Add enforceNetworkStackOrProfileOrDeviceOwner() to check if the
caller has PERMISSION_MAINLINE_NETWORK_STACK or not.
Call this check in isAlwaysOnVpnLockdownEnabled() for allowing
the caller which has PERMISSION_MAINLINE_NETWORK_STACK to get the
status of always-on VPN.
Bug: 141621373
Test: 1. Build pass
2. Manual test to see if CaptivePortalLoginActivity could
deal with the issue properly.
Change-Id: I3b7ddc2543e6b4754d6eaac128ca9a8ccea6b59c
Revert recent changes that make DevicePolicyManager call TimeDetector /
TimeZoneDetector to change the device time / time zone.
The DPC app runs as the user, so any rules that the TimeDetector /
TimeZoneDetector wants to enforce about what the end user can do will
need to be different for the DPMS path. There will be a dedicated
(probably LocalService) code path for the DPMS to use instead.
Bug: 140712361
Test: treehugger
Merged-In: Ia60702492231cc4c7c5de157c1f266d30996d950
Change-Id: Ia60702492231cc4c7c5de157c1f266d30996d950
(cherry picked from commit 77c9fcdb10)
On devices that have a Device Owner, or had a Device Owner and Profile
Owner and the managed profile was removed, apply the restriction
for adding a managed profile.
This would prevent such devices from getting into the DO+PO mode, which
is no longer supported in R.
Bug: 149006203
Test: Manual, set TestDPC as the Device Owner, upgrade it, observe TestDPC cannot create a managed profile.
Test: Manual, have a device with different DO and PO packages, remove PO, observe it cannot be re-added.
Change-Id: Iea48049a671071d2ad075b5e4c9ae3ce830975d3
* If setApplicationHidden is called with a non-system
non-installed app, the exception thrown exposes
whether the app is installed on the personal side.
* To solve this, the exception thrown is wrapped
and a different message, which does not include
whether the app is installed, is used.
Bug: 150677248
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testApplicationHiddenParent
Change-Id: I742b5d71904e5d54cc2b353448fa043bbc7293cb
DevicePolicyManagerService needs to clear caller identity before
calling into PackageManager APIs, to make sure the app enumeration
restriction in R does not adversely affect its functionalities.
Bug: 150407679
Test: MixedManagedProfileOwnerTest#testDelegatedCertInstaller
(without the stopgap fix ag/10456865)
Change-Id: I237c527241c26a309302bc2f7e36f8007a6c53b8
* A SecurityException was being thrown because getProfiles
in UserManager cannot be called by the COPE PO for user 0
without permission MANAGE_USERS or CREATE_USERS.
* Added binderWithCleanCallingIdentity to this method.
Bug: 149941985
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testScreenCaptureDisabled
Change-Id: Iccc60233baaeaa732f197d7aaf31acc9d75a247b
Merged-In: Iccc60233baaeaa732f197d7aaf31acc9d75a247b
(cherry picked from commit 2797594914)
ADB_ENABLED historically meant the state for USB debugging. Since
wireless debugging can be enabled separately, define another setting
for it.
BUG: b/111434128
Test: make
Exempt-From-Owner-Approval: approved in aosp_master
Change-Id: If3abca8e77381d6832f55d55a43c52ee1a1267d1
When security logging is enabled on org-owned profile devices,
Security events will be redacted to preserve privacy on the personal
profile as follows:
* TAG_ADB_SHELL_CMD
Shell command will be redacted.
* TAG_MEDIA_MOUNT
* TAG_MEDIA_UNMOUNT
The media's volume name will be redacted.
* TAG_APP_PROCESS_START
* TAG_CERT_AUTHORITY_INSTALLED
* TAG_CERT_AUTHORITY_REMOVED
* TAG_KEY_GENERATED
* TAG_KEY_IMPORT
* TAG_KEY_DESTRUCTION
* TAG_KEY_INTEGRITY_VIOLATION
Only events happening inside the managed profile will be returned
to the admin.
Bug: 148437300
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest FrameworksServicesTests:SecurityEventTest
Test: atest FrameworksCoreTests:EventLogTest
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithTwoUsers
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingEnabledLogged
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testSecurityLogging
Change-Id: I2e52229a3163b3e0dc3d80d71700023394d84587
There may be policy critical apps that must not be suspended by the
user in a managed profile. The owner can now use either of the following
to block suspension of apps:
- DISALLOW_APPS_CONTROL: Blocks suspension of all apps in the user
- DISALLOW_UNINSTALL_APPS: Blocks suspension of all apps in the user
- setUninstallBlocked: Blocks suspension of a given package.
The same also block any of the DistractionRestriction to be set via
PackageManager#setDistractingPackageRestrictions. This is to make sure
the apps can still show notifications.
Since the owner should have the final call, these do not block the owner
from adding app suspensions itself. Whenever either of these are set,
any app suspensions that were not originally added by the owner are
lifted immediately and any distraction restrictions that were added are
removed.
Also, clearing restrictions and suspensions if an app with SUSPEND_APPS
permission is disabled. Even though it is expected that UI not allow
such an app to be disabled, it is hard to enforce across all device
implementations. And a missed edge case would lead to permanently
unusable apps on the device.
This change also fixes a bug where any DistractionRestrictions set
weren't cleared on suspending app data clear.
Test: atest GtsSuspendAppsTestCases
Bug: 144826981
Bug: 145735990
Change-Id: I81a492e1d07a8cc9aeb0acd7e5142826824a42ae
* changes:
Remove AndroidPackageWrite
Migrate to new ParsedComponents and ParseResult
Split ParsedComponents
Add ParseResult infrastructure
ParsingPackage/ParsedPackage test code migration
ParsingPackage/ParsedPackage split source migration
Important migration for new ParsingPackage/ParsedPackage split
Separate ParsingPackage into core and ParsedPackage into server
Feature is disabled on non-FBE devices since the profile user will
end up in RUNNING_UNLOCKED state.
