For these crossProfileIntentFilters, the activities in the current profile cannot
respond to the intent.
Only activities in the target profile can respond to the intent.
BUG: 14936725
Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
Add a method for DeviceAdminReceivers of profile/device owners to
be notified that lock task mode has entered or exited for an app
they have whitelisted.
Change-Id: Id124287d41564bbfccdacccf1977b7acb3ddec3f
Exposes these methods:
- hasCaCertInstalled
- hasAnyCaCertsInstalled
- installCaCert
- uninstallCaCert
Allows device and profile owners to perform some certificate management
including querying for and enabling/disabling specific CA certificates.
Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
Currently the device owner can create secondary users, but unless
it is a system app it will not be installed and will not be able
to pass data easily from the code that creates the user and any
code running on that user.
This allows the device owner to install itself while creating a
user and start up a service to configure that user. createUser
takes an bundle so that the device owner can pass across any
initial setup data it needs to, this bundle will be sent to
the admin receiver in onEnable.
Change-Id: Ic1f8565dd2a7bd85363527cf68b0ecd4dc9c3636
Now throws an exception titled something like "Admin X does not own the
profile" instead of the rather unhelpful NullPointerException that was
thrown previously.
Change-Id: I33f6da5ea5eb70d8ea3939cfa280c794b01c3382
Re-hide the setGlobalProxy on the ConnectivityManager as it requires
CONNECTIVITY_INTERNAL. Instead add a function to the DevicePolicyManager
to set the global proxy, that can only be called by the device owner.
Change-Id: I9ffb2cc4f30a6dc9b868d86f056e1fbd512d8dfc
Password change intents etc. were always being sent to
owner rather than user the device admin was installed for.
Also add TODO to not assume profile parent is OWNER.
Bug: 15442331
Change-Id: I7e58069bc4a6ab94f038ae1b80c044d666986318
Mechanism to register a provider for requesting an
administrator to respond to permission requests.
Request format and response format constants.
Description of manifest template for static restrictions.
Int type introduced in RestrictionEntry.
Needs more javadoc and better description of manifest templates,
including specifying the XML attributes.
Change-Id: I5a654d364e98379fc60f73db2e06bf9a8310263d
A profile owner should only have control over the profile. All of the
following device admin APIs that affect the device beyond the profile
that they are called from are now disallowed:
- Camera enable/disable
- Keyguard
- Wipe external storage
@bug 14434826
Change-Id: I69acfdf6f654f48b5db91aeb3ea86662d7857075
Allow power button to be used to either go to sleep as usual,
which may doze, or skip that completely and really go to sleep.
May also really go to sleep and go home all at once.
Bug: 14406056
Change-Id: Ia19e2551b9c2a72271bb2eddd5c0d1749761e019
DMAgent currently needs to live in /system/priv-app in order to
(among other things) set and get blocked packages. These APIs will
get us closer to being able to move DMAgent out of priv-app.
Bug: 14945334
Change-Id: I108e2013c67409dca554acf78e3a710745900706
Device owners can update Settings.Secure and Settings.Global settings.
Profile owners can update Settings.Secure settings.
DMAgent currently needs to live in /system/priv-app in order to
(among other things) update global and secure settings. This change will
get us closer to being able to move DMAgent out of priv-app.
Bug: 14965414
Change-Id: If2cc3a56de91bffde33b838ab8ecea2c32412803
This makes the DevicePolicyManagerService and UserManagerService
push the DeviceOwner/ProfileOwners and user restrictions on boot
as well as on any change.
This also adds a list of restrictions that allow any op to connected with
a user restriction such that it will return MODE_IGNORED when the user
restriction is present (except for the device/profile owner).
Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c
A managed profile will now share password settings with its parent.
- the current password is always stored in the parent
- admins of profiles are notified if that password changes
- checks for password quality now take the requirements of admins on
the parent and its profiles into account
Todo:
- Currently KeyguardSecurityContainer wipes the whole device when
the maximum fails has been reached on any profile.
We need to limit the wipe to the profile for which the fails exceeded
the maximum number.
- Intents with ACTION_SET_NEW_PASSWORD need to be forwarded to the parent
of the profile when sent from a managed profile
Change-Id: I8532c59f753f8d9c61200f553f275214ad90276e
Here we let DevicePolicyManager keep a list of tasks that are
allowed to start the lock task mode. This list can only be set by
a device owner app. The ActivityManager will call
DevicePolicyManager to check whether a given task can start the
lock task mode or not.
Change-Id: I650fdae43fc35bf9fd63452283f4e2bbadd11551
Bug: 14611303
of accounts.
The account types with disabled account management are stored in a
blacklist in the active admin object, editable by profile owners.
Change-Id: I57dc5f709ad79674fa28dd006969283585daea24
These methods allow profile or device owners to enable
systems apps pre-installed in the primary user in the
managed profile. Apps can be specified by either package
name or intent.
Bug: 13587051
Change-Id: Ifcbc68c139308506b6c18cf3c0ea62b8026ff75f
clearForwardingIntentFilters removes only non-removable IntentFilters.
The ForwardingIntentFilters set by the profile owner are always removable.
Change-Id: If950ccd7e69261b86360ea647fdb501c92f5440b
The package manager service maintains, for some user ids, a list of forwarding intent filters.
A forwarding intent filter is an intent filter with a destination (a user id).
If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent.
When the package manager service is asked for components that resolve an intent:
If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent:
The package manager service also returns the IntentForwarderActivity.
This activity will forward the intent to the destination.
Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
Pass the setting along to UserManager.
Fixes a security exception when fetching the profile's enabled state.
Change-Id: If71698cf32c52cce1158cf2027443a339bc58488
Add a new enabled state for a managed profile.
Expose that as a new API on DevicePolicyManager.
Set the new state when enabling the profile.
Return only enabled profiles from the user manager.
Bug: 13755441
Bug: 13755091
Change-Id: I2907b182e19b3562592da688b3f68ef5f4088557
Simple wrapper around the UserManager.{get|set}ApplicationRestrictions
APIs. Also added a new Intent to signal to running apps that the set
of restrictions has changed since startup.
Change-Id: Ifd108108a73f87325b499d9de2e1b2aacc59b264
