Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
With my previous CL [1], InputMethodManagerService#setInputMethod() is
now guaranteed to be called only from IInputMethodManager and
IInputMethodPrivilegedOperations as 'adb shell ime set' no longer
directly calls this method (with null IME token).
With this CL, IInputMethodManager#setInputMethod(), which has been
kept just for null IME token rule, is finally gone. This is achieved
by letting InputMethodManager#setInputMethod() directly update
DEFAULT_INPUT_METHOD (and SELECTED_INPUT_METHOD_SUBTYPE) secure
settings if a priviledged component still relies on this undocumented
null IME token rule.
[1]: I6fd47b5cc1e7da7222774df20247a2c69a70f45b
db25df71be
Fix: 114488811
Test: atest CtsInputMethodServiceHostTestCases
Change-Id: I42dd0325b01c527009bf85566ca8ba0766b2294e
Hopefully no one has relied on this undocumented behavior that when
the caller has WRITE_SECURE_SETTINGS then null IME token is allowed in
IMM#setInputMethodAndSubtype().
Note that if the caller had WRITE_SECURE_SETTINGS they can achieve the
same goal by directly updating the following secure settings:
* Settings.Secure.DEFAULT_INPUT_METHOD
* Settings.Secure.SELECTED_INPUT_METHOD_SUBTYPE
Bug: 114488811
Test: CtsInputMethodServiceHostTestCases
Change-Id: Ic5c59299ace16778fc57a4ec2639508564f416a7
It seems that InputMethodManager#getShortcutInputMethodsAndSubtypes()
was designed to be a bit more generalized concept, but in reality it
just ended up being a convenient API that returns a single Voice IME
subtype if exists. As far as we can tell, It has never returned two
or mode pairs. It also has never returned non-voice
InputMethodSubtype.
In order to support per-profile IME mode in InputMethodManagerService
without introducing a bunch of new complexity and technical debt, this
CL re-implements IMM#getShortcutInputMethodsAndSubtypes() based on how
it has been used actually in the ecosystem.
The first thing this CL changes is that
IMM#getShortcutInputMethodsAndSubtypes() no longer takes subtype
locale into account when looking for the best voice IME subtype. This
is because InputMethodSubtype is no longer a recommended way to
represent IME languages. Ignoring subtype locale makes the
implementation much easier to understand and maintain.
The second thing this CL changes is that
IMM#getShortcutInputMethodsAndSubtypes() is now just a utility method
that is implemented in the client side on top of other well-defined
public APIs such as IMM#getEnabledInputMethodList() and
IMM#getEnabledInputMethodSubtypeList(). This means that this API
becomes per-profile IME ready for free once other public APIs become
per-profile IME ready.
[1]: Ibd0f7ef5101013569c303820a3adc9038a97356d
4e4569dab5
Bug: 120709962
Test: AOSP Keyboard still shows voice IME shortcut when the device has
one or more IMEs that expose voice InputMethodSubtype.
Change-Id: Iaf31e9f3213f4e644b64c9658f1b59d371e3c2b4
The initial implementation of AbstractPerUserService assumed the
AbstractRemoteService instances would be created in demand, because that was
the aproach used by Autofill (to minimize the time system service is bound to
the autofill service process).
But for other systems like ContentCapture, it makes more sense to keep a
permanent connection to the remote service, which is running all the time, so
this change changes the infra to allow such permanent connection (which includes
defining an idle timeout value that never unbinds).
Bug: 117779333
Test: atest CtsContentCaptureServiceTestCases CtsAutoFillServiceTestCases
Change-Id: I43386a3fddc56f1dfd6e4e55f243eaa297921123
ResolverActivity now identifies that the intent is a browsable intent,
and thus omits the Always button and replaces it with a settings button
tha can be used to configure the user's wanted behaviour.
Also prints out a message explaining that the user is giving the app
an access to open URLs from a specific host.
Bug: 116610086
Test: manually tested on device (Pixel 2XL) - will add unit test to
document behaviour
Change-Id: I81988b9a4d082bc1e6491186d39532fd283f2ede
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 121237128
Bug: 120783643
Test: m appcompat
Change-Id: Ib7a8bdf3151290aa8a5ca85dc8650612432f0d59
This change adds simple APIs to watch for noted ops. We are now
reporting a callback for every note which could lead to too many
call but until this is found to be the case we stick to the simple
solution. We already have APIs to watch started and stopped ops
which in theory could have the same frequence as noted ops, so
this is consistent to our approach.
bug:117617221
bug:119323172
Test: atest androidx.test.runner.AndroidJUnitRunner
Change-Id: I46c4b00e765eb14df8c30471d2b80dda905b8125
This is often known by the system, though not always. But when
we do know it, it is really useful to maintain that info so we can
do queries like "give me all of the associations that package X is
involved with".
