This enables a change in Settings that allows device
encryption to be disabled by the user.
Fixes bug 17881324
Change-Id: I34dfc586df1a598bf969dc82adf8537a2730d345
Updating the accessibility layer behavior to reflect the new
model where accessibility no longer overrides strong encryption.
Now enabling an accessibility service lowers the encryption
level but the user can bump it up in settings if desired.
bug:17881324
Change-Id: Ic60d760c267d3f934040a42e1963b179bd8b9f5f
DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.
Check if the device is encrypted by some means, instead.
Also fix a SecurityException when Device Admin queries encryption state
(recent regression)
Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
To clarify that BluetoothLeAdvertiser object will return null
when BT is off OR if the hw doesn't support these capabilities
bug: 18006072
Change-Id: I635d7971711a3cae7c58f7a0636faf9a03f19970
Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
When restoring hundreds of apps on low-DPI devices, we end up sending
icon Bitmaps inline in the response instead of splitting into ashmem
regions. To avoid triggering TransactionTooLargeException, switch to
using ParceledListSlice under the hood.
Bug: 17926122
Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9
We used to set this from LoadedApk.getClassLoader. This had
the unfortunate side effect of clobbering the threads default
classloader when Context.createPackageContext().getClassLoader()
was called. This happens, for example, to every app that uses
a updatable webview.
bug: 17986934
Change-Id: If2b5938a19f836ea5fe60c94ea53a7125c2098c0
The system should always be using new startActivityAsCaller() when
starting activities on behalf of someone else, to ensure that
security checks are enforced as the original caller.
Bug: 17983737
Change-Id: Ic40816a797cfdb13c0adb48b86ed4ed7d6aae8eb
This is a squashed commit of the following changes:
1. Order apps by priority when performing boot dexopt.
(cherry picked from commit 65cde7d42d741c7d9aa2714a397b7333f688ab55)
2. Improve priority ordering of apps when performing boot dexopt.
Added core apps and updated system apps.
(cherry picked from commit 272bf3a274daff62995caf05da338c1f2a73dae3)
3. Stop boot dexopt when low on memory.
(cherry picked from commit 1d892dcb6b0ff3a50cc63e387667dc29baf1014f)
Bug: 17641843
Change-Id: Ie32f1c21047d3462aaf728f7633fecf647ba2b47
...handler for its Intents
Fix bug when a third party app is installed as an additional but
worse match for the intent.
Also raise up the limit for when we start printing logs about
overly large strict mode data.
And turn off the logs about services being created and destroyed,
since with the way things are using services these days these have
become way too spammy.
Change-Id: I8fe301dfd80fb4b70213cb7783b7c5426245278d
If nativeUnlockCanvasAndPost() throws, Surface was maintaining a
reference to the native Surface, and assuming it was still locked.
That would cause future lockCanvas() calls to throw without even
trying to lock the native Surface, even though in some cases the
native lock was actually released before the exception was thrown.
Now Surface treats the native object as unlocked even if
nativeUnlockCanvasAndPost() throws, so it will attempt the native lock
on lockCanvas() rather than assuming it would fail.
This change also changes an IllegalStateException to
IllegalArgumentException in unlockCanvasAndPost(). That exception was
added in KitKat, and was never documented or added to the throws
declaration. This was essentially a silent public API change. Quite a
bit of code in the framework (and likely in applications) catches
IAE from this method, but didn't attempt to handle ISE. Although ISE
is more correct here, it's not worth breaking code (and it did -- in
this bug it changed a problem that should have been silently and
perfectly recovered from into a fatal exception in system_server.)
Bug: 17684556
Change-Id: Ia8d3e5d33eaa690d16c7d0f557390c7bb4e1e32e
Raise the height ratio threshold slightly in order to start accepting
restores of height=1920 images onto height=2560 devices.
Bug 17882661
Change-Id: I63b47817fdf754cda9a052bddb62aee764522c6f
