In permission checker we used to check the permission for the passed in
uid but the opp-op for the Binder.getCallingUid. In the case the calling
identity was cleared, PermissionChecker ended up checking the app-op of the
current process (often the system server).
Now we check the uid for both the permission and the app-op.
Test: Called PermissionChecker.checkPermission with the calling indentity
cleared.
Fixes: 124116218
Change-Id: Ic0b766f6c75bba1b9dae3e91c6adce85a76ae68f
Confirm that invoking methods on DocumentsContract will correctly
be decoded and passed through to a DocumentsProvider instance.
Bug: 123725500, 123660195
Test: atest android.provider.cts.DocumentsContractTest
Change-Id: I16e7da808db83645db06f16a6be2c9575d9a3d06
After much discussion, we can't safely introduce ContentInterface,
so instead offer ContentResolver.wrap() methods.
Bug: 120974438
Test: manual
Change-Id: I0b399192a19948a8986146efa916375022c38b59
For methods Service.startForeground(int, Notification, int).
Also add IntDef annotation on return value of
ServiceInfo.getForegroundServiceType().
Change-Id: I3f0df5ff44dfb1b0cf2150d6e40d39ac0cd2b2b5
Fix: 124331268
Test: NA.
tests need to make sure the flags are set correctly.
Bug: 116738135
Test: atest CtsBackupTestCases:android.backup.cts.PermissionTest#testRestorePermReviewed
Change-Id: Ia1000de3594e910c3345e205679bee37be898d17
- Split system-server internal interface in two. One accessible only
inside of the services part of system server. One accessible
everywhere. This is necessary as the second part needs to be
accessible by the PermissionBackupHelper. But the former uses internal
data structures that should not be moved into android.permission.
- Remove old delayed permission restore code from
PermissionManagerService and Settings. This code now lives in
permission controller
- Keep the logic to remember which users still have delayed permissions
left. It is quite expensive to call into permission controller for
ever install of an app, hence this check is necessary. Currently this
mirrors the original logic. This can be improved further later.
Test: Built
Change-Id: Ibc1d5183c361dc55896882db1f7b765e1bee6e84
NetworkStack is only used in services.net or clients of services.net. It
cannot stay in framework.jar because it needs to depend on AIDL
interfaces, which would conflict with app implementations if they were
in framework.jar.
(cherry-pick of aosp/905233 with trivial conflicts in SystemServer.java)
Test: atest FrameworksNetTests NetworkStackTests
Bug: 124033493
Change-Id: I501b125a388c1100c2182bde4670944c2f0d7a02
For a close-to-square device, the user won't get reasonable benefits
when the content on display is rotated. Worse, the rotation forces the
user to turn their device into an unnatural orientation.
In this CL, if the non-decor aspect ratio of a display is less than
config_closeToSquareDisplayMaxAspectRatio, and the device is configured
to force default orientation, we will ignore all the orientation
requests on the display, and keep the orientation as the user rotation.
For the activity which has a minAspectRatio, the logic will take account
into its preferred orientation while computing its bounds. So the shape
of bounds given to the app can meet its expectation.
Bug: 123507947
Test: atest AspectRatioTests DisplayRotationTests
Test: Manual test with wm size command and simulated display cutout
Change-Id: If99a89d59c805cfc0d305a66067643ce35b3f2bd
This change makes package manager update the home role holder when
preferred activity for the home intent changes, in order to be
backward-compatible.
Bug: 124260975
Test: manual
Change-Id: I2f29e86f0db88d7e1edee74d0e911d33fef889c9
Currently there are 2 functionalities guarded by the same flag
(FLAG_ALLOW_CLEAR_USER_DATA):
1. Allowing users to clear the app's data from settings
2. Allowing the system to clear the app's data if a restore operation
fails.
The purpose of this CL is to introduce a new flag
(FLAG_ALLOW_CLEAR_USER_DATA_ON_FAILED_RESTORE) for (2)
Bug: 120267643
Test: N/A
Change-Id: I4ee315e311049c55ed26e7cf121f7e0c59eabd55
Introduce a fixed screen mode for non-resizable activity. If the
activity has fixed of orientation or aspect ratio, it can keep the
original configuration when the size of container is changed.
