In ag/1835531 we introduced a check for permissions review mode,
that relies on an overlay resource. Since we can't use overlay
resources for the Unified Build, this CL temporarily introduces
the checking for a build property as well. This possibly won't work
for O/G, but will work for the Feldspar release of the Unified build.
BUG: 35028846
Change-Id: I4c82f242bc680028ecd872589552534a419f0152
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug: 33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
Merged-In: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit 7ff418d9a9)
System server is no longer allowed to grant uri permission directly. As a result
we use grantUriPermissionFromIntent() to grant permission from the shell UID,
who is the owner of the bug report content.
Also fix a security bug where the broadcast to notify user consent of remote
bug report mismatches the <protected-broadcast> definition, causing it to be
sendable by anyone.
Bug: 34159108
Test: manual - Install TestDPC and request bugreport, try accept and decline
once the report is ready (Bullhead).
Merged-In: I66e3f2a16d4547549f09d3c96d52aed2330caedf
Change-Id: I66e3f2a16d4547549f09d3c96d52aed2330caedf
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug: 33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit 7ff418d9a9)
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug: 33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit 7ff418d9a9)
If the payload contains more than one object, it is passed in Object[].
Change-Id: I28ca2ec35d920c644bdea13f15b2787ef3170310
Fixes: 34871284
Test: Read aloud, sounds good.
If permissions review is enabled we allow individual
control of fine graned permissions in the SMS group.
This change ensures these permissions use the
corresponding app op as a switch to allow indifidual
control.
Change-Id: I83cd78a78a8266df8324b8a10cd9e36c04ff3112
(cherry picked from commit 99e4d51584)
If multiple async shared preferences writes are queued, all but the
last one can be ignored as they will be overwritten by the last one
anyway.
For commit() we need to make sure that we have at least persisted the
state of the commit.
Generation counts are 64 bit, hence they never overflow.
Test: Produced a lot of SharedPreferences.Editor.apply and did not see
excessive writes anymore, ran SharedPreferences CTS tests
Bug: 33385963
Change-Id: I3968ed4b71befee6eeb90bea1666a0bb646544f6
(cherry picked from commit 31d6889f4c)
On FBE devices, don't save the metrics to disk but compute them when the
password is first entered and only store them in RAM.
Merged-in: 5daf273b7e
Bug: 32793550
Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
Swipe to dismiss on dialogs did not dispatch onCancel events
to OnCancelListeners. Resolve by adding listener to monitor
swipe to dismiss events and dispatch onCancel events when
that occurs.
Bug: 33663411
Change-Id: I64ff29e008d485a4559eb3d1ff7f0e74dccff404
Instead of relying on the window animation system, in the special
case of a swipe-dismiss, disable any default window exit animation
and perform a custom animation. This bypasses some bugs in the
window animator codebase and allows us to have a nice "rebound"
animation if the user doesn't swipe far/fast enough to trigger a
dismiss.
Bug: 33041168
Change-Id: Ied45700d35a59950bacef1ba0650eaa5bc60fadb
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug: 32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug: 32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
ag/1542219 introduced a regression where if the display was the default
display, the configuration would still be adjusted as if it were
a non-default display. This fixes that logic to only adjust the
configuration if the display is non-default.
Bug:32133693
Test: cts-tradefed run cts --module CtsServicesHostTestCases --test android.server.cts.ActivityManagerAppConfigurationTests#testConfigurationUpdatesWhenRotatingToSideFromDocked
Change-Id: Ib2fda8c1651609efa9d20b3e2dace8a122864916
Fix a bug where the DisplayMetrics wouldn't be updated for a Resources
object on the default display. Since multi-window, we want to update
all Resources.
This didn't always manifest itself due to recreation of assets, which
would force an update of DisplayMetrics. Re-use of an AssetManager from
the cache would expose the bug.
Bug:32133693
Bug:31998629
Test: cts-tradefed run cts --module CtsServicesHostTestCases
Change-Id: Ic51ab82710517b87eb995ccf982085dba876ad58
Ignore every filesystem entity that is not a regular file or directory.
In particular, we now ignore not only symlinks but also sockets, pipes,
et cetera.
Bug 32143362
Change-Id: If51b54df1f7a643af145eb15bf12d389d19f8780
The copy constructor of Notification.Action.Builder did not copy
the mAllowGeneratedReplies field.
Change-Id: I40fbe8950ee2232e2589ab3930a32bfbebe9fc89
Fixes: 31766718
Test: runtest --path $T/cts/tests/app/src/android/app/cts/NotificationTest.java
The admin can instead use the value of 0 to reset to default.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Bug: 31430135
Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c
(cherry picked from commit 943aabd11c)
MessagingStyle expects the field userReplyName to be non-null, but the
documentation doesn't describe it as such. This updates the documentation
to say the field is required, and adds a NonNull annotation.
This has no behavior changes.
BUG:31747744
Change-Id: If832d059c276e856fba366dabfa8a5821bb63054
