Bug: 190489030
Put a binder cache in front of IDevicePolicyManager APIs. The
following APIs are cached:
* getKeyguardDisabledFeatures()
* hasDeviceOwner()
* getProfileOwnerOrDeviceOwnerSupervisionComponent()
* isOrganizationOwnedDeviceWithManagedProfile()
* getDeviceOwnerOrganizationName()
* getOrganizationNameForUser()
* isNetworkLoggingEnabled()
The caches use a shared key which means that all are invalidated at
the same time. This is slightly less efficient than API-specific
invalidation but it greatly simplifies the invalidation logic in the
server. The cost of invalidating all caches at the same time is small
if invalidation happens infrequently (less than one an hour, on
average).
The test classes are modified to disable caches in the local process.
Test:
* atest FrameworksServicesTests:DevicePolicyConstantsTest
* atest FrameworksServicesTests:DevicePolicyEventLoggerTest
* atest FrameworksServicesTests:DevicePolicyManagerServiceMigrationTest
* atest FrameworksServicesTests:DevicePolicyManagerTest
* atest FrameworksServicesTests:EnterpriseSpecificIdCalculatorTest
* atest FrameworksServicesTests:OverlayPackagesProviderTest
* atest FrameworksServicesTests:OwnersTest
* atest FrameworksServicesTests:PolicyVersionUpgraderTest
* atest FrameworksServicesTests:SecurityEventTest
* atest FrameworksServicesTests:SystemUpdatePolicyTest
* atest FrameworksServicesTests:TransferOwnershipMetadataManagerTest
Change-Id: Iead8644cb413b45f3b6f3da81ff00a61788941a2
* Send location from the fused, network and gps providers (in order)
* Do not loop though all location providers
Bug: 223148704
Test: atest android.devicepolicy.cts.LostModeLocationTest
atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I2d73130c304e01e9342c40f4589791f34747f4a5
FDE (Full Disk Encryption) is no longer supported, so
StorageManager.inCryptKeeperBounce() is now hard-coded to return false.
In preparation for removing this method, stop calling it from the device
policy manager.
Bug: 208476087
Change-Id: I17ab54dd622aaf749e8c2df925b71f042f440ef8
1. Fail early when token handle is invalid
2. Dump out token handle in DPMS
Bug: 203411634
Test: dumpsys device_policy
Change-Id: I4d87b07113f746ea7e7457fada865f39a22a629e
WifiSsidPolicy is parcelable, so there is no need to marshall it
explicitly as a deny- or allow-list using separate getters and
setters.
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
test: atest WifiSsidRestrictionTest
Bug: 218495535
Change-Id: Iee06acb6b136766fb16cef2d60a46bd7373b5c56
When setting a permission grant on a non-existent permission,
implementation currently throws RemoteException but that's not
propagated across binder causing the client cide to stuck until
the timeout. Replace this with an immediate fail.
Bug: 197200931
Test: manual with TestDPC
Change-Id: I9a0ea42e52d68259eb0464194a5a1d9fbfc2a216
In remote bugreport collection, Shell sends REMOTE_BUGREPORT_DISPATCH to
DevicePolicyManagerService which in turn notifies Device Owners that a
bug report is ready for collection. There existed a threat where a
malicous user could spoof the REMOTE_BUGREPORT_DISPATCH broadcast via
ADB to send a crafted bugreport to the Device Owner. Securing
REMOTE_BUGREPORT_DISPATCH is not as easy as it appears: putting a
permission on REMOTE_BUGREPORT_DISPATCH does not work since both the
legitimate sender and the malicious user are UID_SHELL. Instead, we
introduces a nonce which was sent from DPMS to Shell when bugreport is
triggered, and DPM will only accept REMOTE_BUGREPORT_DISPATCH when
a matching nonce is seen.
