These two libraries:
android.hidl.base-V1.0-java
android.hidl.manager-V1.0-java
are being removed from BOOT_JARS. This change facilitates linking to them
for libraries or prebuilts in or before P.
Test: atest android.content.pm.AndroidHidlUpdaterTest
Bug: 77307025
Change-Id: Ic0db24cc68d66f5dbfab126ce7e304eec0bfc969
To implement Settings contextual card. We need this permission to
use CardContentProvider in Settings app.
Test: rebuild and flash ROM
Bug: 114521742
Change-Id: If729b2597a458c26c466e87dfa9b4ddc9c3ef948
android.test.* are built with java_sdk_library and api files are added
by running "make update-api".
android.test.base_static is created for allowing to use
android.test.base as a static library.
Bug:77577799
Test: make -j
Test: make checkapi
Test: make checkapi fails with a random change in the txt file
Test: adb shell cmd package list libraries |\
grep android.test.*
And check the android.test.* libraries
Merged-In: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
Change-Id: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
android.test.* are built with java_sdk_library and api files are added
by running "make update-api".
android.test.base_static is created for allowing to use
android.test.base as a static library.
Bug:77577799
Test: make -j
Test: make checkapi
Test: make checkapi fails with a random change in the txt file
Test: adb shell cmd package list libraries |\
grep android.test.*
And check the android.test.* libraries
Change-Id: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
There are some scenarios under which com.android.proxyhandler is
considered by the framework as never being launched (e.g. if a PAC proxy
is added after a long wait time after an upgrade), which makes all of
its network traffic to be blackholed, due to it being subjected to the
fw_standby firewall chain. Given that all of the outgoing packets from
this app are being dropped, whenever Chrome WebView (or most other apps)
uses a PAC proxy for its networking, it is completely unable to initiate
outgoing connections.
This change whitelists com.android.proxyhandler so that this does not
happen.
Bug: 110762695
Test: dumpsys usagestats' | grep proxy
...
package=com.android.proxyhandler u=0 bucket=5 reason=d ... idle=n
Change-Id: I9e4debc876cbdd2f6ba35928faff8c0beca77ae1
DMService has to use restricted network to do some upgrade form
carrier process. So it needs add
CONNECTIVITY_USE_RESTRICTED_NETWORKS permission since Android Q
is limited preinstalled app permissions.
Bug: 19610688
Test: atest frameworks/base/tests/net/java/android/net/
Change-Id: Ie06e73220b61a5bc09e648b49146c2b81707accc
The two components were mostly independant for a long time. Since
I1e80a3f5e63d02b3859ecf74af21ca4c61f96874 the installation flow does
not grant any permissions anymore and the last connection between these
parts was broken.
The new app "com.android.packageinstaller" in
frameworks/base/packages/PackageInstaller will only handle (side load)
package installtion and uninstallation.
The exisiting app will be renamed to "com.android.permissioncontroller"
and only handle permission granting and permission management.
This change does only minimal cleanup cleanup. In particularly it does
not move any files in the old permissions controller. This is to not
disturb other features currently in development.
This change set also updates the make files to install the two apps on
the appropriate devices.
Further the permisson policy xmls need to be updated to point to the
right packages.
Test: Installed + uninstalled packages
Granted permissions + managed permissions
GtsPackageInstallTestCases
GtsNoPermissionTestCases
GtsNoPermissionTestCases25
GtsPackageInstallerTapjackingTestCases
GtsPackageUninstallTestCases
Change-Id: I2d3796b837fc0049e712c82a990907f305c8febf
Since this permission protects system apis, this is required for
instrumentation tests.
Test: atest com.google.android.suspendapps.gts.SuspendPackagesTest
Bug: 79773970
Change-Id: Ib283018c50cc19c3958bd61e2d19befbf2805cc5
javax.obex is built with java_sdk_library and api files are added by
running "make update-api".
Remove java.obex is from platform.xml, since it will be generated
automatically by soong when the library is built with java_sdk_library.
Bug:77577799
Test: make -j
make checkapi
Change-Id: Ib94955e62582ffbdfc7eb88cd0e494c61757c7aa
org.apache.http.legacy is now built using java_sdk_library. Since the
share lib defintion file for the lib is automatically created and
installed, we don't need to have duplicated entry for the lib.
Bug: 77577799
Test: m -j
Test: adb shell cmd package list libraries shows an entry for
org.apache.http.legacy
Merged-In: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
Change-Id: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
(cherry picked from commit 49c0a86955)
org.apache.http.legacy is now built using java_sdk_library. Since the
share lib defintion file for the lib is automatically created and
installed, we don't need to have duplicated entry for the lib.
Bug: 77577799
Test: m -j
Test: adb shell cmd package list libraries shows an entry for
org.apache.http.legacy
Merged-In: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
Change-Id: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
(cherry picked from commit 49c0a86955)
APIs that return package usage data (such as the new StatsManager)
must ensure that callers hold both the PACKAGE_USAGE_STATS permission
and the OP_GET_USAGE_STATS app-op.
Add noteOp() method that can be called from native code.
Also add missing security checks on command interface.
Bug: 77662908, 78121728
Test: builds, boots
Change-Id: Ie0d51e4baaacd9d7d36ba0c587ec91a870b9df17
This is the "Emergency Info" screen available from the lock screen.
It requires the CALL_PRIVILEGED permission in order for it to be able to
place emergency calls. This can occur if a user adds an emergency number
to their emergency contacts.
Test: make checkbuild
Bug: 76086838
Merged-In: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
Change-Id: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
(cherry picked from commit cdc555f489)
This is the "Emergency Info" screen available from the lock screen.
