This attribute is default to false, and if set to true, indicates that
the app wants to run with strong integrity guarantee currently the
platform can provide the best.
In this change, this flag implies that on install time,
1) .dex and .so must be stored uncompressed and aligned to install
2) android:extractNativeLibs must be false to install
At run time, ART will run from the dex within the APK directly, and NDK
libraries will be mapped directly from the APK. This way, thest files
stay protected by signature.
The attribute currently stays in private to make development progress.
We plan to make it public once we confirm the demand from some apps.
Test: atest AppIntegrityTest (to be added in ag/5554864 after publicized)
Bug: 112037137
Change-Id: Ifde90cb0666fbb57e8b61f90b4ba1a2dd2a2b4ae
This change adds RollbackManagerService as a new system service for
managing apk level rollbacks.
To work properly this requires additional selinux policy changes. Fails
gracefully in case of selinux denials, until we have a chance to sort
out the proper selinux policy.
Bug: 112431924
Bug: 116512606
Test: atest RollbackTest, with selinux enforcement off.
Test: atest CtsPermission2TestCases:PermissionPolicyTest
Change-Id: Id72aae9c4d8da9aaab3922ec9233ba335bc0198f
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0
Merged-In: I020a9c09672ebcae64c5357abc4993e07e744687
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
The app is not started yet, and does not contain any service for now.
Test: built, booted
Bug: b/112869080
Change-Id: Id5a0fd02c891100e85d86b1040e53beec3581950
extras == null is documented to result in all extras being
erased, and the implementation handles it correctly. The
@NonNull annotation on Bundle extras is therefore wrong.
This CL replaces it with the correct annotation, @Nullable.
The incorrect annotation was introduced in April 2017
(commit 30e06bb668). I've
looked through the other changes to Intent.java in that
commit but have found no further nullability annotation
errors.
Bug: 121438778
Test: Treehugger
Test: Looked through the other nullability annotations on
Intent.java introduced by the same commit
30e06bb668 (Apr 2017)
but found no further errors.
Change-Id: Iebbe17abc5c97146533e82114fbaf1d7036fd03a
This change breaks current modification of shared lib state in the
system into object creation and a commit step so that multiple packages
may be interrogated before committing anything to the system.
Change-Id: I466d588be3e9690cffc8a04e025145d747fcbb2f
Bug: 109941548
Test: atest StaticSharedLibsHostTests
Bug: 118865310
Bug: 112669193
Bug: 120487127
Test: wrote small app to receive broadcast, ran adb install --staged
some.apk and verified that the broadcast is received successfully.
Change-Id: Ib8672a03a0e7033bcdc0ffbbbb5c65b8929e8e08
Test: Manual inspection of the code and javadocs to make nullability
annotations reflect the state of these methods.
Change-Id: I0baac0549c274213d99c7169033052c996eab122
The state is only kept up-to-date for staged sessions. Clients are in
charge of checking whether the session has the isStaged bit set, before
considering reading the StagedSessionState associated to that session.
Test: retrieved mock staged session from a small app and verified state
is correctly set.
Bug: 118865310
Bug: 112669193
Bug: 120487127
Change-Id: I03590476dc353fee6d6edffb7ae579a9f9664664
Add a new config value for recording the component name of secondary
launcher.
This secondary launcher with corresponding launch mode set in
AndroidManifest could be used on secondary displays that support system
decorations.
OEMs can easily replace their own secondary launcher by overlay it.
Bug: 118206886
Bug: 111363427
Test: atest RootActivityContainerTests
Test: atest ActivityManagerMultiDisplayTests
Change-Id: Iceab096fd369127231f2085313ee617c7cdea226
Taking a list of packages to reduce the number of IPCs the
client has to make.
Test: atest GtsSuspendAppsTestCases:SuspendPackagesTest
Bug: 120908380
Bug: 117968270
Change-Id: Ife7a6acfe2f21e7f4419bcf67630e7b8be50a560
- Get rid of activity-level events.
- Renamed InteractionSessionId and InteractionContext to
ContentCaptureSessionId and ContentCaptureContext (and made them public)
- Create the explicit concept of ContentCaptureSesssion (and moved notification
APIs to it).
