summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy
Commit message (Collapse)AuthorAgeFilesLines
* Create deviceowner gated APIs for creating and removing users in ↵Julia Reynolds2014-05-231-0/+38
| | | | | | | | | | devicepolicymanager. This will allow DMAgent to manage users for EDU's cart model user case. Bug: 15015887 Change-Id: I1eadf1701cb75fc4b50eb1a0df1525eff818286e (cherry picked from commit be9f43b9618ec25121b151d247eb0285fb6554b3)
* Remove enforceManagedProfile for listing keyguard featuresRobin Lee2014-05-211-2/+1
| | | | Change-Id: Ic89f09ada046f64b089b977868b6f37bc0a6de91
* resolved conflicts for merge of fcc4fed3 to masterNarayan Kamath2014-05-211-1/+1
|\ | | | | | | Change-Id: Icebca982b01debd67a1470c02651ef8936f6e5b0
| * Make power button behavior configurable.Jeff Brown2014-05-201-1/+1
| | | | | | | | | | | | | | | | | | Allow power button to be used to either go to sleep as usual, which may doze, or skip that completely and really go to sleep. May also really go to sleep and go home all at once. Bug: 14406056 Change-Id: Ia19e2551b9c2a72271bb2eddd5c0d1749761e019
* | Merge "DPM: Disallow some DeviceAdmin policies for ProfileOwners"Robin Lee2014-05-211-0/+6
|\ \
| * | DPM: Disallow some DeviceAdmin policies for ProfileOwnersRobin Lee2014-05-211-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A profile owner should only have control over the profile. All of the following device admin APIs that affect the device beyond the profile that they are called from are now disallowed: - Camera enable/disable - Keyguard - Wipe external storage @bug 14434826 Change-Id: I69acfdf6f654f48b5db91aeb3ea86662d7857075
* | | Merge "Add Device/Profile Owner gated apis for setting/getting blocked ↵Julia Reynolds2014-05-201-0/+87
|\ \ \ | | | | | | | | | | | | packages."
| * | | Add Device/Profile Owner gated apis for setting/getting blocked packages.Julia Reynolds2014-05-201-0/+87
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | DMAgent currently needs to live in /system/priv-app in order to (among other things) set and get blocked packages. These APIs will get us closer to being able to move DMAgent out of priv-app. Bug: 14945334 Change-Id: I108e2013c67409dca554acf78e3a710745900706
* | | Allow device/profile owners to update settings.Julia Reynolds2014-05-201-0/+39
|/ / | | | | | | | | | | | | | | | | | | | | | | Device owners can update Settings.Secure and Settings.Global settings. Profile owners can update Settings.Secure settings. DMAgent currently needs to live in /system/priv-app in order to (among other things) update global and secure settings. This change will get us closer to being able to move DMAgent out of priv-app. Bug: 14965414 Change-Id: If2cc3a56de91bffde33b838ab8ecea2c32412803
* | Use correct package name for profile ownerAmith Yamasani2014-05-161-1/+1
| | | | | | | | | | | | Fixes reboot loop when you have a managed profile on your device. Change-Id: I935ded447f226ee0507d3dcf22a730a7fb61a0c0
* | Fix NPE in DevicePolicyManagerServiceJason Monk2014-05-161-11/+13
| | | | | | | | | | Bug: 15015897 Change-Id: Id9f6ae8b5abf96d35f799b150210813fb52da54c
* | Notify AppOpsService of UserRestrictions and OwnersJason Monk2014-05-162-0/+40
| | | | | | | | | | | | | | | | | | | | | | | | This makes the DevicePolicyManagerService and UserManagerService push the DeviceOwner/ProfileOwners and user restrictions on boot as well as on any change. This also adds a list of restrictions that allow any op to connected with a user restriction such that it will return MODE_IGNORED when the user restriction is present (except for the device/profile owner). Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c
* | Allow setting password restrictions from a managed profile.Jessica Hummel2014-05-091-142/+267
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A managed profile will now share password settings with its parent. - the current password is always stored in the parent - admins of profiles are notified if that password changes - checks for password quality now take the requirements of admins on the parent and its profiles into account Todo: - Currently KeyguardSecurityContainer wipes the whole device when the maximum fails has been reached on any profile. We need to limit the wipe to the profile for which the fails exceeded the maximum number. - Intents with ACTION_SET_NEW_PASSWORD need to be forwarded to the parent of the profile when sent from a managed profile Change-Id: I8532c59f753f8d9c61200f553f275214ad90276e
* | DevicePolicyManager Authentication for Lock Taskjustinzhang2014-05-081-0/+89
| | | | | | | | | | | | | | | | | | | | | | Here we let DevicePolicyManager keep a list of tasks that are allowed to start the lock task mode. This list can only be set by a device owner app. The ActivityManager will call DevicePolicyManager to check whether a given task can start the lock task mode or not. Change-Id: I650fdae43fc35bf9fd63452283f4e2bbadd11551 Bug: 14611303
