The default value of bluetotoh contact sharing is true.
So we should save when it is false.
Bug: 27410265
Change-Id: Icaf4ceeda09eca46d160acfecc53834819b66a18
If 'requestAccess' is true, the caller (either profile/device owner or a
designated certificate installer) will be granted usage of the keypair
on successful installation.
This has no security implications for a profile/device owner which would
already be able to self-grant. Delegated certificate installers did not
have this ability before.
This is only allowed at install-time- not afterward.
Bug: 24746231
Change-Id: Ia0ec290bb0bcde1d8137c188e2667cb7718dbfd7
After being interrupted the monitor thread tried to acquire
a lock that is held by interrupting thread, resulting in timeouting
on join().
Bug: 27061904
Change-Id: Ifbd578d5f5a266083b207fedd8ebb6d26ab08c31
- Avoid the ART warning about 4.1 compatibility
- Avoid integer overflow in DPMS
Bug 27243525
Bug 27242859
Change-Id: I92af323287e348fbd0eff31e6cf9823be8e41024
Originally I didn't know user-0 could have PO, so I excluded this case
from migration. Now we handle it properly.
Also make sure only restrictions that can actually be set by each
owner moves to the owner restriction. (Because of this, we no longer
have to have DISALLOW_WALLPAPER in the exception list, because
owners can't set DISALLOW_WALLPAPER.)
Bug 27225996
Change-Id: I6ad79d90e6c4400abbb1e4feba6ba59e3b650815
Refactor setPackageSuspended into setPackagesSuspended. The rationale
is that the consumers of this API are likely to want to remove
multiple packages at once. Rather than calling the API N times, call
it just once.
The good part is that we already have the broadcast intent for
suspended packages take an array so only one broadcast. Less stress
on the system.
Another good part is that (right now) we only have one consumer of
this API and it will be easy to make changes once this CL goes in.
As a shell command, for consistency only allowed one package at
a time.
Bug: 22776761
Change-Id: Ic8b8cf64d0a288ea3a282bb7b72f9d663b3b0049
Instead of always rebuilding the full ApplicationInfo for a
package when callers are only interested in the suspended status
add a new fast API in Packagemanager (which only checks the
suspended user setting for the requested package and returns
a boolean) and change the appropriate caller code too.
Bug: 26794775
Bug: 22776761
Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a
We're starting to see more instances of device features that will
increment separately from the SDK API level, such as camera HAL,
GPU capabilities, Bluetooth, and other hardware standards.
This change adds the ability for device features to specify a
version, which is defined to be backwards compatible. That is, apps
requesting an older version of a feature must continue working on
devices with a newer version of that same feature.
When a version is undefined, we assume the default version "0".
Bug: 27162500
Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
This is needed from Settings to show a message informing the user
of the number of attempts before their work profile gets wiped
when using ConfirmDeviceCredentials.
Bug: 26677759
Change-Id: I4b16f7dc2f415d0ce0215a3b7a646f98fabece33
DevicePolicyManagerService checks admins on boot
and removes ones that aren't found so it needs
to match crypto and non-crypto admins.
Match non-crypto aware apps when admin is enabling
system apps.
Bug: 27126412
Change-Id: Ibb20841679fb660de281782964b068d5a13b8fe9
The API now requires the app restriction manager app to exist
on the current user when it is called.
Change-Id: I809816d4f5d73378c23b18d7b74ebb282b7dc444
Also, reworked the logic a bit:
* Admins can only set flags that affect the parent on the
parent DPM instance (i.e. no unredacted notifications)
* Admins can set flags not supported on the work challenge on
the regular DPM instance. If there is a work challenge,
they will have no effect (as managed profile policies don't
affect the regular lockscreen if there is a work challenge).
If there is no work challenge, they'll affect the parent profile.
Bug: 26891832
Change-Id: I8978e1aa6abe9c8dc07e030dfd069b5f4e1301f6
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
As approved by Android Security team, added logging of
strength of auth method as well as logging of fingerprint
keyguard actions.
Bug: 26841997
Change-Id: Ic8e3f125f775a7585fe56003f4c6442390edea61
Also fix the bug where removeAdminArtifacts() is called
for all active admins on the target user.
Bug 27107878
Change-Id: I6edbdadffe8c75628539976d304e39d6abed73a4
The api deactivates all the active admins in the package, then force
stops the package and starts the uninstall intent for the package. This
is intended to provide an easy way for a user to delete a misbehaving
Device Admin
Bug: b/22359208
cherrypick of Ic7ddd89ef6db53e7e76f805808d9e806100374db
Change-Id: I0d677839120c46f22231a7d6f9cf6630cb020227
Enforce that apps with delegated powers to exist on device before
empowering them. This is consistent with DevicePolicyManagerService's
internal logic to clear the delegation power once the package is removed.
For delegated cert installer, only enforce this new restriction on
device admins targeting N or later.
Bug: 26233778
Change-Id: Ia8f45dfd5290958cebb36991c4b6baa03e8c28ae
Add isInputMethodPermittedByAdmin and
isAccessibilityServicePermittedByAdmin APIs in DevicePolicyManager.
And update utility methods in RestrictedLockUtils to use the correct
userId when checking if disabled by admin.
Bug: 26897250
Bug: 26767564
Bug: 26966213
Change-Id: I0b74b3e57904a82f8ce72d856769d35b5e8403e5
Profile owners are registered before the user is
started and unlocked, so we need to check for
components that aren't cryptoware when looking
for the admin.
Bug: 26924254
Change-Id: I61fca0a3d6e490ca6fea9a7bdc8f2c44efde74f2
