Method handlePackagesChanged modifies the policy data without holding the
lock. It also calls methods which expect a lock to be held -
validatePasswordOwnerLocked, syncDeviceCapabilitiesLocked, saveSettingsLocked.
Bug: 18262633
Change-Id: Ia4bdc6edc66bccf8a4288e048171ff20858ae2f6
This allows work profile MDM to enable unknown sources
even if the user doesn't have UI for it. Installing an
app from an unknown source will still prompt the user
with the package installer dialog, so it's not like the
MDM can now quietly install apps from non-market sources.
Bug: 18316350
Change-Id: Ia8f4fe36f12a258aa888e085acc0b358925f4817
The setting was previously exposed in IPowerManager but it
doesn't need to be there.
Bug: 17656076
Change-Id: If3ed0cbe89f67c60aa00376be0c54b1bd9656144
This change incorporates API council feedback and enables the
TrustAgent whitelisting API.
It also contains a minor cleanup of DPM's use of UserHandle
to eliminate unnecessary object creation.
Fixes bug 17008504
Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
Some tests rely on this being dismissible. Additionally it turns out
some users don't like having a hulking great notification follow them
around everywhere.
Bug: 17985258
Change-Id: If05a07b9eaa402a48f9a14647effc1df32c796e1
DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.
Check if the device is encrypted by some means, instead.
Also fix a SecurityException when Device Admin queries encryption state
(recent regression)
Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
This fixes a bug introduced by a change where the function
ignores systems with default encryption where it's disabled.
The fix also checks to see if vold thinks the device is secure.
Fixes bug 17881324
Change-Id: I2c40f76cf990d90d1a825955aa3b080b21684426
Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
It is possible that the device does not have an owner. If there
is no owner we get a NPE when asking the device policy manager
for cross-profile widget providers.
bug:17989189
Change-Id: I5759f2dec160ed8076ab47fdf09134f78c57458d
Shows one notification per profile instead of one notification per
user or (previously) one notification per device.
Bug: 17794425
Change-Id: I6f0d34a16fa2a45082941387ac765dd99eefa131
In the past we wrote out badly formed ComponentNames with no
class part. Loading these results in a null pointer exception
blocking boot.
Bug: 17652534
Change-Id: Iec592343425a23c7ada5f73cf30b8646d31eae81
We had an additional check for managed profile in there, so it wasn't working for device owners. Also needed to look at uninstalled packages.
Change-Id: I4813f23b00d7905e92ade582ce082a6f295a322d
Bug: 17384318
In addition to device owners, profile owners on the primary user
can also set user restrictions that are necessary to lock down the
user.
This is to enable the case of a profile owner registered after setup
wizard is completed, on the primary user.
Also make managed profile vs. profile wording consistent in the
DevicePolicyManager docs.
Bug: 17555025
Change-Id: Ib9d08b8af34a99b25e11757fa7dc83673a7deb32
This change prevents adding a device owner after setupwizard
has finished provisioning. Only the new dpm shell command
can set a device owner.
Bug: 17316711
Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
Adds new adb command to execute DevicePolicyManager tasks. First subcommand
allows us to set a device owner on a provisioned device (provided no accounts
are associated with the device). This is required as GTS tests run on provisioned
devices. We plan to add more subcomands required for new GTS tests, such as the
ability to create a managed profile.
Bug: 17312478, 17316711
Change-Id: I2613178ea82a6c6268e7f8012e74c4a852fea0d4
Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.
If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.
Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
The call to RecoverySystem.rebootWipeUserData() was made while
holding the lock to DevicePolicyManagerService. But it blocks
waiting for system_process' main thread to receive the ordered
broadcast complete callback. It won't receive that callback
because Keyguard is running on the main thread and is concurrently
blocked on DevicePolicyManagerService.
By moving the call to rebootWipeUserData() out of the synchronized
block the deadlock is eliminated.
Fixes bug 16870054.
Change-Id: I3eb587211e5484859cc9dab7e80e5a1f6c85225d
Added a user restriction when creating a guest.
Made sure that guests can't install profile owners that
could undo the restriction.
Bug: 17359648
Change-Id: Icdd919e8b1cbd79a69aacb76e573ec3449f18e4c
Pass ComponentName and check whether that admin is a profile owner on DPM
get/has certificate methods (requested on the API review).
As per Change I55eec17e01489ab323f8a0e68b11592605a7b740, not keeping track of
which admins installed which certificates for now:
"Having per-admin CA certificates would be a fair bit of work. The only MDMs
we're opening this up to for now are Device and Profile Owners which 100%
manage the profile so will be the only admin.
It seems like if we keep track of "who installed which certs" it'll be a little
pointless because the answer will always be "the ProfileOwner" for every single
one."
Bug: 17005622
Change-Id: I45e9dac5236ab4ed235a341c208ac3cb6aba17da
This should not be invoked while the calling identity is cleared
because it will return the current user rather than the calling user.
Bug: 17314802
Change-Id: I587daa420b0976d41928ab7c34eeda2329c1341e
1. Persist microphone mute state.
2. Set mute state for correct user.
3. Check for settings restrictions as the correct user.
Bug: 17177502
Bug: 16701642
Change-Id: Id8b6cd90c5caceb67fbec862f90aac7ec7a00b3c
Fixed two minor issues with the screencapture as well.
Updated documentation and added enforceCrossUserPermission.
Bug:16948504
Change-Id: I9a645dcf480a4a044879ba481bce964d06fe5153
As requested in the API review. This version (the one that takes an Intent) was used only in the DeviceAdminSample and some CTS tests.
Bug: 17005622
Change-Id: I9984b22836417ad4d025302f61bd91704e9345a4
Adds apis for device / profile owners to white list
the accessibility and input methods a user can enable.
Bug: 14469005
Change-Id: I921888660d29a5370395db87adf75d4d106660c9
1. Notify the hosts in the group if a package gets white-listed or
un-white-listed for providing widgets across profiles.
2. Notify hosts in the group for provider changes when a profile
is deleted.
bug:17126070
Change-Id: Ic719c1c68e45842d50decc95603f1d61583b8f02
