summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy
Commit message (Collapse)AuthorAgeFilesLines
* DevicePolicyManager API review changesCraig Lafayette2015-05-071-1/+1
| | | | | | | | Renamed DO_NOT_ASK_CREDENTIALS_ON_BOOT to RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT. Bug: 20820907 Change-Id: I6455f9a6d370afbd5154505f402b409dba3b7918
* Merge "Rename functions that disable status bar and keyguard" into mnc-devBenjamin Franz2015-05-061-19/+24
|\
| * Rename functions that disable status bar and keyguardBenjamin Franz2015-05-061-19/+24
| | | | | | | | | | | | | | | | | | Rename the DevicePolicyManager functions setKeyguardEnabledState and setStatusBarEnabledState to setKeyguardDisabled and setStatusBarDisabled respectively. Bug: 20820039 Change-Id: I06f6a19ac55b24e66e9f2cb340ead5d940cb2235
* | Permission policies are for profile and device ownersAmith Yamasani2015-05-051-2/+2
|/ | | | | | Not just device owners Change-Id: I78ad815651e9bdc4bd78e61d634a5067935fa33f
* Device policy: use owner label instead of nameRobin Lee2015-04-301-8/+32
| | | | | | | | | Managed provisioning does not currently set a meaningful profile owner name. This changes to use the application label as returned by PackageManager.getApplicationLabel which should be more descriptive. Bug: 20679292 Change-Id: I5a0e87ef05b62879a73814e6d338e8b984b81c94
* Merge "Add status bar flag to disable quick settings" into mnc-devBenjamin Franz2015-04-291-2/+7
|\
| * Add status bar flag to disable quick settingsBenjamin Franz2015-04-281-2/+7
| | | | | | | | | | Bug: 20331928 Change-Id: I79dc7f2c9e64245bdeeea3916d339985a8b17f92
* | Permissions control via profile/device owner adminAmith Yamasani2015-04-281-1/+63
|/ | | | | | | | | | | | | Profile owners and Device owners can set policies for runtime permissions. Blanket grant/deny policy can be set for a user. They can also explicitly grant/revoke permissions for specific apps which cannot be overridden by the user and will not be prompted. [More implementation required in PackageManagerService and PackageInstaller] Bug: 20666663 Change-Id: I2c25c18c2a195db9023a17716d5896970848bb45
* Allow device initializers to set a preferred setup activity.Julia Reynolds2015-04-271-1/+56
| | | | | | | | | This activity will launch by default on device reboot or user switch during user initialization, even if there are higher priority 'home' activities. Bug: 20223050 Change-Id: I335aeb010a1ae5db07a4343d26e160c74bd299e1
* Merge "Only skip unrecognized tags."Julia Reynolds2015-04-251-6/+1
|\
| * Only skip unrecognized tags.Julia Reynolds2015-04-241-6/+1
| | | | | | | | | | | | | | | | This fixes policy loss seen on device reboot when device admins applied certain policies. Bug: 20516960 Change-Id: I6e2a3b8de610c00ea1a2edbb026523bfdc365775
* | Restrict setting the profile/device owner with a signature-level permission.Nicolas Prevot2015-04-241-43/+74
|/ | | | | | | | | Create the new permission MANAGE_PROFILE_OWNERS to restrict setting the profile/device owner. BUG:19838376 Change-Id: Ib55a2db85fcb6f34e3b88c398683bddb0ad66868
* Merge "Clear binder identity before reaching into keyguard settings"Svetoslav2015-04-231-14/+19
|\
| * Clear binder identity before reaching into keyguard settingsSvetoslav2015-04-231-14/+19
| | | | | | | | Change-Id: I80eeaed235acc165ddd4799ba46700afea2dff55
* | Fix NPE when load() returns nulls.Craig Mautner2015-04-231-1/+1
|/ | | | | | Fixes bug 20528625. Change-Id: I825c95fd212a1928a34e9ed0e20d2f7563939cbb
* Disallow data clearing of DeviceOwner.Craig Mautner2015-04-231-7/+18
| | | | | | | | | There are OEM provided apps that are able to clear the data of the device owner. That creates a security hole that this fixes. Fixes bug 20107015. Change-Id: I4ef313b394bd8059d19d20aa6533396305d1357d
* Add and remove DeviceInitializer from whitelistCraig Mautner2015-04-231-31/+67
| | | | | | | | | | Add the DeviceInitializer to the locktask whitelist when set or when a new user is created. Remove DeviceInitializer from whitelist when user setup complete. Fixes bug 20267837. Change-Id: I8a33bceb6e6f3d0316a1227b2ed2b713f4ca3a9e
* Enable system service to notify device owners about pending updateRubin Xu2015-04-221-0/+40
