09c529a9bc85bfd0d50b65f447472ad064eac16c |
01-May-2017 |
Makoto Onuki <omakoto@google.com> |
Reconnect to DAService after binding is dead - When the DO/PO process crashes twice with a short interval, AM gives up and the binding will be "died". Once binding is in this state it'll never be re-connected. (Still, DO/PO can disable and re-enable their DAS to force DPMS to bind again though.) - Detect this and re-connect after one hour. - Back-off time will be exponentially increased and never reset until DPMS explicitly re-connects, which happens when: -- the device rebooted, -- the user stopped and re-started, or -- the DAS is disabled and re-enabled. Test: adb shell am instrument -e class com.android.server.am.PersistentConnectionTest -w com.android.frameworks.servicestests Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyConstantsTest -w com.android.frameworks.servicestests Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Test: cts-tradefed run cts-dev --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -l VERBOSE -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceAdminServiceDeviceOwnerTest Test: cts-tradefed run cts-dev --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -l VERBOSE -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceAdminServiceProfileOwnerTest Bug 37711907 Change-Id: Ie0b227a94e6ce85d72a969a4dea1020baf734e2f
evicePolicyConstantsTest.java
evicePolicyManagerServiceTestable.java
pmMockContext.java
|
5bb8294f926dcaf4a7288ba4457d84d57bb4ab53 |
29-Apr-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add managed profile whitelist to control NotificationListenerServices" into oc-dev
|
83d139bd1b3e3b93a8c9a1f0572438c024bbe679 |
29-Apr-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Use List instead of array in network logging API." into oc-dev
|
f09a16628dd42fb3b45ec41c508543d42c8d98d6 |
28-Apr-2017 |
Pavel Grafov <pgrafov@google.com> |
Use List instead of array in network logging API. Bug: 37625453 Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java Test: ts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser Change-Id: Icba7e3178202e0e650689d98c4010a9b40c6a53c
etworkEventTest.java
|
90357d62e9908730bb3c781a402db455bf473596 |
28-Apr-2017 |
Pavel Grafov <pgrafov@google.com> |
Merge "Introduce DISALLOW_BLUETOOTH_SHARING." into oc-dev
|
a6ea92097cf85b78958f25fb53e312be0399df35 |
27-Apr-2017 |
Pavel Grafov <pgrafov@google.com> |
Use InetAddress instead of String in network events. This is a conservative change that converts strings to InetAddress on the fly just before givint it to the client. Also renamed getIpAddressesCount to getTotalResolvedAddressCount to make it 1) harder to misuse it as getInetAddresses().length 2) more descriptive. Bug: 37625453 Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser Change-Id: I2a31dddd6874f1a629895e4dff105cf41984a775
etworkEventTest.java
|
4f4f6f83c20162814e95e9ca0654eee89a818bde |
28-Mar-2017 |
Pavel Grafov <pgrafov@google.com> |
Introduce DISALLOW_BLUETOOTH_SHARING. When this restriction is enforced Bluetooth sharing option should not be present when the user tries to share something. Previously this was handled by explicitly disabling bluetooth sharing activity during managed provisioning, now this code is to be removed (see topic CLs) and the same behavior should be achieved by setting this restriction for profile owners by default. In Bluetooth: 1) Don't check restrictions on boot, it is invoked anyway through the listener during boot. 2) Ignore when the restriction is "changed" from true to true - i think it was the initial intent in that condition. 3) Disable the component for a particular user and not always the system user. This is something that has to be fixed in O I think since currently in secondary user the bluetooth itself gets disabled but the sharing thing still shows up. In DPMS: 1) Now ActiveAdmin for PO also contains a set of restrictions applied by default. 2) Now all ActiveAdmins for POs are loaded quite early. That shouldn't have huge impact though. Bug: 36249732 Test: run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testBluetoothSharingRestriction Test: run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testBluetoothRestriction Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java Change-Id: I78c4ffbd503c4a10138e8c0862a9f206f24c5631 Merged-in: I78c4ffbd503c4a10138e8c0862a9f206f24c5631 (cherry picked from commit 7f4ad75218bdd3f1bdf9022a146147eae032cc0c)
evicePolicyManagerServiceMigrationTest.java
evicePolicyManagerServiceTestable.java
pmMockContext.java
|
9c6458dd58106538e790bbc702dbc10798e1bd18 |
30-Mar-2017 |
Esteban Talavera <etalavera@google.com> |
Add managed profile whitelist to control NotificationListenerServices Only let notification listeners installed in the primary profile see work profile notification if allowed by policy Bug: 36657192 Test: runtest systemui-notification Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: If719151644380e9162180a24d12f798e42867c0a (cherry picked from commit 7e4cbadc6a561be62bf3b5e4c949bbb863018cc7)
evicePolicyManagerTest.java
|
3165743c5040fb47a32ef30ccb7ffe11275a547e |
25-Apr-2017 |
Tony Mak <tonymak@google.com> |
setAffiliationIds and getAffiliationIds uses set instead of list Didn't use @remove because java doesn't support two methods differs from the return type only. Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_unaffiliatedUser Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest Change-Id: Ic7c7221ef5e680a6765f028c2ab73d4c2f908c58 Fix: 37622682
evicePolicyManagerTest.java
|
a9b8253b38c3fcc6388f79bbc5c34ad540f6a6eb |
07-Apr-2017 |
Eric Sandness <sandness@google.com> |
Fix mock of setApplicationRestrictions() If any(Bundle.class) is used in the mock's when() clause instead of nullable(Bundle.class), the mock is not called when the bundle argument is null. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 36808416 Change-Id: Iab96fe88837e8f27a1da5775494b4611a547f13a
evicePolicyManagerTest.java
|
088d7aa9c1e9b73ea9dce1616b4958f0c41ca05e |
17-Mar-2017 |
Robin Lee <rgl@google.com> |
Exfiltrate cert code from DevicePolicyManager The intent is for this not to cause any behaviour changes, just to make it easier to see what is going on with the code. Permissions are checked in DevicePolicyManagerService. All calls to CertificateMonitor are privileged. Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: I98224087315a62234732f08b53fe91884be86386
evicePolicyManagerServiceTestable.java
|
2c68dadb200a4a7113b2d5162fc9137eed944ddf |
17-Mar-2017 |
Robin Lee <rgl@google.com> |
Better call emulation for DevicePolicyManagerTest Let's have several separate contexts instead of doing strange things with package names in one monolithic context representing every single user on the device at once, sometimes multiple times in the same call. Syntax looks like: runAsCaller(callerContext, dpms, (dpm) -> { assertSomething(dpm.doSomething(caller, param)); }); When a caller calls into DevicePolicyManager here's what happens: PRE - a new DevicePolicyManager is created with the caller context - service context callingIdentity is saved - the callingUid, callingPid, and callingPermissions are added to the service context TEST - client-side test code interacts with DevicePolicyManager using the caller context - server-side coder under test runs as DevicePolicyManagerService using the service context POST - service context callingIdentity is restored to what it was before the test. This should be easier to reason about. Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: I148e3f298b0a958639ce261e9cf91f6eb49fae4d
evicePolicyManagerTest.java
pmMockContext.java
pmTestBase.java
|
192bb0bc54f6bb418f5778fe26eb2e68514290fb |
09-Mar-2017 |
Paul Duffin <paulduffin@google.com> |
