|
4228bcadb4aaa3e04d9faa3bfff8f7aa6c91fc1b |
|
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. am: adbda7474c am: 4cccc791f4 Change-Id: Ifa4c9557a3c7f505e6ced657ecd42cd0242a5ea4
|
adbda7474cc1968b66e9948aee566dc346e71340 |
|
18-Jan-2017 |
Kenny Guy <kennyguy@google.com> |
Fix issue with saving admins before finishing loading. Saving device policy managers settings to clear out password stats was happening before initializing mAdminList so could wipe active admins. Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 34277435 Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d65799ee812132bc54fd9d67d4ef9b19906b9da5 |
|
02-Dec-2016 |
Pavel Grafov <pgrafov@google.com> |
Store pending OTA state and make it accessible via polling api. Change-Id: Ieb71dfb902371a683b17561f51ba9c2c730eb37b Test: gts-tradefed run gts -a armeabi-v7a -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.DeviceOwnerTest Bug: 31000521
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6a40f09083fc52acc3309d0b04401fca02df6372 |
|
25-Oct-2016 |
Pavel Grafov <pgrafov@google.com> |
Make ENSURE_VERIFY_APPS global even when set by PO. Currently only device owner can set global user restrictions. With this CL ENSURE_VERIFY_APPS will be global no matter who enforces it, DO or PO. To make it possible for system apps to check who enforces a particular restriction in this case a new API method is added to UserManager: getUserRestrictionSources which returns a list of users who enforce the restriction. Bug:31000521 Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.UserRestrictionsTest (ag/1732744) Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java Test: installed M on a Nexus5x device, created a managed profile with some user restrictions, and checked that after upgrading M->O all restrictions are preserved and split correctly into base, global and local. Change-Id: I543d3ec9ef0cf2b730da6f7406021c0bba43b785
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ef99fb85f95a2cc17e5d41f452d4632f0ec12fb7 |
|
16-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Make device wide DO features available if all users affiliated"
|
d36dd15d9bf9f65270b9bee16d6419b96b18bd86 |
|
15-Dec-2016 |
Esteban Talavera <etalavera@google.com> |
Make device wide DO features available if all users affiliated Currently, those features are available on single user devices only (since they collect privacy sensitive data device wide). Now making them available as long as all users are affiliated. It'll take a certain amount of time between user creation and the DPC of that new user setting the appropriate affiliation ids. The DO won't be able to access the logs during that time (and won't get any "logs ready" callback). Once the affiliation ids are set, if they match, logs become available again - this includes logs collected while the user was being setup. Some logs might be lost though if the amount of data exceeds the internal limit. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Test: cts-tradefed run cts -a armeabi-v7a --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest Bug: 32326223 Change-Id: Idfe881dd6497d3ad2bead10addfd37b98b8a6e2b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
18de051c986b0871848a77d2c2dd11659af365c9 |
|
14-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Send EXTRA_USER with DevicePolicy lock broadcasts"
|
9e0642287e1f6d907356f1724272332f0db7f7af |
|
14-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Merge "Add install reason"
|
3c9b36482f0120756ddcc3b6fe5f57d3136c7902 |
|
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev am: eb35ad9969 am: 3aac3ebee1 Change-Id: Id7be6d9656b292ec1bf526750db8081022267c4a
|
3aac3ebee1079ba56afde5d149b0653c891cb5a8 |
|
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev am: eb35ad9969 Change-Id: I4fd9ce4c79db5a10f28008c89205fc9c8ef2888f
|
a34f53f61be31b7171d6cbcb12490ee143acffff |
|
11-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add install reason This CL allows a reason to be specified when installing a package. The install reason is a sticky piece of metadata: When a package is e.g. installed via enterprise policy and an update is then manually installed or sideloaded, the install reason will remain "policy." The install reason is tracked separately for each user. With this CL, two install reasons exist: "policy" and "unknown." Other install reasons will likely be supported in the future. Bug: 32692748 Bug: 33415829 Test: Tested manually with "adb install" / "adb uninstall" Change-Id: I0c9b9e1b8eb666bb6962564f6efd97e41703cd86
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
eb35ad9969a173ac4d6279a5e322e8176c2ae6d1 |
|
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev Change-Id: I97ef31536cd06495a08a3f94f81df2d1376186e0
|
ad4aa1ce7d3dd2dd8d5690eb2f7653ca3c27000e |
|
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
resolve merge conflicts of e4cefbf4fce4 to nyc-dr1-dev Change-Id: Ib536a33ba381c28397320edd516d52727e5bdacc
|
a7d158054705635422ddcef0081d99004184e471 |
|
13-Jan-2017 |
Andrew Scull <ascull@google.com> |
Merge "Save password metrics on non-FBE devices."
|
e4cefbf4fce458489b5f1bebc79dfaf566bcc5d5 |
|
02-Dec-2016 |
Andrew Scull <ascull@google.com> |
Don't save password metrics to disk. On FBE devices, don't save the metrics to disk but compute them when the password is first entered and only store them in RAM. Merged-in: 5daf273b7e3272269c53eda20ce494d0e7a365b5 Bug: 32793550 Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3e17ea13c14eb8d2b6afffaa110d86f2cede8670 |
|
12-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "[DPM] Allow lower strong auth timeout on debuggable builds"
|
7df0cb2924cd963cda2f5c82828a04c4a3987d24 |
|
12-Jan-2017 |
Andrew Scull <ascull@google.com> |
Save password metrics on non-FBE devices. DPM.setActivePasswordSufficient() can be called by a DPC before the password has been entered on non-FBE devices. The metrics must be saved so this API can work correctly. Bug: 32793550 Test: manual Change-Id: I078d0f1f98875d577aeaf25f12dc9c27e3f80658
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2df5919faadc172d71fbb1a20d1f13667a1981af |
|
14-Dec-2016 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] Allow lower strong auth timeout on debuggable builds Timeout can be set to lower than 1h on debuggable builds (eng, user-debug) using persist.sys.min_str_auth_timeo system property. This allows manual testers to more easily carry out testing scenarios. Bug: 29825955 Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000" Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a902e5c255619a21dce3733019e45bfa5359a8c5 |
|
12-Jan-2017 |
Pavel Grafov <pgrafov@google.com> |
Merge "Let profile owners also receive OTA notification."
|
19b3ecb9c865f34545f0c84454a1865692d06284 |
|
10-Nov-2016 |
Pavel Grafov <pgrafov@google.com> |
Let profile owners also receive OTA notification. Also removed the code that sends broadcast to all device admins in profile owner package since it was used for legacy provisioning of the whole package and now should be migrated by findOwnerComponentIfNecessaryLocked(). Test: gts-tradefed run gts -a armeabi-v7a -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest Change-Id: I6316df7375fd24da133c83c7930815ba909194f2 Bug:31000521
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
df7bfcfc22fd131623e081f98f2c8c0fd33655c8 |
|
10-Jan-2017 |
phweiss <phweiss@google.com> |
Add ticker text for network logging notification Set ticker text to title for accessibility. Bug:31207965 Test: manual Change-Id: I0b78f9e6464dd470b74e0db97813623b335835d9 (cherry picked from commit d4a54bbfd1902dccb0e4de03f15bfbbba50b9531)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d4a54bbfd1902dccb0e4de03f15bfbbba50b9531 |
|
10-Jan-2017 |
phweiss <phweiss@google.com> |
Add ticker text for network logging notification Set ticker text to title for accessibility. Bug:31207965 Test: manual Change-Id: I0b78f9e6464dd470b74e0db97813623b335835d9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
54402aab14deb9f21b0a9b451f80113ab9821b04 |
|
10-Jan-2017 |
Andrew Scull <ascull@google.com> |
Merge "Evict CE key on request and when work mode is turned off."
|
971236480c2a95db94b073877c8595c274d28893 |
|
09-Jan-2017 |
phweiss <phweiss@google.com> |
Dismiss network logging notification when disabling logging Bug:34116213 Bug:29748723 Test: CTSVerifier in a separate CL. Change-Id: Ie652505ff57665f626712c67837577833f1595d6 (cherry picked from commit 82ed31c1efeb98acba60d79d1fc0a291b1440dc2)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
18315230f641ab0704485465d39a31e235fc3268 |
|
10-Jan-2017 |
Philipp Weiß <phweiss@google.com> |
Merge "Dismiss network logging notification when disabling logging"
|
d2a73ed21152517097a603e03c08eafbce926c3d |
|
19-Dec-2016 |
Robin Lee <rgl@google.com> |
Send EXTRA_USER with DevicePolicy lock broadcasts DeviceAdmins inside profiles may receive broadcasts referring either to the parent profile or to themselves. We need a way to differentiate that. Same commit fixes a bug in DevicePolicyManagerTest where USER_SYSTEM is returned twice in getProfiles() when called for a managed profile of USER_SYSTEM. This does not happen in the real API. Bug: 30185351 Bug: 31001762 Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Change-Id: Iea2735357f4019b2b81b6784e7ea6aead63f2636
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
82ed31c1efeb98acba60d79d1fc0a291b1440dc2 |
|
09-Jan-2017 |
phweiss <phweiss@google.com> |
Dismiss network logging notification when disabling logging Bug:34116213 Bug:29748723 Test: CTSVerifier in a separate CL. Change-Id: Ie652505ff57665f626712c67837577833f1595d6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a755fb1030d65452eb3ed85b714c3073339a43f1 |
|
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
Do not call RecoverySystem with DPMS lock held Note DPM.wipeData() on a secondary user is now blocking, just like it's been always blocking on the primary user. Test: Manually tested wipeData() with TestDPC, both on 1) the primary user, 2) a secondary user and 3) work profile. * Modified TestDPC so it supports secondary users Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug 30681079 Change-Id: Ib97a92a6af87a5589d2643b9ae0522395735e1a5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cbfec5d4917ade60aa1c58aaafec36e30b8cc922 |
|
04-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
Follow-up to I1e4dd97 Don't check the accounts when the caller is not ADB. MR2 already has this change. Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest * without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 * Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Change-Id: I654c41d0e7434c5fce75eb2df5fd7686a54e9093
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fd24353d75adbb0237fa13d209abe6b790535b8b |
|
15-Dec-2016 |
Makoto Onuki <omakoto@google.com> |
Get account features before taking lock (cherry-pick from master) Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest * without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 * Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug: 33481725 Change-Id: Ie2fe9aea87d1a7167581f4cd74ae063ef24a4567 Merged-in: I1e4dd9701a76ca366f86fdaf2fc6c282e9dbe5c1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9bab1c4dd505903dbdd7403ea38d8b9d449e9be4 |
|
03-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
Merge "Get account features before taking lock"
|
606da7778fffcb8251808ef53903eefebc2db9a7 |
|
15-Dec-2016 |
Makoto Onuki <omakoto@google.com> |
Get account features before taking lock Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest * without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 * Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug: 33481725 Change-Id: I1e4dd9701a76ca366f86fdaf2fc6c282e9dbe5c1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f8ced7790a6815ec6a57ba53ece409df26573439 |
|
03-Jan-2017 |
Robin Lee <rgl@google.com> |
Merge "Don't check for monitoring CA certs in cryptkeeper"
|
a04a29ae02f100d61012c4834ab255ec76dc7d16 |
|
23-Dec-2016 |
Robin Lee <rgl@google.com> |
Don't check for monitoring CA certs in cryptkeeper Change-Id: I35dc031e4cd652a79174d03f6a9f02120f46abd2 Test: CtsVerifier (ca certificate test) Fix: 33454899
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
43769ddb2c348325c9d571626251a233c7ee9b7f |
|
22-Dec-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add DISALLOW_ADD_MANAGED_PROFILE to existing device owners"
|
548a04b8f894c55e0612790ee6bc222e4398f33e |
|
20-Dec-2016 |
Esteban Talavera <etalavera@google.com> |
Add DISALLOW_ADD_MANAGED_PROFILE to existing device owners For device owners set pre-O, that restriction will not be set via setDeviceOwner(). Therefore set it during first boot after O OTA. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 31952368 Change-Id: I7db9b14c49a75ae2760e6923a1f3f7cde0e2784b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
923d2cc9d9915b18a8d29e9087add48dbe820eeb |
|
14-Dec-2016 |
phweiss <phweiss@google.com> |
DO NOT MERGE Show notification when network logging is enabled A notification is shown after network logging is enabled and after the next three reboots that are at least one day apart. Clicking it sends an intent to quick settings to shown its device monitoring dialog. Cherry-picked from master. Bug: 29748723 Bug: 33126577 (cherry-picked from commit a0cb251ca6a8ea8df17ff8089573bc50f2f1849f) Test: Manual, CTS-Verifier tests will be added later Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
85a63bc1a06870b5a86926b0bce94a2bf559e3f0 |
|
24-Oct-2016 |
Andrew Scull <ascull@google.com> |
Evict CE key on request and when work mode is turned off. DPMS.lockNow takes a flag which can request the managed profile CE key to be evicted. Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction* Bug: 31000719 Change-Id: I68f4d6eed4b041c39fd13375f7f284f5d6ac33da
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cbe76a0f1e83f74648ea24a9e8bd4814f9d87c8c |
|
20-Dec-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "Show notification when network logging is enabled"
|
a0cb251ca6a8ea8df17ff8089573bc50f2f1849f |
|
14-Dec-2016 |
phweiss <phweiss@google.com> |
Show notification when network logging is enabled A notification is shown after network logging is enabled and after the next three reboots that are at least one day apart. Clicking it sends an intent to quick settings to shown its device monitoring dialog. Bug: 29748723 Bug: 33126577 Test: Manual, CTS-Verifier tests will be added later Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7cd4536e80eebb3cfb6df451560a159d2c27efd3 |
|
19-Dec-2016 |
Andrew Scull <ascull@google.com> |
Merge "Don't save the password metrics to disk."
|
01576869a3f46923d1d893866677e3bf9a00fc2b |
|
15-Dec-2016 |
Esteban Talavera <etalavera@google.com> |
Enforce DISALLOW_ADD_MANAGED_PROFILE Only the device owner should be able to create a managed profile if that restriction is set Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 31952368 Change-Id: Ia5170e54594ccba1e5bcedffaec98c2af42264c0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c94b63730584dd4dd2e1c19266d6bbe1bbf56174 |
|
24-Nov-2016 |
phweiss <phweiss@google.com> |
DO NOT MERGE Add network logging icon to Quicksettings when enabled Add the network logging icon in Quick Settings' footer if network logging is enabled, possible next to the VPN icon. Quicksettings has to be able to tell that network logging is enabled, so this CL changes DPM.isNetworkLoggingEnabled() to be callable from the device owner or from any app with the MANAGE_USERS permission. The icon is only a placeholder until the official icon is finished. CTS Verifier tests will be added when all Network logging UX changes are done. Cherry-picked from master, and then modified to work in N: I had to remove the QSFooterTest change because the testing infrastructure is not there in N. Also, I had to add DPMS.enforceDeviceOwnerOrManageUsers() to which did not exist in N before. BUG: 33126618 BUG: 29748723 Test: Manual, CTS-Verifier tests will be added in a follow-up (cherry picked from commit a4e169ed68ee57aa249e5e79fcd6bff5df46199e) Change-Id: Ib35d323605ab11f883a4b6199d1db79b9e53c49b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5daf273b7e3272269c53eda20ce494d0e7a365b5 |
|
14-Nov-2016 |
Andrew Scull <ascull@google.com> |
Don't save the password metrics to disk. Only store the metrics in RAM, computing them at first log in. Test: com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24 Bug: 32793550 Change-Id: Iaf9516c193f054331e3e2c68cb3f627bd543b408
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0a5aeecf4eb3e37770a8d4462e26192e91179179 |
|
15-Dec-2016 |
Amith Yamasani <yamasani@google.com> |
Merge "Revert "[DPM] Allow lower strong auth timeout on debuggable builds""
|
960128c9c6dd3b25889e1494baf5a403e46617bb |
|
15-Dec-2016 |
Amith Yamasani <yamasani@google.com> |
Revert "[DPM] Allow lower strong auth timeout on debuggable builds" Reverting because the length of the prop key is out of bounds. Bug: 33662416 This reverts commit 60d1feed92bcca9f437a9b323152609d8d5fc714. Change-Id: I66a3f7f18e668acbf2ddaf60ab8efa2584799906
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1548d5c43b789b6d5b3ab0929dcb55a2f12c57a9 |
|
15-Dec-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Use affiliation ids when checking bind target users."
|
67ed651dab38934ac7dd729f6fe9a503d9ebb9d1 |
|
15-Dec-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "[DPM] Allow lower strong auth timeout on debuggable builds"
|
60d1feed92bcca9f437a9b323152609d8d5fc714 |
|
14-Dec-2016 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] Allow lower strong auth timeout on debuggable builds Timeout can be set to lower than 1h on debuggable builds (eng, user-debug) using persist.sys.min_strong_auth_timeout system property. Bug: 29825955 Change-Id: I51d421c3e10625787ecfdbe011f9128cd47cb2a2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d5b036014d632c7c28f8499f39bafd4b95ac49d1 |
|
06-Dec-2016 |
Nicolas Prevot <nprevot@google.com> |
Use affiliation ids when checking bind target users. BUG:32764274 Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ic79b58dcb583b1d9eb9e7af0d1501cf8cfd0ee86
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6c9116a6430ca5cd55b1b926213a5e8de77e4fc6 |
|
24-Nov-2016 |
Esteban Talavera <etalavera@google.com> |
Create DISALLOW_{ADD,REMOVE}_MANAGED_PROFILE user restrictions Bug: 31952368 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Test: runtest -c com.android.server.pm.UserManagerTest frameworks-services Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.UserRestrictionsTest Change-Id: I240ab99c2409bbabffbc574bef202f2457026905
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
504fa62f9ec2eab7e6ec88002735940575c89f08 |
|
16-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Disable DO single user features when clearDeviceOwner() is called regardless of the amount of users Bug: 32901196 Bug: 29748723 Change-Id: Ie419b5e496e23656cbe5436942d9aba402bfe68e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5c64223da4265aef87a63f7a04dab313eb345e14 |
|
15-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE Fix disabling DO single user features when clearDeviceOwner() is called We should disable those features before the DO is actually cleared. Bug: 32901196 Bug: 29748723 (cherry picked from commit c44e67961170ddfb668372dc6e9ce6b391e3740f) Change-Id: I74679abc26753585f302f3d52bca81fe21e2e668
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
896b9db8ed14bdfa88d5dce96405361e78dee80e |
|
14-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] Minor code fixes in NetworkLoggingHandler Added a comment and renamed field to follow mConvention. Test: will be CTS tested once APIs unhidden Bug: 29748723 (cherry picked from commit aabe96db87838501d3abeb96c25a4b1c50b9c12c) Change-Id: I7ef118723d13ce1d313c3c56299c2dca2411eee6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bbf352a2c136bfeb1fa7ad751df75d3069e9fdb0 |
|
03-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] DO uses batch token to retrieve network logs, and can retrieve the same batch many times This allows DO to: a) know that some logs were dropped (by trying with token and not getting anything) b) know how many logs were there in each batch (useful especially for the dropped ones) c) retry batch retrieval if it failed Test: will be CTS tested once APIs unhidden Bug: 29748723 (cherry picked from commit a9ff206af26871695bfce54969428b8ad03e31e6) Change-Id: Iac10e61cdf3b100719a9c029ff897bd5ef5c8e2f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4c47adef60ca0326bdbe124dfdd335382e5c0787 |
|
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] Management and retrieval of network logs This CL follows up on ag/1530343 and adds: 1) Various network events. 2) Retrieval method in DPM and APIs in DeviceAdminReceiver. 3) Extension of NetworkLogger and it's NetworkLoggingHandler. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java Bug: 29748723 Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c3abd34cfed63d5b71366901d19f6d9cd8319306 |
|
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
DO NOT MERGE [DPM] DO can start network logging and listen for events This CL adds: 1) Setter and getter in DPM to manipulate logging switch (retrieval method to come in a subsequent CL(s)). 2) A way for DPM to register to listen for events. 3) Skeleton of NetworkLogger class (more to come in subsequent CL(s)). Bug: 29748723 Change-Id: I5c04662ccc6febd2ba294b0eaca1ed1da9c16e47
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9498f5a81bad3febd86b4fdb015d398cbe049a76 |
|
09-Dec-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "Add network logging icon to Quicksettings when enabled"
|
a4e169ed68ee57aa249e5e79fcd6bff5df46199e |
|
24-Nov-2016 |
phweiss <phweiss@google.com> |
Add network logging icon to Quicksettings when enabled Add the network logging icon in Quick Settings' footer if network logging is enabled, possible next to the VPN icon. Quicksettings has to be able to tell that network logging is enabled, so this CL changes DPM.isNetworkLoggingEnabled() to be callable from the device owner or from any app with the MANAGE_USERS permission. The icon is only a placeholder until the official icon is finished. CTS Verifier tests will be added when all Network logging UX changes are done. BUG: 33126618 BUG: 29748723 Test: runtest --path frameworks/base/packages/SystemUI/tests Change-Id: Ib35d323605ab11f883a4b6199d1db79b9e53c49b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3c41744b8cab0eb540dee45a7f986bf25d78188e |
|
08-Dec-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Clear DISALLOW_ADD_USER user restriction when dpm remove-active-admin is called from shell"
|
d9758e7479a3d398bc8fcf80846153cf72d61fb6 |
|
07-Dec-2016 |
Victor Chang <vichang@google.com> |
Clear DISALLOW_ADD_USER user restriction when dpm remove-active-admin is called from shell - Make the CTS hermetic and not adding new restriction after CTS test - DeviceOwner can't clear this user restriction in CTS, as it's set by ManagedProvisioning - It can be only clear when testOnly DPC becomes deviceOwner, and being removed by remove-active-admin in shell Bug:31856203 Test: build successfully Change-Id: I75b91629ef09c54e9dbe7253df6a52894a938e83
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
abf86385f8ba14d4f4789df59adec619a682b238 |
|
06-Dec-2016 |
Mahaver Chopra <mahaver@google.com> |
Merge "Return error code from isProvisioningAllowed"
|
849fd6f58e92476af3e3eeb802e71fddf372d6f2 |
|
03-Nov-2016 |
Mahaver Chopra <mahaver@google.com> |
Return error code from isProvisioningAllowed Added hidden pre condition codes for PO and DO provsioning. Added hidden api checkProvisioningPreCondition, which returns codes instead of boolean. Managed provisioning can use this to show useful debug information and user facing error dialogs. Test: All DevicePolicyManagerTest pass Bug: 27467633 Change-Id: I7d2a79921bc3ac2e12d506629a35563fc7ff62bf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f81df2d5e52e50fe7197135baf5cabcabdba4628 |
|
01-Dec-2016 |
Amith Yamasani <yamasani@google.com> |
Merge "Secure MATCH_UNINSTALLED_PACKAGES across users"
|
3db81ae38d942831057960347e4bc0d297b85127 |
|
01-Dec-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Revise when to throw SecurityException in bindDeviceAdminServiceAsUser"
|
0d1fd8d09163566d2c7eb72037f63b6404ada642 |
|
12-Oct-2016 |
Amith Yamasani <yamasani@google.com> |
Secure MATCH_UNINSTALLED_PACKAGES across users Introduce a new internal flag MATCH_ANY_USER for genuine uses of searching through all apps on the device. Some temporary accommodations for Launchers that reach across to the work profile until we have a new LauncherApps API to do that officially. Bug: 31000380 Test: CTS tests added Change-Id: I2e43dc49d6c2e11814a8f8d1eb07ef557f31af34
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
365a3db47001c1298fd01146e866997a9cbc3c8c |
|
30-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Allow setting managing organization for the device The Profile Owner of a managed profile can set a string that will be shown in the UI to identify the organization managing the profile. This CL extends the functionality to the Device Owner of a managed device. Bug: 32692748 Test: DevicePolicyManagerTest unit test + CTS test in separate CL Change-Id: I47295da2fd6485ebf0e890da13990a044accaf17
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
700c6ae74813182ec5cc1423911526197b5cf2a9 |
|
30-Nov-2016 |
Tony Mak <tonymak@google.com> |
Revise when to throw SecurityException in bindDeviceAdminServiceAsUser 1. No longer throw SecurityException when we fail to resolve the intent. Return false instead. 2. Throw IllegalArgumentException early if the incoming intent is not explicit. 3. Throw SecurityException with different error message. It makes debug easier and allows tests to verify a particular thing happened. Bug: 33197200 Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest Change-Id: I723ab7f434c10407aa4e7dc8e9a6e3e9bb9f2059
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dd7f8dafd862fa1a6132b37b47f1b160a4065a9e |
|
30-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Allow DO to access DevicePolicyManager.isDeviceManaged() This CL makes DPM.isDeviceManaged() accessible to the DO so that it can be CTS-tested. Bug: 32692748 Test: Device policy manager unit test + CTS & GTS in separate CLs Change-Id: I5326e86b0ffee81d04bd48f0267044463a899b78
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9f9e453b649b3507e25049c94990717dc92b269e |
|
30-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Unit test for getBindDeviceAdminTargetUsers"
|
b57bd791bf55215110839322ef7c0f72ed915a7b |
|
29-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add user affiliation APIs"
|
c9bb378a8b3633bc427dd2439ab4ae8e3b17771a |
|
11-Nov-2016 |
Esteban Talavera <etalavera@google.com> |
Add user affiliation APIs Make setAffiliationIds public so that it can be used for COMP. That way we can allow network logging and other features to work on devices that have a DO and a managed profile. Those features are currently restricted to single user devices but we'll open them up to devices where all users are affiliated. Also create a getter for that API. Bug: 32326223 Test: m FrameworksServicesTests && adb install \ -r ${ANDROID_PRODUCT_OUT}/data/app/FrameworksServicesTests/FrameworksServicesTests.apk && adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \ -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ie443be887a6ca61a7f7a07e137757dceab7eb3d3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2f26b79eea905f88c872804be01431020e4efb2e |
|
28-Nov-2016 |
Tony Mak <tonymak@google.com> |
Unit test for getBindDeviceAdminTargetUsers Was meant to write test for bindDeviceAdminServiceAsUser, but it can't be done without having tests for getBindDeviceAdminTargetUsers first as bindDeviceAdminService depends on getBindDeviceAdminTargetUsers. A bit shocked by we didn't have any managed profile tests in DevicePolicyManagerTest. Added managed profile support in the CL. Bug: 32764274 Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Change-Id: If412e4f44c3ae998f69e17411f2503a97f80149f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
22b2a81f7598f643cddc4c1098cdf8951878c4d5 |
|
28-Nov-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Send callbacks to DO when a user is added or removed."
|
8d76e72251eb6f83580cd8b70000d6904fe24096 |
|
25-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Allow DO to access bookkeeping information about its own actions The getLastSecurityLogRetrievalTime(), getLastBugReportRequestTime() and getLastNetworkLogRetrievalTime() methods are meant to be used by system code. However, there is no harm in allowing the DO to access the information they return - because it is information about actions that the DO itself took. The advantage of opening up these methods to the DO is that we can CTS-test them. Bug: 32692748 Test: DevicePolicyManager unit test + CTS test in separate CL Change-Id: I1470fca2a82b9955f7aed5e8b50220bea8b56fc9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8d4527db199b67de3a142a37adaa887bd026c22c |
|
24-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add getBindDeviceAdminTargetUsers API"
|
e95c2817f753aa4572dca38cfa29d988d692b00e |
|
17-Nov-2016 |
Nicolas Prevot <nprevot@google.com> |
Send callbacks to DO when a user is added or removed. BUG:32764090 Test: manual Change-Id: Icfac801fd2c9670f3d68cf6971f7aba2332dbb6b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fc291bcbe007692ab7a6de0651769b1f2e09de49 |
|
21-Nov-2016 |
Esteban Talavera <etalavera@google.com> |
Add getBindDeviceAdminTargetUsers API Add getBindDeviceAdminTargetUsers API. To be used for the device or profile owner in a COMP setup to know the UserHandle of their instance running on the other profile. Bug: 31952368,33033966 Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest Change-Id: I05c9ac0f6c3cdce1ec17cf2910ca7a7214064af2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
08be96ec870d01ec7f7fa26f810777c60af666d4 |
|
16-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
Disable DO single user features when clearDeviceOwner() is called regardless of the amount of users Bug: 32901196 Bug: 29748723 Change-Id: Ie419b5e496e23656cbe5436942d9aba402bfe68e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
29993074b0708d71b9d752f562ed6aee2a360fa1 |
|
17-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Keep track of admin actions for DO disclosures"
|
b21b241f0f12377c115e9c4f5bae26814fdab3fb |
|
17-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Keep track of admin actions for DO disclosures This CL adds bookkeeping to DPMS which will allow us to tell the user in the Settings UI whether/when the admin requested a bug report or retrieved logs from the device. Bug: 32692748 Test: Full DevicePolicyManagerTest unit test coverage; end-to-end tests will follow as Settings CTS verifier tests Change-Id: I89728fce4b7e0ff061b354c73caf3742e95a3a3e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
554140fc8954044d455cfe25f63339f14c985a25 |
|
17-Nov-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Check user restriction DISALLOW_REMOVE_USER in isProvisioningAllowed."
