summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy/java
Commit message (Collapse)AuthorAgeFilesLines
* Set profile owner via an intentAmith Yamasani2014-07-292-24/+106
| | | | | | | | | priv apps can request to become a profile owner after setup has completed. This will pop up a consent dialog (in Settings). Also, clean up profile owner concept to be a component name. Change-Id: I5e8532866e8018f61836c4e84fbbadb6150218ae
* Add new DevicePolicyManager API to allow fine-grained TrustAgent managementJim Miller2014-07-281-19/+165
| | | | | | | This adds a new feature that allows a device admin to specify a whitelist of features that are allowed for the given admin. Change-Id: I83f853318efbcf72308532d0a997374f73fa9c10
* Merge "Remove the profile/device owner user restriction bypass." into lmp-devJulia Reynolds2014-07-241-36/+1
|\
| * Remove the profile/device owner user restriction bypass.Julia Reynolds2014-07-261-36/+1
| | | | | | | | | | | | Bug: 16566096 Change-Id: I4a56046df44d36d82edc64fc727e8cad5dc75382
* | Storing the app who sets a CrossProfileIntentFilter.Nicolas Prevot2014-07-281-6/+8
|/ | | | | | | | | | | When we add a CrossProfileIntentFilter, we store the package and userId of the calling app inside the CrossProfileIntentFilter. When an app calls clearCrossProfileIntentFilters, we only remove the filters that the calling app has set itself. BUG: 16537557 Change-Id: I6e7bc859383ea66553d9f4230365df8ba27525f3
* Don't update user's setup state unless it changedAmith Yamasani2014-07-251-3/+5
| | | | | | | Eliminates an extra write on every boot. Bug: 16416936 Change-Id: I9ca16676c1b39dafeed3fc744a69c5bde819990c
* Add Device Policy API to disable screen capture.Sander Alewijnse2014-07-231-0/+65
| | | | | | | | WindowManager will set secure flag on SurfaceControl for all windows of a flagged user to prevent screen capture. API is consistent with the camera disable API. Change-Id: Ib180f67f1ad827b6f4aca2af615274256cce58f4
* Use foreground broadcast to get device admin msg.Dianne Hackborn2014-07-221-0/+1
| | | | | | | | | Using a background broadcast is bad, it can take a long time to get the message back, either accidentally (backed up behind other broadcasts) or from a deliberately malicious admin. Change-Id: Ib7491f8e27dacdc002562aef027ee4664e78e97b
* Stop double-loading device adminsRobin Lee2014-07-221-13/+13
| | | | | | | | | | | | | | | | | loadSettingsLocked() was being called twice for USER_OWNER at systemReady(), doubling the number of admin entries at every boot. Also guards against double-adding admins which appear twice in the same XML file, favouring more recently-refreshed entries for backward compatibility. Previously an application calling in with 'refreshing = true' would double-insert whatever admin was being refreshed into its user's list of device admins. This is fixed too. @bug 16416936 Change-Id: Idd147aa130e6bce7bcc40532f0a7fb07117b3151
* Fix a security exception when checking cross-profile caller-id cap.Amith Yamasani2014-07-211-1/+2
| | | | | | | | No need to enforce that the caller is in the system process. We're only checking if the device policy is allowing access. Bug: 16301261 Change-Id: I87a7c808d116c86aa68cebb36631c46d0a54be96
* Rename setApplicationBlocked to setApplicationHiddenAmith Yamasani2014-07-211-14/+14
| | | | | | | | This corrects the expected behavior of the app state. Hidden apps can be installed by the store to be brought out of hidden state. Bug: 16191518 Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
* Merge "Create DPM APIs for cross profile callerId" into lmp-devAdam Connors2014-07-171-0/+81
|\
| * Create DPM APIs for cross profile callerIdAdam Connors2014-07-171-0/+81
| | | | | | | | | | | | | | | | | | | | Contact information in the managed profile is shown in the incoming call UI unless blocked using this API. TODO: Actually plumb this into the caller-id logic. Bug: 16301261 Change-Id: If03adc907d9558baa0a45a1833b857206b7bf96a
* | Ads per-user APIs to manage accounts through the AccountManagerAlexandra Gherghina2014-07-171-1/+7
| | | | | | | | | | | | Bug: 16056552 Bug: 14642886 Change-Id: I17ff6c2515285e63c84cecf2f861d10666c393c5
* | Merge "Keep track of user_setup_complete in DPMS" into lmp-devAmith Yamasani2014-07-171-0/+63
|\ \ | |/ |/|
| * Keep track of user_setup_complete in DPMSAmith Yamasani2014-07-161-0/+63
