commit 1480ce7b87ff012ff6016d7469c1520291ecd72f
author Rubin Xu <rubinxu@google.com> Wed Feb 05 11:38:08 2020 +0000
committer Rubin Xu <rubinxu@google.com> Thu Feb 20 15:47:29 2020 +0000
tree 830f84fc69bcda717b3161824f005f6ef011a2e9
parent 1ef019d3e073098aacd37edf99ce5d0b3425ffd3

Support security logging on org-owned managed profile devices

When security logging is enabled on org-owned profile devices,
Security events will be redacted to preserve privacy on the personal
profile as follows:

* TAG_ADB_SHELL_CMD
  Shell command will be redacted.

* TAG_MEDIA_MOUNT
* TAG_MEDIA_UNMOUNT
  The media's volume name will be redacted.

* TAG_APP_PROCESS_START
* TAG_CERT_AUTHORITY_INSTALLED
* TAG_CERT_AUTHORITY_REMOVED
* TAG_KEY_GENERATED
* TAG_KEY_IMPORT
* TAG_KEY_DESTRUCTION
* TAG_KEY_INTEGRITY_VIOLATION
  Only events happening inside the managed profile will be returned
  to the admin.

Bug: 148437300
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest FrameworksServicesTests:SecurityEventTest
Test: atest FrameworksCoreTests:EventLogTest
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithTwoUsers
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingEnabledLogged
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testSecurityLogging

Change-Id: I2e52229a3163b3e0dc3d80d71700023394d84587