Explains in more complete detail who should call lockNow(), when to call the method,
and what happens when there's no lock set on a device.
Test: make ds-docs -j32
Bug: 28831838
Change-Id: I5acc0cbfa63dffe8676e8b60476b584fd43b5bde
And also pre-grant it to all apps that currently get any storage
permission pre-granted
Test: atest SplitPermissionTest
m -j gts && gts-tradefed run commandAndExit gts-dev -m GtsPermissionTestCases --test=com.google.android.permission.gts.DefaultPermissionGrantPolicyTest#testDefaultGrantsWithRemoteExceptions
Manual testing:
All combinations of
- App targetSdk = 28 and 29 (and 22 for extra credit)
- App having the <uses-permission> tag for
ACCESS_MEDIA_LOCATION or not
- Upgrade from P->Q-QPR and from vanilla Q->Q-QPR
Further upgrade of targetSdk from 28->29 while on Q-QPR
==> All permission behavior should make sense. Sometimes there
are weird, but expected behaviors. Hence we need to
collect the results and then look at the unexpected ones.
See SplitPermissionTest for some tests I added for the
location-background permission which was split from
the fine/coarse-location permissions
Fixes: 141048840,140961754
Change-Id: Ib9f50d25c002036f13cf2d42fc4d1b214f20920c
(cherry picked from commit ac7b10c135)
Also converted curly quotes to straight in one of the notes.
Test: make ds-docs -j32
Bug: 135089189
Change-Id: I146fb7eec5da48496467a1bc7706f9d87dc339f7
Enable stricter SQLiteQueryBuilder options.
Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.
This change starts using setStrictColumns() and setStrictGrammar()
on SQLiteQueryBuilder to block this class of attacks. This means we
now need to define the projection mapping of valid columns, which
consists of both the columns defined in the public API and columns
read internally by DownloadInfo.Reader.
We're okay growing sAppReadableColumnsSet like this, since we're
relying on our trusted WHERE clause to filter away any rows that
don't belong to the calling UID.
Remove the legacy Lexer code, since we're now internally relying on
the robust and well-tested SQLiteTokenizer logic.
Bug: 135270103
Bug: 135269143
Test: atest DownloadProviderTests
Test: atest CtsAppTestCases:android.app.cts.DownloadManagerTest
Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
Force SurfaceFlinger to update synchronously by applying an empty
transaction. Without this, SurfaceFlinger will only update after the
next vsync, which may only happen after the instrumentation already
starts.
Since InputFlinger will only have the proper InputWindowInfo after
SurfaceFlinger updates, waiting for the vsync caused some
instruemntation tests to be flaky.
Bug: 138263890
Test: atest android.view.cts.HoverTest
Change-Id: I5457ab67ac574530dc1aa84549ca11e7e3f0d714
Make sure the client post execution lifecycle state to RESUMED
only if the activity was RESUMED while delivering new intent.
Bug: 135715788
Test: making skype calls
Test: atest ActivityThreadTest
Change-Id: I1e3054e1d1611aecf6ddf6d482abf2cb3ebdf9a4
In Q, these APIs were either:
- removed from the greylist entirely without good reason
- Moved to the restricted greylist without any public alternative
information added
So they are being moved back to the greylist for Q.
Test: Treehugger
Bug: 136102585
Change-Id: I5ac8b8b9b23c3789d80239cf456072cc7dfa1203
This is a targeted fix for not receiving a task stack change callback
when a task with a resumed Activity is reparented to another display.
Bug: 128932906
Test: manual - launch activity from virtual display onto default display
in a new task, verify callback notified. atest WmTests
Change-Id: Idabad8379cded664bcf302d5c6fb69564d158eb7
Merged-In: Idabad8379cded664bcf302d5c6fb69564d158eb7
We are planning to use this metric to detect leaks.
This CL also decouples the actual memory sampling from AM. This means:
- Less time locking the pid list (we used to lock and then read proc)
- Less serialization / deserialization for the parcel
- Simpler to evolve (e.g. removed the HWM-specific method in AM)
Change-Id: I87a7243156dd8c88cfa85038e7e6cf4963e271e1
Test: manual, MemoryStatUtilTest, UidAtomTests
Bug: b/135418017
Set a trim-level threshold to debug.am.run_gc_trim_level to activate it.
Bug: 135148702
Test: Manual test with "setprop debug.am.run_gc_trim_level 0", run a lot of
heavy apps and take pictures, and check logcat for the "force_gc" event log.
Test: Manual test with "setprop debug.am.run_mallopt_trim_level 0", run a lot of
heavy apps and take pictures, and check logcat for a debug log.
