Every call to the method is logged regardless of permission check result
Bug: 120840632
Test: atest com.android.cts.devicepolicy.PasswordComplexityTest
Change-Id: Ie690b465a2ee1088e2e0df3fdf7733a41538fbb3
According to new requirements in b/121179845, we are changing the
API pattern from "add/remove" to "set(set<string>)" to support
"enable all packages" operation. Setting the whitelist to null
will enable all packages. This behavior is consistent with existing
methods in DevicePolicyManager, e.g. setPermittedInputMethods.
Also corrected some languages in the comments and annotations.
Bug: 121179845
Test: atest ManagedProfileTest#testCrossProfileCalendar
atest DevicePolicyManagerTest
Change-Id: I87f17a2094792e44fdeb672658bddb871c2c1eeb
Disable certain APIs which require secure lock screen if the device
doesn't have the feature.
Make sure one cannot set the password/PIN if there is no secure lock
screen, because the password/PIN wouldn't be really used afterwards
while the password strength checks would succeed, creating a false
sense of security.
Allow setting password strength requirements in DPM - test if the
current password is sufficient will fail automatically if there is
no secure lock screen.
Bug: 111072170
Bug: 111071972
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases
Test: cts-tradefed run cts -m CtsAdminTestCases
Test: frameworks/base/core/tests/utiltests/runtests.sh
Test: adb shell am instrument -w -e class com.android.internal.widget.LockPatternUtilsTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Test: atest SyntheticPasswordTests
Test: atest LockSettingsServiceTests
Test: atest LockSettingsShellCommandTest
Test: atest DevicePolicyManagerTest (for servicestests)
Change-Id: Ie46b0de6cb03c26dd05c05711c5c3b5e36a872df
A new permission check in AlarmManager means that we need to clear caller
identity before calling into mNetworkLogger.forceBatchFinalization to
force network logs.
Bug: 123028500
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Change-Id: I62a9473fa4ec5493a3db4fdad3469e46737fadc0
Fix the NPE caused when the battery condition fails. To make this CTS
testable, change the battery check mechanism and force
DevicePolicyConstants to reload when the device_policy_constants global
settings are modified.
Change-Id: I59d4630a6dd2d1b52f1adb1da4238ee53c20c0e6
Fixes: 112076619
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest#testInstallUpdate
WTF should only be logged when there is more than one delegates,
not when there is none.
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
and check logcat for the absence of WTF logs
Bug: 122363826
Change-Id: I51972ec4fabb2de70a6fe1700afae3aea95e34ab
In order to support BYOD (Bring your own device) use cases, Android
phones can associate multiple users into a single profile group so
that other system components such as launcher can help users
seamlessly switch user identity without doing a heavy-weight
device-level user switching.
For instance, an Android device can be configured to work for two
different users Alice and Bob, while Alice also has two different
identities: one as her private account and the other for her
work-related account.
Profile group X == Alice:
Parent user X (user id: 0)
for personal account, under her control.
Child user 1 (user id: 10)
for work-related account, partly under system-admin's control.
Profile group Y == Bob:
Parent user Y (user id: 11)
private account, under his control.
The above configuration allows system-level data separation not only
between Alice (user 0) and Bob (user 11) but also between Alice's
personal account (user 0) and Alice's work-related account
(user 10). For instance, Calendar app that runs under user 0 cannot
see any data for other users including user 10.
IME is one of known exceptions in the above design. For instance, when
Alice is using the device, the system launches InputMethodService,
which is the code-level representation of IMEs, only for the user 0
then gives it a special ability to interact with all the applications
that run under the same profile group.
Profile group X == Alice:
IME works as user 0 but interacts with apps that run under
user 0 and 10.
Profile group Y == Bob:
IME works as user 11 and interacts with apps that run under
user 11.
Of course there are non-trivial imprications by sharing the same
instance of InputMethodService across profiles but this was basically
the only option when we initially introduced in Android 5.0 [1]
because of multiple challenges (schedule, complexity, performance
concerns, and so on). To to mitigate the risk, we also introduced APIs
that allow system administrators to whitelist what IMEs can be enabled
for the entire profile [2]. Even with such a whitelist feature, we
have received multiple feature requests to completely separate IME
instances by profile boundaries, like other applications behave.
This is why this CL was authored.
With this CL, a new runtime mode "per-profile IME" is introduced
behind the flag. When the flag is enabled:
* InputMethodManagerService (IMMS) may calls IMMS#switchUserLocked()
from IMMS#startInputOrWindowGainedFocus() every time when a
different profile's IME client gains IME focus.
* SpellCheckerService also enables per-user mode, which has been
temporarily disabled [3].
