This permission is needed for wifi CTS tests.
Is the minimally scoped permission that needs to be added?
- Yes, this only allows the app to influnce wifi vs lte network
selection algorithm.
What options did you explore that did not need this permission?
- Without this permission, it would be impossible to test these API's:
WifiManager.setWifiConnectedNetworkScorer()
WifiManager.clearWifiConnectedNetworkScorer()
WifiManager.clearWifiConnectedNetworkScorer()
WifiManager.addOnWifiUsabilityStatsListener()
Bug: 150236894
Test: Device boots up.
Change-Id: Ic173e44ab818cdfecebde80715ddaec347019db6
Add MODIFY_DEFAULT_AUDIO_EFFECTS permission to shell which
is needed to run GTS tests on @systemApis for
audio effects control.
Bug: 148703417
Test: run gts -m GtsAudioTestCases -t com.google.android.audio.gts.DeviceEffectTest#testCreateDeviceEffect
Change-Id: Iba579001aeffd85743850727135a6f536579ea17
- This is a *temporary* permission that we are using to set the system
rotation setting via the launcher settings. The framework uses the
same setting for forced-rotation, but this currently only is scoped to
launcher so it makes more sense as a launcher setting than as a
developer option (and we plan on removing it shortly). We are working
with jjaggi@ and caen@ to coordinate the fw and launcher settings.
Bug: 151611270
Test: Manual
Change-Id: If371cac4d580785ed1714c82a67b995a40ecf9a6
CaptivePortalLogin is not a privileged app, so it cannot get these
permissions anyway.
Test: CaptivePortalLogin working without the permissions
Bug: 151214275
Change-Id: I283b8068b9eada28d92c9d550473106a1b680a27
Merged-In: I283b8068b9eada28d92c9d550473106a1b680a27
(cherry picked from commit 53839762d4)
The hidden API is used by SystemUI process to adjust the system UI based
on when a certain camera is opened or closed.
Test: Manually observe callbacks in SystemUI when running camera CTS
Bug: 150540299
Change-Id: I04cae782d96f0e32be8ef588dcd328f84b32887a
The dialog can only be requested if the package of the controls provider is
currently in the foreground.
This is accomplished by querying Activity Manager about the
UidImportance of that package. Added
android.permission.PACKAGE_USAGE_STATS to SystemUI for this.
Test: atest
Test: manual
Fixes: 149410221
Change-Id: Ifdf479d8dbc70502da95d362e3bfd60ad3c561fb
This was suggested by the share sheet team and I checked that this
permission only narrowly adds the ability to present a nicer share
target.
The default print service cannot be renamed "print" as the name of the
app shows up on other print UI.
Bug: 150646365
Test: Checked permission after boot
Change-Id: I3aa5900605bda90ce0cb58a09fe08128bf4c9531
Make REGISTER_STATS_PULL_ATOM permission available to Shell to allow
testing it in gts.
Is the minimally scoped permission that needs to be added?
Yes, it is the only permission to register pulled atoms.
What options did you explore that did not need this permission?
I explored expanding the permission to be development in addition to
privileged, and giving the permission to gmscore. However, this solution
was recommended to me by the GTS team. If there are better ways to enable
testing the API in GTS, I am open to feedback.
Test: atest GtsStatsdHostTestCases
Bug: 150329323
Change-Id: I103d937842beaa2d918181b1a952d27179411dcc
This permission is needed for some wifi CTS tests.
Is the minimally scoped permission that needs to be added?
- Yes, this only allows the retireval of the saved wifi network
credentials on the device.
What options did you explore that did not need this permission?
- Possibly creating a UI to ask for manual entry of network credentials.
But, that would not let us do automated CTS tests (will need to become
CTS verifier tests then).
Bug: 150236894
Test: atest android.net.wifi.cts.WifiNetworkSpecifierTest
Change-Id: I6881003510191f667950be1ab27a5399fe3914b4
Add the required permissions for querying PlatformCompat to the
whitelist for TelephonyProvider.
