summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Change MNC codename to just M." into mnc-devDianne Hackborn2015-07-311-1/+1
|\
| * Change MNC codename to just M.Dianne Hackborn2015-07-291-1/+1
| | | | | | | | Change-Id: I4281d200ff6560791c47cf9073ceea1cb509361e
* | Merge "Don't always transfer device owner status to other users." into mnc-devRubin Xu2015-07-311-2/+15
|\ \ | |/ |/|
| * Don't always transfer device owner status to other users.Nicolas Prevot2015-07-311-2/+15
| | | | | | | | | | | | | | | | | | A device owner cannot use device or profile owner policies on other users unless it is profile owner there. Also limit device initializer to system apps only. Bug: 21800830 Change-Id: Ie1abbd891945b91b17ecdf7f73ba93aaa19819be
* | Send a public broadcast when the device owner is set.Nicolas Prevot2015-07-281-0/+8
|/ | | | | | | Make it a protected broadcast. BUG: 22623518 Change-Id: Ia36e8f0b80a6301d7d8e0461476842c78762b5e8
* Merge "Clean up USB Manager and fix ADB." into mnc-devJeff Brown2015-07-091-5/+0
|\
| * Clean up USB Manager and fix ADB.Jeff Brown2015-07-091-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Moved functions which parse the USB functions list into one common place on UsbManager. Deleted the no longer supported USB_FUNCTION_MASS_STORAGE. Ensured that the UserManager.DISALLOW_USB_FILE_TRANSFER rule is consistently applied during user switch and when changing the current USB functions and make sure it only affects MTP and PTP. Collapsed the boot completed and user switched receivers to ensure consistent ordering of side-effects. Validate the list of functions passed to setCurrentFunction() so that the separation of concerns is clearer. It was somewhat ambiguous as to whether functions such as ADB could / should be enabled through that interface. Improved the docs for clarity. Fixed a bunch of broken stuff related to the USB config persistent property (list of default functions) that could cause ADB and other functions to not work at all. Added new failsafes to ensure that we reliably get back into a happy state. Bug: 22206076 Change-Id: I02915ddfce7193a8f67a14f0d76bab22fc575dfa
* | Mute correct user from device policy manager.Kenny Guy2015-07-081-12/+29
|/ | | | | | | | | | | | | | | | Add per user versions of mute methods so device policy manager can mute the correct user. Just persist change if the calling user isn't the current user. Treat calls to audio manager coming from uid 1000 as if they were coming from current user rather than user 0 so that the correct user's user restriction is checked. Bug: 21782066 Bug: 21778905 Change-Id: I51469b741096d8a2ffdc520eaf5b3fd754f2c819
* Clear "profile wiped" notification when a new porfile is createdAlex Chau2015-06-301-0/+9
| | | | | | | | Make use of ACTION_MANAGED_PROFILE_ADDED to clear the notification. Bug: 22186884 Change-Id: I08514ebc308f2e2fb61f837500e2ba712ccf8703
* Merge "Marking some globals from setGlobalSetting as not supported" into mnc-devEsteban Talavera2015-06-301-10/+17
|\
| * Marking some globals from setGlobalSetting as not supportedEsteban Talavera2015-06-291-10/+17
| | | | | | | | | | | | | | Those globals don't have the intended behaviour any more. Bug: 19967818 Change-Id: I8c7891e59280f9deb88b1f0ffead3de07f4eca56
* | Use StorageManager.wipeAdoptableDisks to wipe external disksRubin Xu2015-06-261-20/+10
|/ | | | | | | Retire FORMAT_AND_FACTORY_RESET which is more fragile. Bug: 9433509 Change-Id: I158ee987274bb4db41d466de9f1e3c60ffc1d140
* Reset permission policy to default when device owner goes awayEsteban Talavera2015-06-241-35/+31
| | | | | | | | | | | | | Otherwise after the Device Owner is gone, runtime permissions might still be auto granted/denied. I understand that there are many other policies that we don't reset after the device/profile owner goes away (e.g. keyguard enabled/disabled). At least now we have a single method when we could clear the ones that we care about. Bug: 21889278 Change-Id: I6997655e6ef6d474bd25ae1c323eca5b17944b16
* Runtime permissions cannot be set on legacy apps by device policyAmith Yamasani2015-06-231-4/+18
| | | | | | | | | | | | | | Clarify docs that runtime permissions can be granted or revoked by a profile owner/device owner only for MNC apps and not legacy apps. Check the targetSdkVersion and return false if legacy app. Remove all policy flags from permissions when cleaning up a device or profile owner. Bug: 21835304 Bug: 21889278 Change-Id: I4271394737990983449048d112a1830f9d0f2d78
* Merge "Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN" into ↵Zoltan Szatmary-Ban2015-06-231-0/+1
|\ | | | | | | mnc-dev
| * Introduce Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWNZoltan Szatmary-Ban2015-06-081-0/+1
