This fixes a bug introduced by a change where the function
ignores systems with default encryption where it's disabled.
The fix also checks to see if vold thinks the device is secure.
Fixes bug 17881324
Change-Id: I2c40f76cf990d90d1a825955aa3b080b21684426
We're not really supporting ancient Linux/OSX systems, we should
update the website to accurately reflect this.
Change-Id: Id05df4c4e2a4235d325e099a1f29fb7cbe749675
Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
Apps can end up in priority mode by setting ringer-mode = silent.
Now they can leave priority mode by setting ringer-mode = non-silent.
(normal or vibrate)
Bug: 17884168
Change-Id: I54c853885f4ae9ee618041dd7ac6ab0663fc7b37
Bug 17969135
Use query (instead of rawQuery) and pass in arguments instead of building
the query with a giant string. Add a unit test that fails with the old
code but passes with the new code.
Change-Id: Id04a1db6fb95fcd923e1f36f5ab3b94402590918
See first comment on CL for the doc staging location. Setting up a
redirect for the old page with CL http://ag/566783
Change-Id: Ibd391cb3fe357495ecf3dc70b1edeadee12075f3
When restoring hundreds of apps on low-DPI devices, we end up sending
icon Bitmaps inline in the response instead of splitting into ashmem
regions. To avoid triggering TransactionTooLargeException, switch to
using ParceledListSlice under the hood.
Bug: 17926122
Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9
This is needed to allow the always-on VPN to survive network
switches. In L, network switches are graceful, and in order to
switch to a network, the system first has to validate it using
DNS requests (from netd, running as root) and HTTP requests
(from NetworkMonitor, running inside the system_server).
This should also allow always-on VPN to work on networks like
T-Mobile that use 464xlat, fixing a bug that has been present
since K.
Bug: 9597277
Bug: 17695048
Change-Id: I0daa5707f2139339f9ececde0e73aac3bf23fdc3
Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.
This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.
Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
We used to set this from LoadedApk.getClassLoader. This had
the unfortunate side effect of clobbering the threads default
classloader when Context.createPackageContext().getClassLoader()
was called. This happens, for example, to every app that uses
a updatable webview.
bug: 17986934
Change-Id: If2b5938a19f836ea5fe60c94ea53a7125c2098c0
The system should always be using new startActivityAsCaller() when
starting activities on behalf of someone else, to ensure that
security checks are enforced as the original caller.
Bug: 17983737
Change-Id: Ic40816a797cfdb13c0adb48b86ed4ed7d6aae8eb
Requests coming in while the service is still being brought up
were discarded. Changed to queue them so that they can be started
after the initialization is completed.
Bug: 17985588
Change-Id: Ic9d9cd2094b830c80dec54dd5ef6a18159a74dc7
Conflicts:
services/core/java/com/android/server/hdmi/HdmiCecLocalDevicePlayback.java
It is possible that the device does not have an owner. If there
is no owner we get a NPE when asking the device policy manager
for cross-profile widget providers.
bug:17989189
Change-Id: I5759f2dec160ed8076ab47fdf09134f78c57458d
This is a squashed commit of the following changes:
1. Order apps by priority when performing boot dexopt.
(cherry picked from commit 65cde7d42d741c7d9aa2714a397b7333f688ab55)
2. Improve priority ordering of apps when performing boot dexopt.
Added core apps and updated system apps.
(cherry picked from commit 272bf3a274daff62995caf05da338c1f2a73dae3)
3. Stop boot dexopt when low on memory.
(cherry picked from commit 1d892dcb6b0ff3a50cc63e387667dc29baf1014f)
Bug: 17641843
Change-Id: Ie32f1c21047d3462aaf728f7633fecf647ba2b47
When saving to PDF we bring up the file picker UI which covers
the print UI. In this case the printing app may get killed as
it is not in the forground (the system is bound to the print
spooler so it cannot get killed). If that happens we are ending
up with an empty file. However, if the file chooser UI is up
we already have everything from the app we need and it dying
does not matter. This change takes care if ignoring printing
app death while saving to PDF.
bug:17922948
Change-Id: I10d808e3c3e93e850dbc2a948f2482381a887928
