When File Based Encryption is present, allow the verify/write of
passphrases to be per-user (it used to always bubble up to the parent
user assuming it is a per-device passphrase).
This is part of the work for the Separate Work Challenge.
Change-Id: I5ae6b7b6ed1dd25aed0843d495b6f5f36e01c4eb
- Start persisting restrictions set by DO/PO.
- Also dump user restrictions on dumpsys
- More changes will follow, including migration.
- Now System settings are mockable.
Bug 23902097
Bug 23902477
Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
It was because UserManager.get() returns a static cached instance but
we should always be using the mock instance that's created for each test.
Bug 24378326
Change-Id: Id4663e7676d2d0130622055a97fbde0884714349
- Extracting into a factory allows us to use mocks in other classes.
(Such as Owners.)
- Also removed broken test ApplicationRestrictionsTest. Instead added a new
simplified test to DevicePolicyManagerTest.
- Also stop caching rarely used instances in DPMS.
Bug 24061108
Bug 24275172
Change-Id: Ice9e57204b18e7b5f6b115126dab2209041439c2
- Now all services that DPMS uses are injectable.
- Introduce some wrappers to make static methods and final class mockable.
(e.g. for Binder.getCallingUid())
- In unit tests we replace those with Mockito mocks, except we use a partial
mock for PackageManager, because we use way too many methods of this and
most of them are okay to use directly.
- To install a partial mock to PackageManager, I needed to make
ApplicationPackageManager @hide public non-final.
- For a starter, added tests for DPM.setAmin().
Bug 24061108
Change-Id: I2afd51d8bc0038992d5f9be38c686260be775b75
- setDeviceOwner() now takes a user ID. (We can infer it from Binder, but
we still need it for the dpm command.)
- Change broadcast target UID for DO to the DO user
- Start the DO user on boot complete.
TODO Investigate whether this is actually the good timing.
TODO Prevent the DO user from being killed
Bug 23827706
Change-Id: I227dbd444f1f4e94d98c317489d151554fe79d91
A device owner cannot use device or profile owner policies on
other users unless it is profile owner there. Also limit device
initializer to system apps only.
Bug: 21800830
Change-Id: Ie1abbd891945b91b17ecdf7f73ba93aaa19819be
Moved functions which parse the USB functions list into one common
place on UsbManager.
Deleted the no longer supported USB_FUNCTION_MASS_STORAGE.
Ensured that the UserManager.DISALLOW_USB_FILE_TRANSFER rule is
consistently applied during user switch and when changing the
current USB functions and make sure it only affects MTP and PTP.
Collapsed the boot completed and user switched receivers to
ensure consistent ordering of side-effects.
Validate the list of functions passed to setCurrentFunction() so
that the separation of concerns is clearer. It was somewhat
ambiguous as to whether functions such as ADB could / should be
enabled through that interface. Improved the docs for clarity.
Fixed a bunch of broken stuff related to the USB config
persistent property (list of default functions) that could cause
ADB and other functions to not work at all. Added new failsafes
to ensure that we reliably get back into a happy state.
Bug: 22206076
Change-Id: I02915ddfce7193a8f67a14f0d76bab22fc575dfa
Add per user versions of mute methods so
device policy manager can mute the correct
user.
Just persist change if the calling user
isn't the current user.
Treat calls to audio manager coming from uid
1000 as if they were coming from current user
rather than user 0 so that the correct user's
user restriction is checked.
Bug: 21782066
Bug: 21778905
Change-Id: I51469b741096d8a2ffdc520eaf5b3fd754f2c819
Otherwise after the Device Owner is gone, runtime
permissions might still be auto granted/denied.
I understand that there are many other policies that
we don't reset after the device/profile owner goes
away (e.g. keyguard enabled/disabled). At least now
we have a single method when we could clear the
ones that we care about.
Bug: 21889278
Change-Id: I6997655e6ef6d474bd25ae1c323eca5b17944b16
Clarify docs that runtime permissions can be granted or revoked by
a profile owner/device owner only for MNC apps and not legacy apps.
Check the targetSdkVersion and return false if legacy app.
Remove all policy flags from permissions when cleaning up
a device or profile owner.
Bug: 21835304
Bug: 21889278
Change-Id: I4271394737990983449048d112a1830f9d0f2d78
Even though the documentation of DISALLOW_CREATE_WINDOWS says it is for
Device Owners and Profile Owners on User 0 only, it was previously not
part of DEVICE_OWNER_USER_RESTRICTIONS and was therefore callable from
a profile owner on a managed profile or secondary user.
Bug: 19726884
Change-Id: If6443eacbc28b7ee6c0845754923573a79f8bde3
