See comment here for the discussion on solution
https://b.corp.google.com/issues/169762606#comment14
Change-Id: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253
Bug: 169762606
(cherry picked from commit 11053c17b3)
Change-Id: I424e098dd70ae31bbbc7cb2f3eccd1ccc287064b
Merged-In: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253
See comment here for the discussion on solution
https://b.corp.google.com/issues/169762606#comment14
Change-Id: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253
Bug: 169762606
(cherry picked from commit 11053c17b3)
Change-Id: I6494366a5695daedc3f4f0046da9e130a5363f5f
Merged-In: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253
In case the broadcast intents "com.android.server.net.action.SNOOZE_WARNING"
or "com.android.server.net.action.SNOOZE_RAPID" are dispatched to apps,
then add a SafetyNet log.
Bug: 177931370
Test: manual
Change-Id: I65b2e96ff1230b2051dd1e5bd9c21e5ba3e1146a
Merged-In: I65b2e96ff1230b2051dd1e5bd9c21e5ba3e1146a
(cherry picked from commit a22e341ac2)
In case the broadcast intents "com.android.server.net.action.SNOOZE_WARNING"
or "com.android.server.net.action.SNOOZE_RAPID" are dispatched to apps,
then add a SafetyNet log.
Bug: 177931370
Test: manual
Change-Id: I65b2e96ff1230b2051dd1e5bd9c21e5ba3e1146a
Merged-In: I65b2e96ff1230b2051dd1e5bd9c21e5ba3e1146a
(cherry picked from commit a22e341ac2)
This is a CP of ag/14736230 to qt-dev.
Apps were able to bypass BAL and BG-FGS restrictions by retrieving their
own notifications and firing their PI since those were allowlisted for
those operations.
Now we strip the token that granted them that ability
from notifications returned via NM.getActiveNotifications(), which
returns the notifications of the caller.
Notifications returned via notification listener APIs still contain such
token, as they should.
Bug: 185388103
Bug: 169821287
Test: Manually tested
Change-Id: I2ede0d639a560f6acacec3864a0a7d23af152ba5
Merged-In: I2ede0d639a560f6acacec3864a0a7d23af152ba5
(cherry picked from commit 5fbeff59df)
When sending broadcasts ACTION_SNOOZE_WARNING in NPMS, which may
contain sensitive information, explicitly set the package name
that should receive it to prevent other apps from receiving them.
Bug: 177931370
Test: manual
Change-Id: I11d736771d859d2af27d5c84a502ab038974e2e2
Merged-In: I11d736771d859d2af27d5c84a502ab038974e2e2
(cherry picked from commit 1494979a6a)
When sending broadcasts ACTION_SNOOZE_WARNING in NPMS, which may
contain sensitive information, explicitly set the package name
that should receive it to prevent other apps from receiving them.
Bug: 177931370
Test: manual
Change-Id: I11d736771d859d2af27d5c84a502ab038974e2e2
Merged-In: I11d736771d859d2af27d5c84a502ab038974e2e2
(cherry picked from commit 1494979a6a)
These shell commands were implicitly deleting any client-named file for
which the system uid had deletion capability. They no longer do this,
instead using only the client's own capabilities and file manipulation
modes.
Bug: 185398942
Test: manual "adb shell cmd activity dumpheap system_server /data/system/last-fstrim"
Test: atest CtsPermissionTestCases:ShellCommandPermissionTest
Merged-In: Ie61ab2c3f4bfbd04de09ca99c1116d1129461e8f
Change-Id: Ie61ab2c3f4bfbd04de09ca99c1116d1129461e8f
These shell commands were implicitly deleting any client-named file for
which the system uid had deletion capability. They no longer do this,
instead using only the client's own capabilities and file manipulation
modes.
Bug: 185398942
Test: manual "adb shell cmd activity dumpheap system_server /data/system/last-fstrim"
Test: atest CtsPermissionTestCases:ShellCommandPermissionTest
Merged-In: Ie61ab2c3f4bfbd04de09ca99c1116d1129461e8f
Change-Id: Ie61ab2c3f4bfbd04de09ca99c1116d1129461e8f
These shell commands were implicitly deleting any client-named file for
which the system uid had deletion capability. They no longer do this,
instead using only the client's own capabilities and file manipulation
modes.
