Timeout can be set to lower than 1h on debuggable builds (eng, user-debug)
using persist.sys.min_str_auth_timeo system property. This allows manual
testers to more easily carry out testing scenarios.
Bug: 29825955
Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h
Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000"
Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab
Also removed the code that sends broadcast to all device admins
in profile owner package since it was used for legacy
provisioning of the whole package and now should be migrated
by findOwnerComponentIfNecessaryLocked().
Test: gts-tradefed run gts -a armeabi-v7a -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest
Change-Id: I6316df7375fd24da133c83c7930815ba909194f2
Bug:31000521
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Test: Manually tested wipeData() with TestDPC, both on 1) the primary user,
2) a secondary user and 3) work profile.
* Modified TestDPC so it supports secondary users
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Bug 30681079
Change-Id: Ib97a92a6af87a5589d2643b9ae0522395735e1a5
Don't check the accounts when the caller is not ADB.
MR2 already has this change.
Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest
* without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 *
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Change-Id: I654c41d0e7434c5fce75eb2df5fd7686a54e9093
For device owners set pre-O, that restriction will not
be set via setDeviceOwner(). Therefore set it during
first boot after O OTA.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 31952368
Change-Id: I7db9b14c49a75ae2760e6923a1f3f7cde0e2784b
DPMS.lockNow takes a flag which can request the managed profile CE key to
be evicted.
Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction*
Bug: 31000719
Change-Id: I68f4d6eed4b041c39fd13375f7f284f5d6ac33da
A notification is shown after network logging is enabled
and after the next three reboots that are at least one day apart.
Clicking it sends an intent to quick settings to shown its device monitoring
dialog.
Bug: 29748723
Bug: 33126577
Test: Manual, CTS-Verifier tests will be added later
Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
Only the device owner should be able to create a managed
profile if that restriction is set
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 31952368
Change-Id: Ia5170e54594ccba1e5bcedffaec98c2af42264c0
Only store the metrics in RAM, computing them at first log in.
Test: com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24
Bug: 32793550
Change-Id: Iaf9516c193f054331e3e2c68cb3f627bd543b408
Reverting because the length of the prop key is out of bounds.
Bug: 33662416
This reverts commit 60d1feed92.
Change-Id: I66a3f7f18e668acbf2ddaf60ab8efa2584799906
Fixes a potential race condition - when enabling/disabling the logging
some events might have been lost.
Bug: 29748723
Change-Id: I8a436d525393b2314805e287eddcea26d4ec073b
Timeout can be set to lower than 1h on debuggable builds (eng, user-debug)
using persist.sys.min_strong_auth_timeout system property.
Bug: 29825955
Change-Id: I51d421c3e10625787ecfdbe011f9128cd47cb2a2
Add the network logging icon in Quick Settings' footer if
network logging is enabled, possible next to the VPN icon.
Quicksettings has to be able to tell that network logging
is enabled, so this CL changes DPM.isNetworkLoggingEnabled() to be
callable from the device owner or from any app with the MANAGE_USERS
permission.
The icon is only a placeholder until the official icon is finished.
CTS Verifier tests will be added when all Network logging UX changes are
done.
BUG: 33126618
BUG: 29748723
Test: runtest --path frameworks/base/packages/SystemUI/tests
Change-Id: Ib35d323605ab11f883a4b6199d1db79b9e53c49b
- Make the CTS hermetic and not adding new restriction after CTS test
- DeviceOwner can't clear this user restriction in CTS, as it's set by ManagedProvisioning
- It can be only clear when testOnly DPC becomes deviceOwner, and being removed by remove-active-admin in shell
Bug:31856203
Test: build successfully
Change-Id: I75b91629ef09c54e9dbe7253df6a52894a938e83
Added hidden pre condition codes for PO and DO provsioning.
Added hidden api checkProvisioningPreCondition, which returns codes
instead of boolean. Managed provisioning can use this to show
useful debug information and user facing error dialogs.
Test: All DevicePolicyManagerTest pass
Bug: 27467633
Change-Id: I7d2a79921bc3ac2e12d506629a35563fc7ff62bf
Introduce a new internal flag MATCH_ANY_USER for genuine uses
of searching through all apps on the device.
Some temporary accommodations for Launchers that reach across
to the work profile until we have a new LauncherApps API to do
that officially.
Bug: 31000380
Test: CTS tests added
Change-Id: I2e43dc49d6c2e11814a8f8d1eb07ef557f31af34
The Profile Owner of a managed profile can set a string that will be
shown in the UI to identify the organization managing the profile.
This CL extends the functionality to the Device Owner of a managed
device.
Bug: 32692748
Test: DevicePolicyManagerTest unit test + CTS test in separate CL
Change-Id: I47295da2fd6485ebf0e890da13990a044accaf17
1. No longer throw SecurityException when we fail to resolve the intent.
Return false instead.
2. Throw IllegalArgumentException early if the incoming intent is not
explicit.
3. Throw SecurityException with different error message. It makes debug
easier and allows tests to verify a particular thing happened.
Bug: 33197200
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest
Change-Id: I723ab7f434c10407aa4e7dc8e9a6e3e9bb9f2059
This CL makes DPM.isDeviceManaged() accessible to the DO so that it
can be CTS-tested.
Bug: 32692748
Test: Device policy manager unit test + CTS & GTS in separate CLs
Change-Id: I5326e86b0ffee81d04bd48f0267044463a899b78
Make setAffiliationIds public so that it can be used for COMP.
That way we can allow network logging and other features to
work on devices that have a DO and a managed profile.
Those features are currently restricted to single user devices but we'll
open them up to devices where all users are affiliated.
Also create a getter for that API.
Bug: 32326223
Test: m FrameworksServicesTests &&
adb install \
-r ${ANDROID_PRODUCT_OUT}/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
-w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ie443be887a6ca61a7f7a07e137757dceab7eb3d3
Was meant to write test for bindDeviceAdminServiceAsUser, but
it can't be done without having tests for
getBindDeviceAdminTargetUsers first as bindDeviceAdminService depends
on getBindDeviceAdminTargetUsers.
A bit shocked by we didn't have any managed profile tests in
DevicePolicyManagerTest. Added managed profile support in the CL.
Bug: 32764274
Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Change-Id: If412e4f44c3ae998f69e17411f2503a97f80149f