|
56400a445fa29b0a90e92d15daf6246cfc3f310d |
|
10-Nov-2016 |
Nicolas Prevot <nprevot@google.com> |
Check user restriction DISALLOW_REMOVE_USER in isProvisioningAllowed. If DISALLOW_REMOVE_USER is set and there is already a managed profile: isProvisioningAllowed() should return false BUG:32629873 Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I093bed0a4a54f83decf11716ebfd50dd4f17c089
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
75ec5465f046149f4b53976a1cfd5f46dc51e944 |
|
16-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Fix disabling DO single user features when clearDeviceOwner() is called"
|
c44e67961170ddfb668372dc6e9ce6b391e3740f |
|
15-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fix disabling DO single user features when clearDeviceOwner() is called We should disable those features before the DO is actually cleared. Bug: 32901196 Bug: 29748723 Change-Id: I3cf24636feb1715af10fb874d4fecd7a4e32495d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0 |
|
11-Nov-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update usage of ActivityManagerNative. - Remove references to ActivityManagerProxy. - Add isSystemReady to ActivityManager. Bug: 30977067 Test: cts/hostsidetests/services/activityandwindowmanager/util/run-test android.server.cts adb shell am instrument -e class com.android.server.am.ActivityManagerTest,com.android.server.am.TaskStackChangedListenerTest \ -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I07390b6124fb1515821f5c0b37baf6ae74adc8fa
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2c2fb6189c7dfd56b61faec84e69e4f7912a32a6 |
|
14-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Allow cross profile call between DO and PO"
|
46aabe5ef4362014914b7df707c2de2341211d69 |
|
14-Nov-2016 |
Tony Mak <tonymak@google.com> |
Allow cross profile call between DO and PO Allow DO to bind service of PO in managed profile and vice versa. DO and PO must be the same package. Bug: 31895999 Change-Id: I3ce2943aebd1249401d5814757a0ce25b9f85279 Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.CorpOwnedManagedProfileTest
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
aabe96db87838501d3abeb96c25a4b1c50b9c12c |
|
14-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] Minor code fixes in NetworkLoggingHandler Added a comment and renamed field to follow mConvention. Test: will be CTS tested once APIs unhidden Bug: 29748723 Change-Id: I351be4680eed9c4ab51365e1b983b452ca210858
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a9ff206af26871695bfce54969428b8ad03e31e6 |
|
03-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] DO uses batch token to retrieve network logs, and can retrieve the same batch many times This allows DO to: a) know that some logs were dropped (by trying with token and not getting anything) b) know how many logs were there in each batch (useful especially for the dropped ones) c) retry batch retrieval if it failed Test: will be CTS tested once APIs unhidden Bug: 29748723 Change-Id: I788359242e3b2a4cb638edb25e5db8b25646c29f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
383db5ebcc3a4a615faf249bf4f126f42e80b82e |
|
22-Jun-2016 |
Tamas Berghammer <tberghammer@google.com> |
Update package names to work with the proto3 compiler Bug: b/28974522 Change-Id: I5f3adf4946ee4ba1e09e4f40afe83c151405972a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d1ceaff82c8ca6a690d19a87d1a39ecdc1881bb8 |
|
04-Nov-2016 |
Greg Plesur <plesur@google.com> |
resolve merge conflicts of c874e60 to master Change-Id: I39381c516e4a1267d06e3f7b682d1cf73eeb6f9b
|
34fb70ab88408b629350a80f6f68648a95db62bf |
|
01-Nov-2016 |
Greg Plesur <plesur@google.com> |
If the current device is a watch, fix DeviceOwner/ProfileOwner logic. In this case, don't require the device to have gone through the Setup Wizard before disqualifying DO/PO if there's an incompatible account on the device. BUG: 32438704,32438210 Change-Id: I6858db13c8df6e95d01d18a903f4343f70370e8b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a27884236fe1eade93a124f00f0b843997b40a31 |
|
03-Nov-2016 |
Michal Karpinski <mkarpinski@google.com> |
Stop non-DO devices from disabling network logging Bug: 32623860 Change-Id: Ia53ce842fffb2a15c16c9535fbe07421ae7f2578
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f77ee4f1b79929a77f603e5e879f3616ae464e3e |
|
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] Management and retrieval of network logs This CL follows up on ag/1530343 and adds: 1) Various network events. 2) Retrieval method in DPM and APIs in DeviceAdminReceiver. 3) Extension of NetworkLogger and it's NetworkLoggingHandler. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java Bug: 29748723 Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dd9bb4fdd9f4b528734a7907d2bc92841ca648ab |
|
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] DO can start network logging and listen for events This CL adds: 1) Setter and getter in DPM to manipulate logging switch (retrieval method to come in a subsequent CL(s)). 2) A way for DPM to register to listen for events. 3) Skeleton of NetworkLogger class (more to come in subsequent CL(s)). Bug: 29748723 Change-Id: I5c04662ccc6febd2ba294b0eaca1ed1da9c16e47
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4b3c306268b745153b1efa093d74f88044accff1 |
|
31-Oct-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Add @NonNull / @Nullable to DPM return types"
|
408e8e4491b72407334c81522c79822061424efd |
|
25-Oct-2016 |
Makoto Onuki <omakoto@google.com> |
Add @NonNull / @Nullable to DPM return types Fix: 31331663 Fix: 32466757 Test: Signature change only; checkbuild. Change-Id: I361cdd43b9fccf309ff3efefa3783d5399e65748
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
df1b87db5d1b473511b4f06bbc85dd7b418b7031 |
|
25-Oct-2016 |
Nicolas Prevot <nprevot@google.com> |
Allow DO to remove user even if DISALLOW_REMOVE_USER is set. BUG:32300784 Test: create user in TestDPC, set DISALLOW_REMOVE_USER restriction, and remove this user. Change-Id: I96ab02d594cd1a8ab14420e12357f2083da1ce63
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5f9e6f37b276fac7be6db982c9cb7fbd93150c4a |
|
02-Aug-2016 |
Andrew Scull <ascull@google.com> |
Refactor password metric computation. This unifies previously duplicated code. Bug: 30558331 Test: runtest -x frameworks/base/core/tests/coretests/src/android/app/admin/PasswordMetricsTest.java Change-Id: I37678b83a03d4f05b9894d4b00e9a741d1a8df27
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4e6ded256f7d840d71eeb7c8ec190ae12f36453e |
|
14-Oct-2016 |
Mahaver Chopra <mahaver@google.com> |
Analytics for provisioning entry point: ADB To get the better understanding of provisioning flows, we are logging all the entry points to Managed provisioning. This change implements it for ADB. Test: cts-tradefed run cts --module DevicePolicyManager Bug: 31424428 Change-Id: Id8b6638fcec1642c54efaffdfaaee81040f4de8a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bc755da55cc00110a3c77b013c350a9b62c1f1cd |
|
14-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant am: 6dbf67fc48 Change-Id: Iacbe9a2de7024e29e9c2c98594ebca828b855a43
|
a6b3caf58e8ab18f4c3164afb8fba25e9954198b |
|
14-Oct-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Don't expose default strong auth timeout as constant" into nyc-mr1-dev
|
f38aac7fc0033a0b2227638fe4a6ccf985a59579 |
|
13-Oct-2016 |
Greg Plesur <plesur@google.com> |
DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should return 'false' for Wear devices after pairing/upgrade. am: 3514404984 am: 43ed3a5b6a Change-Id: I20248c835034935c25ee6fa25f8eeeb9125f121e
|
43ed3a5b6af89da9a89c5876fde6e4d343bd2652 |
|
13-Oct-2016 |
Greg Plesur <plesur@google.com> |
DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should return 'false' for Wear devices after pairing/upgrade. am: 3514404984 Change-Id: I8d24007831ba030af0d84f717802c79172db970f
|
216ee1f0e76f6a36bebb5490c951db2a5513ae03 |
|
13-Oct-2016 |
Greg Plesur <plesur@google.com> |
Merge "DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should return 'false' for Wear devices after pairing/upgrade." into cw-f-dev
|
35144049846e115b7d1e03fb6c935ed497d83cb2 |
|
10-Oct-2016 |
Greg Plesur <plesur@google.com> |
DPM.isProvisioningAllowed(ACTION_PROVISION_MANAGED_DEVICE) should return 'false' for Wear devices after pairing/upgrade. BUG: 32019375 Change-Id: I2563efe58c98c5dd8440891e478c89e093d8d9ac
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
543befb7c222c258ad899de2c7ff9c19ce171186 |
|
13-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
resolve merge conflicts of 792e051 to master Change-Id: I75e604639959df77ddf11bbb9805392e4141da23
|
98a145b5afb71b5fb95092d9df0e6453dad77f79 |
|
13-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Revert "Fix backup for users hit by erroneous backup disabling" am: 9f61d17e6a Change-Id: I460fbb670fbc7a724c981c4fceae0048ff4c9ded
|
b24489e20aefaaaeb8251491fc5845b555952139 |
|
13-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Merge "Revert "Fix backup for users hit by erroneous backup disabling"" into nyc-mr1-dev
|
6dbf67fc4889c49151415e986be98f70816f81ec |
|
06-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant The admin can instead use the value of 0 to reset to default. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Bug: 31430135 Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c (cherry picked from commit 943aabd11cce3ab453762d3912395363720e1f5d)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d227a66aade35f61f1401e73f888eda153be2a55 |
|
11-Oct-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Don't expose default strong auth timeout as constant"
|
6dc428f677f2b80b085466961e9495972e1c88c9 |
|
10-Oct-2016 |
Tony Mak <tonymak@google.com> |
Allow device owner to inflate managed profile 1. Modify DPM.isProvisioningAllowed to allow it to happen 2. Introduce hidden API createProfileForUserEvenWhenDisallowed for ManagedProvisioning app to create profile under DO. Apps with MANAGE_USERS permission can clear the DISALLOW_ADD_USER restriction anyway, so they do not gain extra power. Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.CustomDeviceOwnerTest#testIsProvisioningAllowed Bug: 31895999 Change-Id: I10dc3043653130ae717a1d3d8256c9e73231bb21
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
943aabd11cce3ab453762d3912395363720e1f5d |
|
06-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant The admin can instead use the value of 0 to reset to default. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Bug: 31430135 Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9f61d17e6a41e80732fb78a8a8fb723b92498a15 |
|
05-Oct-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Revert "Fix backup for users hit by erroneous backup disabling" BUG=31754835 This reverts commit 1975021d88da6623a570a6ddab8b2397b1c0e59f. Change-Id: I5cf7862126755a34cf3b4d70436529401fddc87f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
700e1e7ee8e4ed491768a35ed692a4e8f0ff0d4b |
|
28-Sep-2016 |
Nicolas Prevot <nprevot@google.com> |
Don't allow the shell to change admin-locked app permissions. BUG:27432532 Change-Id: I67f8794ea923edb5024033bb2a4474a1fb6d5fd9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
84ba6b0f27d00e2958587bbeb3f1431245e46e83 |
|
29-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix logic in disabling BackupTransport in DO mode. am: bbaadc0166 am: cfaef4287d am: da82fa0a3f Change-Id: Ib2215eda1c95b6e04429ca30011bb84789bb9b6e
|
2555a1211d16f1a532227fd52a56b4e1dc3f2ea6 |
|
29-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
resolve merge conflicts of 852c394 to master Change-Id: I75562584559c1b11111e316edded61587892ee8b
|
cfaef4287d87e8c7d8faf0f6605c5a9f02f1b4fd |
|
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix logic in disabling BackupTransport in DO mode. am: bbaadc0166 Change-Id: I89c0a7fb44bc50efedf2e8dc5eabaa4711b2687b
|
56d7022d48d67b133491dd803876c632d4aae87a |
|
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix backup for users hit by erroneous backup disabling am: 1975021d88 Change-Id: I4421e9642c2e89bf17535ef3212617d268c1c9d2
|
cd339f211ae976d0ffeaffcceb178b45804556a9 |
|
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Merge "Fix logic in disabling BackupTransport in DO mode." into nyc-mr1-dev
|
1975021d88da6623a570a6ddab8b2397b1c0e59f |
|
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix backup for users hit by erroneous backup disabling BUG=31754835 Change-Id: I89dd08b7958dd8fe20d70bc50f2c89996ae46cc5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bbaadc01663495736fa597305525e874a896ade4 |
|
28-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Fix logic in disabling BackupTransport in DO mode. We were disabling backup in consumer mode as well. BUG=31754835 TEST=android.content.pm.cts.shortcuthost.ShortcutManagerBackupTest Change-Id: I42e5cfa512fda1b471eb62c7eb8bc346383da2fa
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
357ca56f8b3b419d6b05294adae1fefcf0e63d3a |
|
25-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message. am: 6ad5f92512 am: 2f78ab5387 am: 4001a2b4c4 Change-Id: Ifc1735798074af6758da5cc3a40d9adada1376cb
|
2f78ab5387341982b81259ec574cfca09ee7085a |
|
23-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message. am: 6ad5f92512 Change-Id: Ieab914cf8538e3086fb32cc351e45e6a5c2017c5
|
18fb24c5d3e8f9e2a66e78f13a7fa2567fbd3231 |
|
23-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix DPM unit tests, also fix a log message." into nyc-mr1-dev
|
369672b8bb5e65ad926314c6d6a1c0e28c3e2d1b |
|
23-Sep-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fingerprint Strong auth timeout am: 0b72a722ed Change-Id: I70a4c0288aa2d98c02706a055a5dda710ace2ae2
|
69659cb96df2b149bbb0577179f16712054a8bc2 |
|
23-Sep-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Fingerprint Strong auth timeout" into nyc-mr1-dev
|
8a4808526741b8058a361e5c8aad810b0e412802 |
|
22-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Add DevicePolicyManager.setBackupServiceEnabled as hidden API. am: 5a122a1ce9 Change-Id: I134891f0b24cc666c34ae54cb3c937ba2f16648e
|
6ad5f92512462f774a2ff7e59abdf5edbfd215b3 |
|
19-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message. Bug 31446501 Change-Id: I37debbe2f4e983fb8bad026f8dd9bd91b7448dce
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0b72a722edacfd790178a2a6183bb985656b2887 |
|
21-Jun-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fingerprint Strong auth timeout Allows PO and DO configure strong auth timeout for fingerprint. Bug: 31430135 Change-Id: Ie6451d49aa95527adc3720d9a2a0848f58940510 (cherry picked from commit 8f010dd25d18151cc47accc7d853b4f8f7fe8491)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4a134a93d23b8463ade9696316d4824a27cddec9 |
|
15-Sep-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Fingerprint Strong auth timeout"
|
5a122a1ce90c8c09fd579147061cb7b4cd8b23e9 |
|
06-Sep-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Add DevicePolicyManager.setBackupServiceEnabled as hidden API. BUG=28628532 Change-Id: I48c3423734e54b6a4d70e58d50c98c3e17790e0d (based on a8202524608a4fc9178e6b18e13602c5a8abb404)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3ef6f111c0b3fc9292bd4b67cebf2373586a3ad8 |
|
14-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Persist package's test-only flag and always use it am: 46ea8e7f9d am: c146ed5d26 am: 47803d9cbd Change-Id: I73d1d0f9d370e1e85b0dc487c9574d397afda64d
|
c146ed5d2611c09bc90005c0c982c00d36ec4dfa |
|
12-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Persist package's test-only flag and always use it am: 46ea8e7f9d Change-Id: Ib6a24171828bbdf884c9d71ab8c07622a8f1fddb
|
46ea8e7f9d24d1fab4824f570400d6fb7bf355e0 |
|
09-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Persist package's test-only flag and always use it Bug 31382361 Change-Id: Ie48aba5827074d2a6efb6966f61af30444376384
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f9c376b7869810c91e067500cf0edbf94c4f6cda |
|
08-Sep-2016 |
Suprabh Shukla <suprabh@google.com> |
resolve merge conflicts of 37ad463 to master Change-Id: I51b2097ac3ea4ce3ec8bb29e674d1cdd789aa1a1
|
12c4d4132f6bab5eecfb7b8fc8cfdc55e0f8ab77 |
|
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2 am: ec5ceae174 am: 32daa7a95c Change-Id: I8580890ee0fcd6b1fb80352b4437d2a1379dfaee
|
32daa7a95cd49cbedf00c006cf80929518cc5465 |
|
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2 am: ec5ceae174 Change-Id: Ic4bbce08944881f0d20a08c1ebb4db5531208f23
|
ec5ceae1743b64822cb7ca35d5938109a8beb370 |
|
08-Sep-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass am: 0737c2b4c2 Change-Id: Ia76391f710e42e9634010bd211a0370230b318e3
|
9d46e5e044541bbe470ae72074a7aa18b862c827 |
|
07-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Allow DO/PO to be installed with certain preconfigured accounts. am: 5e7e0670c7 Change-Id: I9191a60bf4071b8205c04131cb2d97ef1a32fb19
|
5e7e0670c7b4b0f15c812fc83991afcc7fa24bf9 |
|
02-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Allow DO/PO to be installed with certain preconfigured accounts. - Non-test-only DO/PO still can't be installed when there are accounts. - Test-only DO/PO can be installed even when there are accounts, as long as all the accounts have the "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED" feature. Some authenticators claim to have any features, so to detect it, we also check android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED and disallow installing if any of the accounts have it. - Also add logs on certain important events in DPMS. Bug 28928996 Change-Id: I62efce10e9cc22e994ea8cae91a4fafcce25dd77
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8f010dd25d18151cc47accc7d853b4f8f7fe8491 |
|
21-Jun-2016 |
Michal Karpinski <mkarpinski@google.com> |
Fingerprint Strong auth timeout Allows PO and DO configure strong auth timeout for fingerprint. Bug: 29825955 Change-Id: Ie6451d49aa95527adc3720d9a2a0848f58940510
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1970f97e4758224132329a3e0dbe9c3946c4499b |
|
30-Aug-2016 |
Tony Mak <tonymak@google.com> |
Send ACTION_DEVICE_OWNER_CHANGED broadcast after clearing device owner Change-Id: Iaac182c69a30e941da3a017a923247d813881521 Fix: 27261692
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3f98ea1eeef5bed165f77d1cf64b8d4b2dd3f0b4 |
|
30-Aug-2016 |
Victor Chang <vichang@google.com> |
Merge "forceUpdateUserSetupComplete should have no effect in user build"
|
3577ed2556f20f7ab09e58b6b286217c7e1560c9 |
|
25-Aug-2016 |
Victor Chang <vichang@google.com> |
forceUpdateUserSetupComplete should have no effect in user build Bug:30031808 Change-Id: I908a495633e03ace770a8ec19196841d19dfd41d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0737c2b4c2ae6415eced00926235f848d1957bae |
|
08-Aug-2016 |
Robin Lee <rgl@google.com> |
DO NOT MERGE Stop work challenge freeform bypass Bypassing work challenge in freeform mode was trivial by just keeping work apps open in freeform mode and then switching focus to them from another app. Because the only interception point is startActivity this never triggered work challenge. The solution is to trigger the check on focus change events and also to allow passing the result back into the freeform stack instead of dumping our user out into the homescreen. Change-Id: I141ecf90b5f0e708a21d27141b6fec6074e5d475 Fix: 30693465
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a8202524608a4fc9178e6b18e13602c5a8abb404 |
|
18-Aug-2016 |
Vladislav Kuzkokov <vkuzkokov@google.com> |
Add DevicePolicyManager.setBackupServiceEnabled as hidden API. BUG=28628532 Change-Id: I48c3423734e54b6a4d70e58d50c98c3e17790e0d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
feef989771c8b4393e0c742097390bc95c1ba4fb |
|
25-Aug-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add missing comment."
|
1e26c2950a3bfdb3a0bcdcbe283bd5f1f73b3c29 |
|
25-Aug-2016 |
Rubin Xu <rubinxu@google.com> |
Add missing comment. Change-Id: I78b24c0a56e0f06a692e6e5665873c994241a487
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fce4b4acfc7dd4408ff60e898313406495facbf0 |
|
25-Aug-2016 |
Andrew Scull <ascull@google.com> |
Only check password length for relevant qualities. am: 83ab85410b Change-Id: I89354ab06c70fd7b23d32aeebf84df85f6375765
|
b038c4f617ef15d5f691adee51e5684677e3073e |
|
25-Aug-2016 |
Andrew Scull <ascull@google.com> |
Merge "Only check password length for relevant qualities." into nyc-mr1-dev
|
c148ba90fb963b96c62854da65f60299446a6501 |
|
25-Aug-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Allow DO to factory reset if it has set DISALLOW_FACTORY_RESET."
|
8d79662301a701881f00330cec3bc41806754d00 |
|
28-Jul-2016 |
Nicolas Prevot <nprevot@google.com> |
Allow DO to factory reset if it has set DISALLOW_FACTORY_RESET. The Device Owner could remove this user restriction anyway. Also do the same for PO in primary user. BUG:27263403 Change-Id: I0f7b9a6237e40668b1eab2f55dc5c3f79e0d6eeb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9bfc65f321ec7f4eb3bffb5148d8e3b90b0bdc0f |
|
15-Aug-2016 |
Victor Chang <vichang@google.com> |
Add api to update user_setup_completed flag to allow e2e testing in ManagedProvisioning Bug:30031808 Change-Id: Idd4b230931718a6d10f0fc41cdcf9bccb5c6354c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fb4d7e8838c1c3ab6f69a3ff3d4141ab0f721f4c |
|
08-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing NPE in device policy tests am: 68a2a0feed am: d83eee9445 Change-Id: I29a02cc933c1bb46b85bb70050123d3c223bed81
|
d83eee9445b4d5c65b91f67f2b1013358cc1d6d3 |
|
08-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing NPE in device policy tests am: 68a2a0feed Change-Id: Ic637f7380d674e17b82ce417df82b8e940f92aa8
|
67d9c792a8122204775e2e18289fe1b7ce0c2693 |
|
08-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Merge "Fixing NPE in device policy tests" into cw-f-dev
|
f0b9bd4f80cde7ac29049737d067707cad37e5c9 |
|
06-Aug-2016 |
Suprabh Shukla <suprabh@google.com> |
Not trying to remove admins already being removed am: 9704e409df am: 636cd41893 am: 58da13b6fa Change-Id: I2da5ec521d940156dc6f06019a0b85cddece0ce5
|
68a2a0feed79e8e8928785461740525f6e384960 |
|
05-Aug-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing NPE in device policy tests Bug: 30224255 Change-Id: I5c21f8d0e5660cca1cf7861649195672348f802c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9704e409dfe1c1fc582d98837f2a315886a1cd61 |
|
05-Aug-2016 |
Suprabh Shukla <suprabh@google.com> |
Not trying to remove admins already being removed If someone calls removeActiveAdminLocked more than once, it is possible for the device policy data to end up with more than one copy of an admin in the list mRemovingAdmins. Due to extra entries, once the admin component is removed, it is not being allowed to be set as an admin again, until the device reboots or mRemovingAdmins is cleared from the memory due to some other reason. Fixing this by making sure we do not add duplicate entries to mRemovingAdmins Bug: 30369197 Change-Id: I1d53c41312171425bbd6e6e4153148276f1b098d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
83ab85410b98bb6e4e01be5db54ec244aeeb3182 |
|
20-Jul-2016 |
Andrew Scull <ascull@google.com> |
Only check password length for relevant qualities. The minimum password length is only required for certain password qualities so only check the minimum length in those cases. Bug: 30109030 Change-Id: I330c88fc0b22179e126fc1241a9c58d5e0d73e8e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fe84fe01d7415ea86e37824c0aff0d988089b6c2 |
|
25-Jul-2016 |
Tony Mak <tonymak@google.com> |
Persist master volume mute across reboot am: c1205111a9 am: c33b549af8 Change-Id: Id5e57ebdf81824af0f86854d8668a05f8109e0e1
|
c1205111a92b52283078f1a2e86c8d32c5928b92 |
|
22-Jul-2016 |
Tony Mak <tonymak@google.com> |
Persist master volume mute across reboot Fix: 30133263 Change-Id: I53450a504e40e55516acc88550f369a74a244eaf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cca00b0e7f2d939ef6e84f0cbc50256aed6043c6 |
|
20-Jul-2016 |
Andrew Scull <ascull@google.com> |
Only check password length for relevant qualities. The minimum password length is only required for certain password qualities so only check the minimum length in those cases. Bug: 30109030 Change-Id: I330c88fc0b22179e126fc1241a9c58d5e0d73e8e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c69f21c357bc0fd3687d9dba1825effe30f968c0 |
|
18-Jul-2016 |
Makoto Onuki <omakoto@google.com> |
Merge \\"Remove the DMAgent whitelisting\\" into nyc-mr1-dev am: bf6c6b44e1 am: 41fa9fe0a4 Change-Id: I5bbe059464a8719b92bf16997482382c7de02e99
|
0b4b58f5077562c8f2d084974d001d0f714bcaad |
|
16-Jul-2016 |
Makoto Onuki <omakoto@google.com> |
Remove the DMAgent whitelisting Bug 30075554 Change-Id: Ib089353ff9f58eb175a7b5d9addfb371655afc6b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e4da41e6be7b6cc5d2f26d1c24910785d04c751c |
|
13-Jul-2016 |
Benjamin Franz <bfranz@google.com> |
Merge \\"Add hidden API to store whether provisioning config has been applied\\" into nyc-mr1-dev am: 17ca90430b am: b3fa8d87e0 Change-Id: If65317cf6ec5237cff36fba86ed219ab078776ad
|
2aa9bab8a1edd7a9dc62f4a2ae51defa026a7de6 |
|
11-Jul-2016 |
Benjamin Franz <bfranz@google.com> |
Add hidden API to store whether provisioning config has been applied Bug: 29629204 Change-Id: Iaf4164357868b17dbc6615a77babb0e7cbc183b7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1f984d7f6bb5b86dcb0da06402cb941b3aa88009 |
|
12-Jul-2016 |
Mahaver Chopra <mahaver@google.com> |
Merge \\"Add an api to verify if ro.device_owner was set\\" into nyc-mr1-dev am: c1182a8128 am: 325af20235 Change-Id: I18fc9c4d7662c6b05e3b66d9a1fcddb9c9e43730
|
790d198860dc550f2dbaa5ac502cbcda1f8530c9 |
|
07-Jul-2016 |
Mahaver Chopra <mahaver@google.com> |
Add an api to verify if ro.device_owner was set Currently for OobConfig app we used DEVICE_PROVISIONED Global setting to verify if device was provisioned. This setting can be modified using adb. we just need to know if it was set atleast once. Added an api in DPM to return whether system property "ro.device_owner" was set. Bug: 29935702 Change-Id: I9a2b5217c0bc2cc11d68282e05a5450ea3f6cf21
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d1349217270559e5ada6e44a0d0528495d5ec8d5 |
|
07-Jul-2016 |
Rubin Xu <rubinxu@google.com> |
Merge \\"Bump ACTION_CHOOSE_PRIVATE_KEY_ALIAS broadcast to foreground\\" into nyc-mr1-dev am: f627e9c09e am: 2a1491061d Change-Id: I30bad0f21b35f98db769a92ea81be7be50b86186
|
ca081ca39642e507588e284dfe98ff3ad4bc12d1 |
|
06-Jul-2016 |
Rubin Xu <rubinxu@google.com> |
Bump ACTION_CHOOSE_PRIVATE_KEY_ALIAS broadcast to foreground Bug: 29966726 Change-Id: Ifdbdd26df40518d9e50f9a0b0dfc5c01cb9accb2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6d4f195f1ab24942e9a56e37b05e5c80500b3ba4 |
|
30-Jun-2016 |
Chad Brubaker <cbrubaker@google.com> |
Merge changes from topics 'handle-storage-update', 'action-storage-changed' * changes: Update trusted certificates when the trust store is changed Deprecate ACTION_STORAGE_CHANGED
|
4de59ef3238c4bf4b8c994b83be2c703ffad2a5b |
|
02-May-2016 |
Chad Brubaker <cbrubaker@google.com> |
Deprecate ACTION_STORAGE_CHANGED ACTION_STORAGE_CHANGED is too noisy and fires on too many events. It has been split into ACTION_KEYCHAIN_CHANGED for addition/modification/removal of user certificates and keys, ACTION_TRUST_STORE_CHANGED for changes the the user added and system CA stores on the device and ACTION_KEY_ACCESS_CHANGED for changes to key grants. ACTION_STORAGE_CHANGED will only be sent to applications targeting N and below. Applications targeting future releases should use the new broadcasts. Bug:28450538 Change-Id: I34ff838e9858db65f7308ca2b0f7d652c48fae17
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6e150baa881edce56ad653f80bf92617b8d0cf55 |
|
29-Jun-2016 |
Suprabh Shukla <suprabh@google.com> |
Merge changes Id876f01f,If7c94cf8 into nyc-mr1-dev am: 634ed6bc17 am: a07ed2f383 Change-Id: I795b47e1c7e2c944c0c7525bb108af577546ee53
|
f8c04cbe959e6bb6fed2c2779ad45185f66b8855 |
|
28-Jun-2016 |
Suprabh Shukla <suprabh@google.com> |
Enabling auto-ota in retail demo mode Bug: 29542384 Change-Id: If7c94cf8a8e5851011f23dc5d64fc795f9a07b22
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f574cf568bb24b5336322d9b4be7e80a9df8d499 |
|
28-Jun-2016 |
Tony Mak <tonymak@google.com> |
Merge "setProfileEnabled should be no-op when the profile is already enabled"
|
709a63d9c0a71bdf2af66904ed6e7440915b45d2 |
|
09-Jun-2016 |
Nicolas Prevot <nprevot@google.com> |
Show policy transparency screen if adding an account is not allowed. If DISALLOW_MODIFY_ACCOUNTS has been set by a profile/device owner, or account management is disabled: When an app tries to add an account, show the policy transparency screen. BUG:26762383 Change-Id: I721220c37c74493020f5a1be1f15731e9863a1de
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
26704957fe48d75a5b4f3a51cff520a9e4d8b82c |
|
13-Jun-2016 |
Makoto Onuki <omakoto@google.com> |
Don't take the DPMS lock in DPMI.createPackageSuspendedDialogIntent This method is called by AM with the lock held, so can't take the DPMS lock. It still takes a different lock, but we don't call into the external world while holding this lock, so this is fine. Bug 29242568 Change-Id: Idbecdd7d97385ca66c693903443471fdbae833e6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bd4148bbab494efc51c6333696237a7ce6e12076 |
|
14-Jun-2016 |
Tony Mak <tonymak@google.com> |
setProfileEnabled should be no-op when the profile is already enabled Just printing log if we encounter this situation, we may consider to throw exception if we provide API to check is profile enabled later. Bug: 29069975 Change-Id: I819be0f97b038dbdd6c6cea81c42ff73be60027b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c29f62c7388f550da2c7368c5dbc0aec7d1564fe |
|
07-Jun-2016 |
Makoto Onuki <omakoto@google.com> |
Push DO/PO package names from DPMS to PM Bug 29126573 Change-Id: I95ea1559f6acf5d2f0e1b0953568cdfc938e83b9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
90c9dbc91910a77b8660ec66de0725aee472e0ab |
|
31-May-2016 |
Ricky Wai <rickywai@google.com> |
Do not get device owner admin info when device owner is null Bug: 29043723 Change-Id: I355c549f891a5e71f654f42ed16a7139da86482a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
977ade26dd8bc6a442be2db2470459058246844f |
|
24-May-2016 |
Ricky Wai <rickywai@google.com> |
Do not allow DPM.resetPassword() when child profile exists or user is locked Bug: 28878708 Change-Id: Iaae2a9ba9c7c0ff388264c474c78a0dcd9fec258
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
12753ded44813a77a4cad5114d34345bec7b21ef |
|
23-May-2016 |
Victor Chang <vichang@google.com> |
Fix Certificate authority installed notification is gone when turning off and on the work mode. cause: Work mode is turned on before entering USER_STOPPED state. Thus, BOOT_COMPLETED broadcast is not sent, but the notification has been dismissed. use USER_STARTED + USER_UNLOCKED because both are foreground. Bug: 28864104 Change-Id: I4796b61586e194d8367b9e52a9c56f858cbcbe7d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
93f8fd714ad89067bf81d2ce8be3b2f2e816dee2 |
|
05-May-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update RestrictedLockUtils to use UM.getUserRestrictionSource. Bug: 28269827 Change-Id: Ib4a1441b71986ca6637a9236136b60e18dbc1643
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bc73347152a3562a7f957a07433d64912f4acd83 |
|
17-May-2016 |
Robin Lee <rgl@google.com> |
Merge "Skip 'network may be monitored' if dying or locked" into nyc-dev
|
820ae5a47587f3d0a7bc4be9acb1c46c590c9860 |
|
12-May-2016 |
Ashley Smith <ashleymarie@google.com> |
Fixing a NPE in DevicePolicyManagerService Bug: 28786940 Change-Id: I73de8dea9221765ed0751039f3d472cf78d341af
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fe47b6eefa266e2a43294f6472e58698be711ee2 |
|
13-May-2016 |
Robin Lee <rgl@google.com> |
Skip 'network may be monitored' if dying or locked KeyChain isn't direct boot aware & attempting to bind to a service inside a dying user isn't going to end well. Change-Id: I5a0acc34f98c39705ec404765c87e7ac61ca9b71 Fix: 28725354
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
090b5a8e8c6cbe069c9818eda25b1976da6426a9 |
|
11-May-2016 |
Victor Chang <vichang@google.com> |
Merge "Fix ConfirmCredential is not presented before trusting cert installed by PO/DO" into nyc-dev
|
8560a7c2a1681276ccf8cb04dfd02bfea6251af4 |
|
09-May-2016 |
Victor Chang <vichang@google.com> |
Fix ConfirmCredential is not presented before trusting cert installed by PO/DO - TrustedCredential is responsible to show ConfirmCredential - Show the MonitoringCerInfoActivity in personal side instead to avoid showing work challenge - put user id into extra Bug: 28619980 Change-Id: Iedbc0b721ef56675f3c9eb6f1d12daf1222ad080
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0fb6b9e18c4f9fad98c426ace0190017e8b2060a |
|
04-May-2016 |
Rubin Xu <rubinxu@google.com> |
Guard retrievePreRebootSecurityLogs with config flag Bug: 28160645 Change-Id: Ifce884c319019758dfaaa39bc239e9f30962c920
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fc0810b4d47b3cd679c5c761eb225be3d1351060 |
|
05-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Merge "Revert "Don't enforce this API - it's not sensitive"" into nyc-dev
|
9de713d42269a5888d31423b74d4203dce382853 |
|
03-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Revert "Don't enforce this API - it's not sensitive" This reverts commit 895504e55788c5c7fd90830dcf01c41a79ca7fe4. Also adds a change to device manager to prevent failure there as in the bug below. Bug: 28512889 Change-Id: I4a445ec365133e9e2764e2d625d61fc6ee2008ec
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dc67971a996c447c71ceb9ad983c79c96f598bcc |
|
03-May-2016 |
Robin Lee <rgl@google.com> |
Add lockdownEnabled parameter to always-on VPN API Allows callers to opt-out of blockading network traffic during boot and on VPN app failure. Bug: 26694104 Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ce18c8167766f92856f94a8e88e19de4698960e6 |
|
28-Apr-2016 |
Jeff Sharkey <jsharkey@android.com> |
Introduce "unlocking" vs "unlocked" nuance. There is a narrow window of time during user unlock where we're reconciling user storage and dispatching the "unlock" status to various internal system services. While in this "unlocking" state, apps need to be told that the user still isn't actually "unlocked" so they don't try making calls to AccountManager, etc. The majority of internal services are interested in merging together both the "unlocking" and "unlocked" state, so update them. Clarify naming in AccountManagerService to make it clear that a local list is being used, which mirrors the naming in MountService. To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch after the user is unlocked, but block BOOT_COMPLETED dispatch until after all PRE_BOOT receivers are finished to avoid ANRs. Bug: 28040947, 28164677 Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c0440e5f4dfa695d2347c68bbec787d3e16847eb |
|
22-Apr-2016 |
Victor Chang <vichang@google.com> |
Merge "Deleting lock screen clears all CA approvals" into nyc-dev
|
dc068eba6f577b0ec37f5830df5c19f4ff2e85cf |
|
21-Apr-2016 |
Victor Chang <vichang@google.com> |
Deleting lock screen clears all CA approvals When both screenlocks for profile user and parent user has been removed (both set to none), remove CA approvls on that user, and show the "Certificate authority installed" notification. Bug: 28161447 Change-Id: I3c78dc5cfcdf7c02c91b64abe44984ee790d8f3e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
38dcca51a739d3273b24e84ba5e89e505f45960c |
|
19-Apr-2016 |
Kenny Guy <kennyguy@google.com> |
Add test method to remove admins. Add test method to remove admins that declare FLAG_TEST_APP without informing them. The method will also remove the device and profile owner status of the admin. Bug: 28027468 Change-Id: Idb4d3299a9c6595c94bfb424546cd8a384131835