| | | | | | | | | | | | | | | | This setting controls whether WiFi configurations created by a Device Owner app should be locked down (that is, editable or removable only by the Device Owner). Bug: 21427528 Change-Id: I0f8fb72bf9da1597e08d3dfc631d37b6b4178ff5
* | Merge "Let device owners handle onChoosePrivateKey" into mnc-devRobin Lee2015-06-221-4/+10
|\ \
| * | Let device owners handle onChoosePrivateKeyRobin Lee2015-06-221-4/+10
| | | | | | | | | | | | | | | Bug: 21959745 Change-Id: Ifad3901015937d2ea700124bb5f61982cd580ad8
* | | Add DISALLOW_CREATE_WINDOWS to Device Owner only user restrictionsBenjamin Franz2015-06-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even though the documentation of DISALLOW_CREATE_WINDOWS says it is for Device Owners and Profile Owners on User 0 only, it was previously not part of DEVICE_OWNER_USER_RESTRICTIONS and was therefore callable from a profile owner on a managed profile or secondary user. Bug: 19726884 Change-Id: If6443eacbc28b7ee6c0845754923573a79f8bde3
* | | Yet another user restriction.Jeff Sharkey2015-06-151-0/+1
|/ / | | | | | | Change-Id: Ia2952da19cb974a6a9ba0271a298a10df58b8d18
* | Merge "Notification shown upon work profile deletion" into mnc-devAlex Chau2015-06-121-7/+84
|\ \
| * | Notification shown upon work profile deletionAlex Chau2015-06-111-7/+84
| | | | | | | | | | | | | | | | | | Bug: 18543323 Change-Id: Ibd9bd20637a7bd019e080da306a19c94d9e82576
* | | Merge "Remove device initializer status messages" into mnc-devCraig Lafayette2015-06-111-34/+0
|\ \ \ | |/ / |/| |
| * | Remove device initializer status messagesCraig Lafayette2015-06-021-34/+0
| |/ | | | | | | | | | | | | | | | | | | | | | | | | - Remove ManagedProvision Bluetooth extras from DevicePolicyManager - Remove ManagedProvisioning device initializer status action and extras from DevicePolicyManager. - Remove DIA status update protected-broadcast and permission - Remove DPM.sendDeviceInitializerStatus method Bug: 21559093 Change-Id: Ibb651ebb2772ace6a16a5830f82f75465150e6e3
* | Policy: make bulk CA uninstalls happen in serviceRobin Lee2015-06-101-2/+4
| | | | | | | | | | | | | | Fewer round trips, only one point of contact for bugs to creep in. Bug: 21650477 Change-Id: I1764faa753bd674ecb0d13149d778d99bd2ff4c4
* | Remove the ability to set a preferred setup activity.Julia Reynolds2015-06-091-56/+0
| | | | | | | | | | Bug: 21557327 Change-Id: I8c1809d25c5f5fcd186dfc0636d8ac47ed5fc903
* | Fix permission check in DPM.getPermissionGrantStateAmith Yamasani2015-06-041-6/+5
|/ | | | | | | | | It was querying for permission of user 0 instead of the calling user. Switched to passing in the explicity userId. Also set the flags before granting/revoking permission from DPM. Bug: 21430988 Change-Id: Id0d2dc65e20108cefa3eeb4363f866d49c791cc4
* Network Reset should have a lockdown like Factory Reset.Stuart Scott2015-06-011-0/+1
| | | | | | bug:20332322 Change-Id: I7c61a011d11e89513757f112abf320bb2a785edb (cherry picked from commit 94b038bbb291431a7b39611d72f206b07e839891)
* Merge "Clear caller identity before setting all the user restrictions." into ↵Sudheer Shanka2015-05-271-20/+12
|\ | | | | | | mnc-dev
| * Clear caller identity before setting all the user restrictions.Sudheer Shanka2015-05-201-20/+12
| | | | | | | | | | Bug: 19687895 Change-Id: Ieaa1f4e5a39395f11bf4cf797332a2d9d495bc0a
* | Add getPermissionGrantState method in device policyAmith Yamasani2015-05-221-0/+30
| | | | | | | | | | | | | | | | This is to have a way to query what permission state was set by the profile owner. Bug: 21356830 Change-Id: Ie396e946b4285267c1d95f82b9d9765b43697d3c
* | Allow DO/PO to go back to normal permission state.Svet Ganov2015-05-201-13/+22
|/ | | | | | | | | | We have APIs for a DO/PO to fix a permission in a granted or denied state in which the user cannot manage this permission through the UI. However, there is no way to go back to the default state in which the user gets to choose the permission grant state. Change-Id: I2562a1d8b1385cd740b44812844ef14c895c2902
* Merge "clear caller identify before sending system update notification" into ↵Rubin Xu2015-05-141-4/+10
|\ | | | | | | mnc-dev
| * clear caller identify before sending system update notificationRubin Xu2015-05-141-4/+10
| | | | | | | | | | | | | | | | | | Because DeviceAdminReceiver is protected by BIND_DEVICE_ADMIN permission, in order to send broadcast to it, we need to clear the caller's identity and call sendBroadcastAsUser() as system. Bug: 20213644 Change-Id: Icc7b239b9005e286012ade6580ec92a0a57198e0
* | Pass charset to XmlPullParser.setInput instead of nullWojciech Staszkiewicz2015-05-142-4/+6
| | | | | | | | | | | | | | | | | | Passing null to XmlPullParser.setInput forces it to do additional work, which can be easily avoided if we know the charset beforehand. bug: b/20849543 Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
* | Replace String host:port/url args with Uri argRobin Lee2015-05-141-5/+3
