Test: Manually install app apks targeting Q and verifying that AR permission is not auto-granted
Test: atest ActivityRecognitionPermissionTest
Bug: 210065877
Change-Id: I90adf45a6611ab8bc953765c72af77a6a4f7aae8
Bug: 203229608
Test: Manual test with changing the check logic + debug log
Change-Id: If18009f61360564d02dcda9b1e5fa15685e3250f
(cherry picked from commit 58270527d1)
Duplicate permissions definition with different group allows
privilege permission escalation to a different permission group.
Android studio and gradle plugin does not allow duplicate
permissions with different attributes, these tools only allow
if duplicate permissions are exact copies.
Also platform stores permissions in map at multiple places with
permission name as key. This suggests that we can disallow
duplicate permissions during package install/update.
Bug: 213323615
Test: manual
Change-Id: I6f44e740897305e7a0553c1cf6c3af37faf02a2e
Merged-In: I1910dca44104e35a57eba4acfa8188cd9b8626ac
Merged-In: I34120fff2ec2a158dfa55779d2afd4bbd49487ff
Merged-In: I9bc839836786a0876e67fd73c05f8944bb532249
The system is overwhelmed by an enormous label string returned by
the load label api. This cl truncates the label string if it exceeds
the maximum safe length.
Also update the max safe label length to 1000 characters, which is
enough.
Bug: 67013844
Test: atest PackageManagerTest
Change-Id: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
Merged-in: Ia4d768cc93a47cfb8b6f7c4b6dc73abd801809bd
This change leaves the referrerUri field null when the caller leading to
its production is not the owner of the session.
Bug: 142125338
Test: atest SessionReferrerUriTest
Merged-In: I84679ea0636aa2097e25e23813c48134c9cc1d75
Change-Id: I84679ea0636aa2097e25e23813c48134c9cc1d75
Assume there is a XmlBlock [X] created by a AssetManager [A]
([A] will have mNumRefs = 2). After [A].close is called
(mNumRefs = 1) and then both [X] and [A] are going to be GCed,
if [A].finalize is called first (nativeDestroy), the later
[X].finalize will invoke [A].xmlBlockGone that triggers the
second nativeDestroy of [A] and leads to crash.
By clearing the mObject in AssetManager.finalize, the
decRefsLocked from other paths won't call nativeDestroy again.
Bug: 136721562
Bug: 144028297
Test: atest AssetManagerTest
Test: Build and install CorePerfTests
adb shell am instrument -w -r --no-hidden-api-checks -e class \
android.app.ResourcesPerfTest#getLayoutAndTravese,android.graphics.perftests.RenderNodePerfTest \
com.android.perftests.core/androidx.test.runner.AndroidJUnitRunner
Change-Id: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
Merged-In: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
Explain the conditions that must be true in order for two objects
of type `ComponentName` to be considered equal.
Test: make ds-docs -j32
Bug: 62991861
Change-Id: I162ecd825b187ca688af11271a937e3740a4a833
Exempt-From-Owner-Approval: Docs-only change
This change introduces a means of introducing an artificial long task to
the package handler to help reproduce timing issues related to it.
Bug: 141413692
Test: atest PackageManagerTest
Change-Id: I61ddee1fe8b94f5803d981a77babb4bb19e31662
Doc currently says "The method will return whether [the attribute] is equal to zero", which could be read as "returns true if the attribute is zero", which is incorrect. Rephrased as: "...returns false if the attribute is equal to zero, and true otherwise."
Change-Id: Ie7d763ac2784ecc3a7fb522b4fa583ec8d2644d4
BUG: 143049875
Test: make ds-docs
We had accidental usages of the PermissionChecker for cases where no
private data was provided to the app but the checkPermission API on
the latter also did blame data access on the app. The PermissionChecker
was designed to handle IPC calls and not for generic API checks.
To avoid future accidental incorrect PermissionChecker usages this
change renames the existing APIs of the latter to clearly indicate
that they should be used for data delivery and also adds sibling
methods for doing the same permission checks for preflight purposes.
Also the documentation is improved to furhter assist developers.
In addition, this change fixes accidental permission checker usages
that blame when they should not by using the new preflight flavor
of the permission check APIs.
Test:
atest com.android.settingslib.location.RecentLocationAppsTest
atest CtsPermissionTestCases
added: LocationAccessCheckTest#notificationOnlyForAccessesSinceFeatureWasEnabled
added: LocationAccessCheckTest#noNotificationIfFeatureDisabled
added: LocationAccessCheckTest#noNotificationIfBlamerNotSystemOrLocationProvider
added: LocationAccessCheckTest#testOpeningLocationSettingsDoesNotTriggerAccess
bug:141028068
Merged-In: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
Change-Id: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
If an app doesn't have a launcher activity enabled by default, a
synthesized activity isn't created for that app.
