We already have code to enforce restrictions for guest profiles. Do we want to have some of these restrictions applied to "restricted profiles" e.g. KidFox too? Currently these restrictions are: * DISALLOW_DOWNLOADS * DISALLOW_INSTALL_EXTENSION * DISALLOW_INSTALL_APPS * DISALLOW_BROWSE_FILES * DISALLOW_SHARE * DISALLOW_BOOKMARK * DISALLOW_ADD_CONTACTS * DISALLOW_SET_IMAGE * DISALLOW_MODIFY_ACCOUNTS * DISALLOW_REMOTE_DEBUGGING * DISALLOW_IMPORT_SETTINGS Note that we could always allow the device owner to enable these restrictions (see bug 1180653) but default them to "off" if we think they are not needed by default.
Barbara, Sam: Do you think any of these guest profile restrictions should also be enforced for restricted profiles (by default or optionally)?
Thanks for checking in, I thought about this again, I feel we should stick to the ones already discussed. It's however good to know that we have options in the future. Thanks for bringing this up.
No longer blocks: kidfox-v1
Alright. I removed it from kidfox-v1 but left it blocking bug 1125710 so that we can reconsider later.
bbermes: NI-ing you again for FFB phase 2. We are using these restrictions in guest mode. We could easily (famous last words) use them in FFB too. I expect them to be more or less low-hanging fruits. I guess the only ones left exclusively to guest mode are: * DISALLOW_DOWNLOADS * DISALLOW_BROWSE_FILES * DISALLOW_SHARE * DISALLOW_BOOKMARK * DISALLOW_ADD_CONTACTS * DISALLOW_SET_IMAGE If none of these are interesting then let's just close this bug.
Thanks, I think we should re-consider some of them, I'll add this to the Aha meta feature card, thanks for reminding. Have you already Can you please explain * DISALLOW_SET_IMAGE * DISALLOW_BROWSE_FILES (is this for the restricted profiles files or could this also access the admins files?) I could see this being useful for sure: * DISALLOW_DOWNLOADS * DISALLOW_SHARE I think we don't need or should have the child be able to: * DISALLOW_ADD_CONTACTS * DISALLOW_BOOKMARK
(In reply to Barbara Bermes [:barbara] from comment #5) > Can you please explain > * DISALLOW_SET_IMAGE > * DISALLOW_BROWSE_FILES (is this for the restricted profiles files or could > this also access the admins files?) DISALLOW_SET_IMAGE: Setting an image (long-press) as background image (Android launcher). DISALLOW_BROWSE_FILES: Browsing local files (file:///) - only the files of the restricted profile and shared files on the shared external storage.
We decided that we do not need any of these for restricted profiles.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.