This is the minimum scoped permission -- PlatformCompat only defines two
permissions for access (read and write) and we need both.
The alternative for using these permissions is to not call
PlatformCompat and enforce the new behavior on all apps. This was deemed
unacceptable by the app compat team because it was breaking some popular
apps.
Bug: 144631034
Test: atest TelephonyProviderHostTest
Change-Id: I43a0a66ae381caf8d9e21d0f14d471b20a4e44af
1. This is a minimally scoped permission (which allows the new WiFi API's
to silently connect to a wifi network).
2. I explored writing a GTS test instead of a CTS test, with the idea being that it would run inside the Android Auto user. Unfortunately the API under test requires two permissions, MANAGE_COMPANION_DEVICES and COMPANION_APPROVE_WIFI_CONNECTIONS. Android Auto will only have COMPANION_APPROVE_WIFI_CONNECTIONS, and if I elevate to Shell privileges the test will have MANAGE_COMPANION_DEVICES, but not COMPANION_APPROVE_WIFI_CONNECTIONS. Beyond this, I've been told that it's better for us to test this API in CTS than what it is under GTS.
The addition of the permission to androis.os.shell could theoretically allow it to connect to a WiFi network using the new WiFi APIs without the user being prompted. Android R will still allow the legacy WiFi API's which also allow wifi connections without users being prompted without this permission. Android Auto requires the new API's as they better handle cases of connecting to WiFi networks with no internet access. The old API's will not always result in fallback to LTE, whereas the new ones do that.
Test: Unit test in separate change.
Change-Id: Ifd8ae6b7e53307ea8973406fdefa468dfa679bda
Bug: b/147748710
In Android 10 access to device identifiers was moved from a runtime
permission to the privileged READ_PRIVILEGED_PHONE_STATE permission.
One of the non-resettable identifiers missed was SubscriptionInfo#
getIccId. The contacts provider currently uses this ID to upgrade
to version 1003 of the database; to ensure there are no issues with
this upgrade this permission is being whitelisted for the contacts
provider.
Bug: 131909991
Test: atest ContactsProviderTests
Change-Id: I7574f787a7e55aa0337237b9fe916ee143a2f697
Merged-In: I7574f787a7e55aa0337237b9fe916ee143a2f697
(cherry picked from commit 7b484438ec)
Created a SurfaceFreezer class which lives in WindowContainer
and manages/will-manage per-container freezing (snapshots).
This replaces the one-off change transition code.
Change Transitions used to create its own temporary leash
on initialization and that leash would be replaced/cleaned-up
as soon as the animation leash was created.
Now, the SurfaceFreezer creates the animation leash immediately
and SurfaceAnimator can take a SurfaceFreezer instance when it
starts an animation. At this point it will take the leash that
was already created by the freezer and use that. This removes
the messy reparenting/cleanup.
To deal with this, though, leash callbacks into Animatable
needed an extra stage: onLeashAnimationStarting. This is called
when SurfaceAnimatior is actually starting to animate the leash.
Next, DC.mChangingApps was converted to list of WindowContainers
rather than ActivityRecords. Some of the existing change code was
cleaned up (ie. there was some visibility stuff that doesn't make
sense because changing apps are visible->visible) and some of the
Activity-specific functions were generalized. For now, there are
a couple things that use the top-activity for changing Tasks.
The result of this means that windowing-mode change transition can
now fully live at the Task level. This also should allow freezing
at any hierarchy level which enables app-freezes that don't freeze
the whole screen and potentially mixed seamless/snapshot-based
rotations.
Bug: 149490428
Test: existing tests pass. Manually open app in freeform and
maximize/restore it.
Change-Id: Ib32524ebbbb084a98442d3d035897306a11ee6c2
(cherry picked from commit e55b9e0f9d)
Introduce IWindowToken to report config/display changes from
server side. When config change callback is received,
it will update the resources associated with the window token.
