The user restriction DISALLOW_MODIFY_ACCOUNTS and the policy
DPM.setAccountManagementDisabled can now be circumvented by a device
or profile owner. This allows the device or profile owner to add
accounts without briefly having to remove the policy.
Bug: 22030831
Change-Id: I2b59c4b3ad354287d7a00f21b2afef072d12517d
The CL lets MountService to observe device FD, and request unmount to
vold when the device FD was closed, or remote application providing
appfuse is crashed.
BUG=25756420
Change-Id: I7990694d32affa7f89e3f40badb25098d74d744d
There is a race when starting a non-encryption-aware launcher before
we've gone through the user lifecycle to enter the "running unlocked"
state. This can cause the launcher to choke when it's denied access
to widgets that are still considered locked.
For now, relax the notion of a user being unlocked to reflect the
on-disk state, instead of looking at the user lifecycle.
Also add logging of encryption commands.
Bug: 26267450
Change-Id: Ie330d07418cf10413e0b4380f6d6781684f01952
Only create UserState objects when a user has been unlocked, meaning
we can connect to the spooler. Ignore package events that occur
while a user is locked, since we'll kick off updateIfNeededLocked()
when that user is eventually unlocked.
In all other cases, throw if someone tries obtaining UserState for
a still-locked user. This should help catch any edge cases in the
system, and communicate clearly through public APIs that printing
isn't available until the user is unlocked.
Bug: 26246836
Change-Id: If15744621890baee206d355484fe20933afc65d8
Currently only feature specs are allowed to be read from /oem/etc/permissions.
ODM may want to add their own library specs and app configs (ie, "app-link",
"system-user-whitelisted-app" and "system-user-blacklisted-app") but they can
only add them to /system/etc/permissions and thus polluted the system.img.
With the fine-grained permission flag introduced in this change, we also tighten
the permission for OEMs so they can only customize the feature specs.
Bug: 25759900
Change-Id: I44ef1380b160c2b6a53f2af6de0c5f5eae27a859
Adding new policy in DPM to trigger reboot on the device.
Requirement: Device owner can reboot the device if it is stuck or is
not useable due to some unresponsive UI.
Bug: 25304994
Change-Id: I7a6d5c8ad611de9c1cf6619378e492a306b41626
Add comments stating that certain methods of the Java binder framework
should be kept in sync with the corresponding methods mirrored in the
native PersistableBundle implementation.
BUG: 25815410
Change-Id: I475b2e9a527291eea58c8178cd733c444dfcfed5
Previously, in Parcel.writeValue, PersistableBundle objects
would be handled as Parcelable types, since we check for
the Parcelable type before the PersistableBundle type (and
PersistableBundle implements the Parcelable interface).
Fix this by moving the PersistableBundle type "if" condition
above the Parcealble type "if" condition. Also, add a comment
that explicitly states this nuance, in order to prevent future
regressions.
BUG: 25815410
Change-Id: Ia86aa5fc39423422342df0609a0d37e7f38d7ddd
Preventing apps with MANAGE_USERS from managing application
restrictions via UserManager. Application restrictions should
only be set via DevicePolicyManager.setApplicationRestrictions,
or via Settings (for restricted profiles).
Bug: 22541936
Change-Id: Ieed51ef54b4c23a73f383465e9af9b3bcf18a514
Inefficient SQLite use can have non-obvious effects on performance. For
example, insert and update operations can trigger a surprising number of
fsync() calls, especially if they're not grouped together into
transactions.
Add tracepoints around SQLite operations, to make it easier to pinpoint
their effects on the rest of the system.
Change-Id: I30cc3d02eca264e46dcc09ca7512a32519543834
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Rename APIs to reflect that they're storage-related. Also move
credential-storage APIs to be system API.
Return a null Context when device-encrypted storage isn't
supported. This is the easiest way to keep legacy apps working when
upgrading from M to N.
Reduce strictness of path checking so we don't crash when working
with special packages like "android".
Bug: 22358539, 26104027
Change-Id: I38c24fc003488186210a6ae3b64270f86e1efe56
Delay mounting of storage devices until after the user is unlocked,
which means any emulated storage areas will be ready for use. Track
separate per-user unlocked states for local versus system lifecycle
state.
Switch to explicitly lock or unlock user keys during boot of a
device without native FBE support. This allows us to recover when
the user has disabled emulated FBE.
Force reboot when changing FBE emulation state.
Bug: 26010607, 26027473
Change-Id: Idaf8b63e69f886ddbd848a9fab6d143a5fd10500
Quiet mode means the user will be free from visual and audio interruptions
from apps inside the managed profile, including notifications, widgets and
others. This CL adds the underlying state bit to users and exposes various
APIs to control and query the quiet mode state.
Bug: 22541941
Change-Id: If5f8e5a897843050e83b6ec26cb39561098f12b9
Certain system services would like to throw exceptions
with specific error codes, so that the framework can catch
these specific conditions and express them appropriately.
Bug: 25800533
Change-Id: I94b3d30fa131f5e14bba893c971615840085459f
The system can now boot in a "locked" state where only encryption
aware (EA) components can be safely started. When in this state,
PackageManager already filters away non-EA components, but system
services like AccountManager and SyncManager need to carefully handle
these temporarily "missing" components.
As a guiding principle, all known Accounts are still present when
the device is locked, but communication with underlying non-EA
authenticators is blocked.
To keep things simple for now, all SyncManager requests are kept
dormant until the user enters the unlocked state.
The core of this logic is that RegisteredServicesCache now works
with all components regardless of EA status, which prevents us from
accidentally thinking a service was removed when the user is locked.
Bug: 25945136
Change-Id: I8714121f6236b00821769023c4df7de1c8a99944