Ignore-AOSP-First: security fix
Bug: 171495100
Test: atest DeviceOwnerTest#testRemoteBugreportWithTwoUsers
Test: atest DeviceOwnerTest#testAdminActionBookkeeping
Test: atest BugreportManagerTest
Change-Id: I7649b4f22b74647d152d76bb46d5ca70bfa3617d
Merged-In: I7649b4f22b74647d152d76bb46d5ca70bfa3617d
(cherry picked from commit a4131c50d07c7b58c496bd82b9ab3389b6721654)
Changes:
* Use TRIGGER_LOST_MODE permission to gate the
DevicePolicyManager API sendLostModeLocationUpdate
Bug: 223148704
Test: atest android.devicepolicy.cts.LostModeLocationTest
Change-Id: If15388a377c75b7581c9c2a35b3d9828f78e13fc
Merged-In: If15388a377c75b7581c9c2a35b3d9828f78e13fc
Get device owner app admin when prefentialNetworkService is
configured by device owner
Bug: 219651203
Test: cts
Change-Id: Ic748227e8d12896361216f6ea67776660b752e4e
In remote bugreport collection, Shell sends REMOTE_BUGREPORT_DISPATCH to
DevicePolicyManagerService which in turn notifies Device Owners that a
bug report is ready for collection. There existed a threat where a
malicous user could spoof the REMOTE_BUGREPORT_DISPATCH broadcast via
ADB to send a crafted bugreport to the Device Owner. Securing
REMOTE_BUGREPORT_DISPATCH is not as easy as it appears: putting a
permission on REMOTE_BUGREPORT_DISPATCH does not work since both the
legitimate sender and the malicious user are UID_SHELL. Instead, we
introduces a nonce which was sent from DPMS to Shell when bugreport is
triggered, and DPM will only accept REMOTE_BUGREPORT_DISPATCH when
a matching nonce is seen.
Ignore-AOSP-First: security fix
Bug: 171495100
Test: atest DeviceOwnerTest#testRemoteBugreportWithTwoUsers
Test: atest DeviceOwnerTest#testAdminActionBookkeeping
Test: atest BugreportManagerTest
Change-Id: I7649b4f22b74647d152d76bb46d5ca70bfa3617d
Dont hold lock while calling in to NetworkPolicyManagerService in
removeAdminArtifacts
Bug: 223382458
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest#testForceRemoveActiveAdmin_nonShellCallerWithPermission
atest com.android.server.devicepolicy.DevicePolicyManagerTest#testForceRemoveActiveAdmin_ShellCaller
Change-Id: I1e83201211678df203908a52759858fa7dd44e5b
* changes:
RESTRICT AUTOMERGE Refactor device policy resource APIs to a separate class
RESTRICT AUTOMERGE move device policy resource APIs to a separate class
RESTRICT AUTOMERGE hide device policy resources constants
That way the logic to get a managed profile can be
customizable by OEMs.
Fixes: 214473624
Test: manual
Test: CTS tests to be added in a follow-up CL
Change-Id: Id183e987d2cb04040db028b9913188267d1a9a84
exposed getString APIs as public to make it consistent with the
getDrawable APIs.
Also changed resetStrings/Drawables API to take in a set instead of an
array.
Bug: 218875965
Test: atest EnterpriseResourcesTests
Change-Id: I042636233ea342af62a7e6569c90786d3ef249cb
On automotive, a factory reset request from the device admin can be
delayed as it would be a driving hazard, but the user should not be
switchable during this state.
Test: atest FrameworksMockingServicesTests:FactoryResetterTest
Test: manual verification using TestDpc
Fixes: 205874492
Bug: 225012970
Change-Id: I2b6cd7c56bf3714ccf79b9b092c8b67dd5817f0c
Allow a list of configs to be sent for enterprise slice
Allow device owner to set enterprise slice config
Allow enterprise apn to be configured by profile owner
Bug: 217365439
Bug: 222723840
Test: ran CTS tests
Merged-In: I82c159843d0806cbfc5eea602fbd0304e7ff04ac
Change-Id: I82c159843d0806cbfc5eea602fbd0304e7ff04ac
