As general background, OWNERS files expedite code reviews by helping
code authors quickly find relevant reviewers, and they also ensure
that stakeholders are involved in code changes in their areas.
Some teams under frameworks/base/ have been using OWNERS files
successfully for many years, and we're ready to expand them to cover
more areas. Here's the historical coverage statistics for the last
two years of changes before these new OWNERS changes land:
-- 56% of changes are fully covered by OWNERS
-- 17% of changes are partially covered by OWNERS
-- 25% of changes have no OWNERS coverage
Working closely with team leads, we've now identified clear OWNERS on
a per-package basis, and we're using "include" directives whenever
possible to to simplify future maintenance. With this extensive
effort, we've now improved our coverage as follows:
-- 98% of changes are fully covered by OWNERS
-- 1% of changes are partially covered by OWNERS
-- 1% of changes have no OWNERS coverage
This specific change is automatically generated by a script from
detailed ownership information confirmed by team leads.
Bug: 174932174
Test: manual
Exempt-From-Owner-Approval: refactoring with team leads buy-in
Merged-In: I9789c97c1de8e5d962b48c29c57d82fe83729eba
Change-Id: I9789c97c1de8e5d962b48c29c57d82fe83729eba
This is a transitional step towards truth 1.0.1, where these APIs have
been completely removed.
Bug: 168765701
Test: m checkbuild
Exempt-From-Owner-Approval: Cherry-pick of no-op refactor into another branch
Merged-In: I26ab5ab82bb939bbd9553c05387ac8641eb468b4
Change-Id: I26ab5ab82bb939bbd9553c05387ac8641eb468b4
(cherry picked from commit 4697f76edd)
The reason is passed to app exit info so a given app can get more
information about why their app was killed in the event of permission
revoke.
Test: atest RevokePermissionTest ActivityManagerAppExitInfoTest#testPermissionChangeWithReason
Fixes: 159659620
Change-Id: Id711667eb2c1579ecb2a1b83a62af3cc7862d5f6
Based on feedback during the API review of the new SystemAPI for
telephony to check device identifier access the method was moved
from DevicePolicyManager to a more generic location to perform
the non-subscriber portions of the check.
Bug: 147761267
Test: atest TelephonyPermissionsTest
Test: atest PermissionManagerServiceTest
Test: atest DeviceIdentifierTest
Test: atest DeviceOwnerTest#testDeviceOwnerCanGetDeviceIdentifiers
Test: atest TelephonyManagerTest
Test: atest DeviceOwnerTest#testDeviceOwnerCannotGetDeviceIdentifiersWithoutPermission
Test: atest ManagedProfileTest#testProfileOwnerOnPersonalDeviceCannotGetDeviceIdentifiers
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testProfileOwnerCannotGetDeviceIdentifiersWithoutPermission
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testProfileOwnerCanGetDeviceIdentifiers
Change-Id: Ic1867dad0b2369f2dc1a7d31facb65f89131376f
This introduces extra attributes on <application/> tag corresponding to
requesting to be shown in UI for the user to disable auto-revoke
(allowDontAutoRevokePermissions)
and being whitelisted by the installer (dontAutoRevokePermissions)
Test: presubmit
Bug: 146513245
Change-Id: I07902632812b70ea418a667d343b74d7ae170bb9
This also parallelizes flag updating.
Currently, the broadcast listener is disabled, due to test flake, so it
will not update on app install/changes
Bug: 141311767
Test: - on first boot go to permissions screen, and ensure system apps
categorization makes sense
- install app that requests location, and ensure it's not listed
as system app in permission screen
Change-Id: I37ea4b196313fe9fa71150c21e7cca591067d572
If the version of the permsision controller is different than what was
persisted then call the upgrade controller defined in the permission
controller.
Exempt-From-Owner-Approval: Got verbal approval from an OWNER
Bug: 148595539
Test: Manual; verify the version is persisted in runtime-permissions.xml
verify the upgrade is run when changing the version number
move runtime-permissions.xml to old location, verify works
Change-Id: I873ea4d5a0f1f66fed121e38cc6be62fa046a210
The code for caching permission queries incorrectly used the UID of
the calling process instead of the Context UID when asking
PermissionManagerService whether a package (identified by name) has a
permission. As a result, permission checks produced incorrect results
for certain cross-user scenarios. This CL makes the checking UID part
of the package-name-based permission query.
