What's supported:
- Most APIs are implemented, except for SM.updateShortcuts(),
the icon APIs in LA, and LA.startShortcut().
- Persisting information, except for icons
- Throttling
In addition, now PersistableBundle has a public copy
constructor from a Bundle. (Do we want to @hide it?)
TODOs:
- Add icon support
- Implement missing APIs
- Listen to PACKAGE_* broadcasts and do clean-up
- Support multi-launcher apps (pinned shortcuts per launcher)
- Dev option to reset throttling
- Load throttling config from Settings
- Backup & restore
- Figure out LauncherApps permissions (BIND_APPWIDGETS??)
- Other minor TODOs in the code
- Better javadoc
Note: This requires Idf2f9ae816e1f3d822a6286a4cf738c14e29a45e
Bug 27325877
Change-Id: Ia5aa555a4759df5f79a859338f1dc5e624cd0e35
The main purpose is to fix the security flaw that
user can force isDeviceOwnerProvisioningAllowed to return true
by setting the device_provisioned without factory reset
Check UserSetupComplete instead, as it's cached by DPMS if it's ever set to true
Refactor common code of isDeviceOwnerProvisioningAllowed and enforceCanSetDeviceOwnerLocked
The functionality of enforceCanSetDeviceOwnerLocked should be exactly the same.
DPM Unit Test all pass
Bug:27403225
Change-Id: I32dae8e222e01e08664abb313ead3a92d4186658
Added a check inside PackageManagerService to make sure data for a
package with a DO or PO for the running user is not cleared. Currently,
the 'pm clear' command goes through without any such checks.
Bug: b/27243904
Change-Id: I87d4ad2db031f47946f34627a5ee465ef144f85e
The default value of bluetotoh contact sharing is true.
So we should save when it is false.
Bug: 27410265
Change-Id: Icaf4ceeda09eca46d160acfecc53834819b66a18
If 'requestAccess' is true, the caller (either profile/device owner or a
designated certificate installer) will be granted usage of the keypair
on successful installation.
This has no security implications for a profile/device owner which would
already be able to self-grant. Delegated certificate installers did not
have this ability before.
This is only allowed at install-time- not afterward.
Bug: 24746231
Change-Id: Ia0ec290bb0bcde1d8137c188e2667cb7718dbfd7
After being interrupted the monitor thread tried to acquire
a lock that is held by interrupting thread, resulting in timeouting
on join().
Bug: 27061904
Change-Id: Ifbd578d5f5a266083b207fedd8ebb6d26ab08c31
- Avoid the ART warning about 4.1 compatibility
- Avoid integer overflow in DPMS
Bug 27243525
Bug 27242859
Change-Id: I92af323287e348fbd0eff31e6cf9823be8e41024
Originally I didn't know user-0 could have PO, so I excluded this case
from migration. Now we handle it properly.
Also make sure only restrictions that can actually be set by each
owner moves to the owner restriction. (Because of this, we no longer
have to have DISALLOW_WALLPAPER in the exception list, because
owners can't set DISALLOW_WALLPAPER.)
Bug 27225996
Change-Id: I6ad79d90e6c4400abbb1e4feba6ba59e3b650815
Refactor setPackageSuspended into setPackagesSuspended. The rationale
is that the consumers of this API are likely to want to remove
multiple packages at once. Rather than calling the API N times, call
it just once.
The good part is that we already have the broadcast intent for
suspended packages take an array so only one broadcast. Less stress
on the system.
Another good part is that (right now) we only have one consumer of
this API and it will be easy to make changes once this CL goes in.
As a shell command, for consistency only allowed one package at
a time.
Bug: 22776761
Change-Id: Ic8b8cf64d0a288ea3a282bb7b72f9d663b3b0049
Instead of always rebuilding the full ApplicationInfo for a
package when callers are only interested in the suspended status
add a new fast API in Packagemanager (which only checks the
suspended user setting for the requested package and returns
a boolean) and change the appropriate caller code too.
Bug: 26794775
Bug: 22776761
Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a
We're starting to see more instances of device features that will
increment separately from the SDK API level, such as camera HAL,
GPU capabilities, Bluetooth, and other hardware standards.
This change adds the ability for device features to specify a
version, which is defined to be backwards compatible. That is, apps
requesting an older version of a feature must continue working on
devices with a newer version of that same feature.
When a version is undefined, we assume the default version "0".
Bug: 27162500
Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
This is needed from Settings to show a message informing the user
of the number of attempts before their work profile gets wiped
when using ConfirmDeviceCredentials.
Bug: 26677759
Change-Id: I4b16f7dc2f415d0ce0215a3b7a646f98fabece33
DevicePolicyManagerService checks admins on boot
and removes ones that aren't found so it needs
to match crypto and non-crypto admins.
Match non-crypto aware apps when admin is enabling
system apps.
Bug: 27126412
Change-Id: Ibb20841679fb660de281782964b068d5a13b8fe9
The API now requires the app restriction manager app to exist
on the current user when it is called.
Change-Id: I809816d4f5d73378c23b18d7b74ebb282b7dc444
Also, reworked the logic a bit:
* Admins can only set flags that affect the parent on the
parent DPM instance (i.e. no unredacted notifications)
* Admins can set flags not supported on the work challenge on
the regular DPM instance. If there is a work challenge,
they will have no effect (as managed profile policies don't
affect the regular lockscreen if there is a work challenge).
If there is no work challenge, they'll affect the parent profile.
Bug: 26891832
Change-Id: I8978e1aa6abe9c8dc07e030dfd069b5f4e1301f6
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
As approved by Android Security team, added logging of
strength of auth method as well as logging of fingerprint
keyguard actions.
Bug: 26841997
Change-Id: Ic8e3f125f775a7585fe56003f4c6442390edea61
Also fix the bug where removeAdminArtifacts() is called
for all active admins on the target user.
Bug 27107878
Change-Id: I6edbdadffe8c75628539976d304e39d6abed73a4
