StorageManagerService uses DefaultContainerService to obtain ObbInfo
for files passed through mountObb() transaction. This change moves this
logic to client side and so ObbInfo will be passed as part of mountObb()
transaction.
Bug: 111838160
Test: atest src/android/os/storage/cts/StorageManagerTest.java
Test: atest core/tests/coretests/src/android/os/storage/StorageManagerIntegrationTest.java
Test: atest services/tests/servicestests/src/com/android/server/MountServiceTests.java
Change-Id: I29aee3aa54a45057df96aae289888161a3e3af71
Previously, you could not use references to colors in places that
expected a Drawable. This new class, ColorStateListDrawable bridges the
gap by attaching a ColorStateList to a ColorDrawable, and hooks it into
resource loading wherever you might expect a Drawable.
Fixes: 18126411
Test: Unit tests to be added to CTS
Change-Id: I0ff9a089669da96e6b22b214f04d6726bc278152
Continue trying to reduce the size of PackageManagerService by
extracting intent queries to a separate class. This is the first,
low hanging fruit, pass.
Test: Manual
Fixes: 110090130
Change-Id: I89f6968b3460ad9d64cdac75bea1eac8a9c90599
Much of the time for View inflation is spent in calls to
obtainStyledAttributes. This change adds more granular tracing of this method so
we can better attribute how inflation time is spent.
Test: manual - looked at systrace for starting an app.
Change-Id: Ib72aef1e8b788ce5a61ba13b57bb4417a263b48c
This matches the pattern for other package broadcasts
(e.g. package removed) and reduces ambiguity for
system_server services that handle the broadcast.
Test: presubmit, adb shell pm suspend(/unsuspend)
Change-Id: I41c3b853cbc6aac15a6cef7409309c0859ca783e
Fixes: 112439969
This CL is largely an adaptation of Change-Id
I16175933cebd9ec665d190cc5d564b5414a91827 . I also used the same way for
testing the change.
This CL will support the followings.
- installing a RRO package for framework from /product-services/overlay
- installing apps from /product-services/app
- installing priv-apps from /product-services/priv-app
- installing permissions from
/product-services/etc/[default-permissions|permissions|sysconfig]
Bug: 80741439
Test: `mm` under frameworks/base/tests/[libs|privapp]-permissions
adb sync && adb reboot
adb shell cmd package list libraries
=> confirmed com.android.test.libs.product_services library
adb shell cmd package dump \
com.android.framework.permission.privapp.tests.product_services
=> confirmed that the package is a priv-app
And I moved vendor/overlay/framework-res__auto_generated_rro.apk
into system/product-services/overlay/ on taimen, and I confirmed that the
RRO was installed properly.
Change-Id: I7a6a30bf8e8db9f2738594d187bb9148f138b8da
(cherry picked from commit a4af41736894bd3bf5bdc2a279acbeed2a24dd3d)
Bug: None
Test: I solemnly swear I tested this conflict resolution.
Merged-In: Ia79256a3d04e16dd78331a61af0dcddc5fc1599b
Change-Id: Ieb9836ae90f6f2565fa3ba5c395b42069b58ff71
For packages:
android.content.res
android.content.pm.split
android.content.pm.permission
android.content.pm.dex
android.content.pm
android.content.om
android.content
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ie932bb108f8e21aad8576e444d43e7a553a4d128
Merged-In: Ia79256a3d04e16dd78331a61af0dcddc5fc1599b
For packages:
android.content.res
android.content.pm.split
android.content.pm.permission
android.content.pm.dex
android.content.pm
android.content.om
android.content
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ia79256a3d04e16dd78331a61af0dcddc5fc1599b
System components (like MediaProvider) will live in a mount namespace
that has a view of the "real" shared storage device, and normal apps
will have "sandboxed" views of the shared storage device. (Parallel
changes are implementing these namespaces in vold and installd.)
The system components mentioned above will need to translate between
the two namespaces, so this change introduces methods that perform
that translation, along with a nice batch of tests to verify.
Test: atest frameworks/base/services/tests/servicestests/src/com/android/server/StorageManagerServiceTest.java
Bug: 111893193, 111892833, 111268862
Change-Id: Iae91a44ce09eb33d6cd9b90f6c7b4f88c8cd12f0
We now have separate permissions that correspond to the various
MediaStore tables:
-- READ/WRITE_MEDIA_AUDIO
-- READ/WRITE_MEDIA_VIDEO
-- READ/WRITE_MEDIA_IMAGES
From a product point-of-view, Images and Videos will being treated as
a single permission group of "Visual" media in Q. We're also defining
two other special permissions:
-- ACCESS_MEDIA_LOCATION: indicating that the app can see any
geographic location related metadata associated with media, such
as being stored in the EXIF data. We're willing to grant this under
the unbrella of the larger "Visual" runtime permission group, but we
still want apps to request it for full disclosure of their intent.
-- WRITE_OBB: can be held by app stores that need to deliver OBB
files into app-specific sandboxes to keep legacy apps working.
Test: manual
Bug: 111801780, 110228267, 111789719, 111892833
Change-Id: If28247efdd7ac185ad3c6cbceda2e6346c26d032
This allows apps to query suspended state of other apps.
