Enable stricter SQLiteQueryBuilder options.
Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.
This change starts using setStrictColumns() and setStrictGrammar()
on SQLiteQueryBuilder to block this class of attacks. This means we
now need to define the projection mapping of valid columns, which
consists of both the columns defined in the public API and columns
read internally by DownloadInfo.Reader.
We're okay growing sAppReadableColumnsSet like this, since we're
relying on our trusted WHERE clause to filter away any rows that
don't belong to the calling UID.
Remove the legacy Lexer code, since we're now internally relying on
the robust and well-tested SQLiteTokenizer logic.
Bug: 135270103
Bug: 135269143
Test: atest DownloadProviderTests
Test: atest CtsAppTestCases:android.app.cts.DownloadManagerTest
Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
Force SurfaceFlinger to update synchronously by applying an empty
transaction. Without this, SurfaceFlinger will only update after the
next vsync, which may only happen after the instrumentation already
starts.
Since InputFlinger will only have the proper InputWindowInfo after
SurfaceFlinger updates, waiting for the vsync caused some
instruemntation tests to be flaky.
Bug: 138263890
Test: atest android.view.cts.HoverTest
Change-Id: I5457ab67ac574530dc1aa84549ca11e7e3f0d714
Make sure the client post execution lifecycle state to RESUMED
only if the activity was RESUMED while delivering new intent.
Bug: 135715788
Test: making skype calls
Test: atest ActivityThreadTest
Change-Id: I1e3054e1d1611aecf6ddf6d482abf2cb3ebdf9a4
In Q, these APIs were either:
- removed from the greylist entirely without good reason
- Moved to the restricted greylist without any public alternative
information added
So they are being moved back to the greylist for Q.
Test: Treehugger
Bug: 136102585
Change-Id: I5ac8b8b9b23c3789d80239cf456072cc7dfa1203
This is a targeted fix for not receiving a task stack change callback
when a task with a resumed Activity is reparented to another display.
Bug: 128932906
Test: manual - launch activity from virtual display onto default display
in a new task, verify callback notified. atest WmTests
Change-Id: Idabad8379cded664bcf302d5c6fb69564d158eb7
Merged-In: Idabad8379cded664bcf302d5c6fb69564d158eb7
We are planning to use this metric to detect leaks.
This CL also decouples the actual memory sampling from AM. This means:
- Less time locking the pid list (we used to lock and then read proc)
- Less serialization / deserialization for the parcel
- Simpler to evolve (e.g. removed the HWM-specific method in AM)
Change-Id: I87a7243156dd8c88cfa85038e7e6cf4963e271e1
Test: manual, MemoryStatUtilTest, UidAtomTests
Bug: b/135418017
Set a trim-level threshold to debug.am.run_gc_trim_level to activate it.
Bug: 135148702
Test: Manual test with "setprop debug.am.run_gc_trim_level 0", run a lot of
heavy apps and take pictures, and check logcat for the "force_gc" event log.
Test: Manual test with "setprop debug.am.run_mallopt_trim_level 0", run a lot of
heavy apps and take pictures, and check logcat for a debug log.
Change-Id: I73b4dc7374e85e9a22c98ab17da53aa6cb25a188
As it was in P. There are no public APIs created, hence there is no
better, _public_, alternative.
Fixes: 135282729
Test: none
Change-Id: I199cfcc125f948b983eb55a199abf673cc58b7e1
A couple of broken </code> tags were messing up the formatting
for the entire page (see b/134696600 , http://screen/aThdcpoDvJo.png )
Staged the fixed doc to:
http://go/dac-stage/reference/android/app/Activity
(The live version of this doc has already been fixed -- I fixed
the HTML by hand in cl/251937759 -- but we need to fix the Java
comment, or the file will revert when we publish beta 5.)
Bug: 134696600
Test: make ds-docs (& staged HTML output)
Exempt-From-Owner-Approval: Docs-only fix
Change-Id: I7e6d11ca358d747cdc6d04741d31c7acd85aa080
AppicationPackageManager.loadUnbadgedItemIcon would call
UserManager.getUserIcon if the icon was supposed to represent
switching to another the parent user (from a work profile).
