* changes:
Allow BIOMETRIC_CONVENIENCE to register with BiometricService
Improve AuthService logging
Only BIOMETRIC_STRONG HATs should be sent to KeyStore
Reset the INTERACT_ACROSS_PROFILES app-op for all apps on the device
when creating a new work profile. This ensures that user grants for
previous work profiles (perhaps with a different admin) are not saved
and also not restored with backup-and-restore.
Also, clear the shared preference storing which oem-whitelisted apps the
user has granted. This ensures that the user sees them all again
during work profile provisioning.
Fixes: 151145623
Test: atest com.android.managedprovisioning.task.CreateManagedProfileTaskRoboTest
Change-Id: I5f5c5aea1c36bd17a74c02e1b6fa9b4047f15003
Currently CameraService calls isUidActive() before allowing the camera
access.
When start/resume activity, WindowManagerService start/resume the
activity, then post a runnable to DiaplayThread and
ActivityManagerService to update UidRecord's
proc state, because the thread switch, the latency before proc
state update is undetermined.
When CameraService calls ActivityManagerService.isUidActive(), the proc
state may not have been updated and camera access is denied.
isUidActiveOrForeground() check isUidActive() first, if false,
check isUidForeground() which is actually to check with WindowManagerService if
the uid is foreground, which is equivalent to ActivityManagerService's uid
active, just updated earlier.
Bug: 151185692, 151777097, 109950150
Test: manual test.
Change-Id: Iffed63293dbdb466e7955fe765ad2aa23a20b3ed
We now pass 2 booleans from AM to zygote about:
- If CE and DE data dirs need to be mounted
- If storage data and obb dirs need to be mounted
And also, separate whitelisted package from same uid packages, as same
uid packages do not need to be mounted in storage data and obb dir case,
it's needed to be mounted for CE and DE data dirs only. Otherwise
whtelisted packages will also be mounted in storage data and obb dirs,
which apps should not have access to it.
Bug: 151218156
Test: atest AdoptableHostTest
Change-Id: If7c20a7ed3b845d8657c937469161cb7ed3da07f
OP_LEGACY_STORAGE is sticky for apps targeting <= Q.
This change makes this behaviour configurable via DeviceConfig, by
introducing a new property "legacy_storage_op_sticky" to existing
namespace "storage_native_boot". If the property is set to true, then
we get the default behaviour (app-op sticky for SDK<=Q). If it's set to
true, then the app-op is not sticky for SDK<=Q.
Apps targeting > Q remain unaffected: always not sticky.
Test: manual:
* adb shell dumpsys appops --package com.android.vending
* Observe LEGACY_STORAGE mode=allowed
* adb shell device_config put storage_native_boot legacy_storage_op_sticky false
* adb reboot
* adb shell dumpsys appops --package com.android.vending
* Observe LEGACY_STORAGE mode=ignored
Bug: 151735608
Change-Id: I06d115a0c85c44b5a6d1054f74a00d8fa674dfa7
When creating a LoadedApk in a zygote context (app zygote or WebView
zygote), don't add the app's data dir to the list of paths the dynamic
linker is allowed to load libraries from, because the linker's attempt
to canonicalize the path causes SELinux access denials. The process
can't access the data directory at all, so cannot load libraries from
there in any case.
Fixes: 149481620
Test: check for avc denials from webview_zygote
Change-Id: I9aceecaf6067e748cc2251782b0f41661cbb35d8
(cherry picked from commit e1579d4d14)
This is to accommodate for the case when the user
has max font size and max display size. The rest of
the empty state screen won't fit unless we hide the
icon and "Turn on work" button.
Test: manual
Fixes: 149817494
Fixes: 152274446
Change-Id: I95b90461ac36b4bbf6b0e4c4dd223e941d8c75cb
This puts in force some restrictions against test networks,
and in exchange relaxes the restrictions around registering
a network agent that provides a test network.
Test networks can only ever have transport TEST, and have
only a few capabilities available to them.
This is useful in particular to test CTS. See aosp/1253423
for first, basic usage of this capability.
Test: IpSecManagerTunnelTest
Test: new CTS aosp/1253423
Bug: 139268426
Change-Id: Ibd162792a7ab02fcbb06130f21a825a386678c05
(cherry picked from commit 2c129e97cc)
Also applies the max/min damping range for slop.
The max/min damping range includes lineHeight + slop.
Note: slop must >= zero.
Bug: 150531840
Test: manual & automated tests
atest FrameworksCoreTests:EditorCursorDragTest
atest FrameworksCoreTests:TextViewActivityTest
Change-Id: I26cdf69fd2cf7d4514dd2a902ed34c480c9e8781
- This prevents a flash of black if we show the surfaceview again
after it is hidden
Bug: 152134983
Test: Ensure no flash if previous background color was set and it is
made visible again
Change-Id: I04d0222521c902da6d29e99ccdbd0aa8ad49917e
- InvalidPacketException exception class should be final
- NetworkCapabilities.Builder should be final
Bug: 152203926
Test: atest FrameworksNetTests
Change-Id: If9b799151aff6d41c9bcd8bb86c65a58e46bad73
And let IME always extend into the status bar area so that the position
of IME can never affected by status bar. This can prevent flicker during
IME animation.
This CL also makes PerDisplay can restart the animation while the insets
source control is changed during animation.
Fix: 151759336
Test: atest WindowStateTests
Change-Id: Ic2a308e6b7ec39b4b8645751e31addd26ddf3735
- Target to fix migration issue to support a user revoked the accessibility shortcut before upgrading to R, but wants to to apply new hardware shortcut design in R.
- The switchbar of accessibility_shortcut_enabled was removed in (1/n), so we should also remove related checker in controller.
Bug: 142529032
Test: atest AccessibilityShortcutControllerTest
Change-Id: I48f8d88c4192e894b9e210221e5dc7e701344623
