summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Ignore badly formed ComponentNames when loading device_owner.xml" ↵Kenny Guy2014-09-251-4/+13
|\ | | | | | | into lmp-dev
| * Ignore badly formed ComponentNames when loading device_owner.xmlKenny Guy2014-09-251-4/+13
| | | | | | | | | | | | | | | | | | In the past we wrote out badly formed ComponentNames with no class part. Loading these results in a null pointer exception blocking boot. Bug: 17652534 Change-Id: Iec592343425a23c7ada5f73cf30b8646d31eae81
* | Include reason when wiping data.Jeff Sharkey2014-09-241-7/+23
|/ | | | | | | This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: If8413e5d6377773f37e8b34ae3d26347226a027c
* Merge "Allow primary user profile owner to set device restrictions" into lmp-devAmith Yamasani2014-09-191-1/+2
|\
| * Allow primary user profile owner to set device restrictionsAmith Yamasani2014-09-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In addition to device owners, profile owners on the primary user can also set user restrictions that are necessary to lock down the user. This is to enable the case of a profile owner registered after setup wizard is completed, on the primary user. Also make managed profile vs. profile wording consistent in the DevicePolicyManager docs. Bug: 17555025 Change-Id: Ib9d08b8af34a99b25e11757fa7dc83673a7deb32
* | bug fix: Allow enableSystemApps to be called by profile and device owner.Jessica Hummel2014-09-191-13/+15
|/ | | | | | | We had an additional check for managed profile in there, so it wasn't working for device owners. Also needed to look at uninstalled packages. Change-Id: I4813f23b00d7905e92ade582ce082a6f295a322d Bug: 17384318
* Prevent device owner registration after setup is completeAmith Yamasani2014-09-121-9/+7
| | | | | | | | | This change prevents adding a device owner after setupwizard has finished provisioning. Only the new dpm shell command can set a device owner. Bug: 17316711 Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
* Merge "Add new adb dpm (= DevicePolicyManager) command" into lmp-devEsteban Talavera2014-09-121-4/+14
|\
| * Add new adb dpm (= DevicePolicyManager) commandEsteban Talavera2014-09-121-4/+14
| | | | | | | | | | | | | | | | | | | | | | Adds new adb command to execute DevicePolicyManager tasks. First subcommand allows us to set a device owner on a provisioned device (provided no accounts are associated with the device). This is required as GTS tests run on provisioned devices. We plan to add more subcomands required for new GTS tests, such as the ability to create a managed profile. Bug: 17312478, 17316711 Change-Id: I2613178ea82a6c6268e7f8012e74c4a852fea0d4
* | Add DevicePolicyManager PrivateKey mgmtBernhard Bauer2014-09-111-3/+34
| | | | | | | | | | | | | | | | Additional device policy API to install keypairs to the keychain silently. Bug: 15065444 Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
* | Merge "Apply cross-user restrictions to Shell" into lmp-devAmith Yamasani2014-09-111-11/+15
|\ \ | |/ |/|
| * Apply cross-user restrictions to ShellAmith Yamasani2014-09-101-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Even though Shell user is allowed to perform cross-user actions, lock that path down if the target user has restrictions imposed by the profile owner device admin that prevents access via adb. If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't allow the shell user to make the following types of calls: start activities, make service calls, access content providers, send broadcasts, block/unblock packages, clear user data, etc. Bug: 15086577 Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
* | Merge "Allow device owners to update LOCATION_MODE." into lmp-devJulia Reynolds2014-09-111-3/+14
|\ \ | |/ |/|
| * Allow device owners to update LOCATION_MODE.Julia Reynolds2014-09-041-3/+14
| | | | | | | | | | Bug: 17388933 Change-Id: If3267aa52c2611cf764a19bee019c312f6ebf5d1
* | Merge "Don't allow guests to install from unknown sources" into lmp-devAmith Yamasani2014-09-051-1/+5
|\ \
| * | Don't allow guests to install from unknown sourcesAmith Yamasani2014-09-031-1/+5
| |/ | | | | | | | | | | | | | | | | Added a user restriction when creating a guest. Made sure that guests can't install profile owners that could undo the restriction. Bug: 17359648 Change-Id: Icdd919e8b1cbd79a69aacb76e573ec3449f18e4c
* | Merge "Eliminate deadlock by deferring wipe data call" into lmp-devCraig Mautner2014-09-041-7/+14
|\ \ | |/ |/|
