Otherwise if boot takes long enough, DO broadcast will be sent while
ActivityManagerSerivce is not ready, causing IllegalStateException.
Change-Id: I6b55ed45ed7b1f3ed9ad6ec20695907b4fa6f3b1
Fixes: 109746888
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.DeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: provisioned TestDPC as DO in SuW, enabled logging.
This allows them to continue to have this capability the
same as before we locked down access to it.
Bug: 78480444
Test: manual
Change-Id: If2b0722945235eb67676ace3f54efaa71a64bcde
When changing the password requirements, two changes have to be saved:
(1) Whether the current password complies with the new password
requirements.
(2) The new password requirements themselves.
(1) is stored on the credential owner of the user, (2) is stored on the
user itself.
In ag/3729963 (Change-ID: Ide5b2e53cf100b087822844ca51b3bc69e7ddf82),
we've switched from saving the password sufficiency flag (1) in the
user to the credential owner.
A side effect was that the password requirements themselves, (2), which
were changed on the original user the call related to, were not saved.
This fixes the bug introduced in the aforementioned CL.
Bug: 78499736
Test: Manual with TestDPC.
Change-Id: I11faef37fa6f0e8e8e558069e77021c48ee36cd4
It is possible to have null PasswordMetrics object for a given user -
if, for example, the user never had a password set.
Do not WTF in that case.
Bug: 78191197
Test: That it compiles.
Change-Id: I807c2755890b0772e295b4cb0095cac1bf2d0aef
Device or profile owners should be suspending packages via
DevicePolicyManager. If an app with SUSPEND_APPS tries use the
PackageManager api on a user with a DO or a PO, the call should fail
Test: gts-tradefed run gts-dev -m SuspendApps
Bug: 78132137
Change-Id: If478db0726073c2e59dba3a7049cc16c56d9f3d5
ServiceManager:
- Do an event log every N getService() calls with total time spent
in getService().
where N = 100 for core UIDs and 200 for other apps.
- Do an event log if getService() takes longer than N ms.
where N = 10 for core UIDs and 50 for other apps.
... with some extra throttling.
NPMS:
- Do the basic "stats logger" log for updateNetworkEnabledNL() and
isUidNetworkingBlocked()
This CL also enhances StatsLogegr so it now can show the slowest call
and the max # of calls per-second.
Bug: 77853238
Test: Manual test:
- Insert a SIM card
- Set data limit
- toggle airplane mode
- toggle wifi
- toggle mobile data
Then
- "dumpsys netpolicy" and "dumpsys activity processes" and check the stats
- also check "adb logcat -b all | grep ' service_manager'"
Change-Id: I5789541063f95d0eac501189816c8604a4571ba0
Require the callers of DPM.getPermittedAccessibilityServices(userId) to
hold the MANAGE_USERS permission. The only known callers of this API
are settings apps that already hold this permission.
Bug: 62343414
Test: com.android.server.devicepolicy.DevicePolicyManagerTest
Test: com.google.android.gts.devicepolicy.DeviceOwnerTest
Test: Manually checked accessibility settings in DO and PO modes
Change-Id: I8ee3f876fcaffa63636645f0f59709cd147254ef
Added an AlertActivity to intercept the start for an activity belonging
to a suspended app. More details will be shown if the suspending app
also defines an activity to handle the API action
SHOW_SUSPENDED_APP_DETAILS.
Test: Added tests to existing classes. Can be run via:
atest com.android.server.pm.SuspendPackagesTest
atest com.android.server.pm.PackageManagerSettingsTests
atest com.android.server.pm.PackageUserStateTest
Bug: 75332201
Change-Id: I85dc4e9efd15eedba306ed5b856f651e3abd3e99
For now enable it on ENG builds only.
(I'll change the condition in master so I'll get WTFs from qt-release devices
too.)
This will detect calling into DPMS with the following locks held:
APP_OPS
POWER
USER
PACKAGES
STORAGE
WINDOW
ACTIVITY
DPMS
On marlin-eng pi-dev, each guard() takes ~25us.
LockGuard.guard(): count=7246, total=175.1ms, avg=0.024ms
Used the following command to ensure all locks are replaced.