Test: WindowContextTests
Bug: 128338354
Bug: 146820733
Change-Id: I871bd78a21dbde1286786e65c340b6259b873660
imageValidationThrowOrWarning() logs the error as a warning if device
bootloader is unlocked, else re-throw the error.
Device lock state is queried via PersistentDataBlockManager service.
Bug: 128892201
Test: adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
--el KEY_USERDATA_SIZE 8192 \
-d file:///storage/emulated/0/Download/aosp_arm64-dsu_test.zip \
--es ${IMAGE_KEY}
Test: Observe the logcat
Change-Id: I895e70d90624afda2bf7cd3b34ea8d21a1702163
... and any other display that isn't considered a public presentation
display, as per Display.isPublicPresentation()
Bug: 141745510
Test: atest CtsWindowManagerDeviceTestCases:PresentationTest
Change-Id: I2aaab1903dee54190338f7b6e49888aa51437108
UsageStats will return obfuscated NOTIFICATION_SEEN or
NOTIFICATION_INTERRUPTION events to callers of #queryEvents
and #queryEventsForUser if they don't hold the MANAGE_NOTIFICATIONS
permission.
Additionaly, refactor the query API in UsageStats to take in flags as
defined in UsageEvents to make future obfuscation/visibility parameters
cleaner.
Also, add the MANAGE_NOTIFICATIONS permission to shell for CTS test.
Bug: 144724524
Test: atest android.app.usage.cts.UsageStatsTest
Test: atest com.android.server.people.data.UsageStatsQueryHelperTest
Test: atest android.content.pm.cts.shortcutmanager.ShortcutManagerUsageTest
Change-Id: I118de7e589ac8dd5924d3740c70903fa484b79b5
This is required for the provisioning cross-profile consent screen which
is used to take some apps off INTERACT_ACROSS_USERS.
Hidden API CrossProfileApps#setInteractAcrossProfilesAppOp is changed
from requiring the broad app-op permissions to requiring
CONFIGURE_INTERACT_ACROSS_PROFILES. It then clears identity before
calling into AppOpsManager. For convenience, we also allow apps (such as
Settings) with the broader app-op permissions to continue to call this
method; in that case, we simply don't clear the identity and let
AppOpsManager check the permissions (so we allow AppOpsManager to set
the requirements if you don't have the new
CONFIGURE_INTERACT_ACROSS_PROFILES).
The CL also adds 'withCleanCallingIdentity' support to
CrossProfileAppsServiceImpl and moves over existing calls.
Bug: 136249261
Bug: 140728653
Test: atest --verbose com.android.managedprovisioning.provisioning.crossprofile.CrossProfileConsentActivityRoboTest
Change-Id: Ibd304563dd1ef5f16784e3502be5ef1ec4675b63
- READ_COMPAT_CHANGE_CONFIG is required to read the current state of the
config
- LOG_COMPAT_CHANGE is required to log the status of a compat change for
a package and/or uid to statsd
- OVERRIDE_COMPAT_CHANGE_CONFIG is required to add overrides
The permissions must be signature|privileged, as there are already
examples of code which this would not be sufficient (e.g.
MediaProvider).
This is a re-landing of https://r.android.com/1209240, which was
reverted due to http://b/142942524. The actual fix was done in
http://ag/10234812.
Bug: 142650523
Test: atest PlatformCompatTest
Test: atest PlatformCompatPermissionsTest
Change-Id: Ie9429477c9a1725b5cb67756787bf742038e5d2b
Renames PhoneTime[|Zone]Suggestion to TelephonyTime[|Zone]Suggestion.
Makes changes to generally avoid PHONE and use SLOT_INDEX or telephony
as appropriate for the usage. Removes telephony / phone from a few
variable names where it doesn't add value.
This commit also renames some remaining phoneId instances to slotIndex
which were missed when that rename happened.
Bug: 148842434
Test: treehugger
Change-Id: I4302e68082b802b75b53c02a9c9b1ae39dff6085
