Added isRemovingAdmin method, so that clients can query if device
admin is currently being removed.
Bug: 17609838
Change-Id: I82547a9eeb228fcf8ac2a6e639ca1a75fa41d161
This is a safeguard to only check for changing packages when
re-validating active admins.
1. If package is being removed, only check if it's not being
replaced.
2. If package is changing, only check the changing package that
matches one of the active admins.
3. If package is being added and is a replacement (update), then
check if it affects any matching active admins and verify the
validity of the receivers.
If by any chance some package broadcast was occuring at a time when
an admin was being updated, or the package removed broadcast was
coming in much before the update was registered with package manager
then this will help in avoiding accidental deactivation.
Bug: 18590558
Change-Id: I7f4897e8836f81aa037b8be87d399942ce78b1a2
Setting up a managed profile should have included a step to warn about
this sort of thing already. As the user should trust the profile owner
anyway it's hard to argue this warning is needed.
Bug: 18224038
Change-Id: Ie86ba26851af726c0dec30eb9c32894ed6bb4a00
There are 3 types of users
1. Primary - device will be wiped
2. Managed profile - profile will be removed
3. Secondary user - user will be removed
Show different messages for almost wipe and wipe in each
of these 3 cases.
Bug: 16843155
Change-Id: Icecfe520622773da9e45465bf2217e8ed38b266e
This is to allow Play to use this API to find out whether a package
is uninstallable due to profile or device owner policy's restriction.
Bug: 17914630
Change-Id: I4ce2963884ecdf3306805f36db80ed1ebf04d88f
Method handlePackagesChanged modifies the policy data without holding the
lock. It also calls methods which expect a lock to be held -
validatePasswordOwnerLocked, syncDeviceCapabilitiesLocked, saveSettingsLocked.
Bug: 18262633
Change-Id: Ia4bdc6edc66bccf8a4288e048171ff20858ae2f6
This allows work profile MDM to enable unknown sources
even if the user doesn't have UI for it. Installing an
app from an unknown source will still prompt the user
with the package installer dialog, so it's not like the
MDM can now quietly install apps from non-market sources.
Bug: 18316350
Change-Id: Ia8f4fe36f12a258aa888e085acc0b358925f4817
The setting was previously exposed in IPowerManager but it
doesn't need to be there.
Bug: 17656076
Change-Id: If3ed0cbe89f67c60aa00376be0c54b1bd9656144
This change incorporates API council feedback and enables the
TrustAgent whitelisting API.
It also contains a minor cleanup of DPM's use of UserHandle
to eliminate unnecessary object creation.
Fixes bug 17008504
Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
Some tests rely on this being dismissible. Additionally it turns out
some users don't like having a hulking great notification follow them
around everywhere.
Bug: 17985258
Change-Id: If05a07b9eaa402a48f9a14647effc1df32c796e1
DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.
Check if the device is encrypted by some means, instead.
Also fix a SecurityException when Device Admin queries encryption state
(recent regression)
Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
This fixes a bug introduced by a change where the function
ignores systems with default encryption where it's disabled.
The fix also checks to see if vold thinks the device is secure.
Fixes bug 17881324
Change-Id: I2c40f76cf990d90d1a825955aa3b080b21684426
Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
It is possible that the device does not have an owner. If there
is no owner we get a NPE when asking the device policy manager
for cross-profile widget providers.
bug:17989189
Change-Id: I5759f2dec160ed8076ab47fdf09134f78c57458d
Shows one notification per profile instead of one notification per
user or (previously) one notification per device.
Bug: 17794425
Change-Id: I6f0d34a16fa2a45082941387ac765dd99eefa131
In the past we wrote out badly formed ComponentNames with no
class part. Loading these results in a null pointer exception
blocking boot.
Bug: 17652534
Change-Id: Iec592343425a23c7ada5f73cf30b8646d31eae81
We had an additional check for managed profile in there, so it wasn't working for device owners. Also needed to look at uninstalled packages.
Change-Id: I4813f23b00d7905e92ade582ce082a6f295a322d
Bug: 17384318
In addition to device owners, profile owners on the primary user
can also set user restrictions that are necessary to lock down the
user.
This is to enable the case of a profile owner registered after setup
wizard is completed, on the primary user.
Also make managed profile vs. profile wording consistent in the
DevicePolicyManager docs.
Bug: 17555025
Change-Id: Ib9d08b8af34a99b25e11757fa7dc83673a7deb32
This change prevents adding a device owner after setupwizard
has finished provisioning. Only the new dpm shell command
can set a device owner.
Bug: 17316711
Change-Id: I98bdfd9b8c8da3042111c45e2e7fd2b559fac510
Adds new adb command to execute DevicePolicyManager tasks. First subcommand
allows us to set a device owner on a provisioned device (provided no accounts
are associated with the device). This is required as GTS tests run on provisioned
devices. We plan to add more subcomands required for new GTS tests, such as the
ability to create a managed profile.
Bug: 17312478, 17316711
Change-Id: I2613178ea82a6c6268e7f8012e74c4a852fea0d4
Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.
If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.
Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
The call to RecoverySystem.rebootWipeUserData() was made while
holding the lock to DevicePolicyManagerService. But it blocks
waiting for system_process' main thread to receive the ordered
broadcast complete callback. It won't receive that callback
because Keyguard is running on the main thread and is concurrently
blocked on DevicePolicyManagerService.
By moving the call to rebootWipeUserData() out of the synchronized
block the deadlock is eliminated.
Fixes bug 16870054.
Change-Id: I3eb587211e5484859cc9dab7e80e5a1f6c85225d
Added a user restriction when creating a guest.
Made sure that guests can't install profile owners that
could undo the restriction.
Bug: 17359648
Change-Id: Icdd919e8b1cbd79a69aacb76e573ec3449f18e4c
Pass ComponentName and check whether that admin is a profile owner on DPM
get/has certificate methods (requested on the API review).
As per Change I55eec17e01489ab323f8a0e68b11592605a7b740, not keeping track of
which admins installed which certificates for now:
"Having per-admin CA certificates would be a fair bit of work. The only MDMs
we're opening this up to for now are Device and Profile Owners which 100%
manage the profile so will be the only admin.
It seems like if we keep track of "who installed which certs" it'll be a little
pointless because the answer will always be "the ProfileOwner" for every single
one."
Bug: 17005622
Change-Id: I45e9dac5236ab4ed235a341c208ac3cb6aba17da
