Saving device policy managers settings to clear out
password stats was happening before initializing mAdminList
so could wipe active admins.
Test: manual - flash with N2G05C add google account with dmagent flash wth this fix, check dmagent is still an active admin, reboot check admin is still active.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 34277435
Change-Id: I13660b47f30e9aba001eb13f2e457c3b3f36da3e
Currently only device owner can set global user restrictions.
With this CL ENSURE_VERIFY_APPS will be global no matter who
enforces it, DO or PO.
To make it possible for system apps to check who enforces a
particular restriction in this case a new API method is added
to UserManager: getUserRestrictionSources which returns a list
of users who enforce the restriction.
Bug:31000521
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.UserRestrictionsTest (ag/1732744)
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java
Test: installed M on a Nexus5x device, created a managed profile with some user restrictions, and checked that after upgrading M->O all restrictions are preserved and split correctly into base, global and local.
Change-Id: I543d3ec9ef0cf2b730da6f7406021c0bba43b785
Currently, those features are available on single user devices only
(since they collect privacy sensitive data device wide). Now making
them available as long as all users are affiliated.
It'll take a certain amount of time between user creation and the DPC
of that new user setting the appropriate affiliation ids. The DO won't
be able to access the logs during that time (and won't get any "logs
ready" callback). Once the affiliation ids are set, if they match,
logs become available again - this includes logs collected while the
user was being setup. Some logs might be lost though if the amount of
data exceeds the internal limit.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Test: cts-tradefed run cts -a armeabi-v7a --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest
Bug: 32326223
Change-Id: Idfe881dd6497d3ad2bead10addfd37b98b8a6e2b
This CL allows a reason to be specified when installing a package. The
install reason is a sticky piece of metadata: When a package is e.g.
installed via enterprise policy and an update is then manually
installed or sideloaded, the install reason will remain "policy."
The install reason is tracked separately for each user.
With this CL, two install reasons exist: "policy" and "unknown." Other
install reasons will likely be supported in the future.
Bug: 32692748
Bug: 33415829
Test: Tested manually with "adb install" / "adb uninstall"
Change-Id: I0c9b9e1b8eb666bb6962564f6efd97e41703cd86
The full batch will still be available to DPC if there were no
network logs pending.
Added some more debug logging to better investigate the issues.
Test: manual for both cases - pending batch was empty and non-empty,
with locally decreased timeout
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser
Bug: 34245471
Bug: 29748723
Change-Id: Iee229d74d4b0a06025b305a15687f336a0aa337e
On FBE devices, don't save the metrics to disk but compute them when the
password is first entered and only store them in RAM.
Merged-in: 5daf273b7e3272269c53eda20ce494d0e7a365b5
Bug: 32793550
Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
The full batch will still be available to DPC if there were no
network logs pending.
Added some more debug logging to better investigate the issues.
Test: manual for both cases - pending batch was empty and non-empty,
with locally decreased timeout
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.DeviceOwnerTest#testNetworkLoggingWithSingleUser
Bug: 34157435
Bug: 29748723
Change-Id: Iee229d74d4b0a06025b305a15687f336a0aa337e
DPM.setActivePasswordSufficient() can be called by a DPC before the
password has been entered on non-FBE devices. The metrics must be saved
so this API can work correctly.
Bug: 32793550
Test: manual
Change-Id: I078d0f1f98875d577aeaf25f12dc9c27e3f80658
Timeout can be set to lower than 1h on debuggable builds (eng, user-debug)
using persist.sys.min_str_auth_timeo system property. This allows manual
testers to more easily carry out testing scenarios.
Bug: 29825955
Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h
Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000"
Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab
Also removed the code that sends broadcast to all device admins
in profile owner package since it was used for legacy
provisioning of the whole package and now should be migrated
by findOwnerComponentIfNecessaryLocked().
Test: gts-tradefed run gts -a armeabi-v7a -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest
Change-Id: I6316df7375fd24da133c83c7930815ba909194f2
Bug:31000521
Set ticker text to title for accessibility.
