If someone calls removeActiveAdminLocked more than once, it is possible
for the device policy data to end up with more than one copy of an admin
in the list mRemovingAdmins. Due to extra entries, once the admin
component is removed, it is not being allowed to be set as an admin again,
until the device reboots or mRemovingAdmins is cleared from the memory
due to some other reason. Fixing this by making sure we do not add
duplicate entries to mRemovingAdmins
Bug: 30369197
Change-Id: I1d53c41312171425bbd6e6e4153148276f1b098d
The minimum password length is only required for certain password
qualities so only check the minimum length in those cases.
Bug: 30109030
Change-Id: I330c88fc0b22179e126fc1241a9c58d5e0d73e8e
Currently for OobConfig app we used DEVICE_PROVISIONED Global setting to
verify if device was provisioned. This setting can be modified using
adb. we just need to know if it was set atleast once. Added an api in
DPM to return whether system property "ro.device_owner" was set.
Bug: 29935702
Change-Id: I9a2b5217c0bc2cc11d68282e05a5450ea3f6cf21
ACTION_STORAGE_CHANGED is too noisy and fires on too many events. It has
been split into ACTION_KEYCHAIN_CHANGED for
addition/modification/removal of user certificates and keys,
ACTION_TRUST_STORE_CHANGED for changes the the user added and system CA
stores on the device and ACTION_KEY_ACCESS_CHANGED for changes to key
grants.
ACTION_STORAGE_CHANGED will only be sent to applications targeting N
and below. Applications targeting future releases should use the new
broadcasts.
Bug:28450538
Change-Id: I34ff838e9858db65f7308ca2b0f7d652c48fae17
If DISALLOW_MODIFY_ACCOUNTS has been set by a profile/device owner,
or account management is disabled:
When an app tries to add an account, show the policy transparency screen.
BUG:26762383
Change-Id: I721220c37c74493020f5a1be1f15731e9863a1de
If any /data/system_[c|d]e folders were not erased
when the user was removed (maybe due to a reboot),
make sure they're cleaned up on restart as well
as when the userId is recycled later.
Mark the users' system folders with the correct
serial number for later verification.
AccountManager shouldn't be querying accounts of
partially created/destroyed users.
Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb
Fixes: 29285673
This method is called by AM with the lock held, so can't take the
DPMS lock.
It still takes a different lock, but we don't call into the external
world while holding this lock, so this is fine.
Bug 29242568
Change-Id: Idbecdd7d97385ca66c693903443471fdbae833e6
Just printing log if we encounter this situation, we may consider to
throw exception if we provide API to check is profile enabled later.
Bug: 29069975
Change-Id: I819be0f97b038dbdd6c6cea81c42ff73be60027b
cause: Work mode is turned on before entering USER_STOPPED state.
Thus, BOOT_COMPLETED broadcast is not sent, but the notification has been dismissed.
use USER_STARTED + USER_UNLOCKED because both are foreground.
Bug: 28864104
Change-Id: I4796b61586e194d8367b9e52a9c56f858cbcbe7d
KeyChain isn't direct boot aware & attempting to bind to a service
inside a dying user isn't going to end well.
Change-Id: I5a0acc34f98c39705ec404765c87e7ac61ca9b71
Fix: 28725354
- TrustedCredential is responsible to show ConfirmCredential
- Show the MonitoringCerInfoActivity in personal side instead to avoid showing work challenge
- put user id into extra
Bug: 28619980
Change-Id: Iedbc0b721ef56675f3c9eb6f1d12daf1222ad080
This reverts commit 895504e557.
Also adds a change to device manager to prevent failure there
as in the bug below.
Bug: 28512889
Change-Id: I4a445ec365133e9e2764e2d625d61fc6ee2008ec
Allows callers to opt-out of blockading network traffic during boot and
on VPN app failure.
Bug: 26694104
Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
There is a narrow window of time during user unlock where we're
reconciling user storage and dispatching the "unlock" status to
various internal system services. While in this "unlocking" state,
apps need to be told that the user still isn't actually "unlocked"
so they don't try making calls to AccountManager, etc.
The majority of internal services are interested in merging together
both the "unlocking" and "unlocked" state, so update them.
Clarify naming in AccountManagerService to make it clear that a local
list is being used, which mirrors the naming in MountService.
To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch
after the user is unlocked, but block BOOT_COMPLETED dispatch until
after all PRE_BOOT receivers are finished to avoid ANRs.
Bug: 28040947, 28164677
Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
When both screenlocks for profile user and parent user has been removed (both set to none),
remove CA approvls on that user, and show the "Certificate authority installed" notification.
Bug: 28161447
Change-Id: I3c78dc5cfcdf7c02c91b64abe44984ee790d8f3e
Add test method to remove admins that declare
FLAG_TEST_APP without informing them.
The method will also remove the device and profile
owner status of the admin.
Bug: 28027468
Change-Id: Idb4d3299a9c6595c94bfb424546cd8a384131835
- Returning and accepting CharSequence instead of String
- Enforcing 100% opacity and adjusting javadocs for color
format
- Adding @ColorInt annotations
Bug: 27531295
Change-Id: Id27d4fd5e7bb4d746cc61288457eb4eb86224505
- Show DPC app name for PO
- Check user id for DO
- Update notification title for all cases
- update symbols for private resource ssl_ca_cert_warning changed from string to plural
- Pass number of certificate to MonitoringCertInfoActivity
Bug: 25772443
Bug: 18224038
Change-Id: I68db06f55a24879c1d5f532e38b97e2932bf990e