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fd580f7d1a5a19b062bea49602f0f6136bce7e5e |
|
13-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update {set,get}{Long,Short}SupportMessage APIs to use CharSequence." into nyc-dev
|
1271cef419bdb7577f64b1dfa05d5678df706ef5 |
|
13-Apr-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "API polish in DPM for organization color and name methods" into nyc-dev
|
caf566a5372b05230885b787997b98ff4508eadd |
|
13-Apr-2016 |
Victor Chang <vichang@google.com> |
Merge "Update display text in cert notification" into nyc-dev
|
74cd73079c6901f7e081fcac744a2597ed96a991 |
|
12-Apr-2016 |
Michal Karpinski <mkarpinski@google.com> |
API polish in DPM for organization color and name methods - Returning and accepting CharSequence instead of String - Enforcing 100% opacity and adjusting javadocs for color format - Adding @ColorInt annotations Bug: 27531295 Change-Id: Id27d4fd5e7bb4d746cc61288457eb4eb86224505
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3ccca91e6ee2106004c3762ee682deff7343c6d4 |
|
12-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update {set,get}{Long,Short}SupportMessage APIs to use CharSequence. Bug: 27531295 Change-Id: Ib28c509a3112046c14d812265ce43bc5b5574f12
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4c74334c4425e43dfb53bc2ef707eebb1bef7d5b |
|
11-Apr-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added getProfileIds method returning array of userIds" into nyc-dev
|
355d47697c346ad4c7f41a8af1febcdf4ff95988 |
|
07-Apr-2016 |
Victor Chang <vichang@google.com> |
Update display text in cert notification - Show DPC app name for PO - Check user id for DO - Update notification title for all cases - update symbols for private resource ssl_ca_cert_warning changed from string to plural - Pass number of certificate to MonitoringCertInfoActivity Bug: 25772443 Bug: 18224038 Change-Id: I68db06f55a24879c1d5f532e38b97e2932bf990e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a078b4ba6a30532585e93b7d99f81fd0184aeb56 |
|
08-Apr-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Still return a package suspsended dialog if there is no owner." into nyc-dev
|
8aa48028f36a411192623881191c2591a009a997 |
|
08-Apr-2016 |
Nicolas Prevot <nprevot@google.com> |
Still return a package suspsended dialog if there is no owner. When an application cannot be started, and there is no profile/device owner, still return a PackageSuspendedDialog. BUG: 28042198 Change-Id: I5c30393f9481840a965bb815235af5181561a063
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7f98aa4aa93497692f200c553d2d6fff402e3de2 |
|
07-Apr-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Added getProfileIds method returning array of userIds Previously many usages of UserManager.getProfiles and getEnabledProfiles were only using ids of returned users. Given that the list of users needs to be parceled and unparceled for Binder calls, returning array of ids minimizes memory usage and serialization time. A new method getProfileIds was introduced which returns an array of userIds. Existing method calls were updated where appropriate. Bug: 27705805 Change-Id: Ic5d5decd77567ba0f749e48837a2c6fa10e812c0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
035e92447084b96ef2c9125e77105c237e20bad3 |
|
18-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Fix work profile screen timeout policy Settings screen should apply both primary and managed maximum timeout policy, even separate profile challenge is enabled. Bug: 27493348 Change-Id: Ia1ec1cafc7665c54816833af64e0f446a77a55b2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dc283a897680ffd33c4d15535ebe778ba5b42c43 |
|
24-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Keymaster init for work profile Changes: (1) When unified work challenge is enabled and screen lock is secure - Store work profile secure key in primary profile - When primary user keystore unlocked, unlock work profile keystore - When primary user change lock to none, remove work secure key (2) When unified work challenge is enabled but screen lock is not secure - When screen lock changes to secure, store work secure key in primary (3) When user changes work challenge from unified to separated - Remove work secure key in primary (4) When user changes work challenge from separate to unified - Do (1) and (2) Bug: 27460698 Change-Id: I8f77bde5dc6b8e59c90256e75c5990100e93366b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a01c1f0d90def31de9bdd21bada11a3dfc0444b0 |
|
06-Apr-2016 |
Tony Mak <tonymak@google.com> |
Merge "xxxTrustAgentConfiguration should be supported in the parent DPM instance" into nyc-dev
|
589b855719ce89ba68ce1a93f15a4c79a2461adc |
|
06-Apr-2016 |
Robin Lee <rgl@google.com> |
Merge "Remove bool return from setAlwaysOnVpnPackage" into nyc-dev
|
ee5eb934e349ee6a01a028cb431afac9018b8e56 |
|
05-Apr-2016 |
Robin Lee <rgl@google.com> |
Remove bool return from setAlwaysOnVpnPackage Bug: 27533151 Change-Id: I4c656488e69cb5247dbb9cfd62d6f6f7043f9a90
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
73ebf33d76c1d06b275b011e043680c410fd70ac |
|
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
Merge "getProfiles should only returns non-partial user info" into nyc-dev
|
f4b30e2147671476564c8bba6edf33aa63334f6e |
|
05-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Remove the admin from the removing list when refreshing that admin." into nyc-dev
|
80189cdece046e2e915e07c0ee166b6375dbde84 |
|
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
getProfiles should only returns non-partial user info Bug: 26928524 Change-Id: I537bb0a9632cad603717a367b81d5e072452a6d7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
089d840383c511ed170a284ba343bd9a00db790e |
|
05-Apr-2016 |
Tony Mak <tonymak@google.com> |
xxxTrustAgentConfiguration should be supported in the parent DPM instance 1. Fix trust agent config does not persist across reboot 2. xxxTrustAgentConfiguration now supported in parent DPM instance Bug: 27601827 Change-Id: I6ea4a089bf590d6c44be40318f3a69c35c54f796
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
691b1a6005ed373ad75361aa5a1bd120f138f15c |
|
05-Apr-2016 |
Robin Lee <rgl@google.com> |
Merge "Switch to work challenge if MP calls resetPassword" into nyc-dev
|
7c9213313440be5925441b7bfbac4837336c6006 |
|
01-Apr-2016 |
Sudheer Shanka <sudheersai@google.com> |
Remove the admin from the removing list when refreshing that admin. Change-Id: I9b597a116db4f1fb894427b4e885f29c3e94abdb Fixes: 27909181
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ce5c4009cf555b1ece69356949f4c2c4b38cc25a |
|
23-Mar-2016 |
Robin Lee <rgl@google.com> |
Switch to work challenge if MP calls resetPassword If the profile owner wants to set a lock screen for a profile which they created, we should let them. This will cancel any lock screen unification that has been set up. Attempting to clear the password will continue to throw SecurityException if called from a managed profile. Bug: 26682008 Change-Id: Ia09aef879a21c074ccb517905e43f62696837998
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f1fe782e912d3feed9cded8fb80b179c4ee5d09c |
|
31-Mar-2016 |
Robin Lee <rgl@google.com> |
Merge "API to approve CA certificates" into nyc-dev
|
2f7e1e487c8ef486a16ad2398ffee413b53da04e |
|
21-Mar-2016 |
Robin Lee <rgl@google.com> |
API to approve CA certificates Bug: 18224038 Change-Id: Id928872cd70dac5a5ecfdcd52150fe6dea544e3b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e04ac3d7d2027ea3149748ca6520405b7e1b1dbb |
|
31-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "Unit test for isProvisioningAllowed" into nyc-dev
|
aa604694450539b4c99901b0714efaa79db3c87d |
|
31-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "AfW - suspend apps - API polish" into nyc-dev
|
d2a968f9c31ba1864bc514bb88a9a939508fe794 |
|
31-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Return null value if getActiveAdminUncheckedLocked returns null." into nyc-dev
|
549b9692808cbd7d64e732b199b453b2b372dd32 |
|
31-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Return null value if getActiveAdminUncheckedLocked returns null. - Split per user version of getUserRestrictions into a separate method in DPMS and make the per-user version return null if the admin parameter is not a valid one. - Update isAccessibilityServicePermittedByAdmin and isInputMethodPermittedByAdmin to return false if the admin parameter is not a valid one. Bug: 27909087 Change-Id: I6f4cae6552cbfe02dc4a92b04eeeddf0314e0974
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3e794afb82228199c0a83bed5463dbeb3c48dd62 |
|
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Unit test for isProvisioningAllowed Note: DevicePolicyManagerService is changed to inject ContentObserver notifier Test: all test cases in DevicePolicyManagerTest pass BUG: 25710621 Change-Id: I347cec71769d0e9dd6a334d7d6339d5ce6a3fa6a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5b7ca24f14ae4d1189ca7683fdad1ec0e62b88b8 |
|
30-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Merge "Add DevicePolicyManager API to install a client cert chain." into nyc-dev
|
30fb0534492478a3f95f6953b31bbb666ced8fe5 |
|
30-Mar-2016 |
Clara Bayarri <clarabayarri@google.com> |
Merge "Change default work challenge background color" into nyc-dev
|
8d0bd7fa634c090514ff27bbc0cd25a609c22b83 |
|
30-Mar-2016 |
Clara Bayarri <clarabayarri@google.com> |
Change default work challenge background color Requested by UX Bug: 27829562 Change-Id: I815c06784189e68b09e464e936521e82091c93c3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b70ba1971c29db87e405434161489e2450309050 |
|
30-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "AfW custom lock screen message - API polish" into nyc-dev
|
b43659170824dd8d753d9249fe6ccfd37c6221ae |
|
23-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager API to install a client cert chain. When installing a keypair the caller will have the option to specify a certificate chain which will later be returned to whoever requests access to the keypair via KeyChain. Bug: 18239590 Change-Id: Id21ef026e31537db38d891cb9b712dd4fe7159c7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
efc4a344a173ae20ec72b8c05c45b794687fda87 |
|
22-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
AfW - suspend apps - API polish * renamed getPackageSuspended => isPackageSuspended * does not return false for an error, instead throws NameNotFoundException if the package could not be found, or if there is an unknown RemoteException, wraps it in a RuntimeException and rethrows. Bug: 27532430 Bug: 22776761 Change-Id: Iee00600089b1c0556a3312b10456826464fa8f9f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
81a95700e591d098d829df86eb25a77a70b23d79 |
|
29-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Fix SecurityException in getStorageEncryptionStatus Bug: 27892709 Change-Id: Ic6a3ccb8d266cfb04708413b767fe4f284219e57
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
16187903b40014e28b97e2bd1429543e2c27ffb9 |
|
21-Mar-2016 |
Andrei Stingaceanu <stg@google.com> |
AfW custom lock screen message - API polish DevicePolicyManager: * getDeviceOwnerLockScreenInfo now returns CharSequence as it returns a string for display to a user * setDeviceOwnerLockScreenInfo ** accepts CharSequence, not String as this is a string displayed to the user ** Returns void; throws an appropriate runtime exception on failure Bug: 27531295 Change-Id: I30528569cfa66ee76f857fbee1c3196f821718fd
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fac4ddbd25e7ccaa763b9ac93ef1df5015b85628 |
|
28-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Work around buggy DMAgent. They're targeting new API level, but they aren't handling the new constants. Bug: 27785116 Change-Id: I8391294d963c86af1f948b91c7d1de6b7f44f66a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a7c85adeda9283442b313c3e8a565b1655591c7a |
|
23-Mar-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Let the profile owner set lock-to-apps if the user is affiliated. BUG: 25632687 Change-Id: I76008b6a8e2194155154dc7693d43ce20f7e9fad
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d3c0cf50b6c8e71c0c409abcd3b8c32f98f7cb71 |
|
21-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "Api change of DPM.setApplicationRestrictionsManagingPackage()" into nyc-dev
|
cd14c0a9daa42a7ccacef345b3b2ef255790f993 |
|
16-Mar-2016 |
Victor Chang <vichang@google.com> |
Api change of DPM.setApplicationRestrictionsManagingPackage() Throws NameNotFoundException instead of IllegalArgumentException Can't throw NameNotFoundException directly from DPMS as aidl doesn't support checked exception Bug: 27532565 Change-Id: I202721f41057f92ad2dd851d4769ba4502a8f9b3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8a372a0a280127743ce9a7ce4b6198c7a02d2a4f |
|
16-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Refactoring FBE APIs based on council feedback. Mostly consists of removing the word "encryption" from most APIs, since we can't actually make promises about the data being encrypted. Bug: 27531029 Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6235a94ffaed1d82cee2317481c18776f601da1b |
|
15-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Unifying method names and comments to security logging, not device logging Also move SecurityLog to android.app.admin package. Bug: 27531824 Bug: 27532560 Bug: 27532564 Bug: 27532425 Change-Id: I2677afdb5685bc5d21e52c41b381b57a41e364b6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8a8e8ea19a825dd45117909df2f0140ca20565e7 |
|
15-Mar-2016 |
Mahaver Chopra <mahaver@google.com> |
Merge "Update DPM.reboot with new restriction" into nyc-dev
|
1216ae5d023e8f6e4f158a447a5764288e4ccc3e |
|
11-Mar-2016 |
Mahaver Chopra <mahaver@google.com> |
Update DPM.reboot with new restriction DPM.reboot() should not be called when there is an ongoing call on the device. Bug:27531799 Change-Id: Idc1fa4c7aa79b20ec9c2afcccf855455ee316787
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b5a4d9605f6ee009984165f1c894b3949dc8417a |
|
15-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Show admin support dialog if app is suspended." into nyc-dev
|
7a9c34bd7a65bf27a3a7ea83d7a1391667bae50a |
|
11-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Show admin support dialog if app is suspended. Bug: 26922950 Change-Id: I21f048873244df52d14910cc01a658af476d9149
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c4927b9fd43efab3f69c4cba90624153a885e0aa |
|
15-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Logging of setting ro.device_owner property Without logging of setting it's impossible to test the setup, unless device is rooted. Bug: 22860162 Change-Id: I0532654ef4e4b7272d2749b30590a1b47da9f645
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d4c9e541ec7110d3c842d6f92c3ec6beb0b6d997 |
|
26-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Add ENCRYPTION_STATUS_ACTIVE_PER_USER to... getStorageEncryptionStatus() Use StorageManager APIs to get the encryption state instead of from the system properties directly. Bug 26547262 Change-Id: Ic27baa9489d43a93873f8bb0428084f8886aed67
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
03128dceab3a7cc517b7c253e740caac82e74033 |
|
10-Mar-2016 |
Paul Lawrence <paullawrence@google.com> |
Fix bug in new encryption API Bug: 27583871 Change-Id: I372f0a6a411704dc57ca9bcc53c4c5a10b236772
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2f79ae98afd895ec1179b38fccb538f64164b9fd |
|
09-Mar-2016 |
Michal Karpinski <mkarpinski@google.com> |
Tuning down wtf to warning for setting ro.device_owner property This was logged to often, especially while running CTS hostside tests and looked too scary to people. Bug: 27230864 Change-Id: I9e81d9efe87b4aed18aa473be647c560ff9cfa0d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d5a3f3df4097e4a57e0d31fba994c91d8996abf8 |
|
09-Mar-2016 |
Paul Lawrence <paullawrence@google.com> |
Merge "Add API to IMountService to get encryption state" into nyc-dev
|
20be5d62471d520eed3a52d90c11944464a71c07 |
|
26-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Add API to IMountService to get encryption state Bug: 18002358 Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
97e89c624e19c0a0ebe3d76506a493cfe29c0558 |
|
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update DPM.getWifiMacAddress to take admin component as argument." into nyc-dev
|
4d9abf92d4d5f77f025531b70ed1f58e7482acf5 |
|
08-Mar-2016 |
Tony Mak <tonymak@google.com> |
clear calling identity before calling getUserInfo Bug: 27523508 Change-Id: I243a5423de850477cf65968c8ea26cbb3ae896d5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3cb4da16dcf07474acefb709d10b22cdfdefd81b |
|
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update DPM.getWifiMacAddress to take admin component as argument. Bug: 27532280 Change-Id: I3a5e9557c3c6ac43c458c911a5309bdb2655fb66
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1145cd26bd8acff6aced86a98819172fd7e4cbd1 |
|
07-Mar-2016 |
Kenny Guy <kennyguy@google.com> |
Don't crash if KeyChain can't be bound to. KeyChain can throw an assertion error if is not around, don't allow that to take down system. Bug: 27518175 Change-Id: I99418dfb65c58d3e07cbda91860cdb493b96a836
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fdc5ba8f43e09cfbc8f5de0bf819b7684094953e |
|
05-Mar-2016 |
Jeff Sharkey <jsharkey@google.com> |
Merge "Move more PM calls to ParceledListSlice." into nyc-dev
|
d5896630f6a2f21da107031cab216dc93bdcd851 |
|
05-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Move more PM calls to ParceledListSlice. Since the data returned by these calls can grow unbounded based on various GET flags, we need to switch 'em over. Bug: 27391893 Change-Id: Ie849ca30dbaaa91158da4c83675657715629a0ee
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e1fd7f09d5149055b8ad7bcf24846ecd8d87027a |
|
04-Mar-2016 |
Suprabh Shukla <suprabh@google.com> |
Merge "Not clearing data for a package that is a DO or PO" into nyc-dev
|
0114263a1aff5dea92fdafbec81c1b40093e9aba |
|
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode" into nyc-dev
|
915d5245533c449550b9dae54b71414394ae2d74 |
|
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Merge "isDeviceOwnerProvisioningAllowed implementation to match enforceCanSetDeviceOwnerLocked" into nyc-dev
|
e29cd4724ff41f1cd81c1493f02fb0ba2b2f8197 |
|
02-Mar-2016 |
Victor Chang <vichang@google.com> |
enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode Bug: 27453111 Change-Id: I1acdfecdf4474696e904a6a4df189453be306aa4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5676ae256a15b73d724c38940356be324fc9647a |
|
02-Mar-2016 |
Victor Chang <vichang@google.com> |
isDeviceOwnerProvisioningAllowed implementation to match enforceCanSetDeviceOwnerLocked The main purpose is to fix the security flaw that user can force isDeviceOwnerProvisioningAllowed to return true by setting the device_provisioned without factory reset Check UserSetupComplete instead, as it's cached by DPMS if it's ever set to true Refactor common code of isDeviceOwnerProvisioningAllowed and enforceCanSetDeviceOwnerLocked The functionality of enforceCanSetDeviceOwnerLocked should be exactly the same. DPM Unit Test all pass Bug:27403225 Change-Id: I32dae8e222e01e08664abb313ead3a92d4186658
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d04525214b9a999339cd553a22b95b52debecde5 |
|
02-Mar-2016 |
Suprabh Shukla <suprabh@google.com> |
Not clearing data for a package that is a DO or PO Added a check inside PackageManagerService to make sure data for a package with a DO or PO for the running user is not cleared. Currently, the 'pm clear' command goes through without any such checks. Bug: b/27243904 Change-Id: I87d4ad2db031f47946f34627a5ee465ef144f85e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ba24409033241e680d111e7dea6501e760d972c5 |
|
25-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Rework of remote bugreports UX New notifications, that open dialogs. Bug: 26226230 Change-Id: I50f9ab23b6c6d03892889d9081cabb0a3d858f91
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8bbace3afcae7ca614fd8c8d86c4d48d47ded392 |
|
03-Mar-2016 |
Ricky Wai <rickywai@google.com> |
Merge "Fix clearDeviceOwner() not working in split-user mode" into nyc-dev
|
e9aa6ec1cf57d20aaf4da5d90a78f891a8f0ca5b |
|
29-Feb-2016 |
Tony Mak <tonymak@google.com> |
Fix setBluetoothContactSharingDisabled does not persist The default value of bluetotoh contact sharing is true. So we should save when it is false. Bug: 27410265 Change-Id: Icaf4ceeda09eca46d160acfecc53834819b66a18
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
45eb8bd9b9ab81273e23d64adb806542900bca02 |
|
25-Feb-2016 |
Ricky Wai <rickywai@google.com> |
Fix clearDeviceOwner() not working in split-user mode Bug: 25906481 Change-Id: Iefe004b4bac7a7fc79c613e61a42f916fce7230e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a4fae1545ae38f61385e45e8f635994f447efca5 |
|
24-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Support safe mode properly." into nyc-dev
|
889c0880661bda16e3759995e03766ddf0350732 |
|
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Support safe mode properly. In safe mode, IPM.queryXxx() doesn't work. Use IPM.getReceiverInfo() directly instead. Bug 27108276 Change-Id: Ice8f882559b8f0596a19ddb3a16395a4dc538a25
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
155a280e18200aeaa0e7d5e31d6b8b0115c58e42 |
|
24-Feb-2016 |
Robin Lee <rgl@google.com> |
Merge "DPM: installKeyPair variant: caller can self-grant" into nyc-dev
|
ce3399fbb46972d223b0cd154eaea3b68a16e051 |
|
24-Feb-2016 |
Robin Lee <rgl@google.com> |
DPM: installKeyPair variant: caller can self-grant If 'requestAccess' is true, the caller (either profile/device owner or a designated certificate installer) will be granted usage of the keypair on successful installation. This has no security implications for a profile/device owner which would already be able to self-grant. Delegated certificate installers did not have this ability before. This is only allowed at install-time- not afterward. Bug: 24746231 Change-Id: Ia0ec290bb0bcde1d8137c188e2667cb7718dbfd7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
515a6c7030f73aeb812b13e7073e814dcd35c297 |
|
24-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Merge "Throw UnsupportedOperationException when creating ephemeral user on a system without split system user." into nyc-dev
|
a0ea967d111b9f8e01ebbb1ac8d393270e1788b6 |
|
19-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Removing lock contention in SecurityLogMonitor After being interrupted the monitor thread tried to acquire a lock that is held by interrupting thread, resulting in timeouting on join(). Bug: 27061904 Change-Id: Ifbd578d5f5a266083b207fedd8ebb6d26ab08c31
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3dfe7f655d3707c0b89746ca8834a155de4e5e31 |
|
23-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Throw UnsupportedOperationException when creating ephemeral user on a system without split system user. BUG: 27143201 Change-Id: I7b7e634ba7fce576dd72a416e802c80939f05d3e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
27ee33482a2fdecbbbedbd33a137ceae3e93fa2a |
|
08-Feb-2016 |
phweiss <phweiss@google.com> |
Remove deprecated APIs DPM.createUser, createAndInitializeUser They were deprecated in M and slated for removal in N. Bug: 26974903 Change-Id: I7ae4d60bcf226c1e1de42852b378ad1ff71a914b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
024f979dfdae1938afc3c509ea9762c06784cef5 |
|
17-Feb-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Allow ephemeral users on the split-system-user systems only. BUG: 27143201 Change-Id: I37f3ca7366648dbf07df39a7a972857e0ff78a9a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4ab36372fb7f2f8236d9fa308ec508582fc52607 |
|
19-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Clean up on UserManagerService and DPMS" into nyc-dev
|
2a3c3da0fc07ef37abc45cfb0166bdf5f7f202b6 |
|
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Clean up on UserManagerService and DPMS - Avoid the ART warning about 4.1 compatibility - Avoid integer overflow in DPMS Bug 27243525 Bug 27242859 Change-Id: I92af323287e348fbd0eff31e6cf9823be8e41024
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
60949288064460894bdd288f4865cdb180c0e501 |
|
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Fix bugs in user restriction migration Originally I didn't know user-0 could have PO, so I excluded this case from migration. Now we handle it properly. Also make sure only restrictions that can actually be set by each owner moves to the owner restriction. (Because of this, we no longer have to have DISALLOW_WALLPAPER in the exception list, because owners can't set DISALLOW_WALLPAPER.) Bug 27225996 Change-Id: I6ad79d90e6c4400abbb1e4feba6ba59e3b650815
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
aafff2f835ea7c6dd08cadea0d92dfa7288c8e09 |
|
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Ensure DO/PO are also DA." into nyc-dev
|
184db600df42c2b27a2d34deecab57d591434b22 |
|
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Ensure DO/PO are also DA. Bug 24503508 Change-Id: Ib957b84d5bee185501636c406d9aaf4985a79d8d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fc482c30b7a3c2cf7bc14d5c86de758a16f6433d |
|
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "[framework] Don't allow apps on external storage to be active admin" into nyc-dev
|
f34db0a17ee035c165a4e81e9192f73d2455bd1c |
|
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
[framework] Don't allow apps on external storage to be active admin Bug 27149287 Change-Id: I6d959d2e66dc0b19f78e6135fbdcf45ca8551958
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
eb84b1843a3f6805c6109c1d9d023550229a3fc5 |
|
26-Jan-2016 |
Andrei Stingaceanu <stg@google.com> |
Suspend packages - one call for multiple packages Refactor setPackageSuspended into setPackagesSuspended. The rationale is that the consumers of this API are likely to want to remove multiple packages at once. Rather than calling the API N times, call it just once. The good part is that we already have the broadcast intent for suspended packages take an array so only one broadcast. Less stress on the system. Another good part is that (right now) we only have one consumer of this API and it will be easy to make changes once this CL goes in. As a shell command, for consistency only allowed one package at a time. Bug: 22776761 Change-Id: Ic8b8cf64d0a288ea3a282bb7b72f9d663b3b0049
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5ae4e73ef0747c2d08a901f1a76d8fb8ee64a53a |
|
17-Feb-2016 |
Andrei Stingaceanu <stg@google.com> |
Merge "Suspend packages - new API for retrieving the suspended status" into nyc-dev
|
910a367cbf36bd1f8d93416b9379224c76371dc8 |
|
17-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Remote bugreport notifications rework" into nyc-dev
|
dafec11e698daf054730cfb04db64f3e31a0c9ff |
|
16-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Don't allow deactivating DAs when the user is not unlocked" into nyc-dev
|
f79c887c5997f4a7735987a524869421a1a3ac2d |
|
16-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Let admin disable fingerprint for the work challenge" into nyc-dev
|
e9377a7d84c23571342ea1c4dc6c12875eaaf3df |
|
15-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Remote bugreport notifications rework Merging two notifications into one. Bug: 27095707 Change-Id: Ib6582dabb7370f9b3b6e673b19ab43b70c73433a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
355b232d7998cfc9b29d42a0356390e25191bcbd |
|
12-Feb-2016 |
Andrei Stingaceanu <stg@google.com> |
Suspend packages - new API for retrieving the suspended status Instead of always rebuilding the full ApplicationInfo for a package when callers are only interested in the suspended status add a new fast API in Packagemanager (which only checks the suspended user setting for the requested package and returns a boolean) and change the appropriate caller code too. Bug: 26794775 Bug: 22776761 Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
115d2c189a46f535778d9dd0923f703ff2f888fe |
|
16-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Add feature versions for devices and apps. We're starting to see more instances of device features that will increment separately from the SDK API level, such as camera HAL, GPU capabilities, Bluetooth, and other hardware standards. This change adds the ability for device features to specify a version, which is defined to be backwards compatible. That is, apps requesting an older version of a feature must continue working on devices with a newer version of that same feature. When a version is undefined, we assume the default version "0". Bug: 27162500 Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
eff90bd5ff6bd50325149a5010183277bd76f4c6 |
|
15-Feb-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Allow privileged apps to set the organization color." into nyc-dev
|
1a5ee776ee51ae6fba30c8f3b33e26eb7f9dedc6 |
|
13-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Don't allow deactivating DAs when the user is not unlocked Bug 27149570 Change-Id: I772d9cbd6edc822c8f7b1988905b702e05e674cd
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
29b13190cd57bd823eb803f6fca03f671a32a5fe |
|
12-Feb-2016 |
Clara Bayarri <clarabayarri@google.com> |
Merge "Add support for current failed lock attempts and max attempts" into nyc-dev
|
51e41ad887a2e30a1366f0a3b4750f0204912b8e |
|
11-Feb-2016 |
Clara Bayarri <clarabayarri@google.com> |
Add support for current failed lock attempts and max attempts This is needed from Settings to show a message informing the user of the number of attempts before their work profile gets wiped when using ConfirmDeviceCredentials. Bug: 26677759 Change-Id: I4b16f7dc2f415d0ce0215a3b7a646f98fabece33
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d6c90a88831af5c8d3a3587173873031cf6f5d7f |
|
12-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix testApplicationRestrictionsManagingApp unit test" into nyc-dev
|
8f7698aaf630787693ec7edb4779a27fdd2b888b |
|
11-Feb-2016 |
Nicolas Prevot <nprevot@google.com> |
Allow privileged apps to set the organization color. BUG:26923835 Change-Id: I97b0cbbc0d4fb9e9ca0e3d335a9d15eb5a1f9602
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5f05cf96127ee1acb6d80efdc0a87fad2a9daa02 |
|
11-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "If package has no active admins, just uninstall right away" into nyc-dev
|
641ea634eeebc52b7bdc825b32dc22881d63ae30 |
|
11-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
Merge "DPMS shouldn't remove admins that aren't crypto aware." into nyc-dev
|
44fc4aeb1f3a6fcc6c1b8532530cb0589b2815c4 |
|
11-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
DPMS shouldn't remove admins that aren't crypto aware. DevicePolicyManagerService checks admins on boot and removes ones that aren't found so it needs to match crypto and non-crypto admins. Match non-crypto aware apps when admin is enabling system apps. Bug: 27126412 Change-Id: Ibb20841679fb660de281782964b068d5a13b8fe9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ed1928a981cbff9a67b5c1786ded8cbdf848056b |
|
11-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Fix testApplicationRestrictionsManagingApp unit test The API now requires the app restriction manager app to exist on the current user when it is called. Change-Id: I809816d4f5d73378c23b18d7b74ebb282b7dc444
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
09f856805902078931aa5de006bc5e2c5403dfa6 |
|
11-Feb-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "DPM.createAndManageUser should work even with DISALLOW_ADD_USER set" into nyc-dev
|
2547071ff8d83dc51c915a56202081ca3a100b23 |
|
11-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Let admin disable fingerprint for the work challenge Also, reworked the logic a bit: * Admins can only set flags that affect the parent on the parent DPM instance (i.e. no unredacted notifications) * Admins can set flags not supported on the work challenge on the regular DPM instance. If there is a work challenge, they will have no effect (as managed profile policies don't affect the regular lockscreen if there is a work challenge). If there is no work challenge, they'll affect the parent profile. Bug: 26891832 Change-Id: I8978e1aa6abe9c8dc07e030dfd069b5f4e1301f6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e9c440638e27a123a82feb5e4677ce1242785288 |
|
10-Feb-2016 |
phweiss <phweiss@google.com> |
DPM.createAndManageUser should work even with DISALLOW_ADD_USER set For this, the DPM calls a new function UserManagerInternal.createUserEvenWhenDisallowed() instead of UserManager.createUser(). This calls UserManagerService.createUserInternalUnchecked(). Also, only the system user is allowed to call this method, otherwise a security exception is thrown. Bug: 26952210 Bug: 26786199 Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ed5c8f0216bf97e896936e2a2e24fc3fb18303a1 |
|
09-Feb-2016 |
Michal Karpinski <mkarpinski@google.com> |
Log strength of auth method used into security log As approved by Android Security team, added logging of strength of auth method as well as logging of fingerprint keyguard actions. Bug: 26841997 Change-Id: Ic8e3f125f775a7585fe56003f4c6442390edea61
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ed9fa2ca3c9d0ed5f656a6aca459acf6f170660d |
|
11-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
If package has no active admins, just uninstall right away Also fix the bug where removeAdminArtifacts() is called for all active admins on the target user. Bug 27107878 Change-Id: I6edbdadffe8c75628539976d304e39d6abed73a4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
338c1d860772edc3101ed4860a149e7f3c5fe493 |
|
10-Feb-2016 |
Suprabh Shukla <suprabh@google.com> |
Merge "Added an api to uninstall a packge with active DAs" into nyc-dev
|
a2ae2238e506d5b092015440792d5a885b7a7b1d |
|
29-Jan-2016 |
Suprabh Shukla <suprabh@google.com> |
Added an api to uninstall a packge with active DAs The api deactivates all the active admins in the package, then force stops the package and starts the uninstall intent for the package. This is intended to provide an easy way for a user to delete a misbehaving Device Admin Bug: b/22359208 cherrypick of Ic7ddd89ef6db53e7e76f805808d9e806100374db Change-Id: I0d677839120c46f22231a7d6f9cf6630cb020227
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
66a320d368e93a03d5aee33eac85807a227c0a3c |
|
10-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Check for null on app restrictions managing app APIs" into nyc-dev
|
f03d0a6bfcff0f36a623b4fad7bd505d94b22e9a |
|
10-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Require delegated cert installer and app restriction manager to exist Enforce that apps with delegated powers to exist on device before empowering them. This is consistent with DevicePolicyManagerService's internal logic to clear the delegation power once the package is removed. For delegated cert installer, only enforce this new restriction on device admins targeting N or later. Bug: 26233778 Change-Id: Ia8f45dfd5290958cebb36991c4b6baa03e8c28ae
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
48e64f20f328a40505f35062f870a7f6e5ab9ff6 |
|
10-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Check for null on app restrictions managing app APIs Change-Id: I3d3cc9b4a4bd6a2526fd0bd7d8662c6b07183208
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e28e5a9d3b3115ec00c1209bec393a397d359a9f |
|
05-Feb-2016 |
Nicolas Prevot <nprevot@google.com> |
Fail if setProfileEnabled is called outside a managed profile. BUG:26709495 Change-Id: I98adf2dab1e7b27fef926144c460af8823fe96e7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
57218cbbf773f389e5e9493623dd3d017e459590 |
|
04-Feb-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Made changes to fix some policy transparency options."
