Some strings used in the Settings UI have "crypt_keeper" in their names,
but they aren't specific to FDE, which is no longer supported. They are
still used to report the encrypted status of the device on devices that
use FBE, or the unencrypted status of the device on devices that don't
have encryption enabled at all. Rename these strings appropriately.
Test: On Cuttlefish with and without encryption enabled, tested visiting
the "Encryption & credentials" settings.
Bug: 208476087
Change-Id: Ic63910c870837f5b37e4407ba5b3c7629e925c17
(cherry picked from commit 6552bdd0ef)
Merged-In: Ic63910c870837f5b37e4407ba5b3c7629e925c17
FDE support has been removed in favor of FBE, so remove the FDE settings
from the "Encryption & credentials" page of the Settings app.
For now I didn't change the way the page appears on devices that don't
use FDE; as before, it still lists "Encrypt phone", followed by either
"Encrypted" or "Phone not encrypted" with no changeable settings. Note
that the strings used for this have "crypt_keeper" in their names but
aren't specific to FDE; the next CL will rename them.
Test: On Cuttlefish with and without encryption enabled, tested visiting
the "Encryption & credentials" settings.
Bug: 208476087
Change-Id: I3ce9894291ea1f1886f21980a86a92bfce38038a
(cherry picked from commit 36609c18d1)
Merged-In: I3ce9894291ea1f1886f21980a86a92bfce38038a
Add a setting that would not require authorization for device controls.
Fixes: 216102581
Test: manual
Change-Id: I1fd98a2fbc1cea44d0b2c3612dd1616a053af394
LockPatternUtils is what drives the TrustAgentsPreferenceController, and
therefore should be used to determine how many active trust agents there
are. TrustAgentManager filters on whether preferences are displayable in
the advanced settings app, which does not represent if the agent is
actually active.
Test: make RunSettingsRoboTests
Bug: 217217034
Change-Id: I8cae74d322b8e0658aabfe7d4646e9a299af4934
Some strings used in the Settings UI have "crypt_keeper" in their names,
but they aren't specific to FDE, which is no longer supported. They are
still used to report the encrypted status of the device on devices that
use FBE, or the unencrypted status of the device on devices that don't
have encryption enabled at all. Rename these strings appropriately.
Test: On Cuttlefish with and without encryption enabled, tested visiting
the "Encryption & credentials" settings.
Bug: 208476087
Change-Id: Ic63910c870837f5b37e4407ba5b3c7629e925c17
FDE support has been removed in favor of FBE, so remove the FDE settings
from the "Encryption & credentials" page of the Settings app.
For now I didn't change the way the page appears on devices that don't
use FDE; as before, it still lists "Encrypt phone", followed by either
"Encrypted" or "Phone not encrypted" with no changeable settings. Note
that the strings used for this have "crypt_keeper" in their names but
aren't specific to FDE; the next CL will rename them.
Test: On Cuttlefish with and without encryption enabled, tested visiting
the "Encryption & credentials" settings.
Bug: 208476087
Change-Id: I3ce9894291ea1f1886f21980a86a92bfce38038a
based on the type of active Security Settings
Test: atest SettingsUnitTests:SecurityAdvancedSettingsTest
Bug: 206001340
Change-Id: I7bdac4b26653eedb45e3e2f056e6804a6c16cb18
* Only the Settings app can reset credentials
via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
callable by CertInstaller.
Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed
Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 4c1272a921)
Merged-In: I9dfde586616d004befbee529f2ae842d22795065
* Only the Settings app can reset credentials
via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
callable by CertInstaller.
Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed
Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
Android T allows apps to declare a runtime receiver as not exported
by invoking registerReceiver with a new RECEIVER_NOT_EXPORTED flag;
receivers registered with this flag will only receive broadcasts from
the platform and the app itself. However to ensure developers can
properly protect their receivers, all apps targeting T or later
registering a receiver for non-system broadcasts must specify either
the exported or not exported flag when invoking #registerReceiver;
if one of these flags is not provided, the platform will throw a
SecurityException. This commit updates all the exposed receivers
with a new RECEIVER_EXPORTED_UNAUDITED flag to maintain the existing
behavior of exporting the receiver while also flagging the receiver
for audit before the T release.
Bug: 161145287
Test: Build
Change-Id: Ie97372efebd8258d9a4c503771d55109a85e6ae9
There's an "Erase downloaded SIMs" option within reset options UI.
When reset EUICC, eSIM profile might get removed.
There's a security feature "Confirm SIM deletion" need to be applied in
this case.
Bug: 194145231
Test: local
Change-Id: I1798dfe347be7d0610a12fb79f103efece2ab240
(cherry picked from commit ebca15a861)
There's an "Erase downloaded SIMs" option within reset options UI.
When reset EUICC, eSIM profile might get removed.
There's a security feature "Confirm SIM deletion" need to be applied in
this case.
Bug: 194145231
Test: local
Change-Id: I1798dfe347be7d0610a12fb79f103efece2ab240