Bug:31207965
Test: manual
Change-Id: I0b78f9e6464dd470b74e0db97813623b335835d9
(cherry picked from commit d4a54bbfd1902dccb0e4de03f15bfbbba50b9531)
Bug:34116213
Bug:29748723
Test: CTSVerifier in a separate CL.
Change-Id: Ie652505ff57665f626712c67837577833f1595d6
(cherry picked from commit 82ed31c1efeb98acba60d79d1fc0a291b1440dc2)
DeviceAdmins inside profiles may receive broadcasts referring either
to the parent profile or to themselves.
We need a way to differentiate that.
Same commit fixes a bug in DevicePolicyManagerTest where USER_SYSTEM
is returned twice in getProfiles() when called for a managed profile of
USER_SYSTEM. This does not happen in the real API.
Bug: 30185351
Bug: 31001762
Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Change-Id: Iea2735357f4019b2b81b6784e7ea6aead63f2636
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Test: Manually tested wipeData() with TestDPC, both on 1) the primary user,
2) a secondary user and 3) work profile.
* Modified TestDPC so it supports secondary users
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Bug 30681079
Change-Id: Ib97a92a6af87a5589d2643b9ae0522395735e1a5
Don't check the accounts when the caller is not ADB.
MR2 already has this change.
Test: cts-tradefed run cts --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.AccountCheckHostSideTest
* without having Id49f2bd5dfa80ecf35b3a23c789100ade38c2656 *
Test: adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests
Change-Id: I654c41d0e7434c5fce75eb2df5fd7686a54e9093
For device owners set pre-O, that restriction will not
be set via setDeviceOwner(). Therefore set it during
first boot after O OTA.
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 31952368
Change-Id: I7db9b14c49a75ae2760e6923a1f3f7cde0e2784b
A notification is shown after network logging is enabled
and after the next three reboots that are at least one day apart.
Clicking it sends an intent to quick settings to shown its device monitoring
dialog.
Cherry-picked from master.
Bug: 29748723
Bug: 33126577
(cherry-picked from commit a0cb251ca6a8ea8df17ff8089573bc50f2f1849f)
Test: Manual, CTS-Verifier tests will be added later
Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
DPMS.lockNow takes a flag which can request the managed profile CE key to
be evicted.
Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction*
Bug: 31000719
Change-Id: I68f4d6eed4b041c39fd13375f7f284f5d6ac33da
A notification is shown after network logging is enabled
and after the next three reboots that are at least one day apart.
Clicking it sends an intent to quick settings to shown its device monitoring
dialog.
Bug: 29748723
Bug: 33126577
Test: Manual, CTS-Verifier tests will be added later
Change-Id: I2bf517bd27ab23ad3f66270602dbf062efab8cbb
Only the device owner should be able to create a managed
profile if that restriction is set
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Bug: 31952368
Change-Id: Ia5170e54594ccba1e5bcedffaec98c2af42264c0
Add the network logging icon in Quick Settings' footer if
network logging is enabled, possible next to the VPN icon.
Quicksettings has to be able to tell that network logging
is enabled, so this CL changes DPM.isNetworkLoggingEnabled() to be
callable from the device owner or from any app with the MANAGE_USERS
permission.
The icon is only a placeholder until the official icon is finished.
CTS Verifier tests will be added when all Network logging UX changes are
done.
Cherry-picked from master, and then modified to work in N:
I had to remove the QSFooterTest change because the testing infrastructure
is not there in N. Also, I had to add DPMS.enforceDeviceOwnerOrManageUsers()
to which did not exist in N before.
BUG: 33126618
BUG: 29748723
Test: Manual, CTS-Verifier tests will be added in a follow-up
(cherry picked from commit a4e169ed68ee57aa249e5e79fcd6bff5df46199e)
Change-Id: Ib35d323605ab11f883a4b6199d1db79b9e53c49b
Only store the metrics in RAM, computing them at first log in.
Test: com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24
Bug: 32793550
Change-Id: Iaf9516c193f054331e3e2c68cb3f627bd543b408