Refactor code incompatible with Mockito 2.7.13 (cherry picked from 76e319f015c2b43498ce3ce610a253d63e76cbf3) Some additional internal only refactorings were done as well. Bug: 32912773 Test: make checkbuild Change-Id: I96e3da967fad731fc8f39bde9db95f50ab7353fb
evicePolicyManagerTest.java
ockUtils.java
|
172f7801c7376a33d7cfe07c8cb4525d14db0c8f |
06-Mar-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Rename DPM.isDefaultInputMethodSetByOwner() Settings.Secure.DEFAULT_INPUT_METHOD is a misnomer. It does not really record a permanent default of any sort - it just indicates the currently chosen IME. Thus, isDefaultInputMethodSetByOwner() should more appropriately be called isCurrentInputMethodSetByOwner(). Furthermore, it turns out that setting a different IME for a user and the user's work profile is unsupported. Thus, it is sufficient for the intended use case to just retrieve the calling user's default IME. There is no need for a |user| parameter. Bug: 32692748 Test: unit tests (see DevicePolicyManagerTest.java for invocation) Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: Ia0846d38a1361042429dae7430a8b055575ef2e0
evicePolicyManagerTest.java
|
05dc9f764c9d399add8b7495e680f66d098c55eb |
22-Feb-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add API for checking which CA certs were installed by the DO/PO With this API, the system can determine whether a CA cert was installed by the user or the user's DO/PO. Bug: 32692748 Test: unit tests (see DevicePolicyManagerTest.java for invocation) Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: I3bcae5ac18ec2b110154184fc515df804fd73da6
evicePolicyManagerTest.java
pmMockContext.java
|
abaa0695c5361b36a7a2cdbe87c77bf60be20af7 |
20-Feb-2017 |
Robin Lee <rgl@google.com> |
Delete ParcelableString, add StringParceledListSlice Both inherit from package private BaseParceledListSlice. This is still bad, but it's not as bad. The existing code that uses this can just do Foo.bar().getList() now instead of having to marshal to and from an oddball type at either end as well. In the longer term ParceledListSlice<> should be eliminated, but it's not clear how far into the future that is going to happen. Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: runtest -x core/tests/coretests/src/android/content/pm/ParceledListSliceTest.java Change-Id: Ie69b96b5215d6e04990f6d31345772cdfee21d78
evicePolicyManagerTest.java
|
4f7e1fc9af698e08576c9beadef872f5c4ea04a8 |
17-Feb-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Merge "Add API for checking whether the default IME was set by the DO/PO"
|
939ccc3854d841e4aa1fc33017d49a2446315ca6 |
16-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Clear DISALLOW_ADD_USER in clearDeviceOwner for all cases"
|
348f696d33ffc188459e6318c65c8f9058f8d974 |
30-Jan-2017 |
Victor Chang <vichang@google.com> |
Clear DISALLOW_ADD_USER in clearDeviceOwner for all cases We are not moving the restriction from system to the DO in the end. clearDeviceOwnerUserRestrictionLocked becomes the permanent solution for DeviceOwner CTS. Looks like no one setting DISALLOW_ADD_USER directly in UserManager except DO/PO, and so remove it when DO is clear Change-Id: I235bebebd02b5e0d9883eea6dd3a4e49b40fe043 Fix: 33476323 Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest
evicePolicyManagerTest.java
|
aff5e9c21c28f21f7a3688d84e747727cf17f382 |
25-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add API for checking whether the default IME was set by the DO/PO With this API, the system can determine whether a user's default IME was set by the user or the user's DO/PO. Bug: 32692748 Test: DPMS unit tests and CTS CtsDevicePolicyManagerTestCases Change-Id: Ibd703ff5c9e4c072599ad8d6023c94a97d728109
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
aab7a4146ccd14f94ac87f4c52895f1bb5d37645 |
30-Dec-2016 |
Rubin Xu <rubinxu@google.com> |
Add escrow token API in DevicePolicyManager. Take advantage of the new authentication flow in LockSettingsService and allow PO or DO to provision escrow tokens on the device. The escrow token grants them the ability to change device lockscreen (if used by DO) or work profile challenge (if used by PO). The new password reset mechanism is even usable before user unlocks, and it preserves authentication-bound keys in keystore. Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testResetPasswordWithToken Bug: 33126620 Change-Id: Iaa684c51946f726cbd909e9ac70ad3e9ca3de1ac
evicePolicyManagerTest.java
pmTestBase.java
|
7f5c91c6bce6a8ff2414549219a321a98a98ab31 |
08-Feb-2017 |
Robin Lee <rgl@google.com> |
MonitoringCertTask no longer relies on software.device_admin Added a test to validate that it still works the way it should before and after the change. Bug: 33258404 Bug: 35196414 Fix: 35129745 Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: also manual, instructions: Test: (1) Disable software.device_admin from tablet_core_hardware, rebuild. Test: (2) Install CA cert. Notification should appear. Test: (3) Reboot. Notification should still be there. Change-Id: Id992725c1844a2fffbde4d8acaba531e99f853ad
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
4d600d150f60249995c2212cff5acc9d11cbfc80 |
06-Feb-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Clear affiliation ids and lock task packages when clearing DO/PO"
|
a7bd04e89271fe0bce7bb5136bc8df0466827c6c |
02-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Clear affiliation ids and lock task packages when clearing DO/PO Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I38eea34cff82766c7e3b8cd79dd9757a212bb451
evicePolicyManagerTest.java
|
bdcada976298716b9fb566fd6264e31098df4391 |
01-Feb-2017 |
Esteban Talavera <etalavera@google.com> |
Affiliated profile owners can set lock task packages Mentioned that in the documentation, cleaned up the code a bit and added unit tests Bug: 34614754 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I91232bbe494398015094ab977c6a2adce339811f
evicePolicyManagerTest.java
|
2dbf9ae67a972e83f248eab06c583ff988da7422 |
27-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Fix DPM.getPermissionGrantState() The recent addition of DPM API access delegation introduced a bug in this method. When a system app (UID 1000) called the method, it would crash. Bug: 34760123 Test: DPM unit tests Change-Id: I69390ca30270d64a4d28a74c13a7679f14a62959
evicePolicyManagerTest.java
|
73145f4e60b874a408d26842d1cfc9c9506bfd9a |
17-Jan-2017 |
phweiss <phweiss@google.com> |
Create public API for policy transparency outside of Settings The new DPM.createAdminSupportIntent() returns an intent that shows the "This action was disabled by your admin"-dialog from settings. This enables apps to inform the user about the cause of restricted functionality. A new extra for the intent allows to specialize the dialog for different restricted features, instead of a generic message for all features. Bug: 31215663 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Change-Id: I3de7aeec0f88b8f013a63957aec803cd123fbedc
evicePolicyManagerTest.java
|
8f3b34338aca7276a45033e362776678c2adf984 |
25-Jan-2017 |
Esteban Talavera <etalavera@google.com> |
Merge "Wipe device or profile if max failed attempt reached"
|
b88f42b6b1414ae8107be13c0d2f3957549ecaaf |
24-Jan-2017 |
Esteban Talavera <etalavera@google.com> |
Wipe device or profile if max failed attempt reached If the device or profile owner have set a max password failed attempts policy, the device or profile should be wiped even if DISALLOW_FACTORY_RESET / DISALLOW_REMOVE_USER / DISALLOW_REMOVE_MANAGED_PROFILE was set by that admin. However it should still fail if another device admin set the policy - this is in line with what wipeData() does at the moment. Bug: 34450538 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest#testWipeData Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.ManagedProfileTest#testWipeData Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testDisallowFactoryReset Change-Id: Ifac240692ce74432f7b57f3dfbbbac2a7282297b