Bug: 185398942
Test: manual "adb shell cmd activity dumpheap system_server /data/system/last-fstrim"
Test: atest CtsPermissionTestCases:ShellCommandPermissionTest
Merged-In: Ie61ab2c3f4bfbd04de09ca99c1116d1129461e8f
Change-Id: Ie61ab2c3f4bfbd04de09ca99c1116d1129461e8f
If updateLockscreenTimeout gets called before the Runnable queued
from lockNow gets executed, lockNow request will be ignored. Fix
this by not clearing out the runnable if it's pending lock request.
Test: Switch user, ensure lockscreen comes up
Bug: 161149543
Change-Id: Ie486396fd7328edf8ca0912df92524bb82a1fb7f
(cherry picked from commit 875fa991aa)
Merged-In: Ie486396fd7328edf8ca0912df92524bb82a1fb7f
If updateLockscreenTimeout gets called before the Runnable queued
from lockNow gets executed, lockNow request will be ignored. Fix
this by not clearing out the runnable if it's pending lock request.
Test: Switch user, ensure lockscreen comes up
Bug: 161149543
Change-Id: Ie486396fd7328edf8ca0912df92524bb82a1fb7f
(cherry picked from commit 875fa991aa)
Merged-In: Ie486396fd7328edf8ca0912df92524bb82a1fb7f
If updateLockscreenTimeout gets called before the Runnable queued
from lockNow gets executed, lockNow request will be ignored. Fix
this by not clearing out the runnable if it's pending lock request.
Test: Switch user, ensure lockscreen comes up
Bug: 161149543
Change-Id: Ie486396fd7328edf8ca0912df92524bb82a1fb7f
(cherry picked from commit 875fa991aa)
Merged-In: Ie486396fd7328edf8ca0912df92524bb82a1fb7f
NetworkMonitor sends "android.net.conn.NETWORK_CONDITIONS_MEASURED"
broadcast with Wifi SSID & BSSID. The receiver of this broadcast
is only required to have "android.permission.ACCESS_NETWORK_CONDITIONS"
permission but not the "android.permission.ACCESS_FINE_LOCATION".
It's incorrect because if the apps want to know the Wifi SSID and
BSSID, they should get the run-time permission with user consent.
Since this broadcast is not used anymore, delete it and the related
code.
Bug: 175213041
Test: atest NetworkStackNextTests NetworkStackTests
Change-Id: I12050737291c7fa0ebff4e7411b91f4c6f57a413
Merged-In: I1b8b6a3f4390adbabf92fb9e48da61c47b08b2ec
Merged-In: I7b43940dc32826c70fa82f471b35bc5cb8394aad
NetworkMonitor sends "android.net.conn.NETWORK_CONDITIONS_MEASURED"
broadcast with Wifi SSID & BSSID. The receiver of this broadcast
is only required to have "android.permission.ACCESS_NETWORK_CONDITIONS"
permission but not the "android.permission.ACCESS_FINE_LOCATION".
It's incorrect because if the apps want to know the Wifi SSID and
BSSID, they should get the run-time permission with user consent.
Since this broadcast is not used anymore, delete it and the related
code.
Bug: 175213041
Test: atest NetworkStackNextTests NetworkStackTests
Change-Id: I12050737291c7fa0ebff4e7411b91f4c6f57a413
Merged-In: I12050737291c7fa0ebff4e7411b91f4c6f57a413
Merged-In: I7b43940dc32826c70fa82f471b35bc5cb8394aad
When revoking storage permissions due to storage escalation, ensure the
revoke happens for all users
Fixes: 186034260
Bug: 171430330
Test: atest --user-type secondary_user StorageEscalationTest
Merged-In: Ieb8bb9cde1576e9eee131338d393b8a3528341ec
Change-Id: Ieb8bb9cde1576e9eee131338d393b8a3528341ec