|
569258689a0d28f25cbdf7189038833d45a63a80 |
|
28-Jan-2016 |
Sudheer Shanka <sudheersai@google.com> |
Made changes to fix some policy transparency options. Add isInputMethodPermittedByAdmin and isAccessibilityServicePermittedByAdmin APIs in DevicePolicyManager. And update utility methods in RestrictedLockUtils to use the correct userId when checking if disabled by admin. Bug: 26897250 Bug: 26767564 Bug: 26966213 Change-Id: I0b74b3e57904a82f8ce72d856769d35b5e8403e5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8c41a1c9bc9c61b7b63ce7ab1a6b2f0a099dbf01 |
|
03-Feb-2016 |
Kenny Guy <kennyguy@google.com> |
Match non-crypto aware admins when registering. Profile owners are registered before the user is started and unlocked, so we need to check for components that aren't cryptoware when looking for the admin. Bug: 26924254 Change-Id: I61fca0a3d6e490ca6fea9a7bdc8f2c44efde74f2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a0fddc1ed41a4bb14fc33e5bdbc4de1317dc79b7 |
|
03-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Ignore unknown user restrictions and WTF instead."
|
939be877760f1a3f32c96fbd34eed37a0fcf656c |
|
03-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Slightly change the "pre-N" so it's CTS-friendly. Right now, the value of VERSION_CODES.N is 10000, but I'm writing a caller app with target SDK level 24 for CTS, and the previous logic didn't work for it. Bug 25506830 Change-Id: I73613f30b437fb19406736f897d01d59b1f84c9d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1f1ceef0f88a8c2758d1ec0ed6c1366bac7c9de4 |
|
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Ignore unknown user restrictions and WTF instead. Bug 23902097 Change-Id: I1ac147ecd0286a8eb674d6f9f527edfea6e1198e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
90b896533eb6a8867e7951bbbdbbacd9b520199c |
|
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
DO / PO Shouldn't be removed as active admin... even if they asked. Also clear(Device|Profile)Owner should remove them as the active admin too. Also add some more unit tests. Bug 26858840 Change-Id: I7b3ed92e1b4cbe803381ed6e3f64d8de17b2ebb0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
49caead1c2608f57ac6c260396c6bfd058b921ae |
|
02-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Call SecurityLog methods via Injector This is to make sure the unit test can mock them out. Bug: 26911599 Change-Id: I07a1a8b43ad5716a4b667bc5266b3b03997268c5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fe13c5fbe11a6ee004d1b4e6b27a44fafbe22bd4 |
|
02-Feb-2016 |
Victor Chang <vichang@google.com> |
Merge "Fix that can't launch managed QuickContact in ContactSearch"
|
d38308e4d0599836f9c5446ba9d6edbc0713c428 |
|
02-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix DPM unit tests"
|
3f3657a61b54d495bf2e692289eb92a48fe5a0b2 |
|
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests Bug 26911599 Change-Id: I874c9cd4f63c79bc984777ef3b1b654a414c4911
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
70b1751d14610c18439c5d0c4a8dce704eb819a8 |
|
01-Feb-2016 |
Victor Chang <vichang@google.com> |
Fix that can't launch managed QuickContact in ContactSearch It happens when caller id is disabled but contacts search is enabled BUG=26740020 Change-Id: I4ca79c82ed27f6f1da514b31d8d89fc71fd243fb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b4ec8aaaba6ee5f564875741217bdfaf53a10d5f |
|
01-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Revert "Throw for unknown user restrictions.""
|
2ec157d928b7804367091ee6c146b196ac6841e2 |
|
01-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Revert "Throw for unknown user restrictions." This reverts commit 3861bf7e73fab9e39e8d1f6e5194f3600ed929a0. Bug 26896902 Change-Id: I26fa0159b5bb832048ccd013054a01f91b54947b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c3cd05f8a45ab789aae1cb553df86f94667d595a |
|
11-Jan-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager APIs for process logging. Add Device Owner APIs for controlling and retrieving the logs. Retrieving the logs should be rate limited unless we are at the risk of losing logs due to constrained buffer space. Bug: 22860162 Change-Id: I80658f5a14e86d7cfd42402fbc5e98dc11698c0e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f3bc593a627b67425b3b103ff148cf1f3da0fd29 |
|
29-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Throw for unknown user restrictions."
|
3861bf7e73fab9e39e8d1f6e5194f3600ed929a0 |
|
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Throw for unknown user restrictions. Bug 23902097 Change-Id: I78a4b09db880134577d690be0c50ee9a64e6a309
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dd231a16a1152beacdece7d32a9b85803e0cdb67 |
|
29-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Merge "Add policy to set the organization name"
|
3e8a7090642d58dcd435121650a243dca262c96a |
|
25-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Add policy to set the organization name We allow the profile owner of a managed profile to set the name of the managed organization. This name is used as the default header message shown in the confirm credentials screen a.k.a. work challenge. Bug: 26638631 Change-Id: I03c5acc9fffe06cdb9d0d60dd1580b20e21783b1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d4efab1173a55618e307f3cef078efa727270955 |
|
28-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Fix exception when calling setPasswordExpirationTimeout"
|
d07438f300a0321bde09b3fffafa6ffd8771269b |
|
28-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Fix exception when calling setPasswordExpirationTimeout Prevent exception when calling setPasswordExpirationTimeout on the parent DPM instance. Callen setExpirationAlarmCheckLocked with the parent userHandle was breaking because getPasswordExpirationLocked was trying to call getProfiles on a different user. Bug: 26847085 Change-Id: I9d584573245aba65af7ecf236f2021b47afb5d7e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bc0ce990435fe02a356b3e43272f692709f633ed |
|
28-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "Logging of keyguard actions into security log"
|
31502d3d95610930b56bb7931dbd57a997f9ce8f |
|
25-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Logging of keyguard actions into security log Bug: 22860162 Change-Id: I7dbe68fff7d9d45b6c417d960cf025c8d0694917
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ca3f6fae604880db14c3f3eb5bc8908c339be0a8 |
|
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Fix exception message Change-Id: I6fe4b8b745414ed589337079e2893d87dadb34f5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1244ece2e345aea5a64c15c87b107c01dca3f9c9 |
|
27-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Make DPM.clearProfileOwner() public."
|
5bf68027cf502c2835ad258aec05544958fcd354 |
|
27-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Make DPM.clearProfileOwner() public. Bug 26827204 Change-Id: Ib32e5370b493aa3e36b869d9ed3d78782df4c895
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f348e8e22bed4b56fdb0c02702d12b36467dedd7 |
|
07-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Add policy for enforcing that all users are ephemeral. BUG: 24883058 Change-Id: I8e53ca677c935a6c828dd6ece00b345d0eff182a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a269c5d584a572d91a0640bb8f8f58885ff9d71b |
|
27-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Merge "Add a flag for creating an ephemeral user with DevicePolicyManager#createAndManageUser."
|
c8202c8d1d7c9bc2ee44cec538dc7fa4f95f960f |
|
26-Jan-2016 |
Lenka Trochtova <ltrochtova@google.com> |
Add a flag for creating an ephemeral user with DevicePolicyManager#createAndManageUser. BUG: 24883058 Change-Id: I225ee6f1f6692663349040676e7a6c742b3ede79
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d7693917a7c7348cb12692116d2693314c29e809 |
|
22-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Check if the profile password would comply as the device lock Bug: 26801330 Change-Id: Ide31464dd0292ca97b03abe08cdde5b41d517b66
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
697815eddb0139e6d4284b72f9393cf46c6e544b |
|
26-Jan-2016 |
Victor Chang <vichang@google.com> |
Merge "Launch managed quick contacts without contact id"
|
44a18081546345a0655748717862a89ae6dd7948 |
|
26-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Merge "Add explicit and persistent user provisioning state."
|
a92e1216ca3af5d03e17734b6b990be5116d07a9 |
|
25-Jan-2016 |
phweiss <phweiss@google.com> |
Make API createAndManageUser public Remove @hide, and add parameter for specifying profile owner. The PO has to live in the same package as the device owner. Bug: 25288732 Bug: 25860170 Change-Id: I40e8984a71ee9d1ff74e57d4e79e298deef9bc35
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
97bdacc6d124f08a3f1c362fc35a5eed16af9880 |
|
21-Jan-2016 |
Victor Chang <vichang@google.com> |
Launch managed quick contacts without contact id set contact id to enterprise base contact id if it's enterprise uri BUG=26176780 Change-Id: Ie1160bef22d44c90eb4015783fafdafd160bcdd8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ab83fd5739bf475c07e8e7ff140489cdcdcb73be |
|
25-Jan-2016 |
Robin Lee <rgl@google.com> |
Merge "DPMS organisation API - Add a missing checkNotNull"
|
5f09616e6bb793e789167e3281478b13413d0932 |
|
25-Jan-2016 |
Philipp Weiß <phweiss@google.com> |
Merge "Add new API function createAndManageUser"
|
d48788c1011893fbe13c5f64db906f140a66dd0b |
|
25-Jan-2016 |
Robin Lee <rgl@google.com> |
DPMS organisation API - Add a missing checkNotNull Corrects a failing test. Change-Id: I6be8a23caef53d1e9681733e5b340237952bd3e5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
afad8783699b1ba6f3c7ee5961d6ddc2bd771dc1 |
|
19-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Add explicit and persistent user provisioning state. Add explicit modelling of provisioning state so that integration of management provisioning flows with packages such as setup-wizard are cleaner, and can be more direct. Previously we relied upon USER_SETUP_COMPLETE secure setting and HOME intents to signal intent, but this is not very clear and can be fragile. Bug: 25858670 Change-Id: Idc56a040f710c3aee281db420f21717da3960722
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
343fb33a9be819bbf33eae2c3f93bc44b3477ecd |
|
25-Jan-2016 |
phweiss <phweiss@google.com> |
Add new API function createAndManageUser This is a reduced version of the (deprecated) function createAndInitializeUser, that allows the device owner to create a new user and pass a bundle with information for initialization. The new version of the function has the same functionality, but the profile owner of the new user is always the device owner. A flag can be specified to skip the setup wizard for the new user. The new user is not started in the background, as opposed to how createAndInitializeUser did it. Instead, the bundle with initialization information is stored and will be broadcast when the user is started for the first time. Bug: 25288732, 25860170 Change-Id: I4e1aea6d2b7821b412c131e88454dff5934192aa
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fe434a15d6bde9299b51dc284b336944e5cf8a1c |
|
25-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Add additional APIs supported work on the parent DPM instance"
|
4c052f237a108457fca3d3864c5654ebd4505111 |
|
25-Jan-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Implement user affiliation A user/profile is considered affiliated if it is managed by the same entity as the device. This is determined by having the device owner and profile owners specify a set of opaque affiliation ids each. If the sets intersect, they must have come from the same source, which means that the device owner and profile owner are controlled by the same entity. BUG=25599229 Change-Id: I393fe0de70272307ed3c811aaba4b48a5109c562
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
623999185029a2c5baf29efe4ebdcbcdebcca294 |
|
11-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Add additional APIs supported work on the parent DPM instance Bug: 22543972 Change-Id: I05061e34d120c64d5c49ca6b7b4014d7dadb68f4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
947f3557a5917617a6a738e3e2c4a2f055601270 |
|
22-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Merge "Add profile policy to set work challenge background color"
|
59720bb2a67dae70cd2e46a9f611d66e4a3f7221 |
|
18-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Add profile policy to set work challenge background color Adding a policy for profile owners to set the background color of the confirm credential screen for the managed profile. Bug: 26638631 Change-Id: Iea36b94c5a42b6ae12cc36921ec5f840306e81a1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b7cc096fd49e99c01a9e963a895f6d26d685e474 |
|
21-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Merge "Added restriction if a user is allowed to change the icon. BUG: 25305966"
|
7f1f1dfc8713fbecbab60cfbe14ab4d97d27deee |
|
18-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Added restriction if a user is allowed to change the icon. BUG: 25305966 Change-Id: I3d527224f00087b2bd959879ebb143e2ecb9c914
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0fdcd3df83b4af1e6cd89246b5f38401d8062148 |
|
13-Jan-2016 |
Oleksandr Peletskyi <peletskyi@google.com> |
Added new password quality constant PASSWORD_QUALITY_MANAGED to make it possible to prevent user from unlock modification. BUG: 25549437 Change-Id: Iae9adccbb8f9e1db8a21d596137f69f6cad54988
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a8c8851caa0d1d44eccfcae2e01a2b6e7235d290 |
|
18-Jan-2016 |
Michal Karpinski <mkarpinski@google.com> |
Merge "DPM changes to support remote bugreports"
|
206747d9f60a0f554aac71c9da9ccfe1a6582c80 |
|
15-Jan-2016 |
Clara Bayarri <clarabayarri@google.com> |
Fix Device policy crashes after adding the account while checking isActivePasswordSufficient The calls to LockPatternUtils#isSeparateProfileChallengeEnabled require MANAGE_USERS permission, wrapped them in a clear identity Bug: 26565169 Change-Id: I4a18cec3ae7beb13320350d4c3fdc63e4a7d741d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b68d2d5b68dc58fb7b75ce94af74de58a1b9d3f9 |
|
14-Jan-2016 |
Robin Lee <rgl@google.com> |
Merge "Always-on app VPNs"
|
3fc437e89b018f258a3dee1a83014555aa156dc4 |
|
15-Dec-2015 |
Michal Karpinski <mkarpinski@google.com> |
DPM changes to support remote bugreports Bug: 22860136 Change-Id: If984318e421f511d9b0fc7138aacd36d5334698f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a1771110d67fa7361f92d92f2e91019882ce3305 |
|
18-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create Work Challenge per-user condition Change the current static condition to a per-user condition so we can check and enable/disable the work challenge properly. Also add an isAllowed API, as the Work Challenge can only be used when the user's DPC targets N or above to maintain backwards compatibility. Change-Id: I0cb8b475838816801868ffb24726407aa257b4de
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
244ce8ef5f201cf403bab43df8281671a9e94512 |
|
05-Jan-2016 |
Robin Lee <rgl@google.com> |
Always-on app VPNs Bug: 22547950 Change-Id: I46b204170bfac58d944f39b22f815b080de71a58
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c754dffe1980cb6c3be96fb258b046dfcdf82353 |
|
12-Jan-2016 |
Victor Chang <vichang@google.com> |
Merge "Create a new device policy for controlling work contacts search"
|
1060c61866d57bd82cc474447205471c15e0d901 |
|
04-Jan-2016 |
Victor Chang <vichang@google.com> |
Create a new device policy for controlling work contacts search BUG=25981902 Change-Id: I5cea59d7d09bf54051ae0e56e824e4d3a08a49e7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3e826effedc89e326114a7abcbdd4ac7b3e125c0 |
|
14-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create parent APIs in DevicePolicyManager This change creates the infrastructure for a parent DPM and implements the actual parent APIs for - set/getPasswordQuality - isActivePasswordSufficient This is part of the Separate Work Challenge Change-Id: I0477051b3162cbb26aac79467da08932f22fd1b7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
51f3908c6a788f82d8188762c0680594a54b17ae |
|
06-Jan-2016 |
Jeff Sharkey <jsharkey@google.com> |
Merge "Consistent naming for PackageManager methods."
|
e06b4d1d9f718b9fe02980fea794a36831a16db2 |
|
06-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for PackageManager methods. When hidden PackageManager methods take a userId argument, they should be named explicitly with the "AsUser" suffix. This fixes several lagging examples so that we can pave the way to safely start passing flags to new methods without scary overloading. Also fix spacing issues in various logging statements. Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
06de4e77c20be239384262b1508f0cf53bedb145 |
|
22-Dec-2015 |
Kenny Guy <kennyguy@google.com> |
Add support message for device admins Allow admins to set a long and short support message for settings to display. Bug: 25659579 Change-Id: Ib645490785642e49c69d8dbc65455eb3398547ee
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
137241c714734d5559b3a3b3bd1d5c900ca7a879 |
|
30-Dec-2015 |
Sudheer Shanka <sudheersai@google.com> |
Update an error message. Change-Id: Ifc32120ccccd14e8e821770995de91008ed518d7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f3378a29e9c270f1cbfebb126de6f14355ccba08 |
|
17-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Merge "Device or profile owner can let another app manage app restrictions"
|
699d537d1b7410268c639653e66746398101ff81 |
|
17-Dec-2015 |
Mahaver Chopra <mahaver@google.com> |
Merge "Adding DPM.reboot"
|
bf60f728cc7ed326fb8978afd9f589a685bb87b7 |
|
10-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Device or profile owner can let another app manage app restrictions The device or profile owner can allow another package to set app restrictions for any app in that user Similar to the way it can give permission to access CA certificate related APIs from M. Bug: 22541936 Change-Id: I0c1b0804ad300dfa4fbdc1c7721c5d8653d77861
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1e2839188fb49575b86646d3aadb355c81ef9cc5 |
|
26-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Wire call to suspend a package Adds APIs in DevicePolicyManager and PackageManager for allowing a device admin to suspend a package. PackageManagerService sets or unsets a new PackageUserState 'suspended' setting. Terminal command to suspend/unsuspend has been added via PackageManagerShellCommand (as root). Next steps: * use the new 'suspended' setting for denying access to start app (probably in ActivityStackSupervisor) * broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up * remove app from recents (go further and kill it if it is running) * erase existing notifications for this app Bug: 22776576 Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1ce53bc571563d8bf448a81a38da342ed5413ee4 |
|
14-Dec-2015 |
Mahaver Chopra <mahaver@google.com> |
Adding DPM.reboot Adding new policy in DPM to trigger reboot on the device. Requirement: Device owner can reboot the device if it is stuck or is not useable due to some unresponsive UI. Bug: 25304994 Change-Id: I7a6d5c8ad611de9c1cf6619378e492a306b41626
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5b9f167a8e7395ca54fc0ef78af4523858de87a7 |
|
11-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Only system can set application restrictions via UserManager Preventing apps with MANAGE_USERS from managing application restrictions via UserManager. Application restrictions should only be set via DevicePolicyManager.setApplicationRestrictions, or via Settings (for restricted profiles). Bug: 22541936 Change-Id: Ieed51ef54b4c23a73f383465e9af9b3bcf18a514
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
055d8396ef6b99f9dcd639e98cce6029fca1c145 |
|
11-Dec-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Allow PO to set DO restrictions if it's on user 0"
|
5485ed46ff337769589c6e06b3469246e60b9e3b |
|
09-Dec-2015 |
Makoto Onuki <omakoto@google.com> |
Allow PO to set DO restrictions if it's on user 0 Bug 26091525 Change-Id: Ie6d2cd4ade076d8d2ec47243ff1280b95b7c9044
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
55c46f291dda5012e7ed0548653d7b8ca7a424e2 |
|
25-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Clean up DPM/DPMS to reduce code size. Change-Id: Id6c1666ef4cdba795e3b6e4ddcb9c32e6ee90665
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fbc65644b9bda216699f5f1f883d6dfa2668e545 |
|
03-Aug-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy API to remove an installed KeyPair The keypair is specified by alias and removed via a call to the KeyChainService, which will have installed the pair in the first place. Bug: 22541933 Change-Id: I37317e7c22e89816156e6e9a7abf4c5a59e8440a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ee3a437464026219ceec03c633e61b55e2f12a1d |
|
19-Nov-2015 |
Robin Lee <rgl@google.com> |
Send pwchange broadcast to caller only in FBE case When per-user encryption is set up and we change the password of a profile, the parent and other profiles shouldn't receive an ACTION_PASSWORD_CHANGED as they have their own distinct passwords. Change-Id: I70d4ec81277a9bdc3ac6cd952b84cd769a2800b4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
10ad84a17d7248488c1653bacc9f20d3a7193999 |
|
01-Dec-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create a separate Work Challenge check This allows us to tell lock checks from FBE checks separately, and will be useful when dealing with password unification. Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
29fcf1b1dbb7740836eb78e06d3ef4fc5769623d |
|
26-Nov-2015 |
Clara Bayarri <clarabayarri@google.com> |
Apply Admin password restrictions to work profile When the Work Challenge is in place, re-route the enforcing of Admin policies on the password to the work profile. The Admin should not be allowed to dictate policies on the device lock in this case. This is part of the Separate Work Challenge feature. Change-Id: I757973e540797b5fb10bea7a2fd1925561655bc9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
968dea0969c6aec651b91845e8d63462c5f20609 |
|
03-Dec-2015 |
Robin Lee <rgl@google.com> |
DPMS: Replace ArrayList<>(1) with SingletonList Change-Id: I78f8230d959f17c3aa2f248122973a8cd5c96693
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
574f038a571ec9e1fd26db35a187b2f06b7484fd |
|
02-Dec-2015 |
Robin Lee <rgl@google.com> |
Resolve merge conflicts of 5ec51457e1 to master. Change-Id: I70c12ad663c3b4d3b5e3b8f40bc659cb94d82c14
|
9c165d76010d9f79f5cd71978742a335b6b8d1b4 |
|
02-Dec-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add optional permission review for legacy apps - framework For some markets we have to allow the user to review permissions for legacy apps at runtime despite them not supporting the new permission model. This is achieved by showing a review UI before launching any app component. If an update is installed the user should see a permission review UI for the newly requested permissions. To allow distinguishing which permissions need a review we set a special flag in the permission flags that a review is required. This flag is set if a runtime permission is granted to a legacy app and the system does not launch any app components until this flag is cleared. Since install permissions are shared across all users the dangerous permissions for legacy apps in review mode are represented as always granted runtime permissions since the reivew requirement is on a per user basis. Whether the build supports permission review for legacy apps is determined by a build constant allowing us to compile away the unnecessary code for markets that do not require a permissions review. If an app launches an activity in another app that has some permissions needing review, we launch the permissions review UI and pass it a pending intent to launch the activity after the review is completed. If an app sends a broadcast to another app that has some permissions needing review, we do not deliver the broadcast and if the sending app is in the foreground plus the broadcast is explicit (has a component) we launch the review UI giving it a pending intent to send the broadcast after the review is completed. If an app starts a service in another app that has some permissions needing review, we do not start the service and if the calling app is in the foreground we launch the review UI and pass it a pending intent to start the service after the review is completed. If an app binds to a service in another app that has some permissions needing review, we schedule the binding but do not spin the target service's process and we launch the review UI and pass it a callback to invoke after the review is completed which spins the service process and completes the binding. If an app requests a content provider in another app that has some permissions needing review we do not return the provider and if the calling app is in the foreground we show the review UI. Change-Id: I550f5ff6cadc46a98a1d1a7b8415eca551203acf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
28860b7570d2b3e7bc6a136a7bb7312e5aaf6e61 |
|
26-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Fix for being able to setup Managed User from system user. Also move feature flag check to ensure it is used in all cases. Change-Id: If42787c5bc9ab824449c70f90fb827cf2da7507f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
777ef95ebf18c61ff09e7567a06058d351c530ca |
|
26-Nov-2015 |
Yohei Yukawa <yukawa@google.com> |
Use Context.getSystemService(Class<T>) for InputMethodManager. This is a mechanical replacement of Context.getSystemService(String) with Context.getSystemService(Class<T>) when retrieving InputMethodManager. Note those are bundled code. Hence we don't need to make sure Build.VERSION.SDK_INT >= 23. Change-Id: Icc64942ad8f11e44bf84f8d4fe476b2fdd1257f3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e7927da1b6dc4f96714aa9bc4fbb71b3659f8cea |
|
25-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Don't call DPM from UserManager to avoid lock inversion - Also make sure DPMS.mOwners is always guarded with DPMS.this. (and remove synchronization from Owners.) Bug 25796840 Change-Id: I83f7b78e7b437d9c2a2b1d6e714346cd15f95330
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3ab6f2e219c167fd35f16b6cf233ae6a39d9de02 |
|
05-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DA receiver should be protected with BIND_DEVICE_ADMIN. - DPM.setActiveAdmin() will not accept DAs without BIND_DEVICE_ADMIN when it's targeting NYC or above. - DAs without BIND_DEVICE_ADMIN targeting MNC or below will still be accepted. (with a logcat warning) - DAs that are already set on a device without BIND_DEVICE_ADMIN will still be accepted regardless of the target API level, even when it's upgraded to a version targeting NYC. Bug 24168653 Change-Id: I1914c2ec99135d9dd8cbac3f6914f9e43bafacc8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a31ebbc439364a4993e79fd385cf6373408a42fe |
|
24-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Add DO API to get wifi mac address Bug 25496044 Change-Id: Ib1f0ce4ca10951edcfaa0aa79ae5c2d142a74599
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c8a5a555f1482d0f45b538eb898d6ee7e26552a6 |
|
19-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user - Previously on MNC, they would return the same result regardless who the calling user is. - Now they properly take DO user-id into account. Meaning, they'll always return false and null respectively, if the calling user doesn't run device owner. - Note isDeviceOwnerApp() is a public API and getDeviceOwner() is a system API. Meaning we're changing the behavior or non-private APIs. - Also cleaned up hidden APIs, and gave them explicit suffixes to avoid confusion. Bundled code should prefer them for clarity. Now we have: * APIs that work cross-users: They all require MANAGE_USERS. boolean isDeviceOwnerAppOnAnyUser(String packageName) ComponentName getDeviceOwnerComponentOnAnyUser() int getDeviceOwnerUserId() boolean isDeviceOwnedByDeviceOwner() String getDeviceOwnerNameOnAnyUser() * APIs that work within user. No permissions are required. boolean isDeviceOwnerAppOnCallingUser(String packageName) ComponentName getDeviceOwnerComponentOnCallingUser() Bug 24676413 Change-Id: I751a907c7aaf7b019335d67065d183236effaa80
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
15a46b07c5734b14df60ea28ab7a7cd26df2fc17 |
|
11-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Add method isManagedProfile and isSystemOnlyUser Adding method isManagedProfile() and isSystemOnlyUser() for DPC to know if running in a managed profile or system only user Bug: 24464823 Change-Id: I79974fdfd60d2bfe52dee3b4c95becf47a5bf0b1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
42490c074dc8ff568d0459ed0f9247d55ad95c2f |
|
23-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Remove UserManager.setSystemControlledUserRestriction()"
|
ac65e1e1dba1cf0ea237a389220ec818ade07a16 |
|
21-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Remove UserManager.setSystemControlledUserRestriction() Now that we don't have UM.setUserRestriction*s*() that could remove all existing restrictions, there's almost no point handling DISALLOW_RECORD_AUDIO differently. Now DISALLOW_RECORD_AUDIO is handled just like other restrictions, except we don't persist it. Bug 24954662 Change-Id: I27875b4a74dd95a3ce6bb774081eeaf718eaec15
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
883f12ac5ac818e678af46b64a3f6e97b51caabe |
|
23-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Merge "Revert "Disable multiple user for corp-liable mode""
|
86e5d6b868aec6fa4d3070f36d458798968c85f9 |
|
23-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Revert "Disable multiple user for corp-liable mode" This reverts commit 1dc510eb5bc7f279002a3479f24761f08cc390f7. Change-Id: I12ea8275369cbdc4e95b21c7f5d51b4f0e5da7b2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9aa233899f7cf5c1cdf4181412a9e197d83ab1a3 |
|
23-Nov-2015 |
Ricky Wai <rickywai@google.com> |
Merge "Add work contacts directory support in Quick Contacts API"
|
494b95d30266335044a854845219b6e34cf43edb |
|
20-Nov-2015 |
Ricky Wai <rickywai@google.com> |
Add work contacts directory support in Quick Contacts API Bug: 25764505 Change-Id: I61f9d13ea03352e3df1686ee4b3bcc43e9a9a760
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
71c84e515e73f6a3cb30d68fc81f88e1bd02b5e3 |
|
23-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Merge "Disable multiple user for corp-liable mode"
|
09b108e2bb6b585947249eda92c047d0b582e8a0 |
|
21-Nov-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added keep-uninstalled-packages DO policy"
|
cb6fd80721253ffa9dcab5cf8c2f4e9b9cd17ccc |
|
05-Nov-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Added keep-uninstalled-packages DO policy This policy allows DO to specify a list of apps to cache even without being installed on any user. Bug: 23938464 Change-Id: I2eeab7f148409739fc23a5c44e955ad12b63fd04
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1dc510eb5bc7f279002a3479f24761f08cc390f7 |
|
19-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Disable multiple user for corp-liable mode Bug: 25443050 Change-Id: Iad34e7ad0d3679626880f905f9bab9b6c2a192ed
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d7b43dd4bb315d9456f6eb74097d60a806b2db70 |
|
20-Nov-2015 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Add per-user version of DevicePolicyManager.getUserRestrictions."
