The previously used permission was doing double duty as the permission
that device admins to check for to ensure that calls are coming from valid
system components.
MANAGE_DEVICE_ADMINS is system|signature and is now required to add/remove
device admins.
Required for:
Bug: 9856348
Change-Id: I64385d2ec734c3957af21b5a5d9cffd8a3bcd299
When user reset password their password,
if password doesn't match target quality of device,
DPM print a log why can't reset password.
however log message isn't correct information.
in log context, it have to exist current quality
and target quality. this patch can help print correct log.
Change-Id: I5c8fb1c77ddbe1bdbc76e35038c897e2e8efb077
A Device Owner cannot be uninstalled and is available to all users. It must
be registered before the device_provisioned flag is set.
Device admins can be disabled until used, but visible to device policy
manager, so that users wont be bothered with update requests.
Opened up a few related APIs for use by a system-installed Device Owner.
Change-Id: I847b5fe68c0f724863f778a67602b5bddc79d8e5
Restrictions saved as key/value pairs, mostly booleans right now
but might be expanded to other types later.
Save and restore restrictions in the user manager service.
Enforce some of the restrictions at the framework level. Some
are enforced (also) at the app level, such as in Settings.
Change-Id: Id11ffe129cb6a177e094edf79635727388c26f40
Also fix a little problem where the USER_STARTED broadcasts
were not being sent as ordered broadcasts(!).
Change-Id: I3aa3e0a9b3900967cdd2d115ee103371b0a50c41
When a DeviceAdmin requests a device wipe due to a number of incorrect
password attempts, only primary user can wipe the device. Secondary users
can only remove themselves from the device.
Bug: 7554445
Change-Id: I24331cb4eff37571fcd792abb2efc794f7b3f2d2
Migrate networking, storage, battery, DropBox, and PackageManager
related Secure settings to Global table.
Bug: 7232014, 7231331, 7231198
Change-Id: I772c2a9586a2f708c9db95622477f235064b8f4d
This change renames the widget-specific API to be more generic
to allow further disabling of keyguard-specific customizations
in the future. Currently only allows disabling widgets and the
secure camera but can now easily be extended to disable other
features we add.
Fixes bug: 7021368
Change-Id: I3934cc2e7c64e0c6d511efb86980fc38a849708d
Bug: 7136483
Store device policy information for each user and apply them when user switches.
Global proxy can only be controlled by owner.
Camera restriction applies to all users, if any one has an admin that disables it.
Storage encryption can only be controlled by owner, although other users can query the state.
Wipe data will only remove the user if non-zero, wipe the device, if zero.
Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
It moved from System to Global, so writes are not automatically redirected
to the new namespace (else apps would start crashing).
Bug 7126575
Change-Id: Ief31fcb5a6107a098da04d30d146e16921dee776
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
The major goal of this rewrite is to make it easier to implement
power management policies correctly. According, the new
implementation primarily uses state-based rather than event-based
triggers for applying changes to the current power state.
For example, when an application requests that the proximity
sensor be used to manage the screen state (by way of a wake lock),
the power manager makes note of the fact that the set of
wake locks changed. Then it executes a common update function
that recalculates the entire state, first looking at wake locks,
then considering user activity, and eventually determining whether
the screen should be turned on or off. At this point it may
make a request to a component called the DisplayPowerController
to asynchronously update the display's powe state. Likewise,
DisplayPowerController makes note of the updated power request
and schedules its own update function to figure out what needs
to be changed.
The big benefit of this approach is that it's easy to mutate
multiple properties of the power state simultaneously then
apply their joint effects together all at once. Transitions
between states are detected and resolved by the update in
a consistent manner.
The new power manager service has is implemented as a set of
loosely coupled components. For the most part, information
only flows one way through these components (by issuing a
request to that component) although some components support
sending a message back to indicate when the work has been
completed. For example, the DisplayPowerController posts
a callback runnable asynchronously to tell the PowerManagerService
when the display is ready. An important feature of this
approach is that each component neatly encapsulates its
state and maintains its own invariants. Moreover, we do
not need to worry about deadlocks or awkward mutual exclusion
semantics because most of the requests are asynchronous.