Test: atest com.android.car.VmsPublisherSubscriberTest
Bug: 150172373
Bug: 150025558
Bug: 150140220
Change-Id: I903a9e79fbbba97ea987120066817eeea9b01d51
We use the package settings class as a central point for invalidating
on package information changes; for permission changes, we invalidate
from inside the individual permission data objects.
Bug: 140788621
Test: boots, package tests (pending)
Change-Id: Iec14d4ec872124e7ef4612c72d94c89a7319ace0
In this change we introduce new system api to manage tracking apps for
inactivity when they hold one-time permissions. The api includes adding
a package, removing a package, and a callback to notify the app has gone
inactive and which permissions are considered one-time.
Also introduce a new permission flag so that it is possible to determine
if a currently granted permission is one-time.
Test: Manual
Bug: 136219229
Change-Id: Iac3cb776a0204c64953f0a03abe76c8e320c9e56
and revokeDefaultPermissionsFromLuiApps from PermissionManagerService to
Permmission Manager
Bug: 142019744
Test: Build
Change-Id: Ic39e1a66b650e7969242eb2116f342de488b1ca6
In AOSP the permission backup+restore is driven by the system server,
but some OEMs might drive it from an app. Hence allow a privilidged app
to backup + restore permission backups.
Test: atest CtsBackupTestCases
Fixes: 141007569
Change-Id: Ic89b476948872c491de8ea54b83667afc0183bb4
This is known to take 500ms and affects only UI,
so can be done async
Test: Ensure nothing looks badly broken; presubmit
Fixes: 139485700
Change-Id: I2b83b51ec5b002e08986019b4b6be3d681741544
Creating a SystemConfig from a non-system process is taking 500+ ms.
This CL instead exposes the needed split permissions from system_server
to optimize performance.
Tested locally and creating PermissionManager / retrieving SystemConfig
is now less than 1 ms.
Bug: 139828734
Bug: 139485700
Fixes: 139828734
Test: Added systrace / logs to PermissionController app and traced
runtime of onGrantDefaultRoles().
Change-Id: I111403e8dae3bc2b0acafc32e61aa5cd890fea29
To prepare for enabling MissingNullability Metalava check this CL
works on adding missing nullability issues that metalava flags if
we tell it to flag new things since API 29.
This is not a complete CL, mostly addresses public api and
toString/equals for @SystemApi
Exempt-From-Owner-Approval: Large scale nullability clean up
Bug: 124515653
Test: make -j checkapi
Change-Id: I109260842cfc25f06e40694997fcbb4afa02c867
This should be the last method movement. More work needs to
happen with the intenral APIs between the permission manager
and the package manager. There is still a lot of package
manager internal logic inside the permission manager.
Bug: 135279435
Test: atest PermissionUpdateListenerTest
Test: atest android.content.pm.cts.PackageManagerTest
Test: atest android.permission2.cts.RestrictedPermissionsTest
Change-Id: Iec118d198cb4ce3c4789991ddbdd2928dbc4bf6f
These were the last few APIs that used the permission callback.
Completely remove it from the package manager and full implement
in the permission manager.
Bug: 135279435
Test: atest PermissionUpdateListenerTest
Test: android.content.pm.cts.PackageManagerTest
Test: android.permission2.cts.RestrictedPermissionsTest
Change-Id: Iab7c20215c907f4718f78a98fb96afec9fef6780
Also while doing this, it made sense to move the permission change
listener to the permission manager [it resulted in fewer hacks to
get the two sides to talk to one another].
Bug: 135279435
Test: atest PermissionUpdateListenerTest
Test: android.content.pm.cts.PackageManagerTest
Test: android.permission2.cts.RestrictedPermissionsTest
Change-Id: Ie08701dfe999cd435335103f4b4daeaa0b31ef10
