| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Because SettingsProvider needs to call through the IUserManager
interface there is now a method to provide restricted-access information
via that route. It has the same protection as the implicit local
service call surface that was previously used: only system-uid callers
can invoke it.
Bug: 140833849
Test: system boots & runs normally
Change-Id: I05823ca57240ab10feb382c45590541212e406c1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a violation of layering (LSS is considered a lower level
component than DPM) and source of deadlock due to lock inversion.
This change tries to remove most of the direct calls into DPM from
LSS. After this, there will only be a handful non-critical invocations
remaining:
1. DPM.reportPasswordChanged()
This is always called on a handler thread so it's OK (LSS does not
hold any hold while calling out). Consider this as a (asynchronous)
broadcast.
2. DPMi.reportSeparateProfileChallengeChanged()
This is now moved to the handler thread, similar to
DPM.reportPasswordChanged().
3. DPMi.canUserHaveUntrustedCredentialReset()
This is still a violation but it will soon be removed as we
remove the caching of syhnthetic password alltogether (deprecating
old resetPassword()). So I'll leave it for now.
Test: atest com.android.server.locksettings
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Test: atest MixedManagedProfileOwnerTest#testResetPasswordWithToken
Test: atest MixedDeviceOwnerTest#testResetPasswordWithToken
Bug: 37090873
Bug: 141537958
Change-Id: Ie44cb418ab255bd016c5dd448674beabd362b74c
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Throughout the codebase, sometimes an integer user ID is called
userId, and sometimes it is called userHandle. Here, we rename the
occurences of "int userHandle" to "int userId" in select files.
Additionally, we add the @UserIdInt annotation in many more places.
This certainly does not cover all uses of userHandle, which is used
widely throughout Android; doing so would be more dangerous and cause
merge conflicts. But at least the core User code can have a consistent
nomenclature.
Bug: 138384792
Test: compiles. presubmit passes.
Change-Id: I9a2684e9bfac637e0476c4b68027008ebb8a160b
|
| |/
|
|
|
|
|
|
|
|
|
| |
Also changed AutofillManagerService and ContentCaptureManagerService to take advantage of these methods.
Test: manual verification
Test: atest CtsAutoFillServiceTestCases CtsContentCaptureServiceTestCases # on phone and Automotive
Bug: 133242016
Change-Id: I3e7f9d65a6ef1e8e6ec886a41b35733e463a6389
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
users.
On R, we want to optimize boot time by not starting system services for some types of users,
like a headless system user (which is the case for Automotive)
As a "guinea pig", it optimizes VoiceInteractionService for headless system user, so the 3rd-party app
service is not bound for user 0 (and hence its process is not launched).
This change improves boot time on Automotive in about 100ms.
Test: atest CtsVoiceInteractionTestCases CtsAssistTestCases # on walleye and Automotive
Test: manual verification on logcat
Bug: 133242016
Fixes: 137878080
Change-Id: Ib0a902855e32691a1d00bfa77ee82c8e2430977c
|
| |
|
|
|
|
|
|
|
|
| |
To improve testability, we're relying on dependencies passed into
PackageManagerService via constructor. This change addresses all
dependencies fetched via LocalServices and context.getSystemService.
Test: atest ScanTests
Bug: 137881067
Change-Id: Ifa781fadc44996f3a88db40a956dd0e0d1f9ebb2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
restriction is on.
Check calling uid in isSettingRestrictedForUser(which is called by settingsprovider),
and only allow system_uid when certain user restriction is on, so that user won't be
able to change these settings with adb:
Settings.Secure.LOCATION_MODE,
Settings.Secure.PROVIDERS_ALLOWED,
Settings.System.SCREEN_BRIGHTNESS,
Settings.System.SCREEN_BRIGHTNESS_MODE,
Settings.System.SCREEN_OFF_TIMEOUT,
Settings.Global.AUTO_TIME,
Settings.Global.AUTO_TIME_ZONE.
This check also prevents 3rd party apps from modifying system settings value
when corresponding user restriction is on.
In addition, any attempt to change AUTO_TIME will also go through the check
for dpm.getAutoTimeRequired().