$ grep synchronized /android/pi-dev/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | sed -e 's/ *//' | uniq
Bug: 74553426
Test: Manual test with an intentional lock inversion.
Change-Id: Id59d562d7c275b6ea127a211284496f5d64f9f93
As system setting is per user, we should allow PO to call it.
Bug: 77204777
Test: runtest -x services/tests/servicestests/src/
com/android/server/devicepolicy/DevicePolicyManagerTest.java
Change-Id: I84152fa04adb441955b48b676be6e792134b52c2
As KeyChain reports detailed error codes about failure to generate keys
or attestation records for them, log these detailed errors and throw an
exception if the hardware does not support Device ID attestation.
Bug: 72642093
Bug: 73448533
Test: cts-tradefed run commandAndExit cts-dev -s 127.0.0.1:50487 -a x86_64 -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG
Change-Id: Ib12efcf48c158373e1fc28cc51d67e70282d029e
1. Throw if notifications is given without home feature, as this
configuration allows potential escape routes.
2. Default power button menu to be on in order to be consistent with
existing lock task behaviour before P.
Bug: 71790952
Bug: 74381063
Test: manual
Change-Id: I2383c087a18739a158d55edcd84d22d1abdb887a
Require the caller of DPM.getPermittedInputMethodsForCurrentUser() to
hold the MANAGE_USERS permission. The only callers should be settings
apps which already hold this permission.
Bug: 62343414
Test: Manage IME list in the Settings app
Test: com.google.android.gts.devicepolicy.DeviceOwnerTest#testPermitInputMethods
Change-Id: I0d162f8f51d16e403a950ee5d942502c2cf20181
Require the caller of DPM.isDeviceProvisioned() to hold the MANAGE_USERS
permission. The only callers should be within the framework itself, or
apps involved in device provisioning which already hold this permission.
Bug: 62343414
Test: Set TestDPC as Device Owner and use it to reset password
Test: com.android.server.devicepolicy.DevicePolicyManagerTest
Test: com.android.server.locksettings.LockSettingsServiceTests
Test: com.google.android.gts.devicepolicy.DevicePolicyManagerTest
Change-Id: Ie53deb5ba8679a5b431f2a8da60ec9710c44d56f
Keep the PasswordMetrics for each user on a separate map from the rest
of the profile data (kept in the DevicePolicyData object).
The PasswordMetrics are not persisted to disk, unlike other fields of
DevicePolicyData (to avoid making it easy for an attacker to brute-force
the password).
Additionally, and the cause of the bug mentioned below, the
PasswordMetrics should not be cleared when a user is started, but
persisted.
Bug: 73899116
Test: Manual with TestDPC
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Change-Id: Id42145665f9ff477ea67fe44e8e55fc6586b8edf
Code to persist OTA info was accidentally removed by a previous CL.
Add it back.
Bug: 73505100
Test: gts-tradefed run gts-dev --module GtsGmscoreHostTestCases --test com.google.android.gts.devicepolicy.DeviceOwnerTest#testPendingSystemUpdate
Change-Id: I9eba522641fd8f95cd6af32431498c2c8ac5ff0e
Require the caller of DPM.getUserProvisioningState() to hold the
MANAGE_USERS permission. All callers should be apps involved in device
provisioning, which already hold this permission.
Bug: 62343414
Test: Run Device Owner sync auth provisioning manually
Test: Set up work profile with managed account manually
Test: com.android.server.devicepolicy.DevicePolicyManagerTest
Test:
com.android.managedprovisioning.finalization.UserProvisioningStateHelperTest
Test: com.google.android.setupwizard.tests.activity.QrScanControllerTest
Change-Id: Ib85433586d4dfb89019ca223fb925aca3d4bbf67
Changed the existing hidden api setPackagesSuspendedAsUser to a system
api setPackagesSuspended that can be called by apps with either
MANAGE_USERS or SUSPEND_APPS permission. Additionally, the suspending
app can now specify optional extra information meant to be used by the
suspended apps and the launcher to deal with this state.
The following other APIs are added:
- isPackageSuspended(): Apps can query whether they are in a suspended
state
- @SystemApi getPackageSuspendedAppExtras(String): Apps with permission
SUSPEND_APPS can get the appExtras passed to PM when suspending the
app.