* | Add API to disable account management for certain typesSander Alewijnse2014-05-081-1/+68
| | | | | | | | | | | | | | | | | | of accounts. The account types with disabled account management are stored in a blacklist in the active admin object, editable by profile owners. Change-Id: I57dc5f709ad79674fa28dd006969283585daea24
* | Fix buildJason Monk2014-05-071-2/+2
| | | | | | | | Change-Id: I87c037faee19b434be741104cdddb9c467f20606
* | Add enableSystemApp methods to DevicePolicyManagerAdam Connors2014-05-071-0/+109
| | | | | | | | | | | | | | | | | | | | | | These methods allow profile or device owners to enable systems apps pre-installed in the primary user in the managed profile. Apps can be specified by either package name or intent. Bug: 13587051 Change-Id: Ifcbc68c139308506b6c18cf3c0ea62b8026ff75f
* | Cleaning code related to the forwarding intent filters.Nicolas Prevot2014-05-061-1/+1
| | | | | | | | | | | | | | Checking for INTERACT_ACROSS_USERS_FULL Adding equivalent methods in the PackageManager Change-Id: Iaa1328fa666613a78e67ca669ea045144275e895
* | Introducing removable and non-removable ForwardingIntentFilters.Nicolas Prevot2014-05-061-2/+4
| | | | | | | | | | | | | | clearForwardingIntentFilters removes only non-removable IntentFilters. The ForwardingIntentFilters set by the profile owner are always removable. Change-Id: If950ccd7e69261b86360ea647fdb501c92f5440b
* | Bump up priority of system receiving BOOT_COMPLETED.Dianne Hackborn2014-05-021-0/+1
| | | | | | | | Change-Id: I5166f88f11f781914312e867cb653c8ecbefa705
* | Merge "Adds an enabled state in UserInfo instead of DevicePolicyManager"Alexandra Gherghina2014-05-012-48/+5
|\ \
| * | Adds an enabled state in UserInfo instead of DevicePolicyManagerAlexandra Gherghina2014-05-012-48/+5
| | | | | | | | | | | | | | | Bug: 14377459 Change-Id: Ib4ec43d87da96c3dddaf9b7ae1796f261863a182
* | | Introduce forwarding intents across profiles.Nicolas Prevot2014-04-301-0/+45
|/ / | | | | | | | | | | | | | | | | | | | | | | | | The package manager service maintains, for some user ids, a list of forwarding intent filters. A forwarding intent filter is an intent filter with a destination (a user id). If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent. When the package manager service is asked for components that resolve an intent: If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent: The package manager service also returns the IntentForwarderActivity. This activity will forward the intent to the destination. Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
* | Small fix in DeviceOwner.java.Nicolas Prevot2014-04-291-2/+2
| | | | | | | | Change-Id: Ibfa4ae7b1bc269bc51532026f8a6cc3c75cc42bf
* | Allow profile owners to set user restrictionsAmith Yamasani2014-04-241-0/+20
| | | | | | | | | | | | | | | | Pass the setting along to UserManager. Fixes a security exception when fetching the profile's enabled state. Change-Id: If71698cf32c52cce1158cf2027443a339bc58488
* | Fix two potential NPEs in DeviceInfoAlexandra Gherghina2014-04-242-3/+3
| | | | | | | | Change-Id: Ic4b5b203af25cda9ae65b477c92c1fb5f31ab093
* | Modify getUserProfiles to return only enabled profiles:Alexandra Gherghina2014-04-242-28/+82
| | | | | | | | | | | | | | | | | | | | | | Add a new enabled state for a managed profile. Expose that as a new API on DevicePolicyManager. Set the new state when enabling the profile. Return only enabled profiles from the user manager. Bug: 13755441 Bug: 13755091 Change-Id: I2907b182e19b3562592da688b3f68ef5f4088557
* | Allow ProfileOwner apps to manage app restrictionsRobin Lee2014-04-171-0/+41
| | | | | | | | | | | | | | | | Simple wrapper around the UserManager.{get|set}ApplicationRestrictions APIs. Also added a new Intent to signal to running apps that the set of restrictions has changed since startup. Change-Id: Ifd108108a73f87325b499d9de2e1b2aacc59b264
* | Sends ACTION_MANAGED_PROFILE_ADDED intent at foreground priority to speedup ↵Alexandra Gherghina2014-04-151-1/+2
| | | | | | | | | | | | | | the new profile ui. Bug: 14073989 Change-Id: I06b57a4cb1b9975f28a5e1e676c76c9e6c5befe7
* | Add new call to DevicePolicyManager to enable a profile.Alexandra Gherghina2014-04-111-0/+26
| | | | | | | | | | Bug: 13755091 Change-Id: Idb6975431f842ededf78966c578b0533e6f186af
* | Fix privilege escalation for preferred activitiesRobin Lee2014-03-281-63/+65
| | | | | | | | | | | | | | | | Passing in the name of an actual admin should be enough to pass the security check as it was. This is now fixed as the caller is not given the opportunity to spoof its own name any more. Change-Id: Id8be4ca4c8bf3751a1ee8125cf119fa100c81d22
* | Merge "Enables a profile owner or device owner to set and clear default ↵Sander Alewijnse2014-02-241-0/+62
|\ \ | | | | | | | | | intent handler activities."
