1. Add a new formula type "INSTALLER_ALLOWD_BY_MANIFEST" that evaluates to true
when installer is specified in the manifest.
This CL only adds this class without actually removing the part where we
propagate allowed installers. That will be changed in a new CL.
2. Change the AppIntegrityComponent API so that it is type-safe.
Test: atest frameworks/base/services/tests/servicestests/src/com/android/server/integrity
Test: atest frameworks/base/core/tests/coretests/src/android/content/integrity
Bug: 148780440, 147835536
Change-Id: Icfb996b2f6de241d9790a423dd01992edaf35117
Revert "Adjust monkey to changed internal APIs"
Revert "Test featureId is correctly used in startActivity"
Revert submission 10111030-activityStarter_featureId
Reason for revert: presubmit test breakage
Reverted Changes:
Ic7056b492: Activity start: Send featureId from context->AppOp...
I8e2a07da7: Adjust monkey to changed internal APIs
I7a6af6fb1: Test featureId is correctly used in startActivity
Change-Id: I48c55a962c990b22ea49e923baa7c73b121d179b
- passing V4 signature to IncFS,
- cleanup and use InstallationFile everywhere,
- pass params to DataLoader creation,
- minor refactor for PackageManagerShellCommandDataLoader to prepare for
Incremental data loading.
Test: atest PackageManagerShellCommandTest
Bug: b/136132412 b/133435829
Change-Id: Iacc3e4c51c0fa3410b076147ce153a1303246189
for the case that there might be multiple certificates signing the app.
Bug: 148373316
Test: atest frameworks/base/core/tests/coretests/src/android/content/integrity
Test: atest frameworks/base/services/tests/servicestests/src/com/android/server/integrity
Change-Id: Ic1e86aeff6c087266739682fe4fe206200a87420
The expected usage pattern for noteOp is to get the
Context#getOpPackageName() and Context#getFeatureId() in the calling app
and the call
noteOp(callingPackageName, Binder.getCallingUid(), callingFeatureId)
As the featureId parameter is new this parameter has to been piped all
through from the ...Manager classes running in the app all way deep into
the bowels of the system server.
There is a special featureId==null for the "default" feature. This is
used in two cases:
- In case the system server (packageName == null || packageName ==
"android") makes a call
- In the case there is no caller. In this case I left annotations in the
code to make clear that the default feature is used
Raw binder interfaces (defined in AIDL files) are not supposed to be
used by apps. Still historically this has happened and we ended up with
@UnsupportedAppUsage tags in these files. Also AIDL does not support
two methods with the same name but different parameters. I.e. in the
case when I had to add a paramater to a method tagged as UnsupportedAppUsage I
- created a new method ...WithFeature with the additional paramter
- set a maxTargetSDK for the old method and mention the public API to
use in the deprecation method
This is really not pretty. Once there is no more app using the old
internal API this hack can be removed.
Additionally this change removed all internal calls to
AppOpsService.noteOperation and AppOpsService.checkOperation and
replaces them with the public API equivalent. This sometimes means to
move the resolution of the mAppOpsManager to be lazy.
Exempt-From-Owner-Approval:: Just piping through arguments
Bug: 136595429
Test: atest --test-mapping frameworks/base/services/core/java/com/android/server/am/
atest CtsAppOpsTestCases added test to cover activity start
atest WmTests
Change-Id: Ic7056b492cb1c9a79158e6c2b4864898a0eb5b2a
This change adds support for the <provider> tag inside of the <queries>
tag to support more succinct declaration that an app would like to see
the provider of a given authority.
Test: atest AppEnumerationTests AppsFilterTest
Bug: 136675067
Change-Id: Ie0f73213fae7a3a0619238e44063d4e5be157201
Also, extends the client-side timeout to match that
in ActivityManagerService.
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Fixes: 148987678
Change-Id: I1daf8625bd0306cc6f6f08c3268fa191d37bda7a
* changes:
Rewrite handling of failed sessions (2/n)
Rewrite the broadcast receiver for ACTION_CANCEL_ENABLE_ROLLBACK (1/n)
Remove #mNewRollbacks (10/n)
Put rollbacks into #mRollbacks (9/n)
Add a flag to facilitate merging 2 rollback collections (8/n)
Now we check Rollback#isNewRollback for rollbacks that were originally
in #mNewRollbacks.
for (Rollback newRollback : mNewRollbacks) {
// Do something with newRollback...
}
will be replaced by:
for (Rollback newRollback : mRollbacks) {
if (newRollback.isNewRollback()) {
// Do something with newRollback...
}
}
Since mRollbacks includes new rollbacks, be careful not to apply
operations not appropriate to new rollbacks when iterating over
mRollbacks. Luckily most of the code is future-proof that needs no
changes.
Note now #mNewRollbacks is always empty. We will remove it in the next
CL.
Bug: 147400979
Test: atest RollbackTest StagedRollbackTest
Change-Id: Ia3a4116b352228adc0b152d42c85920f375beb28
Currently, every build a developer creates will be verified
against the Play Store verification system. For developers, this
is a completely useless step, takes up resources, and eats into
iteration time.
This CL disables verification for debug development builds that
are reinstalled over ADB. This keeps users who install OTA safe,
and lets devs avoid the cost of verification.
There is no reduction in safety for the end user as:
1) Verification can only be skipped when installing over ADB and
the "-t" as well as the new "--disable-verification" flags are
specified ("-t" isn't strictly necessary).
2) The user can already disable verification over ADB by simply
setting a flag.