Bug: 143516540
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Test: manual
Change-Id: Ib87492577b4e5153a8108036af89c547e4bb76ee
If the admin has turned on always-on VPN, do not allow the user
to modify it. In order to distinguish between a user-initiated
always-on request and an admin-initiated one, DevicePolicyManager
needs to track what the admin has set, and provide getter to be
consumed by Settings code.
Bug: 137938969
Test: manually set always-on VPN and check Settings is disabled
Change-Id: Ief7454a2b66c487c23d06c2b4486a7107f8a385a
Part of the Parsing/ParsedPackage split into core/server.
This migrates any core/services source with trivially reviewable
changes. Import changes, moving files around, or generally
small single line changes scattered throughout all code that
depended on the old state of the package code.
Bug: 135203078
Test: enumerated in first commit of change ID
Ib4fe51d729a56bfb0ea1316e577358ba0dfceccf
Change-Id: If091641a81be2d943d1d3e4a3d654e200d0ce59d
* Removed parent parameter from method.
* If user is a managed profile, return active admins for that user.
* If user is not a managed profile, then add all the active admins
for that user and the parent active admins of managed profiles
associated with it.
Bug: 149461308
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAdminConfiguredNetworks
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetCameraDisabledLogged
atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testAdminConfiguredNetworks
atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testCameraDisabledOnParentLogged
Change-Id: I3a4f9dd9f43c1acd7115aede6d26bb288b110c80
Log metrics for the new app-op permission INTERACT_ACROSS_PROFILES and
each of the new app-facing and DPC-facing APIs where possible.
Simple getters do not have logging. Setters have logging but only when
the value has changed.
I always moved the logging into a separate private method. This is done
to keep the logging code from overpowering the actual logic in the
corresponding methods, particularly when there are conditions attached
to when we want to log.
There are also a few minor clean-ups in CrossProfileAppsServiceImpl.
Bug: 136249261
Bug: 149370554
Bug: 149318411
Bug: 149370875
Bug: 149370515
Test: atest com.android.cts.devicepolicy.CrossProfileAppsHostSideTest
Test: atest
com.android.cts.devicepolicy.CrossProfileAppsPermissionHostSideTest
Test: atest com.android.cts.devicepolicy.ManagedProfileCrossProfileTest
Test: atest com.android.cts.devicepolicy.ManagedProfileTest
Change-Id: Ibf2899f9b9974387ed1ba62fd02ece54a4c1564b
Let the owner of a managed profile on an organization-owned device set
accounts for which management is disabled in the primary profile, via
the parent profile's DevicePolicyManager instance.
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testCanRestrictAccountManagementOnParentProfile
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Bug: 148438071
Change-Id: I45eaf5e8e403e0c23dad2df106fefd1a1f3c6f4b
* Introduced new logic that allows the profile owner of an
organization-owned device (COPE PO) to set the restriction
KEYGUARD_DISABLE_SECURE_CAMERA on the parent profile.
* Modified the API setKeyguardDisabledFeatures to be callable
on the parent profile for restriction KEYGUARD_DISABLE_SECURE_CAMERA.
Bug: 148656201
Test: Manual testing with TestDPC
atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testSetKeyguardDisabledFeatures
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetKeyguardDisabledFeatures
atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testSetKeyguardDisabledFeatures
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetKeyguardDisabledFeaturesLogged
Change-Id: I13984193e24b8745686e48c9c58ebee40a204fc7
* Introduced new permission MANAGE_FACTORY_RESET_PROTECTION
which allows an application to set a factory reset
protection (FRP) policy.
* Added the new permission as the receiver permission when sending
a broadcast in setFactoryResetProtectionPolicy.
Bug: 148596703
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testFactoryResetProtectionPolicy
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testFactoryResetProtectionPolicy
Change-Id: I2a9c859c2304c12b58d7f16e6bae6dac15d3f8eb
* Previously, setScreenCapturedDisabled and getScreenCaptureDisabled
did not support explicitly querying the parent profile.
* This CL allows the COPE profile owner call these APIs on the parent
profile to disable screen capture device-wide.
Bug: 149006854
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testScreenCaptureDisabled
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testScreenCaptureDisabled
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testScreenCaptureDisabled_assist
atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testScreenCaptureDisabled_allowedPrimaryUser
atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testCreateAdminSupportIntent
Change-Id: I64469af190577f66f48052c7f0df20067101aac4
This mean both switch on/off and add/remove profiles.
The broadcasts already exists for registered receivers, this adds them
for manifest receivers with INTERACT_ACROSS_PROFILES permission and
crossProfile attribute.
The MANAGED_PROFILE_REMOVED broadcast is sent to all application with
android:crossProfile="true". Any cross profile app may be impacted, and
there is no possible transfer of information as the account is already
deleted at the time the signal is emitted.
Change-Id: I17fb9a01b70b28845c5d6aacdcdd497a82391474
Fix: 145135525, 145598120
Test: Demo-app using Digital Wellbeing (automated test underway).
Test: atest com.android.cts.devicepolicy.CrossProfileAppsPermissionHostSideTest
Test: atest 'com.android.cts.devicepolicy.QuietModeHostsideTest#testBroadcastManagedProfileAvailable_withCrossProfileAppsOp'
Test: atest 'com.android.cts.devicepolicy.QuietModeHostsideTest#testBroadcastManagedProfileAvailable_withoutCrossProfileAppsOp'