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
f994677626a6babc5121647646f17a7de85065a7 |
28-Nov-2016 |
Edman Anjos <edmanp@google.com> |
Refactor DPMS Cert Installer and App Restrictions delegation. The DevicePolicyManagerService currently supports delegation of certificate installation and application restriction management, both of which are individually handled by DPMS. Upcoming framework features will add four more delegation types, namely: block uninstall; app permission management; app access management; and system app enabler. At this moment it makes sense to refactor the underlying delegation system in DPMS so that current and future delegates can be handled in a more generic way. Bug: 33099995 Test: DPMS unit tests Change-Id: I9e350143572c6690febdd59d1ed5149af8ee4388
evicePolicyManagerTest.java
|
d37c4a99b2602dd4483ca2985e63b5316e8f4f63 |
23-Jan-2017 |
Nicolas Prevot <nprevot@google.com> |
Allow DO to provision even if it has set disallow remove mp. If the device owner has set DISALLOW_REMOVE_MANAGED_PROFILE, and there is already a managed profile: it should be allowed to provision a new managed profile by deleting the old one. Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner BUG:34116228 Change-Id: I9e6f39924107aee40b57d22e638487a1ea3132de
evicePolicyManagerTest.java
|
45d29078635372e6c6b230d3de4e9d94c0d324b1 |
18-Jan-2017 |
Nicolas Prevot <nprevot@google.com> |
Update DPM unit tests checking isProvisioningAllowed for comp. Two of the tests were actually checking the same thing. Removed one. Refactore another test to make it easier to read. Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner BUG:32629873 Change-Id: Id4ca9bd8c113a858b016fb02d04bf4c76bbcb027
evicePolicyManagerTest.java
pmMockContext.java
pmTestBase.java
|
e24743203591fde0f3b1fe7d5e250f2b21ec0b6a |
18-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix test DevicePolicyManagerTest#testSetRequiredStrongAuthTimeout_DeviceOwner"
|
094119df3ebc49b7158aa448fe3cc24ad4267569 |
18-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Merge "Allow system to retrieve permission grant state"
|
4b0624fee452138951de919bbe74003258e9bc19 |
16-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Allow system to retrieve permission grant state To inform the user which apps were granted permissions by the admin, the Settings app needs to access this information without being a DO/PO. Bug: 32692748 Test: FrameworksServicesTests unit test Change-Id: I3770ec6343b85be9c6f7655675ed6db5cb50612c
evicePolicyManagerTest.java
|
d084ca5fad1cef70aac9eed8d5d79fc87d6e5397 |
18-Jan-2017 |
Michal Karpinski <mkarpinski@google.com> |
Fix test DevicePolicyManagerTest#testSetRequiredStrongAuthTimeout_DeviceOwner 1) Started returning the default value for getLong() on SystemProperties mock 2) Added a test that the minimum timeout cannot be changed using a system property on non-debuggable builds 3) Added new within range test for completeness. 4) Started using TimeUnit instead of ms constants. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Bug: 34317979 Change-Id: I0409451ae39e74ec3d96a098042302291ec3408f
evicePolicyManagerTest.java
|
eaed75d923c132f7bb7679d3246a89eff78e6811 |
18-Jan-2017 |
Pavel Grafov <pgrafov@google.com> |
Merge "Make ENSURE_VERIFY_APPS global even when set by PO."
|
92d053b459513dc15bc3cb349a6a11cf2798a4c1 |
17-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Unit tests for wipeData for a managed profile."
|
c9c1b2f03a67b1ff3fb743e612fe3ef0ba23eac1 |
12-Jan-2017 |
Nicolas Prevot <nprevot@google.com> |
Unit tests for wipeData for a managed profile. BUG:31952368 Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: If3cf2fee3edf5b16fe169e65337f215544557815
evicePolicyManagerTest.java
|
6a40f09083fc52acc3309d0b04401fca02df6372 |
25-Oct-2016 |
Pavel Grafov <pgrafov@google.com> |
Make ENSURE_VERIFY_APPS global even when set by PO. Currently only device owner can set global user restrictions. With this CL ENSURE_VERIFY_APPS will be global no matter who enforces it, DO or PO. To make it possible for system apps to check who enforces a particular restriction in this case a new API method is added to UserManager: getUserRestrictionSources which returns a list of users who enforce the restriction. Bug:31000521 Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.UserRestrictionsTest (ag/1732744) Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java Test: installed M on a Nexus5x device, created a managed profile with some user restrictions, and checked that after upgrading M->O all restrictions are preserved and split correctly into base, global and local. Change-Id: I543d3ec9ef0cf2b730da6f7406021c0bba43b785
evicePolicyManagerTest.java
|
ef99fb85f95a2cc17e5d41f452d4632f0ec12fb7 |
16-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Make device wide DO features available if all users affiliated"
|
d36dd15d9bf9f65270b9bee16d6419b96b18bd86 |
15-Dec-2016 |
Esteban Talavera <etalavera@google.com> |
Make device wide DO features available if all users affiliated Currently, those features are available on single user devices only (since they collect privacy sensitive data device wide). Now making them available as long as all users are affiliated. It'll take a certain amount of time between user creation and the DPC of that new user setting the appropriate affiliation ids. The DO won't be able to access the logs during that time (and won't get any "logs ready" callback). Once the affiliation ids are set, if they match, logs become available again - this includes logs collected while the user was being setup. Some logs might be lost though if the amount of data exceeds the internal limit. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Test: cts-tradefed run cts -a armeabi-v7a --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest Bug: 32326223 Change-Id: Idfe881dd6497d3ad2bead10addfd37b98b8a6e2b
evicePolicyManagerTest.java
pmMockContext.java
|
18de051c986b0871848a77d2c2dd11659af365c9 |
14-Jan-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Send EXTRA_USER with DevicePolicy lock broadcasts"
|
feffb056e8d0f22db630f7d768bd78c349420cb6 |
11-Jan-2017 |
Pavel Grafov <pgrafov@google.com> |
Fix DevicePolicyManagerServiceMigrationTest. DISALLOW_ADD_MANAGED_PROFILE is enabled for device owners by default and should be expected for device owner after migration. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java Change-Id: I8e1d8bcf84a242fa50985d4fed9c3c594e19451a
evicePolicyManagerServiceMigrationTest.java
|
c3bd7b78d80370f21102bae155b05f2567f2a31d |
10-Jan-2017 |
Nicolas Prevot <nprevot@google.com> |
Additional unit tests for isProvisioningAllowed Test it with disallow add / remove managed profile user restrictions. BUG:32629873 Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ic6b01c2b0ed9081204801a6c5719b0fd25eafbba
evicePolicyManagerTest.java
|
d2a73ed21152517097a603e03c08eafbce926c3d |
19-Dec-2016 |
Robin Lee <rgl@google.com> |
Send EXTRA_USER with DevicePolicy lock broadcasts DeviceAdmins inside profiles may receive broadcasts referring either to the parent profile or to themselves. We need a way to differentiate that. Same commit fixes a bug in DevicePolicyManagerTest where USER_SYSTEM is returned twice in getProfiles() when called for a managed profile of USER_SYSTEM. This does not happen in the real API. Bug: 30185351 Bug: 31001762 Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Change-Id: Iea2735357f4019b2b81b6784e7ea6aead63f2636
evicePolicyManagerTest.java
pmMockContext.java
|
b4413f694fbb8b03737d3e7a3831896bd371bed5 |
05-Jan-2017 |
Nicolas Prévot <nprevot@google.com> |
Merge "Make disallow add/remove managed profile restriction not global."