| | | | | | | | | | | | | | | | | | | | This is to ensure that some system app can't modify that state for purposes of changing the profile owner without user consent. Bug: 16207721 Change-Id: Ic5f454d7568cd824b83456eed0e2611779a9adf8
* | Revert "Remove enableSystemApp methods."Adam Connors2014-07-161-0/+108
|/ | | | | | | | | We need to go back to uninstalling system apps so we can re-install non-default system applications through Play. This reverts commit e3dbcd138c07f2d32ac84229d0a49052cc18d424. Change-Id: I0a7af094614c4a10800971c82e10571f7312e079
* Add API for device owner to switch usersJason Monk2014-07-101-0/+24
| | | | | | | Once verified that caller is device owner just calls through to the activity manager and acts like that call. Change-Id: I34023313cd6742b73d2105655ec6b631879aa37a
* Add new "pin complex" type to supported keyguard PINsJim Miller2014-07-101-0/+1
| | | | | | | | | | This adds a feature to allow DevicePolicyAdmins to prevent using simple PINs, which are defined as those containing more than 3 repeated values. Examples include '1234', '2468', '1111', '9876', etc. Bug 12081139 Change-Id: I4ebe1c76a48087dcd7c878e9bd79a4e3ee2a27fe
* Restrict factory reset with user restrictions.Julia Reynolds2014-07-091-0/+2
| | | | | Bug: 15985879 Change-Id: I524bd8a790798a85a679aa195e634f6e0227d09f
* Add package state to block uninstall.Kenny Guy2014-07-041-0/+47
| | | | | | | | | | Add package state to allow profile or device owners to block uninstall of packages. Add API to DevicePolicyManager to set/get the state. Bug: 14127299 Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
* Provide api to set the managed profile name.Jessica Hummel2014-06-301-1/+19
| | | | | | | | | Instead of sending the profile name in the provisioning intent the mdm should set the profile name after provisioning has completed. This allows us to simplify the provisioning flow and the mdm can change the name of the profile later on if required. Change-Id: I821ef2300eae74e89872152ae1c89ac3ecbb82e7
* Trust Agents: Disable until next unlock if device is locked by DPMAdrian Roos2014-06-261-2/+6
| | | | | Bug: 15871777 Change-Id: I1a6e43848e600ffa2092282081b18ddf92419d4a
* The profile owner shouldn't control lock taskJason Monk2014-06-241-6/+4
| | | | | | | | | Since managed profiles are started on bootup, the managed profile would be allowed to set an app (possibly itself) as a lock task app and then run itself on bootup and constantly control the device. This privelege should be restricted to device owners. Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
* Merge "Revert "Revert "Publish DevicePolicyManager CA certificate APIs"""Robin Lee2014-06-171-27/+34
|\
| * Revert "Revert "Publish DevicePolicyManager CA certificate APIs""Robin Lee2014-06-191-27/+34
| | | | | | | | | | | | This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936. Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
* | Merge "Introducing crossProfileIntentFilters that skip the current profile."Nicolas Prevot2014-06-171-4/+6
|\ \
| * | Introducing crossProfileIntentFilters that skip the current profile.Nicolas Prevot2014-06-181-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For these crossProfileIntentFilters, the activities in the current profile cannot respond to the intent. Only activities in the target profile can respond to the intent. BUG: 14936725 Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
| * | Merge "Revert "Publish DevicePolicyManager CA certificate APIs""Robin Lee2014-06-171-34/+27
| |\ \ | | |/
| | * Revert "Publish DevicePolicyManager CA certificate APIs"Robin Lee2014-06-171-34/+27
| | | | | | | | | | | | | | | | | | This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5. Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
| * | Merge "Publish DevicePolicyManager CA certificate APIs"Robin Lee2014-06-171-27/+34
| |\ \ | | |/
| | * Publish DevicePolicyManager CA certificate APIsRobin Lee2014-06-111-27/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Exposes these methods: - hasCaCertInstalled - hasAnyCaCertsInstalled - installCaCert - uninstallCaCert Allows device and profile owners to perform some certificate management including querying for and enabling/disabling specific CA certificates. Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
* | | Merge "Notify any profile/device owners of lock task"Jason Monk2014-06-171-0/+22
|\ \ \
| * | | Notify any profile/device owners of lock taskJason Monk2014-06-181-0/+22