|
1fae502824dfb77a109fedd80dad61fe094d8284 |
|
19-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "More work on layered user restrictions."
|
1a2cd74526113b45d9108b6997609122c4311fb1 |
|
16-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
More work on layered user restrictions. - Now when DO/PO sets a user restriction, DPMS pushes it to UMS and then UMS persists it, in order for UserManager.hasUserRestriction() to never have to talk with DPMS, which would cause lock inversion. - Also apply user restrictions when a user start. - This is an updated version of the abandoned CL -- the difference is, ActivityManager no longer has to call DPMS. - Also removed an unnecessary write to userlist.xml in UMS. upgradeIfNecessaryLP(). Bug 23902097 Bug 25388912 Bug 25354031 Bug 25641040 Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5145df278bc7b607599e81370a2aecbfe0834c0c |
|
19-Nov-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy: Always send ACTION_PASSWORD_CHANGED The old check looks a lot like an equality check, but it's not valid because two passwords can share the same parameters. For example: '11Aa' and 'Y99z' Are not different according to the old logic. Bug: 25319928 Change-Id: Ia69861d9103670d1fc1dbf0130516e18e85e8de0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ba51235ef5c598d845b77fcf14491329493da34f |
|
13-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
More file-based encryption work. Add new "am unlock-user" command so we can trigger changes from the command line. Move FBE check to static method so it can safely be called early during boot before the mount service is ready. Move FBE emulation to persisted system property, and start reading/writing that value. Change default permission grants to ignore current encryption-aware flags, since many of the target apps aren't crypto aware. Always prepare package data directories, which is how we create the new "user_de" paths during boot. Bug: 22358539 Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a87401054fc6960c4b0ac2d361ddbcf415350b33 |
|
17-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Allow PO to clear password even if the same apk has DA"
|
c2f521a7d8eb40d92ae32f7828f14fb26be63c1a |
|
17-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Allow PO to clear password even if the same apk has DA Bug 25645900 Change-Id: I7d2d9fbf6a4dc65ac63fb14e6ee6b9abc1f1c0e7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1c277a5d8f79ebf8beeb80f67b67512d9217d953 |
|
11-Nov-2015 |
Sudheer Shanka <sudheersai@google.com> |
Add per-user version of DevicePolicyManager.getUserRestrictions. Bug: 25663001 Change-Id: Ic5b34fee7b57670c338f11263330a1c702002edc
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0c9ce28c12c187f44ba0a7cba5fa2b452de0bcee |
|
17-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Fix edge-cases for split-user provisioning cases. Split-user systems will allow for combinations of management modes, specifically managed-{user,profile} on systems with a device-owner. Bug: 25671630 Bug: 25680065 Change-Id: I5716f55eb6c8318129b4614adc22897d53901bee
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
46dd449420c52a8bb30f5bfe839c6043392381a1 |
|
09-Nov-2015 |
Alan Treadway <alantreadway@google.com> |
Add new ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE intent action. Bug: 25462877 Change-Id: I14bcabf993436d9936091aa82fab698eced9e4d6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
70f929eedec10b154170ad66c9d53f18bfc4f613 |
|
11-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Disallow DA to reset password, also fix all DO checks Now pure DA (not PO, not DO) aren't allowed to change the password if one is already set. Also update "isDeviceOwner" check and make sure we always take user-id into account. If one really wishes to check the package name only, then use getgetDeviceOwner() instead. Also change the enforceNotManagedProfile() check to what's more generic in the FBE world. Bug 25645900 Bug 25547523 Bug 25643916 Change-Id: I588ecf9452fe3acc1fb0b4ca0457ad662382fcd2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bfd2290824069b6eaeae4fdfd9a52c60bd73689e |
|
12-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Merge "Introduce APIs in DPM for setting/getting the device owner info"
|
54b5f25b85e4bf4df82cb7450114fb9849f1ae58 |
|
12-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Revert "Do not call into ActivityManager from DPMS within DPMS lock""
|
219bbafc3fa40dae163d652365cc4a97d613011f |
|
12-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Revert "Do not call into ActivityManager from DPMS within DPMS lock" Bug 25567963 This reverts commit 53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd. Change-Id: I4faaa0b4c50d75e208f37b99bc1d6e2f0fff8127
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6644cd9630be363a25af5e1327f41e16ca868556 |
|
10-Nov-2015 |
Andrei Stingaceanu <stg@google.com> |
Introduce APIs in DPM for setting/getting the device owner info This information, if set, will be shown in the lock screen instead of the user owner information and the settings tile will be made readonly (implementation in following CLs). Bug: 22547309 Change-Id: Ic826d8049bc67f5e8fcfa6a91aa2017247c93b11
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
246b5a0993978202b19a7c02d355fddfd9506798 |
|
10-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Do not call into ActivityManager from DPMS within DPMS lock"
|
53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd |
|
07-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Do not call into ActivityManager from DPMS within DPMS lock This will allow AMS to call into DPMS within the AMS lock instead, which will help I1537bd57b34696768ee81a979d53bb396efbc12a. - AM.clearApplicationUserData() will not be allowed for any DA apps. Bug 25567963 Change-Id: I9f0d071c815a011be4f4c85c502c39d0fe0fe5e8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5e73256a48cdb10fc72779ce1644d2e13b6669b7 |
|
05-Nov-2015 |
Mahaver Chopra <mahaver@google.com> |
Add ACTION_PROVISION_MANAGED_USER Adding ACTION_PROVISION_MANAGED_USER to DevicePolicyManager. Bug: 25462684 Change-Id: Ic90c3471f3a9c431d728197a19ab25b9946f090a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d59262667cbcdfedd9b03dccaa26a9a000486350 |
|
09-Nov-2015 |
Nicolas Prévot <nprevot@google.com> |
Merge "Add method to tell the dpc if provisioning is allowed."
|
6d2beef6a819aebed4119ca06cb2369bc56dd214 |
|
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Add DPM.getUserRestrictions()"
|
3a3092fab0ccb631bc70de64f3bbe5c076a1f94b |
|
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Add DPM.getUserRestrictions() This returns per-DO/PO restrictions. Bug 23902097 Change-Id: I225c1b01444fe2f60e5a6674d327182cc9bb15dc
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
86cd001e364d0d0a8253cf4ee14acd13915cbd9a |
|
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and"
|
0953033842333532eaa529c53cbf7a94c79a7a97 |
|
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Do not allow DO and PO running on the same user."
|
803d6757fd23096e437e6fecd51ea6dda918b536 |
|
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Do not allow DO and PO running on the same user. Bug 25346603 Change-Id: Ic5fbed82466a538fbf64ef802fc2624dd67313bb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d45a4a2ecb18701b4cfadcb4a26663f2eab642fe |
|
03-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Have AudioService listen to DISALLOW_UNMUTE_MICROPHONE and ... DISALLOW_ADJUST_VOLUME, instead of UserManager pushing new settings to AudioService. Also: - Allow PO to set these two restrictions. - Now AS.setMasterMuteInternal() respects mUseFixedVolume to make it consistent with readPersistedSettings(). - When a user switches and restores the mute state in AS.readPersistedSettings(), also check the current user restrictions in addition to system settings. Because of the delay in AudioService before persisting the mute settings in setMasterMuteInternal() and setMicrophoneMute(), there's was an edge case DISALLOW_UNMUTE_MICROPHONE and DISALLOW_ADJUST_VOLUME would be ignored when the user switches right after they are set. Bug 24981972 Change-Id: I4d9b709a0a0e6812319204568c6e44d6664bdeb4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
07387fedfafa72bcb68defd801eef82f1f494d7c |
|
30-Oct-2015 |
Nicolas Prevot <nprevot@google.com> |
Add method to tell the dpc if provisioning is allowed. The DPC can use it to tell if provisioning a managed profile or for device owner would work or not. BUG:25338478 Change-Id: I09ea6a9f23a8e88e4ed37c048170b2a68213086e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
965da39942f9a8736f785f7c57a6c351a8c89d6b |
|
28-Oct-2015 |
Clara Bayarri <clarabayarri@google.com> |
Create a File Based Encryption check API Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
82402753815ff4633cc572713ae490a17d9129e5 |
|
28-Oct-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Introduced short-term lock for UMS internal state Added mUsersLock - short-term lock for internal state, when interaction and synchronization with PM is not required. Modifications to mUsers and mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and mUsersLock. While reads can use mUsersLock. Testing revealed that the following methods in UMS often cause contention: - exists - getUserInfo - getProfileParent They all now use a short-term lock mUsersLock for reads. Bug: 24979571 Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4f16073556f7978708fb71c87628cfe1692412d5 |
|
28-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Make UserManager enforce user restrictions, not DPM. - Now even if a user restriction is set via UserManager, it'll be correctly enforced. - Changed the way AudioService enforces the OP_MUTE_MICROPHONE and OP_AUDIO_MASTER_VOLUME app ops -- previously, when they're set, even a muting call would be rejected. This was why DPMS.setUserRestriction() used different calling orders for DISALLOW_UNMUTE_MICROPHONE/DISALLOW_ADJUST_VOLUME depending on setting them or clearing them. Now, even when the app ops are set, we still allow muting calls. Bug 23902097 Bug 24981972 Change-Id: I865b5de43e15f5955f94006475a5ec6254904d31
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
759a763f5f03fda86b96d238faedb870fbee24ec |
|
29-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Allow DO to disable camera device-wise. Bug 24538855 Change-Id: I421690f14ee57fa818d2b233fe48a90a0a575a9e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
068c54a5be697c3df4657dcda33cd17c4b547710 |
|
13-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Layer user restrictions - Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin. - User restrictions set by DO/PO will no longer be saved by UserManger. Instead, when needed, UMS will consult DPMS to build "effective" user restrictions. - UM.getUserRestrictions() will now always return "effective" user restrictions. - DPMS migrates existing user restrictions per the eng spec. - Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has been removed. This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no longer be a valid use like it used to be. - Also introduced a fined-grained lock for user restrictions in UM to avoid deadlock between DPMS and also for better performance. Bug 23902097 Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6655630c962c68e5ca510f4d3249d00e819336f8 |
|
21-Oct-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Clean up UserHandle.isOwner() in frameworks Bug: 24869636 Change-Id: Ibebd7d0762f5375ee93ec101e7ab5578769bd9f6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
07b668e3abbc752028e92759b9b55ecf63fc91c3 |
|
13-Oct-2015 |
Clara Bayarri <clarabayarri@google.com> |
Enable Work Profile passphrase verify/write with FBE When File Based Encryption is present, allow the verify/write of passphrases to be per-user (it used to always bubble up to the parent user assuming it is a per-device passphrase). This is part of the work for the Separate Work Challenge. Change-Id: I5ae6b7b6ed1dd25aed0843d495b6f5f36e01c4eb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a52562ca9a4144cf30e6d5c6ffe856cc8e284464 |
|
02-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
setDeviceOwner() now requires a full component name. Bug 20149907 Change-Id: I24e66159d1d966925aa3a494b1e2839b07cdafa2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a4f119790e32fcce56586e7324d508e35cb30a2a |
|
01-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
First cut of user restriction layering. - Start persisting restrictions set by DO/PO. - Also dump user restrictions on dumpsys - More changes will follow, including migration. - Now System settings are mockable. Bug 23902097 Bug 23902477 Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e7ee54ee7f4985bc743053d38d21f33c70220f05 |
|
21-Sep-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove device initializer agent Bug: 23216982 Change-Id: I867c0b5f4165983d1ed2623a655f6a2a5e3770bb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b643fb0e67460344ade2e3db92738999f8168496 |
|
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Use a factory class for dependency injection, add more tests. - Extracting into a factory allows us to use mocks in other classes. (Such as Owners.) - Also removed broken test ApplicationRestrictionsTest. Instead added a new simplified test to DevicePolicyManagerTest. - Also stop caching rarely used instances in DPMS. Bug 24061108 Bug 24275172 Change-Id: Ice9e57204b18e7b5f6b115126dab2209041439c2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f76b06a6b546f430cf85e561858ed12eedc32b81 |
|
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Test more DPM APIs. Bug 24061108 Change-Id: Ia9da19f62c0f4edf53ca1f4c213f0368ec1983ba
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f85c97741485a53c1cca5d9d6192a9436d91a044 |
|
23-Sep-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Cleanup USER_OWNER in DPMS This cl assumes device owner will continue running under user 0. Bug: 19913735 Change-Id: I65c97f6f14fb362acbdcb6588b73787291100698
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cc4bbeb76af92a8484fe05f37c4ff412b4c47ccc |
|
17-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Make DPM/DPMS unit-testable - Now all services that DPMS uses are injectable. - Introduce some wrappers to make static methods and final class mockable. (e.g. for Binder.getCallingUid()) - In unit tests we replace those with Mockito mocks, except we use a partial mock for PackageManager, because we use way too many methods of this and most of them are okay to use directly. - To install a partial mock to PackageManager, I needed to make ApplicationPackageManager @hide public non-final. - For a starter, added tests for DPM.setAmin(). Bug 24061108 Change-Id: I2afd51d8bc0038992d5f9be38c686260be775b75
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
287971d613b647c0990f8680945ef4ba64f290ca |
|
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Make sure DO user is running even if caller is shell/root. Bug 23827706 Bug 23994401 Change-Id: Ie2fbc3ab07901e3d0a9898c910c69d993583084e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cb150cd81a66d2b59fc2ba05d788c307cad22207 |
|
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Fix the "User not running: 0" issue"
|
299878c9cf9bafdee4b0715de3202bd633162d03 |
|
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Fix the "User not running: 0" issue Bug 23994401 Change-Id: I580730e7c895f00adf278a2d6709284fff0fc28b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
688b5f4f29f623258fe12c99166c978db0bf128b |
|
11-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Cleanup: rename loadDeviceOwner() to loadOwners()"
|
58b684f1cdc52467b71c42cfae18433a19ce7d0b |
|
04-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
[split system] Tentatively support running DO on meat user - setDeviceOwner() now takes a user ID. (We can infer it from Binder, but we still need it for the dpm command.) - Change broadcast target UID for DO to the DO user - Start the DO user on boot complete. TODO Investigate whether this is actually the good timing. TODO Prevent the DO user from being killed Bug 23827706 Change-Id: I227dbd444f1f4e94d98c317489d151554fe79d91
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f024f048dee270252bcc728350f0ac1ad3a8e420 |
|
04-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Cleanup: rename loadDeviceOwner() to loadOwners() Change-Id: I68e3367b1e70022f9501cf998e1860a6ce7d496b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2714d448b12797a5050834f952fd1166246e558e |
|
03-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Replace all occurrences of HashMap/HashSet with ArrayMap/ArraySet. Also fix the command line for OwnersTest in javadoc. Change-Id: I53c222aa13eee179c5abf7e6ba95c6cbe9a7f47f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
99aeac27ebc5ad54c0095122251cc0258713c263 |
|
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Rename DeviceOwner to Owners Bug 23432442 Change-Id: Ic59c880d45126fbcf50b1bd31e37b2b64e2f3a6d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
39e784dd46fe4c7257bf63d0a60167abb2b28f79 |
|
22-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Split device owner config files DPMS.mDeviceOwner is now always non-null, so no null checks are needed. Bug 22802261 Bug 23432442 Change-Id: Ia8e5f114ecfc0add44b0d1be7d043ef6e37019ef
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ed969e18f8e9a0d9ec9a7dc423a1105899a1fb57 |
|
24-Aug-2015 |
Rubin Xu <rubinxu@google.com> |
Reactivate backup service after device owner is cleared. Bug: 23474411 Change-Id: I99da846493eb749828517d27f4384ab3fe647df5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e3b07451c3ca7064cb70f1829cf35963cba74bd8 |
|
22-Aug-2015 |
Adrian Roos <roosa@google.com> |
resolved conflicts for merge of bcc26c02 to master Change-Id: I4260ff0d090cfa9741fd3adcfcadcbbff6839388
|
b5e4722891e7bbf2fffcd995af02838667a3abab |
|
15-Aug-2015 |
Adrian Roos <roosa@google.com> |
Add StrongAuthTracker Bug: 22846469 Bug: 22115393 Change-Id: I6ef5322d02e540fc043e7f20d3aabf595ce7c224
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4afb83e912fc46db64297a1734f1d5959e3caff4 |
|
21-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Clear cross-profile intent filters in the right user. Clear them in the parent, who is not always the owner. BUG:23105562 Change-Id: Iae2adbfa6b4d6e982f6f2a4075dd8bd55b11c37e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
741abfc12074623d24297ebb67d98cb2d9126add |
|
11-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Fix cross-profile intent filters with system-user split. Don't assume that the parent is always the user owner. BUG:23105562 Change-Id: Ia98ed608e2b6d1d82d95a73110134d85274c6abf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2af03d2a7ac0eff78d1646b66e242b17e12165cd |
|
10-Aug-2015 |
Nicolas Prevot <nprevot@google.com> |
Send the MANAGE_PROFILE_ADDED broadcast to the correct user. Send it to the parent, who is not always the user owner. BUG:22753960 Change-Id: Ibd0edb78be4b3bdfc9fc31fd05e50fe3bf8bb493
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c1836bb0f1bf3e5ef0911719525da0bab3e53507 |
|
31-Jul-2015 |
Dianne Hackborn <hackbod@google.com> |
Merge "Change MNC codename to just M." into mnc-dev
|
9a81a182df634ab7a087752c9a10db67c5d0f256 |
|
31-Jul-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Don't always transfer device owner status to other users." into mnc-dev
|
e2a4a6ff8a83a4216824b2d40a323e56814d0463 |
|
28-Jul-2015 |
Nicolas Prevot <nprevot@google.com> |
Don't always transfer device owner status to other users. A device owner cannot use device or profile owner policies on other users unless it is profile owner there. Also limit device initializer to system apps only. Bug: 21800830 Change-Id: Ie1abbd891945b91b17ecdf7f73ba93aaa19819be
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0e3de6cacaffcfeda4d6353be61e2f1f9ed80705 |
|
30-Jul-2015 |
Dianne Hackborn <hackbod@google.com> |
Change MNC codename to just M. Change-Id: I4281d200ff6560791c47cf9073ceea1cb509361e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
00799008832e11f06f9ddc0bf721799edee99f28 |
|
27-Jul-2015 |
Nicolas Prevot <nprevot@google.com> |
Send a public broadcast when the device owner is set. Make it a protected broadcast. BUG: 22623518 Change-Id: Ia36e8f0b80a6301d7d8e0461476842c78762b5e8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c1aebfa02c393471fb344c3a94ee2ae62bb78f93 |
|
09-Jul-2015 |
Jeff Brown <jeffbrown@google.com> |
Merge "Clean up USB Manager and fix ADB." into mnc-dev
|
460a146eb8f827e4e70f2dd93d1ba852d0feb06b |
|
01-Jul-2015 |
Jeff Brown <jeffbrown@google.com> |
Clean up USB Manager and fix ADB. Moved functions which parse the USB functions list into one common place on UsbManager. Deleted the no longer supported USB_FUNCTION_MASS_STORAGE. Ensured that the UserManager.DISALLOW_USB_FILE_TRANSFER rule is consistently applied during user switch and when changing the current USB functions and make sure it only affects MTP and PTP. Collapsed the boot completed and user switched receivers to ensure consistent ordering of side-effects. Validate the list of functions passed to setCurrentFunction() so that the separation of concerns is clearer. It was somewhat ambiguous as to whether functions such as ADB could / should be enabled through that interface. Improved the docs for clarity. Fixed a bunch of broken stuff related to the USB config persistent property (list of default functions) that could cause ADB and other functions to not work at all. Added new failsafes to ensure that we reliably get back into a happy state. Bug: 22206076 Change-Id: I02915ddfce7193a8f67a14f0d76bab22fc575dfa
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
70e0c58c2269cd29dfd6420d690da13dc03fd457 |
|
30-Jun-2015 |
Kenny Guy <kennyguy@google.com> |
Mute correct user from device policy manager. Add per user versions of mute methods so device policy manager can mute the correct user. Just persist change if the calling user isn't the current user. Treat calls to audio manager coming from uid 1000 as if they were coming from current user rather than user 0 so that the correct user's user restriction is checked. Bug: 21782066 Bug: 21778905 Change-Id: I51469b741096d8a2ffdc520eaf5b3fd754f2c819
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7ce2bd2161405cef9740a6f14d586a8964dad3e0 |
|
30-Jun-2015 |
Alex Chau <alexchau@google.com> |
Clear "profile wiped" notification when a new porfile is created Make use of ACTION_MANAGED_PROFILE_ADDED to clear the notification. Bug: 22186884 Change-Id: I08514ebc308f2e2fb61f837500e2ba712ccf8703
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fef8cbd6a643a621a97f8e5616977e1fb65d9a5f |
|
30-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Merge "Marking some globals from setGlobalSetting as not supported" into mnc-dev
|
656fa7f5d1ce9299cb63043de80f2b4db9bff497 |
|
29-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Marking some globals from setGlobalSetting as not supported Those globals don't have the intended behaviour any more. Bug: 19967818 Change-Id: I8c7891e59280f9deb88b1f0ffead3de07f4eca56
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e8490f1d78a62826742ddf4af8943e6666a1a8d0 |
|
25-Jun-2015 |
Rubin Xu <rubinxu@google.com> |
Use StorageManager.wipeAdoptableDisks to wipe external disks Retire FORMAT_AND_FACTORY_RESET which is more fragile. Bug: 9433509 Change-Id: I158ee987274bb4db41d466de9f1e3c60ffc1d140
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
28b9570d0235eca305dc76c006a54c8a85cf5db8 |
|
24-Jun-2015 |
Esteban Talavera <etalavera@google.com> |
Reset permission policy to default when device owner goes away Otherwise after the Device Owner is gone, runtime permissions might still be auto granted/denied. I understand that there are many other policies that we don't reset after the device/profile owner goes away (e.g. keyguard enabled/disabled). At least now we have a single method when we could clear the ones that we care about. Bug: 21889278 Change-Id: I6997655e6ef6d474bd25ae1c323eca5b17944b16
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0bf8f7cc3982164a9e11ea4a25ed930e466f1dd8 |
|
22-Jun-2015 |
Amith Yamasani <yamasani@google.com> |
Runtime permissions cannot be set on legacy apps by device policy Clarify docs that runtime permissions can be granted or revoked by a profile owner/device owner only for MNC apps and not legacy apps. Check the targetSdkVersion and return false if legacy app. Remove all policy flags from permissions when cleaning up a device or profile owner. Bug: 21835304 Bug: 21889278 Change-Id: I4271394737990983449048d112a1830f9d0f2d78
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2c3c66a2cf06b4d081f539a1fa01b44780cc65dc |
|
23-Jun-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN" into mnc-dev
|
58e706d754adaeb59ccea9b8d496d54240c37caf |
|
23-Jun-2015 |
Robin Lee <rgl@google.com> |
Merge "Let device owners handle onChoosePrivateKey" into mnc-dev
|
deee7735d81107380e8af5e35d4339e85530ee98 |
|
20-Jun-2015 |
Robin Lee <rgl@google.com> |
Let device owners handle onChoosePrivateKey Bug: 21959745 Change-Id: Ifad3901015937d2ea700124bb5f61982cd580ad8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1046ba518b07e42eb5d3474f1ff9ca1181c331d5 |
|
17-Jun-2015 |
Benjamin Franz <bfranz@google.com> |
Add DISALLOW_CREATE_WINDOWS to Device Owner only user restrictions Even though the documentation of DISALLOW_CREATE_WINDOWS says it is for Device Owners and Profile Owners on User 0 only, it was previously not part of DEVICE_OWNER_USER_RESTRICTIONS and was therefore callable from a profile owner on a managed profile or secondary user. Bug: 19726884 Change-Id: If6443eacbc28b7ee6c0845754923573a79f8bde3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2cc03e5606ad7cd473283898400506d5ac2237ba |
|
20-Mar-2015 |
Jeff Sharkey <jsharkey@android.com> |
Yet another user restriction. Change-Id: Ia2952da19cb974a6a9ba0271a298a10df58b8d18
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b24f01f473b98e98f0c80b1a937a18921cf0521a |
|
12-Jun-2015 |
Alex Chau <alexchau@google.com> |
Merge "Notification shown upon work profile deletion" into mnc-dev
|
77b2d49abb38fafb91fb99ce603a92f189553cd7 |
|
11-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Merge "Remove device initializer status messages" into mnc-dev
|
c51b72acc064ec5f62b2e468f2e7c5e0c96cfc8a |
|
09-Jun-2015 |
Alex Chau <alexchau@google.com> |
Notification shown upon work profile deletion Bug: 18543323 Change-Id: Ibd9bd20637a7bd019e080da306a19c94d9e82576
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
83881bdbdee14cc9726c89019490a0514686f314 |
|
10-Jun-2015 |
Robin Lee <rgl@google.com> |
Policy: make bulk CA uninstalls happen in service Fewer round trips, only one point of contact for bugs to creep in. Bug: 21650477 Change-Id: I1764faa753bd674ecb0d13149d778d99bd2ff4c4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cedd53adc3875fe1b4275afa35ec5c3ede7b6c39 |
|
09-Jun-2015 |
Julia Reynolds <juliacr@google.com> |
Remove the ability to set a preferred setup activity. Bug: 21557327 Change-Id: I8c1809d25c5f5fcd186dfc0636d8ac47ed5fc903
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4045d24971fea4f1506ac8f16d4deeb76ac415fe |
|
27-May-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN This setting controls whether WiFi configurations created by a Device Owner app should be locked down (that is, editable or removable only by the Device Owner). Bug: 21427528 Change-Id: I0f8fb72bf9da1597e08d3dfc631d37b6b4178ff5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
369d65653399f01e83a6cbb6dfa4eb7b356af648 |
|
05-Jun-2015 |
Amith Yamasani <yamasani@google.com> |
Fix permission check in DPM.getPermissionGrantState It was querying for permission of user 0 instead of the calling user. Switched to passing in the explicity userId. Also set the flags before granting/revoking permission from DPM. Bug: 21430988 Change-Id: Id0d2dc65e20108cefa3eeb4363f866d49c791cc4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
240e64828f68064b2a1074a1dda1fc41fe19d711 |
|
02-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove device initializer status messages - Remove ManagedProvision Bluetooth extras from DevicePolicyManager - Remove ManagedProvisioning device initializer status action and extras from DevicePolicyManager. - Remove DIA status update protected-broadcast and permission - Remove DPM.sendDeviceInitializerStatus method Bug: 21559093 Change-Id: Ibb651ebb2772ace6a16a5830f82f75465150e6e3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e3e314df4d52881225326d426a76e3e7f1bc40d3 |
|
20-Apr-2015 |
Stuart Scott <stuartscott@google.com> |
Network Reset should have a lockdown like Factory Reset. bug:20332322 Change-Id: I7c61a011d11e89513757f112abf320bb2a785edb (cherry picked from commit 94b038bbb291431a7b39611d72f206b07e839891)
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
81c73e121ef2ff44a3916628d9ff11385db85bd6 |
|
27-May-2015 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Clear caller identity before setting all the user restrictions." into mnc-dev
|
184b3753de54241c67799089f5bc59a1ede4438a |
|
22-May-2015 |
Amith Yamasani <yamasani@google.com> |
Add getPermissionGrantState method in device policy This is to have a way to query what permission state was set by the profile owner. Bug: 21356830 Change-Id: Ie396e946b4285267c1d95f82b9d9765b43697d3c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d8ecc5aee49874ac1f100f69be94906a3e99b951 |
|
20-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Allow DO/PO to go back to normal permission state. We have APIs for a DO/PO to fix a permission in a granted or denied state in which the user cannot manage this permission through the UI. However, there is no way to go back to the default state in which the user gets to choose the permission grant state. Change-Id: I2562a1d8b1385cd740b44812844ef14c895c2902
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
21d9ef6dc71886209965f70728b563fd7d78d6c8 |
|
20-May-2015 |
Sudheer Shanka <sudheersai@google.com> |
Clear caller identity before setting all the user restrictions. Bug: 19687895 Change-Id: Ieaa1f4e5a39395f11bf4cf797332a2d9d495bc0a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6e1c17a3dfd62f3ae2a16ac64b8575fc3aa4a7a2 |
|
14-May-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "clear caller identify before sending system update notification" into mnc-dev
|
2c84cc2ea2ffa1fcd3dbd9a1b5e3880571fba1b8 |
|
14-May-2015 |
Rubin Xu <rubinxu@google.com> |
clear caller identify before sending system update notification Because DeviceAdminReceiver is protected by BIND_DEVICE_ADMIN permission, in order to send broadcast to it, we need to clear the caller's identity and call sendBroadcastAsUser() as system. Bug: 20213644 Change-Id: Icc7b239b9005e286012ade6580ec92a0a57198e0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4 |
|
08-May-2015 |
Wojciech Staszkiewicz <staszkiewicz@google.com> |
Pass charset to XmlPullParser.setInput instead of null Passing null to XmlPullParser.setInput forces it to do additional work, which can be easily avoided if we know the charset beforehand. bug: b/20849543 Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
39087b1cec6a54e96ab9eafe8317952720790533 |
|
05-May-2015 |
Robin Lee <rgl@google.com> |
Replace String host:port/url args with Uri arg Uri provides a stronger guarantee of well-formedness and lets apps do nice extra things like specifying scheme etc. without twisting any expectations. Bug: 20820034 Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9831fad6768135dbd982d6dca78d7f6de81bb320 |
|
14-May-2015 |
Nick Kralevich <nnk@google.com> |
Merge "Modify how USB connections are handled." into mnc-dev
|
fcf10f7c12cb3107bdfedce6f76a8c866d154f3c |
|
13-May-2015 |
Nick Kralevich <nnk@google.com> |
Modify how USB connections are handled. * Introduce a new "charger only" mode. In this mode, MTP is disabled, and no file transfers can occur. * Make charger only mode the default. * Modify "persist.sys.usb.config" so it now only holds the adb status. * Make the USB settings non-persistent. Unplugging the USB connection will reset the device back to "charger only" mode. * Fixup wording per UI guidelines. TODO: Re-implement MDM restrictions for USB / MTP access controls. Bug: 18905620 Change-Id: I99a50d9132a81e98187f431166fd9fef4d437e4f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
467eb0566ff1df320c9a9be3da0f44ee3d6bc9fa |
|
13-May-2015 |
Kenny Guy <kennyguy@google.com> |
Merge "Allowing profile to set a subset of keyguard restrictions." into mnc-dev
|
396d944001f0b897b1689baa0bd7d3e04046b3ca |
|
13-May-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Remove initiator name param." into mnc-dev
|
9fc8bb63d8c15ecfcd3a72a685eaec6c8ec0aa6e |
|
12-May-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Tweak SystemUpdatePolicy according to API review." into mnc-dev
|
8c7f700a59ad26e75c9791335d78f14322cad49a |
|
07-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add permission meta-state flags to support grant/revoke permission policy. We now maintain a mata-state with each permission in the form of flags specyfying the policy for this permission. This enables support of the following use cases: 1. The user denies a permission with prejudice in which case an app cannot request the permission at runtime. If an app requests such a permssion it gets a denial unless the user grants the permission from settings. 2. A legacy app with disabled app-ops being upgraded to support runtime permissions. The disabled app ops are converted to permission revocations. The app ops manager is a part of the activity manger which sits on top of the package manager, hence the latter cannot have a dependency on the former. To avoid this the package installer which is the global permission managment authority marks the permission as revoked on upgrade and the package manager revokes it on upgrade. 3. A device policy fixing a permission in a granted or revoked state. This additional information is folded in the meta-state flags and neither apps can request such permissions if revoked not the user can change the permission state in the UI. Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
731051e36bb2d420a29cd889a38e02c88c930aad |
|
11-May-2015 |
Julia Reynolds <juliacr@google.com> |
Remove initiator name param. This won't be shown in the UI; it's not needed. Bug: 20820224 Change-Id: I51ecd0a9151a49e26faf52e792a0b316a8facc8e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0b7dd1e6c8422da0a21c1631244bec7a2af5085a |
|
12-Mar-2015 |
Kenny Guy <kennyguy@google.com> |
Allowing profile to set a subset of keyguard restrictions. Allow admins in managed profiles disable trust related keyguard features (trust agents and finger prints) for the parent user. Allow admins in managed profiles to control whether notifications from the profile are redacted on the keyguard. Bug: 18581512 Change-Id: Ic2323671f63781630206cc2efcc8e27ee58c38e6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d86d58cd010b087d6d481062f84c894e0ced7bbc |
|
05-May-2015 |
Rubin Xu <rubinxu@google.com> |
Tweak SystemUpdatePolicy according to API review. Make SystemUpdatePolicy Parcelable; hide public constructor and expose static builder methods. Bug: 20820025 Change-Id: I594ba3c7e5514551134ba6c866b24498b66506bf
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4e401fa49875e083d18b46e0250be37ad565071c |
|
07-May-2015 |
Craig Lafayette <craiglafa@google.com> |
DevicePolicyManager API review changes Renamed DO_NOT_ASK_CREDENTIALS_ON_BOOT to RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT. Bug: 20820907 Change-Id: I6455f9a6d370afbd5154505f402b409dba3b7918
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
94fb2024b013522e95a880e02b73886fa7d01222 |
|
06-May-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Rename functions that disable status bar and keyguard" into mnc-dev
|
bece80645e2b2d84ea65aabfa7fc01d5ad633708 |
|
06-May-2015 |
Benjamin Franz <bfranz@google.com> |
Rename functions that disable status bar and keyguard Rename the DevicePolicyManager functions setKeyguardEnabledState and setStatusBarEnabledState to setKeyguardDisabled and setStatusBarDisabled respectively. Bug: 20820039 Change-Id: I06f6a19ac55b24e66e9f2cb340ead5d940cb2235
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6f36d42dcc46eae3a0388828b13314a823e3ce57 |
|
06-May-2015 |
Amith Yamasani <yamasani@google.com> |
Permission policies are for profile and device owners Not just device owners Change-Id: I78ad815651e9bdc4bd78e61d634a5067935fa33f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ddd553f2aee4f3821a2f17636bb86d9fa5af9bd7 |
|
30-Apr-2015 |
Robin Lee <rgl@google.com> |
Device policy: use owner label instead of name Managed provisioning does not currently set a meaningful profile owner name. This changes to use the application label as returned by PackageManager.getApplicationLabel which should be more descriptive. Bug: 20679292 Change-Id: I5a0e87ef05b62879a73814e6d338e8b984b81c94
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c4aa3c781a0ddce64853cd5d88bf97f8a9faf98b |
|
29-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Add status bar flag to disable quick settings" into mnc-dev
|
d49489b3af01c13d3b13af1cd04d53787185cc0a |
|
28-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Permissions control via profile/device owner admin Profile owners and Device owners can set policies for runtime permissions. Blanket grant/deny policy can be set for a user. They can also explicitly grant/revoke permissions for specific apps which cannot be overridden by the user and will not be prompted. [More implementation required in PackageManagerService and PackageInstaller] Bug: 20666663 Change-Id: I2c25c18c2a195db9023a17716d5896970848bb45
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
27cf146361125d1233c487ec215d5d794f5dde17 |
|
23-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Add status bar flag to disable quick settings Bug: 20331928 Change-Id: I79dc7f2c9e64245bdeeea3916d339985a8b17f92
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
13c58bacc8f1ff35bb24ba19069bab8a41aabf68 |
|
20-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Allow device initializers to set a preferred setup activity. This activity will launch by default on device reboot or user switch during user initialization, even if there are higher priority 'home' activities. Bug: 20223050 Change-Id: I335aeb010a1ae5db07a4343d26e160c74bd299e1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f7d3a766f0cd8a9efb51a62a27db78a3bb04d41f |
|
25-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Only skip unrecognized tags."