It requires the CALL_PRIVILEGED permission in order for it to be able to
place emergency calls. This can occur if a user adds an emergency number
to their emergency contacts.
Test: make checkbuild
Bug: 76086838
Change-Id: I76e8318c5c05bbbbdf02d2c6951f742c3bd67ea6
This means that APKs signed with the platform cert are allowed to use
hidden APIs, even if they are not on the package whitelist, and if they are
not in the system image. It will also allow a number of packages to be
removed from the package whitelist.
Also remove all platform cert signed apps from the package whitelist, as
there is no longer any need for them to be in there.
Bug: 64382372
Test: device boots
Change-Id: Id805419918de51f946c1f592581bab36ae79de83
Now that Antons cleanup of all packages is complete, we can generate this
whitelist from those packages that specify
LOCAL_PRIVATE_PLATFORM_APIS := true
This is the resulting list of packages. This change also includes fixes to
the method; previously, packges that didn't specify any certificate may
have been exluded.
Test: Verify that device boots.
This is a cherry-pick of change I1f578322135274b80708d4bb7664f7732ac33cc7
from AOSP.
Bug: 64382372
Change-Id: Iada043cb85f9b3281893ed9a2828771b8f1ef045
- Fix issue with testFinishPipActivityWithTaskOverlay failing due to
new permission check in the system
Bug: 71716434
Test: atest CtsActivityManagerDeviceTestCases:ActivityManagerPinnedStackTests#testFinishPipActivityWithTaskOverlay
Change-Id: Ifbcd6c182d928f5aa5372d2db9fa71a142dc8474
Now that Antons cleanup of all packages is complete, we can generate this
whitelist from those packages that specify
LOCAL_PRIVATE_PLATFORM_APIS := true
This is the resulting list of packages. This change also includes fixes to
the method; previously, packges that didn't specify any certificate may
have been exluded.
Test: Verify that device boots.
Change-Id: I1f578322135274b80708d4bb7664f7732ac33cc7
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I16574374d2c233221cd1305f031f78aca1947f05
(cherry picked from commit 06c8a439f7)
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I16574374d2c233221cd1305f031f78aca1947f05
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: Ia77df2db78adf62a525f08549d71360924f1a3f6
Merged-In: I4c308d93d66391da2d3691eb45e5d7b1c1fdd582
(cherry picked from commit f7e625c19c)
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I4c308d93d66391da2d3691eb45e5d7b1c1fdd582
These commands allow a user to set the time and the timezone
from the shell. The shell now has signature|privileged
SET_TIME and SET_TIME_ZONE permissions.
Bug: 67751701
Test: manual - correctly sets the time and timezone from unrooted adb.
Change-Id: I1d2820fd7dadd8b1f3900c0592eb28210370ce88
This list of packages is derived from all packages in the tree that do not
specify LOCAL_SDK_VERSION in their Android.mk. It was done by:
1. Modifying biuld/core/package_internal.mk to output a warning for all
packages that do not specify LOCAL_SDK_VERSION, including some
metadata about the target.
2. Parsing the output fom the build, then filtering out those that specify
a test certificate, or with LOCAL_MODULE_TAGS := tests, that depend
on android.test.runner or whose name includes "Test"
3. Look up the java package name of each & build the list from these.
Test: N/A, this change is a no-op while all system apps are excluded
from the checks.
BUG: 73244707
Change-Id: Ie3dcb1b4b83c32e93609bc58dc7a1cd513eeea64
Some packages in the system image are not built against the SDK, so
enforcing hiddenapi checks for these will break them. Add a whitelist
for such packages.
For now, just add the contacts provider to the whitelist. The list will be
further populated later.
Test: Added test app package name to whitelist to verify.
Bug: 73244707
Merged-In: I94746b7f12dd9371d5068bb235eb853f63ee4d97
Change-Id: I1cbbd220c61b1b4b767c301f97096607ee902a7b
Some packages in the system image are not built against the SDK, so
enforcing hiddenapi checks for these will break them. Add a whitelist
for such packages.
For now, just add the contacts provider to the whitelist. The list will be
further populated later.
Test: Added test app package name to whitelist to verify.
Bug: 73244707
Change-Id: I94746b7f12dd9371d5068bb235eb853f63ee4d97
System singed components can watch for starting/finishing of
long running app ops. Also protected the APIs to watch op mode
changes with a singature permission for the cross-uid use case.
Test: atest com.android.server.appops.AppOpsActiveWatcherTest
bug:64085448
Change-Id: Id7fe79ce1de4c5690b4f52786424ec5a5d9eb0fa
Public EuiccManager and other related necessary files.
Mark EuiccCardManager and other related necessary files as @SystemApi.
Solve lint errors and warnings.
Bug: 35851809
Test: test on phone
Change-Id: I8a2c78804cae56b679d311d613edca5be4bc2522
Merged-In: I68853e134e1e31fa9b91a83af6c491a2a8cca971
Public EuiccManager and other related necessary files.
Mark EuiccCardManager and other related necessary files as @SystemApi.
Solve lint errors and warnings.
Bug: 35851809
Test: test on phone
Change-Id: I68853e134e1e31fa9b91a83af6c491a2a8cca971
When sending outbound callbacks on CELL_INFO and CELL_LOCATION, check to
make sure that the user has authorized us and the receiving app to get
information on their location.
Bug: 69637693
Test: manual: telephony testapp
Change-Id: Iacfc894428b11a7ec973567d7a797eedb281355f