- Added APIs to let apps create new sessions (not implemented yet).
- Added APIs to remove user data based on some context properties (like URI).
The reasoning behind this change is to let app developers explicitly associate
the captured content with some app-level domain (and also let the app ask the
service to clear such data at user's request). For example, a browser app
(and WebView) can use these APIs to associate the content capture events with
the URL being rendered.
Bug: 117944706
Fixes: 121034139
Test: atest CtsContentCaptureServiceTestCases
Test: m update-api && m
Change-Id: I7841da303b6a39c825651b03a07e3081fbd0bdf5
Initial prototype disabling location/sensors and enabling airplane mode.
Camera/Mic will come in a followup.
Test: manual
Bug: 110842805
Change-Id: I26132fcc9ffea83e3e78a0e54882d23c99ee590c
Adds logic to enforce a minimum aspect ratio and a new manifest
attribute for requesting a minimum aspect ratio.
Bug: 120129697
Test: atest AspectRatioTests
Change-Id: Ie714541241dcdfae2bdf3bfd969a4e26829fbb4b
Bug: 115639644
Test: Fingerprint still works on older devices
Test: atest FingerprintFeatureCompatTest
Change-Id: I6c316e183f90c8c84179a0f0488f41c130bfd25f
Relax the requirement on 'idmap2 --scan' to exit normally (as defined by
WIFEXITED) when starting a process. This allows the process to continue
booting, but with the caveat that no static="true" overlays targeting
"android" will be loaded.
The booting process is usually Zygote but can be an app that uses a
wrap.sh script (see https://d.android.com/ndk/guides/wrap-script).
Because SELinux rules prevent most processes from executing
/system/bin/idmap2, 'idmap2 --scan' will fail for "wrapped" apps.
Bug: 120854885
Test: atest CtsWrapWrapDebugTestCases CtsWrapWrapDebugMallocDebugTestCases
Change-Id: I85225cbcdd945f0026879e89f481d733217825d5
A single provider may offer multiple authorities, so we now pass along
the authority being requested. However, we need to validate that the
authority is actually serviced by the provider, similar to what we do
in validateIncomingUri().
Bug: 120673301
Test: atest android.content.cts
Test: atest android.provider.cts
Change-Id: Ia9734a42558ee9d46dc54f7e12b596cf03a520f5
Implements the PackageManager's getModuleInfo and getInstalledModules
API. These APIs are now backed by XML metadata that's parsed from a
"module metadata" provider package. The package name for the module
metadata package is stored in the config_defaultModuleMetadataProvider
config value.
The module metadata provider must contain a <metadata> entry for its
<application> tag. The meta-data entry must contain a single key
android.content.pm.MODULE_METADATA whose value is a reference to an
XML resource that contains metadata about the list of modules on a
given device.
The XML document must consist of a single top level <module-metadata>
element with one or more children. Each of these children are <module>
elements. The <module> elements must contain each of the following
attributes :
name : A resource reference to a User visible package name, maps to
ModuleInfo#getName
packageName : The package name of the module, see ModuleInfo#getPackageName
isHidden : Whether the module is hidden, see ModuleInfo#isHidden
Example :
<module-metadata>
<module name="@string/resource" packageName="package_name" isHidden="false|true" />
<module .... />
</module-metadata>
The module metadata is parsed eagerly and cached during system server
startup.
Test: atest FrameworksServicesTests:com.android.server.pm.ModuleInfoProviderTest
Change-Id: I0251c3f7429c42e3cce863eeeea792579dffecfb
This is due to being compatible with other RCS related changes by by other engineers.
Test: Existing tests pass
Bug: 109759350
Change-Id: Id56df22e9c313c5e0700eda3b2c489d2f84ea0cd
Merged-In: Id56df22e9c313c5e0700eda3b2c489d2f84ea0cd
This change adds the system APIs to query intent components and
application info, which is required for the Default apps UI in
permission controller to work for work profile.
Bug: 110557011
Test: build
Change-Id: I7e2d92f9ccae2e764a1ce0040a7f84bc4f21dbb5
