Moving forward as we start enabling isolated storage in various
dogfood groups, we'll need to maintain separate values for the
feature flag for both "local" and "remote" opinions. Any strongly
expressed local opinion will always take precidence over any remote
opinion.
Any changes to these feature flags means that we need to invalidate
any PackageManager parsed APKs, since PackageParser changes it's
output depending on the flag state. Since other feature flags are
likely to need this type of invalidation in the future, define the
PackageManager cache using a SHA-1 hash of a collection of values
that should invalidate the cache.
Bug: 112545973
Test: atest android.os.SystemPropertiesTest
Change-Id: Ifafcdf15e40e694eb4126e06981aeb82df51da33
In general cases, we don't have multiple input methods simultaneously.
So that it may not make sense to have multiple focused window in the
system. Especially when there are multiple blinking cursors of input
boxes on different displays, the user may not be able to know which
input box can receive key events. In these cases, we let the system
has only one focused window.
In some cases, there can be multiple input methods simultaneously (one
for each display). To enable multiple users to interact with the
corresponding displays at the same time, we should let the system have
per-display focused window in these cases.
This CL makes per-display focus optional, and also reverts ag/5312657
Fix: 120241480
Fix: 120790099
Test: atest ActivityManagerMultiDisplayTests \
CtsWindowManagerDeviceTestCases \
WmTests
Change-Id: Ie030eed523599b217060887171710692d050e5d8
If apps have already been running on a device before the new isolated
storage feature is enabled, then they should get a "legacy" view
to continue working with minimal disruption. End users will be able
to revoke this legacy access through Settings UI.
This offers the best trade-off possible between keeping existing apps
working, and preserving user privacy moving forward.
Note that this legacy behavior only applies to apps that are already
installed and actively using storage before the feature was enabled;
all newly installed/reinstalled apps will always receive a sandbox.
Bug: 120287776
Test: atest android.appsecurity.cts.ExternalStorageHostTest#testExternalStorageIsolatedLegacy
Change-Id: Ie98e9f89be44ffdb17fe5a0929711ecf5688297a
New external storage mount mode for installers so
that they can access obb dirs of all apps.
Bug: 111789719
Test: atest android.appsecurity.cts#testExternalStorageObbGifts
Change-Id: Ifab3c0702a431d542a6a3ae82ca8b67d9fcd7506
This allows the system to be configured so that certain applications
are only allowed to do top-level interactions with a hard-coded set
of other applications. This provides static enforcement of certain
security policies like "app A can only interact with the system and
app B, and even if updated can not directly have incoming or outgoing
interactions with other apps."
For example to limit a the package com.google.android.as to only
interact with telephony and contacts (in addition to the core
system):
<allow-association target="com.google.android.as"
allowed="com.android.providers.telephony" />
<allow-association target="com.google.android.as"
allowed="com.android.providers.contacts" />
Also improve procstats output to be able to print all associations
related to a process. (I wanted to be able to do this by package,
but we don't have enough data in associations. :p)
Bug: 111276913
Test: Manual so far
Change-Id: I61b7f2d2b5c2c3d82b278e6678b600b579b19fb7
As part of storage privacy work in Q, we're trying to help users
understand the impact of OPEN_DOCUMENT_TREE choices, and the best way
is to show statistics about what's actually contained inside a tree.
Define "count" and "size" statistics, and populate them for all
FileSystemProvider instances.
Bug: 117975747
Test: atest android.provider.cts.DocumentsContractTest
Change-Id: Ib3f8f208c619141c26abaee0137641f12b009c8f
Currently checkParcel might throw for instance although this is not
enabled by default.
Test: atest binderLibTest BinderWorkSourceTest BinderCallsStatsServiceTest
Change-Id: Ia836da7daa690dfa176d48cfe86ca4b7eb7cccc6
Bug: 120096113
Test: Build with built-in libraries that declares new depedency flag, no
more boot errors (tested with cheets_x86_64 and crosshatch_userdebug)
Change-Id: I6b3e2ab7626ed8f04c0bf1a5b3c32204a2f2c56b
Sometimes, very similar devices share the same exact images but use
slightly different hardware. In this case, they distinguish themselves
with skus like ro.boot.product.hardware.sku. This SKU is also used to
distinguish between which HALs are exposed in the VINTF manifest.
In this CL, we add the following locations to read from:
odm/etc/sysconf/sku_${sku}/*.xml
odm/etc/permissions/sku_${sku}/*.xml
Only the configurations already available to be set from the ODM image
can be set here.