Change-Id: I73b4dc7374e85e9a22c98ab17da53aa6cb25a188
As it was in P. There are no public APIs created, hence there is no
better, _public_, alternative.
Fixes: 135282729
Test: none
Change-Id: I199cfcc125f948b983eb55a199abf673cc58b7e1
A couple of broken </code> tags were messing up the formatting
for the entire page (see b/134696600 , http://screen/aThdcpoDvJo.png )
Staged the fixed doc to:
http://go/dac-stage/reference/android/app/Activity
(The live version of this doc has already been fixed -- I fixed
the HTML by hand in cl/251937759 -- but we need to fix the Java
comment, or the file will revert when we publish beta 5.)
Bug: 134696600
Test: make ds-docs (& staged HTML output)
Exempt-From-Owner-Approval: Docs-only fix
Change-Id: I7e6d11ca358d747cdc6d04741d31c7acd85aa080
AppicationPackageManager.loadUnbadgedItemIcon would call
UserManager.getUserIcon if the icon was supposed to represent
switching to another the parent user (from a work profile).
However, that call requires extra permissions which may not be
available, which would cause a crash. The work profile doesn't
generally have permission to see the parent's icon, so rather
than showing the actual icon, a generic user icon is shown instead.
Bug: 134177607
Test: Manual confirmation: create a work profile and try to share a
picture (from Photos) to the personal profile.
Change-Id: Id79ca50b8e0a26593addbacf1a0ea709a2bc4da2
This removes the parts of the feature that were only needed in beta
releases:
- Toast when a start is or would be blocked.
- Configurable whitelist of exempt apps.
- Global setting to disable.
Not to be submitted until after beta 5 is cut.
Bug: 131747138
Test: atest BackgroundActivityLaunchTest
Test: atest RootWindowContainerTests
Test: atest WmTests:ActivityStarterTests
Test: atest CtsWindowManagerDeviceTestCases:ActivityStarterTests
Test: atest CtsAppTestCases:.ServiceTest
Change-Id: I3d8b9c72c8fac86b93ac57a8a1988f4133043af8
Also make it extendable for mocking and update atoms.proto comments.
Bug: 131833599
Test: compiled
Change-Id: I6a0e8a6175e7e9e46572ea4aa50ce7669a02588b
Asynchronicities in activity teardown -> service connection teardown
introduced a race in which the teardown could race with new service
bindings to "the same" service instance, and then wind up attempting to
shut down a new, valid instance inappropriately. Fixed by making sure
to clear the "what needs to be torn down" bookkeeping as part of the
act of doing that teardown, removing the possibility for stale state.
Fixes: 131029480
Test: manual
Test: atest CtsAppTestCases
Change-Id: I33a63f524d147ff6ec97dd3efb0127dcace8bf3c
The original logic sends the new configuration to the non-activity
components only if there is any public field changed. However, it
doesn't use the latest configuration to compare to the current one,
which caused ActivityThread dropping some onConfigurationChanged
callbacks.
This CL uses the latest configuration to compare to the current one.
Fix: 132653657
Test: Steps in the bug
Change-Id: I969ef189c36ba1903503d8b7de5641103aed8cf3
1. The IPC to ActivityThread.dumpHeap() dups the input file descriptor but
closes it when the IPC returns. Since the heap dump is generated
asynchronously, a race condition ensues between the returning close and
the dump being generated. For the intra-system-process call, the race is
with ActivityManagerService closing the created file descriptor. Duping
the file descriptor on the ActivityThread side should deal with this.
2. For some reason, the file descriptor wasn't closed for native heap
dumps. Closing the fd in those cases as well.
3. Catch the RuntimeException from Debug.dumpHprofData in case anything
else was missed.
Bug: 133424499
Test: adb shell am dumpheap com.android.systemui
Test: adb shell am dumpheap system
Test: Use the "Capture System Heap Dump" option in Developer Settings
Change-Id: I44817161533359766250de04e35902587ea9cc40
Test: manual - hit back in app & bubbles & when you get a phone call in
start up wizard
Bug: 132353272
Change-Id: I8bfb868e8e165adb2fa51b6cda1e9afe237d154c
At the moment KeyguardDisableHandler calls into DevicePolicyManager
to retrive the aggregated password quality for the current user
while holding the WindowManager lock. This is a lock inversion
and causes deadlock. To fix this, introduce a per-user password quality
cache in DevicePolicyCache and switch KeyguardDisableHandler
to use that instead.
Test: manual
Fix: 129087668
Change-Id: I8c02ca442dde76ed350f22ac04a52adc82d21d00