| | | | | | | | | | | | | | | | | | Uri provides a stronger guarantee of well-formedness and lets apps do nice extra things like specifying scheme etc. without twisting any expectations. Bug: 20820034 Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
* | Merge "Modify how USB connections are handled." into mnc-devNick Kralevich2015-05-131-1/+1
|\ \
| * | Modify how USB connections are handled.Nick Kralevich2015-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce a new "charger only" mode. In this mode, MTP is disabled, and no file transfers can occur. * Make charger only mode the default. * Modify "persist.sys.usb.config" so it now only holds the adb status. * Make the USB settings non-persistent. Unplugging the USB connection will reset the device back to "charger only" mode. * Fixup wording per UI guidelines. TODO: Re-implement MDM restrictions for USB / MTP access controls. Bug: 18905620 Change-Id: I99a50d9132a81e98187f431166fd9fef4d437e4f
* | | Merge "Allowing profile to set a subset of keyguard restrictions." into mnc-devKenny Guy2015-05-131-14/+56
|\ \ \
| * | | Allowing profile to set a subset of keyguard restrictions.Kenny Guy2015-05-111-14/+56
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow admins in managed profiles disable trust related keyguard features (trust agents and finger prints) for the parent user. Allow admins in managed profiles to control whether notifications from the profile are redacted on the keyguard. Bug: 18581512 Change-Id: Ic2323671f63781630206cc2efcc8e27ee58c38e6
* | | Merge "Remove initiator name param." into mnc-devJulia Reynolds2015-05-132-18/+9
|\ \ \ | |_|/ |/| |
| * | Remove initiator name param.Julia Reynolds2015-05-112-18/+9
| |/ | | | | | | | | | | | | This won't be shown in the UI; it's not needed. Bug: 20820224 Change-Id: I51ecd0a9151a49e26faf52e792a0b316a8facc8e
* | Merge "Tweak SystemUpdatePolicy according to API review." into mnc-devRubin Xu2015-05-122-12/+18
|\ \
| * | Tweak SystemUpdatePolicy according to API review.Rubin Xu2015-05-112-12/+18
| |/ | | | | | | | | | | | | | | Make SystemUpdatePolicy Parcelable; hide public constructor and expose static builder methods. Bug: 20820025 Change-Id: I594ba3c7e5514551134ba6c866b24498b66506bf
* | Add permission meta-state flags to support grant/revoke permission policy.Svet Ganov2015-05-111-2/+10
|/ | | | | | | | | | | | | | | | | | | | | | | | | We now maintain a mata-state with each permission in the form of flags specyfying the policy for this permission. This enables support of the following use cases: 1. The user denies a permission with prejudice in which case an app cannot request the permission at runtime. If an app requests such a permssion it gets a denial unless the user grants the permission from settings. 2. A legacy app with disabled app-ops being upgraded to support runtime permissions. The disabled app ops are converted to permission revocations. The app ops manager is a part of the activity manger which sits on top of the package manager, hence the latter cannot have a dependency on the former. To avoid this the package installer which is the global permission managment authority marks the permission as revoked on upgrade and the package manager revokes it on upgrade. 3. A device policy fixing a permission in a granted or revoked state. This additional information is folded in the meta-state flags and neither apps can request such permissions if revoked not the user can change the permission state in the UI. Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
* DevicePolicyManager API review changesCraig Lafayette2015-05-071-1/+1
| | | | | | | | Renamed DO_NOT_ASK_CREDENTIALS_ON_BOOT to RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT. Bug: 20820907 Change-Id: I6455f9a6d370afbd5154505f402b409dba3b7918
* Merge "Rename functions that disable status bar and keyguard" into mnc-devBenjamin Franz2015-05-061-19/+24
|\
| * Rename functions that disable status bar and keyguardBenjamin Franz2015-05-061-19/+24
| | | | | | | | | | | | | | | | | | Rename the DevicePolicyManager functions setKeyguardEnabledState and setStatusBarEnabledState to setKeyguardDisabled and setStatusBarDisabled respectively. Bug: 20820039 Change-Id: I06f6a19ac55b24e66e9f2cb340ead5d940cb2235
* | Permission policies are for profile and device ownersAmith Yamasani2015-05-051-2/+2
|/ | | | | | Not just device owners Change-Id: I78ad815651e9bdc4bd78e61d634a5067935fa33f
* Device policy: use owner label instead of nameRobin Lee2015-04-301-8/+32
| | | | | | | | | Managed provisioning does not currently set a meaningful profile owner name. This changes to use the application label as returned by PackageManager.getApplicationLabel which should be more descriptive. Bug: 20679292 Change-Id: I5a0e87ef05b62879a73814e6d338e8b984b81c94
generated by cgit v1.1 at 2025-02-08 23:11:30 +0000