Move P APIs out of BaseIDevicePolicyManager.
Bug: 73469681
Test: make -j64 checkbuild
Test: make RunFrameworksServicesRoboTests
Change-Id: Ieffafb5c331b0befed5356f8d45e9ac6e0d81bee
This adds a new framework user restriction that can be used by the DPC
to block installs from unknown sources on all profiles of a device.
Test: Manual test, disallowing installs in TestDPC disables installing
unknown sources apps.
Bug: 111335021
Change-Id: Ib9fb672c5e5dea2ac63bf8cbd1b04484b12b4056
In 534d732e9f274ad3f3e0637b9da963f889309afb, we are restricting privileged apps from silently becoming
Device Admins. Privileged apps can now call the following existing Device Admin APIs provided they have the correct permissions:
1. DevicePolicyManager#resetPassword -> Guarded by android.permission.RESET_PASSWORD
2. DevicePolicyManager#lockNow -> Guarded by android.permission.LOCK_DEVICE
The following existing Device Admin APIs already have alternatives hence no change required:
3. DevicePolicyManager#wipeData -> Send ACTION_FACTORY_RESET broadcast.
Guarded by android.permission.MASTER_CLEAR
4. DevicePolicyManager#setKeyguardDisabledFeatures -> Write '0' to LOCK_SCREEN_ALLOW_PRIVATE_NOTIFICATIONS setting
Guarded by WRITE_SECURE_SETTINGS
Bug: 111153365
Bug: 112601004
Test: Manually tested with dev privileged app
Change-Id: Ia4e1ce9b81756e7f84ed0aa22d97e0b968cd8d89
Add @GuardedBy for simple functions that require locks and have a name in
one of the frameworks naming styles for locks ("^.*(Locked|LPw|LPr|L[a-zA-Z]|UL|AL|NL)$").
Derived by errorprone.
Bug: 73000847
Test: m
Change-Id: If70bb03313388af34d547efca20fb5115de95bf1
If a device admin app targets Android Q or above, and it is not a device
owner or profile owner, throw a SecurityException if it attempts to
control the following policies:
- DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA
- DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES
- DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD
- DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD
The set of policies available to a device admin targetting Android P or below is unchanged.
Bug: 111546201
Test: com.android.server.devicepolicy.DevicePolicyManagerTest
Test: com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24
Test: com.android.cts.devicepolicy.DeviceAdminHostSideTestApi29
Test: com.android.cts.devicepolicy.ManagedProfileTest
Change-Id: Idcd0b4b91ad2fa363535c718928d382c7da054d4
Also make the new lib only use system-apis.
This allows mainline module to use the new
RestrictedLockUtilsSettingLib.
Unfortunately the whole RestrictedLockUtils would have caused to much
new system-api. Hence it was split into RestrictedLockUtils and
RestrictedLockUtilsInternal. This caused a lot of trivial code changes.
Bug: 110953302
Test: Built
Change-Id: I693b3bf56f3be71f0790776e3aad5694717786ef
Currently Keyguard uses separate counter for invalid password attempts
that is not persisted and is always initialized to zero after boot,
so if the user made several attempts and rebooted the device, the
device will show more allowed attempts before wipe than actually
available. The counter is also incorrectly reset to zero when
fingerprint is used successfully.
With this CL the same counter is used for that message and for actual
wipe triggering, it is persisted and is not reset upon reboot or
fingerprint authehtication.
Counting failed password attempts should be available in DevicePolicyManager
even without PackageManager.FEATURE_DEVICE_ADMIN.
Test: manual, tried using fingerprint and rebooting.
Bug: 112588257
Change-Id: I1f4012a95c6f6758885206f69e7ebe2c3704a567
Allows for other services like window manager to call uri grants without
holding AM service lock.
Bug: 80414790
Test: Existing tests pass.
Change-Id: Ie5b4ddb19a2cedff09332dbeb56bcd9292fd18ac
When the caller attempts to generate a key via DevicePolicyManager
(using DevicePolicyManager.generateKeyPair), and specifies that
StrongBox should be used, throw the right exception indicating
StrongBox unavailability - the same one that is thrown if the same
parameters were passed to the KeyStore's key generation method.
This is achieved by catching the StrongBoxUnavailableException in
KeyChain, returning an error code indicating this particular failure
to the DevicePolicyManagerService, which then propagates it by
throwing a service-specific exception with a value indicating
StrongBox unavailability.
The DevicePolicyManager then raises StrongBoxUnavailableException.
Prior to this change the exception propagated from KeyChain would be
a generic failure so the caller would simply get a null result.
Bug: 110882855
Bug: 111183576
Bug: 111322478
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I9abe3f449b48eb5a960fafbc15c59b9b4ce7a966
This change is cherry-picked and rebased from AOSP
https://android-review.googlesource.com/c/platform/frameworks/base/+/660242
Add face recognition as an identification method, following fingerprint
design. Unlike fingerprint, only one face template can be enrolled per
user, and a vendor message is passed from the HAL all the way to the
client callback to allow GUI indication about the enrolled face
templates.
Add FaceAuthenticationManager and FaceService.
Add face authentication capability to TrustManager and Keyguard.
Modify TrustManager and KeyguardUpdateMonitorCallback fingerprint code
to support generic biometric method to eliminate duplications.
Add BiometricSourceType enum to keep track of the specific biometric
method.
Test: biometric authentication still works on the device
Fixes: 110385761
Change-Id: I5d04fe69a112c13d3ef7330b9c08c146e36c5335
Signed-off-by: Gilad Bretter <gilad.bretter@intel.com>
This is useful because logs are batched every 1.5-2hrs if there are
not enough logs to fill up a batch. The command is throttled at
10 seconds as a spam prevention measure.