The original bounds and screen related attributes are set to the
override configuration. So when the activity meet:
- Move to another display
- Display size changed
The activity won't be relaunch or receive unexpected config changes.
The next CL will utilize this information to scale and offset the
windows of the non-resizable activity into the corresponding place
according to different use cases.
Bug: 112288258
Test: atest ActivityRecordTests
Change-Id: I5050f180e5d6c6c05514f0dc79102c0668c75c23
Add a new, hidden method to AssetManager to extract a mapping
overlayable name -> overlayable actor for all <overlayable> blocks in a
package. [This will eventually be used to check if the caller of the OMS
AIDL API is the registered actor for a given overlay.]
Also, teach AssetManager2 to not accept packages that re-use the same
overlayable name. [Such packages have always been ill-formed.]
Bug: 123894537
Test: make libandroidfw_tests
Change-Id: I1117fd3503f04fe4c73eb7114901e022508f4d9e
Renders the '--force-sdk' flag a noop.
Bug: 122886665
Change-Id: I7b93d336179c4f00dca90fedb4acd6a9b4326e15
Test: Manually on a Q device by updating to a release targetSdkVersion app
Adding abilities to debug:
- Attribute resolution stack (which resources are looked
at when resolving an attribute)
- Attribute value source (where did each attribute value
get defined)
- Get explicit style id (if a view had it set via style="...")
This feature will be behind Settings.Global flag that Android
Studio will set to the debugged application package ID.
Bug: 111439551
Test: atest CtsViewTestCases:android.view.cts.ViewStyleTest
Change-Id: Ib6f9fc81000bb867b5b94a68953c99b0bc802d6c
- PackageRollbackInfo now also stores list of users the package is
installed for and the inodes of backup CE data snapshot.
- Changed snapshotAppData to return a pair of
<pendingBackups, ceSnapshotInodes>.
- RollbackData is updated with CE user data snapshot inode after user
unlocks the phone and snapshotAppData call is made.
- Added javadoc to some methods in Installer.java to make lint happy.
Not sure how to automatically test:
- multi-user flow.
- the fact that user data snapshots were deleted. I can't access folder
with snapshot data in RollbackTest, because it is owned by installd.
Bug: 112431924
Test: AppDataRollbackHelperTest, RollbackTest
Change-Id: Ife15f1aed9cf1d2b15be238bdaf766c51b85cab6
We need a way for a content provider to say it always wants
permission grants, even though it is telling the system it doesn't
need permissions.
Change-Id: I50238ecd6a84e8b37f28145c36abe8a21de5c5eb
Fixes: 123704875
Test: manual (create screenshot, click edit in the notification)
The rollback manager needs to know the apk session to avoid doing an
extra backup of the apks when the apk session is applied post-reboot.
Bug: 112431924
Test: atest RollbackTest
Change-Id: Ie84969760b9b1fd3949a7241f23e52cfb403e294
For staged sessions, the staging manager calls through to the
Rollback manager during its pre-reboot flow if package rollback
is enabled for the session. It passes through a list of sessionIds
representing a single package session or siblings in a multi package
session that rollback must be enabled for. The rollback manager then
performs the following actions :
- Makes a copy of APKs and APEXes corresponding to the sessionIds
provided by the staging manager.
- Creates and persists RollbackData objects for the staged session.
and marks that they're part of a staged install and not a regular
install. This change augments RollbackData with sessionIds of
the staged session and PackageRollbackInfo with a flag indicating
whether or not it represents an APEX.
In a follow up change, the StagingManager will call through to the
RollbackManager post reboot and provide a mapping between the staged
session ID for the APK section of the staged install. This will allow
the RollbackManager to make userdata backups and finally mark the Rollback
as available.
Test: atest RollbackTest AppDataRollbackHelperTest
Test: adb install-multi-package --staged --enable-rollback \
./apex.test.apex ./RollbackTestAppAv2.apk
Change-Id: I4a7b154844684ddb26b7c95d39be36f542fb5d4b
This way PackageManager does not depend on RoleManager any more. Also
did some refactoring on RoleManagerService.
Bug: 123775970
Test: manual
Change-Id: I56c50d410ef212c960ffaa6212655b2f42870878