| * Eliminate deadlock by deferring wipe data callCraig Mautner2014-09-041-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The call to RecoverySystem.rebootWipeUserData() was made while holding the lock to DevicePolicyManagerService. But it blocks waiting for system_process' main thread to receive the ordered broadcast complete callback. It won't receive that callback because Keyguard is running on the main thread and is concurrently blocked on DevicePolicyManagerService. By moving the call to rebootWipeUserData() out of the synchronized block the deadlock is eliminated. Fixes bug 16870054. Change-Id: I3eb587211e5484859cc9dab7e80e5a1f6c85225d
* | Pass ComponentName to probing certificate methodsEsteban Talavera2014-09-031-13/+11
|/ | | | | | | | | | | | | | | | | Pass ComponentName and check whether that admin is a profile owner on DPM get/has certificate methods (requested on the API review). As per Change I55eec17e01489ab323f8a0e68b11592605a7b740, not keeping track of which admins installed which certificates for now: "Having per-admin CA certificates would be a fair bit of work. The only MDMs we're opening this up to for now are Device and Profile Owners which 100% manage the profile so will be the only admin. It seems like if we keep track of "who installed which certs" it'll be a little pointless because the answer will always be "the ProfileOwner" for every single one." Bug: 17005622 Change-Id: I45e9dac5236ab4ed235a341c208ac3cb6aba17da
* Merge "Audio/Micrphone user restriction/multiuser updates." into lmp-devJulia Reynolds2014-08-281-17/+28
|\
| * Audio/Micrphone user restriction/multiuser updates.Julia Reynolds2014-08-271-17/+28
| | | | | | | | | | | | | | | | | | | | 1. Persist microphone mute state. 2. Set mute state for correct user. 3. Check for settings restrictions as the correct user. Bug: 17177502 Bug: 16701642 Change-Id: Id8b6cd90c5caceb67fbec862f90aac7ec7a00b3c
* | Relocate broken getCallingUserId() callsRobin Lee2014-08-281-3/+8
| | | | | | | | | | | | | | | | This should not be invoked while the calling identity is cleared because it will return the current user rather than the calling user. Bug: 17314802 Change-Id: I587daa420b0976d41928ab7c34eeda2329c1341e
* | Renamed getUninstallBlocked to isUninstallBlockedEsteban Talavera2014-08-281-1/+1
|/ | | | | | | As per API review. Bug: 17297103 Change-Id: Icb4ceded317b0df4deb0f5221512541a632e150b
* Merge "Limit the settings profile/device owners can update." into lmp-devJulia Reynolds2014-08-271-0/+31
|\
| * Limit the settings profile/device owners can update.Julia Reynolds2014-08-271-0/+31
| | | | | | | | | | Bug: 16351901 Change-Id: Id33a57ad651b5b7b58de0549eb90d5a1fe5c19c5
* | Provide lockdown of date/time device owners.Sander Alewijnse2014-08-261-0/+76
|/ | | | | | | | Fixed two minor issues with the screencapture as well. Updated documentation and added enforceCrossUserPermission. Bug:16948504 Change-Id: I9a645dcf480a4a044879ba481bce964d06fe5153
* Merge "Write device owner name to XML" into lmp-devJason Monk2014-08-211-0/+3
|\
| * Write device owner name to XMLJason Monk2014-08-211-0/+3
| | | | | | | | | | | | | | So that it can be remembered. Bug: 17153003 Change-Id: I6fb96334f235348bc237cc52e09c2fe5ef1332b7
* | Rename get/setBlockUninstall() to get/setUninstallBlocked()Esteban Talavera2014-08-211-3/+4
| | | | | | | | | | | | | | As requested in the API review Bug: 17005622 Change-Id: I1332ad11e588ab3fa409f2a28222608936cb383e
* | Merge "Remove setApplicationsHidden" into lmp-devEsteban Talavera2014-08-211-40/+0
|\ \ | |/ |/|
| * Remove setApplicationsHiddenEsteban Talavera2014-08-211-40/+0
| | | | | | | | | | | | | | As requested in the API review. This version (the one that takes an Intent) was used only in the DeviceAdminSample and some CTS tests. Bug: 17005622 Change-Id: I9984b22836417ad4d025302f61bd91704e9345a4
* | Merge "Add apis for whitelisting IMEs and accessibility services." into lmp-devKenny Guy2014-08-211-1/+414
|\ \ | |/ |/|
| * Add apis for whitelisting IMEs and accessibility services.Kenny Guy2014-08-201-1/+414
| | | | | | | | | | | | | | | | Adds apis for device / profile owners to white list the accessibility and input methods a user can enable. Bug: 14469005 Change-Id: I921888660d29a5370395db87adf75d4d106660c9
* | Notify app widget hosts when cross-profile providers change.Svet Ganov2014-08-201-35/+90
|/ | | | | | | | | | | | 1. Notify the hosts in the group if a package gets white-listed or un-white-listed for providing widgets across profiles. 2. Notify hosts in the group for provider changes when a profile is deleted. bug:17126070 Change-Id: Ic719c1c68e45842d50decc95603f1d61583b8f02
* Merge "Prevent profile owners from setting certain user restrictions." into ↵Julia Reynolds2014-08-161-13/+32
|\ | | | | | | lmp-dev
| * Prevent profile owners from setting certain user restrictions.Julia Reynolds2014-08-201-13/+32
