Adding the new structure was making it difficult for
LMP devices to have common source with upcoming API version.
Fixes bug 17008504
Change-Id: I704503cf0ebff113874c87ab11e37735dbe7b8d7
This change incorporates API council feedback and enables the
TrustAgent whitelisting API.
It also contains a minor cleanup of DPM's use of UserHandle
to eliminate unnecessary object creation.
Fixes bug 17008504
Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
Also modifies the SampleTrustAgent to allow testing of the feature
and adds the initiatedByUser flag to the dumpsys output.
Bug: 16840500
Change-Id: I4c08ddcdcbd0ab02c694a1873f73cb9a250f98d7
Adds a facility for trust agents to indicate if they
are ready to manage trust. Also adds an indication to
the lock icon on the lockscreen to show whether trust is
being managed.
Bug: 15518469
Bug: 16123013
Change-Id: Ie17f588aebeafe66c81dea4a69c733b0d2c72fd4
This adds a new feature that allows a device admin to specify a
whitelist of features that are allowed for the given admin.
Change-Id: I83f853318efbcf72308532d0a997374f73fa9c10
ActivityManager restarts the trust agent service for us
when it gets killed automatically. This does not apply
when its process crashes too often or when its package
gets updated however.
To catch the update case, the trust agent connection
is removed as soon as the package disappears, and then
readded when the new package appears.
To catch the repeated crashing case, the connection is
reset if it hasn't successfully connected for several minutes.
Also adds a button to SampleTrustAgent to simulate a crash.
Bug: 16137258
Change-Id: I1b18fc7a3025e23e25ca1623b6af658d5430a94b
Prevents the TrustManagerService from binding to any non-platform
trust agents and updates the SampleTrustAgent to use the new
permission.
Bug: 15287044
Change-Id: I38c3deebd5ad359075e68f52d19417bab5ab43db
Adds a simple app that shows how to build a trust agent. For
lack of a better place to put this, this stays in Keyguard's tests
for now.
Bug: 13723878
Change-Id: I9ebad253d3d89c846fe8afaad6babce9e7b80b5e
"signatureOrSystem" permissions are no longer available to all apps
residing en the /system partition. Instead, there is a new /system/priv-app
directory, and only apps whose APKs are in that directory are allowed
to use signatureOrSystem permissions without sharing the platform cert.
This will reduce the surface area for possible exploits of system-
bundled applications to try to gain access to permission-guarded
operations.
The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is
says in the documentation: it indicates that the application apk was
bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED
has been introduced that reflects the actual right to access these
permissions.
At some point the "system" permission category will be
renamed to "privileged".
Bug 8765951
Change-Id: I6f0fd9cdb9170e076dfc66d83ecea76f8dd7335d
With this change, the system process will put up a scrim in the
event keyguard crashes to protect underlying content.
It also adds permission checks to prevent unathorized access
through the binder APIs.
Cleaned up KeyguardTestActivity to build separately.
Removed unused resources.
Change-Id: I9e370c6bfb7dca68eae9eae304c815fb84a753d2
