We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:
1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.
2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.
3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.
Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
Make SystemUpdatePolicy Parcelable; hide public constructor and
expose static builder methods.
Bug: 20820025
Change-Id: I594ba3c7e5514551134ba6c866b24498b66506bf
Rename the DevicePolicyManager functions setKeyguardEnabledState and
setStatusBarEnabledState to setKeyguardDisabled and
setStatusBarDisabled respectively.
Bug: 20820039
Change-Id: I06f6a19ac55b24e66e9f2cb340ead5d940cb2235
Managed provisioning does not currently set a meaningful profile owner
name. This changes to use the application label as returned by
PackageManager.getApplicationLabel which should be more descriptive.
Bug: 20679292
Change-Id: I5a0e87ef05b62879a73814e6d338e8b984b81c94
Profile owners and Device owners can set policies for runtime
permissions. Blanket grant/deny policy can be set for a user.
They can also explicitly grant/revoke permissions for specific apps
which cannot be overridden by the user and will not be prompted.
[More implementation required in PackageManagerService and
PackageInstaller]
Bug: 20666663
Change-Id: I2c25c18c2a195db9023a17716d5896970848bb45
This activity will launch by default on device reboot or user switch
during user initialization, even if there are higher priority 'home'
activities.
Bug: 20223050
Change-Id: I335aeb010a1ae5db07a4343d26e160c74bd299e1
This fixes policy loss seen on device reboot when device admins
applied certain policies.
Bug: 20516960
Change-Id: I6e2a3b8de610c00ea1a2edbb026523bfdc365775
Create the new permission MANAGE_PROFILE_OWNERS to restrict setting
the profile/device owner.
BUG:19838376
Change-Id: Ib55a2db85fcb6f34e3b88c398683bddb0ad66868
There are OEM provided apps that are able to clear the data of the
device owner. That creates a security hole that this fixes.
Fixes bug 20107015.
Change-Id: I4ef313b394bd8059d19d20aa6533396305d1357d
Add the DeviceInitializer to the locktask whitelist when set or when a
new user is created. Remove DeviceInitializer from whitelist when
user setup complete.
Fixes bug 20267837.
Change-Id: I8a33bceb6e6f3d0316a1227b2ed2b713f4ca3a9e
Create a DevicePolicyManager API which can be used by OTA subsystem
to tell device owners about pending updates. Device owners will get
a callback from its DeviceAdminReceiver when the update service sends
out such notifications.
Bug: 20213644
Change-Id: Ifcc755655e4f441980cf77d76175a046112ca9ae
Move the update of status bar enabled setting to loadSettingsLocked and
thereby recovering the enabled state for all users, not only the user
owner.
Bug: 20416833
Change-Id: Iee3d6e0f3ea8ebc5d72c0ed165bea4595ed073ba
A new flag for DPM.resetPassword() method that specifies that the
device should be decrypted without asking for the password or pattern.
Bug 19250601
Related CL in Settings App: https://googleplex-android-review.git.corp.google.com/#/c/670206
Change-Id: I9ca3472dc18e66e618ff772dee16ca4a450e9997
Use the term "SystemUpdate" instead of "OTA", in public
DevicePolicyManager APIs that handle OTA policies.
Bug: 19650524
Change-Id: Iebdaea91337d617147cb411b6f47e0f3fae8671c
The ability for tasks to be started in locktask mode or pinned is
dependent on the value of android:lockTaskMode for the root activity
of the task.
For bug 19995702
Change-Id: I514a144a3a0ff7dbdd4987da5361b94bdfe9a437
Let the device owner disable the status bar to achieve multi-app single purpose
mode. When the status bar is disabled, quick settings, notifications and the
assist gesture are blocked.
Bug: 19533026
Change-Id: I72830798135136e5edc53e5e2221aebb9a7c7d57
A SecurityException is currently thrown when calling this API as
LockPatternUtils.isSecure requires a permission that the DO does not
have.
Bug: 19533026
Change-Id: I28bebb647e46bb631cc4fa1a7c9571eadda69086
Let the device owner disable the keyguard to achieve undisturbed single
use mode with multiple apps. Calling this API has no effect if a
password
has been set for the calling user.
Bug: 19533026
Change-Id: I6b726b7f36efb669359e9da4b7e3db1f8031dad5
Allow device owners to set OTA policy for automatically accept/postpone
incoming OTA system updates. This class only provides the setting
and getting of OTA policy, the actual OTA subsystem should handle
and respect the policy stored here.
Bug: 19650524
Change-Id: I9b64949fab42097429b7da649039c13f42c10fd1
- Create method in DevicePolicyManager to send device
provisioning status to ManagedProvisioning.
- Define status updates used by ManagedProvisioning.
Bug: 20001077
Change-Id: Ia98fc765d1ebb2ba9680636ca15c2c870d160261
In order to check the DevicePolicyManagerService locktask whitelist
the activity manager had to release its lock preserving internal
state. That is undesirable and not scalable now that we need to check
the whitelist at startup for bug 19995702.
This change causes DPMS to update activity manager with the whitelist
whenever it changes so that activity manager can check the whitelist
without releasing the acitivty manager lock.
Change-Id: I3ed6eb5ceae2cd7e7ae3280abd708d5ce43a2851
It's not going to be around for much longer, so just fix enough to
work correctly.
Also teach about new "unmountable" state from vold.
Bug: 19993667
Change-Id: Ib72c3e134092b2a895389dd5b056f4bb8043709a
This removes ambiguity about which component in the initializer
package handles device initialization when setting up secondary users.
Bug: 19992262
Change-Id: I2e48168907725a56cd05d0b51c9f28b34fa28d1a
Now openQuickContact goes thorough DPM. When a lookup URI is build with
a lookup key returned by the enterprise lookup APIs for a corp contact, the
lookup key will have a special prefix. In that case we go through DPM
and have it launch QC on the managed profile, if the policy allows.
For now we use the same DPM policy as enterprise-caller-id to disable this.
Design doc: go/cp2-mnc-enterprise-dd
Bug 19546108
Change-Id: I831a8190ae902ae3b1248cce6df02e3a48f602d2
