We added a couple of protection flags that also apply to
normal and dangerous permissions. These flags are folded
in the protection level breaking apps that directly and
compare against the protection constants. Apps that target
older than O SDK don't get protection flags folded into
the protection level.
Test: All permission tests pass
Added a new test to ensure no protection flags reported
for normal and dangerous permissions
Change-Id: I87b10a7695d8ecfa7156525d6f3d101fc0639513
bug:62755026
We added a couple of protection flags that also apply to
normal and dangerous permissions. These flags are folded
in the protection level breaking apps that directly and
compare against the protection constants. Apps that target
older than O SDK don't get protection flags folded into
the protection level.
Test: All permission tests pass
Added a new test to ensure no protection flags reproted
for normal and dangerous permissions
bug:62755026
Change-Id: I72547b0146e6b6919803e33ff64b7208c4a255ad
Since CONTEXT_RESTRICTED is not a default flag of createPackageContext,
we can't rely on it for preventing unexpected font injections.
To protect developers and existing apps from a risk of font injection,
stop loading font from other package's resouce unless the developer
explicitly set CONTEXT_IGNORE_SECURITY.
This CL contains Iac2a6fb3d82ef23d5ca6ee33f4aaa9ed28455271 by manual
merging to handle repository split.
Bug: 62813533
Bug: 62879353
Test: Manually done
Merged-In: I4442ddc48dadb5c968b444be86038b602074d301
Change-Id: I4442ddc48dadb5c968b444be86038b602074d301
Add the shared libs that are APKs to the native library
path when creating application class loaders. Also don't
allow shared libraries hosting native libs to request
extraction of the native libs out of the APK. Lastly,
shared libraries hosting native libs must be declared
as multi-architecture.
Test: CTS tests in this topic
bug:62720360
Change-Id: I0a398593ebe41b2976cb706ca8a388005f5aec83
Autofill seems to need IDs to be preserved across things
like configuration changes, while accessibility will not
function without views with unique ids. Separating out the
two types of IDs. We can re-combine them once it's clear
that both demands can be satisfied.
Bug: 62301218
Test: Run a11y and autofill CTS, and verify that the play
store app functions with TalkBack after a screen rotation.
Change-Id: I17a99de2874768fc0ade3aa354130dd1f6b4cd7e
Instead of maintaining a separate structure just for overlay
paths, store them as user state in the package setting. Also
centralize updating the overlay paths to avoid issues with
inconsistent updates.
Fixes: 36561125
Test: Manual
Change-Id: Iac1c987e8650074dbc564e332d5da1950fad6ac5
Sometimes callers want to clear the calling identity [to avoid permission
calls]. In this case, allow passing the original calling identity to
internal methods.
Test: Manual; create profile account and observe launcher still works cross profile
Test: bit FrameworksServicesTests:com.android.server.pm.ShortcutManagerTest{1..10}
Change-Id: I73f8ad4b2dc1895227c3fcb14f3f1f18f600562f
Fixes: 38349978
Previously, it was possible for the view hierarchy to be measured,
laid out, and drawn around a window frame size that did not match
the current configuration. This stems from new configurations not
always propagating back from WindowSession#relayout, which is
called from ViewRootImpl.
This changelist makes WindowManagerService#relayoutWindow always
return the latest configuration. It also adds rotation to the
configuration.
Fixes: 32839232
Test: go/wm-smoke
Test: Open Camera while rotating phone to landscape. Added
temporary logs to detect inconsistencies between measurements
and reported rotation on draw.
Change-Id: I39daca338b4f87eff1a509eb99493f01e710ced1
Most @SystemApi methods should be protected with system (or higher)
permissions, so annotate common methods with @RequiresPermission to
make automatic verification easier.
Verification is really only relevant when calling into system
services (where permissions checking can happen on the other side of
a Binder call), so annotate managers with the new @SystemService
annotation, which is now automatically documented.
This is purely a docs change; no logic changes are being made.
Test: make -j32 update-api && make -j32 offline-sdk-docs
Bug: 62263906
Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651
When answering the question "how much space is free", use the same
logic for Settings UI and StorageManager.getAllocatableBytes(). That
is, the reported free space is usable bytes plus any cached data the
system is willing to delete automatically.
This does *not* include any reserved cache space, since we don't want
abusive apps to penalize other well-behaved apps that are storing
their data in cache locations. Callers freeing cached data need to
now explicitly request defiance of the reserved cache space. (Most
callers are already doing this by using FLAG_ALLOCATE_AGGRESSIVE.)