The benefits of this design are especially apparent in
the implementation of the screen on / off and brightness
control animations which are able to take advantage of
framework features like properties, ObjectAnimator
and Choreographer.
The screen on / off animation is now the responsibility
of the power manager (instead of surface flinger). This change
makes it much easier to ensure that the animation is properly
coordinated with other power state changes and eliminates
the cause of race conditions in the older implementation.
The because of the userActivity() function has been changed
so that it never wakes the device from sleep. This change
removes ambiguity around forcing or disabling user activity
for various purposes. To wake the device, use wakeUp().
To put it to sleep, use goToSleep(). Simple.
The power manager service interface and API has been significantly
simplified and consolidated. Also fixed some inconsistencies
related to how the minimum and maximum screen brightness setting
was presented in brightness control widgets and enforced behind
the scenes.
At present the following features are implemented:
- Wake locks.
- User activity.
- Wake up / go to sleep.
- Power state broadcasts.
- Battery stats and event log notifications.
- Dreams.
- Proximity screen off.
- Animated screen on / off transitions.
- Auto-dimming.
- Auto-brightness control for the screen backlight with
different timeouts for ramping up versus ramping down.
- Auto-on when plugged or unplugged.
- Stay on when plugged.
- Device administration maximum user activity timeout.
- Application controlled brightness via window manager.
The following features are not yet implemented:
- Reduced user activity timeout for the key guard.
- Reduced user activity timeout for the phone application.
- Coordinating screen on barriers with the window manager.
- Preventing auto-rotation during power state changes.
- Auto-brightness adjustment setting (feature was disabled
in previous version of the power manager service pending
an improved UI design so leaving it out for now).
- Interpolated brightness control (a proposed new scheme
for more compactly specifying auto-brightness levels
in config.xml).
- Button / keyboard backlight control.
- Change window manager to associated WorkSource with
KEEP_SCREEN_ON_FLAG wake lock instead of talking
directly to the battery stats service.
- Optionally support animating screen brightness when
turning on/off instead of playing electron beam animation
(config_animateScreenLights).
Change-Id: I1d7a52e98f0449f76d70bf421f6a7f245957d1d7
Reduce the amount of unnecessary information emitted from
the DevicePolicyManagerService.
Bug: 6732364
Change-Id: I639f6beab8471bdbe41ce6cd3a5a378acaf678b2
...in Developer options is on
Don't respect stay awake while on as long as a time to lock limit
is being enforced. When we start enforcing one, make sure the
setting is off (since we won't be respecting it anyway).
Bug: 6664140
Change-Id: Id07cb528afa0c64c7766341841c51771f507121d
When the external storage is not mounted, the android system won't
wipe out the user data (i.e. "/data") if wipeData() is called with
the flag WIPE_EXTERNAL_STORAGE.
We think that the user data should be wiped out in any options and
also wipeData(int) method currently supports also for a external
storage. So we will also change the API reference comment.
If we should care about backward compatibility of this method behavior
with the option WIPE_EXTERNAL_STORAGE, then we would add an another
bitmask something like a ALWAYS_RESET.
Change-Id: Id7bf673c722bacc0480d32e46553b9a348513879
This fixes a bug where the device fails to lock when DevicePolicyManagerService
requests the device to be locked and the screen was off because the user hit
the power button.
The change allows DPMS to directly invoke screen lock, bypasssing the screen state.
Change-Id: Iecdda6fc61e9c519119de495be23c69c3b983921
Fix 5783857: Device Policy Manager doesn't allow Face Unlock
This makes it so that if face unlock is enabled and then a device policy
manager that requires something more secure than face unlock is installed,
the user will be forced to choose a new acceptable lock type.
This was previously fixed for the case where the device had been reset, or
the shell was restarted after setting face unlock, but not for the case where the
device remained on between setting face unlock and setting up a device policy
manager.
Also changed the function ordering of saveLockPattern() so that the overloaded
wrapper function is next to the main function.
