Adds an API to supply additional context to a Notification that uses
MessagingStyle. To be used in the future to enhance the Direct Reply
experience.
Test: runtest cts
Change-Id: I6da0b9067cbffbaae2bd3c5d9606a0b5437f1ed4
Implement the permission grant, package access, enable system app, and
keep uninstalled packages delegation scope APIs in the
DevicePolicyManagerService.
This feature gives a device owner or profile owner the ability to
delegate some of its privileges to another application.
Bug: 33105287, 33105284, 33105719
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Change-Id: I50d2903eb73ae7844ec1f6fe07e41101ea2760ea
Implement the uninstall blocker delegation scope API in
DevicePolicyManagerSercice.
This feature gives a device owner or profile owner the ability to
delegate some of its privileges to another application.
Bug: 33105718
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegation
Change-Id: Ieb347ce3fb6219fe7f04cafbcd1e6b7359b31a10
The DevicePolicyManagerService currently supports delegation of
certificate installation and application restriction management, both
of which are individually handled by DPMS.
Upcoming framework features will add four more delegation types,
namely: block uninstall; app permission management; app access
management; and system app enabler. At this moment it makes sense to
refactor the underlying delegation system in DPMS so that current and
future delegates can be handled in a more generic way.
Bug: 33099995
Test: DPMS unit tests
Change-Id: I9e350143572c6690febdd59d1ed5149af8ee4388
Apps can now declare in their base APK AndroidManifest.xml
that they want to have their split APKs loaded in isolated
Contexts. This means code and resources from the split
get loaded into their own ClassLoader and AssetManager.
<manifest xmlns:android="..."
...
android:isolatedSplits="true"
...
In order to make this more useful, splits can declare dependencies
on other splits, which will all get pulled in to the Context
and run as expected at runtime.
A split declares its dependency on another split by using the
tag <uses-split> in its AndroidManifest.xml:
<manifest xmlns:android="...">
...
<uses-split android:name="feature_split_1" />
...
A split can have a single parent on which it depends on. This is
due to the limitation of having a single ClassLoader parent.
All splits depend on the base APK implicitly.
PackageManager verifies that no cycles exist and that each dependency
is present before allowing an installation to succeed.
The runtime will then load splits based on the dependencies.
Given the following APKs:
base <-- split A <-- split C
^----- split B
If an Activity defined in split C is launched, then the base,
split A, and split C will be loaded into the ClassLoader defined
for the Activity's Context. The AssetManager will similarly be loaded
with the resources of the splits.
A split can be manually loaded by creating a Context for that split, defined
by its name:
Context.createContextForSplit("my_feature_split_1");
All installed Activities, Services, Receivers, and Providers are accessible
to other apps via Intent resolution. When they are instantiated, they are
given the appropriate Context that satisfies any dependencies the split they
were defined in stipulated.
Test: WIP (CTS tests to come)
Change-Id: I8989712b241b7bc84381f2919d88455fcad62161
The color mode lets an application request a wide color gamut for
a specific window. This will also be used in the future to request
HDR. The color mode is currently either default (sRGB) or an undefined
wide gamut color space chosen by the platform. These attributes could
later be used to choose a specific color space if we deem this important
or useful.
This change also renames the various "colorimetry" attributes and
constants to "color mode" for consistency. These symbols were
added in O and can be safely renamed.
Test: CtsColorModeTestCases
Bug: 32984164
Change-Id: I4d4691dd12dbe3f3aa6a5cf893cff39aa16c739e
- No one can snooze for an undetermined amount of time
- Only the assistant can unsnooze
- Listeners can retrieve a list of snoozed notifications
Test: runtest systemui-notification, cts verifier
Change-Id: Idfaee6d8bc15a5d41630f86f7e852468b07dc7d0
- Removing the requirement for activities to have both the
resizeableActivity and supportsPictureInPicture attribute
to enter PiP. The activity may still be resized when
entering picture-in-picture.
Bug: 34256643
Test: android.server.cts.ActivityManagerPinnedStackTests
Change-Id: If6bd4721c53072e5518f554a8c7598705517c132
This cl adds an API to select a backup
transport by its component name and
receive a callback when BackupManager
is bound to the transport. Calling this API
will make BackupManager bind to the transport
if it isn't already bound to it.
Also fixes the issue where BackupManager would
detect only one transport per package.
Ref: go/backup-transport-switching
Bug: 33616220
Test: Manually tested. GTS tests will be put up shortly.
Change-Id: I8c23bdbb84ceb05eb1fad9b3a8b9c4441cb06c74
- In O, apps can request to enter picture-in-picture when the user
effectively leaves their activity for another task by default. To
prevent this from being abused, we need to add a setting for the
user to disable this behavior per-package in the system level.
When disabled, any activity from that package will only be able
to enter picture-in-picture when it is visible and resumed.
Bug: 34520451
Test: android.server.cts.ActivityManagerPinnedStackTests
Test: #testAppOpsDenyPipOnPause
Change-Id: Ib3a993e99ffb071706c6b7d3fb1c882b74acc5d7
Signed-off-by: Winson Chung <winsonc@google.com>
Rename to TextClassifier
Move to android.view.textclassifier package
Adds getTextClassifierInfo(...)