| * | Enables a profile owner or device owner to set and clear default intent ↵Sander Alewijnse2014-02-211-0/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | handler activities. Those intent handlers are persistent preferences. They will remain the default intent handler even if the set of potential event handlers for the intent filter changes and if the intent preferences are reset. Change-Id: Id0cfae46f93c10d89e441f272096a205ec518dd0
* | | Check DeviceOwner exists before using packageNameRobin Lee2014-02-201-3/+2
|/ / | | | | | | | | | | | | Creating a profile owner when there is no device owner present also creates a new DeviceOwner object without packageName set -- this situation can lead to a null pointer access when calling isDeviceOwner. Change-Id: I31eab498d78cadc67a1aedd205b458dee2d27705
* | Change API for setProfileOwner to require userIdAdam Connors2014-02-171-0/+8
| | | | | | | | | | | | | | | | Previously the userId of the current process used but it makes the provisioning process cleaner to be able to pass it in explicitly. Change-Id: I670c4cf3638f1340f6d0bf856c3e01045df8c29e
* | am 25df673b: am 1b51c9cb: Merge "Make SystemService constructor take a ↵Jeff Brown2014-02-112-46/+21
|\ \ | |/ | | | | | | | | | | Context." into klp-modular-dev * commit '25df673b849de374cf1de40250dfd8a48b7ac28b': Make SystemService constructor take a Context.
| * Make SystemService constructor take a Context.Jeff Brown2014-02-102-46/+21
| | | | | | | | | | | | | | | | | | | | This change simplifies the process of initializing a SystemService by folding the onCreate() step back into the constructor. It removes some ambuiguity about what work should happen in the constructor and should make it possible for services to retain most of their final fields after refactoring into the new pattern. Change-Id: I25f41af0321bc01898658ab44b369f9c5d16800b
* | Fix NPE on removing a userAmith Yamasani2014-02-101-3/+4
| | | | | | | | | | | | | | | | Bug: 12957232 Check for null mDeviceOwner. Change-Id: I107dc24d1a8de121ebd2c1bb56e1af40bb1c55ac
* | am a5a93f55: am 7f416631: Merge "Check feature bits before loading optional ↵Adam Lesinski2014-02-062-11/+12
|\ \ | |/ | | | | | | | | | | services" into klp-modular-dev * commit 'a5a93f559d337ad5b79716b05ea43707eb779dc8': Check feature bits before loading optional services
| * Check feature bits before loading optional servicesAdam Lesinski2014-02-052-11/+12
| | | | | | | | | | | | | | | | At startup, we check with PackageManager whether a system service is available before attempting to load it. A system service is available if its associated feature (similar to hardware features) is present. This does not remove unavailable services from the compiled jar. Change-Id: I13571805083aa4e65519a74acb52efd17b9fb3d7
* | Extend DeviceOwner concept to accommodate ProfileOwnersAdam Connors2014-02-062-118/+371
| | | | | | | | | | | | | | | | ProfileOwners, like DeviceOwners, are Device Admins that have additional priviledges. ProfileOwners however are scoped per user. Change-Id: I1e22c85878e0672121e6ebbe97fca38591f992b2
* | Merge commit '817ec49e' into manualmergeAmith Yamasani2013-12-201-0/+46
|\ \ | |/ | | | | | | | | | | Conflicts: services/print/java/com/android/server/print/PrintManagerService.java Change-Id: I1b9bf364ca50ee3c48f53d87ae0ce23e7f3c2bc2
| * Wrap some services into a SystemServiceAmith Yamasani2013-12-201-0/+46
| | | | | | | | | | | | | | | | These services can now be excluded by modifying the list of REQUIRED_SERVICES (TB renamed) Changed appwidget, devicepolicy, backup and print services. Change-Id: Id8e2855d5c045cd57bdb02dca9ed75172803bce7
* | am 9158825f: Move some system services to separate directoriesAmith Yamasani2013-12-191-9/+0
|/ | | | | * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
* Move some system services to separate directoriesAmith Yamasani2013-12-192-0/+2980
Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
generated by cgit v1.1 at 2025-01-21 21:57:25 +0000