Add an option to the "CA certificate" field of the EAP network
configuration menu, "Use system certificates". Choosing this option
will cause the trusted, pre-installed, system CA certificates
to be used to validate EAP servers during the authentication process.
This only applies to EAP-TLS, EAP-TTLS, and EAP-PEAP network
configurations, where the CA certificate option is available.
If the user selects "Use system certificates" and leaves the
"Domain" field empty, display a warning and prevent the
EAP network configuration from being saved. Such a configuration
would be insecure--the user should constrain the domain that
the system certificates can be used to validate.
BUG: 26879191
TEST: 1) Set up AP connected to test RADIUS server.
TEST: 2) Generate a self-signed cert (Cert 1)
TEST: 3) Use Cert 1 to sign another cert (Cert 2) with common name
"sub1.sub2.domain.com"
TEST: 4) Setup RADIUS server, and configure it to present Cert 2 to EAP peer.
TEST: 5) Build angler image with Cert 1 installed in
/system/etc/security/cacerts/
TEST: 6) Set up an AP connected to the RADIUS server to broadcast
a WPA-Enterprise network.
TEST: 7) On Angler, connect to this WPA-Enterprise network with settings:
Network name: (AP SSID)
Security: 802.1x EAP
EAP method: TLS
CA certificate: Use system certificates
Domain: domain.com
User certificate: (test certificate from RADIUS setup)
Identity: (identity used for RADIUS setup)
TEST: 8) Verify that we connect successfully to the AP.
TEST: 9) Verify that connection still succeeds if Domain is set to
"sub2.domain.com" and "sub1.sub2.domain.com".
TEST: 10) Verify that connection fails if Domain is set to
"sub0.sub1.domain.com" and "otherdomain.com".
TEST: 11) Verify that network configuration cannot be saved, and an
warning message "Must specify a domain" is displayed if Domain
is left blank in the configuration in step 7
TEST: 12) Verify that the "Do not validate" option still appears in the
CA certificate dropdown menu.
Change-Id: I346d4d301305719033b84ec4599bf3d57d9d4ee5
Some invocations of ChooseLockGeneric are done with arguments, but
when invoking it from FingerprintEnrollIntroduction we add the extra
to the activity intent so we need to support both.
Bug: 26901625
Change-Id: Iaabad18bf17160578f6b6d807dc6acfead1ba419
getPrimary() is removed from the API due to potential confusion about
what it means.
Bug: 26984092
Change-Id: If218de84251461016f4ac06aa9a1cb8610b90d39
Currently the uninstall button is disabled for a package
with an active device admin. This change enables the button,
which when clicked gives the user an option to deactivate
all the DAs in the package and then uninstall the package.
Bug: b/22359208
Change-Id: I8b955305927751185a4c982dadb5b1b6b07efe5e
The digits used for numbering the drag-and-drop locale list should
use a locale-aware formatter.
We will not see decimal or thousand separators, but the visible
difference is in the use of native digits. Example: Arabic.
Change-Id: I3f8cd5a3adea1cb88ae63f09711c728f4588020c
Update the layouts to be more final, and support tablets better.
Move about to always be last.
Always see everything.
Change-Id: I4b804c9bfcd4d3b7f978a2617d5c2c2b1cdfa6e4