Test: atest PackageVerifierTest#testAdbSkipVerification
Bug: 138672462
Change-Id: Id0bef5126f2fb49a8e30fc235193636a1c2bab2e
Feature is present if ro.incremental.enable set to true.
Test: builds
Bug: b/136132412 b/133435829
Change-Id: I99ad307cbd3428e0b3964a369930658ee1c8ac0f
Because we care if they break.
Putting the change here because this covers changes in at least
android/content/pm and services/core/.../pm (the latter has a
TEST_MAPPING that imports this one).
Test: atest :postsubmit
Bug: 137951074
Change-Id: Ie03397c857d6a94702549ba325631558ed04a9db
This API is used by the GTS to check mainline modules distributed as
apk-in-apex are included in the whitelist.
Bug: 148386485
Test: N/A (included in another CL)
Change-Id: I25b1c0703e3f345756a5ba91de070025042714f4
Since adding custom and auto night mode, applications have been
making mistakes in checking if the device is in dark theme.
The API for checking dark theme is not very clear. They use
UiModeManager.getNightMode and checking if it is a yes or no thinking
that it refers to Dark theme. Where it is the service scheduler modes.
The most famous example of such mishap is the gboard app (b/145820343) and the dialer
(b/148142709).
We had to test all google apps that implement dark theme on android.
Test: atest UiModeManagerTest and Config tests
Fixes: 148606412
Change-Id: I45dbd9daa057b14d5dd2e88115f666db99d19145
This CL only defines the APIs and the aidl layer. LauncherAppsService
changes will be added in a separate CL.
Bug: 148085769
Test: atest com.android.server.pm.ShortcutManagerTest1 \
com.android.server.pm.ShortcutManagerTest2 \
com.android.server.pm.ShortcutManagerTest3 \
com.android.server.pm.ShortcutManagerTest4 \
com.android.server.pm.ShortcutManagerTest5 \
com.android.server.pm.ShortcutManagerTest6 \
com.android.server.pm.ShortcutManagerTest7 \
com.android.server.pm.ShortcutManagerTest8 \
com.android.server.pm.ShortcutManagerTest9 \
com.android.server.pm.ShortcutManagerTest10
Change-Id: I9590cd7e2ad2b0336280f23a2766e242158ceb4a
SystemTextClassifier that is backed by ExtServices
1. The default textclassifier is always provided by
config_servicesExtensionPackage (i.e. ExtServices)
2. OEM can specify a system text classifier by specifying
config_defaultTextClassifierPackage.
3. System text classifiers can get an instance of the default textclassifier
by calling TCS.getDefaultTextClassifierImplementation(), so that
they can add their customization on top of the default TCS.
4. If config_systemTextClassifierPackage is set, the specified package
is used to process requests from apps and the platform. Otherwise,
the default textclassifier is used.
5. For testing and droidfooding purpose, text classifier service package
can be overridden. If the overridden package is neither
the default one nor the system one, the package is considered as a
untrusted text classifier, which can only see requests from itself.
Test: m mts && mts-tradefed run mts-extservices
Test: Not setting config_defaultTextClassifierPackage. Select some text and
make sure smart selection works. Run dumpsys textclassification
to make sure the default TCS is bound.
Test: Setting config_defaultTextClassifierPackage and repeat the above.
Make sure the specified OEM text classifier is used.
Test: Set the service override config to be ExtServices.
Run dumpsys textclassification to make sure everything is unbound.
Select some text and make sure ExtServices is bound.
Test: Set the service override to be AiAi and repeat the above.
Test: Set the service to be something invalid and repeat the above.
Observe that no TC is bound and fallback to NO_OP.
BUG: 148049185
Change-Id: Ia2fb549fda49363e0d0ebc4b7e0d31cb76e11ee0
Make TCS.getDefaultTextClassifierImplementation returns a ...
SystemTextClassifier that is backed by ExtServices
1. The default textclassifier is always provided by
config_servicesExtensionPackage (i.e. ExtServices)
2. OEM can specify a system text classifier by specifying
config_defaultTextClassifierPackage.
3. System text classifiers can get an instance of the default textclassifier
by calling TCS.getDefaultTextClassifierImplementation(), so that
they can add their customization on top of the default TCS.
4. If config_systemTextClassifierPackage is set, the specified package
is used to process requests from apps and the platform. Otherwise,
the default textclassifier is used.
5. For testing and droidfooding purpose, text classifier service package
can be overridden. If the overridden package is neither
the default one nor the system one, the package is considered as a
untrusted text classifier, which can only see requests from itself.
Test: m mts && mts-tradefed run mts-extservices
Test: Not setting config_defaultTextClassifierPackage. Select some text and
make sure smart selection works. Run dumpsys textclassification
to make sure the default TCS is bound.
Test: Setting config_defaultTextClassifierPackage and repeat the above.
Make sure the specified OEM text classifier is used.
Test: Set the service override config to be ExtServices.
Run dumpsys textclassification to make sure everything is unbound.
Select some text and make sure ExtServices is bound.
Test: Set the service override to be AiAi and repeat the above.
Test: Set the service to be something invalid and repeat the above.
Observe that no TC is bound and fallback to NO_OP.
BUG: 148049185
Change-Id: Ia2fb549fda49363e0d0ebc4b7e0d31cb76e11ee0
This will be the flag set for granted permissions when we want to exempt
it from automatic revocation.
Test: lint/presubmit
Bug: 146513245
Change-Id: I21b6ecb62726643de635d0d5197f7f889a2ab87a