Bug: 62251154
Test: in adb shell run dpm force-network-logs. Observe a new batch
being created in the phone directory
/storage/emulated/0/Android/data/com.afwsamples.testdpc/files/. Also
observe a fresh batch is being displayed on the phone in the TestDPC
app, under "Retrieve network logs".
Change-Id: I5ff9d5c78497ea81533b5248816b4d6e160d338f
Second step in unifying the window hierarchy that is currently split
within AM and WM packages. We move some of the API implementation for
activities from ActivityManagerService.java to
ActivityTaskManagerService.java.
Test: Existing tests pass
Test: go/wm-smoke-auto
Bug: 80414790
Change-Id: I23dcd924493d8ad1e0b6e3a55386fd72b0146605
+ factored out all device-owner checking calls
+ some profile owner checks
Fixes: 110040849
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.DeviceOwnerTest#testSetTime
Test: create a profile with TestDPS, it sets profile name.
Change-Id: I5fec70505d089bd7dcea80eae3df9c0f2b7094dd
Otherwise if boot takes long enough, DO broadcast will be sent while
ActivityManagerSerivce is not ready, causing IllegalStateException.
Change-Id: I6b55ed45ed7b1f3ed9ad6ec20695907b4fa6f3b1
Fixes: 109746888
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: provisioned TestDPC as DO in SuW, enabled logging.
This allows them to continue to have this capability the
same as before we locked down access to it.
Bug: 78480444
Test: manual
Change-Id: If2b0722945235eb67676ace3f54efaa71a64bcde
When changing the password requirements, two changes have to be saved:
(1) Whether the current password complies with the new password
requirements.
(2) The new password requirements themselves.
(1) is stored on the credential owner of the user, (2) is stored on the
user itself.
In ag/3729963 (Change-ID: Ide5b2e53cf100b087822844ca51b3bc69e7ddf82),
we've switched from saving the password sufficiency flag (1) in the
user to the credential owner.
A side effect was that the password requirements themselves, (2), which
were changed on the original user the call related to, were not saved.
This fixes the bug introduced in the aforementioned CL.
Bug: 78499736
Test: Manual with TestDPC.
Change-Id: I11faef37fa6f0e8e8e558069e77021c48ee36cd4
It is possible to have null PasswordMetrics object for a given user -
if, for example, the user never had a password set.
Do not WTF in that case.
Bug: 78191197
Test: That it compiles.
Change-Id: I807c2755890b0772e295b4cb0095cac1bf2d0aef
Device or profile owners should be suspending packages via
DevicePolicyManager. If an app with SUSPEND_APPS tries use the
PackageManager api on a user with a DO or a PO, the call should fail
Test: gts-tradefed run gts-dev -m SuspendApps
Bug: 78132137
Change-Id: If478db0726073c2e59dba3a7049cc16c56d9f3d5
ServiceManager:
- Do an event log every N getService() calls with total time spent
in getService().
where N = 100 for core UIDs and 200 for other apps.
- Do an event log if getService() takes longer than N ms.
where N = 10 for core UIDs and 50 for other apps.
... with some extra throttling.
NPMS:
- Do the basic "stats logger" log for updateNetworkEnabledNL() and
isUidNetworkingBlocked()
This CL also enhances StatsLogegr so it now can show the slowest call
and the max # of calls per-second.
Bug: 77853238
Test: Manual test:
- Insert a SIM card
- Set data limit
- toggle airplane mode
- toggle wifi
- toggle mobile data
Then
- "dumpsys netpolicy" and "dumpsys activity processes" and check the stats
- also check "adb logcat -b all | grep ' service_manager'"
Change-Id: I5789541063f95d0eac501189816c8604a4571ba0
Require the callers of DPM.getPermittedAccessibilityServices(userId) to
hold the MANAGE_USERS permission. The only known callers of this API
are settings apps that already hold this permission.
Bug: 62343414
Test: com.android.server.devicepolicy.DevicePolicyManagerTest
Test: com.google.android.gts.devicepolicy.DeviceOwnerTest
Test: Manually checked accessibility settings in DO and PO modes
Change-Id: I8ee3f876fcaffa63636645f0f59709cd147254ef
Added an AlertActivity to intercept the start for an activity belonging
to a suspended app. More details will be shown if the suspending app
also defines an activity to handle the API action
SHOW_SUSPENDED_APP_DETAILS.
Test: Added tests to existing classes. Can be run via:
atest com.android.server.pm.SuspendPackagesTest
atest com.android.server.pm.PackageManagerSettingsTests
atest com.android.server.pm.PackageUserStateTest
Bug: 75332201
Change-Id: I85dc4e9efd15eedba306ed5b856f651e3abd3e99
For now enable it on ENG builds only.
(I'll change the condition in master so I'll get WTFs from qt-release devices
too.)
This will detect calling into DPMS with the following locks held:
APP_OPS
POWER
USER
PACKAGES
STORAGE
WINDOW
ACTIVITY
DPMS
On marlin-eng pi-dev, each guard() takes ~25us.
LockGuard.guard(): count=7246, total=175.1ms, avg=0.024ms
Used the following command to ensure all locks are replaced.
$ grep synchronized /android/pi-dev/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | sed -e 's/ *//' | uniq
Bug: 74553426
Test: Manual test with an intentional lock inversion.
Change-Id: Id59d562d7c275b6ea127a211284496f5d64f9f93
