Fixes a p0 security bug. We already have the plugin permission
defined in our manifest. Ensure that senders of the DISABLE_PLUGIN
broadcast have that permission.
Bug: 193444889
Test: manual
Change-Id: Iebaba435c17c5644c5357c0683858447f5ffb897
Merged-In: Iebaba435c17c5644c5357c0683858447f5ffb897
The previous size was causing some apps to crash which otherwise worked
fine. This more closely matches the hard limit in RecordingCanvas
(which we need to stay below to prevent SystemUI from crashing).
Fixes: 182891864
Fixes: 182232777
Bug: 169255797
Test: atest StatusBarIconViewTest
Test: manual - posting notifications with different drawable sizes
Change-Id: I8deacc651e05a202ec980eeb8bcdf4f92daea8eb
(cherry picked from commit 5cd7976f7d)
* changes:
DO NOT MERGE: Fix interaction tracking logic
DO NOT MERGE: Associate notif cancels with notif posts
DO NOT MERGE: Allow interrupting notifications to bypass lifetime extension
DO NOT MERGE: Create a shim for StatusBarManager click methods
Tried to put a clever kotlin-ism there, but then the interaction tracker
was returning `true` for every notification because it only checked if
the key existed
Test: manual
Bug: 144324894
Bug: 119041698
Change-Id: Ie2f489acca973c0aebbd8e7d8fc7fbef2bac793f
Notifications which have interruped the UI (usually a HUN) can safely
bypass FGS lifetime extension because the system has done the best it
can to show the user this notification.
This valve is important in particular for things like a dialer which
might want to interrupt a user but need to do so again on the same
channel, for instance when getting multiple phone calls quickly in
succession.
Bug: 155594347
Bug: 119041698
Test: atest ForegroundServiceNotificationListenerTest
Change-Id: Id80fba3191cc133d1e73ca04015f9cbed62fc086
`StatusBarManager#onNotificationClick` and
`StatusBarManager#onNotificationActionClick` are signals we send to
system server about notification clicks. This CL adds a shim so that we
can have an in-process callback about the exact same events.
This CL also adds NotificationInteractionTracker, which basically just
merges the NotificationClickNotifier callbacks with the notification
collection and will be able to answer the question "has the user
interacted with this notification"
Lastly, this modifies the logic in ForegroundServiceLifetimeExtender
which now checks the interaction flag for notifications. So if a user
tapped on a notification action (for instance) which _then_ triggers a
notification cancel, it will succeed. It _does not_ as of yet release
the notification from lifetime extension upon interaction. So if a
notification is canceled and then interacted with, it will still live
the full amount of time.
Test: atest SystemUITests
Bug: 144324894
Bug: 119041698
Change-Id: I42201d6e7b7ffe9ad4f19c774b638a36a51750ef
(cherry picked from commit 9b2a480ceb)
Allow CDM to hide overlays
Since CDM has sensitive user consent UIs, it should be able to hide
non-system overlays
Test: use a 3p overlay app with a visible overlay to ensure overlay disappears when CDM is shown
Bug: 171221090
Change-Id: I3274cb7f03f63e1fa99a9ca06759972ce2a51309
Prevent non-system overlays from showing over CDM UI
Since CDM grants privileges, it should have the same overlay
policy as permission UI
Test: use an app wit ha visible overlay to ensure
the overlay disappears when CDM is shown
Fixes: 171221090
Change-Id: I4daaee7d8b710a72f6166cbb2252ef8af84c2c60
Allow CDM to hide overlays
Since CDM has sensitive user consent UIs, it should be able to hide
non-system overlays
Test: use a 3p overlay app with a visible overlay to ensure overlay disappears when CDM is shown
Bug: 171221090
Change-Id: I3274cb7f03f63e1fa99a9ca06759972ce2a51309
Prevent non-system overlays from showing over CDM UI
Since CDM grants privileges, it should have the same overlay
policy as permission UI
Test: use an app wit ha visible overlay to ensure
the overlay disappears when CDM is shown
Fixes: 171221090
Change-Id: I4daaee7d8b710a72f6166cbb2252ef8af84c2c60
Mutable pending intents are a security risk. This change adds the
IMMUTABLE flag to all PendingIntents created in GlobalScreenshot.
Bug: 162738636
Test: manual
Change-Id: I1044b6aaf2b1650ff91d9a72181684d2aaea9a62
Mutable pending intents are a security risk. This change adds the
IMMUTABLE flag to all PendingIntents created in GlobalScreenshot.
Bug: 162738636
Test: manual
Change-Id: I1044b6aaf2b1650ff91d9a72181684d2aaea9a62
Mutable pending intents are a security risk. This change adds the
IMMUTABLE flag to all PendingIntents created in GlobalScreenshot.
Bug: 162738636
Test: manual
Change-Id: I1044b6aaf2b1650ff91d9a72181684d2aaea9a62
SlicePermissionActivity reads provider_pkg from intent, which can be
modified at will. As a result user might see incorrect package name in
the dialog granting slice permission.
Bug: 159145361
Test: manual
Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
(cherry picked from commit 0ad32a2d70)
SlicePermissionActivity reads provider_pkg from intent, which can be
modified at will. As a result user might see incorrect package name in
the dialog granting slice permission.
Bug: 159145361
Test: manual
Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
(cherry picked from commit 0ad32a2d70)
SlicePermissionActivity reads provider_pkg from intent, which can be
modified at will. As a result user might see incorrect package name in
the dialog granting slice permission.
Bug: 159145361
Test: manual
Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
(cherry picked from commit 0ad32a2d70)
When the file is deleted, renamed or moved, revoke all uri
permissions with the file
Bug: 157474195
Test: manual test with DocumentsUI
Test: atest DocumentsTest#testAfterMoveDocumentInStorage_revokeUriPermission
Change-Id: I4ffb183630aadb2d87b0965e8cecf88af15f4534
Merged-In: I4ffb183630aadb2d87b0965e8cecf88af15f4534
(cherry picked from commit 9efd606f43)
