Currently for OobConfig app we used DEVICE_PROVISIONED Global setting to
verify if device was provisioned. This setting can be modified using
adb. we just need to know if it was set atleast once. Added an api in
DPM to return whether system property "ro.device_owner" was set.
Bug: 29935702
Change-Id: I9a2b5217c0bc2cc11d68282e05a5450ea3f6cf21
ACTION_STORAGE_CHANGED is too noisy and fires on too many events. It has
been split into ACTION_KEYCHAIN_CHANGED for
addition/modification/removal of user certificates and keys,
ACTION_TRUST_STORE_CHANGED for changes the the user added and system CA
stores on the device and ACTION_KEY_ACCESS_CHANGED for changes to key
grants.
ACTION_STORAGE_CHANGED will only be sent to applications targeting N
and below. Applications targeting future releases should use the new
broadcasts.
Bug:28450538
Change-Id: I34ff838e9858db65f7308ca2b0f7d652c48fae17
If DISALLOW_MODIFY_ACCOUNTS has been set by a profile/device owner,
or account management is disabled:
When an app tries to add an account, show the policy transparency screen.
BUG:26762383
Change-Id: I721220c37c74493020f5a1be1f15731e9863a1de
If any /data/system_[c|d]e folders were not erased
when the user was removed (maybe due to a reboot),
make sure they're cleaned up on restart as well
as when the userId is recycled later.
Mark the users' system folders with the correct
serial number for later verification.
AccountManager shouldn't be querying accounts of
partially created/destroyed users.
Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb
Fixes: 29285673
This method is called by AM with the lock held, so can't take the
DPMS lock.
It still takes a different lock, but we don't call into the external
world while holding this lock, so this is fine.
Bug 29242568
Change-Id: Idbecdd7d97385ca66c693903443471fdbae833e6
Just printing log if we encounter this situation, we may consider to
throw exception if we provide API to check is profile enabled later.
Bug: 29069975
Change-Id: I819be0f97b038dbdd6c6cea81c42ff73be60027b
cause: Work mode is turned on before entering USER_STOPPED state.
Thus, BOOT_COMPLETED broadcast is not sent, but the notification has been dismissed.
use USER_STARTED + USER_UNLOCKED because both are foreground.
Bug: 28864104
Change-Id: I4796b61586e194d8367b9e52a9c56f858cbcbe7d
KeyChain isn't direct boot aware & attempting to bind to a service
inside a dying user isn't going to end well.
Change-Id: I5a0acc34f98c39705ec404765c87e7ac61ca9b71
Fix: 28725354
- TrustedCredential is responsible to show ConfirmCredential
- Show the MonitoringCerInfoActivity in personal side instead to avoid showing work challenge
- put user id into extra
Bug: 28619980
Change-Id: Iedbc0b721ef56675f3c9eb6f1d12daf1222ad080
This reverts commit 895504e557.
Also adds a change to device manager to prevent failure there
as in the bug below.
Bug: 28512889
Change-Id: I4a445ec365133e9e2764e2d625d61fc6ee2008ec
Allows callers to opt-out of blockading network traffic during boot and
on VPN app failure.
Bug: 26694104
Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
There is a narrow window of time during user unlock where we're
reconciling user storage and dispatching the "unlock" status to
various internal system services. While in this "unlocking" state,
apps need to be told that the user still isn't actually "unlocked"
so they don't try making calls to AccountManager, etc.
The majority of internal services are interested in merging together
both the "unlocking" and "unlocked" state, so update them.
Clarify naming in AccountManagerService to make it clear that a local
list is being used, which mirrors the naming in MountService.
To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch
after the user is unlocked, but block BOOT_COMPLETED dispatch until
after all PRE_BOOT receivers are finished to avoid ANRs.
Bug: 28040947, 28164677
Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
When both screenlocks for profile user and parent user has been removed (both set to none),
remove CA approvls on that user, and show the "Certificate authority installed" notification.
Bug: 28161447
Change-Id: I3c78dc5cfcdf7c02c91b64abe44984ee790d8f3e
Add test method to remove admins that declare
FLAG_TEST_APP without informing them.
The method will also remove the device and profile
owner status of the admin.
Bug: 28027468
Change-Id: Idb4d3299a9c6595c94bfb424546cd8a384131835
- Returning and accepting CharSequence instead of String
- Enforcing 100% opacity and adjusting javadocs for color
format
- Adding @ColorInt annotations
Bug: 27531295
Change-Id: Id27d4fd5e7bb4d746cc61288457eb4eb86224505
- Show DPC app name for PO
- Check user id for DO
- Update notification title for all cases
- update symbols for private resource ssl_ca_cert_warning changed from string to plural
- Pass number of certificate to MonitoringCertInfoActivity
Bug: 25772443
Bug: 18224038
Change-Id: I68db06f55a24879c1d5f532e38b97e2932bf990e
When an application cannot be started, and there is no profile/device
owner, still return a PackageSuspendedDialog.
BUG: 28042198
Change-Id: I5c30393f9481840a965bb815235af5181561a063
Previously many usages of UserManager.getProfiles and getEnabledProfiles
were only using ids of returned users. Given that the list of users needs
to be parceled and unparceled for Binder calls, returning array of ids
minimizes memory usage and serialization time.
A new method getProfileIds was introduced which returns an array of userIds.
Existing method calls were updated where appropriate.
Bug: 27705805
Change-Id: Ic5d5decd77567ba0f749e48837a2c6fa10e812c0
Settings screen should apply both primary and managed maximum
timeout policy, even separate profile challenge is enabled.
Bug: 27493348
Change-Id: Ia1ec1cafc7665c54816833af64e0f446a77a55b2
Changes:
(1) When unified work challenge is enabled and screen lock is secure
- Store work profile secure key in primary profile
- When primary user keystore unlocked, unlock work profile keystore
- When primary user change lock to none, remove work secure key
(2) When unified work challenge is enabled but screen lock is not secure
- When screen lock changes to secure, store work secure key in primary
(3) When user changes work challenge from unified to separated
- Remove work secure key in primary
(4) When user changes work challenge from separate to unified
- Do (1) and (2)
Bug: 27460698
Change-Id: I8f77bde5dc6b8e59c90256e75c5990100e93366b