- @SystemApi setPackageSuspendedAppExtras(String, PersistableBundle):
Apps with permission SUSPEND_APPS can update app extras for a
suspended package.
- getPackageSuspendedAppExtras(): Apps can call to get the appExtras
passed in to PM when they were suspended.
Test: Can be run via:
atest com.android.server.pm.PackageManagerSettingsTests
atest com.android.server.pm.PackageUserStateTest
atest com.android.server.pm.SuspendPackagesTest
Bug: 74336673
Change-Id: I3b9ed2c8478b34ee2e8986f5f5fddb2839d102e3
it's a no-op (and silent fail) when called from a non-system user.
DevicePolicyManagerService#setStorageEncryption also has its Javadoc
fixed.
Bug: 74591983
Change-Id: Ie191ad255cbfcade921d172641f134d6c49a17b1
Fixes: 74591983
Test: N/A - just javadoc changed
For non-FBE devices (devices will full disk encryption or no encryption
at all) the password metrics are not kept in plaintext anymore, so it
is not possible to evaluate the sufficiency of the password when new
password quality requirements are set. Instead, the sufficiency value is
stored in a checkpoint that gets loaded after boot and used before the
user has entered any credentials.
However this checkpoint value was not evaluated correctly (there was a
circular dependency between setting it and reading it) and was not
stored on the right DevicePolicyData object.
Fix the checkpoint value to be the correct one and stored on the right
object, by doing the following:
* Removing the short-circuit introduced in ag/2866930.
* Change the default checkpoint value to true, to prevent re-introducing
b/63887564, and because a newly-created profile, before any password
requirements are set, has a sufficient password.
* Get rid of the circular dependency between setting and reading
mPasswordValidAtLastCheckpoint, by extracting from
isActivePasswordSufficientForUserLocked a function that does not look at
the checkpoint value.
* Store the checkpoint value in the DevicePolicyData object of the
credential owner, as this is where isActivePasswordSufficient reads it.
More details can be found in https://docs.google.com/document/d/15CRewlsy1lyonjAWg3VmhLC5jAyVKazUMKlcPnnId58/edit#
Bug: 71697938,73347414
Test: cts-tradefed run commandAndExit cts-dev -s 127.0.0.1:56619 -a x86_64 -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceAdminHostSideTestApi23#testResetPassword_nycRestrictions -l DEBUG on a gce instance.
Change-Id: Ide5b2e53cf100b087822844ca51b3bc69e7ddf82
Add the word Packages to several functions to clarify Metered Data is
disabled on a per Package basis.
setMeteredDataDisabled to setMeteredDataDisabledPackages
getMeteredDataDisabled to getMeteredDataDisabledPackages
isMeteredDataDisabledForUser to isMeteredDataDisabledForUserPackage
Change-Id: Ied755b4422f8689e34bdb68d733d60fbfc47c692
Fixes: 73803958
Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSetMeteredDataDisabledPackages
Test: cts-tradefed run singleCommand cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testSetMeteredDataDisabledPackages
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest#testSetGetMeteredDataDisabledPackages
- Introduced DevicePolicyCache, which stores a copy of device policies
that can be accessed with any lock held.
- Removed "wm screen-capture". According to code search, it's not being used,
and this command wasn't really working as intended, since DPM can always
override the manually set value.
Bug: 74277398
Test: atest /android/pi-dev/cts/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/MixedDeviceOwnerTest.java#testScreenCaptureDisabled,testScreenCaptureDisabled_assist ; \
Test: atest /android/pi-dev/cts/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/MixedProfileOwnerTest.java#testScreenCaptureDisabled,testScreenCaptureDisabled_assist ; \
Test: atest /android/pi-dev/cts/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/MixedManagedProfileOwnerTest.java#testScreenCaptureDisabled,testScreenCaptureDisabled_assist
Change-Id: I1968d1c32145a715d0343f25cb9d58939514b597
Work profile uses the same instance of PrintManager and DPM
as the primary user. We have to explicitly check restriction for calling user.
Bug: 73768054
Test: Set restriction in Work profile, check that it applies only in work profile.
Change-Id: Iaa63ce000fc84b7d0ee2bd0ff008f1c0f7272a87