|
6afa666c9f9c8d1e9eff85464230585dfef060bb |
|
23-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Only skip unrecognized tags. This fixes policy loss seen on device reboot when device admins applied certain policies. Bug: 20516960 Change-Id: I6e2a3b8de610c00ea1a2edbb026523bfdc365775
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2806374f9531490296547d4e884ce9163f4ac867 |
|
08-Jan-2015 |
Nicolas Prevot <nprevot@google.com> |
Restrict setting the profile/device owner with a signature-level permission. Create the new permission MANAGE_PROFILE_OWNERS to restrict setting the profile/device owner. BUG:19838376 Change-Id: Ib55a2db85fcb6f34e3b88c398683bddb0ad66868
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
917c4e4d453f9f36fb6945cf1e3e11f45314d602 |
|
24-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Merge "Clear binder identity before reaching into keyguard settings"
|
5bd5d4c2b0b12fcd76b58dfb3d834f1159ff054e |
|
24-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Clear binder identity before reaching into keyguard settings Change-Id: I80eeaed235acc165ddd4799ba46700afea2dff55
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1513ff171ae43d141295a235e42d99071e144cdb |
|
23-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Fix NPE when load() returns nulls. Fixes bug 20528625. Change-Id: I825c95fd212a1928a34e9ed0e20d2f7563939cbb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
015c5e57b58d26ae53849c02d3aebfcd52d85c3d |
|
23-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Disallow data clearing of DeviceOwner. There are OEM provided apps that are able to clear the data of the device owner. That creates a security hole that this fixes. Fixes bug 20107015. Change-Id: I4ef313b394bd8059d19d20aa6533396305d1357d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5173dc28f341fee92705b07543cf9d2c9694ee3c |
|
16-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Add and remove DeviceInitializer from whitelist Add the DeviceInitializer to the locktask whitelist when set or when a new user is created. Remove DeviceInitializer from whitelist when user setup complete. Fixes bug 20267837. Change-Id: I8a33bceb6e6f3d0316a1227b2ed2b713f4ca3a9e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dc105cc91c63c27479d73a21702cd4ba0304acc4 |
|
15-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Enable system service to notify device owners about pending update Create a DevicePolicyManager API which can be used by OTA subsystem to tell device owners about pending updates. Device owners will get a callback from its DeviceAdminReceiver when the update service sends out such notifications. Bug: 20213644 Change-Id: Ifcc755655e4f441980cf77d76175a046112ca9ae
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
07ba37a713212e603be3098f1035f2b736fae679 |
|
22-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Recover status bar enabled state for all users"
|
6d6290d2821c6b1e497e4990c5d42aee1dbc8a29 |
|
22-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Check for null packages in setLockTaskPackages"
|
837f1035a608d2d36aef5fb448ec1fbd1d927f5f |
|
21-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Recover status bar enabled state for all users Move the update of status bar enabled setting to loadSettingsLocked and thereby recovering the enabled state for all users, not only the user owner. Bug: 20416833 Change-Id: Iee3d6e0f3ea8ebc5d72c0ed165bea4595ed073ba
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4eb6a36922f5e98fe181c0326cc5721f0e7589ca |
|
02-Apr-2015 |
Andrei Kapishnikov <kapishnikov@google.com> |
Introduced DO_NOT_ASK_CREDENTIALS_ON_BOOT flag A new flag for DPM.resetPassword() method that specifies that the device should be decrypted without asking for the password or pattern. Bug 19250601 Related CL in Settings App: https://googleplex-android-review.git.corp.google.com/#/c/670206 Change-Id: I9ca3472dc18e66e618ff772dee16ca4a450e9997
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
78c05f97426e941b1a398e0d00b53603603f292b |
|
21-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Check for null packages in setLockTaskPackages Bug: 20416611 Change-Id: Ibbadc952da29a34de0cf02408093b7bfc01f8779
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5faad8e4cdf04211239f076b5d073e26d0ae3207 |
|
20-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Rename public OTA policy APIs in DevicePolicyManager Use the term "SystemUpdate" instead of "OTA", in public DevicePolicyManager APIs that handle OTA policies. Bug: 19650524 Change-Id: Iebdaea91337d617147cb411b6f47e0f3fae8671c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
15df08abd8190353e1430f88c2ed6462d72a5b25 |
|
01-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Introduce android:lockTaskMode The ability for tasks to be started in locktask mode or pinned is dependent on the value of android:lockTaskMode for the root activity of the task. For bug 19995702 Change-Id: I514a144a3a0ff7dbdd4987da5361b94bdfe9a437
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
47af53ed95070063f5ec299b957420a91fcd5292 |
|
15-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Introduce device owner API to disable the status bar"
|
ea2ec97f37c649881f2be8a5cc40bf44080cc632 |
|
16-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Introduce device owner API to disable the status bar Let the device owner disable the status bar to achieve multi-app single purpose mode. When the status bar is disabled, quick settings, notifications and the assist gesture are blocked. Bug: 19533026 Change-Id: I72830798135136e5edc53e5e2221aebb9a7c7d57
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b4e218832173229ca2cb25e420c557f919a8ef09 |
|
15-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Fix a SecurityException in setKeyguardEnabledState"
|
3223106dab67ba38027590a600edaa02efb6e461 |
|
14-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Fix a SecurityException in setKeyguardEnabledState A SecurityException is currently thrown when calling this API as LockPatternUtils.isSecure requires a permission that the DO does not have. Bug: 19533026 Change-Id: I28bebb647e46bb631cc4fa1a7c9571eadda69086
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
317918e206b89f4a49bfa35af57607764f322347 |
|
14-Apr-2015 |
Andres Morales <anmorales@google.com> |
Merge changes from topic 'lss-update' * changes: Add challenge to IGateKeeperService Wire up GateKeeper to LockSettingsService
|
e36087e5b6eeb92607f4ad5b3b1662bef9bafa4c |
|
07-Apr-2015 |
Benjamin Franz <bfranz@google.com> |
Introduce device owner API to disable the keyguard Let the device owner disable the keyguard to achieve undisturbed single use mode with multiple apps. Calling this API has no effect if a password has been set for the calling user. Bug: 19533026 Change-Id: I6b726b7f36efb669359e9da4b7e3db1f8031dad5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c9c9f7b40ec77217ce595fd152a505481326dc9a |
|
14-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Add setOtaPolicy/getOtaPolicy API in DPMS"
|
0c606812c5102fd19eda4b3e1ffbc9e61fec6430 |
|
14-Apr-2015 |
Ricky Wai <rickywai@google.com> |
Merge "Add Bluetooth Contacts Sharing policy in DevicePolicyManager"
|
778ba135380cda90c4c9317c34e875c00e2743a3 |
|
31-Mar-2015 |
Ricky Wai <rickywai@google.com> |
Add Bluetooth Contacts Sharing policy in DevicePolicyManager Bug: 19990979 Change-Id: Ide9adf66eec5721e50573c03956a1b63b7e8b18b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8027a4ffc285ba39df3a262abfff1cfdd6dd31db |
|
10-Mar-2015 |
Rubin Xu <rubinxu@google.com> |
Add setOtaPolicy/getOtaPolicy API in DPMS Allow device owners to set OTA policy for automatically accept/postpone incoming OTA system updates. This class only provides the setting and getting of OTA policy, the actual OTA subsystem should handle and respect the policy stored here. Bug: 19650524 Change-Id: I9b64949fab42097429b7da649039c13f42c10fd1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8fa5665f0e757cec0063fb4cf1354f1596f93a91 |
|
31-Mar-2015 |
Andres Morales <anmorales@google.com> |
Wire up GateKeeper to LockSettingsService Adds: - Communication to GKService - password upgrade flow - enroll takes previous credential Change-Id: I0161b64642be3d0e34ff4a9e6e3ca8569f2d7c0a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c06bbbfe7ac3c848384cb667b23c42ce26cc5d95 |
|
14-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Merge "Grant cert installer access to installKeyPair()"
|
dbe31a6616f2e8cb8436ea235149d076302fb793 |
|
02-Apr-2015 |
Craig Lafayette <craiglafa@google.com> |
Send device initializer status. - Create method in DevicePolicyManager to send device provisioning status to ManagedProvisioning. - Define status updates used by ManagedProvisioning. Bug: 20001077 Change-Id: Ia98fc765d1ebb2ba9680636ca15c2c870d160261
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
30b89849032eb57d1da93de40a6a9bd2a5f55a2e |
|
07-Apr-2015 |
Craig Mautner <cmautner@google.com> |
Merge "No longer unlock activity manager to test whitelist"
|
e56007786ace2fe0615197d95317ccd7be4d1ca6 |
|
04-Apr-2015 |
Craig Mautner <cmautner@google.com> |
No longer unlock activity manager to test whitelist In order to check the DevicePolicyManagerService locktask whitelist the activity manager had to release its lock preserving internal state. That is undesirable and not scalable now that we need to check the whitelist at startup for bug 19995702. This change causes DPMS to update activity manager with the whitelist whenever it changes so that activity manager can check the whitelist without releasing the acitivty manager lock. Change-Id: I3ed6eb5ceae2cd7e7ae3280abd708d5ce43a2851
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
16c9c249d5f06014442aa5c78254b702f6a034c5 |
|
05-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
Fix up ExternalStorageFormatter. It's not going to be around for much longer, so just fix enough to work correctly. Also teach about new "unmountable" state from vold. Bug: 19993667 Change-Id: Ib72c3e134092b2a895389dd5b056f4bb8043709a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
25da6b65b0e3be610e1223758b1910f4e7ad1ed2 |
|
03-Apr-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Do not log an error when app restriction file does not exist"
|
6f34d363c32ec3295fd77257648d1291ea31c33f |
|
02-Apr-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Do not log an error when app restriction file does not exist Bug: 20040207 Change-Id: Ibd257388a185020258e36bddf5b451dc24c0b7ee
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
eaafdf72a410b445cee9fea274a57f31aec2509f |
|
02-Apr-2015 |
Julia Reynolds <juliacr@google.com> |
Store the device initializer componentname in addition to package. This removes ambiguity about which component in the initializer package handles device initialization when setting up secondary users. Bug: 19992262 Change-Id: I2e48168907725a56cd05d0b51c9f28b34fa28d1a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
acdc1839cf73c5ee1672f19f7098b81abdd4f0bc |
|
02-Apr-2015 |
Rubin Xu <rubinxu@google.com> |
Grant cert installer access to installKeyPair() Bug: 20041977 Change-Id: Id0dc0bce8461c71d7220c1802dcca82933805996
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1040da1d4eb99fd2588e4c4d5b08b2e3fc0c7777 |
|
19-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Enterprise quick contact 1/2 Now openQuickContact goes thorough DPM. When a lookup URI is build with a lookup key returned by the enterprise lookup APIs for a corp contact, the lookup key will have a special prefix. In that case we go through DPM and have it launch QC on the managed profile, if the policy allows. For now we use the same DPM policy as enterprise-caller-id to disable this. Design doc: go/cp2-mnc-enterprise-dd Bug 19546108 Change-Id: I831a8190ae902ae3b1248cce6df02e3a48f602d2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4fd8d4ab2aafe8ed73080408223e8b20a953cfc4 |
|
30-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Revert "Enterprise quick contact 1/2" This reverts commit 75a0882b946df6de4775c9e54ca023ff54f3f678. Change-Id: Ibe332885824b228bf1b1147d141c9395554ff67f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
75a0882b946df6de4775c9e54ca023ff54f3f678 |
|
19-Mar-2015 |
Makoto Onuki <omakoto@google.com> |
Enterprise quick contact 1/2 Now openQuickContact goes thorough DPM. When a lookup URI is build with a lookup key returned by the enterprise lookup APIs for a corp contact, the lookup key will have a special prefix. In that case we go through DPM and have it launch QC on the managed profile, if the policy allows. For now we use the same DPM policy as enterprise-caller-id to disable this. Design doc: go/cp2-mnc-enterprise-dd Bug 19546108 Change-Id: I4840e7fad8a6a60249df07d993d26d03619650d4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dfb1c2f2053d233cb1bed17b77bbebceb246f3f5 |
|
26-Mar-2015 |
Amith Yamasani <yamasani@google.com> |
am 17b03239: am 8562a7a1: am eedf2fe0: am 0afd1905: Merge "Fix NPE if FPE service does not exist." into lmp-mr1-dev * commit '17b03239d3152cbcf450ec66f077f07e4c1870e1': Fix NPE if FPE service does not exist.
|
1181ed8a43c8364b19f4877ec58c4e2640d7dca8 |
|
23-Feb-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Add isActiveAdminWithPolicy to DevicePolicyManagerInternal This method will be used by other system services to decide whether an app is a profile owner or device owner. Change-Id: I9577700d03ce2c80c798a60c6c2f480fd1913f43
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a23995c233b3c336d0f405523902606f2583caea |
|
25-Mar-2015 |
Paul Crowley <paulcrowley@google.com> |
Fix NPE if FPE service does not exist. Bug: 19846662 Change-Id: I44e014c66a524b282cce0cfc9b7513fc0f553576
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ec32b56cc22658ecb549390fe0096fc6d7b5ac2a |
|
03-Mar-2015 |
Rubin Xu <rubinxu@google.com> |
Add DelegatedCertInstaller API in DPMS Allow device/profile owner to delegate certificate APIs to third-party certificate installer apps. Bug: 19551274 Change-Id: Iaf9abb5ecb1dc0975fa98ea14408fe392d52fbf4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bff46bac807ae8a9ebdc22c449a8d4f78711b4d2 |
|
05-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Add DO policy to disable safe boot mode. Bug: 19615843 Change-Id: I14dbe911995ec216c57bd285d6b7b04c9684591a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4a357cd2e55293402d7172766f7f9419815fc1e8 |
|
19-Mar-2015 |
Alan Viverette <alanv@google.com> |
Replace usages of deprecated Resources.getColor() and getColorStateList() Change-Id: I8f64fe6c4c44a92ff6d07250223ba590a1d691b0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1cc84c992cacdfbe005f29fbaaa1d85e22e4459b |
|
17-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow initializers to clear reset protection data during device setup."
|
ee1f24ff2985a32b473244cc464b3ca7854de189 |
|
16-Mar-2015 |
Robin Lee <rgl@google.com> |
Merge "Recognise insecure encryption with a new constant"
|
8458e531bfc681ebb0de98476d782ca4d052a145 |
|
16-Mar-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Remove the owner userid of cross-profile intent filters."
|
916b1e503d50b87bcf724e975a4bc3d32bf31431 |
|
13-Mar-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Changed the logic of calculating effective password limits"
|
68cc42009e656b785420c531e39c131bbe6729cf |
|
11-Mar-2015 |
Benjamin Franz <bfranz@google.com> |
Allow DO to set Settings.Global.STAY_ON_WHILE_PLUGGED_IN Bug: 19704419 Change-Id: I3fc970eae8ef947775b6b565916bb245dea1b43b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0a32d35ce2c9de8025ab842f3bc929d5fe287d17 |
|
12-Mar-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Changed the logic of calculating effective password limits Admins without limit-password policy or passwordQuality below PASSWORD_QUALITY_COMPLEX, should be excluded from the list when calculating effective limits. Bug: 19603660 Change-Id: I7b7d8498c8a072a4c050be48709ce34bddba39a5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
85865d55f06bade582313c83f27496e3180569a9 |
|
06-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Allow initializers to clear reset protection data during device setup. This allows initializers to recover from failures that occur after it has added an account on the primary user. Change-Id: I3444f16520eed4b315d6ea4761f598f55d1e6ddd
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f3ece36535d4999cf2bfd2175a33da6c3cdf298e |
|
11-Feb-2015 |
Benjamin Franz <bfranz@google.com> |
Block setting wallpapers from managed profiles. Silently fail when a managed profile app tries to change the wallpaper and return default values for getters in that case. This is implemented through a new AppOp that is controlled by a new user restriction that will be set during provisioning. Bug: 18725052 Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2482100fed93eac82f7d4b759bd1ec418b55be58 |
|
06-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow device and profile owners to set a user icon."
|
1c3754a35c434e4102c7ac3dceb887fa137b153b |
|
05-Mar-2015 |
Julia Reynolds <juliacr@google.com> |
Add security check for clearDeviceInitializer in the service. Bug: 19230954 Change-Id: I5c648492bef0d2b579b6f59b91afc890e3092d36
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4b8d5821512c6a4fdaf442f6d48e1dc412539136 |
|
05-Mar-2015 |
Nicolas Prevot <nprevot@google.com> |
Remove the owner userid of cross-profile intent filters. The owner user id was used to identify in which user an app had set a cross-profile intent filter. But it's not really necessary. BUG:19505190 Change-Id: Iacc49d31c95e34efee1895e5fbe7224277dbc493
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
75328b703f8f83fdd62f11105ecd61df2ebe4420 |
|
04-Mar-2015 |
John Spurlock <jspurlock@google.com> |
Merge "Audio: Remove the concept of master volume."
|
ee5ad729b90deff435f9875337cbc434be4f8fe7 |
|
03-Mar-2015 |
John Spurlock <jspurlock@google.com> |
Audio: Remove the concept of master volume. - Remove two config resources (use master volume, and volume ramp). - Remove master volume adjustments / getters / intents. - Retain @hidden setMasterMute, needed for device admin - Remove master volume logic in AudioService. - Remove master volume logic in VolumePanel. - Rename "getMasterStreamType" to "getUiSoundsStreamType" to avoid confusion. Bug: 19582978 Change-Id: Id02c8fa4898cff3b913147f5ac1b4038e2e7cc24
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e925440a551b66a3d3121ec8badaf948d71d66a1 |
|
11-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
DOs can clear the DI; rehide hasUserSetupCompleted. Bug: 19230954 Change-Id: I97467229b23f3c9be1c3c4fff1c888a812f14a95
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fca04ca0965d5e04dacc025b77f2b4881ee1afd8 |
|
17-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
Allow device and profile owners to set a user icon. Change-Id: I7c2bafb85cff3fa063af7a2f27b76c69172f0525
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
20118f18c11c01c7743b5646cc1a0039c2e90037 |
|
11-Feb-2015 |
Julia Reynolds <juliacr@google.com> |
Allow the device initializer to perform user setup tasks. A device initializer is an application that is allowed to run during user provisioning on device owner devices. During device provisioning (or, user provisioning of the first user of the device), a device initializer is granted device owner permissions. During secondary user provisioning, a device initializer is granted profile owner permissions. Once provisioning is complete for a user, all elevated permissions are removed from the device initializer and the device admin component of the app is disabled. Bug: 19230954 Change-Id: Ib6725fb3b09bb21e4198a5dc0b445ccebb40b27e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
abc03c7ae8c9c628de319819a10ce2cbaedf1c86 |
|
26-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Fail silently when changing BLUETOOTH_ON/WIFI_ON directly"
|
41916d492c38055928ae5ad1e0b815ff79dc4f5c |
|
24-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Fail silently when changing BLUETOOTH_ON/WIFI_ON directly If the device owner tries to change BLUETOOTH_ON or WIFI_ON via DevicePolicyManager.setGlobalSetting, fail silently. There was not much point for the device owner to do it since it can also change bluetooth/wifi state via normal bluetooth and wifi apis. BUG:19311992 Change-Id: Ifba163800aa413865b8a2877cb21aacfa5cfc6c8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4b7656f18370d1dd73aeca5ec7a45449ca4f00a0 |
|
24-Feb-2015 |
Esteban Talavera <etalavera@google.com> |
Allow setting a Device Owner via ADB on unprovisioned device with preinstalled account Some devices come from carriers with a preinstalled account. This means that we couldn't set a device owner via "adb shell dpm" commands, while the regular device owner flow worked (as the latter just checked whether the device was provisioned). Bug: 18354022 Change-Id: I9a677de9d34d073e218b9179ec4b0f5b4b82adc9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3795fb0a13bfa3c76113b1ecec383e8767824ee3 |
|
16-Feb-2015 |
Robin Lee <rgl@google.com> |
Recognise insecure encryption with a new constant This is the default state on some devices which ship with encrypted key storage set up already but no initial password. Bug: 18048558 Change-Id: I055527fde21298bae2dbdca8c3a145f19b045aad
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f580c91618fa5d5f783f33db8136734cde6d6862 |
|
20-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Dump the profile/device owner when dumping device policy state."
|
fcc87275e3f6e6e84ca0677e3422c602686eef36 |
|
19-Feb-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Code cleanup"
|
22029f0a50f8bb08902054123153a215906483d5 |
|
19-Feb-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Code cleanup Use preconditions for argument checking. Change-Id: I2e9dcd8da1e0bdac917393376d1a7442ab63a638
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
397999f084467e068eab357c4b47323e3cde0685 |
|
18-Feb-2015 |
Amith Yamasani <yamasani@google.com> |
Merge "Save per-user camera policy in different system properties"
|
abf3570f382b94d16cc8a06c4b7c434d7a7052aa |
|
17-Feb-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy: Make uid parameter an int This should not have been a long to begin with. Change-Id: Icbf6e2e97cb6301b968b3eb8b3f9a46331f7983e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7a7f0c9756150b0b429fce41c9ce7c520e94f275 |
|
16-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Dump the profile/device owner when dumping device policy state. BUG:19363615 Change-Id: Icf04b39ce8c592544e69c52f229a2c1bdab661e2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f6901eb9e277491c9b3dc1fcc5b1f18b1a569ae3 |
|
16-Feb-2015 |
Robin Lee <rgl@google.com> |
Merge "Device Policy API to choose a private key silently"
|
509569807452e6d96b0c90abb092d5e8258afe66 |
|
13-Feb-2015 |
Amith Yamasani <yamasani@google.com> |
Save per-user camera policy in different system properties If a device admin for a user disables the device cameras, only apply that policy to that user and not globally. Corresponding change in CameraService looks into the per-user system property. This also fixes the bug that managed profile owner is able to disable camera for the personal profile. Bug: 19345698 Change-Id: Ibd5e438544a0409f26087ced247d50c706fcf843
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5cfd3d8b51b0e21c37d80e3cf5570bae8efe1bc1 |
|
11-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Merge "Avoid NullPointerException in enableSystemApp if the app is absent."
|
0413046f12316f36d12e91ba6dbafc53a7c20408 |
|
11-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Dont throw an exception for non-system apps when enabling system apps. In EnableSystemAppWithIntent: if a non-system app matches the intent: ignore it instead of throwing an exception. Change-Id: I64dc9a0bbc1a6bc5e2159a33b7273464ed2518c5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
637baaf0db76f9e1e51eeab077ffb85da0ff9308 |
|
10-Feb-2015 |
Nicolas Prevot <nprevot@google.com> |
Avoid NullPointerException in enableSystemApp if the app is absent. In enableSystemApp: if the app is absent, throw a IllegalArgumentException instead of failing with a NullPointerException. BUG:19321306 Change-Id: I4ec09a0a77d29ca04e8d52f5546c1e4d0f8641e5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3775a3f8861304073c2b2079f0b9a315a58c1d1a |
|
05-Feb-2015 |
Kenny Guy <kennyguy@google.com> |
am a2ced3e8: am 8d12d3da: Merge "Only switch user if current user is being wiped" into lmp-mr1-dev automerge: eeb43fb * commit 'a2ced3e879458786edf715a0016293791db7fd65': Only switch user if current user is being wiped
|
3798ed5e0b56ab03e7022a9922b50a4a25474033 |
|
03-Feb-2015 |
Robin Lee <rgl@google.com> |
Device Policy API to choose a private key silently Support for certificate chooser (keychain) to first query a profile owner (if one exists) for a silent credentials grant which will be passed back to the caller as an alias. Bug: 15065444 Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e9acb59a91f46c962151a58142448fd9f4101814 |
|
04-Feb-2015 |
Kenny Guy <kennyguy@google.com> |
Only switch user if current user is being wiped Only try and switch to owner if the current user is being removed. Bug: 19252449 Change-Id: I0143d87360db0834876821cbf52fec4933ecbd35
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
babdb0dc36290ba3a9dd040a38f9a3649fb6d510 |
|
30-Jan-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Removed userHandle from setXXX methods"
|
bdc58c66af3440f963731cdcdf820d7108d9f98a |
|
29-Jan-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Removed userHandle from setXXX methods User handle is now extracted from UID of the calling process. Previously setXXX methods may not work properly, if userHandle parameter was different from a user of the calling process. In practice, this wouldn't have happened because setters were always called with a userHandle of the caller process. Bug:17202572 Change-Id: I1c08c54c975a04b8c54719a1e280ad3cfaff2e67
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4197cb60bc74629fe4c04ab10cb3b1c9a7427d24 |
|
22-Jan-2015 |
RoboErik <epastern@google.com> |
Move mute/unmute handling to adjust volume paths This deprecates the setStreamMute and setStreamSolo APIs. Soloing is no longer supported and muting is redirected through the adjust volume APIs. Also updates the hidden master versions of these APIs. Change-Id: I65d2a5d5fc15b386bd497abf8ca6869fec75a26a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8e1b6d949be6d71cfb137f22d0b36bcf511568e2 |
|
26-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
am ad664808: am 6d16b861: Merge "Avoid NullPointerException if createUser returns null" into lmp-mr1-dev automerge: 2805669 * commit 'ad66480838189332b82cd2861bca4357aa2b93da': Avoid NullPointerException if createUser returns null
|
43daa008f3e5287b6bec27289c96440e71b5fbf7 |
|
26-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
am 20bd0c23: am 059b8ab6: am 414ea81e: Merge "Ensure notifications are sent when locking/unlocking location share" into lmp-mr1-dev * commit '20bd0c232cd4421affc871ccd01492ecd04316d0': Ensure notifications are sent when locking/unlocking location share
|
6d16b8614ac4c5aa44304e6fdcb9ed8aeec675fd |
|
26-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Avoid NullPointerException if createUser returns null" into lmp-mr1-dev
|
414ea81ea364d7b961cbfb885c30729595e3a7b2 |
|
26-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Ensure notifications are sent when locking/unlocking location share" into lmp-mr1-dev
|
f87b174dac87ed9e95e8522bfb836707f4a2239d |
|
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Avoid NullPointerException if createUser returns null If createUser returns null, we run into a NullPointerException in createAndInitializeUser. This can happen when the policy DISALLOW_ADD_USER is set. Bug: 19121141 Change-Id: Id4bda832a243fa42c31eb5a176ecaa248aee68f5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cd7b506c19dff4a68b46631fcede73f55547f985 |
|
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
am bfca5f40: am 266303fd: Merge "Avoid SecurityException when calling getUserData" into lmp-mr1-dev automerge: 07b87e5 * commit '07b87e537da3ec658235fe1d874c7dba5b4d696d': Avoid SecurityException when calling getUserData
|
266303fdb02ca1cf6df348e1af6830675476fd78 |
|
23-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Merge "Avoid SecurityException when calling getUserData" into lmp-mr1-dev
|
871fa7343a2ff8de837a721eacfc576b19438e54 |
|
16-Jan-2015 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Ensure notifications are sent when locking/unlocking location share When the restriction 'DISALLOW_SHARE_LOCATION' is applied or removed on a user it is important to send out notifications to content observers of LOCATION_PROVIDERS_ALLOWED. Bug: 18995405 Change-Id: I8b3910a423a012ea9d15470eec101723c9f0eaf7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fadb2b3a27e4c23f5c566e6f7eadfaed9e23e68c |
|
14-Jan-2015 |
Benjamin Franz <bfranz@google.com> |
Avoid SecurityException when calling getUserData Currently we risk getting a SecurityException in a number of places, where getUserData is called for a different user than the calling user. To avoid this, the caller is cleared in a helper function. Bug: 18662452 Change-Id: Ibc131c602e52d9f013fe739a9c18e693181ded67
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2dc53c560bcba5d423eb4f87533897ac34047eee |
|
16-Jan-2015 |
Kenny Guy <kennyguy@google.com> |
am 4be433dc: am 10dd6eef: am fd846dfb: Merge "Sync file before using JournaledFile commit." into lmp-mr1-dev * commit '4be433dc0b817fd4129e2bd99edb4c484f980600': Sync file before using JournaledFile commit.