Changes addLinks(...) to getLinks(...)
This CL also integrates this interface with framework components
and passes a context to TextClassificationManager.
Test: Tests will be added with implementation.
Bug: 34661057
Change-Id: If9e90f034ebb702c1f78e72b6a844f39eebf738f
This takes advantage of the recently added behavior that offers to
send Parcelable exception types across Binder calls.
Certain SecurityException can be resolved if we involve the end user,
such as when a password has expired, or a user challenge is required
to proceed. This new subclass of SecurityException provides
user-visible messaging and convenience methods for quickly rendering
that messaging as a notification or dialog.
Test: builds, boots, throws, shows as notification and dialog
Bug: 33749182
Change-Id: Iba66c7466b8fabca9e3f83c60db5a4ab849a256f
No longer need to look up the application info, target SDK is
explicitly passed in to the check. For the external method, we
change this to just checked to see if background is completely
disabled, which doesn't need a target SDK check (and is the only
thing any of the current clients care about).
Now allow SystemUI to put targets of notification pending intents
on the temporary whitelist when they fire, so developers can avoid
dealing with background restrictions in this case (if the user
interacts with their notification, they will temporarily be
considered in the foreground).
Remove any thoughts of enforing restrictions on registerReceiver(),
so we don't need to deal with target SDK versions there (which can't
be done all that efficiently).
Also bring back the old "allow starts coming from foreground apps"
only for the MODE_IGNORE app op, since it should provide some
better compatibility.
Test: ran them.
Change-Id: Id4ea7f992d12ce4bd8e54f1dbaeb4a460a3dee59
Fixes isDeviceSecure and isDeviceLocked APIs to use
the user id of the app that executes the code rather
than that of any incoming binder call.
Change-Id: Ib7772b60c35a3ebf96830f9b013c539021e1f063
Fixes: 34592592
Test: manual
Induce a normal VM crash via adb, because it's quite different from the
effects of 'am kill'.
Test: induced crashes via adb shell using both pid & pkg
Change-Id: I79654afa7c4a70364cfd7d3af3e80a7b0e59b882
It should be checking if the UID argument passed in has the requested
permission; not the calling UID.
Test: builds, boots
Bug: 34528367
Change-Id: Ie1828f571d9f143ce9f5bdca2eedcf2fa6ccfd79
This change creates a new FontManagerService, in charge of providing
font management data. It exposes a public API to retrieve the
information in fonts.xml without accessing it directly. To do this,
it also refactors FontListParser's internal classes into a new public
FontConfig class holding all the font data.
getSystemFonts() returns all the available information in fonts.xml
as well as file descriptors for all the fonts. This allows us to
share the memory consumed by these files between all clients.
Bug: 34190490
Test: See attached CTS change in topic
Change-Id: I0e922f8bcc9a197a1988d04071eb485328d66fb7
We add a variant of notifyPendingSystemUpdate method which takes an
additional isSecurityPatch boolean flag. This information, if available,
will be persisted and available to device and profile owners when they
call getPendingSystemUpdate method.
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.DeviceOwnerTest#testPendingSystemUpdate
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest#testPendingSystemUpdate
Bug: 33102479
Bug: 30961046
Change-Id: If3f1b765bb18a359836ac43ac9a0a9f29e9f8428
This change adds support for static shared libraries that
emulate static linking allowing apps that statically link
against the same library version to share a common
implementation. A library is hosed by a package in a standard
APK.
Static shared libraries have a name and a version declared
by a dedicated manifest tag. A client uses also a new tag
to refer to the static library it uses by specifying the
lib name, version, and the hash of the signing certificate.
This allows two apps to rely on two different library versions
and prevents impersonation of the shared library by a side-loaded
app with the same package name.
Internally apps providing static libs use synthetic package
name generated from the manifest package name and the library
version. This allows having different "versions" of the same
package installed at the same time.
An application cannot be installed if a static shared lib it
depends on is missing. A used shared library cannot be uninstalled.
Shared libraries can rotate certificates like normal apps. The
versions of these libs should be ordered similarly to the version
codes of the hosting package. Such libs cannot use shared user
id, cannot be ephemeral, cannot declare other libraries, cannot
rename their package, cannot declare child-packages. They must
target O SDK. Also they cannot be suspended or hidden or their
uninstall blocked. Generally, speaking policy regarding code in
static shared libs should be applied to the packages using the
library as it could have just statically linked the code.
We now have APIs to query information about the shared libraries
on the device in general. To clients static shared libraries are
presented as multiple versions of the same package which is how
they are declared and published. Therefore, one can have two
versions of the same package which means we need way to query
for and uninstall a specific version of a package. Also static
shared libs can depend on other static shared libs which are
versioned packages. To ease representation we add the concept
of a versioned package which should be used in the case of
static shared libs.
A client can see only the static shared libs it depends on and
more specifically only the versions it depends would be retrieved
by using the standard package manager APIs. There is a new
dedicated API to get info about all shared libraries which
would provide data about all static shared lib versions. Also
these libraries must use v2 signing scheme.
Test: CTS tests pass
bug:30974070
Change-Id: I4f3d537ee7a81f880950377b996e1d9d4813da5c
