No need to enforce that the caller is in the system process.
We're only checking if the device policy is allowing access.
Bug: 16301261
Change-Id: I87a7c808d116c86aa68cebb36631c46d0a54be96
This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.
Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
Contact information in the managed profile is shown
in the incoming call UI unless blocked using this API.
TODO: Actually plumb this into the caller-id logic.
Bug: 16301261
Change-Id: If03adc907d9558baa0a45a1833b857206b7bf96a
This is to ensure that some system app can't modify that
state for purposes of changing the profile owner without
user consent.
Bug: 16207721
Change-Id: Ic5f454d7568cd824b83456eed0e2611779a9adf8
We need to go back to uninstalling system apps so we can
re-install non-default system applications through Play.
This reverts commit e3dbcd138c07f2d32ac84229d0a49052cc18d424.
Change-Id: I0a7af094614c4a10800971c82e10571f7312e079
Once verified that caller is device owner just calls through to
the activity manager and acts like that call.
Change-Id: I34023313cd6742b73d2105655ec6b631879aa37a
This adds a feature to allow DevicePolicyAdmins to prevent using
simple PINs, which are defined as those containing more than 3
repeated values. Examples include '1234', '2468', '1111', '9876', etc.
Bug 12081139
Change-Id: I4ebe1c76a48087dcd7c878e9bd79a4e3ee2a27fe
Add package state to allow profile or device
owners to block uninstall of packages.
Add API to DevicePolicyManager to set/get the
state.
Bug: 14127299
Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
Instead of sending the profile name in the provisioning intent
the mdm should set the profile name after provisioning has completed.
This allows us to simplify the provisioning flow and the mdm can
change the name of the profile later on if required.
Change-Id: I821ef2300eae74e89872152ae1c89ac3ecbb82e7
Since managed profiles are started on bootup, the managed profile
would be allowed to set an app (possibly itself) as a lock task
app and then run itself on bootup and constantly control the
device. This privelege should be restricted to device owners.
Change-Id: I4a93aabd6054cbe75076ef0517fce03ffa74dc93
For these crossProfileIntentFilters, the activities in the current profile cannot
respond to the intent.
Only activities in the target profile can respond to the intent.
BUG: 14936725
Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
Add a method for DeviceAdminReceivers of profile/device owners to
be notified that lock task mode has entered or exited for an app
they have whitelisted.
Change-Id: Id124287d41564bbfccdacccf1977b7acb3ddec3f
Exposes these methods:
- hasCaCertInstalled
- hasAnyCaCertsInstalled
- installCaCert
- uninstallCaCert
Allows device and profile owners to perform some certificate management
including querying for and enabling/disabling specific CA certificates.
Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
Currently the device owner can create secondary users, but unless
it is a system app it will not be installed and will not be able
to pass data easily from the code that creates the user and any
code running on that user.
This allows the device owner to install itself while creating a
user and start up a service to configure that user. createUser
takes an bundle so that the device owner can pass across any
initial setup data it needs to, this bundle will be sent to
the admin receiver in onEnable.
Change-Id: Ic1f8565dd2a7bd85363527cf68b0ecd4dc9c3636
Now throws an exception titled something like "Admin X does not own the
profile" instead of the rather unhelpful NullPointerException that was
thrown previously.
Change-Id: I33f6da5ea5eb70d8ea3939cfa280c794b01c3382
Re-hide the setGlobalProxy on the ConnectivityManager as it requires
CONNECTIVITY_INTERNAL. Instead add a function to the DevicePolicyManager
to set the global proxy, that can only be called by the device owner.
Change-Id: I9ffb2cc4f30a6dc9b868d86f056e1fbd512d8dfc
Password change intents etc. were always being sent to
owner rather than user the device admin was installed for.
Also add TODO to not assume profile parent is OWNER.
Bug: 15442331
Change-Id: I7e58069bc4a6ab94f038ae1b80c044d666986318
Mechanism to register a provider for requesting an
administrator to respond to permission requests.
Request format and response format constants.
Description of manifest template for static restrictions.
Int type introduced in RestrictionEntry.
Needs more javadoc and better description of manifest templates,
including specifying the XML attributes.
Change-Id: I5a654d364e98379fc60f73db2e06bf9a8310263d
A profile owner should only have control over the profile. All of the
following device admin APIs that affect the device beyond the profile
that they are called from are now disallowed:
- Camera enable/disable
- Keyguard
- Wipe external storage
@bug 14434826
Change-Id: I69acfdf6f654f48b5db91aeb3ea86662d7857075
Allow power button to be used to either go to sleep as usual,
which may doze, or skip that completely and really go to sleep.
May also really go to sleep and go home all at once.
Bug: 14406056
Change-Id: Ia19e2551b9c2a72271bb2eddd5c0d1749761e019
DMAgent currently needs to live in /system/priv-app in order to
(among other things) set and get blocked packages. These APIs will
get us closer to being able to move DMAgent out of priv-app.
Bug: 14945334
Change-Id: I108e2013c67409dca554acf78e3a710745900706
Device owners can update Settings.Secure and Settings.Global settings.
Profile owners can update Settings.Secure settings.
DMAgent currently needs to live in /system/priv-app in order to
(among other things) update global and secure settings. This change will
get us closer to being able to move DMAgent out of priv-app.
Bug: 14965414
Change-Id: If2cc3a56de91bffde33b838ab8ecea2c32412803
