* Make sure that if the time is rolled back after the deadline
has been reached, it is not undone. When the deadline is
reached it is set to -1 which is far in the past, so timezone
change won't affect it.
* Return sensible value in case when the deadline has just
expired and the suspension itself hasn't been enacted.
Previously the deadline expiration wouldn't be reflected until
mAppsSuspended gets updated after all apps are suspended.
* Update deadline on time changes. This makes it react to time
changes via adb.
* Additional debug logging to investigate further if the issue
persists.
Bug: 155878352
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I6549f76584121df200ace811285e7a358f262869
* Now it is of nice blue colour, lighter in night theme.
* Uses suitcase icon instead of warning sign.
* Shows "Work profile" instead of "Android system" as the source.
note: I reused a string for "Work profile", which has the same
content, but different purpose. This is not ideal, but we are way
past the deadline.
Bug: 155612405
Test: manual, with TestDPC
Change-Id: I8298401742085b1738de384e3fe0e612a8142607
Background
* Secondary users should be disabled
when the device is an organization-owned
managed profile device.
* This is because supporting secondary
users would complicate the semantics of
user restrictions.
Changes
* Add DISALLOW_ADD_USER as a base restriction
when the device is an organization-owned
managed profile device.
* Handle removal case when the device is no
longer in this mode.
* Remove the ability of other admins to apply
DISALLOW_ADD_USER.
Manual Testing Steps
* Provision an organization-owned managed
profile device.
* Check Settings > System > Multiple users
and verify that a user cannot be added.
* Check WP TestDPC 'Set user restrictions
on parent' and verify 'Disallow add user'
is not present.
Bug: 155281701
Test: Manual testing
atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I83348fc8b854cef20383803124000540b5b130cb
Before this CL the whole notification used to be clickable,
with this CL it is not clickable but contains a button with
"Turn on work profile" text to match the mocks and to make it
more clear to the user.
Also, added text style so that the text is warpped if it can't
fit into one line.
Test: manual with TestDPC
Bug: 149075510
Change-Id: Iabe7387df99a6b719a7ce1f310c38f2916e7e4c7
When admin sets a new strong auth timeout policy, replace the existing
alarm (which enforces strong auth after the timeout) with a new one
with updated timeout.
Bug: 146188984
Test: atest com.android.server.locksettings.LockSettingsStrongAuthTest
Test: atest MixedManagedProfileTest#testRequiredStrongAuthTimeout
Change-Id: Ibcc13eb0d66697aff44192769b8fd817ca6800b8
Previously in case when the personal apps are suspended as a result
of work profile off timeout, ACTION_CHECK_POLICY_COMPLIANCE would
only be triggered if the user taps on the notificaiton. With this
change it is triggered also when the user uses any other way to
turn the profile on.
Instead of attempting to invoke policy compliance check, the
notification now turns the profile on. And once it is unlocked,
policy compliance check is triggered.
Also, made "apps suspended" notification non-dismissable.
Bug: 151439078
Bug: 149075510
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I84e5a13995af78992f22568a3a87e7d96af1a3be
String resource names were renamed to differ from the old ones
because the text used to require an integer argument.
Also notification update moved out of synchronized block.
Bug: 154912947
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I83997c2cf575f36bb2b53037ed9a68dfecc290a2
* updatePersonalAppsSuspension is invoked for all events relevant
to profile maximum time off: user stopped, user unlocked,
system boot, deadline alarm goes off,
setManagedProfileMaximumTimeOff called.
* It takes all relecant bits of state into account: policy,
current deadline, user state. It calculates the new state
of the deadline, notification and alarm and makes appropriate
changes (e.g. schedules the alarm, posts notification, suspens
apps).
* Updated package manager query flags so that even when personal
apps are being suspended while the user is locked, it includes
non direct boot aware apps as well.