| | | | | | | | | | Create a DevicePolicyManager API which can be used by OTA subsystem to tell device owners about pending updates. Device owners will get a callback from its DeviceAdminReceiver when the update service sends out such notifications. Bug: 20213644 Change-Id: Ifcc755655e4f441980cf77d76175a046112ca9ae
* Merge "Recover status bar enabled state for all users"Benjamin Franz2015-04-221-12/+8
|\
| * Recover status bar enabled state for all usersBenjamin Franz2015-04-221-12/+8
| | | | | | | | | | | | | | | | | | Move the update of status bar enabled setting to loadSettingsLocked and thereby recovering the enabled state for all users, not only the user owner. Bug: 20416833 Change-Id: Iee3d6e0f3ea8ebc5d72c0ed165bea4595ed073ba
* | Merge "Check for null packages in setLockTaskPackages"Benjamin Franz2015-04-221-1/+3
|\ \
| * | Check for null packages in setLockTaskPackagesBenjamin Franz2015-04-211-1/+3
| |/ | | | | | | | | Bug: 20416611 Change-Id: Ibbadc952da29a34de0cf02408093b7bfc01f8779
* | Introduced DO_NOT_ASK_CREDENTIALS_ON_BOOT flagAndrei Kapishnikov2015-04-211-0/+54
| | | | | | | | | | | | | | | | | | | | | | A new flag for DPM.resetPassword() method that specifies that the device should be decrypted without asking for the password or pattern. Bug 19250601 Related CL in Settings App: https://googleplex-android-review.git.corp.google.com/#/c/670206 Change-Id: I9ca3472dc18e66e618ff772dee16ca4a450e9997
* | Rename public OTA policy APIs in DevicePolicyManagerRubin Xu2015-04-202-23/+24
|/ | | | | | | | Use the term "SystemUpdate" instead of "OTA", in public DevicePolicyManager APIs that handle OTA policies. Bug: 19650524 Change-Id: Iebdaea91337d617147cb411b6f47e0f3fae8671c
* Introduce android:lockTaskModeCraig Mautner2015-04-151-0/+3
| | | | | | | | | | The ability for tasks to be started in locktask mode or pinned is dependent on the value of android:lockTaskMode for the root activity of the task. For bug 19995702 Change-Id: I514a144a3a0ff7dbdd4987da5361b94bdfe9a437
* Merge "Introduce device owner API to disable the status bar"Benjamin Franz2015-04-151-5/+67
|\
| * Introduce device owner API to disable the status barBenjamin Franz2015-04-151-5/+67
| | | | | | | | | | | | | | | | | | Let the device owner disable the status bar to achieve multi-app single purpose mode. When the status bar is disabled, quick settings, notifications and the assist gesture are blocked. Bug: 19533026 Change-Id: I72830798135136e5edc53e5e2221aebb9a7c7d57
* | Merge "Fix a SecurityException in setKeyguardEnabledState"Benjamin Franz2015-04-151-4/+4
|\ \
| * | Fix a SecurityException in setKeyguardEnabledStateBenjamin Franz2015-04-141-4/+4
| |/ | | | | | | | | | | | | | | | | A SecurityException is currently thrown when calling this API as LockPatternUtils.isSecure requires a permission that the DO does not have. Bug: 19533026 Change-Id: I28bebb647e46bb631cc4fa1a7c9571eadda69086
* | Merge changes from topic 'lss-update'Andres Morales2015-04-141-1/+1
|\ \ | |/ |/| | | | | | | * changes: Add challenge to IGateKeeperService Wire up GateKeeper to LockSettingsService
| * Wire up GateKeeper to LockSettingsServiceAndres Morales2015-04-131-1/+1
| | | | | | | | | | | | | | | | | | Adds: - Communication to GKService - password upgrade flow - enroll takes previous credential Change-Id: I0161b64642be3d0e34ff4a9e6e3ca8569f2d7c0a
* | Introduce device owner API to disable the keyguardBenjamin Franz2015-04-141-0/+22
| | | | | | | | | | | | | | | | | | | | Let the device owner disable the keyguard to achieve undisturbed single use mode with multiple apps. Calling this API has no effect if a password has been set for the calling user. Bug: 19533026 Change-Id: I6b726b7f36efb669359e9da4b7e3db1f8031dad5
* | Merge "Add setOtaPolicy/getOtaPolicy API in DPMS"Rubin Xu2015-04-142-0/+52
|\ \
| * | Add setOtaPolicy/getOtaPolicy API in DPMSRubin Xu2015-04-142-0/+52
| |/ | | | | | | | | | | | | | | | | | | Allow device owners to set OTA policy for automatically accept/postpone incoming OTA system updates. This class only provides the setting and getting of OTA policy, the actual OTA subsystem should handle and respect the policy stored here. Bug: 19650524 Change-Id: I9b64949fab42097429b7da649039c13f42c10fd1
* | Merge "Add Bluetooth Contacts Sharing policy in DevicePolicyManager"Ricky Wai2015-04-141-0/+54