|
2ea46fe658c5a977a11372d7180e8ed9abf261e8 |
05-Jan-2017 |
Nicolas Prevot <nprevot@google.com> |
Make disallow add/remove managed profile restriction not global. Otherwise: if the DO sets remove managed profile user restriction: the profile owner of a managed profile cannot remove this managed profile. BUG:33854430 Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I90b2028ea627a2073298bf9ef3c07b4fdf8d13a1
evicePolicyManagerTest.java
|
9bab1c4dd505903dbdd7403ea38d8b9d449e9be4 |
03-Jan-2017 |
Makoto Onuki <omakoto@google.com> |
Merge "Get account features before taking lock"
|
606da7778fffcb8251808ef53903eefebc2db9a7 |
15-Dec-2016 |
Makoto Onuki <omakoto@google.com> |
Get account features before taking lock Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest * without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 * Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests Bug: 33481725 Change-Id: I1e4dd9701a76ca366f86fdaf2fc6c282e9dbe5c1
pmMockContext.java
|
43769ddb2c348325c9d571626251a233c7ee9b7f |
22-Dec-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add DISALLOW_ADD_MANAGED_PROFILE to existing device owners"
|
548a04b8f894c55e0612790ee6bc222e4398f33e |
20-Dec-2016 |
Esteban Talavera <etalavera@google.com> |
Add DISALLOW_ADD_MANAGED_PROFILE to existing device owners For device owners set pre-O, that restriction will not be set via setDeviceOwner(). Therefore set it during first boot after O OTA. Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 31952368 Change-Id: I7db9b14c49a75ae2760e6923a1f3f7cde0e2784b
evicePolicyManagerTest.java
|
01576869a3f46923d1d893866677e3bf9a00fc2b |
15-Dec-2016 |
Esteban Talavera <etalavera@google.com> |
Enforce DISALLOW_ADD_MANAGED_PROFILE Only the device owner should be able to create a managed profile if that restriction is set Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 31952368 Change-Id: Ia5170e54594ccba1e5bcedffaec98c2af42264c0
evicePolicyManagerTest.java
pmTestBase.java
|
1548d5c43b789b6d5b3ab0929dcb55a2f12c57a9 |
15-Dec-2016 |
Nicolas Prévot <nprevot@google.com> |
Merge "Use affiliation ids when checking bind target users."
|
d5b036014d632c7c28f8499f39bafd4b95ac49d1 |
06-Dec-2016 |
Nicolas Prevot <nprevot@google.com> |
Use affiliation ids when checking bind target users. BUG:32764274 Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ic79b58dcb583b1d9eb9e7af0d1501cf8cfd0ee86
evicePolicyManagerTest.java
|
6c9116a6430ca5cd55b1b926213a5e8de77e4fc6 |
24-Nov-2016 |
Esteban Talavera <etalavera@google.com> |
Create DISALLOW_{ADD,REMOVE}_MANAGED_PROFILE user restrictions Bug: 31952368 Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Test: runtest -c com.android.server.pm.UserManagerTest frameworks-services Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.UserRestrictionsTest Change-Id: I240ab99c2409bbabffbc574bef202f2457026905
evicePolicyManagerTest.java
|
38724a234d8d45b25fa8c38eba637a30c4212a9b |
08-Dec-2016 |
Amin Shaikh <ashaikh@google.com> |
Merge "Support multiple caches in NetworkScoreService." am: 78f3f0049e am: a7c0b73971 am: b45a4a5d1b am: 5456cdbc27 Change-Id: I421cff1c47959c40088a31f72556630a8acd007e
|
972e236e84fd4073f7ecc40f2de326b388203dfb |
07-Dec-2016 |
Amin Shaikh <ashaikh@google.com> |
Support multiple caches in NetworkScoreService. - Use RemoteCallbackList for managing multiple callbacks - Add unregisterNetworkScoreCache to the service interface - Added NetworkScoreServiceTest Test: runtest frameworks-services Bug: 32913019 Change-Id: I16ca1682acca9cbe403812e520394688a026414b
ockUtils.java
|
abf86385f8ba14d4f4789df59adec619a682b238 |
06-Dec-2016 |
Mahaver Chopra <mahaver@google.com> |
Merge "Return error code from isProvisioningAllowed"
|
849fd6f58e92476af3e3eeb802e71fddf372d6f2 |
03-Nov-2016 |
Mahaver Chopra <mahaver@google.com> |
Return error code from isProvisioningAllowed Added hidden pre condition codes for PO and DO provsioning. Added hidden api checkProvisioningPreCondition, which returns codes instead of boolean. Managed provisioning can use this to show useful debug information and user facing error dialogs. Test: All DevicePolicyManagerTest pass Bug: 27467633 Change-Id: I7d2a79921bc3ac2e12d506629a35563fc7ff62bf
evicePolicyManagerTest.java
|
365a3db47001c1298fd01146e866997a9cbc3c8c |
30-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Allow setting managing organization for the device The Profile Owner of a managed profile can set a string that will be shown in the UI to identify the organization managing the profile. This CL extends the functionality to the Device Owner of a managed device. Bug: 32692748 Test: DevicePolicyManagerTest unit test + CTS test in separate CL Change-Id: I47295da2fd6485ebf0e890da13990a044accaf17
evicePolicyManagerTest.java
|
dd7f8dafd862fa1a6132b37b47f1b160a4065a9e |
30-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Allow DO to access DevicePolicyManager.isDeviceManaged() This CL makes DPM.isDeviceManaged() accessible to the DO so that it can be CTS-tested. Bug: 32692748 Test: Device policy manager unit test + CTS & GTS in separate CLs Change-Id: I5326e86b0ffee81d04bd48f0267044463a899b78
evicePolicyManagerTest.java
|
9f9e453b649b3507e25049c94990717dc92b269e |
30-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Unit test for getBindDeviceAdminTargetUsers"
|
b57bd791bf55215110839322ef7c0f72ed915a7b |
29-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add user affiliation APIs"
|
c9bb378a8b3633bc427dd2439ab4ae8e3b17771a |
11-Nov-2016 |
Esteban Talavera <etalavera@google.com> |
Add user affiliation APIs Make setAffiliationIds public so that it can be used for COMP. That way we can allow network logging and other features to work on devices that have a DO and a managed profile. Those features are currently restricted to single user devices but we'll open them up to devices where all users are affiliated. Also create a getter for that API. Bug: 32326223 Test: m FrameworksServicesTests && adb install \ -r ${ANDROID_PRODUCT_OUT}/data/app/FrameworksServicesTests/FrameworksServicesTests.apk && adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \ -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ie443be887a6ca61a7f7a07e137757dceab7eb3d3
evicePolicyManagerTest.java
|
2f26b79eea905f88c872804be01431020e4efb2e |
28-Nov-2016 |
Tony Mak <tonymak@google.com> |
Unit test for getBindDeviceAdminTargetUsers Was meant to write test for bindDeviceAdminServiceAsUser, but it can't be done without having tests for getBindDeviceAdminTargetUsers first as bindDeviceAdminService depends on getBindDeviceAdminTargetUsers. A bit shocked by we didn't have any managed profile tests in DevicePolicyManagerTest. Added managed profile support in the CL. Bug: 32764274 Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Change-Id: If412e4f44c3ae998f69e17411f2503a97f80149f
evicePolicyManagerTest.java
pmMockContext.java