Test: manually by running the adb command with restriction set and not set
Bug: 72549013
Bug: 72548203
Bug: 72548533
Bug: 72686466
Bug: 72687105
Bug: 72940551
Bug: 72940562
Change-Id: I1d1fd20d9fa0f76f27905d62873f6a6e9af0224e
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug: 36067387
Test: for C in {1..10}; do adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest$C \
-w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner; done
atest CtsDevicePolicyManagerTestCases:LauncherAppsSingleUserTest \
CtsDevicePolicyManagerTestCases:LauncherAppsProfileTest \
CtsDevicePolicyManagerTestCases:LauncherAppsMultiUserTest
atest CtsShortcutManagerTestCases
Change-Id: Ia4ddea58f66861ef760865b6d8831563584f85c9
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The getDisallowedSystemApps is based on OverlayPacakgesProvider which
is moved from ManagedProvisinoing
- getDisallowedSystemApps will be used by ManagedProvisioning
- createAndManageUser will now use getDisallowedSystemApps to disable
disallowed system apps when creating users
- LEAVE_ALL_SYSTEM_APPS_ENABLED can be passed to createAndManageUser to
enable all system apps
- ACTION_MANAGED_USER_CREATED will be broadcasted to ManagedProvisioning
after managed user is created to take a system app snapshot
Bug: 65842187
Test: OverlayPackagesProviderTest passes
Test: Disallowed system apps does not appear in device owenr, managed
profile, and managed users
Test: System app snapshot is created after provisinoing device owner,
managed profile and managed users
Change-Id: I86f870f7814b5700cf5539e889fb6998514d110f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a settings class only for use with permissions. It's
subservient [and should only be accessed directly by] package
settings or the permission manager. The rest of the permission
related data needs to be moved to permission settings. At
which point we can start pulling the permission methods out of
the package manager service and into the permission manager.
We still have a somewhat tight relationship between package
manager and the permission manager. It's unclear how far we need
to separate them and if relying entirely on an internal
interface is sufficient.
Bug: 63539144
Test: Manual. Builds and runs
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PermissionsHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsPermissionTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsPermission2TestCases
Test: bit FrameworksServicesTests:com.android.server.pm.PackageManagerSettingsTests
Change-Id: I616184fa2135a11687e4ce615884f861466fdebe
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case that a user has been removed but their jobs still exist on
disk, the JobSchedulerService will remove all jobs not associated with
current users on boot.
Exposed UserManagerService#getUserIds() via UserManagerInternal for
quick user id retrieval.
Fixes: 38261977
Test: manual
Change-Id: Id4b3c0a4142b4818fcd875eef18ea03f3c45ca40
Signed-off-by: Michael Wachenschwanz <mwachens@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently only device owner can set global user restrictions.
With this CL ENSURE_VERIFY_APPS will be global no matter who
enforces it, DO or PO.
To make it possible for system apps to check who enforces a
particular restriction in this case a new API method is added
to UserManager: getUserRestrictionSources which returns a list
of users who enforce the restriction.
Bug:31000521
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.UserRestrictionsTest (ag/1732744)
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java
Test: installed M on a Nexus5x device, created a managed profile with some user restrictions, and checked that after upgrading M->O all restrictions are preserved and split correctly into base, global and local.
Change-Id: I543d3ec9ef0cf2b730da6f7406021c0bba43b785
|
| |
|
|
|
|
|
|
|
|
| |
Bug: 31952368
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Test: runtest -c com.android.server.pm.UserManagerTest frameworks-services
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.UserRestrictionsTest
Change-Id: I240ab99c2409bbabffbc574bef202f2457026905
|
| |
|
|
|
|
|
|
|
|
| |
UserManager.isUserUnlocked/isUserRunning now returns state from
UMS.mUserStates that is pushed from ActivityManager.
Test: manual
Bug: 33232933
Bug: 28957340
Change-Id: Ic5f56d7d577bc336acd2bf44fab7f74feac4f7b3
|
| |
|
|
|
|
|
| |
BUG:32300784
Test: create user in TestDPC, set DISALLOW_REMOVE_USER restriction,
and remove this user.
Change-Id: I96ab02d594cd1a8ab14420e12357f2083da1ce63
|
| |
|
|
|
|
|
|
| |
Added the missing import.