Bug: 121146315
Test: manual
Change-Id: I0dd7aeb9147ecfd65a510d3b2a8bb4a0fbab57e3
This is needed by making the setup wizard use only system-api.
Test: Built, switched USB port state
Change-Id: I8e56859a5b36e7de91691522a34f7d6f62dcbb20
Fixes: 115301401
Log (using TRON)
1. when smart replies and actions are shown in a notification, and
2. when a smart action is clicked.
Bug: 120767764
Test: manual - use logcat to ensure we log the correct values when a
notification is expanded / smart action is clicked.
Change-Id: I85dbc3ee355997142ad71b7b67a759e8fede94b6
Moving forward as we start enabling isolated storage in various
dogfood groups, we'll need to maintain separate values for the
feature flag for both "local" and "remote" opinions. Any strongly
expressed local opinion will always take precidence over any remote
opinion.
Any changes to these feature flags means that we need to invalidate
any PackageManager parsed APKs, since PackageParser changes it's
output depending on the flag state. Since other feature flags are
likely to need this type of invalidation in the future, define the
PackageManager cache using a SHA-1 hash of a collection of values
that should invalidate the cache.
Bug: 112545973
Test: atest android.os.SystemPropertiesTest
Change-Id: Ifafcdf15e40e694eb4126e06981aeb82df51da33
In general cases, we don't have multiple input methods simultaneously.
So that it may not make sense to have multiple focused window in the
system. Especially when there are multiple blinking cursors of input
boxes on different displays, the user may not be able to know which
input box can receive key events. In these cases, we let the system
has only one focused window.
In some cases, there can be multiple input methods simultaneously (one
for each display). To enable multiple users to interact with the
corresponding displays at the same time, we should let the system have
per-display focused window in these cases.
This CL makes per-display focus optional, and also reverts ag/5312657
Fix: 120241480
Fix: 120790099
Test: atest ActivityManagerMultiDisplayTests \
CtsWindowManagerDeviceTestCases \
WmTests
Change-Id: Ie030eed523599b217060887171710692d050e5d8
Track the Wifi Multicast Lock tag.
Also moves some statsd Wifi logging calls out of BatteryStats in
preparation for more detailed statsd wifi logging.
Bug: 68943452
Test: cts-tradefed run cts-dev -m CtsStatsdHostTestCases -t android.cts.statsd.atom.UidAtomTests#testWifiMulticastLock
Test: cts-tradefed run cts-dev -m CtsStatsdHostTestCases -t android.cts.statsd.atom.UidAtomTests#testWifiScan
Change-Id: I13bd5f72393f6065bc3dfa1b72a1ca48a480a682
If apps have already been running on a device before the new isolated
storage feature is enabled, then they should get a "legacy" view
to continue working with minimal disruption. End users will be able
to revoke this legacy access through Settings UI.
This offers the best trade-off possible between keeping existing apps
working, and preserving user privacy moving forward.
Note that this legacy behavior only applies to apps that are already
installed and actively using storage before the feature was enabled;
all newly installed/reinstalled apps will always receive a sandbox.
Bug: 120287776
Test: atest android.appsecurity.cts.ExternalStorageHostTest#testExternalStorageIsolatedLegacy
Change-Id: Ie98e9f89be44ffdb17fe5a0929711ecf5688297a
ART expects the parent of the system server class loader to
be the boot class loader during AOT, so use that at runtime too.
bug: 120039104
Test: boot test
Change-Id: I164f98d319f875d24baa360a4b3d152e8e2fc4d9
New external storage mount mode for installers so
that they can access obb dirs of all apps.
Bug: 111789719
Test: atest android.appsecurity.cts#testExternalStorageObbGifts
Change-Id: Ifab3c0702a431d542a6a3ae82ca8b67d9fcd7506
This allows the system to be configured so that certain applications
are only allowed to do top-level interactions with a hard-coded set
of other applications. This provides static enforcement of certain
security policies like "app A can only interact with the system and
app B, and even if updated can not directly have incoming or outgoing
interactions with other apps."
For example to limit a the package com.google.android.as to only
interact with telephony and contacts (in addition to the core
system):
<allow-association target="com.google.android.as"
allowed="com.android.providers.telephony" />
<allow-association target="com.google.android.as"
allowed="com.android.providers.contacts" />
Also improve procstats output to be able to print all associations
related to a process. (I wanted to be able to do this by package,
but we don't have enough data in associations. :p)
Bug: 111276913
Test: Manual so far
Change-Id: I61b7f2d2b5c2c3d82b278e6678b600b579b19fb7