pmTestBase.java
|
8d76e72251eb6f83580cd8b70000d6904fe24096 |
25-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Allow DO to access bookkeeping information about its own actions The getLastSecurityLogRetrievalTime(), getLastBugReportRequestTime() and getLastNetworkLogRetrievalTime() methods are meant to be used by system code. However, there is no harm in allowing the DO to access the information they return - because it is information about actions that the DO itself took. The advantage of opening up these methods to the DO is that we can CTS-test them. Bug: 32692748 Test: DevicePolicyManager unit test + CTS test in separate CL Change-Id: I1470fca2a82b9955f7aed5e8b50220bea8b56fc9
evicePolicyManagerTest.java
|
29993074b0708d71b9d752f562ed6aee2a360fa1 |
17-Nov-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Keep track of admin actions for DO disclosures"
|
b21b241f0f12377c115e9c4f5bae26814fdab3fb |
17-Nov-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Keep track of admin actions for DO disclosures This CL adds bookkeeping to DPMS which will allow us to tell the user in the Settings UI whether/when the admin requested a bug report or retrieved logs from the device. Bug: 32692748 Test: Full DevicePolicyManagerTest unit test coverage; end-to-end tests will follow as Settings CTS verifier tests Change-Id: I89728fce4b7e0ff061b354c73caf3742e95a3a3e
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
56400a445fa29b0a90e92d15daf6246cfc3f310d |
10-Nov-2016 |
Nicolas Prevot <nprevot@google.com> |
Check user restriction DISALLOW_REMOVE_USER in isProvisioningAllowed. If DISALLOW_REMOVE_USER is set and there is already a managed profile: isProvisioningAllowed() should return false BUG:32629873 Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I093bed0a4a54f83decf11716ebfd50dd4f17c089
evicePolicyManagerTest.java
|
f77ee4f1b79929a77f603e5e879f3616ae464e3e |
12-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
[DPM] Management and retrieval of network logs This CL follows up on ag/1530343 and adds: 1) Various network events. 2) Retrieval method in DPM and APIs in DeviceAdminReceiver. 3) Extension of NetworkLogger and it's NetworkLoggingHandler. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java Bug: 29748723 Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
etworkEventTest.java
|
6dbf67fc4889c49151415e986be98f70816f81ec |
06-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant The admin can instead use the value of 0 to reset to default. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Bug: 31430135 Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c (cherry picked from commit 943aabd11cce3ab453762d3912395363720e1f5d)
evicePolicyManagerTest.java
|
943aabd11cce3ab453762d3912395363720e1f5d |
06-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Don't expose default strong auth timeout as constant The admin can instead use the value of 0 to reset to default. Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Bug: 31430135 Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c
evicePolicyManagerTest.java
|
357ca56f8b3b419d6b05294adae1fefcf0e63d3a |
25-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message. am: 6ad5f92512 am: 2f78ab5387 am: 4001a2b4c4 Change-Id: Ifc1735798074af6758da5cc3a40d9adada1376cb
|
6ad5f92512462f774a2ff7e59abdf5edbfd215b3 |
19-Sep-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests, also fix a log message. Bug 31446501 Change-Id: I37debbe2f4e983fb8bad026f8dd9bd91b7448dce
pmTestBase.java
|
1970f97e4758224132329a3e0dbe9c3946c4499b |
30-Aug-2016 |
Tony Mak <tonymak@google.com> |
Send ACTION_DEVICE_OWNER_CHANGED broadcast after clearing device owner Change-Id: Iaac182c69a30e941da3a017a923247d813881521 Fix: 27261692
evicePolicyManagerTest.java
|
3577ed2556f20f7ab09e58b6b286217c7e1560c9 |
25-Aug-2016 |
Victor Chang <vichang@google.com> |
forceUpdateUserSetupComplete should have no effect in user build Bug:30031808 Change-Id: I908a495633e03ace770a8ec19196841d19dfd41d
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
3cb2b49f443a31b1bb043d0450e350b95acecc8b |
10-Aug-2016 |
Suprabh Shukla <suprabh@google.com> |
Fixing admins not being removed from DpmMockContext We were not calling setActiveAdmin before calling setDeviceOwner or setProfileOwner in these tests. They were passing because the admins were not being properly removed in the first place. The admin is actually removed from the admin list inside onReceive of the receiver passed in sendOrderedBroadcastForUser, which was not overridden to call onReceive in DpmMockContext. Bug: 30726135 Change-Id: I08cab5821228738196b229a8f885f7488aaafa34
evicePolicyManagerTest.java
pmMockContext.java
|
c29f62c7388f550da2c7368c5dbc0aec7d1564fe |
07-Jun-2016 |
Makoto Onuki <omakoto@google.com> |
Push DO/PO package names from DPMS to PM Bug 29126573 Change-Id: I95ea1559f6acf5d2f0e1b0953568cdfc938e83b9
evicePolicyManagerServiceTestable.java
|
7f98aa4aa93497692f200c553d2d6fff402e3de2 |
07-Apr-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Added getProfileIds method returning array of userIds Previously many usages of UserManager.getProfiles and getEnabledProfiles were only using ids of returned users. Given that the list of users needs to be parceled and unparceled for Binder calls, returning array of ids minimizes memory usage and serialization time. A new method getProfileIds was introduced which returns an array of userIds. Existing method calls were updated where appropriate. Bug: 27705805 Change-Id: Ic5d5decd77567ba0f749e48837a2c6fa10e812c0
pmMockContext.java
|
3e794afb82228199c0a83bed5463dbeb3c48dd62 |
04-Mar-2016 |
Victor Chang <vichang@google.com> |
Unit test for isProvisioningAllowed Note: DevicePolicyManagerService is changed to inject ContentObserver notifier Test: all test cases in DevicePolicyManagerTest pass BUG: 25710621 Change-Id: I347cec71769d0e9dd6a334d7d6339d5ce6a3fa6a
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
cd14c0a9daa42a7ccacef345b3b2ef255790f993 |
16-Mar-2016 |
Victor Chang <vichang@google.com> |
Api change of DPM.setApplicationRestrictionsManagingPackage() Throws NameNotFoundException instead of IllegalArgumentException Can't throw NameNotFoundException directly from DPMS as aidl doesn't support checked exception Bug: 27532565 Change-Id: I202721f41057f92ad2dd851d4769ba4502a8f9b3
evicePolicyManagerTest.java
|
1216ae5d023e8f6e4f158a447a5764288e4ccc3e |
11-Mar-2016 |
Mahaver Chopra <mahaver@google.com> |
Update DPM.reboot with new restriction DPM.reboot() should not be called when there is an ongoing call on the device. Bug:27531799 Change-Id: Idc1fa4c7aa79b20ec9c2afcccf855455ee316787
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
d4c9e541ec7110d3c842d6f92c3ec6beb0b6d997 |