|
212037f7cdbf3ac3712ab16f885d62da7f850fe0 |
|
15-Jan-2015 |
Kenny Guy <kennyguy@google.com> |
Sync file before using JournaledFile commit. Ext4 doesn't guarantee that write file.new / close file.new rename file.new to file will mean data in file.new makes it to file atomically. The rename may happen with previous contents of file.new and then later update to new contents See docs for noauto_da_alloc So rebooting the device during JournaledFile.commit may mean we are left with an empty file. Bug: 18590558 Change-Id: I35322c82871bed30c2c6ebbd1388338f0471f3ba
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7f7ea82c28f01798b15686aa45733885beebcc6e |
|
08-Jan-2015 |
Robin Lee <rgl@google.com> |
Profile owner hint in warning for extra CAs The version of the warning with a named installer should be shown in the case of a managed profile, not only a managed device. Bug: 18224038 Change-Id: I27865f77e963b9b15416f2e4a4ffc38fed8f5532
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e53b7dd0667208f956e20b932f85ba670eb074f9 |
|
08-Jan-2015 |
Robin Lee <rgl@google.com> |
Revert "Profile owner hint in warning for extra CAs" This reverts commit e1d8dcd9e170c1ed8a13b6e1256ea1fb22c26c49. Something funny happened in the process of submitting this, swathes of strings.xml became mis-encoded. Bug: 18224038 Change-Id: I0276ff3f880fe749546e8cc7e3e2f41c22c27705
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
dce0122ea2d27474890d5e18ba4b7e4d06303e53 |
|
07-Jan-2015 |
Adrian Roos <roosa@google.com> |
Explicitly specify user on LPU's private methods Also fixes a bug in DevicePolicyManagerService where the wrong user was used. Bug: 18931518 Change-Id: I7ae8ecfdb1c835cdee7eafa2b96e1ec8b712977b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
230635efe7ffb09d6dc56bfd9193aa1d89c8a898 |
|
07-Jan-2015 |
Adrian Roos <roosa@google.com> |
Purge biometric weak and keyguard widgets Bug: 18931518 Change-Id: I5da41908b1d6895a69f981e139f2d268327fafcd
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8e99586830640796209b935421868754f3ebf1d7 |
|
07-Jan-2015 |
Robin Lee <rgl@google.com> |
am 26e2da8f: am 374c358d: Merge "Profile owner hint in warning for extra CAs" into lmp-mr1-dev automerge: 23bb3f1 * commit '23bb3f11cbe4ca64337b5b75c333ea891760213f': Profile owner hint in warning for extra CAs
|
e1d8dcd9e170c1ed8a13b6e1256ea1fb22c26c49 |
|
05-Jan-2015 |
Robin Lee <rgl@google.com> |
Profile owner hint in warning for extra CAs The version of the warning with a named installer should be shown in the case of a managed profile, not only a managed device. Bug: 18224038 Change-Id: I58bddb162799481d5e8feb169b0c0bff17cbeeb7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
77f9a44adb07640762873ef0f80d32570771f154 |
|
28-Dec-2014 |
Robin Lee <rgl@google.com> |
am b4b14e39: Merge "Revert "DevicePolicy: Don\'t warn about managed profile CAs"" into lmp-mr1-dev automerge: c9db16c automerge: b6b7d42 * commit 'b6b7d4251cdab1843ae9b2ae167ac9276ada241e': Revert "DevicePolicy: Don't warn about managed profile CAs"
|
b4b14e391dbcde537350ccf649b3603cafba1e6c |
|
23-Dec-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "DevicePolicy: Don't warn about managed profile CAs"" into lmp-mr1-dev
|
853964927c12926321911081217c5f0742e7e82a |
|
22-Dec-2014 |
Robin Lee <rgl@google.com> |
Revert "DevicePolicy: Don't warn about managed profile CAs" This reverts commit 80559f4aadb3419eecdf6bf61945af584cd2aa8a. Bug: 18224038 Change-Id: I108a4e8cf185401fef4806e1ad8c2cc78992e843
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
77779aa3a5eea2d275c82035b025df85b7702f07 |
|
09-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
am d483a85e: am fed2812d: am 22afe626: Merge "Added isRemovingAdmin method" into lmp-mr1-dev * commit 'd483a85e69c3bb83b25473b93806e063b72c9315': Added isRemovingAdmin method
|
f66a43e398cc0be60aaf1a16a7b77f1cf0ff8f11 |
|
09-Dec-2014 |
Amith Yamasani <yamasani@google.com> |
am 81b27f4c: am b2905092: am 0702752c: Merge "Potential fix for accidental deactivation of profile owner" into lmp-mr1-dev * commit '81b27f4c9fcdb1e3379152d08a3abc0fb5e62c53': Potential fix for accidental deactivation of profile owner
|
22afe6261aab343070b63c60a1f4c7ce6f4383f9 |
|
05-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Added isRemovingAdmin method" into lmp-mr1-dev
|
96fb932666539e2b3be26ef91eb248a9ace5678e |
|
02-Dec-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Added isRemovingAdmin method Added isRemovingAdmin method, so that clients can query if device admin is currently being removed. Bug: 17609838 Change-Id: I82547a9eeb228fcf8ac2a6e639ca1a75fa41d161
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a0116afeaf9363c5a662624dda77b550aa9172a8 |
|
04-Dec-2014 |
Amith Yamasani <yamasani@google.com> |
Potential fix for accidental deactivation of profile owner This is a safeguard to only check for changing packages when re-validating active admins. 1. If package is being removed, only check if it's not being replaced. 2. If package is changing, only check the changing package that matches one of the active admins. 3. If package is being added and is a replacement (update), then check if it affects any matching active admins and verify the validity of the receivers. If by any chance some package broadcast was occuring at a time when an admin was being updated, or the package removed broadcast was coming in much before the update was registered with package manager then this will help in avoiding accidental deactivation. Bug: 18590558 Change-Id: I7f4897e8836f81aa037b8be87d399942ce78b1a2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5ff0e5fb6b339a7dea0cbc344e88673b7a99e593 |
|
26-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
am 0d122e26: am ba94fd5e: am 77e25331: Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev * commit '0d122e265c52ef25dbad652378b3a5e51a86f041': Add flag for wiping factory reset protection data.
|
e07f2c01afbc2d38ce7252a9bbc55fae4b5ea1e6 |
|
26-Nov-2014 |
Robin Lee <rgl@google.com> |
am a7ffed86: am cc19e8b8: am 692e4933: Merge "DevicePolicy: Don\'t warn about managed profile CAs" into lmp-mr1-dev * commit 'a7ffed86fce0a0cab8915bd6a727605959f08bb7': DevicePolicy: Don't warn about managed profile CAs
|
77e25331ca7ad1fb69fbe7fbec69179824e46e59 |
|
25-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev
|
a7e87acb2416d4212c84fb9c45353dbf6ee15e6a |
|
18-Nov-2014 |
Paul Crowley <paulcrowley@google.com> |
Add flag for wiping factory reset protection data. Bug: 18366448 Change-Id: If8904888a6bf8611d34647e6d65d2347d824dbb3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
80559f4aadb3419eecdf6bf61945af584cd2aa8a |
|
25-Nov-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: Don't warn about managed profile CAs Setting up a managed profile should have included a step to warn about this sort of thing already. As the user should trust the profile owner anyway it's hard to argue this warning is needed. Bug: 18224038 Change-Id: Ie86ba26851af726c0dec30eb9c32894ed6bb4a00
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e1d84dd914ffe29fe821b814924b0a56506dc238 |
|
25-Nov-2014 |
Adrian Roos <roosa@google.com> |
am 9a4d0257: am 520d20c1: am 702d9e31: Merge "Fix DPM.resetPassword("")" into lmp-mr1-dev * commit '9a4d0257beadf53c706afbcb4abc76c17a44ff00': Fix DPM.resetPassword("")
|
702d9e31b1bcacff975a2b8e0d04160bbd6811ed |
|
24-Nov-2014 |
Adrian Roos <roosa@google.com> |
Merge "Fix DPM.resetPassword("")" into lmp-mr1-dev
|
9d4e6a83553b2d8cc8c6d4fcce6c2af2bf52c874 |
|
22-Nov-2014 |
Amith Yamasani <yamasani@google.com> |
am 1f26bf6b: am 108bdbc9: am efb2df69: Merge "Different messages when wiping user and not device" into lmp-mr1-dev * commit '1f26bf6bfd683b840f688b41d285fd9c942e6ed5': Different messages when wiping user and not device
|
3a3d212a51974ccec6100c1e117225291edc83cc |
|
29-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Different messages when wiping user and not device There are 3 types of users 1. Primary - device will be wiped 2. Managed profile - profile will be removed 3. Secondary user - user will be removed Show different messages for almost wipe and wipe in each of these 3 cases. Bug: 16843155 Change-Id: Icecfe520622773da9e45465bf2217e8ed38b266e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ffba290a33b2b7a8c1bd393e0286686f99b2dbb8 |
|
21-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
am 5c374a58: am b3d0580f: am 08229e81: Merge "Shutdown backup manager service when device owner is set" into lmp-mr1-dev * commit '5c374a582ceff913e420d21d63e1d7b087d6fc56': Shutdown backup manager service when device owner is set
|
08229e817ecb67b0c7ebbd6b5b9ce4aef1b38cc2 |
|
21-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Merge "Shutdown backup manager service when device owner is set" into lmp-mr1-dev
|
f8f56bce428bb2b89d1d572ccd2d604761dbbce8 |
|
20-Nov-2014 |
Adrian Roos <roosa@google.com> |
Fix DPM.resetPassword("") While we're at it, also fix some multi-user issues in LockPatternUtils. Bug: 17496766 Change-Id: I8e557ea640fa589817c8f8f818c91463585d5ea7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4221126b95db7fc81e4735a18a92aa40621bd2af |
|
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
am 3c1d5e2f: am 40603baa: am 735f2285: Merge "Remove permission check in DevicePolicyManager.isUninstallBlocked()" into lmp-mr1-dev * commit '3c1d5e2f9d0724f0a10313244d0ef47957d855f2': Remove permission check in DevicePolicyManager.isUninstallBlocked()
|
dbf32fe93a4fa59961a83dfdc30c281978d22121 |
|
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
am f978e667: am 0122db0a: am 3a7d3fc6: Merge "Fix equality test in getProfileOwnerAdmin()" into lmp-mr1-dev * commit 'f978e667a6395902be09f3dd6c5c6b8d17ce58da': Fix equality test in getProfileOwnerAdmin()
|
735f22850edcb5c2447c37cb96f048de8a742907 |
|
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Remove permission check in DevicePolicyManager.isUninstallBlocked()" into lmp-mr1-dev
|
3a7d3fc60e1347ff9bdddb8040237e2818d67a0e |
|
19-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Fix equality test in getProfileOwnerAdmin()" into lmp-mr1-dev
|
a97855b784243c00b99dfcb6595164ab4a88d05c |
|
07-Nov-2014 |
Rubin Xu <rubinxu@google.com> |
Remove permission check in DevicePolicyManager.isUninstallBlocked() This is to allow Play to use this API to find out whether a package is uninstallable due to profile or device owner policy's restriction. Bug: 17914630 Change-Id: I4ce2963884ecdf3306805f36db80ed1ebf04d88f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0477f716311ab03ef89ce9ecb288182c0aa25d4a |
|
14-Nov-2014 |
Fyodor Kupolov <fkupolov@google.com> |
am 70b2de7c: am 6dd9f86f: Merge "Added synchronization to handlePackagesChanged method" into lmp-mr1-dev automerge: a07bdda * commit '70b2de7c25a083a44042ddd0cb8b2a24dde53e6e': Added synchronization to handlePackagesChanged method
|
26ac6a6fd0ef43803c6edd786c8f1fa715ae3cca |
|
13-Nov-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Shutdown backup manager service when device owner is set Bug: 16641441 Change-Id: I3fe54e43324c15dabd56834a923e8e8cb4eea98d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d01ff6d4c35edecd3d250d65ca1ab63699e0d642 |
|
12-Nov-2014 |
Fyodor Kupolov <fkupolov@google.com> |
Added synchronization to handlePackagesChanged method Method handlePackagesChanged modifies the policy data without holding the lock. It also calls methods which expect a lock to be held - validatePasswordOwnerLocked, syncDeviceCapabilitiesLocked, saveSettingsLocked. Bug: 18262633 Change-Id: Ia4bdc6edc66bccf8a4288e048171ff20858ae2f6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7c2f2422301f0fb84cbcccca353ecf291bb7f1e0 |
|
12-Nov-2014 |
Amith Yamasani <yamasani@google.com> |
am e73cab5f: Merge "Allow profile owners to set the unknown source setting" into lmp-mr1-dev automerge: 93ffd5d automerge: 15de62d * commit 'e73cab5f1226f7434fa8bbf341e91891916683c5': Allow profile owners to set the unknown source setting
|
70170261cbd966501a673ba5548dcab823037cfb |
|
12-Nov-2014 |
Jeff Brown <jeffbrown@google.com> |
am 32f7a6d8: Merge "Move device admin max screen off timeout to internal interface." into lmp-mr1-dev automerge: c1275e7 automerge: a473878 * commit 'a4738781584d58e133fc4d0f55d9b7ebcb246ff6': Move device admin max screen off timeout to internal interface.
|
52c39a16db077f5017ab20214e60a205e075f2d7 |
|
21-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Allow profile owners to set the unknown source setting This allows work profile MDM to enable unknown sources even if the user doesn't have UI for it. Installing an app from an unknown source will still prompt the user with the package installer dialog, so it's not like the MDM can now quietly install apps from non-market sources. Bug: 18316350 Change-Id: Ia8f4fe36f12a258aa888e085acc0b358925f4817
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5ce1cb240b13db98fbdc21e1ef069b5f9cec8d72 |
|
07-Nov-2014 |
Jeff Brown <jeffbrown@google.com> |
Move device admin max screen off timeout to internal interface. The setting was previously exposed in IPowerManager but it doesn't need to be there. Bug: 17656076 Change-Id: If3ed0cbe89f67c60aa00376be0c54b1bd9656144
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cc56956025c8e562513f63a3457a3fc0ee052405 |
|
06-Nov-2014 |
Jim Miller <jaggies@google.com> |
am 767ae175: am 6230cdf5: am 262dc4da: Merge "Update TrustAgentService API after review" into lmp-mr1-dev * commit '767ae175fab5a93f4948b3722549448eb4b55e41': Update TrustAgentService API after review
|
e303bf443532c2ad756260133f00747bcff11e69 |
|
27-Aug-2014 |
Jim Miller <jaggies@google.com> |
Update TrustAgentService API after review This change incorporates API council feedback and enables the TrustAgent whitelisting API. It also contains a minor cleanup of DPM's use of UserHandle to eliminate unnecessary object creation. Fixes bug 17008504 Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d7892e71a85989a3afc6388d917ab9961a607f24 |
|
30-Oct-2014 |
Rubin Xu <rubinxu@google.com> |
Fix equality test in getProfileOwnerAdmin() The equality test should compare a ComponentName, which admin.info is not. Bug: 18186447 Change-Id: If984ae2e0da958889564ba30716d65245a78d60f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
7e351fdae8e9f40a095fa16d9cf39ce9a463a652 |
|
27-Oct-2014 |
Yohei Yukawa <yukawa@google.com> |
Stop querying package names unnecessarily This is just a code clean-up. No behavior change is intended. BUG: 18131340 Change-Id: Ia88374cde7845553530ddd1176f983101e4ec13f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f5c00c1c1136c9752b9c0157f9eca6385d7b9448 |
|
28-Oct-2014 |
Benjamin Franz <bfranz@google.com> |
Merge "Send ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED Broadcast when a user restriction has been changed." into lmp-mr1-dev
|
05720542613ec79c4b87453845231c838dbe0d03 |
|
15-Oct-2014 |
Benjamin Franz <bfranz@google.com> |
Send ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED Broadcast when a user restriction has been changed. Bug: 17916693 Change-Id: I6bca83ad6224ab6f1e4bdf41a10f514823c66755
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e69bdca44bbbd16b990b9be0eba24e88cbb7f8f8 |
|
20-Oct-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: Restore CA warning to K behaviour Some tests rely on this being dismissible. Additionally it turns out some users don't like having a hulking great notification follow them around everywhere. Bug: 17985258 Change-Id: If05a07b9eaa402a48f9a14647effc1df32c796e1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cd410ba4e816b657020cafb23e69206734726b42 |
|
17-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Use the correct method to check if device is encrypted DPM's method will return false if encrypted by default password, preventing the changing of encryption password to lockscreen password. Check if the device is encrypted by some means, instead. Also fix a SecurityException when Device Admin queries encryption state (recent regression) Bug: 17881324 Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3836c9a4c145cd683151bd627a22958303a418c2 |
|
15-Oct-2014 |
Jim Miller <jaggies@google.com> |
Fix getStorageEncryptionStatus() in DevicePolicyManager This fixes a bug introduced by a change where the function ignores systems with default encryption where it's disabled. The fix also checks to see if vold thinks the device is secure. Fixes bug 17881324 Change-Id: I2c40f76cf990d90d1a825955aa3b080b21684426
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2c3886cb3463ff39c1986c5b85eba79748dd8c24 |
|
15-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Fix admin policies in managed profiles" into lmp-dev
|
242f4b125939276be866bb0a637b89bfbc5aa880 |
|
15-Oct-2014 |
Amith Yamasani <yamasani@google.com> |
Fix admin policies in managed profiles Some of the admin policies are throwing security exceptions in a managed profile without being documented correctly and others shouldn't be throwing security exceptions. Changed setCameraDisabled() to not throw an exception. It now just prevents work profile apps from using the camera. Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In secondary users/profiles, this is just going to remove the user, so the flag is harmless. Updated documentation for setKeyguardDisabledFeatures() and resetPassword() to indicate that they cannot be called in a managed profile. Bug: 17987913 Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
28433dbdabd3f60224131039911a8f1def3fe670 |
|
15-Oct-2014 |
Svetoslav <svetoslavganov@google.com> |
Fix a NPE in device policy manager service. It is possible that the device does not have an owner. If there is no owner we get a NPE when asking the device policy manager for cross-profile widget providers. bug:17989189 Change-Id: I5759f2dec160ed8076ab47fdf09134f78c57458d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d0130e85398aea84151765a8706109beedb20c37 |
|
06-Oct-2014 |
Robin Lee <rgl@google.com> |
DevicePolicy: One cert tracker warning per profile Shows one notification per profile instead of one notification per user or (previously) one notification per device. Bug: 17794425 Change-Id: I6f0d34a16fa2a45082941387ac765dd99eefa131
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
004a4b20f8d3116e6a711525960d433fcfea4ee4 |
|
24-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Include reason when wiping data. This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: If8413e5d6377773f37e8b34ae3d26347226a027c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8d9f12161823f267179f46825734c188b6c75b09 |
|
19-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Allow primary user profile owner to set device restrictions" into lmp-dev
|
dd31a10c7f194d70411c8fb8ca8c0ab6751dccb2 |
|
16-Sep-2014 |
Jessica Hummel <jhummel@google.com> |
bug fix: Allow enableSystemApps to be called by profile and device owner. We had an additional check for managed profile in there, so it wasn't working for device owners. Also needed to look at uninstalled packages. Change-Id: I4813f23b00d7905e92ade582ce082a6f295a322d Bug: 17384318
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c34dc7cdeb5cae8ca4c731838aafe90ed4c9a2b8 |
|
18-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Allow primary user profile owner to set device restrictions In addition to device owners, profile owners on the primary user can also set user restrictions that are necessary to lock down the user. This is to enable the case of a profile owner registered after setup wizard is completed, on the primary user. Also make managed profile vs. profile wording consistent in the DevicePolicyManager docs. Bug: 17555025 Change-Id: Ib9d08b8af34a99b25e11757fa7dc83673a7deb32
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d616a3357872ca0142611576884df4495e7ccbd6 |
|
12-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Prevent device owner registration after setup is complete This change prevents adding a device owner after setupwizard has finished provisioning. Only the new dpm shell command can set a device owner. Bug: 17316711 Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d09fbafa9242e67450c2f85807a159152d4761c8 |
|
12-Sep-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Add new adb dpm (= DevicePolicyManager) command" into lmp-dev
|
b5ef162129ced7e9636052af6b7f08d677a01f13 |
|
08-Sep-2014 |
Esteban Talavera <etalavera@google.com> |
Add new adb dpm (= DevicePolicyManager) command Adds new adb command to execute DevicePolicyManager tasks. First subcommand allows us to set a device owner on a provisioned device (provided no accounts are associated with the device). This is required as GTS tests run on provisioned devices. We plan to add more subcomands required for new GTS tests, such as the ability to create a managed profile. Bug: 17312478, 17316711 Change-Id: I2613178ea82a6c6268e7f8012e74c4a852fea0d4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
26408ccd8e852d947e58021792bfc3b315e5948d |
|
08-Sep-2014 |
Bernhard Bauer <bauerb@google.com> |
Add DevicePolicyManager PrivateKey mgmt Additional device policy API to install keypairs to the keychain silently. Bug: 15065444 Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f58e532e015ef31d879ee51aeeb251349784717c |
|
11-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Apply cross-user restrictions to Shell" into lmp-dev
|
d86734b4695a92359ed38d6053ed1ce16a470634 |
|
11-Sep-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Allow device owners to update LOCATION_MODE." into lmp-dev
|
8cd28b57ed732656d002d97879e15c5695b54fff |
|
09-Jun-2014 |
Amith Yamasani <yamasani@google.com> |
Apply cross-user restrictions to Shell Even though Shell user is allowed to perform cross-user actions, lock that path down if the target user has restrictions imposed by the profile owner device admin that prevents access via adb. If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't allow the shell user to make the following types of calls: start activities, make service calls, access content providers, send broadcasts, block/unblock packages, clear user data, etc. Bug: 15086577 Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a240d8377a3a45ddd4daccdb6b34f51644296486 |
|
05-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Don't allow guests to install from unknown sources" into lmp-dev
|
82735bcb1400cb5ab2da763a236a55927d87ab00 |
|
04-Sep-2014 |
Julia Reynolds <juliacr@google.com> |
Allow device owners to update LOCATION_MODE. Bug: 17388933 Change-Id: If3267aa52c2611cf764a19bee019c312f6ebf5d1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
127343cb460c8d23f9fb59bcf4bcea6e9b9cea03 |
|
04-Sep-2014 |
Craig Mautner <cmautner@google.com> |
Merge "Eliminate deadlock by deferring wipe data call" into lmp-dev
|
66eb5218335886fed1978891bd0f2d04d2109563 |
|
04-Sep-2014 |
Craig Mautner <cmautner@google.com> |
Eliminate deadlock by deferring wipe data call The call to RecoverySystem.rebootWipeUserData() was made while holding the lock to DevicePolicyManagerService. But it blocks waiting for system_process' main thread to receive the ordered broadcast complete callback. It won't receive that callback because Keyguard is running on the main thread and is concurrently blocked on DevicePolicyManagerService. By moving the call to rebootWipeUserData() out of the synchronized block the deadlock is eliminated. Fixes bug 16870054. Change-Id: I3eb587211e5484859cc9dab7e80e5a1f6c85225d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
29ce85bab94a2d0dc98d9075ae86c8a282367117 |
|
04-Sep-2014 |
Amith Yamasani <yamasani@google.com> |
Don't allow guests to install from unknown sources Added a user restriction when creating a guest. Made sure that guests can't install profile owners that could undo the restriction. Bug: 17359648 Change-Id: Icdd919e8b1cbd79a69aacb76e573ec3449f18e4c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
808f6ef2ac2127ea0ea14e71c9599355b631a617 |
|
28-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Pass ComponentName to probing certificate methods Pass ComponentName and check whether that admin is a profile owner on DPM get/has certificate methods (requested on the API review). As per Change I55eec17e01489ab323f8a0e68b11592605a7b740, not keeping track of which admins installed which certificates for now: "Having per-admin CA certificates would be a fair bit of work. The only MDMs we're opening this up to for now are Device and Profile Owners which 100% manage the profile so will be the only admin. It seems like if we keep track of "who installed which certs" it'll be a little pointless because the answer will always be "the ProfileOwner" for every single one." Bug: 17005622 Change-Id: I45e9dac5236ab4ed235a341c208ac3cb6aba17da
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a8528c642090525f0e5f3c35dc3ba5a50ff17093 |
|
28-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Audio/Micrphone user restriction/multiuser updates." into lmp-dev
|
65c27970821f022d5c256eba8b764f584210e683 |
|
28-Aug-2014 |
Robin Lee <rgl@google.com> |
Relocate broken getCallingUserId() calls This should not be invoked while the calling identity is cleared because it will return the current user rather than the calling user. Bug: 17314802 Change-Id: I587daa420b0976d41928ab7c34eeda2329c1341e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
729b2a6c2f330c10674bb3fc0c4f2eb57e3d0a43 |
|
27-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Renamed getUninstallBlocked to isUninstallBlocked As per API review. Bug: 17297103 Change-Id: Icb4ceded317b0df4deb0f5221512541a632e150b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b53453fae037d67e421011936c8fdffe7ba43922 |
|
22-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Audio/Micrphone user restriction/multiuser updates. 1. Persist microphone mute state. 2. Set mute state for correct user. 3. Check for settings restrictions as the correct user. Bug: 17177502 Bug: 16701642 Change-Id: Id8b6cd90c5caceb67fbec862f90aac7ec7a00b3c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
19d431f330bf1d89c92c0971dad5fa8f5950b16d |
|
27-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Limit the settings profile/device owners can update." into lmp-dev
|
9ed66da8dfd15001cebe8f7ef453718f41f9904d |
|
26-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Limit the settings profile/device owners can update. Bug: 16351901 Change-Id: Id33a57ad651b5b7b58de0549eb90d5a1fe5c19c5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0ced6272911f440843e9ff8e89b9fafdb49b243b |
|
26-Aug-2014 |
Sander Alewijnse <salewijnse@google.com> |
Provide lockdown of date/time device owners. Fixed two minor issues with the screencapture as well. Updated documentation and added enforceCrossUserPermission. Bug:16948504 Change-Id: I9a645dcf480a4a044879ba481bce964d06fe5153
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d5c5c13c8505a27290a2540ff1f64c8753431cb1 |
|
20-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Rename get/setBlockUninstall() to get/setUninstallBlocked() As requested in the API review Bug: 17005622 Change-Id: I1332ad11e588ab3fa409f2a28222608936cb383e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8c5c37364776266d9d91bb35094a9755707833f7 |
|
21-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Remove setApplicationsHidden" into lmp-dev
|
b9e468cb9d77abf57473436e29042e1b27d9f70b |
|
21-Aug-2014 |
Kenny Guy <kennyguy@google.com> |
Merge "Add apis for whitelisting IMEs and accessibility services." into lmp-dev
|
115cd65d2a3417b506563e6b2d60c269d69efaef |
|
21-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Remove setApplicationsHidden As requested in the API review. This version (the one that takes an Intent) was used only in the DeviceAdminSample and some CTS tests. Bug: 17005622 Change-Id: I9984b22836417ad4d025302f61bd91704e9345a4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fa80a4faa3ab32f61742b684e832126dae8468e7 |
|
20-Aug-2014 |
Kenny Guy <kennyguy@google.com> |
Add apis for whitelisting IMEs and accessibility services. Adds apis for device / profile owners to white list the accessibility and input methods a user can enable. Bug: 14469005 Change-Id: I921888660d29a5370395db87adf75d4d106660c9
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6bd702538d90005add1cfc33746da19404090dc1 |
|
20-Aug-2014 |
Svet Ganov <svetoslavganov@google.com> |
Notify app widget hosts when cross-profile providers change. 1. Notify the hosts in the group if a package gets white-listed or un-white-listed for providing widgets across profiles. 2. Notify hosts in the group for provider changes when a profile is deleted. bug:17126070 Change-Id: Ic719c1c68e45842d50decc95603f1d61583b8f02
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
afe7a2c9c30393c83304ad0d30a6a32072ba1845 |
|
20-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Prevent profile owners from setting certain user restrictions." into lmp-dev
|
2cb384f42569f36e19ecee60da259d69048fdd85 |
|
13-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Prevent profile owners from setting certain user restrictions. Bug: 16351901 Bug: 16701492 Change-Id: Ie866bc24d2d7cc15f86c5b50062a730e099612a1
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
255dd04271088590fedc46c8e22b2fd4ab142d39 |
|
19-Aug-2014 |
Selim Cinek <cinek@google.com> |
Added notification color to all system notifications Bug: 17128331 Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
95d9ad0f79c900db9bca1745100f14d0ec9cc133 |
|
18-Aug-2014 |
Jason Monk <jmonk@google.com> |
Merge "Fixes to lock task API from API review" into lmp-dev
|
3d9eb78fe91ab2479eb38443aed588e10421e31b |
|
11-Aug-2014 |
Julia Reynolds <juliacr@google.com> |
Apply lockdowns when user restrictions are set. Previously DMAgent would apply these lockdowns before/ after setting the matching user restrictions. Bug: 16701642 Bug: 16945830 Bug: 16944983 Change-Id: Ib4f7145055687f12408d6ccacd8e6380406a32b2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
48aacba761527a529c2b668c8151c7f98ff70524 |
|
13-Aug-2014 |
Jason Monk <jmonk@google.com> |
Fixes to lock task API from API review Adding ComponentNames and some splitting/renaming of broadcasts. Bug: 17005622 Change-Id: I9ece3553310fb20b0c3c3e4032b408e86384363a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b8b4774e6185058b179a31f8c1a2dd806413e31b |
|
07-Aug-2014 |
Adrian Roos <roosa@google.com> |
Fix NPE in DevicePolicyManagerService that crashed SystemUI Bug: 16857795 Change-Id: I6234f03c4ee31311af9f9c556b790594ee1a8b2f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
00f201e41b5b496327b9578e6fb00fad8b4d9da9 |
|
07-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Merge "Wipe only managed profile when max number of incorrect passwords exceeded" into lmp-dev
|
fe0f24cc92b04e03cac3f807859721f1ce7ef54a |
|
06-Aug-2014 |
Esteban Talavera <etalavera@google.com> |
Wipe only managed profile when max number of incorrect passwords exceeded When the maximum number of retries that has been exceeded is not for the primary profile of the user, wipe only the profile that set that policy (e.g. the managed profile) rather than the entire user. At the moment the whole device is wiped if the max number of incorrect passwords for a managed profile is reached, as the password is shared with the USER_OWNER. Bug: 14453697 Change-Id: I5746de104133c0ea0a51d75b9c92e1516d365d8c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
318f91b784e8f71b25e6de2f22d8e24412477ae2 |
|
07-Aug-2014 |
Svetoslav <svetoslavganov@google.com> |
Fix NPE in device policy manager service. Change-Id: I796359f903077eb0ef825ed926557f1a13b2e4c4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
976e8bd2017d0263216c62111454438cc0f130e3 |
|
17-Jul-2014 |
Svetoslav <svetoslavganov@google.com> |
Allow adding widgets from user profiles. The goal of this change is to enable support for appwidget from user profiles to the user main profile. A user profile is a user which is associated as a child of the main user profile. For example, a user may have a personal (parent) and corporate (child) profile. The device policy should be able to control whether adding a widget from a child profile and given packages is allowed. This change assumes that all packages from managed profiles are white listed. Another change will add the device policy changes. Change-Id: I267260b55d74c48b112a29979a9f59eef7a8194e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a87863a8bddb033ca9ace11e7d78932d70d08ce3 |