Bug: 119129238
Test: boot
Test: manually use unavailable-feature from odm sku directory
Change-Id: I465ac818e5c68f1118668f13b45940fd8fa0fa62
Hopefully no one has relied on this undocumented behavior that when
the caller has WRITE_SECURE_SETTINGS then null IME token is allowed in
IMM#switchToLastInputMethod().
Bug: 114488811
Test: CtsInputMethodServiceHostTestCases
Change-Id: Icb02c9bb52b11cff39b222198f4b67984676b9a6
It turns out that we had already rejected null IME token in
InputMethodManager#switchToNextInputMethod() since Android L [1].
Hence there is no need to keep this IPC any more.
There should be no developer-visible behavior change.
[1]: I043aa30a19c821f33effd57dfd6590b0e3ed817b
34c666472137a99a2ce5546b80bd04979d10ab7a
Bug: 114488811
Test: atest CtsInputMethodServiceHostTestCases
Change-Id: I72ee82d62e3bdce44f623604eca86ab3fe3df0bd
Since the NavBar will be supported for multi-display, for
single session IME, it will be possible that IME switcher icon
will shown on external display.
Add IMMS#showInputMethodPickerFromSystem for system modules (i.e.
Settings or SystemUI) to pass displayId for creating right display
context, so that IME switcher dialog can shown on the display
correctly.
Also Add a TODO item for ACTION_SHOW_INPUT_METHOD_PICKER notification
that currently only support showing IME picker for default display,
this should support per display after supporting status bar per display.
Bug: 119933861
Fix: 120050928
Test: manual, verify IME switcher dialog can shown on external display
when tapping IME switcher icon on external navbar.
Test: atest InputMethodManagerTest#testShowInputMethodPicker
Change-Id: Ic7d7c5a7ad8005a3fbd9d1c1b73e3c5a39a07001
When setting a password from DPM.resetPassword(), the actual quality of the
password was not passed to LockSettingsService (instead, the minimum required
quality was passed which is often UNSPECIFIED). As a result, during FRP we
would see inconsistent state and skip it.
Bug: 110172241
Test: Set credential via DPM.resetPassword(), factory reset device to trigger FRP, verify FRP shows.
Change-Id: I54376f60ac53451ace22965d331b47cd8c2e614e
- Set ThreadLocalWorkSource to the work source uid when app has the
UPDATE_DEVICE_STATS permission. We only enable that in system server for
now.
- By default, set ThreadLocalWorkSource to the calling uid since we
always trust this value.
- If an app sets a work source uid without having the right permission,
we just ignore it (we do not throw an exception)
A follow-up commit will update the code to use the worksource from the
beginning of the call. Currently we get the work source at the end
inside of BinderCallStats, however the value might have been changed
when executing onTransact.
Test: atest binderLibTest BinderWorkSourceTest BinderCallsStatsServiceTest
Change-Id: I351b8ac2b31feececc46c73f373f198b9b603c7e
In this CL, we add parameter displayId in some IStatusBar APIs and also
group flags into an inner class and make it exist per display.
TODO: 1. We left SystemUi implementation in later CL.
2. Investigate which part of disable should support multi-display
after main function completes.
3. Refactor registerStatusBar as an IStatusBar API.
Note: remove mLightsOutListener in NavigationBarTransitions since no one uses it.
Test: atest SystemUITests
Bug: 117478341
Change-Id: Ie50a72f5d18e1f055ff2be4f1d7ac06da0117051
Binder/Looper stats data is collected only when the device
is on battery. Adding the time on battery to dumpsys output
will make it easier to analize the data.
Test: UT and manually checked dumpsys output
Change-Id: I0536e718399181cb62f5de6bbd24a6fb73c26e7e
Fixes: 120092266
Test: - install apk https://drive.google.com/file/d/1eh2mCz-0Ymm4TghOaf46ZHdn2-M8bm6i/view?usp=sharing
- hardcode DefaultPermissionGrantPolicy to always run on reboot
- adb reboot
- ensure device bootloobs with an error from attached bug
- apply fix
- ensure device no longer bootloops
- ensure no error in logcat
Change-Id: If2387e963b63231b0b99a55fdb7e75187d07bd07
Inline image will consume 3x memory due to no cache implementation.
This patch apply cache mechanism to each ExpandableNotificationRow and
preloads images before inflation task.
Bug: 77956056
Test: runtest systemui, observe memory usage by AndroidProfiler
Change-Id: I2c488b1d98ddf2d4670904ed4b3e8028c0d0172e