| |/ / | | | | | | | | | | | | | | | | | | | | | Add a method for DeviceAdminReceivers of profile/device owners to be notified that lock task mode has entered or exited for an app they have whitelisted. Change-Id: Id124287d41564bbfccdacccf1977b7acb3ddec3f
* | | Change lock-task DPM authorization to packagesJason Monk2014-06-171-44/+47
|/ / | | | | | | | | | | | | Switch the DPM lock-task authorization to be controlled by a package rather than a component. Change-Id: Ife9bed068f31ff2449b4451ab69d3586a3f09d89
* | Merge "Allow device owner to configure secondary users"Jason Monk2014-06-121-2/+47
|\ \
| * | Allow device owner to configure secondary usersJason Monk2014-06-121-2/+47
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the device owner can create secondary users, but unless it is a system app it will not be installed and will not be able to pass data easily from the code that creates the user and any code running on that user. This allows the device owner to install itself while creating a user and start up a service to configure that user. createUser takes an bundle so that the device owner can pass across any initial setup data it needs to, this bundle will be sent to the admin receiver in onEnable. Change-Id: Ic1f8565dd2a7bd85363527cf68b0ecd4dc9c3636
* | More meaningful errors for DPM calls by non-ownersRobin Lee2014-06-111-1/+9
|/ | | | | | | | Now throws an exception titled something like "Admin X does not own the profile" instead of the rather unhelpful NullPointerException that was thrown previously. Change-Id: I33f6da5ea5eb70d8ea3939cfa280c794b01c3382
* Allow profile and device owners to change and get the master volume mute state.Julia Reynolds2014-06-091-0/+38
| | | | | | Also protect muting master volume with op code OP_AUDIO_MASTER_VOLUME. Bug: 13585918 Change-Id: I91fe7ee60cd291cca15966b3127c0bb8a4828f6a
* Add an API to clear the device owner.Jason Monk2014-06-062-0/+36
| | | | | | Only the device owner will be able to clear itself. Change-Id: Ie3231467d92e8c5d22ec51256177793f34110432
* Merge "Add device-owner based setting of global proxy."Jason Monk2014-06-061-0/+15
|\
| * Add device-owner based setting of global proxy.Jason Monk2014-06-061-0/+15
| | | | | | | | | | | | | | | | Re-hide the setGlobalProxy on the ConnectivityManager as it requires CONNECTIVITY_INTERNAL. Instead add a function to the DevicePolicyManager to set the global proxy, that can only be called by the device owner. Change-Id: I9ffb2cc4f30a6dc9b868d86f056e1fbd512d8dfc
* | Merge "Clean up deleted users in DevicePolicyManagerService"Alexandra Gherghina2014-06-061-0/+27
|\ \ | |/ |/|
| * Clean up deleted users in DevicePolicyManagerServiceAlexandra Gherghina2014-06-051-0/+27
| | | | | | | | | | Bug: 15405715 Change-Id: Icd958fe9378deb92f25622b341e0502d865b742f
* | Fix bug with sending intents to correct user for device admin.Kenny Guy2014-06-051-1/+2
|/ | | | | | | | | Password change intents etc. were always being sent to owner rather than user the device admin was installed for. Also add TODO to not assume profile parent is OWNER. Bug: 15442331 Change-Id: I7e58069bc4a6ab94f038ae1b80c044d666986318
* Merge "Remove enableSystemApp() and enableSystemAppWithInten()."Sander Alewijnse2014-06-041-105/+0
|\
| * Remove enableSystemApp() and enableSystemAppWithInten().Sander Alewijnse2014-05-271-105/+0
| | | | | | | | | | | | Use setApplicationBlocked() and setApplicationsBlocked() instead. Change-Id: I3d323d704db0a45e936f63675821707b4fddc48b
* | Restrictions ManagerAmith Yamasani2014-05-311-0/+41
|/ | | | | | | | | | | | | | | Mechanism to register a provider for requesting an administrator to respond to permission requests. Request format and response format constants. Description of manifest template for static restrictions. Int type introduced in RestrictionEntry. Needs more javadoc and better description of manifest templates, including specifying the XML attributes. Change-Id: I5a654d364e98379fc60f73db2e06bf9a8310263d
* Rename code related to cross-profile intents.Nicolas Prevot2014-05-231-8/+8
| | | | | | | | For example, replace ForwardingIntentFilter by CrossProfileIntentFilter Bug: 15023443 Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
* Create deviceowner gated APIs for creating and removing users in ↵Julia Reynolds2014-05-221-0/+38
| | | | | | | | | devicepolicymanager. This will allow DMAgent to manage users for EDU's cart model user case. Bug: 15015887 Change-Id: I1eadf1701cb75fc4b50eb1a0df1525eff818286e
generated by cgit v1.1 at 2025-02-13 11:26:51 +0000