If DISALLOW_REMOVE_USER is set and there is already a managed profile:
isProvisioningAllowed() should return false
BUG:32629873
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I093bed0a4a54f83decf11716ebfd50dd4f17c089
In this case, don't require the device to have gone through the
Setup Wizard before disqualifying DO/PO if there's an incompatible
account on the device.
BUG: 32438704,32438210
Change-Id: I6858db13c8df6e95d01d18a903f4343f70370e8b
This CL follows up on ag/1530343 and adds:
1) Various network events.
2) Retrieval method in DPM and APIs in DeviceAdminReceiver.
3) Extension of NetworkLogger and it's NetworkLoggingHandler.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java
Bug: 29748723
Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
This CL adds:
1) Setter and getter in DPM to manipulate logging switch (retrieval
method to come in a subsequent CL(s)).
2) A way for DPM to register to listen for events.
3) Skeleton of NetworkLogger class (more to come in subsequent CL(s)).
Bug: 29748723
Change-Id: I5c04662ccc6febd2ba294b0eaca1ed1da9c16e47
BUG:32300784
Test: create user in TestDPC, set DISALLOW_REMOVE_USER restriction,
and remove this user.
Change-Id: I96ab02d594cd1a8ab14420e12357f2083da1ce63
To get the better understanding of provisioning flows, we are logging
all the entry points to Managed provisioning. This change implements it
for ADB.
Test: cts-tradefed run cts --module DevicePolicyManager
Bug: 31424428
Change-Id: Id8b6638fcec1642c54efaffdfaaee81040f4de8a
The admin can instead use the value of 0 to reset to default.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Bug: 31430135
Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c
(cherry picked from commit 943aabd11c)
1. Modify DPM.isProvisioningAllowed to allow it to happen
2. Introduce hidden API createProfileForUserEvenWhenDisallowed for
ManagedProvisioning app to create profile under DO.
Apps with MANAGE_USERS permission can clear the
DISALLOW_ADD_USER restriction anyway, so they do not gain extra power.
Test: runtest -x frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.CustomDeviceOwnerTest#testIsProvisioningAllowed
Bug: 31895999
Change-Id: I10dc3043653130ae717a1d3d8256c9e73231bb21
The admin can instead use the value of 0 to reset to default.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Bug: 31430135
Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c
We were disabling backup in consumer mode as well.
BUG=31754835
TEST=android.content.pm.cts.shortcuthost.ShortcutManagerBackupTest
Change-Id: I42e5cfa512fda1b471eb62c7eb8bc346383da2fa
Allows PO and DO configure strong auth timeout for fingerprint.
Bug: 31430135
Change-Id: Ie6451d49aa95527adc3720d9a2a0848f58940510
(cherry picked from commit 8f010dd25d)
- Non-test-only DO/PO still can't be installed when there are
accounts.
- Test-only DO/PO can be installed even when there are accounts,
as long as all the accounts have the
"android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED" feature.
Some authenticators claim to have any features, so to detect it,
we also check android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED
and disallow installing if any of the accounts have it.
- Also add logs on certain important events in DPMS.
Bug 28928996
Change-Id: I62efce10e9cc22e994ea8cae91a4fafcce25dd77
