This CL adds Managed Profile Location Access control in the form of a switch
preference.
Bug:22541939
Change-Id: I1a2140c54e7386cda83ef0305f0840e4f8f9a6d1
When the home screen selected by the user isn't encryption aware, we
still need to put something on the ActivityStack. For now, let's use
an empty activity that knows how to dismiss itself when the
credential-encrypted storage is unlocked; that's enough for the
system to re-resolve the home intent and find the real home screen.
Also follow method refactoring.
Bug: 22358539
Change-Id: Iebc4ad8d2dd62ada079cab03d5765f7631fd4beb
The privilege for an app to write to the system settings is protected
by an app-op signature permission. App-op permissions are special: if
the app-op is deny/allow we deny/allow write access; if the app-op is
default holding the permission determies write access. The settings
code assumes that CHANGE_NETWORK_STATE is an app op permission
(system|appop) while it is a normal permission which any app gets by
declaring it used in the manifest.
The side effect is that the state of the toggle in the UI for write
system settings will initially be in the wrong state if the app uses
both WRITE_SETTINGS and CHANGE_NETWORK_STATE. However, the code in
the public API an app uses to check write settings access would return
the opposite since it checks the WRITE_SETTINGS permission and its
app op. Hence, if an app requires write settings to start the user
will see in the settings UI it has access but the app will not have
access, so the app would prompt the user to allow write settings.
The non-obvious fix is for the user to toggle the setting off and on
to get the app op in the right state and be able to launch the app.
bug:25843134
Change-Id: I3d726a66c7f9857bc7dbd5946fdbb8f340c6eb4d
If the device owner information has been provisioned by device
policy client via the DevicePolicyManager then make the current
user info preference read only and add a summary to specify that
the preference has been disabled by the administrator.
Bug: 22547309
Change-Id: I14952abd2e022607b82ce4361cfa514549243045
Historically, apps marked with "coreApp" were prepared to run in a
limited boot environment, and were critical to booting the device, so
in the new file-based encryption world we're marking these apps with
both "forceDeviceEncrypted" and "encryptionAware" attributes.
Bug: 22358539
Change-Id: Idf9fb8d4b0cc1cd504c9ab7ed770d2cd86d3d506
