getLockTaskPackages is currently hidden, and can only be
called by a device or profile owner, which doesn't make
much sense. Unhidding it to be consistent with the rest
of the DevicePolicyManager APIs that have a getter for
each setter.
Bug: 34614754
Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_affiliatedSecondaryUser
Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_unaffiliatedUser
Test: Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_deviceOwnerUser
Change-Id: I6e03c2f47c0f9e7a635e798a1bf7f131a8e37c65
Mentioned that in the documentation, cleaned up the code
a bit and added unit tests
Bug: 34614754
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Change-Id: I91232bbe494398015094ab977c6a2adce339811f
Add note on DPM#setDelegatedScopes documentation regarding the
broadcast sent to the delegate package to notify its new scopes; and
change the admin ComponentName annotation to @Nullable in
DPM#getDelegatedScopes.
Bug: 33099995
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Change-Id: I28fe3a631c05a9e6b8dae766ce6c42881f2e3a00
Change DPMS to call Intent#putStringArrayListExtra to ensure the extra
is sent as an array list of strings.
Bug: 33099995
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Change-Id: I1466fb457e34adbfb7704320c021210c1569f55f
The recent addition of DPM API access delegation introduced a bug in
this method. When a system app (UID 1000) called the method, it would
crash.
Bug: 34760123
Test: DPM unit tests
Change-Id: I69390ca30270d64a4d28a74c13a7679f14a62959
Allow device owners and profile owners on a user
to communicate with each other, rather than restricting
it to device owners and managed profile owners as it is
at the moment
Bug: 34429083
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Test: cts-tradefed run cts -a armeabi-v7a --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest
Change-Id: I81561a9838c3ccb623354a1b718da2fc6a5af1fe
Handler#sendMessageDelayed() to a wakeful alarm
Messages sent with Handler#sendMessageDelayed() didn't get delivered
until the device woke up after being idle, which resulted in
potentially very long windows of logs accumulation and highly possible
network log loss from before the device becaming idle.
Bug: 34157435
Test: manual with decreased timeout over a few timeout iterations
Change-Id: I50b29b9f132856a629e28f46c022f21976bd92fb
The new DPM.createAdminSupportIntent() returns an intent that shows the
"This action was disabled by your admin"-dialog from settings.
This enables apps to inform the user about the cause of restricted
functionality.
A new extra for the intent allows to specialize the dialog for different
restricted features, instead of a generic message for all features.
Bug: 31215663
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Change-Id: I3de7aeec0f88b8f013a63957aec803cd123fbedc
Implement the permission grant, package access, enable system app, and
keep uninstalled packages delegation scope APIs in the
DevicePolicyManagerService.
This feature gives a device owner or profile owner the ability to
delegate some of its privileges to another application.
Bug: 33105287, 33105284, 33105719
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Change-Id: I50d2903eb73ae7844ec1f6fe07e41101ea2760ea
Implement the uninstall blocker delegation scope API in
DevicePolicyManagerSercice.
This feature gives a device owner or profile owner the ability to
delegate some of its privileges to another application.
Bug: 33105718
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Change-Id: Ieb347ce3fb6219fe7f04cafbcd1e6b7359b31a10
If the device or profile owner have set a max password failed
attempts policy, the device or profile should be wiped even if
DISALLOW_FACTORY_RESET / DISALLOW_REMOVE_USER /
DISALLOW_REMOVE_MANAGED_PROFILE was set by that admin. However
it should still fail if another device admin set the policy - this
is in line with what wipeData() does at the moment.
Bug: 34450538
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerPlusManagedProfileTest#testWipeData
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.ManagedProfileTest#testWipeData
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testDisallowFactoryReset
Change-Id: Ifac240692ce74432f7b57f3dfbbbac2a7282297b
- DEVICE_OWNER_CHANGED is an event that could happen maximum of 2 times
after device factory reset. The event rarely
happens, and it shouldn't affect any system health
Fix: 34446573
Test: adb shell am instrument -w -e class
com.android.server.devicepolicy.DevicePolicyManagerTest
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ic1af2016f590e1200bb3e56f63caa0e0b12f71f8
The DevicePolicyManagerService currently supports delegation of
certificate installation and application restriction management, both
of which are individually handled by DPMS.
Upcoming framework features will add four more delegation types,
namely: block uninstall; app permission management; app access
management; and system app enabler. At this moment it makes sense to
refactor the underlying delegation system in DPMS so that current and
future delegates can be handled in a more generic way.
Bug: 33099995
Test: DPMS unit tests
Change-Id: I9e350143572c6690febdd59d1ed5149af8ee4388
If the device owner has set DISALLOW_REMOVE_MANAGED_PROFILE,
and there is already a managed profile:
it should be allowed to provision a new managed profile by
deleting the old one.