Rewrite the core logic of DeviceStorageMonitorService to understand
this new "reserved" cache space, and to be easier to understand. It
also now handles cached data on adopted storage volumes, which had
been ignored until now. Also fix bug where we had skipped "low"
broadcasts when the device skipped directly from/to "full" state.
Bug: 38008706
Test: cts-tradefed run commandAndExit cts-dev -m CtsJobSchedulerTestCases -t android.jobscheduler.cts.StorageConstraintTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Change-Id: Icbdcf3b52775f7ada1ceaeff2f96094c8d8052f9
An invalid, 'null' resource ID is defined as 0. Apps often use -1.
Add a helper method that makes checking valid IDs easy and more
centralized.
Eventually make it public API.
Bug: 38393777
Test: manual
Change-Id: I969ec4a45e86bdab3d7f57d357d475b77c7f8a78
Change-Id: I97f791b61f9b4f7ed33305345bf3d92394b40ae4
Fixes: 38202759
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual. Create sample app that replaces the launcher to test ability to see ephemeral apps.
Turns out there was another path in to the activity manager
to trigger a PendingIntent, which needs to be modified to
now also pass in the whitelist token of that pending intent.
Test: manual
Change-Id: I755ff87db1b782fa6974d404dcb490786053c5e0
fix:37135264
Test: Add new CTS test
bit
CtsGraphicsTestCases:android.graphics.drawable.cts.DrawableContainerStateTest,
CtsGraphicsTestCases:android.graphics.drawable.cts.DrawableContainerTest,
CtsGraphicsTestCases:android.graphics.drawable.cts.Drawable_ConstantStateTest
Change-Id: I8bb868d16a944f746ec41d3e37ae4215b964d949
- Events are obfuscated based on whether the app was instant or not at
the time each event was logged.
- UsageStats are obfuscated based on whether each app is instant or
not at the moment.
Bug 38202133
Test: Manual test using UsageStatsTest and instant apps
Change-Id: I3c74309196b88d010d317cb0dd6749bf4624e876
Developer can specify android:fontFamily with three ways, pre-defined
font family name, e.g. "sans-serif", path to the font file in resource
directory, e.g. "res/fonts/Roboto-Regular.ttf", or path to the XML font
family file, e.g. "res/fonts/Roboto.xml".
Resources.getFont treats font files and XML files but pre-defined family
name is handled by TextView. Thus, we can early exit if the passed value
is not likely resource path.
This improves the inflation performance.
The score without this patch:
gfx-avg-frame-time-50: 6.9
gfx-avg-frame-time-90: 9.4
gfx-avg-frame-time-95: 10.4
gfx-avg-frame-time-99: 16.7
The score with this patch:
gfx-avg-frame-time-50: 7.0
gfx-avg-frame-time-90: 8.9
gfx-avg-frame-time-95: 9.7
gfx-avg-frame-time-99: 16.5
Measured on bullhead-userdebug.
The APCT perf test improves from
String FontFamily: 200,086 -> 132,561
File FontFamily : 199,256 -> 161,843
XML FontFamily : 203,681 -> 158,553
Measured on angler-userdebug.
Bug: 38232467
Test: UiBenchmark
Change-Id: Ia601ae7207ae8c60848c9efdbb9396267a57257c
- Now keep track of the time a job was enqueued, and order
the pending list by that.
- Added configuration constants for rescheduling: maximum
times to reschedule, minimum backoff times.
- Fixed printing of active jobs -- the method to get the current
JobStatus was old and didn't require the caller to hold a
lock, so made a copy, which didn't contain all the data we were
interested in. Now with our simple locking, we can just make
that require the caller hold a lock and return the real
JobStatus object.
- Include oom_adj and procstate when printing information about
processes being killed.
- Expanded documentation of BroadcastReceiver.goAsync().
Test: bit CtsJobSchedulerTestCases:*
Change-Id: I2e45f181e45be9836c74cbff1b844ffdf6e93019
to account for AdaptiveIconDrawable type of shortcuts
Test: builds for now.. If Makoto is happy with this change, will add tests
b/37743074
Change-Id: Ieecd95d621db57f858fac449d3bcedd173c8607c
If @empty is encountered in XML, do not fallback
to searching through the theme.
Bug: 36891052
Test: make aapt2_tests
Test: bit CtsContentTestCases:android.content.res.cts.TypedArrayTest
Change-Id: Ie3bf7b70af9c7913513a1092afd95d26bec5e635
