The main purpose is to fix the security flaw that
user can force isDeviceOwnerProvisioningAllowed to return true
by setting the device_provisioned without factory reset
Check UserSetupComplete instead, as it's cached by DPMS if it's ever set to true
Refactor common code of isDeviceOwnerProvisioningAllowed and enforceCanSetDeviceOwnerLocked
The functionality of enforceCanSetDeviceOwnerLocked should be exactly the same.
DPM Unit Test all pass
Bug:27403225
Change-Id: I32dae8e222e01e08664abb313ead3a92d4186658
It is possible for an activity to be in the stopped state without
setting it's visiblility to false in window manager.
For example, the home acitivty behind the lock screen. Since the
lock screen isn't an activity it doesn't affect the visiblity set
of the home activity, so AM doesn't tell WM to hide the app token.
However, AM uses another channel to detect that the device is locked
and moves the activity into stopped state. WM on the other hand also
detects that the device is locked and hides the window surfaces of
all windows behind the lock screen. So, at this point AM has also
told WM that the activity is stopped. Once you unlock the screen
AM resumes the activity but doesn't report any visiblility changes to WM
since it's internal state didn't change. So, if you go from the home
activity to another app the home activity window will be destroyed
before the activity is stopped because mAppStopped is set to true.
We now set mAppStopped to false when the activity is resumed.
Bug: 27286867
Change-Id: Ic75456d30abd582fa44f932f5aeeb449950157ee
Disable multi tasking support by default for all operators.
Enable based on MCC/MNC for required oeprators.
Bug: 27484483
Change-Id: Ib321747885435c110360370eb243eee35762dfe3
Initial implementation of getRestrictBackgroundStatus() was just
handling the whitelist status of apps when data saver is turned on, but
when an app is blacklisted, it should return
RESTRICT_BACKGROUND_STATUS_ENABLED regardless of the data saver status.
BUG: 27432317
Change-Id: I5a027d8b7d17a13075510ff8f29d41eaa5a6beb8
When legacy camera device is the producer of its output surfaces,
it needs to connect to the surfaces before using the surfaces
and disconnect from the surfaces after finishing using the surfaces.
Bug: 27331537
Bug: 27383242
Change-Id: Ia3e2ca142f7973face0f60fbfc96935054aac1c4
- Always check for DBG before using Slog.d.
- Logs duration of NMS.systemReady() when debugging.
- Logs duration of NMPS.updateRulesForGlobalChangeLocked() when debugging.
- Removed redundant toString() calls.
- Catch multiple exceptions.
- Replaced enhanced for on nested Iterable iterations.
BUG: 21725996
Change-Id: Ia775a394b59de7a0570ad4954d1fe3a2698c66d6
Added a check inside PackageManagerService to make sure data for a
package with a DO or PO for the running user is not cleared. Currently,
the 'pm clear' command goes through without any such checks.
Bug: b/27243904
Change-Id: I87d4ad2db031f47946f34627a5ee465ef144f85e
Apps built against an older API don't have the recently
added pattern field in MediaCodec.CryptoInfo which causes
the crypto pattern fields to be uninitialized. This change
ensures the pattern is initialized in all cases.
bug: 27477422
Change-Id: I5796bf5fbca93dba5bf9a2b74c1c6638b9e90f65
Night mode tile is getting auto-added. Do the safe thing for now
and fix the checks around the tile availability to make sure it
isn't shown when it shouldn't be, then fix the auto-add logic later.
Bug: 27480924
Change-Id: I3d032038cbc77bf478e3c769c6796be289a8d993
Make referenced constants @SystemApi and change argument name to
match its actual meaning.
bug: 25441401
Change-Id: I4277799b95f394edb4305be05f57437717a86691
Use write only file descriptors for am commands. Having read-write
file descriptors isn't needed, and not all SELinux app domains have
read access to /data/local/tmp file descriptors.
Addresses the following denial:
avc: denied { read } for path="/data/local/tmp/foo" dev="dm-2"
ino=654084 scontext=u:r:system_app:s0
tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=0
Steps to reproduce:
adb shell ps | grep settings
adb shell am dumpheap PID_FROM_ABOVE /data/local/tmp/settings.hat
Expected:
1) command works
Actual:
1) SELinux denial and no settings.hat output.
Bug: 27472701
Change-Id: Id8df0c5a41046b405444e14c70075c986d9936c3
Previously, a bit was kept to find if the script of a locale was
explicitly "provided" in a resource. This was not backward
compatible, and failed in some edge cases when the package was
created with older versions of AAPT that did not set the bit.
The cases would happen when the old resource had an explicit script
specified in its locale, but since the "provided" bit was not set in
the package, we would assume that the script was computed by us.
This CL replaces the "provided" bit with a "computed" bit, so the
default value of the bit (set to "false" for old packages) would be
correct.
Bug: 27156990
Change-Id: I99e7f1ad8f70c90e25ab3640ed34cc1a6f8d1d64