| | | | | | | | | | | | Bug: 16351901 Bug: 16701492 Change-Id: Ie866bc24d2d7cc15f86c5b50062a730e099612a1
* | Added notification color to all system notificationsSelim Cinek2014-08-201-0/+2
|/ | | | | Bug: 17128331 Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
* Merge "Fixes to lock task API from API review" into lmp-devJason Monk2014-08-161-30/+28
|\
| * Fixes to lock task API from API reviewJason Monk2014-08-141-30/+28
| | | | | | | | | | | | | | Adding ComponentNames and some splitting/renaming of broadcasts. Bug: 17005622 Change-Id: I9ece3553310fb20b0c3c3e4032b408e86384363a
* | Merge "Apply lockdowns when user restrictions are set." into lmp-devJulia Reynolds2014-08-151-3/+67
|\ \
| * | Apply lockdowns when user restrictions are set.Julia Reynolds2014-08-151-3/+67
| |/ | | | | | | | | | | | | | | | | | | Previously DMAgent would apply these lockdowns before/ after setting the matching user restrictions. Bug: 16701642 Bug: 16945830 Bug: 16944983 Change-Id: Ib4f7145055687f12408d6ccacd8e6380406a32b2
* | Remove system_server classes from the boot image.Narayan Kamath2014-08-151-1/+1
|/ | | | | | | | | | | | | | | | | | | | | | We set the system_server classpath in the environment (like we do with BOOTCLASSPATH). After the zygote forks the system_server, we dexopt the classpath (if needed) and then launch the system server with the correct PathClassLoader. This needed several small / medium refactorings : - The logic for connecting to installd is now in a separate class and belongs in the system_server. - SystemService / SystemServiceManager have now moved to classes.jar. They are only used from there, and since they use Class.forName, we want them to be loaded by the system_server classloader, and not the bootclassloader. - BootReceiver now moves to frameworks.jar, because it is used by ActivityThread and friends. bug: 16555230 Change-Id: Ic84f0b2baf611eeedff6d123cb7191bb0259e600
* Fix NPE in DevicePolicyManagerService that crashed SystemUIAdrian Roos2014-08-071-1/+2
| | | | | Bug: 16857795 Change-Id: I6234f03c4ee31311af9f9c556b790594ee1a8b2f
* Merge "Wipe only managed profile when max number of incorrect passwords ↵Esteban Talavera2014-08-051-22/+38
|\ | | | | | | exceeded" into lmp-dev
| * Wipe only managed profile when max number of incorrect passwords exceededEsteban Talavera2014-08-061-22/+38
| | | | | | | | | | | | | | When the maximum number of retries that has been exceeded is not for the primary profile of the user, wipe only the profile that set that policy (e.g. the managed profile) rather than the entire user. At the moment the whole device is wiped if the max number of incorrect passwords for a managed profile is reached, as the password is shared with the USER_OWNER. Bug: 14453697 Change-Id: I5746de104133c0ea0a51d75b9c92e1516d365d8c
* | Fix NPE in device policy manager service.Svetoslav2014-08-061-0/+4
| | | | | | | | Change-Id: I796359f903077eb0ef825ed926557f1a13b2e4c4
* | Allow adding widgets from user profiles.Svetoslav2014-08-051-5/+111
|/ | | | | | | | | | | | | The goal of this change is to enable support for appwidget from user profiles to the user main profile. A user profile is a user which is associated as a child of the main user profile. For example, a user may have a personal (parent) and corporate (child) profile. The device policy should be able to control whether adding a widget from a child profile and given packages is allowed. This change assumes that all packages from managed profiles are white listed. Another change will add the device policy changes. Change-Id: I267260b55d74c48b112a29979a9f59eef7a8194e
* Fix deadlock window manager and device policy manager.Sander Alewijnse2014-07-311-5/+23
| | | | | | | Removed all communication from wm to device policy manager. Added initialization of cache in wm by dpms. Change-Id: Ifa0b8bfcd625464b156d5cc0fb66d342deda1c27
* Don't turn off screen after wiping user profilesRobin Lee2014-07-301-3/+1
| | | | | | | | | | | | The activity manager should know when to lock the screen. If an admin does want this to happen then they should be able to run both commands in succession. Also rectifies some creative code styling in the same DPM method. @bug 15558805 Change-Id: I8918184a4585aa8b061eb4a68edc2ec6805d8127
* Set profile owner via an intentAmith Yamasani2014-07-292-24/+106
| | | | | | | | | priv apps can request to become a profile owner after setup has completed. This will pop up a consent dialog (in Settings). Also, clean up profile owner concept to be a component name. Change-Id: I5e8532866e8018f61836c4e84fbbadb6150218ae
generated by cgit v1.1 at 2025-08-13 11:26:27 +0000