* DevicePolicyManagerService no longer disable packages that contain
system IMEs when creating a new profile user.
* Following IME APIs start returning result based on the caller's
user (profile) ID.
* InputMethodManager#getInputMethodList()
* InputMethodManager#getEnabledInputMethodList()
* InputMethodManager#getEnabledInputMethodSubtypeList()
There are still multiple known issues though. Hopefully we can address
those issues in subsequent CLs.
* Inline-reply from non-primary profiles is still dispatched to the
main profile's IME because SysUI is always running under main
profile (Bug 120744418). This probably can be addressed by
allowing the IME clients that have INTERACT_ACROSS_USERS_FULL to
specify the target user ID in some @hide parameter.
* IMMS#switchUserLocked() is not yet fully optimized (Bug 28750507).
New client app's UI thread can be blocked more than 100ms,
depending on the number of installed IMEs and the number of IME
subtypes implemented by those IMEs.
* Even after IMMS#switchUserLocked() is fully optimized, IMEs'
cold-startups are known to be slow. One way to optimize this is
keeping binding to those IMEs, but doing so would require 1)
non-trivial amount of code changes and 2) doubles RAM consumption.
* Virtual keyboard settings page for profile users are not yet
available (Bug 120748696).
* Migration from shared-profile IME mode to per-profile IME mode is
not yet supported (Bug 121348796). By default, IME packages will
be automatically disabled when a profile user is created. This
means if the device switches from shared-profile IME mode to
per-profile IME mode, IME packages continue to be disabled hence
the user cannot type anything for those profiles.
Anyway, there should be no behavior change unless the debug flag is
explicitly flipped.
[1]: I3bd87b32aec69c3f8d470c8b29b144f4e849c808
734983fff3
[2]: I921888660d29a5370395db87adf75d4d106660c9
9c9cbac5b71a23ed0dbab0f44cb78a820514cfc6
[3]: Ic046f832f203115106409a53418a5746eb6d4939
3f8c568883
Fix: 120709962
Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases
Test: Made sure that there is no behavior change if the debug flag is
not set as follows.
1. Install Test DPC
2. Enable managed profile with Test DPC
3. make -j EditTextVariations
4. adb install -r $ANDROID_TARGET_OUT_TESTCASES/EditTextVariations/EditTextVariations.apk
5. Open two EditTextVariations instances in split-screen mode
5.1. One is for the main profile
5.2. The other is for the managed profile
6. Make sure that main profile's instance of AOSP Keyboard is used
for both applications.
7. Make sure that main profile's instance of Android Spell Checker
is used for both applications.
8. adb shell ime list -a -s --user all
-> Only "com.android.inputmethod.latin/.LatinIME" is shown.
9. adb shell dumpsys textservices
-> Only result for user #0 is shown.
Test: Made sure that basic text input can be done with
"per-profile IME" mode enabled as follows.
1. adb root
2. adb shell setprop persist.debug.per_profile_ime 1
3. adb reboot
4. Install Test DPC
5. Enable managed profile with Test DPC
6. make -j EditTextVariations
7. adb install -r $ANDROID_TARGET_OUT_TESTCASES/EditTextVariations/EditTextVariations.apk
8. Open two EditTextVariations instances in split-screen mode
8.1. One is for the main profile
8.2. The other is for the managed profile
9. Make sure that AOSP Keyboard will be re-launched to correspond to
the focused IME client's user profile.
9.1 When EditTextVariations for the main profile is focused,
AOSP Keyboard for the main profile is shown.
9.2 When EditTextVariations for the work profile is focused,
AOSP Keyboard for the work profile is shown.
10. Make sure that different instances of Android Spell Checker are
used based on target application's profile
11. adb shell ime list -a -s --user all
-> "com.android.inputmethod.latin/.LatinIME" is shown for both
user #0 and user #10.
12. adb shell dumpsys textservices
-> Both user #0 and user #10 have results.
Test: atest DevicePolicyManagerTest#testSetPermittedInputMethods_failIfNotProfileOwner
Test: atest com.android.server.devicepolicy.OverlayPackagesProviderTest
Change-Id: Ied99664d3dc61b97c919b220c601f90b29761b96
Fixes an issue where setting a password via DPM would never
satisfy a QUALITY_COMPLEX password requirement.
Change-Id: I3fbc952bd44291ac22728c626b128fc0c1aae232
Merged-In: I3fbc952bd44291ac22728c626b128fc0c1aae232
Fixes: 120915644
Bug: 110172241
Test: atest 'com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24#testRunDeviceOwnerPasswordTest'
Test: Set credential via DPM.resetPassword(), factory reset device to trigger FRP, verify FRP shows.
