An attacker could downgrade a package to an older version with known
security vulnerabilities and then use some of the vulnerabilities to
access the application's data. This would constitute a bypass of
Android Application Sandbox. Thus, downgrading while keeping
application data is no longer permitted.
To help developers debug their apps, packages marked as debuggable can
still be downgraded while keeping their data. This does not put the
installed base at risk because, as a security measure, most
application stores reject packages marked as debuggable.
To downgrade a non-debuggable (i.e., release) package, uninstall the
package (thus wiping its data), then install the older version of the
package.
Bug: 27327503
Change-Id: Iac75ed3c3831b5d925dfd8b660527cfa95813da8
Support AUTO, ALWAYS or NEVER preference for using AC3 and DTS.
Bug: 24541671
Change-Id: I423969882d18d99ce93bea57d10bdb1da7063b7a
Signed-off-by: Phil Burk <philburk@google.com>
Parcelables don't work well with inheritance. So changed the
IRecognitionStatusCallback to have onKeyphraseDetected() and
onGenericSoundTriggerDetected() for those respective events.
Made corresponding changes to AlwaysOnHotwordDetector and SoundTriggerDetector.
Bug: 27250528
Change-Id: Ic08a431e7cc4248c688b05c865348170246de576
We should run the transition only when the anchor root IS attached,
and we should only call the dismiss callback when the animation has
completed and the window has been removed.
Bug: 25323707
Bug: 26647820
Change-Id: I2bcdc901885d4c0a6c48c2b2c949797def1d7512
Calling into TelephonyManager each of hundreds of apps to check
if the app is carrier privileged was very expensive, especially
when there aren't even any carrier access rules specified. This
change fetches all the carrier privileged apps in one call,
reducing the number of IPC calls to the radio process and checks
the package names locally.
If the carrier rules change or packages are modified, the list
will be computed and fetched again.
Other optimizations in Telephony help speed up the individual calls
to check if a package is privileged, as well.
Bug: 27271861
Change-Id: I5a77b6da4f2cdc603d2a73bd8569c5c38f06b42d
Android's security model is such that the applications data is secure by
default unless the application specifically grants access to it.
Application data in transit should have similar security properties.
Bug: 27301579
Change-Id: I72f106aefecccd6edfcc1d3ae10131ad2f69a559
BackupManagerService has the null check, but it doesn't work
because passed BackupObserver object is wrapped into
this BackupObserverWrapper.
This was found during GTS testing.
Bug: 27334738
Change-Id: I16dc0230824b326d3fae1f8489f58b0c0d4e1c7c
When an app requests SYSTEM_UI_FLAG_LAYOUT_HIDE_NAVIGATION but we
force show the navigation bar, we need to treat for the app like
there is no virtual navigation bar on the device. Because if you
combine it with FLAG_HIDE_NAVIGATION, you'd expect the navigation
bar gets hidden but it doesn't, so there could be content that
overlaps with the navigation bar.
Bug: 27157904
Change-Id: I088e02eae2e723c35e9cb4873de6b1325458533b
If 'requestAccess' is true, the caller (either profile/device owner or a
designated certificate installer) will be granted usage of the keypair
on successful installation.
This has no security implications for a profile/device owner which would
already be able to self-grant. Delegated certificate installers did not
have this ability before.
This is only allowed at install-time- not afterward.
Bug: 24746231
Change-Id: Ia0ec290bb0bcde1d8137c188e2667cb7718dbfd7
Once the ephemeral user stops, the user's deletion is scheduled.
It takes a while before the user actually disappears and it is not
desirable for the user to be re-entered in the meantime.
Mark the user as disabled on stop and check this flag
in the activity manager to prevent the user from being switched
to again. Also hide the user from user-switching UI.
BUG: 26795729
BUG: 26780152
Change-Id: I83a61674958954b5a210114b88ffa5ae55922c1f
Also add the appropriate changes to api/test-current.txt, which
is not present on mm-wireless-dev from which this change came.
Change-Id: Ic4df6d0f89add73b7e5252ef662de07a4e8fce31
Look for both EA and non-EA accessibility services, but when the user
is locked only bind to EA services. Once the user is unlocked, we
take another pass and bind to any non-EA services.
We only consider disabling accessibility once the user is unlocked,
since there could be non-EA services waiting in the wings.
Bug: 25860579
Change-Id: I97bd019661457c3577d629ba12290d02f026011a
First, we need to make the job scheduler prioritize jobs for
foreground apps over background apps (so we will degrade well
when we are limiting the number of concurrent jobs).
So now the job scheduler keeps track of the process state of
each uid, and uses that to bump up the priority of jobs
associated with foreground uids. Added constants for priorities
since we have different places specifying priorities.
Also cleaned up a bit of the reporting of "wrapped" jobs from
the sync manager -- there is a new tag argument that can be supplied,
to have the name and tag used in various places be based on that
instead of the useless internal class name.
Change-Id: I8781750ddfac1472a98e1873fc38c014425db3d6
Not all code paths for FragmentManager were checking that the
container view had a valid view id. As we can't correctly restore a
fragment with a container without one, throw a more descriptive
exception earlier.
Bug 27290033
Change-Id: I86e41d2f9b5197e058a7ce154c682cbcc2f9c6eb
