This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
Add NETWORK_SCAN to shell permissions to enable CTS testing of the
network scan changes
Bug: 126779616
Test: CTS
Change-Id: I1f75c9005620b3b0e06f066677cba6190f1d266c
Fix runtime error that was being thrown as Looper.prepare() was not called
in the async function doInBackground.
Bug: 124612105
Test: Was not able to reproduce the bug (that is make code execution flow
through the catch block).
* Reproduced by throwing IOException in the try block so that code flows
to the catch block.
* Build and flash.
* Take interactive bugreport and change title and name of the bugreport from
the progress bar.
Merged-In: I6a5ea594d95462e1c66bd28eb81dd5f4daa6f35e
Change-Id: I6a5ea594d95462e1c66bd28eb81dd5f4daa6f35e
(cherry picked from commit b7a6549654)
Fix runtime error that was being thrown as Looper.prepare() was not called
in the async function doInBackground.
Bug: 124612105
Test: Was not able to reproduce the bug (that is make code execution flow
through the catch block).
* Reproduced by throwing IOException in the try block so that code flows
to the catch block.
* Build and flash.
* Take interactive bugreport and change title and name of the bugreport from
the progress bar.
Change-Id: I6a5ea594d95462e1c66bd28eb81dd5f4daa6f35e
Add Shell permission for new CTS tests to test the multi-display
functionality in WallpaperService/WallpaperManagerService.
Bug: 123707989
Test: atest WallpaperManagerMultiDisplayTests
Test: atest ActivityManagerMultiDisplayTests
Change-Id: Id97db050a0b9d1940c2dfaa793fbe526df578105
This change adds PACKET_KEEPALIVE_OFFLOAD to shell, which allows
shell or code with shell permission identity to use privileged
tcp keepalive offload API.
Bug: 114151147
Test: -atest ConnectivityManagerTest#testCreateTcpKeepalive
-build, flash, boot
Change-Id: Ib6660a5eaa72f83042596481452be4d415383f02
Shell app needs the permission when we run KeyguardManager CTS for
allowing private notifications as a privileged app.
Bug: 127351183
Test: m -j
Change-Id: I199bac8c8fed9ff0fc63b8c62f8002a6b273b28f
Only allow rollback to be enabled on the modules included in a mainline
update. We don't want to support rollbacks for all apks in general yet.
Enforce that only installers granted the MANAGE_ROLLBACKS permission can
enable rollback for a package.
Introduce a new TEST_MANAGE_ROLLBACKS permission that can be used to
enable rollback on packages that are not modules. This allows us to
continue testing rollbacks, given we can't do a mainline update as part
of the rollback tests.
Test: atest RollbackTest, with new tests for permissions added.
Bug: 128277794
Change-Id: I29ab9a750a1283592b8a855322ece516e42260ca
This commit adds a new permission for test networks, granted to the
shell permission identity.
Bug: 124519473
Test: In-progress CTS tests
Change-Id: I995b93a66d283b9e37381b616843dd44dbafe319
This allows testing relevant APIs in CTS tests. The listener itself
only gives the changed role name and user affected.
Bug: 125404675
Test: build
Merged-In: I5c979a26dae103ea1b633c2119c59363d8953aa2
Change-Id: I29ca1827e597d318cbd74ba3e70796c5853a9dc4
This allows testing relevant APIs in CTS tests. The listener itself
only gives the changed role name and user affected.
Bug: 125404675
Test: build
Change-Id: I5c979a26dae103ea1b633c2119c59363d8953aa2
* Add cancelBugreport method.
* Remove unused arguments to onFinished listener call.
* Publish the system service now that sepolicy for it
is submitted.
* Use the new bugreportd service.
Test: boots
BUG:111441001
Change-Id: I12d72e0e1f4ca72d285fd02a3fc1a44f5c179885
Test Harness Mode is a feature for device farms that want to wipe
their devices after each test run. It stores the ADB keys in the
persistent partition (used for Factory Reset Protection) then performs
a factory reset by broadcasting the MASTER_CLEAR intent.
Upon rebooting, the Setup Wizard is skipped, and a few settings are set:
* Package Verifier is disabled
* Stay Awake While Charging is enabled
* OTA Updates are disabled
* Auto-Sync for accounts is disabled
Other apps may configure themselves differently in Test Harness Mode by
checking ActivityManager.isRunningInUserTestHarness()
Bug: 80137798
Test: make && fastboot flashall -w
Test: adb shell cmd testharness enable
Change-Id: I91285c056666e36ad0caf778bffc140a0656fcfa