Test: adb shell am instrument -e class
com.android.server.devicepolicy.DevicePolicyManagerTest
-w
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
BUG:34116228
Change-Id: I9e6f39924107aee40b57d22e638487a1ea3132de
We add a variant of notifyPendingSystemUpdate method which takes an
additional isSecurityPatch boolean flag. This information, if available,
will be persisted and available to device and profile owners when they
call getPendingSystemUpdate method.
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.DeviceOwnerTest#testPendingSystemUpdate
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest#testPendingSystemUpdate
Bug: 33102479
Bug: 30961046
Change-Id: If3f1b765bb18a359836ac43ac9a0a9f29e9f8428
To inform the user which apps were granted permissions by the admin,
the Settings app needs to access this information without being a DO/PO.
Bug: 32692748
Test: FrameworksServicesTests unit test
Change-Id: I3770ec6343b85be9c6f7655675ed6db5cb50612c
1) Started returning the default value for getLong() on SystemProperties mock
2) Added a test that the minimum timeout cannot be changed using a system
property on non-debuggable builds
3) Added new within range test for completeness.
4) Started using TimeUnit instead of ms constants.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Bug: 34317979
Change-Id: I0409451ae39e74ec3d96a098042302291ec3408f
Saving device policy managers settings to clear out
password stats was happening before initializing mAdminList
so could wipe active admins.
Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 34277435
Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e
Currently only device owner can set global user restrictions.
With this CL ENSURE_VERIFY_APPS will be global no matter who
enforces it, DO or PO.
To make it possible for system apps to check who enforces a
particular restriction in this case a new API method is added
to UserManager: getUserRestrictionSources which returns a list
of users who enforce the restriction.
Bug:31000521
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.UserRestrictionsTest (ag/1732744)
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java
Test: installed M on a Nexus5x device, created a managed profile with some user restrictions, and checked that after upgrading M->O all restrictions are preserved and split correctly into base, global and local.
Change-Id: I543d3ec9ef0cf2b730da6f7406021c0bba43b785
Currently, those features are available on single user devices only
(since they collect privacy sensitive data device wide). Now making
them available as long as all users are affiliated.
It'll take a certain amount of time between user creation and the DPC
of that new user setting the appropriate affiliation ids. The DO won't
be able to access the logs during that time (and won't get any "logs
ready" callback). Once the affiliation ids are set, if they match,
logs become available again - this includes logs collected while the
user was being setup. Some logs might be lost though if the amount of
data exceeds the internal limit.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Test: cts-tradefed run cts -a armeabi-v7a --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest
Bug: 32326223
Change-Id: Idfe881dd6497d3ad2bead10addfd37b98b8a6e2b
This CL allows a reason to be specified when installing a package. The
install reason is a sticky piece of metadata: When a package is e.g.
installed via enterprise policy and an update is then manually
installed or sideloaded, the install reason will remain "policy."
The install reason is tracked separately for each user.
With this CL, two install reasons exist: "policy" and "unknown." Other
install reasons will likely be supported in the future.
Bug: 32692748
Bug: 33415829
Test: Tested manually with "adb install" / "adb uninstall"
Change-Id: I0c9b9e1b8eb666bb6962564f6efd97e41703cd86
The full batch will still be available to DPC if there were no
network logs pending.
Added some more debug logging to better investigate the issues.
Test: manual for both cases - pending batch was empty and non-empty,
with locally decreased timeout
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser
Bug: 34245471
Bug: 29748723
Change-Id: Iee229d74d4b0a06025b305a15687f336a0aa337e
On FBE devices, don't save the metrics to disk but compute them when the
password is first entered and only store them in RAM.
Merged-in: 5daf273b7e
Bug: 32793550
Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
The full batch will still be available to DPC if there were no
network logs pending.
Added some more debug logging to better investigate the issues.
Test: manual for both cases - pending batch was empty and non-empty,
with locally decreased timeout
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser
Bug: 34157435
Bug: 29748723
Change-Id: Iee229d74d4b0a06025b305a15687f336a0aa337e
DPM.setActivePasswordSufficient() can be called by a DPC before the
password has been entered on non-FBE devices. The metrics must be saved
so this API can work correctly.
Bug: 32793550
Test: manual
Change-Id: I078d0f1f98875d577aeaf25f12dc9c27e3f80658
Timeout can be set to lower than 1h on debuggable builds (eng, user-debug)
using persist.sys.min_str_auth_timeo system property. This allows manual
testers to more easily carry out testing scenarios.
Bug: 29825955
Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h
Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000"
Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab
