We're starting to see more instances of device features that will
increment separately from the SDK API level, such as camera HAL,
GPU capabilities, Bluetooth, and other hardware standards.
This change adds the ability for device features to specify a
version, which is defined to be backwards compatible. That is, apps
requesting an older version of a feature must continue working on
devices with a newer version of that same feature.
When a version is undefined, we assume the default version "0".
Bug: 27162500
Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
This is needed from Settings to show a message informing the user
of the number of attempts before their work profile gets wiped
when using ConfirmDeviceCredentials.
Bug: 26677759
Change-Id: I4b16f7dc2f415d0ce0215a3b7a646f98fabece33
DevicePolicyManagerService checks admins on boot
and removes ones that aren't found so it needs
to match crypto and non-crypto admins.
Match non-crypto aware apps when admin is enabling
system apps.
Bug: 27126412
Change-Id: Ibb20841679fb660de281782964b068d5a13b8fe9
The API now requires the app restriction manager app to exist
on the current user when it is called.
Change-Id: I809816d4f5d73378c23b18d7b74ebb282b7dc444
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
As approved by Android Security team, added logging of
strength of auth method as well as logging of fingerprint
keyguard actions.
Bug: 26841997
Change-Id: Ic8e3f125f775a7585fe56003f4c6442390edea61
Also fix the bug where removeAdminArtifacts() is called
for all active admins on the target user.
Bug 27107878
Change-Id: I6edbdadffe8c75628539976d304e39d6abed73a4
The api deactivates all the active admins in the package, then force
stops the package and starts the uninstall intent for the package. This
is intended to provide an easy way for a user to delete a misbehaving
Device Admin
Bug: b/22359208
cherrypick of Ic7ddd89ef6db53e7e76f805808d9e806100374db
Change-Id: I0d677839120c46f22231a7d6f9cf6630cb020227
Enforce that apps with delegated powers to exist on device before
empowering them. This is consistent with DevicePolicyManagerService's
internal logic to clear the delegation power once the package is removed.
For delegated cert installer, only enforce this new restriction on
device admins targeting N or later.
Bug: 26233778
Change-Id: Ia8f45dfd5290958cebb36991c4b6baa03e8c28ae
Add isInputMethodPermittedByAdmin and
isAccessibilityServicePermittedByAdmin APIs in DevicePolicyManager.
And update utility methods in RestrictedLockUtils to use the correct
userId when checking if disabled by admin.
Bug: 26897250
Bug: 26767564
Bug: 26966213
Change-Id: I0b74b3e57904a82f8ce72d856769d35b5e8403e5
Profile owners are registered before the user is
started and unlocked, so we need to check for
components that aren't cryptoware when looking
for the admin.
Bug: 26924254
Change-Id: I61fca0a3d6e490ca6fea9a7bdc8f2c44efde74f2
Right now, the value of VERSION_CODES.N is 10000, but I'm writing
a caller app with target SDK level 24 for CTS, and the previous
logic didn't work for it.
Bug 25506830
Change-Id: I73613f30b437fb19406736f897d01d59b1f84c9d
even if they asked.
Also clear(Device|Profile)Owner should remove them as the active admin
too.
Also add some more unit tests.
Bug 26858840
Change-Id: I7b3ed92e1b4cbe803381ed6e3f64d8de17b2ebb0
Add Device Owner APIs for controlling and retrieving the logs. Retrieving the
logs should be rate limited unless we are at the risk of losing logs due to
constrained buffer space.
Bug: 22860162
Change-Id: I80658f5a14e86d7cfd42402fbc5e98dc11698c0e
We allow the profile owner of a managed profile to set the name of the
managed organization.
This name is used as the default header message shown in the confirm
credentials screen a.k.a. work challenge.
Bug: 26638631
Change-Id: I03c5acc9fffe06cdb9d0d60dd1580b20e21783b1
Prevent exception when calling setPasswordExpirationTimeout on the parent
DPM instance. Callen setExpirationAlarmCheckLocked with the parent userHandle
was breaking because getPasswordExpirationLocked was trying to call getProfiles
on a different user.
Bug: 26847085
Change-Id: I9d584573245aba65af7ecf236f2021b47afb5d7e