Test: make ds-docs -j32
Bug: 140968734
Change-Id: I2fe8666ee8cde479f404e43c622f03891d96c38f
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Merged-In: I53946ed4e31de0ffe9c84875c391a7dec6f5375a
Change-Id: Idaae690f79a5c680ad0059a52be62160d9dfb5e7
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Change-Id: Id0e63ae4a7be578d1e93838b371320f86a787e0e
When the configurations are being read from the proto file, if a
duplicate locale is found in the list, an exception is thrown from
LocaleList which causes the UsageStatsService to crash. Instead, we'll
now log a WTF if duplicate locales are found when parsing the
configuration proto and not add the duplicate locale to the list.
Bug: 140197723
Test: atest UsageStatsDatabaseTest
Change-Id: Ie178b3cfdd45e6771a7c0e4bb42e47f79b5c30cc
(cherry picked from commit 5d9031dbee)
The docs now (correctly) state that, if an intent filter specifies no
actions, then it only matches intents that don't specify/contain an
action.
Test: make ds-docs -j32
Bug: 140435265
Change-Id: I8931c6540cb22edd15e8caa1be984ca70efcdc96
As of Android Q, an app is included in the return value of
LauncherApps#getActivityList() unless it fulfills specific criteria.
This CL describes the conditions necessary for an app's activities
to *not* appear in the list.
Test: make ds-docs -j32
Bug: 130352392
Change-Id: I6a6e17351a6c1234229d1d7eb8147ee2c24ee2c9
No change to logic, only documentation.
This updates Context#getSharedPreferences docs:
* Fix a typo ("thead" -> "thread")
* Formatting: use <p> when appropriate, {@link} to other APIs, limit
the @param to only a single sentence
* Mention getSharedPreferences() may actually perform disk IO (this was
undocumented)
* Mention Editor#apply() as well as #commit()
Fixes: 140137651
Test: make docs
Change-Id: I245371d13d4f317c6c522debcdf7938ab783f897
As of Android Q, an app is included in the return value of
LauncherApps#getActivityList() unless it fulfills specific criteria.
This CL describes the conditions necessary for an app's activities
to *not* appear in the list.
Test: make ds-docs -j32
Bug: 130352392
Change-Id: Iad888a7a7f47d090da1b143ac152705577144d20
In Q, these APIs were either:
- removed from the greylist entirely without good reason
- Moved to the restricted greylist without any public alternative
information added
So they are being moved back to the greylist for Q.
Test: Treehugger
Bug: 136102585
Change-Id: I5ac8b8b9b23c3789d80239cf456072cc7dfa1203
Exempts this new ContentProvider for providing mainline module licenses.
Also sets ApplicationInfo.publicSourceDir for APEXes.
Bug: 135183006
Test: open module licenses, click app, verify file opens
Change-Id: Iec4f1de198525f7cd176a52d8448a2c71b6aabc0
Using this flag when binding to a service will
allow the bound process to be held at a low
oom_adj of 250, so that it can be expunged to
reclaim memory if a more user-visible app needs
it.
Use for bindings such as job services and other
connections that the caller can easily recover
from and restart if necessary.
Adjust the lmk thresholds to use this oom_adj
as one of the levels, so they're killed before
perceptible apps (such as foreground services).
Bug: 135219821
Test: CtsAppTestCases
Manually check notification listener oom_adj
and dumpsys activity services output
Change-Id: I9f6d0891d842e4d12f7995b9b1a8f57b0903a16d
The operation can potentially take a long time to complete
depending on the volume of data to be copied, so move it off
the ActivityManager handler thread that needs to be available
for other operations.
Bug: 134570017
Test: manual; set a 1 minute sleep in migrate_legacy_obb_data.sh
Change-Id: I3d2c52e8b012ed71c53810e6919d11be9a97cc6c
AppicationPackageManager.loadUnbadgedItemIcon would call
UserManager.getUserIcon if the icon was supposed to represent
switching to another the parent user (from a work profile).
However, that call requires extra permissions which may not be
available, which would cause a crash. The work profile doesn't
generally have permission to see the parent's icon, so rather
than showing the actual icon, a generic user icon is shown instead.
Bug: 134177607
Test: Manual confirmation: create a work profile and try to share a
picture (from Photos) to the personal profile.
Change-Id: Id79ca50b8e0a26593addbacf1a0ea709a2bc4da2
Currently the backup of user data is done in the enable rollback stage,
during which there is no guarantee that the package being backed up is
not currently running. Moving the backup to the post install stage will
guarantee that the package is not running.
Test: atest RollbackTest
Test: atest StagedRollbackTest
Bug: 124032231
Change-Id: I4b42a0c5ade1645585d1d6f698637df950d05c72