However, that call requires extra permissions which may not be
available, which would cause a crash. The work profile doesn't
generally have permission to see the parent's icon, so rather
than showing the actual icon, a generic user icon is shown instead.
Bug: 134177607
Test: Manual confirmation: create a work profile and try to share a
picture (from Photos) to the personal profile.
Change-Id: Id79ca50b8e0a26593addbacf1a0ea709a2bc4da2
This removes the parts of the feature that were only needed in beta
releases:
- Toast when a start is or would be blocked.
- Configurable whitelist of exempt apps.
- Global setting to disable.
Not to be submitted until after beta 5 is cut.
Bug: 131747138
Test: atest BackgroundActivityLaunchTest
Test: atest RootWindowContainerTests
Test: atest WmTests:ActivityStarterTests
Test: atest CtsWindowManagerDeviceTestCases:ActivityStarterTests
Test: atest CtsAppTestCases:.ServiceTest
Change-Id: I3d8b9c72c8fac86b93ac57a8a1988f4133043af8
Also make it extendable for mocking and update atoms.proto comments.
Bug: 131833599
Test: compiled
Change-Id: I6a0e8a6175e7e9e46572ea4aa50ce7669a02588b
Asynchronicities in activity teardown -> service connection teardown
introduced a race in which the teardown could race with new service
bindings to "the same" service instance, and then wind up attempting to
shut down a new, valid instance inappropriately. Fixed by making sure
to clear the "what needs to be torn down" bookkeeping as part of the
act of doing that teardown, removing the possibility for stale state.
Fixes: 131029480
Test: manual
Test: atest CtsAppTestCases
Change-Id: I33a63f524d147ff6ec97dd3efb0127dcace8bf3c
The original logic sends the new configuration to the non-activity
components only if there is any public field changed. However, it
doesn't use the latest configuration to compare to the current one,
which caused ActivityThread dropping some onConfigurationChanged
callbacks.
This CL uses the latest configuration to compare to the current one.
Fix: 132653657
Test: Steps in the bug
Change-Id: I969ef189c36ba1903503d8b7de5641103aed8cf3
1. The IPC to ActivityThread.dumpHeap() dups the input file descriptor but
closes it when the IPC returns. Since the heap dump is generated
asynchronously, a race condition ensues between the returning close and
the dump being generated. For the intra-system-process call, the race is
with ActivityManagerService closing the created file descriptor. Duping
the file descriptor on the ActivityThread side should deal with this.
2. For some reason, the file descriptor wasn't closed for native heap
dumps. Closing the fd in those cases as well.
3. Catch the RuntimeException from Debug.dumpHprofData in case anything
else was missed.
Bug: 133424499
Test: adb shell am dumpheap com.android.systemui
Test: adb shell am dumpheap system
Test: Use the "Capture System Heap Dump" option in Developer Settings
Change-Id: I44817161533359766250de04e35902587ea9cc40
Test: manual - hit back in app & bubbles & when you get a phone call in
start up wizard
Bug: 132353272
Change-Id: I8bfb868e8e165adb2fa51b6cda1e9afe237d154c
At the moment KeyguardDisableHandler calls into DevicePolicyManager
to retrive the aggregated password quality for the current user
while holding the WindowManager lock. This is a lock inversion
and causes deadlock. To fix this, introduce a per-user password quality
cache in DevicePolicyCache and switch KeyguardDisableHandler
to use that instead.
Test: manual
Fix: 129087668
Change-Id: I8c02ca442dde76ed350f22ac04a52adc82d21d00
When MediaProvider db gets recreated, all the media content ids
get renumbered. It's possible that when DownloadProvider is
trying to delete an entry, it is holding onto a invalid mediastore
uri. So, don't use linked mediastore uris in DownloadProvider
operations. Also, revoke any prior uri grants of media content from
DownloadStorageProvider.
Bug: 132087334
Test: manual
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java
Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityTests.java
Change-Id: I4885f5a0ae0b3ab660426605a8a43b8c1d66a4c7
These methods used to be greylisted, but have been either accidentally
or prematurely added to blacklist.
Test: m
Bug: 133207859
Change-Id: I0f73828956d0c5e4b1c147580bb11c8073c3461b
