We had accidental usages of the PermissionChecker for cases where no
private data was provided to the app but the checkPermission API on
the latter also did blame data access on the app. The PermissionChecker
was designed to handle IPC calls and not for generic API checks.
To avoid future accidental incorrect PermissionChecker usages this
change renames the existing APIs of the latter to clearly indicate
that they should be used for data delivery and also adds sibling
methods for doing the same permission checks for preflight purposes.
Also the documentation is improved to furhter assist developers.
In addition, this change fixes accidental permission checker usages
that blame when they should not by using the new preflight flavor
of the permission check APIs.
Test:
atest com.android.settingslib.location.RecentLocationAppsTest
atest CtsPermissionTestCases
added: LocationAccessCheckTest#notificationOnlyForAccessesSinceFeatureWasEnabled
added: LocationAccessCheckTest#noNotificationIfFeatureDisabled
added: LocationAccessCheckTest#noNotificationIfBlamerNotSystemOrLocationProvider
added: LocationAccessCheckTest#testOpeningLocationSettingsDoesNotTriggerAccess
bug:141028068
Merged-In: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
Change-Id: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
This commit is mainly from I7a6a30bf8e8db9f2738594d187bb9148f138b8da, so
test cases and features are mostly same.
We change product_services partition name to "system_ext" because this
partition's purpose changes.
- installing a RRO package for framework from /system_ext/overlay
- installing apps from /system_ext/app
- installing priv-apps from /system_ext/priv-app
- installing permissions from
/system_ext/etc/[default-permissions|permissions|sysconfig]
Bug: 134359158
Test: `mma` under frameworks/base/tests/[libs|privapp]-permissions
adb sync && adb reboot
adb shell cmd package list libraries
=> confirmed com.android.test.libs.system_ext library
adb shell cmd package dump \
com.android.framework.permission.privapp.tests.system_ext
=> confirmed that the package is a priv-app
Change-Id: Ibbccbba64156a7bc464ffb3785fb8fe69ebb973c
Merged-In: Ibbccbba64156a7bc464ffb3785fb8fe69ebb973c
(cherry picked from commit 9ec059ac1d)
If an app doesn't have a launcher activity enabled by default, a
synthesized activity isn't created for that app.
Test: make ds-docs -j32
Bug: 140968734
Change-Id: I2fe8666ee8cde479f404e43c622f03891d96c38f
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Merged-In: I53946ed4e31de0ffe9c84875c391a7dec6f5375a
Change-Id: Idaae690f79a5c680ad0059a52be62160d9dfb5e7
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Change-Id: Id0e63ae4a7be578d1e93838b371320f86a787e0e
When the configurations are being read from the proto file, if a
duplicate locale is found in the list, an exception is thrown from
LocaleList which causes the UsageStatsService to crash. Instead, we'll
now log a WTF if duplicate locales are found when parsing the
configuration proto and not add the duplicate locale to the list.
Bug: 140197723
Test: atest UsageStatsDatabaseTest
Change-Id: Ie178b3cfdd45e6771a7c0e4bb42e47f79b5c30cc
(cherry picked from commit 5d9031dbee)
The docs now (correctly) state that, if an intent filter specifies no
actions, then it only matches intents that don't specify/contain an
action.
Test: make ds-docs -j32
Bug: 140435265
Change-Id: I8931c6540cb22edd15e8caa1be984ca70efcdc96
To prepare for enabling MissingNullability Metalava check this CL
works on adding missing nullability issues that metalava flags if
we tell it to flag new things since API 29.
This is not a complete CL, mostly addresses public api and
toString/equals for @SystemApi
Exempt-From-Owner-Approval: Large scale nullability clean up
Bug: 124515653
Test: make -j checkapi
Merged-In: I109260842cfc25f06e40694997fcbb4afa02c867
Change-Id: I109260842cfc25f06e40694997fcbb4afa02c867
As of Android Q, an app is included in the return value of
LauncherApps#getActivityList() unless it fulfills specific criteria.
This CL describes the conditions necessary for an app's activities
to *not* appear in the list.
Test: make ds-docs -j32
Bug: 130352392
Change-Id: I6a6e17351a6c1234229d1d7eb8147ee2c24ee2c9
No change to logic, only documentation.
This updates Context#getSharedPreferences docs:
* Fix a typo ("thead" -> "thread")
* Formatting: use <p> when appropriate, {@link} to other APIs, limit
the @param to only a single sentence
* Mention getSharedPreferences() may actually perform disk IO (this was
undocumented)
* Mention Editor#apply() as well as #commit()
Fixes: 140137651
Test: make docs
Change-Id: I245371d13d4f317c6c522debcdf7938ab783f897
1. If a previous version of an app doesn't declare internet permission;
2. The User upgraded it to a new version and the new one does declare the
internet permission;
3. The new app are not allowed to access the internet until next boot
Bug: 137864893
Test: Manual, just make sure the onPackageChanged would be executed on package changes
Change-Id: I69cdbb16a027a9c4e974b32371b1f64a23a51a23
Signed-off-by: wangmingming1 <wangmingming1@xiaomi.com>
Added internally in Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd,
of which this is a partial cherry-pick.
Bug: 137864893
Test: builds, boots
Change-Id: I6975e0b70ded6047e1ac8013a82bc35ff150f03b
Merged-In: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
To com.android.internal.compat.IPlatformCompat. This solves a java9
issue because libcore exported api has the same package android.compat.
Test: EXPERIMENTAL_JAVA_LANGUAGE_LEVEL_9=true make framework
Change-Id: I0918344f670669cecb04f1e9e54dbcb471b587d5
It's needed by ActivityManager and PackageManager.
Also use a constant in Context for the name.
Test: flashed device with ag/9025572 and ag/9204795 and the platfrom
compat was accessible.
Bug: 137769727
Change-Id: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
Merged-In: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
It's needed by ActivityManager and PackageManager.
Also use a constant in Context for the name.
Test: flashed device with ag/9025572 and ag/9204795 and the platfrom
compat was accessible.
Bug: 137769727
Change-Id: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
Merged-In: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
As of Android Q, an app is included in the return value of
LauncherApps#getActivityList() unless it fulfills specific criteria.
This CL describes the conditions necessary for an app's activities
to *not* appear in the list.
Test: make ds-docs -j32
Bug: 130352392
Change-Id: Iad888a7a7f47d090da1b143ac152705577144d20
EuiccManager was open to public API.
However @ServiceName does not have Context.EUICC_SERVICE.
It makes lint error when calling getSystemService.
Test: Build
Change-Id: I2e28725b1ad4c07ada4e3181fa9a8a41789680f6
Pass the set of disabled changes from the system server into the app in the
bindApplication() call. Use this to instantiate an implementation of
Compatibility.Callbacks() to implement the API.
Test: Manual.
Bug: 135010838
Merged-In: I2fcf25264c62acc801f9e62967072cd04e4641e7
Change-Id: I2fcf25264c62acc801f9e62967072cd04e4641e7
Allow Telephony to mark a SIM PhoneAccount as
emergency preferred, meaning that Telecom will
override a user's PhoneAccount preference for
emergency calls if the PhoneAccount has the
CAPABILITY_EMERGENCY_PREFERRED capability.
Bug: 131203278
Test: Manual testing, Telecom/Telephony unit testing
Merged-In: If70d917cfb3d825f375d282012b8788d69a2f144
Change-Id: I88b8bbfa444f5445b2f0d6a1542c6406a19b240f
