The v1 and v2 APK Signature Schemes support multiple signers; this
was intended to allow multiple entities to sign an APK. Previously,
the platform had no limits placed on the number of signers supported
in an APK, but this commit sets a hard limit of 10 supported signers
for these signature schemes to ensure a large number of signers
does not place undue burden on the platform.
Bug: 266580022
Test: Manually verified the platform only allowed an APK with the
maximum number of supported signers.
Change-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091
Catch exceptions that may be thrown if invalid data ended up in the
persisted job file.
Bug: 246541702
Bug: 246542132
Bug: 246542285
Bug: 246542330
Test: install test app with invalid job config, start app to schedule job, then reboot device
Change-Id: Id0ceba345942baf21177f687b8dd85ef001c0a9e
(cherry picked from commit c98fb42b48)
Merged-In: Id0ceba345942baf21177f687b8dd85ef001c0a9e
When deciding an app's standby bucket, check if the
app has its user control disabled by an IT admin. If so,
the app should be the exempted restricted bucket.
Bug: 272042183
Test: atest AppStandbyControllerTests
Change-Id: I4279dc37f0e17aedb1c2a87468478248443a253e
Merged-In: I4279dc37f0e17aedb1c2a87468478248443a253e
(cherry picked from commit 269fcb6873)
Catch canvas drawing exceptions caused by unsuported image sizes.
Test: 1. Post a custom view notification with a layout
containing an ImageView that references a 5k x 5k image
2. Add an App Widget to the home screen with that has the
layout mentioned above as preview/initial layout.
Bug: 268193777
Change-Id: Ib3bda769c499b4069b49c566b1b227f98f707a8a
Merged-In: Ib3bda769c499b4069b49c566b1b227f98f707a8a
NotificationContentInflater waits on SysUiBg thread for images to load, with a timeout
of 1000ms.
Test: 1. Build a test app that posts MessagingStyle notifications with a huge image (8k+) set as data Uri.
2. SystemUi should not ANR
3. adb logcat | grep NotificationInlineImageCache - shows timeout/cancellation logs
Bug: 252766417
Bug: 223859644
Change-Id: I341db60223214cf2282b5c0270e343e1ce95fa01
(cherry picked from commit 195043f40e)
Merged-In: I341db60223214cf2282b5c0270e343e1ce95fa01
This commit will try to sanitize the content of VpnDialog. This
commit creates a function which will try to sanitize the VPN
label, if the sanitized VPN label is different from the original
one, which means the VPN label might contain HTML tag or the VPN
label violates the words restriction(may contain some wording
which will mislead the user). For this kind of case, show the
package name instead of the VPN label to prevent misleading the
user.
The malicious VPN app might be able to add a large number of line
breaks with HTML in order to hide the system-displayed text from
the user in the connection request dialog. Thus, sanitizing the
content of the dialog is needed.
Bug: 204554636
Test: N/A
Change-Id: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
Merged-In: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
This is a second attempt at fixing the issue, the previous CL
ag/20642213 was reverted because it simply throws an exception when the
limit is reached, which causes apps to crash since chat apps tends to be
sending large amount of conversation shortcuts and they have no way to
know how many of these shortcuts are still cached by the system.
Instead of throwing an exception, this CL simply removes excessive
shortcuts to avoid crashes. Currently there is a limit on the number
of shortcuts an app can publish in respect to each launcher activity.
This CL further implements a global maximum of total number of shortcuts
that can be retained for an app to mitigate from any potential system
health issue.
When the global maximum is reached, ShortcutService will proactively
removes shortcuts from system memory. Cached shortcuts are removed
first, followed by dynamic shortcuts, using last updated time as
tie-breaker.
This CL additionally addresses an unexpected flow where re-publishing
previously removed shortcuts that are still retained by the system could
cause the total number of shortcuts to exceed previously set limit.
Bug: 250576066 233155034
Test: manual
Change-Id: I001c7a87b62aefa9487bf8efaf3cd02d7cb21521
Merged-In: I001c7a87b62aefa9487bf8efaf3cd02d7cb21521
The 'InputWindowInfo.isTrustedOverlay' function had been removed, we
have to indicate the trustedOverlay flag when fill input info to overlay
window.
Bug: 161789401
Bug: 158717144
Test: atest WindowInputTests
Change-Id: Idf17fd64c6a1399d04c51e3f0bd600dc4a84239a
Merged-In: Idf17fd64c6a1399d04c51e3f0bd600dc4a84239a
This is a backport of ag/20581190 and includes the fix in ag/20778075.
Note that on this branch, clearData doesn't seem to actually clear persistent storage.
Bug: 258422365
Test: atest NotificationManagerServiceTest SnoozeHelperTest
Change-Id: If7c7db6694330ffbac551d044efadb26219fe17f
Merged-In: I5a2823f10053ea8c83c612a567d6d4f1b6af23e7
Merged-In: Ie809cb4d648a40622618e0fb374f36b6d8dc972a
Merged-In: If7c7db6694330ffbac551d044efadb26219fe17f
Block touches from passing through activities by adding a dedicated
surface that consumes all touches that would otherwise pass through the
bounds availble to the Activity.
