When deciding an app's standby bucket, check if the
app has its user control disabled by an IT admin. If so,
the app should be the exempted restricted bucket.
Bug: 272042183
Test: atest AppStandbyControllerTests
Change-Id: I4279dc37f0e17aedb1c2a87468478248443a253e
Merged-In: I4279dc37f0e17aedb1c2a87468478248443a253e
(cherry picked from commit 269fcb6873)
This change both prevents any rules from being unable to be written to disk and also avoids risk of running out of memory while handling all the zen rules.
Bug: 242703460
Bug: 242703505
Bug: 242703780
Bug: 242704043
Bug: 243794204
Test: cts AutomaticZenRuleTest; atest android.app.AutomaticZenRuleTest; manually confirmed each exploit example either saves the rule successfully with a truncated string (in the case of name & conditionId) or may fail to save the rule at all (if the owner/configactivity is invalid). Additionally ran the memory-exhausting PoC without device crashes.
Change-Id: I110172a43f28528dd274b3b346eb29c3796ff2c6
Merged-In: I110172a43f28528dd274b3b346eb29c3796ff2c6
(cherry picked from commit de172ba0d4)
This change both prevents any rules from being unable to be written to disk and also avoids risk of running out of memory while handling all the zen rules.
Bug: 242703460
Bug: 242703505
Bug: 242703780
Bug: 242704043
Bug: 243794204
Test: cts AutomaticZenRuleTest; atest android.app.AutomaticZenRuleTest; manually confirmed each exploit example either saves the rule successfully with a truncated string (in the case of name & conditionId) or may fail to save the rule at all (if the owner/configactivity is invalid). Additionally ran the memory-exhausting PoC without device crashes.
Change-Id: I110172a43f28528dd274b3b346eb29c3796ff2c6
Merged-In: I110172a43f28528dd274b3b346eb29c3796ff2c6
(cherry picked from commit de172ba0d4)
This reverts commit fa9c73975e.
Reason for revert: will deliver a better fix for that, ag/16580245.
Change-Id: I567f20b4f545bed906938731c27eac6eb7aeddff
This reverts commit 4d91b5aa0b.
Reason for revert: will deliver a better fix for that, ag/16580245.
Change-Id: I8691f47251157aae83d326eb808dd1c06b13a420
The size of the input of both setStream and setResource may very big
that system server got oom while handling it, so we try to decode it
first before copying it to the wallpaper path, if the decoding fails, we
treat the input as an invalid input.
Bug: 204087139
Test: Manually set wallpaper, no PDoS observed.
Change-Id: I014cf461954992782b3dfa0dde67c98a572cc770
The size of the input of both setStream and setResource may very big
that system server got oom while handling it, so we try to decode it
first before copying it to the wallpaper path, if the decoding fails, we
treat the input as an invalid input.
Bug: 204087139
Test: Manually set wallpaper, no PDoS observed.
Change-Id: I014cf461954992782b3dfa0dde67c98a572cc770
If a profile owner is defined for a specific user, do not delete usage
stats for a package on package deletion.
Bug: 197399948
Test: atest UsageStatsTest [all]
Change-Id: I94a8e3dfca8ef4c7616f77944d61726e06043b85
Merged-In: I94a8e3dfca8ef4c7616f77944d61726e06043b85
Reason: There is only one telephony stack shared
between the personal and work profile.
Bug: 194382185
Bug: 189942529
Test: build
Change-Id: If0d27a317a7c0ee46af371b30208327e5636c7cf
This is a CP of ag/14736230 to qt-dev.
Apps were able to bypass BAL and BG-FGS restrictions by retrieving their
own notifications and firing their PI since those were allowlisted for
those operations.
Now we strip the token that granted them that ability
from notifications returned via NM.getActiveNotifications(), which
returns the notifications of the caller.
Notifications returned via notification listener APIs still contain such
token, as they should.
Bug: 185388103
Bug: 169821287
Test: Manually tested
Change-Id: I2ede0d639a560f6acacec3864a0a7d23af152ba5
Merged-In: I2ede0d639a560f6acacec3864a0a7d23af152ba5
(cherry picked from commit 5fbeff59df)
The base APK is loaded during normal execution even when isolated splits
are requested. This preserves that behavior during instrumented tests,
which previously skipped the base APK (causing class loading errors).
Test: tested on device with a trivial automated instrumented test
Bug: 146183755
Change-Id: Ia54072ee91b7c06cb4a787a8954ad2e69b322cac
(cherry picked from commit 6f2978c9fc)
If an app has already been granted a permission and it requests that
permission again, the user shouldn't see a system dialog. Update the
documentation to reflect this intended behavior.
Test: m ds-docs-java
Bug: 157530031
Exempt-From-Owner-Approval: Docs-only change
Change-Id: I7096e17480831324dee72f4093cdaa064e3b9165
This reverts commit ae03031efe.
Reason for revert: Merge the reverted patch by accident.
Bug: 162627132
Change-Id: Ic2f072730050cb47926cec6ed24af7ef9e5e7055
.. to match behavior post I1f9662c2bd14b34e00fbc8ebb926538f0329c37a
Bug: 167593637
Test: Javadoc change only.
Change-Id: I4cb9fe4a5ae74b1474f9da39b6aeb3a374f8cf12
This reverts commit f21c885ca7.
Reason for revert: Have regression b/168268396.
Needs to pull out from Nov. builds.
Bug: 162627132
Change-Id: I29fa3937d1655a0cc7591abcfa2067f4fb2b2bcb
SlicePermissionActivity reads provider_pkg from intent, which can be
modified at will. As a result user might see incorrect package name in
the dialog granting slice permission.
Bug: 159145361
Test: manual
Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
(cherry picked from commit 0ad32a2d70)
SlicePermissionActivity reads provider_pkg from intent, which can be
modified at will. As a result user might see incorrect package name in
the dialog granting slice permission.
Bug: 159145361
Test: manual
Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
(cherry picked from commit 0ad32a2d70)