This reverts commit c51e725644be6d46e25c29e8774b542d52c29400.
Change-Id: Icd63619a12e10dee628e568a6200d429a9936cf0
|
| |
|
|
|
|
| |
This reverts commit ac06a4907bff7d5ee0612dbb85180222e1455791.
Change-Id: I27bedbd221a8d416b9040a96063e66a1ca69fe2e
|
| |
|
|
|
|
|
|
|
|
| |
UserController now pushes user state to UMS.
PM now checks user running/unlocking/unlocked state by calling
UserManagerInternal.
Bug: 28090199
Change-Id: I20e62b37f78238f28dd81f49f876732bbd3c6b34
|
| |
|
|
|
|
|
|
|
| |
Push unlocking/unlocked state to UserManagerInternal when it's changed in
UserController. Use UserManagerInternal.isUserUnlockingOrUnlocked when
updating flags for filtering in PackageManager.
Bug: 28629076
Change-Id: I8440af090f533f93870d0cff0e3871e114c37efa
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Once the ephemeral user stops, the user's deletion is scheduled.
It takes a while before the user actually disappears and it is not
desirable for the user to be re-entered in the meantime.
Mark the user as disabled on stop and check this flag
in the activity manager to prevent the user from being switched
to again. Also hide the user from user-switching UI.
BUG: 26795729
BUG: 26780152
Change-Id: I83a61674958954b5a210114b88ffa5ae55922c1f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
|
| |
|
|
|
|
| |
BUG: 24883058
Change-Id: I8e53ca677c935a6c828dd6ece00b345d0eff182a
|
| |
|
|
|
|
| |
BUG: 25305966
Change-Id: I3d527224f00087b2bd959879ebb143e2ecb9c914
|
| |
|
|
|
|
|
|
|
| |
- Also make sure DPMS.mOwners is always guarded with DPMS.this.
(and remove synchronization from Owners.)
Bug 25796840
Change-Id: I83f7b78e7b437d9c2a2b1d6e714346cd15f95330
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Now when DO/PO sets a user restriction, DPMS pushes it to UMS and
then UMS persists it, in order for UserManager.hasUserRestriction()
to never have to talk with DPMS, which would cause lock inversion.
- Also apply user restrictions when a user start.
- This is an updated version of the abandoned CL -- the difference
is, ActivityManager no longer has to call DPMS.
- Also removed an unnecessary write to userlist.xml in UMS.
upgradeIfNecessaryLP().
Bug 23902097
Bug 25388912
Bug 25354031
Bug 25641040
Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... DISALLOW_ADJUST_VOLUME, instead of UserManager pushing
new settings to AudioService.
Also:
- Allow PO to set these two restrictions.
- Now AS.setMasterMuteInternal() respects mUseFixedVolume to make
it consistent with readPersistedSettings().
- When a user switches and restores the mute state in
AS.readPersistedSettings(), also check the current user restrictions
in addition to system settings. Because of the delay in AudioService
before persisting the mute settings in setMasterMuteInternal() and
setMicrophoneMute(), there's was an edge case
DISALLOW_UNMUTE_MICROPHONE and DISALLOW_ADJUST_VOLUME would be ignored
when the user switches right after they are set.
Bug 24981972
Change-Id: I4d9b709a0a0e6812319204568c6e44d6664bdeb4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added mUsersLock - short-term lock for internal state, when interaction and
synchronization with PM is not required. Modifications to mUsers and
mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and
mUsersLock. While reads can use mUsersLock.
Testing revealed that the following methods in UMS often cause contention:
- exists
- getUserInfo
- getProfileParent
They all now use a short-term lock mUsersLock for reads.
Bug: 24979571
Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
|
|
|
- Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin.
- User restrictions set by DO/PO will no longer be saved by UserManger. Instead,
when needed, UMS will consult DPMS to build "effective" user restrictions.
- UM.getUserRestrictions() will now always return "effective" user restrictions.
- DPMS migrates existing user restrictions per the eng spec.
- Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has
been removed.
This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no
longer be a valid use like it used to be.
- Also introduced a fined-grained lock for user restrictions in UM to avoid
deadlock between DPMS and also for better performance.
Bug 23902097
Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
|