(cherry picked from commit ea8d82c08a)
Fixes an issue where setting a password via DPM would never
satisfy a QUALITY_COMPLEX password requirement.
Change-Id: I3fbc952bd44291ac22728c626b128fc0c1aae232
Fixes: 120915644
Bug: 110172241
Test: atest 'com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24#testRunDeviceOwnerPasswordTest'
Test: Set credential via DPM.resetPassword(), factory reset device to trigger FRP, verify FRP shows.
Error code 51 is given when trying to downgrade a device, so this is
required to fix our broken CTS test and give an accurate error code to
the admin.
Change-Id: I436fb7a605dc47dc5388c78c67d7db08ffcf867a
Fixes: 120896091
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.DeviceOwnerTest#testInstallUpdate
Following method/fields access should never require system server
priviledge. Hence there is no need to clear calling identity.
* ApplicationInfo#flags
* InputMethodInfo.getServiceInfo()
* ServiceInfo#applicationInfo
* ServiceInfo#packageName
This CL should be no user-observable behavior change.
Bug: 120709962
Test: Manually verified as follows.
1. Build aosp_taimen-userdebug and flash it
2. Install TestDPC.
3. Set up a work profile
4. Open TestDPC in the work profile mode.
5. Tap "Set input methods"
6. Tap "OK"
7. Open Settings App -> System -> Languages & input -> Virtual keyboard
8. Tap "Manage keyboards"
9. Make sure nothing crashes.
10. make -j SoftKeyboard
11. adb install -r $OUT/system/app/SoftKeyboard/SoftKeyboard.apk
12. Open TestDPC in the work profile mode.
13. Tap "Set input methods"
14. Make sure that "Sample Soft Keyboard" is unchecked.
15. Tap "OK".
16. Open Settings App -> System -> Languages & input -> Virtual keyboard
17. Tap "Manage keyboards"
18. Make sure that you cannot enable "Sample Soft Keyboard"
Change-Id: Idce0ac68ee6a6ca6e1186bd2adf9bd07a1f9f397
Address the case where the Private DNS mode has not been set at all, so
the value obtained from settings when reading it is null.
Java cannot cope with null value in a switch statement, so translate
that case to the default value (from the ConnectivityManager), in the
same way the Settings code does when presenting Private DNS mode to the
user.
Bug: 112982691
Test: Factory reset a device, then atest com.android.cts.devicepolicy.DeviceOwnerTest#testPrivateDnsPolicy
Change-Id: Ife6b5c15b70517f75d8815103a19a9ef72122212
Since MAC randomization will be randomized by default in Q,
which means the current MAC could change arbitrarily, the
existing API need to be modified to always get the factory MAC.
Bug: 111634904
Test: atest DevicePolicyManagerTest
Change-Id: I91a150fe4439ecef3836abb3c1ed087837a5fc67
Fix a bug where we iterate through a map with an iterator while deleting
some elements (on the map directly, not using the iterator) at the same time.
Bug: 112982695
Test: atest com.android.cts.devicepolicy.MixedProfileOwnerTest#testDelegation
Change-Id: Id46701791d9666ed653683f41e82e3b1d2288432
Previously a Device Owner or an affliated Profile Owner of the DO can silently
install APKs via PackageInstaller APIs. This CL additionally grants delegates
of DO the same access.
Bug: 112982695
Test: atest com.android.cts.devicepolicy.MixedProfileOwnerTest#testDelegation
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegation
Change-Id: I777ee6aa1ecd036ee56270fc6b4e86b74d1042a6
* DELEGATION_NETWORK_LOGGING
Allow delegated apps to control and retrieve network logging
* DELEGATION_CERT_SELECTION
Allow delegated apps to automatically select client certificates for apps.
* DELEGATION_PACKAGE_INSTALLATION
Allow delegated apps to silently install packages.
Also introduce DelegatedAdminReceiver which is analogue of the existing
DeviceAdminReceiver and enables delegated apps to receive system callbacks
related to their delegated capabilities.
This CL introduces the three new delegation scopes as well as some
implementations changes required to support these three delegations.
it also implements the actual logic around DELEGATION_NETWORK_LOGGING
and DELEGATION_CERT_SELECTION. Handling DELEGATION_PACKAGE_INSTALLATION
will be implmented in a subseqent CL.
Bug: 112982695
Test: atest com.android.cts.devicepolicy.MixedProfileOwnerTest#testDelegation
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegation
Test: Manual with TestDPC-replica
Change-Id: I508fdda0572041cf121d0e297c93d51e981545e3