26-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Add ENCRYPTION_STATUS_ACTIVE_PER_USER to... getStorageEncryptionStatus() Use StorageManager APIs to get the encryption state instead of from the system properties directly. Bug 26547262 Change-Id: Ic27baa9489d43a93873f8bb0428084f8886aed67
evicePolicyManagerServiceTestable.java
pmMockContext.java
|
97e89c624e19c0a0ebe3d76506a493cfe29c0558 |
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Merge "Update DPM.getWifiMacAddress to take admin component as argument." into nyc-dev
|
3cb4da16dcf07474acefb709d10b22cdfdefd81b |
08-Mar-2016 |
Sudheer Shanka <sudheersai@google.com> |
Update DPM.getWifiMacAddress to take admin component as argument. Bug: 27532280 Change-Id: I3a5e9557c3c6ac43c458c911a5309bdb2655fb66
evicePolicyManagerTest.java
|
e29cd4724ff41f1cd81c1493f02fb0ba2b2f8197 |
02-Mar-2016 |
Victor Chang <vichang@google.com> |
enforceCanSetDeviceOwnerLocked should enforce userId == USER_SYSTEM for non-split user mode Bug: 27453111 Change-Id: I1acdfecdf4474696e904a6a4df189453be306aa4
evicePolicyManagerTest.java
|
889c0880661bda16e3759995e03766ddf0350732 |
17-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Support safe mode properly. In safe mode, IPM.queryXxx() doesn't work. Use IPM.getReceiverInfo() directly instead. Bug 27108276 Change-Id: Ice8f882559b8f0596a19ddb3a16395a4dc538a25
pmTestBase.java
|
4ab36372fb7f2f8236d9fa308ec508582fc52607 |
19-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Clean up on UserManagerService and DPMS" into nyc-dev
|
2a3c3da0fc07ef37abc45cfb0166bdf5f7f202b6 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Clean up on UserManagerService and DPMS - Avoid the ART warning about 4.1 compatibility - Avoid integer overflow in DPMS Bug 27243525 Bug 27242859 Change-Id: I92af323287e348fbd0eff31e6cf9823be8e41024
evicePolicyManagerTest.java
pmMockContext.java
|
60949288064460894bdd288f4865cdb180c0e501 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Fix bugs in user restriction migration Originally I didn't know user-0 could have PO, so I excluded this case from migration. Now we handle it properly. Also make sure only restrictions that can actually be set by each owner moves to the owner restriction. (Because of this, we no longer have to have DISALLOW_WALLPAPER in the exception list, because owners can't set DISALLOW_WALLPAPER.) Bug 27225996 Change-Id: I6ad79d90e6c4400abbb1e4feba6ba59e3b650815
evicePolicyManagerServiceMigrationTest.java
|
184db600df42c2b27a2d34deecab57d591434b22 |
18-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Ensure DO/PO are also DA. Bug 24503508 Change-Id: Ib957b84d5bee185501636c406d9aaf4985a79d8d
evicePolicyManagerTest.java
pmTestBase.java
|
dafec11e698daf054730cfb04db64f3e31a0c9ff |
16-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Merge "Don't allow deactivating DAs when the user is not unlocked" into nyc-dev
|
1a5ee776ee51ae6fba30c8f3b33e26eb7f9dedc6 |
13-Feb-2016 |
Makoto Onuki <omakoto@google.com> |
Don't allow deactivating DAs when the user is not unlocked Bug 27149570 Change-Id: I772d9cbd6edc822c8f7b1988905b702e05e674cd
evicePolicyManagerTest.java
|
ed1928a981cbff9a67b5c1786ded8cbdf848056b |
11-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Fix testApplicationRestrictionsManagingApp unit test The API now requires the app restriction manager app to exist on the current user when it is called. Change-Id: I809816d4f5d73378c23b18d7b74ebb282b7dc444
evicePolicyManagerTest.java
|
5eec76504ff2ac5a05c73951b7fe38cc6a560bb9 |
05-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Fix unit tests"
|
8375fcec625d482af894cfed7b608f10cacb0f5d |
04-Feb-2016 |
Esteban Talavera <etalavera@google.com> |
Fix unit tests http://ag/858485 added a new flag and the mockito didn't match the call any more Change-Id: I8f99b1b6063488aeced08513b11c79bf0162006e
pmTestBase.java
|
90b896533eb6a8867e7951bbbdbbacd9b520199c |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
DO / PO Shouldn't be removed as active admin... even if they asked. Also clear(Device|Profile)Owner should remove them as the active admin too. Also add some more unit tests. Bug 26858840 Change-Id: I7b3ed92e1b4cbe803381ed6e3f64d8de17b2ebb0
evicePolicyManagerTest.java
|
49caead1c2608f57ac6c260396c6bfd058b921ae |
02-Feb-2016 |
Rubin Xu <rubinxu@google.com> |
Call SecurityLog methods via Injector This is to make sure the unit test can mock them out. Bug: 26911599 Change-Id: I07a1a8b43ad5716a4b667bc5266b3b03997268c5
evicePolicyManagerServiceTestable.java
pmMockContext.java
|
3f3657a61b54d495bf2e692289eb92a48fe5a0b2 |
28-Jan-2016 |
Makoto Onuki <omakoto@google.com> |
Fix DPM unit tests Bug 26911599 Change-Id: I874c9cd4f63c79bc984777ef3b1b654a414c4911
evicePolicyManagerServiceTestable.java
pmMockContext.java
|
44a18081546345a0655748717862a89ae6dd7948 |
26-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Merge "Add explicit and persistent user provisioning state."
|
6d009037271b487b45716c3a1f72037b89de6d75 |
25-Jan-2016 |
Benjamin Franz <bfranz@google.com> |
Add SmallTest annotation to DevicePolicyManagerTest Adding this annotation makes sure that the tests get picked up by continuous integration tests. Change-Id: Ia9166898803dd0037f6bb20cb6a12333ed347fd3
evicePolicyManagerTest.java
|
afad8783699b1ba6f3c7ee5961d6ddc2bd771dc1 |
19-Jan-2016 |
Alan Treadway <alantreadway@google.com> |
Add explicit and persistent user provisioning state. Add explicit modelling of provisioning state so that integration of management provisioning flows with packages such as setup-wizard are cleaner, and can be more direct. Previously we relied upon USER_SETUP_COMPLETE secure setting and HOME intents to signal intent, but this is not very clear and can be fragile. Bug: 25858670 Change-Id: Idc56a040f710c3aee281db420f21717da3960722
evicePolicyManagerTest.java
|
fe434a15d6bde9299b51dc284b336944e5cf8a1c |
25-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Merge "Add additional APIs supported work on the parent DPM instance"
|
4c052f237a108457fca3d3864c5654ebd4505111 |
25-Jan-2016 |
Bartosz Fabianowski <bartfab@google.com> |
Implement user affiliation A user/profile is considered affiliated if it is managed by the same entity as the device. This is determined by having the device owner and profile owners specify a set of opaque affiliation ids each. If the sets intersect, they must have come from the same source, which means that the device owner and profile owner are controlled by the same entity. BUG=25599229 Change-Id: I393fe0de70272307ed3c811aaba4b48a5109c562
evicePolicyManagerTest.java
pmTestBase.java
|
623999185029a2c5baf29efe4ebdcbcdebcca294 |
11-Jan-2016 |
Esteban Talavera <etalavera@google.com> |
Add additional APIs supported work on the parent DPM instance Bug: 22543972 Change-Id: I05061e34d120c64d5c49ca6b7b4014d7dadb68f4
evicePolicyManagerTestable.java
|
51f3908c6a788f82d8188762c0680594a54b17ae |
06-Jan-2016 |
Jeff Sharkey <jsharkey@google.com> |
Merge "Consistent naming for PackageManager methods."
