Combination of moving to existing public API, tagging things as
@TestApi, and bringing utility methods into tests.
Bug: 13282254
Test: atest cts/tests/tests/os/
Change-Id: Ifd24c0d048d200e8595e194890cc1dc53ddc2b3e
When an app starts becoming Direct Boot aware, it can be difficult
to track down all the places they're reading data from credential
protected storage.
When a user is locked, credential protected storage is unavailable,
and files stored in these locations appear to not exist, which can
result in subtle app bugs if they assume default behaviors or
empty states. Instead, apps should store data needed while a user
is locked under device protected storage areas.
Bug: 110413274
Test: atest cts/tests/tests/os/src/android/os/cts/StrictModeTest.java
Change-Id: Ia390318efa6fefda8f10ac684d0206e67aa1d3dc
We're almost out of bits, and we don't really need to smash both
thread and VM policy into the same 32-bit value, so use the lower
16-bits for each policy type and the upper 16-bits for penalty.
ActivityManager is only consulting the penalty bits, so we can
remove getViolationBit() and switch CTS over to doing instanceof
checks.
Bug: 110413274
Test: atest cts/tests/tests/os/src/android/os/cts/StrictModeTest.java
Change-Id: I760e6a28f56da66dc75b7df9daf2167ff5bdff50
When an app starts becoming Direct Boot aware, it can be difficult
to track down all the places they're implicitly relying on
PackageManager filtering behavior.
For example, if the current Launcher isn't Direct Boot aware, we
hide it until the user is unlocked, which could confuse other Direct
Boot aware apps into thinking it had been uninstalled, which could
cause data loss.
This change helps apps track down places where they're implicitly
relying on the automatic filtering; they should instead carefully
choose a combination of MATCH_DIRECT_BOOT flags to decide on the
explicit matching behavior they want.
To implement this, we partially migrate the updateFlags() methods
out into ApplicationPackageManager, since the checking needs to
happen on the client side to correctly report StrictMode
violations. We don't currently mutate the flags, but we retain
the naming to keep that door open in the future.
Test: manual
Bug: 110413274
Change-Id: Iff6feba19da81ea1b4eeb3af821c3bdfbd9bf17c
Files on disk can sometimes contain content that should be redacted
based on the permissions of the remote caller. (For example, EXIF
data containing location information shouldn't be visible to apps
that haven't been granted the location permission.)
This class provides an easy way to "redact" ranges within an
underlying file, without the overhead of making a duplicate copy
of the file, or the limitations of returning a non-seekable FD.
Bug: 110228267
Test: atest android.os.RedactingFileDescriptorTest
Change-Id: I0b3b9f642573f6165e152e7568cdaf55f0af7134
In some situations, path could be null resulting
in a crash.
Test: no crash
Bug: 109730998
Change-Id: I2ce0410162d1327905d690331f461f9187e20906
(cherry picked from commit 6f6154bf04)
Work on issue #109754053: Implement tri-state location in platform
- New background location permission
- New (temporary?) API level for compatibility with old apps
None of this is exposed yet as a public API, that will be
done in the future.
Bug: 109754053
Test: atest FrameworksServicesTests:AppOpsServiceTest
Test: atest CtsPermissionTestCases:AppOpsTest
Change-Id: I986dc871b9e8ed3bf592d2546eadaefb4fefe099
The service and associated code is unused.
Bug: 80462439
Test: build / boot
Merged-In: Ibdfab1b7d2951a0c45e07bd47850af037990841b
Change-Id: Ibdfab1b7d2951a0c45e07bd47850af037990841b
The BinderProxy class is not thread-safe, hence all calls into it
must be serialized. This was achieved by holding the gProxyLock in
JNI code. However, a recent change added calls into BinderProxy
from ActivityManagerService without holding that lock, causing
ConcurrentModificationExceptions.
Instead of dumping debug info from AMS, make the call directly
from JNI, so we can make sure gProxyLock is held correctly.
Also, only dump on debug builds.
Bug: 71353150
Bug: 109701487
Test: sailfish builds, boots, info gets dumped with lowered limits.
Change-Id: I446a71ce4115b9936a01a170401ef98ba3818c0b
doclava was accidentally suppressing all these broken links
in @see tags. This CL fixes issues so we can start enfocing
checks for broken @see links.
Test: make docs
Exempt-From-Owner-Approval: Fixing @see javadoc link issues that are currently completely broken
Change-Id: I767e9fb9842494e5eccef2a7bdeee3877c488b5d
Because we can't always create the range of effects we'd like, we may
need different default intensity levels for different devices. This
works fine for prebaked effects, but for application defined amplitudes
we need to provide a scaling function. In addition, this scaling
function should leave amplitude values untouched in the default state so
that application developers produce the effects they expect.
Bug: 80275800
Test: manual
Merged-In: Ibb552ddfa60891853ebcb1a5567ed6745bb5defe
Change-Id: Ibb552ddfa60891853ebcb1a5567ed6745bb5defe
If a process gets killed because it sends too many proxies,
dump proxy debug info so we can see what types of interfaces
it sends.
Bug: 71353150
Test: builds, output generated
Change-Id: I3a7787cb3fa73b0b4ad223b18cd79f44e22b9ef5
APIs that return package usage data (such as DropBoxManager) must
ensure that callers hold both the PACKAGE_USAGE_STATS permission
and the OP_GET_USAGE_STATS app-op.
Bug: 78355661
Test: Search output directory for binaries that have READ_LOGS but not
USAGE_STATS and find none.
Change-Id: I85e3bad680bb510439d73c7db5cc50cdcb7bbb42