+ Keep displayId in sync for ActivityRecord
Bug: 194480991
Test: atest CtsWindowManagerDeviceTestCases:ActivityRecordInputSinkTests
Test: atest CtsWindowManagerDeviceTestCases:CrossAppDragAndDropTests
Test: atest CtsWindowManagerDeviceTestCases:PinnedStackTests
Test: Used "System > Developer Options > Simulate secondary display" to
test that moving activites between displays work as intended.
Change-Id: Idace4104c2708ce99309fa54fd44dd000e7f8894
- include disable accounts when looking up accounts for a package to
check if the limit is reached (10)
- put a new limit of 10 supported schemes
- put a new limit of 256 characters per scheme
- put a new limit of 256 characters per address
- ensure the Icon can write to memory w/o throwing an exception
bug: 259064622
bug: 256819769
Test: cts + unit
Change-Id: Ia7d8d00d9de0fb6694ded6a80c40bd55d7fdf7a7
Merged-In: Ia7d8d00d9de0fb6694ded6a80c40bd55d7fdf7a7
This is to prevent malicious app entering PiP without being visible
first, like blocking onResume from completion. Which in turn
leaves the PiP window in limbo and non-interactable.
Bug: 265293293
Test: atest PinnedStackTests
Change-Id: I458a9508662e72a1adb9d9818105f2e9d7096d44
* Previously, the height returned by Display#getSize was used to
determine visible objects. Based on the API level and the presence of system decorations (e.g. notches), this can cause objects near the
bottom of the screen to be considered out of bounds (i.e. only objects
within y=0 and y=partial_height are considered even if the omitted
decorations are at the top of the screen). cherry pick from aosp/2384832
Bug: 236669488
Test: manual
Merged-In: Iba21245c947cec0d0054f6d86e3585ba73233223
Change-Id: I50f143528d1f5a5b677eb2628efbcd658f4cc1b0
(cherry picked from commit afebeb7b43)
- If too large when parsing service XMLs then skip this service.
- If too large when a service attempts to update its own info
then throw an error.
Bug: 261589597
Test: atest AccessibilityServiceInfoTest
Change-Id: Iffc0cd48cc713f7904d68059e141cb7de5a4b906
Merged-In: Iffc0cd48cc713f7904d68059e141cb7de5a4b906
Turns out we do have internal tests that downgrades system apps, so adding this exception to allow for that.
BUG: 267232653
BUG: 256202273
Test: manual
Change-Id: Ie281bbdc8788ee64ff99a7c5150da7ce7926235e
(cherry picked from commit ceeca68b8c)
Same as exists for channels
This is a backport of the fix in ag/16659457, including the adjustment from ag/20920023 (changed the max value from 50000 to 6000).
Test: PreferencesHelperTest
Bug: 210114537
Bug: 261723753
Change-Id: Ic27efba4c54e22eebca16fc948879e652df4467b
(cherry picked from commit 37b3549807 & I3f3a99765c161369e1b026686a0e5f0c83ed839e)
Merged-In: I3f3a99765c161369e1b026686a0e5f0c83ed839e
Merged-In: Ic27efba4c54e22eebca16fc948879e652df4467b
Also remove misleading commandline output.
BUG: 256202273
Test: manual
1. Install preload system app v90, reboot
2. (W/O data, W/ Flag, 90->80 NOK) adb install -d ~/Downloads/PrivApplication_80.apk
Performing Streamed Install
adb: failed to install /usr/local/google/home/schfan/Downloads/PrivApplication_80.apk: Failure [INSTALL_FAILED_VERSION_DOWNGRADE: System app: com.example.privapplication cannot be downgraded to older than its preloaded version on the system image. Update version code 80 is older than current 90]
3. (90->100) Install data app v100
4. (W/ data, W/O Flag, 100->90 NOK) adb install ~/Downloads/PrivApplication_90.apk
Performing Streamed Install
adb: failed to install /usr/local/google/home/schfan/Downloads/PrivApplication_90.apk: Failure [INSTALL_FAILED_VERSION_DOWNGRADE: Downgrade detected: Update version code 90 is older than current 100]
5. (W/ data, W/ Flag, 100->90 downgrade OK) adb install -d ~/Downloads/PrivApplication_90.apk
Performing Streamed Install
Success
6. (90->100) Install v100
6. (W/data, W/ Flag, 100->80 NOK) adb install -d ~/Downloads/PrivApplication_80.apk
Performing Streamed Install
adb: failed to install /usr/local/google/home/schfan/Downloads/PrivApplication_80.apk: Failure [INSTALL_FAILED_VERSION_DOWNGRADE: System app: com.example.privapplication cannot be downgraded to older than its preloaded version on the system image. Update version code 80 is older than current 90]
Change-Id: I5a8ee9e29a3a58f6e3fd188e0122355744b8b0ce
(cherry picked from commit a4484d7f1b)