|
e06b4d1d9f718b9fe02980fea794a36831a16db2 |
06-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for PackageManager methods. When hidden PackageManager methods take a userId argument, they should be named explicitly with the "AsUser" suffix. This fixes several lagging examples so that we can pave the way to safely start passing flags to new methods without scary overloading. Also fix spacing issues in various logging statements. Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
evicePolicyManagerTest.java
pmTestBase.java
|
06de4e77c20be239384262b1508f0cf53bedb145 |
22-Dec-2015 |
Kenny Guy <kennyguy@google.com> |
Add support message for device admins Allow admins to set a long and short support message for settings to display. Bug: 25659579 Change-Id: Ib645490785642e49c69d8dbc65455eb3398547ee
evicePolicyManagerTest.java
|
f8373b5afc6dd25350bbca7093178807f1cc9ed6 |
23-Dec-2015 |
Mahaver Chopra <mahaver@google.com> |
DPM Test: DA and PO cannot call DPM.reboot() Bug: 25304994 Change-Id: Ifaccf3625314f4bfcd7f99413abc9067cc3dd2f9
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
|
bf60f728cc7ed326fb8978afd9f589a685bb87b7 |
10-Dec-2015 |
Esteban Talavera <etalavera@google.com> |
Device or profile owner can let another app manage app restrictions The device or profile owner can allow another package to set app restrictions for any app in that user Similar to the way it can give permission to access CA certificate related APIs from M. Bug: 22541936 Change-Id: I0c1b0804ad300dfa4fbdc1c7721c5d8653d77861
evicePolicyManagerTest.java
|
e7927da1b6dc4f96714aa9bc4fbb71b3659f8cea |
25-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Don't call DPM from UserManager to avoid lock inversion - Also make sure DPMS.mOwners is always guarded with DPMS.this. (and remove synchronization from Owners.) Bug 25796840 Change-Id: I83f7b78e7b437d9c2a2b1d6e714346cd15f95330
evicePolicyManagerServiceTestable.java
|
3ab6f2e219c167fd35f16b6cf233ae6a39d9de02 |
05-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DA receiver should be protected with BIND_DEVICE_ADMIN. - DPM.setActiveAdmin() will not accept DAs without BIND_DEVICE_ADMIN when it's targeting NYC or above. - DAs without BIND_DEVICE_ADMIN targeting MNC or below will still be accepted. (with a logcat warning) - DAs that are already set on a device without BIND_DEVICE_ADMIN will still be accepted regardless of the target API level, even when it's upgraded to a version targeting NYC. Bug 24168653 Change-Id: I1914c2ec99135d9dd8cbac3f6914f9e43bafacc8
evicePolicyManagerTest.java
pmTestBase.java
ummyDeviceAdmins.java
|
a31ebbc439364a4993e79fd385cf6373408a42fe |
24-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Add DO API to get wifi mac address Bug 25496044 Change-Id: Ib1f0ce4ca10951edcfaa0aa79ae5c2d142a74599
evicePolicyManagerTest.java
pmMockContext.java
|
c8a5a555f1482d0f45b538eb898d6ee7e26552a6 |
19-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user - Previously on MNC, they would return the same result regardless who the calling user is. - Now they properly take DO user-id into account. Meaning, they'll always return false and null respectively, if the calling user doesn't run device owner. - Note isDeviceOwnerApp() is a public API and getDeviceOwner() is a system API. Meaning we're changing the behavior or non-private APIs. - Also cleaned up hidden APIs, and gave them explicit suffixes to avoid confusion. Bundled code should prefer them for clarity. Now we have: * APIs that work cross-users: They all require MANAGE_USERS. boolean isDeviceOwnerAppOnAnyUser(String packageName) ComponentName getDeviceOwnerComponentOnAnyUser() int getDeviceOwnerUserId() boolean isDeviceOwnedByDeviceOwner() String getDeviceOwnerNameOnAnyUser() * APIs that work within user. No permissions are required. boolean isDeviceOwnerAppOnCallingUser(String packageName) ComponentName getDeviceOwnerComponentOnCallingUser() Bug 24676413 Change-Id: I751a907c7aaf7b019335d67065d183236effaa80
evicePolicyManagerTest.java
|
ac65e1e1dba1cf0ea237a389220ec818ade07a16 |
21-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Remove UserManager.setSystemControlledUserRestriction() Now that we don't have UM.setUserRestriction*s*() that could remove all existing restrictions, there's almost no point handling DISALLOW_RECORD_AUDIO differently. Now DISALLOW_RECORD_AUDIO is handled just like other restrictions, except we don't persist it. Bug 24954662 Change-Id: I27875b4a74dd95a3ce6bb774081eeaf718eaec15
evicePolicyManagerServiceMigrationTest.java
|
cb6fd80721253ffa9dcab5cf8c2f4e9b9cd17ccc |
05-Nov-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Added keep-uninstalled-packages DO policy This policy allows DO to specify a list of apps to cache even without being installed on any user. Bug: 23938464 Change-Id: I2eeab7f148409739fc23a5c44e955ad12b63fd04
evicePolicyManagerServiceTestable.java
pmMockContext.java
|
1a2cd74526113b45d9108b6997609122c4311fb1 |
16-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
More work on layered user restrictions. - Now when DO/PO sets a user restriction, DPMS pushes it to UMS and then UMS persists it, in order for UserManager.hasUserRestriction() to never have to talk with DPMS, which would cause lock inversion. - Also apply user restrictions when a user start. - This is an updated version of the abandoned CL -- the difference is, ActivityManager no longer has to call DPMS. - Also removed an unnecessary write to userlist.xml in UMS. upgradeIfNecessaryLP(). Bug 23902097 Bug 25388912 Bug 25354031 Bug 25641040 Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
evicePolicyManagerTest.java
pmMockContext.java
ockUtils.java
wnersTest.java
|
219bbafc3fa40dae163d652365cc4a97d613011f |
12-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Revert "Do not call into ActivityManager from DPMS within DPMS lock" Bug 25567963 This reverts commit 53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd. Change-Id: I4faaa0b4c50d75e208f37b99bc1d6e2f0fff8127
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
|
53de36f9c40c9a4ac1eb9cca8f458aa6c998c1fd |
07-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Do not call into ActivityManager from DPMS within DPMS lock This will allow AMS to call into DPMS within the AMS lock instead, which will help I1537bd57b34696768ee81a979d53bb396efbc12a. - AM.clearApplicationUserData() will not be allowed for any DA apps. Bug 25567963 Change-Id: I9f0d071c815a011be4f4c85c502c39d0fe0fe5e8
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
|
6d2beef6a819aebed4119ca06cb2369bc56dd214 |
06-Nov-2015 |
Makoto Onuki <omakoto@google.com> |
Merge "Add DPM.getUserRestrictions()"
|
3a3092fab0ccb631bc70de64f3bbe5c076a1f94b |
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Add DPM.getUserRestrictions() This returns per-DO/PO restrictions. Bug 23902097 Change-Id: I225c1b01444fe2f60e5a6674d327182cc9bb15dc
evicePolicyManagerTest.java
|
803d6757fd23096e437e6fecd51ea6dda918b536 |
30-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Do not allow DO and PO running on the same user. Bug 25346603 Change-Id: Ic5fbed82466a538fbf64ef802fc2624dd67313bb
evicePolicyManagerTest.java
|
068c54a5be697c3df4657dcda33cd17c4b547710 |