Test: manual, with TestDPC
Test: atest OrgOwnedProfileOwnerTest#testWorkProfileMaximumTimeOff
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Test: atest OrgOwnedProfileOwnerTest#testPersonalAppsSuspensionNormalApp
Bug: 149075510
Change-Id: I94d2582c7af91a5d97e67d2baf2e15f0a6d5ffa9
* Add @TestApi isFactoryResetProtectionPolicySupported()
to DevicePolicyManager which returns whether factory
reset protection policy is supported on the device.
Bug: 153696811
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testFactoryResetProtectionPolicy
Change-Id: Id0bd6cdacf33f0fb2f795e1ead5127b79f42960e
Another way was to clear it using existing APIs for each package
but each call would cause Package Manager to re-serialize the
package-restrictions.xml, so I added a separate API to do it in
one go.
Bug: 149075700
Test: manual, set TestDPC as a DO, block uninstall, remove DO.
Test: manual, set TestDPC in COMP, block uninstall, migrate to COPE.
Change-Id: I9be69af5d7ae9e0ddda087d3e01e35f3429f25f4
+ don't send broadcast when clearing already empty restrictions.
Bug: 149075700
Test: manual, set TestDPC as a DO, set restriction, remove DO.
Test: manual, set TestDPC in COMP, set restriction, migrate to COPE.
Change-Id: Ib85ee3937c43cde1cca0dad8117cd0f8dd642fd8
If the DO is not preinstalled, it is just removed.
If it is preinstalled, it is marked as disabled until used.
Bug: 149470717
Test: manual, with TestDPC, also pushed to /system/app
Change-Id: I26f4ad486263e40c10bfb71f22001ee5ebbf117b
* accountTypesWithManagementDisabled
* disableScreenCapture
For security logging nothing has to be done since the state is
stored in a system property, just changed it so that the logging
will be started after the migration and only events for the
right user are logged.
Also removed the todo about hardening for power cut case, the
risk of additional complexity sees to outweight the benefit.
Bug: 149075700
Test: atest DevicePolicyManagerServiceMigrationTest
Change-Id: I3a58325f2d6f415e51998c5096c5fc123d26602d
* Modified setAutoTimeRequired to call
pushUserRestrictions after requireAutoTime
in the active admin is set.
* Modified addSyntheticRestrictions in the
active admin to include the auto time
required case.
Bug: 145604635
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
atest com.android.server.devicepolicy.DevicePolicyManagerServiceMigrationTest
Change-Id: Ida4952eeec8ec12573c4049a9bf8e0ce6a951a86
Expose internal API to check if the user's password
will be sufficient after profile unification. Also
expose some other helper methods and refactor
DevicePolicyManagerService to unify a few similar
methods that gather admins from user and its profiles.
Bug: 148630506
Fix: 149682344
Test: atest com.android.server.locksettings
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Change-Id: Ic647c14d5bab7e7337185bc40b1368e42c65f738
Most apps that declare the INTERACT_ACROSS_PROFILES permission do
not have it granted, but get the app-op instead. We do not
normally want platform-signed apps that are actually given the
permission to appear in the user-configurable section in Settings,
so we remove them from the return value of
canUserAttemptToConfigureInteractAcrossProfiles in this CL.
Note that OEM can choose to allow some platform-signed apps to be
user-configurable by including them in their OEM whitelist file.
This CL respects that and allows these apps to be configured by the user,
despite being granted the permission. If the user rejects the app-op,
PermissionChecker correctly returns false.
Bug: 149742043
Test: atest CrossProfileAppsServiceImplRoboTest
Change-Id: I693338507eec9cdc0ba10a3584e994a58d2d113c
It is currently not meant for use by general enterprise device admins.
Bug: 152478326
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest KeyguardUpdateMonitorTest
Test: atest AdminSecondaryLockScreenControllerTest
Change-Id: I6d60bc35a4e8f74b1da55b042582a2f2fa89d57f
* Sort the user restrictions to local restriction
set and global bundle in DPMS instead of User
Manager.
