Offer an explicit DELETE_CONTRIBUTED_MEDIA flag that can be used when
uninstalling an app to indicate that any contributed media should be
deleted.
Adjust APIs to accept a specific UserHandle so we can pre-flight
check for valid UserManager state.
Bug: 116344240
Test: atest android.provider.cts.MediaStoreTest
Change-Id: Ief0ba27c913791d60f86a5d7252525c9c4539fc6
Similar to what we've done for services like the installer, verifier,
and text classifier, we're creating a new permission protection level
for the "document manager" on the device, called the "documenter" in
this change.
There should be exactly one "documenter" on the device, since it
handles the sensitive MANAGE_DOCUMENTS permission.
Bug: 117745631
Test: atest CtsPermission2TestCases
Test: atest android.permission.cts.ProviderPermissionTest
Change-Id: I92c9fcfee24feae8dc3a7516cde093e8f3bf0e56
Bug: 120096113
Test: Build with built-in libraries that declares new depedency flag, no
more boot errors (tested with cheets_x86_64 and crosshatch_userdebug)
Change-Id: I6b3e2ab7626ed8f04c0bf1a5b3c32204a2f2c56b
* Expose getCache and putCache to @Public. Filed a bug
b/117636111 to implement the maximum bounds
* Expose getTypeDrawable to @SystemApi
Change-Id: I81ab2e2198d2da1a2fa1c327ed7f9f66cb999755
Fix: 117636111
Test: make
If a system component calls to a remote provider, and that provider
hangs, we end up burning that Binder thread until the remote process
is killed for some unrelated reason.
This change adds an API to detect these hangs, and kill the remote
process after a specific timeout, but only when the caller holds a
permission that lets them kill other apps.
Bug: 117635768
Test: atest android.content.cts.ContentResolverTest
Change-Id: I81b0d993d9d585cdeb5e2559c68052ba6cbbced9
Accepting only ContentResolver arguments was quite limiting, so use
the newly created super-interface ContentInterface, which lets
callers use a ContentResolver, and ContentProviderClient, or even a
specific ContentProvider.
This is a safe API change, since we're accepting a more-general
argument, and existing API users can continue passing ContentResolver
to these methods.
Bug: 117635768
Test: atest DocumentsUITests
Test: atest android.appsecurity.cts.DocumentsTest
Change-Id: I8f0cd1335c9b763dd81eeb237fb0517e9073b625
Existing APIs that accept a ContentResolver are too restrictive when
the caller has their own ContentProviderClient already bound and
configured, so we're in the market for a solution to open those
existing APIs to accept a wider range of inputs.
The solution we've come up with is to introduce a super-interface
which contains the common ContentProvider APIs, and then make
ContentProvider, ContentResolver, and ContentProviderClient all
implement that interface for consistency.
After this change lands, we can then safely relax existing APIs to
accept this new ContentInterface, offering a clean path to solving
the problem outlined above.
Bug: 117635768
Test: atest android.content.cts
Test: atest android.provider.cts
Change-Id: Ic5ae08107f7dd3dd23dcaec2df40c16543e0d86e
Exempted-From-Owner-Approval: keep tests working
Permissions that have the new wellbeing protection flag will be granted
to the wellbeing app, as defined by the OEM in the system resource.
The ACCESS_INSTANT_APPS permission is updated to use the wellbeing
flag. The SUSPEND_APPS permission will also follow the same model now.
Bug: 119330345
Test: atest CtsPermission2TestCases:PermissionPolicyTest
Test: atest com.android.server.pm.SuspendPackagesTest
Test: atest com.google.android.suspendapps.permissionpolicy.gts.SuspendAppsPermissionPolicyTest
Change-Id: Iffedc7704824292be48a4ef198fff97c1e5c39da
Introduced a new INTERACT_ACROSS_PROFILES privileged permission which
allows an application to start a managed profile activity from its personal
profile activity.
Added CrossProfileApps#startAnyActivity(ComponentName, UserHandle) which
requires the INTERACT_ACROSS_PROFILES permission and enables an app from
a personal profile to launch an activity within its managed profile app.
Bug: 118186373
Test: atest com.android.server.pm.CrossProfileAppsServiceImplTest
Test: atest cts/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/CrossProfileAppsHostSideTest.java
Change-Id: I28aa05c7e54f60eb6144275d31eaf8813e2f10ad
Foreground service must use attribute foregroundServiceType to
specify its foreground service type in <sevice> element of manifest
file, otherwise a warning message is printed when startForeground()
method is called. (We will replace the warning message with a security
exception when the feature is formally activiated.)
The manifest attribute is:
android:foregroundServiceType="<type>"
Allowed types are: "sync", "mediaPlay", "phoneCall",
"location", "deviceCompanion", "ongoingProcess".
Bug: 111453223
Test: atest frameworks/base/tests/FrameworkPerf
Change-Id: I5d2ab203d400f3c549cd153480b6252a2f9adb3c
Bunch of changes:
- Split public SmartSuggestionsService info ContentCaptureService and
AugmentedAutofillService
- Renamed 'intelligence' packages to either 'contentcapture' or
'autofil.augmented'
- Renamed internal packages and classes.
- Changed permissions, resource names, etc...
- Moved Augmented Autofill logic from IntelligeceManagerService (R.I.P.) to
Autofill.