13-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Layer user restrictions - Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin. - User restrictions set by DO/PO will no longer be saved by UserManger. Instead, when needed, UMS will consult DPMS to build "effective" user restrictions. - UM.getUserRestrictions() will now always return "effective" user restrictions. - DPMS migrates existing user restrictions per the eng spec. - Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has been removed. This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no longer be a valid use like it used to be. - Also introduced a fined-grained lock for user restrictions in UM to avoid deadlock between DPMS and also for better performance. Bug 23902097 Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
evicePolicyManagerServiceMigrationTest.java
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
pmTestBase.java
pmTestUtils.java
wnersTest.java
|
a52562ca9a4144cf30e6d5c6ffe856cc8e284464 |
02-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
setDeviceOwner() now requires a full component name. Bug 20149907 Change-Id: I24e66159d1d966925aa3a494b1e2839b07cdafa2
evicePolicyManagerTest.java
pmMockContext.java
wnersTest.java
|
a4f119790e32fcce56586e7324d508e35cb30a2a |
01-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
First cut of user restriction layering. - Start persisting restrictions set by DO/PO. - Also dump user restrictions on dumpsys - More changes will follow, including migration. - Now System settings are mockable. Bug 23902097 Bug 23902477 Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
wnersTest.java
|
c3cdf1c614f92759f1505b7b61265e51232b8944 |
05-Oct-2015 |
Craig Lafayette <craiglafa@google.com> |
Merge "Remove device initializer agent"
|
e7ee54ee7f4985bc743053d38d21f33c70220f05 |
21-Sep-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove device initializer agent Bug: 23216982 Change-Id: I867c0b5f4165983d1ed2623a655f6a2a5e3770bb
wnersTest.java
|
d932f7689d799b07a6776bc7c59749f672528239 |
30-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Refactor DPMS tests to be able to test more different cases. - DpmMockContext.addUser() allows to create more users. This will set up UserManager properly and create a data directory. - Updated DevicePolicyManagerTest so it can now easily emulate calls from different secondary users. Change-Id: Ic9d3e8d0d1e7f41e184c82e6dc323c244535b8d8
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
evicePolicyManagerTestable.java
pmMockContext.java
pmTestBase.java
pmTestUtils.java
wnersTest.java
|
72a3a0c7d24f629bca38ee2652491307e4e706da |
26-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Fix OwnersTest when run with -e package It was because UserManager.get() returns a static cached instance but we should always be using the mock instance that's created for each test. Bug 24378326 Change-Id: Id4663e7676d2d0130622055a97fbde0884714349
pmMockContext.java
|
b643fb0e67460344ade2e3db92738999f8168496 |
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Use a factory class for dependency injection, add more tests. - Extracting into a factory allows us to use mocks in other classes. (Such as Owners.) - Also removed broken test ApplicationRestrictionsTest. Instead added a new simplified test to DevicePolicyManagerTest. - Also stop caching rarely used instances in DPMS. Bug 24061108 Bug 24275172 Change-Id: Ice9e57204b18e7b5f6b115126dab2209041439c2
pplicationRestrictionsTest.java
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
pmTestBase.java
ummyDeviceAdmins.java
|
f76b06a6b546f430cf85e561858ed12eedc32b81 |
23-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Test more DPM APIs. Bug 24061108 Change-Id: Ia9da19f62c0f4edf53ca1f4c213f0368ec1983ba
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
pmMockContext.java
pmTestUtils.java
ummyDeviceAdmin.java
ummyDeviceAdmins.java
ockUtils.java
|
cc4bbeb76af92a8484fe05f37c4ff412b4c47ccc |
17-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Make DPM/DPMS unit-testable - Now all services that DPMS uses are injectable. - Introduce some wrappers to make static methods and final class mockable. (e.g. for Binder.getCallingUid()) - In unit tests we replace those with Mockito mocks, except we use a partial mock for PackageManager, because we use way too many methods of this and most of them are okay to use directly. - To install a partial mock to PackageManager, I needed to make ApplicationPackageManager @hide public non-final. - For a starter, added tests for DPM.setAmin(). Bug 24061108 Change-Id: I2afd51d8bc0038992d5f9be38c686260be775b75
evicePolicyManagerServiceTestable.java
evicePolicyManagerTest.java
evicePolicyManagerTestable.java
pmMockContext.java
pmTestBase.java
pmTestUtils.java
ummyDeviceAdmin.java
ockUtils.java
wnersTest.java
|
58b684f1cdc52467b71c42cfae18433a19ce7d0b |
04-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
[split system] Tentatively support running DO on meat user - setDeviceOwner() now takes a user ID. (We can infer it from Binder, but we still need it for the dpm command.) - Change broadcast target UID for DO to the DO user - Start the DO user on boot complete. TODO Investigate whether this is actually the good timing. TODO Prevent the DO user from being killed Bug 23827706 Change-Id: I227dbd444f1f4e94d98c317489d151554fe79d91
wnersTest.java
|
2714d448b12797a5050834f952fd1166246e558e |
03-Sep-2015 |
Makoto Onuki <omakoto@google.com> |
Replace all occurrences of HashMap/HashSet with ArrayMap/ArraySet. Also fix the command line for OwnersTest in javadoc. Change-Id: I53c222aa13eee179c5abf7e6ba95c6cbe9a7f47f
wnersTest.java
|
c9754cf0dfa66d39ce9ea0d2eeab5f7c442a9686 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Add unit tests for file persisting in Onwers. Bug 23432442 Change-Id: If10ed5a46084695b2aca1286713b8baea8c2a418
pmMockContext.java
pmTestBase.java
wnersTest.java
|
99aeac27ebc5ad54c0095122251cc0258713c263 |
31-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Rename DeviceOwner to Owners Bug 23432442 Change-Id: Ic59c880d45126fbcf50b1bd31e37b2b64e2f3a6d
eviceOwnerTest.java
wnersTest.java
|
39e784dd46fe4c7257bf63d0a60167abb2b28f79 |
22-Aug-2015 |
Makoto Onuki <omakoto@google.com> |
Split device owner config files DPMS.mDeviceOwner is now always non-null, so no null checks are needed. Bug 22802261 Bug 23432442 Change-Id: Ia8e5f114ecfc0add44b0d1be7d043ef6e37019ef
eviceOwnerTest.java
|
8add57224ffcf73705e507f1b73954e5de15eb88 |
23-Dec-2014 |
Esteban Talavera <etalavera@google.com> |
Remove deprecated version of setProfileOwner that takes packageName The ComponentName equivalent should be used instead. Bug: 17654371 Change-Id: I7001e86ab1709b824944148a3c44af5243dacb83
pplicationRestrictionsTest.java
eviceOwnerTest.java
|
5b5aa4072fb58aea47f523c724878c579adae294 |
02-Jun-2014 |
Amith Yamasani <yamasani@google.com> |
Handle saving and restoring ints in application restrictions Unit tests for restrictions types and proper escaping. Change-Id: Iac35521faf5798398a89fecbad82fcdd256a4146
pplicationRestrictionsTest.java
|
776c555d954d9494069f786785877c08add27327 |
09-Jan-2014 |
Adam Connors <adamconnors@google.com> |
Extend DeviceOwner concept to accommodate ProfileOwners ProfileOwners, like DeviceOwners, are Device Admins that have additional priviledges. ProfileOwners however are scoped per user. Change-Id: I1e22c85878e0672121e6ebbe97fca38591f992b2
eviceOwnerTest.java
|