* Simplify pushUserRestrictions.
* Split the list of user restrictions the profile
owner of an organization-owned device can set into
a global and local list. The user restrictions in
the local list will only be applied to the personal
profile as opposed to the whole device.
Bug: 149743941
148453838
Test: atest com.android.cts.devicepolicy.UserRestrictionsTest
atest com.android.server.devicepolicy.DevicePolicyManagerTest
atest com.android.server.pm.UserRestrictionsUtilsTest
atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testUserRestrictionSetOnParentLogged
atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testUserRestrictionsSetOnParentAreNotPersisted
Change-Id: I1faa1f4776deb98e38595a358c01c3fbabfb1840
This commit removes the log message from DevicePolicyManagerService
when a caller fails the access requirements as it can be confusing
if the caller subsequently passes a carrier privilege check and can
access identifiers, or in the case where the caller does not have
access a similar entry is logged by TelephonyPermissions. The subId
for which the carrier privilege check is performed is also logged
to facilitate debugging.
Bug: 152117976
Test: atest SubscriptionControllerTest
Change-Id: I6d88d739a0d9053e8eff32d74d90009699abe8fc
Background
* If the device is an organization-owned managed
profile device and a FRP policy is set, the
factory reset protection data is no longer
erased from factory reset in Settings.
Changes
* Added isNotEmpty method to FRP policy.
* Allow Settings to call
getFactoryResetProtectionPolicy
by checking for the MASTER_CLEAR permission.
Bug: 148847767
Test: manual testing
atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I04f178255dd215579087c33b675b40eed7a6eac7
When checking whether provisioning of a managed profile is allowed, it
is unnecessary to check whether there's a restriction on the parent user
because the check is done from the primary user.
If the check is done from inside a managed profile, then the check
should return false because a managed profile cannot be provisioned from
within another managed profile.
The DevicePolicyManagerTest was incorrectly returning user 0 as the
"parent user" for user 0, so changed the test to return null as the
profile parent for user 0.
Bug: 147631026
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.ManagedProfileTest#testIsProvisioningAllowed
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.DeviceOwnerTest#testIsManagedDeviceProvisioningAllowed
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.DeviceOwnerPlusProfileOwnerTest#testProvisioningNotAllowedWithDeviceOwner
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.CustomDeviceOwnerTest#testIsProvisioningAllowed
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.CustomManagedProfileTest#testIsProvisioningAllowed
Change-Id: Ia62dce93265ec65b61a048c4d96f96baa4598a57
Also make use of PackageManager.getUnsuspendablePackages() which
already takes care of launcher and dialer packages and some
other critical apps, like package verifier, package
[un-]installer, etc.
For newly installed packages it PackageManager.getUnsuspendableApps()
seems to be sufficient since that app won't be critical for the
functioning of the device.
Test: Test: atest
OrgOwnedProfileOwnerTest#testPersonalAppsSuspensionInstalledApp
Bug: 149394138
Change-Id: Ic3196dbfdd5c506e708563d305a42494391dc878
Notification about personal apps suspension should only be shown
in cases when apps are suspended because of maximum work profile
time off policy violation, not via an explicit call to suspend.
+ updated strings. Note, some strings are not used yet.
Test: manual, with TestDPC, suspended apps explicitly, checked
that the notification is not shown.
Test: manual, with TestDPC, set maximum work profile time off,
adjusted the clock, checked that the notification is there.`
Bug: 151918490
Bug: 149076989
Change-Id: Idd4c7ec11af416c303c9218495d55c73154c7a5f
- Documentation clarity and method rename per API review feedback.
- Specifying in documentation and implementation that the implementing service must be exported by the Profile Owner.
Bug: 150866056
Bug: 136085151
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest KeyguardUpdateMonitorTest
Test: atest AdminSecondaryLockScreenControllerTest
Change-Id: I58175bd6cf8936f5b1267625ca15b4f9c57f4144