- Optimized IPCs by passing a String instead of the InteractionSessionId
(that also solves the view -> service dependency).
Test: atest CtsContentCaptureServiceTestCases \
CtsAutoFillServiceTestCases \
FrameworksCoreTests:SettingsBackupTest
Test: manual verification with Augmented Autofill Service
Bug: 119638877
Bug: 117944706
Change-Id: I787fc2a0dbd9ad53e4d5edb0d2a9242346e4652d
This patch adds a feature flag for IPsec Tunnel Mode. This implies VTI
(with output-mark updating), or XFRM-I in the kernels.
Bug: 117183273
Test: Compiles
Change-Id: I6dd0e429cc0bd100f2ef1140a6651f6ef5294c79
Everything needed to get the CTS tests to work.
Also:
- Change process names to be unique per isolated instance,
and no longer use isolated uid in proc stats, so we don't
have a crazy number of process entries there.
- Again move activity manager dumpsys output so we aren't
spewing less useful stuff at the end where it hides the
core state about processes.
- Fix protos so that we can read InstrumentationInfo from the
activity manager protos. (There was confusion about writing
protos for a PackageItemInfo vs. an ApplicationInfo.)
Test: atest CtsAppTestCases:ServiceTest\#testActivityServiceBindingLru
Bug: 111434506
Change-Id: I2c86bd1daa582a5c60950173ca12e8ec21b13ead
This change is for "Open with" feature in DocumentsUI.
If this is public, other apps also can have this
feature.
Test: make
Bug: 110959821
Change-Id: I9c1255419869f9983eac7e820c42a96400f15bfd
REVIEW_PERMISSION_USAGE now supports being passed a permission name.
Document that in the comment.
Bug: 120222495
Test: Compile
Change-Id: Iedd2d98b5150bdf21fa80489889a0672d58dd1f2
Consolidate all permission related code in a single java package.
Test: atest SettingsLibRoboTests
Looked at Settings AppInfo UI (uses RuntimePermissionPresenter)
Bug: 120221960
Change-Id: If135e984a8273e9bed80cab9fbf2d70f40a05c7f
Make sure testers have a way to quickly determine when an app is trying to access
call logs or SMS without being the default handler, so we don't get inundated with
bugs about correct behavior
Test: proofread
Change-Id: I46b9dc86073101f8ca08ac1bc90c79338afd114f
And check parameters at trust boundaries
Test: Looked at AppInfo in Settings (uses RuntimePermissionPresenterService)
Change-Id: Ie70f64c1bc5435e1d284c37cc6fec208468b3a0a
This name is too generic, so we split it in 2 parts:
- ContentCaptureManager: the public API used by views and apps to report their
structure.
- SmartSuggestionsServiec: the system service use to consume these events and
provide autofill suggestions.
This CL also:
- Optimizes ContentCaptureManager allocation so they are not created on contexts that are not
capturing events (such as views from the system server).
- Uses a generic ContentCaptureEventsRequest (rather than a list of events) to make it easier
to be extended.
- Fixed IntelligencePerUserService so it clears the sessions when the
implementation changes.
Test: manual verification
Bug: 119776618
Bug: 117944706
Bug: 119638877
Change-Id: I069bcd23dda94afe18b2781fd3981b8b555afa56
Change 1/2. Change 2/2 will setup the class loader namespace for
shared libraries.
This change sets up shared libraries class loaders for applications
and for dexopt.
bug: 111174995
Test: DexoptUtilsTest, device boots
Exempt-From-Owner-Approval: PS1 was approved by owner, PS2 is a build fix.
(cherry picked from commit 8d144eb8bd)
Merged-In: Ie9a2b4eaa85cda59951703433f7a2d03bc12095d
Change-Id: I76383308418485ad6739f8a404d02c2771e4afe4
Developers often accept selection clauses from untrusted code, and
SQLiteQueryBuilder already supports a "strict" mode to help catch
SQL injection attacks. This change extends the builder to support
update() and delete() calls, so that we can help secure those
selection clauses too.
Extend it to support selection arguments being provided when
appending appendWhere() clauses, meaning developers no longer need
to manually track their local selection arguments along with
remote arguments.
Extend it to support newer ContentProvider.query() variant that
accepts "Bundle queryArgs", and have all query() callers flow
through that common code path. (This paves the way for a future
CL that will offer to gracefully extract non-WHERE clauses that
callers have tried smashing into their selections.)
Updates ContentValues to internally use more efficient ArrayMap.
Bug: 111268862
Test: atest frameworks/base/core/tests/utiltests/src/com/android/internal/util/ArrayUtilsTest.java
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Merged-In: I60b6f69045766bb28d2f21a32c120ec8c383b917
Change-Id: I60b6f69045766bb28d2f21a32c120ec8c383b917
The APIs for "preferred" packages and activites have been superseded
by modern activity-based preferences.
Bug: 120291723
Test: build (javadoc-only change)
Change-Id: I4242a10e1612f7e203256e4c26c5e8c518cc7656
This computes and stores a hash of significant (for PermissionController)
packages state for the time when granting last ran.
Test: - enable DEBUG flag
- using logcat ensure roles granted on first bootloader
- adb reboot
- ensure roles granting skipped
- disable a package
- adb reboot
- ensure roles granting ran on boot
Change-Id: Idaea40c0ea34feaedfbe357627201f85e66876d5