|\ \ | |/ |/|
| * Add Bluetooth Contacts Sharing policy in DevicePolicyManagerRicky Wai2015-04-141-0/+54
| | | | | | | | | | | | Bug: 19990979 Change-Id: Ide9adf66eec5721e50573c03956a1b63b7e8b18b
* | Merge "Grant cert installer access to installKeyPair()"Rubin Xu2015-04-131-3/+8
|\ \
| * | Grant cert installer access to installKeyPair()Rubin Xu2015-04-021-3/+8
| | | | | | | | | | | | | | | Bug: 20041977 Change-Id: Id0dc0bce8461c71d7220c1802dcca82933805996
* | | Send device initializer status.Craig Lafayette2015-04-131-0/+34
| |/ |/| | | | | | | | | | | | | | | - Create method in DevicePolicyManager to send device provisioning status to ManagedProvisioning. - Define status updates used by ManagedProvisioning. Bug: 20001077 Change-Id: Ia98fc765d1ebb2ba9680636ca15c2c870d160261
* | Merge "No longer unlock activity manager to test whitelist"Craig Mautner2015-04-071-8/+16
|\ \
| * | No longer unlock activity manager to test whitelistCraig Mautner2015-04-071-8/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to check the DevicePolicyManagerService locktask whitelist the activity manager had to release its lock preserving internal state. That is undesirable and not scalable now that we need to check the whitelist at startup for bug 19995702. This change causes DPMS to update activity manager with the whitelist whenever it changes so that activity manager can check the whitelist without releasing the acitivty manager lock. Change-Id: I3ed6eb5ceae2cd7e7ae3280abd708d5ce43a2851
* | | Fix up ExternalStorageFormatter.Jeff Sharkey2015-04-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's not going to be around for much longer, so just fix enough to work correctly. Also teach about new "unmountable" state from vold. Bug: 19993667 Change-Id: Ib72c3e134092b2a895389dd5b056f4bb8043709a
* | | Merge "Do not log an error when app restriction file does not exist"Fyodor Kupolov2015-04-031-1/+4
|\ \ \
| * | | Do not log an error when app restriction file does not existFyodor Kupolov2015-04-031-1/+4
| |/ / | | | | | | | | | | | | Bug: 20040207 Change-Id: Ibd257388a185020258e36bddf5b451dc24c0b7ee
* | | Store the device initializer componentname in addition to package.Julia Reynolds2015-04-032-7/+38
|/ / | | | | | | | | | | | | | | This removes ambiguity about which component in the initializer package handles device initialization when setting up secondary users. Bug: 19992262 Change-Id: I2e48168907725a56cd05d0b51c9f28b34fa28d1a
* | Enterprise quick contact 1/2Makoto Onuki2015-03-301-0/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now openQuickContact goes thorough DPM. When a lookup URI is build with a lookup key returned by the enterprise lookup APIs for a corp contact, the lookup key will have a special prefix. In that case we go through DPM and have it launch QC on the managed profile, if the policy allows. For now we use the same DPM policy as enterprise-caller-id to disable this. Design doc: go/cp2-mnc-enterprise-dd Bug 19546108 Change-Id: I831a8190ae902ae3b1248cce6df02e3a48f602d2
* | Revert "Enterprise quick contact 1/2"Makoto Onuki2015-03-301-57/+0
| | | | | | | | | | | | This reverts commit 75a0882b946df6de4775c9e54ca023ff54f3f678. Change-Id: Ibe332885824b228bf1b1147d141c9395554ff67f
* | Enterprise quick contact 1/2Makoto Onuki2015-03-271-0/+57
|/ | | | | | | | | | | | | | | Now openQuickContact goes thorough DPM. When a lookup URI is build with a lookup key returned by the enterprise lookup APIs for a corp contact, the lookup key will have a special prefix. In that case we go through DPM and have it launch QC on the managed profile, if the policy allows. For now we use the same DPM policy as enterprise-caller-id to disable this. Design doc: go/cp2-mnc-enterprise-dd Bug 19546108 Change-Id: I4840e7fad8a6a60249df07d993d26d03619650d4
* am 17b03239: am 8562a7a1: am eedf2fe0: am 0afd1905: Merge "Fix NPE if FPE ↵Amith Yamasani2015-03-251-1/+3
|\ | | | | | | | | | | | | service does not exist." into lmp-mr1-dev * commit '17b03239d3152cbcf450ec66f077f07e4c1870e1': Fix NPE if FPE service does not exist.
| * Fix NPE if FPE service does not exist.Paul Crowley2015-03-251-1/+3
| | | | | | | | | | Bug: 19846662 Change-Id: I44e014c66a524b282cce0cfc9b7513fc0f553576
generated by cgit v1.1 at 2025-01-08 08:09:47 +0000