Test: Builds, boots
existing tests:
atest GtsSuspendAppsTestCases
Bug: 112486945
Change-Id: I2c46f1d573df592ece06ef1dd5386338e1d21f00
Removed unused imports android.app.Activity and
android.os.UserHandle because of checkstyle fail.
Test: make ds-docs
Bug: 111760788
Change-Id: I2852fea6c4b55a3422712c113d081abd40d02dfd
You could squint at raw Binder transactions to try detecting calls
like these, but there are several ContentProviders inside the OS
that either call into themselves, or call into providers within the
same process, which means it's more difficult to triage slow calls
without explicit visibility.
Bug: 112080089
Test: manual
Change-Id: I4e1e026f2bdc43d179c796d892e84af6da559f3a
These sharedUserIds will be used as filenames and ext4 filesystem
has a limitation of 255 bytes on the filename length. This is the
same limit we currently use for the package names.
Bug: 111890351
Test: device boots
Change-Id: I22ca607cf4243887bd47e7803ae77a3af903da78
* changes:
Split PackageInstaller app into installation and permissions management
Copy package installer into framework/base/packages/PackageInstaller
For creating the package sandboxes, vold needs app ids and
sandbox ids for all available packages on the device.
Bug: 111890351
Test: n/a
Change-Id: Icafd27e2663f11deeb11d46592ef8f1c653dbc4f
The two components were mostly independant for a long time. Since
I1e80a3f5e63d02b3859ecf74af21ca4c61f96874 the installation flow does
not grant any permissions anymore and the last connection between these
parts was broken.
The new app "com.android.packageinstaller" in
frameworks/base/packages/PackageInstaller will only handle (side load)
package installtion and uninstallation.
The exisiting app will be renamed to "com.android.permissioncontroller"
and only handle permission granting and permission management.
This change does only minimal cleanup cleanup. In particularly it does
not move any files in the old permissions controller. This is to not
disturb other features currently in development.
This change set also updates the make files to install the two apps on
the appropriate devices.
Further the permisson policy xmls need to be updated to point to the
right packages.
Test: Installed + uninstalled packages
Granted permissions + managed permissions
GtsPackageInstallTestCases
GtsNoPermissionTestCases
GtsNoPermissionTestCases25
GtsPackageInstallerTapjackingTestCases
GtsPackageUninstallTestCases
Change-Id: I2d3796b837fc0049e712c82a990907f305c8febf
This splits the
- review permissions
- individually control permissions
- consent to manage wireleess (wifi + bluetooth)
properties.
Almost all code cares only for the first and it is now always true.
Hence a lot of code can be simplified.
Bug: 110431654
Test: atest PermissionsHostTest
started pre-M app
Change-Id: I733cd476ccd0bf5eaa59e9a9506db34f57c6baee
Allows for other services like window manager to call uri grants without
holding AM service lock.
Bug: 80414790
Test: Existing tests pass.
Change-Id: Ie5b4ddb19a2cedff09332dbeb56bcd9292fd18ac
The old name never really made sense. Now that installations get
confirmed on first start of the app, the old name doesn't make sense at
all anymore.
Test: Installed app via PackageInstallSession (gts-tradefed run
commandAndExit gts-dev -m GtsPackageInstallTestCases)
Change-Id: I3701d34068e2c30002a3b1dddf4aacead8bafaa2
Developers often accept selection clauses from untrusted code, and
SQLiteQueryBuilder already supports a "strict" mode to help catch
SQL injection attacks. This change extends the builder to support
update() and delete() calls, so that we can help secure those
selection clauses too.
Extend it to support selection arguments being provided when
appending appendWhere() clauses, meaning developers no longer need
to manually track their local selection arguments along with
remote arguments.
Extend it to support newer ContentProvider.query() variant that
accepts "Bundle queryArgs", and have all query() callers flow
through that common code path. (This paves the way for a future
CL that will offer to gracefully extract non-WHERE clauses that
callers have tried smashing into their selections.)
Updates ContentValues to internally use more efficient ArrayMap.
Bug: 111268862
Test: atest frameworks/base/core/tests/utiltests/src/com/android/internal/util/ArrayUtilsTest.java
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Change-Id: I60b6f69045766bb28d2f21a32c120ec8c383b917
For testing we often need to run shell commands. This can be done
today via running a shell command from an instrumentation test
started from the shell. However, this requires adding shell commands
which are not in the API contract, involve boilerplate code, require
string parsing, etc.
This change allows an instrumentation started from the shell to
adopt the shell UID permission state. As a result one can call APIs
protected by permissions normal apps cannot get by are granted to
the shell. This enables adding dedicated test APIs protected by
signatures permissions granted to the shell.
Test: cts-tradefed run cts-dev -m CtsUiAutomationTestCases
-t android.app.uiautomation.cts.UiAutomationTest#testAdoptShellPermissions
bug:80415658
Change-Id: I4bfd4b475225125512abf80ea98cd8fcacb6a1be
Combination of moving to existing public API, tagging things as
@TestApi, and bringing utility methods into tests.
Bug: 13282254
Test: atest cts/tests/tests/os/
Change-Id: Ifd24c0d048d200e8595e194890cc1dc53ddc2b3e