|
29-Jul-2014 |
Sander Alewijnse <salewijnse@google.com> |
Fix deadlock window manager and device policy manager. Removed all communication from wm to device policy manager. Added initialization of cache in wm by dpms. Change-Id: Ifa0b8bfcd625464b156d5cc0fb66d342deda1c27
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
50c360790ca4c061aa6a1d94e06bd7e25b0f0436 |
|
30-Jul-2014 |
Robin Lee <rgl@google.com> |
Don't turn off screen after wiping user profiles The activity manager should know when to lock the screen. If an admin does want this to happen then they should be able to run both commands in succession. Also rectifies some creative code styling in the same DPM method. @bug 15558805 Change-Id: I8918184a4585aa8b061eb4a68edc2ec6805d8127
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
bf3a9465483976dcd5692b619b47132c2b95f73e |
|
28-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Set profile owner via an intent priv apps can request to become a profile owner after setup has completed. This will pop up a consent dialog (in Settings). Also, clean up profile owner concept to be a component name. Change-Id: I5e8532866e8018f61836c4e84fbbadb6150218ae
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
604e7558ef32098644b2f9456d7743a07ae789dc |
|
19-Jul-2014 |
Jim Miller <jaggies@google.com> |
Add new DevicePolicyManager API to allow fine-grained TrustAgent management This adds a new feature that allows a device admin to specify a whitelist of features that are allowed for the given admin. Change-Id: I83f853318efbcf72308532d0a997374f73fa9c10
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ea4f01070a9c8f5147eb228c413a84de78d98973 |
|
28-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Remove the profile/device owner user restriction bypass." into lmp-dev
|
401de1785eccc946ed6c35e9b7fccab92b2022af |
|
25-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Remove the profile/device owner user restriction bypass. Bug: 16566096 Change-Id: I4a56046df44d36d82edc64fc727e8cad5dc75382
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
0da218be00d37a20866059c54a3dd5e8bf17e20b |
|
25-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Don't update user's setup state unless it changed Eliminates an extra write on every boot. Bug: 16416936 Change-Id: I9ca16676c1b39dafeed3fc744a69c5bde819990c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3f7777fa4f1d392e18bad39edcd4539880c52ff9 |
|
24-Jul-2014 |
Nicolas Prevot <nprevot@google.com> |
Storing the app who sets a CrossProfileIntentFilter. When we add a CrossProfileIntentFilter, we store the package and userId of the calling app inside the CrossProfileIntentFilter. When an app calls clearCrossProfileIntentFilters, we only remove the filters that the calling app has set itself. BUG: 16537557 Change-Id: I6e7bc859383ea66553d9f4230365df8ba27525f3
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d2a1eec400128f39e1b223a720a88dbd395f3e6e |
|
09-Jul-2014 |
Sander Alewijnse <salewijnse@google.com> |
Add Device Policy API to disable screen capture. WindowManager will set secure flag on SurfaceControl for all windows of a flagged user to prevent screen capture. API is consistent with the camera disable API. Change-Id: Ib180f67f1ad827b6f4aca2af615274256cce58f4
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8ddeee98b8b3d8b7379d9044b1ad0ad12ead004b |
|
23-Jul-2014 |
Dianne Hackborn <hackbod@google.com> |
Use foreground broadcast to get device admin msg. Using a background broadcast is bad, it can take a long time to get the message back, either accidentally (backed up behind other broadcasts) or from a deliberately malicious admin. Change-Id: Ib7491f8e27dacdc002562aef027ee4664e78e97b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9c2be6c7ba3d7dce58e8f4ec1617698c54ae808e |
|
22-Jul-2014 |
Robin Lee <rgl@google.com> |
Stop double-loading device admins loadSettingsLocked() was being called twice for USER_OWNER at systemReady(), doubling the number of admin entries at every boot. Also guards against double-adding admins which appear twice in the same XML file, favouring more recently-refreshed entries for backward compatibility. Previously an application calling in with 'refreshing = true' would double-insert whatever admin was being refreshed into its user's list of device admins. This is fixed too. @bug 16416936 Change-Id: Idd147aa130e6bce7bcc40532f0a7fb07117b3151
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
eee5094f96c630661ca563d70de244ccbbd53579 |
|
22-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Fix a security exception when checking cross-profile caller-id cap. No need to enforce that the caller is in the system process. We're only checking if the device policy is allowing access. Bug: 16301261 Change-Id: I87a7c808d116c86aa68cebb36631c46d0a54be96
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e5bcff624fb58b6f95be8ddff7f5b6b3bf5d19c7 |
|
20-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Rename setApplicationBlocked to setApplicationHidden This corrects the expected behavior of the app state. Hidden apps can be installed by the store to be brought out of hidden state. Bug: 16191518 Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c8fa3ae2ce238843496d7aa3f1c4042bb9bb98b4 |
|
17-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Merge "Create DPM APIs for cross profile callerId" into lmp-dev
|
210fe21e95cfff98734f5b849b205cdcb0706948 |
|
17-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Create DPM APIs for cross profile callerId Contact information in the managed profile is shown in the incoming call UI unless blocked using this API. TODO: Actually plumb this into the caller-id logic. Bug: 16301261 Change-Id: If03adc907d9558baa0a45a1833b857206b7bf96a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
999d394adee533c55fce38bd632ffd4f1af91362 |
|
03-Jul-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Ads per-user APIs to manage accounts through the AccountManager Bug: 16056552 Bug: 14642886 Change-Id: I17ff6c2515285e63c84cecf2f861d10666c393c5
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3f4f2fbcd0557e32464e393cb9acc28c2328614e |
|
17-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Merge "Keep track of user_setup_complete in DPMS" into lmp-dev
|
ed239cb950d05ae794999ca75cef0c5371016800 |
|
17-Jul-2014 |
Amith Yamasani <yamasani@google.com> |
Keep track of user_setup_complete in DPMS This is to ensure that some system app can't modify that state for purposes of changing the profile owner without user consent. Bug: 16207721 Change-Id: Ic5f454d7568cd824b83456eed0e2611779a9adf8
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
655be2a98ea6285fc33aec4b223e90c2620927f1 |
|
14-Jul-2014 |
Adam Connors <adamconnors@google.com> |
Revert "Remove enableSystemApp methods." We need to go back to uninstalling system apps so we can re-install non-default system applications through Play. This reverts commit e3dbcd138c07f2d32ac84229d0a49052cc18d424. Change-Id: I0a7af094614c4a10800971c82e10571f7312e079
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
582d9111d76632027fed7af10d05d4b44df16c0c |
|
10-Jul-2014 |
Jason Monk <jmonk@google.com> |
Add API for device owner to switch users Once verified that caller is device owner just calls through to the activity manager and acts like that call. Change-Id: I34023313cd6742b73d2105655ec6b631879aa37a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
85516d028b2dcc7ebc09f4a68085836aa26191d5 |
|
01-Feb-2014 |
Jim Miller <jaggies@google.com> |
Add new "pin complex" type to supported keyguard PINs This adds a feature to allow DevicePolicyAdmins to prevent using simple PINs, which are defined as those containing more than 3 repeated values. Examples include '1234', '2468', '1111', '9876', etc. Bug 12081139 Change-Id: I4ebe1c76a48087dcd7c878e9bd79a4e3ee2a27fe
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fe0538098403b49ebd9219bf77236471bb5ca63b |
|
30-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Restrict factory reset with user restrictions. Bug: 15985879 Change-Id: I524bd8a790798a85a679aa195e634f6e0227d09f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c13053bf1c05b980421611487ce67677c08db299 |
|
29-May-2014 |
Kenny Guy <kennyguy@google.com> |
Add package state to block uninstall. Add package state to allow profile or device owners to block uninstall of packages. Add API to DevicePolicyManager to set/get the state. Bug: 14127299 Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1333ea1ed7a95eb9e1be43c20a0c48e901654cac |
|
23-Jun-2014 |
Jessica Hummel <jhummel@google.com> |
Provide api to set the managed profile name. Instead of sending the profile name in the provisioning intent the mdm should set the profile name after provisioning has completed. This allows us to simplify the provisioning flow and the mdm can change the name of the profile later on if required. Change-Id: I821ef2300eae74e89872152ae1c89ac3ecbb82e7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
ef1de65117e8361cbeb188309dbb1a7953350c2a |
|
25-Jun-2014 |
Adrian Roos <roosa@google.com> |
Trust Agents: Disable until next unlock if device is locked by DPM Bug: 15871777 Change-Id: I1a6e43848e600ffa2092282081b18ddf92419d4a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c5185f2bf1bf15ea0cfd72d30167fcbb1d61d437 |
|
24-Jun-2014 |
Jason Monk <jmonk@google.com> |
The profile owner shouldn't control lock task Since managed profiles are started on bootup, the managed profile would be allowed to set an app (possibly itself) as a lock task app and then run itself on bootup and constantly control the device. This privelege should be restricted to device owners. Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
aab72f3b0ab740e12b4a2576a99852081529feb5 |
|
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Revert "Publish DevicePolicyManager CA certificate APIs"""
|
306fe08ce2b06671336e67a87afaa0851f0105eb |
|
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Revert "Publish DevicePolicyManager CA certificate APIs"" This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936. Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
2b5e917026fe4e6dec8712ee24bdffee8d62ab33 |
|
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Publish DevicePolicyManager CA certificate APIs" This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5. Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
e7cd37e6138c5e769cc6cb398e632bca24d2d1ab |
|
19-Jun-2014 |
Nicolas Prevot <nprevot@google.com> |
Merge "Introducing crossProfileIntentFilters that skip the current profile."
|
63798c596dc757135950313eb4bb44ca58696c68 |
|
27-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Introducing crossProfileIntentFilters that skip the current profile. For these crossProfileIntentFilters, the activities in the current profile cannot respond to the intent. Only activities in the target profile can respond to the intent. BUG: 14936725 Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
fbe6be4f653d73d5c51ee0a2fb40d2a34c2366fd |
|
18-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Notify any profile/device owners of lock task"
|
35c62a4668a85aa4318c9ec564f2e06e8a2d2a30 |
|
17-Jun-2014 |
Jason Monk <jmonk@google.com> |
Notify any profile/device owners of lock task Add a method for DeviceAdminReceivers of profile/device owners to be notified that lock task mode has entered or exited for an app they have whitelisted. Change-Id: Id124287d41564bbfccdacccf1977b7acb3ddec3f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6d3912e2ef75a7794ac44839eef2569086cae104 |
|
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Publish DevicePolicyManager CA certificate APIs""
|
d7b8621bde44857ebb07130693a00f5f777887d4 |
|
16-Jun-2014 |
Jason Monk <jmonk@google.com> |
Change lock-task DPM authorization to packages Switch the DPM lock-task authorization to be controlled by a package rather than a component. Change-Id: Ife9bed068f31ff2449b4451ab69d3586a3f09d89
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b12f1778d612a53e6b40e6d5873be1ccff2e52a5 |
|
17-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Publish DevicePolicyManager CA certificate APIs"
|
837304f6f6ae37dc475fa6e0e620f1c2321f2e11 |
|
11-Jun-2014 |
Robin Lee <rgl@google.com> |
Publish DevicePolicyManager CA certificate APIs Exposes these methods: - hasCaCertInstalled - hasAnyCaCertsInstalled - installCaCert - uninstallCaCert Allows device and profile owners to perform some certificate management including querying for and enabling/disabling specific CA certificates. Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4e81913a66c98bfd9939376640b89015a23580a1 |
|
12-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Allow device owner to configure secondary users"
|
03978a40b3a4c268329ae733eff8dfffd92f6e09 |
|
10-Jun-2014 |
Jason Monk <jmonk@google.com> |
Allow device owner to configure secondary users Currently the device owner can create secondary users, but unless it is a system app it will not be installed and will not be able to pass data easily from the code that creates the user and any code running on that user. This allows the device owner to install itself while creating a user and start up a service to configure that user. createUser takes an bundle so that the device owner can pass across any initial setup data it needs to, this bundle will be sent to the admin receiver in onEnable. Change-Id: Ic1f8565dd2a7bd85363527cf68b0ecd4dc9c3636
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
122c595cd9ca00435b7265444e181f8cc78335e5 |
|
11-Jun-2014 |
Robin Lee <rgl@google.com> |
More meaningful errors for DPM calls by non-owners Now throws an exception titled something like "Admin X does not own the profile" instead of the rather unhelpful NullPointerException that was thrown previously. Change-Id: I33f6da5ea5eb70d8ea3939cfa280c794b01c3382
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
4a21b25fad62e4f19d13ba814263841c931f56ef |
|
04-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Allow profile and device owners to change and get the master volume mute state. Also protect muting master volume with op code OP_AUDIO_MASTER_VOLUME. Bug: 13585918 Change-Id: I91fe7ee60cd291cca15966b3127c0bb8a4828f6a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
b0dced8173a9a930bc0ea2a7a669a907aaffd735 |
|
06-Jun-2014 |
Jason Monk <jmonk@google.com> |
Add an API to clear the device owner. Only the device owner will be able to clear itself. Change-Id: Ie3231467d92e8c5d22ec51256177793f34110432
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
f10606a9a4193cb5ba56dd26db9983845855e8c3 |
|
06-Jun-2014 |
Jason Monk <jmonk@google.com> |
Merge "Add device-owner based setting of global proxy."
|
03bc9918345a977e9c45796bf3bb5bf9a3b87d25 |
|
13-May-2014 |
Jason Monk <jmonk@google.com> |
Add device-owner based setting of global proxy. Re-hide the setGlobalProxy on the ConnectivityManager as it requires CONNECTIVITY_INTERNAL. Instead add a function to the DevicePolicyManager to set the global proxy, that can only be called by the device owner. Change-Id: I9ffb2cc4f30a6dc9b868d86f056e1fbd512d8dfc
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
56e0d8003bdeeddb8b5d355cea219d3d54e87bff |
|
06-Jun-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Merge "Clean up deleted users in DevicePolicyManagerService"
|
73a41d2c4e4184504959628ae5536a7e862e0f67 |
|
05-Jun-2014 |
Kenny Guy <kennyguy@google.com> |
Fix bug with sending intents to correct user for device admin. Password change intents etc. were always being sent to owner rather than user the device admin was installed for. Also add TODO to not assume profile parent is OWNER. Bug: 15442331 Change-Id: I7e58069bc4a6ab94f038ae1b80c044d666986318
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
22745f4c9ad0e5abc58fe9ff93e9952a601cc6c9 |
|
04-Jun-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Clean up deleted users in DevicePolicyManagerService Bug: 15405715 Change-Id: Icd958fe9378deb92f25622b341e0502d865b742f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1b8737ee18f5d80adda41eafca6143a046a47a13 |
|
04-Jun-2014 |
Sander Alewijnse <salewijnse@google.com> |
Merge "Remove enableSystemApp() and enableSystemAppWithInten()."
|
f20d640fa2b155a971ddfe0965fc803a73b5e53c |
|
25-May-2014 |
Amith Yamasani <yamasani@google.com> |
Restrictions Manager Mechanism to register a provider for requesting an administrator to respond to permission requests. Request format and response format constants. Description of manifest template for static restrictions. Int type introduced in RestrictionEntry. Needs more javadoc and better description of manifest templates, including specifying the XML attributes. Change-Id: I5a654d364e98379fc60f73db2e06bf9a8310263d
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
866896df168d1382732c97e49617ab2f2995d376 |
|
27-May-2014 |
Sander Alewijnse <salewijnse@google.com> |
Remove enableSystemApp() and enableSystemAppWithInten(). Use setApplicationBlocked() and setApplicationsBlocked() instead. Change-Id: I3d323d704db0a45e936f63675821707b4fddc48b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
8194899071e0a84c95ef10614bd1b9485b48f589 |
|
16-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Rename code related to cross-profile intents. For example, replace ForwardingIntentFilter by CrossProfileIntentFilter Bug: 15023443 Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
1e958398232cb11935f5341d71df52c5455c620f |
|
16-May-2014 |
Julia Reynolds <juliacr@google.com> |
Create deviceowner gated APIs for creating and removing users in devicepolicymanager. This will allow DMAgent to manage users for EDU's cart model user case. Bug: 15015887 Change-Id: I1eadf1701cb75fc4b50eb1a0df1525eff818286e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a9e460aefcf3891af5acc7d8ae74da9eed49bfbd |
|
21-May-2014 |
Robin Lee <rgl@google.com> |
Remove enforceManagedProfile for listing keyguard features Change-Id: Ic89f09ada046f64b089b977868b6f37bc0a6de91
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d862ebb6036a769cb3be371b396e9e33f89ee365 |
|
21-May-2014 |
Narayan Kamath <narayan@google.com> |
resolved conflicts for merge of fcc4fed3 to master Change-Id: Icebca982b01debd67a1470c02651ef8936f6e5b0
|
c8e4b8107a21c5a782f959aa77fbf066d6e131be |
|
21-May-2014 |
Robin Lee <rgl@google.com> |
Merge "DPM: Disallow some DeviceAdmin policies for ProfileOwners"
|
a9ee6729538941a2b866d83ecbd891645f0ccc16 |
|
20-May-2014 |
Robin Lee <rgl@google.com> |
DPM: Disallow some DeviceAdmin policies for ProfileOwners A profile owner should only have control over the profile. All of the following device admin APIs that affect the device beyond the profile that they are called from are now disallowed: - Camera enable/disable - Keyguard - Wipe external storage @bug 14434826 Change-Id: I69acfdf6f654f48b5db91aeb3ea86662d7857075
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6d8fd27e51d799cf7418b14092b5e806d9792812 |
|
21-May-2014 |
Jeff Brown <jeffbrown@google.com> |
Make power button behavior configurable. Allow power button to be used to either go to sleep as usual, which may doze, or skip that completely and really go to sleep. May also really go to sleep and go home all at once. Bug: 14406056 Change-Id: Ia19e2551b9c2a72271bb2eddd5c0d1749761e019
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
37f4e44ae614987c5ed953a1829c7181bb775e1f |
|
21-May-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Add Device/Profile Owner gated apis for setting/getting blocked packages."
|
966881e8951f9bb297689745dcaecfdc13432656 |
|
14-May-2014 |
Julia Reynolds <juliacr@google.com> |
Add Device/Profile Owner gated apis for setting/getting blocked packages. DMAgent currently needs to live in /system/priv-app in order to (among other things) set and get blocked packages. These APIs will get us closer to being able to move DMAgent out of priv-app. Bug: 14945334 Change-Id: I108e2013c67409dca554acf78e3a710745900706
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
da551653219092306fc7e1ce5743ab40683cee6f |
|
14-May-2014 |
Julia Reynolds <juliacr@google.com> |
Allow device/profile owners to update settings. Device owners can update Settings.Secure and Settings.Global settings. Profile owners can update Settings.Secure settings. DMAgent currently needs to live in /system/priv-app in order to (among other things) update global and secure settings. This change will get us closer to being able to move DMAgent out of priv-app. Bug: 14965414 Change-Id: If2cc3a56de91bffde33b838ab8ecea2c32412803
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3a483594436cc477529b3f7c31b3242ee4707705 |
|
17-May-2014 |
Amith Yamasani <yamasani@google.com> |
Use correct package name for profile owner Fixes reboot loop when you have a managed profile on your device. Change-Id: I935ded447f226ee0507d3dcf22a730a7fb61a0c0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9fcff5aadd48206235d205c30cbdae47fc586e3b |
|
16-May-2014 |
Jason Monk <jmonk@google.com> |
Fix NPE in DevicePolicyManagerService Bug: 15015897 Change-Id: Id9f6ae8b5abf96d35f799b150210813fb52da54c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
62062996dd256df8b575b2ba1f0bf97109c4e0ba |
|
06-May-2014 |
Jason Monk <jmonk@google.com> |
Notify AppOpsService of UserRestrictions and Owners This makes the DevicePolicyManagerService and UserManagerService push the DeviceOwner/ProfileOwners and user restrictions on boot as well as on any change. This also adds a list of restrictions that allow any op to connected with a user restriction such that it will return MODE_IGNORED when the user restriction is present (except for the device/profile owner). Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
91da58ded2e7c0dd3d045244cc78eb0d788736a7 |
|
10-Apr-2014 |
Jessica Hummel <jhummel@google.com> |
Allow setting password restrictions from a managed profile. A managed profile will now share password settings with its parent. - the current password is always stored in the parent - admins of profiles are notified if that password changes - checks for password quality now take the requirements of admins on the parent and its profiles into account Todo: - Currently KeyguardSecurityContainer wipes the whole device when the maximum fails has been reached on any profile. We need to limit the wipe to the profile for which the fails exceeded the maximum number. - Intents with ACTION_SET_NEW_PASSWORD need to be forwarded to the parent of the profile when sent from a managed profile Change-Id: I8532c59f753f8d9c61200f553f275214ad90276e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
511e0d8323d2d2ed341ba40b15bc646e134ac03b |
|
24-Mar-2014 |
justinzhang <justinzhang@google.com> |
DevicePolicyManager Authentication for Lock Task Here we let DevicePolicyManager keep a list of tasks that are allowed to start the lock task mode. This list can only be set by a device owner app. The ActivityManager will call DevicePolicyManager to check whether a given task can start the lock task mode or not. Change-Id: I650fdae43fc35bf9fd63452283f4e2bbadd11551 Bug: 14611303
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5c02db60be02cc0c4798ea6d9c2b0e6cf972c158 |
|
07-May-2014 |
Sander Alewijnse <salewijnse@google.com> |
Add API to disable account management for certain types of accounts. The account types with disabled account management are stored in a blacklist in the active admin object, editable by profile owners. Change-Id: I57dc5f709ad79674fa28dd006969283585daea24
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
54a9ebb50946cd647843dbcc3d9714644926f0fc |
|
07-May-2014 |
Jason Monk <jmonk@google.com> |
Fix build Change-Id: I87c037faee19b434be741104cdddb9c467f20606
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
010cfd458121034075c7439020ffef4eedbcc0fc |
|
16-Apr-2014 |
Adam Connors <adamconnors@google.com> |
Add enableSystemApp methods to DevicePolicyManager These methods allow profile or device owners to enable systems apps pre-installed in the primary user in the managed profile. Apps can be specified by either package name or intent. Bug: 13587051 Change-Id: Ifcbc68c139308506b6c18cf3c0ea62b8026ff75f
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
c79586ede6dcd6a167bc8360f058cb5cc655b33d |
|
06-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Cleaning code related to the forwarding intent filters. Checking for INTERACT_ACROSS_USERS_FULL Adding equivalent methods in the PackageManager Change-Id: Iaa1328fa666613a78e67ca669ea045144275e895
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
6fee7d4cf991a8d39bdefb782937250c87f60f25 |
|
01-May-2014 |
Nicolas Prevot <nprevot@google.com> |
Introducing removable and non-removable ForwardingIntentFilters. clearForwardingIntentFilters removes only non-removable IntentFilters. The ForwardingIntentFilters set by the profile owner are always removable. Change-Id: If950ccd7e69261b86360ea647fdb501c92f5440b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
d83a096f299abd9c7fe5e441ef1bb169c314b575 |
|
03-May-2014 |
Dianne Hackborn <hackbod@google.com> |
Bump up priority of system receiving BOOT_COMPLETED. Change-Id: I5166f88f11f781914312e867cb653c8ecbefa705
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
3c4d9c56db5b24699956de0a5a841196185363cc |
|
01-May-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Merge "Adds an enabled state in UserInfo instead of DevicePolicyManager"
|
df35d570ed25257c6782e632ab1bae5e1603855a |
|
09-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Adds an enabled state in UserInfo instead of DevicePolicyManager Bug: 14377459 Change-Id: Ib4ec43d87da96c3dddaf9b7ae1796f261863a182
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
10fa67c77e11699391e27975fc2d276a0b8c7cbb |
|
24-Mar-2014 |
Nicolas Prevot <nprevot@google.com> |
Introduce forwarding intents across profiles. The package manager service maintains, for some user ids, a list of forwarding intent filters. A forwarding intent filter is an intent filter with a destination (a user id). If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent. When the package manager service is asked for components that resolve an intent: If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent: The package manager service also returns the IntentForwarderActivity. This activity will forward the intent to the destination. Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
be46532c9fbebf3ab6498c1b78013a33f620cd31 |
|
24-Apr-2014 |
Amith Yamasani <yamasani@google.com> |
Allow profile owners to set user restrictions Pass the setting along to UserManager. Fixes a security exception when fetching the profile's enabled state. Change-Id: If71698cf32c52cce1158cf2027443a339bc58488
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
a4fcb4403304192e2a4889c43c4d089d76cd1252 |
|
24-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Fix two potential NPEs in DeviceInfo Change-Id: Ic4b5b203af25cda9ae65b477c92c1fb5f31ab093
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
385124d8cee38dee00d4fac31e8fbe46fb30565b |
|
03-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Modify getUserProfiles to return only enabled profiles: Add a new enabled state for a managed profile. Expose that as a new API on DevicePolicyManager. Set the new state when enabling the profile. Return only enabled profiles from the user manager. Bug: 13755441 Bug: 13755091 Change-Id: I2907b182e19b3562592da688b3f68ef5f4088557
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
66e5d96cf9e689148b202787bdc269519c4b6f8f |
|
09-Apr-2014 |
Robin Lee <rgl@google.com> |
Allow ProfileOwner apps to manage app restrictions Simple wrapper around the UserManager.{get|set}ApplicationRestrictions APIs. Also added a new Intent to signal to running apps that the set of restrictions has changed since startup. Change-Id: Ifd108108a73f87325b499d9de2e1b2aacc59b264
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9944c2f85c9ec3fd634d8337afa54a065df51825 |
|
15-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Sends ACTION_MANAGED_PROFILE_ADDED intent at foreground priority to speedup the new profile ui. Bug: 14073989 Change-Id: I06b57a4cb1b9975f28a5e1e676c76c9e6c5befe7
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
512675b07d1643f018e84d66e4ee8b641d3e191c |
|
02-Apr-2014 |
Alexandra Gherghina <alexgherghina@google.com> |
Add new call to DevicePolicyManager to enable a profile. Bug: 13755091 Change-Id: Idb6975431f842ededf78966c578b0533e6f186af
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
5c921daa72c6915d036a03b3bda91725a3e30539 |
|
24-Mar-2014 |
Robin Lee <rgl@google.com> |
Fix privilege escalation for preferred activities Passing in the name of an actual admin should be enough to pass the security check as it was. This is now fixed as the caller is not given the opportunity to spoof its own name any more. Change-Id: Id8be4ca4c8bf3751a1ee8125cf119fa100c81d22
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
627de95925b58e7602374a66ceba76200592ec11 |
|
24-Feb-2014 |
Sander Alewijnse <salewijnse@google.com> |
Merge "Enables a profile owner or device owner to set and clear default intent handler activities."
|
f475ca33d9232785710aaa438f17915029dfa83b |
|
17-Feb-2014 |
Sander Alewijnse <salewijnse@google.com> |
Enables a profile owner or device owner to set and clear default intent handler activities. Those intent handlers are persistent preferences. They will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset. Change-Id: Id0cfae46f93c10d89e441f272096a205ec518dd0
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
08fc72d0317fd39a6fa0b2d47c6a5b1529309629 |
|
20-Feb-2014 |
Robin Lee <rgl@google.com> |
Check DeviceOwner exists before using packageName Creating a profile owner when there is no device owner present also creates a new DeviceOwner object without packageName set -- this situation can lead to a null pointer access when calling isDeviceOwner. Change-Id: I31eab498d78cadc67a1aedd205b458dee2d27705
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
661ec4710b30516a2c7a1101ba65ecac109af619 |
|
11-Feb-2014 |
Adam Connors <adamconnors@google.com> |
Change API for setProfileOwner to require userId Previously the userId of the current process used but it makes the provisioning process cleaner to be able to pass it in explicitly. Change-Id: I670c4cf3638f1340f6d0bf856c3e01045df8c29e
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
cab8617b8ccea3a99b1ee15e15915c512a10c738 |
|
11-Feb-2014 |
Jeff Brown <jeffbrown@google.com> |
am 25df673b: am 1b51c9cb: Merge "Make SystemService constructor take a Context." into klp-modular-dev * commit '25df673b849de374cf1de40250dfd8a48b7ac28b': Make SystemService constructor take a Context.
|
b880d880c6cd989eacc28c365fc9a41d31900da1 |
|
11-Feb-2014 |
Jeff Brown <jeffbrown@google.com> |
Make SystemService constructor take a Context. This change simplifies the process of initializing a SystemService by folding the onCreate() step back into the constructor. It removes some ambuiguity about what work should happen in the constructor and should make it possible for services to retain most of their final fields after refactoring into the new pattern. Change-Id: I25f41af0321bc01898658ab44b369f9c5d16800b
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
9348ac8249d2ef8d935e98053e5d135a2ff1ebcc |
|
10-Feb-2014 |
Amith Yamasani <yamasani@google.com> |
Fix NPE on removing a user Bug: 12957232 Check for null mDeviceOwner. Change-Id: I107dc24d1a8de121ebd2c1bb56e1af40bb1c55ac
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
776c555d954d9494069f786785877c08add27327 |
|
09-Jan-2014 |
Adam Connors <adamconnors@google.com> |
Extend DeviceOwner concept to accommodate ProfileOwners ProfileOwners, like DeviceOwners, are Device Admins that have additional priviledges. ProfileOwners however are scoped per user. Change-Id: I1e22c85878e0672121e6ebbe97fca38591f992b2
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|
49782e46c0eb85a25ae2abcf80880c48dbab5aea |
|
20-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
am 9158825f: Move some system services to separate directories * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
|
9158825f9c41869689d6b1786d7c7aa8bdd524ce |
|
22-Nov-2013 |
Amith Yamasani <yamasani@google.com> |
Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
|