Change-Id: Ibed8c4ab137ebbc07fb143faef6f047bc6dc4474
The DPM seemed to always go through ExternalStorageFormatter to wipe the
device and SD card. For SD cards emulated on a fuse filesystem, this
seems to fail unless the device is wholly encrypted. Bypass
ExternalStorageFormatter in those cases and just wipe as normal.
Bug: 5458396
Change-Id: Iec759ef894c6bd3863cb4e7329f4de4584c60c1a
This fixes a crash caused by permission problems when we try to update
the password history and discover there's no password salt. The code
attempts to create the salt, which triggers the exception.
This could be fixed by wrapping the call with a clearCallingIdentity()/
restoreCallingIdentity(ident). However, while looking at it, it occurred to me
that this can cause unexpected failures if the DPM tries to set the
password twice or happens to set it to something in the password history.
Instead, we should *always* allow the DPM to reset the password to whatever it wants,
provided it passes the minimum password criteria.
Change-Id: I1505b24f9c097ee5c2c44e4bf378ba90095b113b
This introduces a new policy that a DeviceAdmin can use to disable _all_
cameras on the device. A separate CL will be made on the media side to
watch this policy bit and act accordingly.
Bug: 4185303
Change-Id: I700cfc4a8317bb74087ccae39346d74467fc58b2
Due to a copy/paste typo, getStorageEncryption() was protected by
getActiveAdminForCallerLocked(), which made the API unreadable if the
caller is not an admin. This doesn't match the rest of the DPM API which
allows the "get" calls to be made anonymously.
This fix supercedes the proposed workaround CL in the DPM ApiDemo sample.
Change-Id: If1a6237634e97ced09a7c6a8876bb6b0f60c9be9
Also fix not writing the settings file when an admin is removed.
And take care of an old to-do about not removing an admin until
after it has received the broadcast about it being disabled.
Change-Id: I4ebe0ea0461222b65425b2c5438b646b572f18c8
* Add code to persist per-admin setting
* Add hooks for OS-level tie-in (is supported, get / set status)
* Add 3rd API call to get OS status (irrespective of admin settings)
* Remove "REQUESTED" status, no longer relevant with 3rd API
* Fixed bug that impacted global proxy settings
* Update api/11.xml to match current.xml
Bug: 3346770
Change-Id: I56bdf9a7894f6ca4842402c7b82ddb3caf4b37b9
* New uses-policies value
* Definitions for storage domain and encryption status
* API to get and set encryption status
* Intent to launch encryption changes
* Both new calls bottom out in the DPM service and are suitable for
a device that does not support encryption.
NOTE: Nobody should use ACTION_START_ENCRYPTION yet. It needs a receiver
to be built in Settings (different CL).
Change-Id: I2ae193bedbec59f6ba46c0ec7de12ecf321e5803
* Allows an app to detect that it needs to have additional policies granted
* Add "refreshing" parameter to setActiveAdmin() to handle this case
* Minor cleanups to eliminate warnings (mostly for unused things)
Bug: 3253179
Change-Id: I4bf639bf560557130bf98e8cfb75f996fac416f1
* Change alarm math to snap to multiples of 24h before expiration
* Stop recurring alarm when no expirations upcoming
* Fix small bug in update logic when device password is updated
Change-Id: I31ce147e4f8c766245fae3e286fc50eaee4cfa22
Addresses these bugs:
3061847 - With no headers, PreferenceActivity crashes
2888426 - minor typo in DevicePolicyManagerService.ActiveAdmin.writeToXml()
3159155 - IllegalStateException:"Can not perform this action after
onSaveInstanceState" while dismissing a DialogFragment
3155995 - PopupWindow.showAtLocation does not respect LayoutParams
Also tweak the new fragment APIs to use abstract classes instead of
interfaces as base classes.
Change-Id: I9c0b4337fe0e304b737b5f7c2762762372bb3020
3094621: add "wipe sd card" option to factory data reset
3094609: collapse unmount/format into one command
Also since we have decided that it is important to consider
the Crespo storage as internal storage, DevicePolicyManager
gets a new API to be able to wipe it. (No big deal, since
all of the work for this is now done in the implementation
of the new UI.)
Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
