Currently only device owner can set global user restrictions.
With this CL ENSURE_VERIFY_APPS will be global no matter who
enforces it, DO or PO.
To make it possible for system apps to check who enforces a
particular restriction in this case a new API method is added
to UserManager: getUserRestrictionSources which returns a list
of users who enforce the restriction.
Bug:31000521
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.UserRestrictionsTest (ag/1732744)
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java
Test: installed M on a Nexus5x device, created a managed profile with some user restrictions, and checked that after upgrading M->O all restrictions are preserved and split correctly into base, global and local.
Change-Id: I543d3ec9ef0cf2b730da6f7406021c0bba43b785
This CL allows a reason to be specified when installing a package. The
install reason is a sticky piece of metadata: When a package is e.g.
installed via enterprise policy and an update is then manually
installed or sideloaded, the install reason will remain "policy."
The install reason is tracked separately for each user.
With this CL, two install reasons exist: "policy" and "unknown." Other
install reasons will likely be supported in the future.
Bug: 32692748
Bug: 33415829
Test: Tested manually with "adb install" / "adb uninstall"
Change-Id: I0c9b9e1b8eb666bb6962564f6efd97e41703cd86
The full batch will still be available to DPC if there were no
network logs pending.
Added some more debug logging to better investigate the issues.
Test: manual for both cases - pending batch was empty and non-empty,
with locally decreased timeout
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser
Bug: 34157435
Bug: 29748723
Change-Id: Iee229d74d4b0a06025b305a15687f336a0aa337e
DPM.setActivePasswordSufficient() can be called by a DPC before the
password has been entered on non-FBE devices. The metrics must be saved
so this API can work correctly.
Bug: 32793550
Test: manual
Change-Id: I078d0f1f98875d577aeaf25f12dc9c27e3f80658
Timeout can be set to lower than 1h on debuggable builds (eng, user-debug)
using persist.sys.min_str_auth_timeo system property. This allows manual
testers to more easily carry out testing scenarios.
Bug: 29825955
Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h
Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000"
Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab
Also removed the code that sends broadcast to all device admins
in profile owner package since it was used for legacy
provisioning of the whole package and now should be migrated
by findOwnerComponentIfNecessaryLocked().
Test: gts-tradefed run gts -a armeabi-v7a -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest
Change-Id: I6316df7375fd24da133c83c7930815ba909194f2
Bug:31000521
DeviceAdmins inside profiles may receive broadcasts referring either
to the parent profile or to themselves.
We need a way to differentiate that.
Same commit fixes a bug in DevicePolicyManagerTest where USER_SYSTEM
is returned twice in getProfiles() when called for a managed profile of
USER_SYSTEM. This does not happen in the real API.
Bug: 30185351
Bug: 31001762
Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Change-Id: Iea2735357f4019b2b81b6784e7ea6aead63f2636
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Test: Manually tested wipeData() with TestDPC, both on 1) the primary user,
2) a secondary user and 3) work profile.
* Modified TestDPC so it supports secondary users
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Bug 30681079
Change-Id: Ib97a92a6af87a5589d2643b9ae0522395735e1a5
Don't check the accounts when the caller is not ADB.
MR2 already has this change.
Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest
* without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 *
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Change-Id: I654c41d0e7434c5fce75eb2df5fd7686a54e9093
For device owners set pre-O, that restriction will not
be set via setDeviceOwner(). Therefore set it during
first boot after O OTA.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 31952368
Change-Id: I7db9b14c49a75ae2760e6923a1f3f7cde0e2784b
DPMS.lockNow takes a flag which can request the managed profile CE key to
be evicted.
Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction*
Bug: 31000719
Change-Id: I68f4d6eed4b041c39fd13375f7f284f5d6ac33da
A notification is shown after network logging is enabled
and after the next three reboots that are at least one day apart.
Clicking it sends an intent to quick settings to shown its device monitoring
dialog.
Bug: 29748723
Bug: 33126577
Test: Manual, CTS-Verifier tests will be added later
Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
Only the device owner should be able to create a managed
profile if that restriction is set
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 31952368
Change-Id: Ia5170e54594ccba1e5bcedffaec98c2af42264c0
Only store the metrics in RAM, computing them at first log in.
Test: com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24
Bug: 32793550
Change-Id: Iaf9516c193f054331e3e2c68cb3f627bd543b408
Reverting because the length of the prop key is out of bounds.
Bug: 33662416
This reverts commit 60d1feed92.
Change-Id: I66a3f7f18e668acbf2ddaf60ab8efa2584799906
Fixes a potential race condition - when enabling/disabling the logging
some events might have been lost.
Bug: 29748723
Change-Id: I8a436d525393b2314805e287eddcea26d4ec073b
Timeout can be set to lower than 1h on debuggable builds (eng, user-debug)
using persist.sys.min_strong_auth_timeout system property.
Bug: 29825955
Change-Id: I51d421c3e10625787ecfdbe011f9128cd47cb2a2
Add the network logging icon in Quick Settings' footer if
network logging is enabled, possible next to the VPN icon.
Quicksettings has to be able to tell that network logging
is enabled, so this CL changes DPM.isNetworkLoggingEnabled() to be
callable from the device owner or from any app with the MANAGE_USERS
permission.
The icon is only a placeholder until the official icon is finished.
CTS Verifier tests will be added when all Network logging UX changes are
done.
BUG: 33126618
BUG: 29748723
Test: runtest --path frameworks/base/packages/SystemUI/tests
Change-Id: Ib35d323605ab11f883a4b6199d1db79b9e53c49b
- Make the CTS hermetic and not adding new restriction after CTS test
- DeviceOwner can't clear this user restriction in CTS, as it's set by ManagedProvisioning
- It can be only clear when testOnly DPC becomes deviceOwner, and being removed by remove-active-admin in shell
Bug:31856203
Test: build successfully
Change-Id: I75b91629ef09c54e9dbe7253df6a52894a938e83
Added hidden pre condition codes for PO and DO provsioning.
Added hidden api checkProvisioningPreCondition, which returns codes
instead of boolean. Managed provisioning can use this to show
useful debug information and user facing error dialogs.
Test: All DevicePolicyManagerTest pass
Bug: 27467633
Change-Id: I7d2a79921bc3ac2e12d506629a35563fc7ff62bf
Introduce a new internal flag MATCH_ANY_USER for genuine uses
of searching through all apps on the device.
Some temporary accommodations for Launchers that reach across
to the work profile until we have a new LauncherApps API to do
that officially.
Bug: 31000380
Test: CTS tests added
Change-Id: I2e43dc49d6c2e11814a8f8d1eb07ef557f31af34
