This CL adds the following permissions by default to the
SIM call manager:
- microphone
- phone
BUG: 22790160
Change-Id: Icaf1db6c6943b3ddbd16a946a81d1bfb734d761f
...space causing package manager to fail
Lower the maximum IPC size we use in various places, to keep it
under the threshold of becoming dangerous. Now everything tries
to keep not much more than 64k.
Change-Id: I814013097966a7843179e5d581bfdb254c5ae318
If they pass in a null data for the intent matching, don't throw up
on it, just consider it to not match.
Change-Id: I30b6af49989eb8b5c2e585ce5d96416f0daff3a8
Any place that we check permissions we also need to check any
app-ops associated with those permissions. In the case of providers
with both <provider> and <path-permission> permissions, track and
report the strongest app-ops denial.
Bug: 22718722
Change-Id: I45e62de39b04d16d071558ad980b701667cfcb9a
...disabled after toggling them off
Keep track of whether a permission that has been declared by an app
was able to actually be installed in the system, along with an API
to find this information so that system UI can tell whether that
permission is of interest.
Also clean up some of the permission debug output.
Change-Id: If4541bedb857789b255bb18f03cad155dcda0b95
There is a zoo of components that handle the home intent and
have different priority. There is no reliable way to distinguish
the setup app from the other apps that handle home as some of
them have lower priority than the setup app and some higher.
This change adds a dedicated category to recognize the default
setup app.
Uncommented the code that grants accounts permissions as the
get_accounts permission is now a runtime permission and can be
granted.
bug:22471024
bug:22501463
Change-Id: I41726751fa2567cbcd7d09c7acfa7615b8aba577
We now place whoever is receiving the MMS on the temporary
whitelist while doing so, so they can get network access to
download it.
There was also an issue that needed to be fixed where we
were no longer updating the list of allowed uids while
dozing based on their proc states... we now do that.
Also did a bit of optimization of the temp white list update
path do the network policy manager, instead of going through
a broadcast we now directly call in to the network policy
manager. This also allows us to have a synchronous version
of updating the list, so we can know the app has network access
before we tell it to do anything.
Finally added battery stats events for things going on and off
the whitelist so we can diagnose the behavior there.
Change-Id: Ic7fe010af680034d9f8cb014bb135b2addef7455
Added Context.sendBroadcastMultiplePermissions(Intent intent, String[]
receiverPermissions) method, which allows an array of required permissions
to be enforced.
Bug: 21852542
Change-Id: I27c9130e8f004b428452501ebc8a36aabde1f343
Added Context.sendBroadcast(Intent intent, String[] receiverPermissions)
method, which allows an array of required permissions to be enforced.
Bug: 21852542
Change-Id: I3b8ff258fa9f3249c344bb8093b820b24eef00c0
For modern apps targeting M SDK and up the external storage state
is deterined by granted permissions. For apps targeting older SDK
the storage access is determined by app ops correspning to the
storage permissions as the latter are always granted.
When app ops change we do not remount as we kill the app process
in both cases enabling and disabling an app op since legacy code
is not prepared for dynamic behavior where an operation that failed
may next succeed. Hence, we remount when we start the app.
For modern apps we don't kill the app process on a permission
grant, therefore we synchronously remount the app storage.
bug:22104923
Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a
In the case when multiple apps handle a given web-link action,
all of which have been marked as "launch the app instead of a
browser" and so are otherwise ambiguous, always prefer the app
that was most recently placed into the always-handle-links state.
Bug 22051035
Change-Id: I3f43c19b0d7b74e9843445e41971bb5433affb1c
Bug: 22392651
ColorStateLists were never cached because the lazy-create
of the constant state had a typo.
Resource caching in general was broken because ThemeKey did not
clone the hash code, so all keys in the cache had a hashCode
of 0 which did not match the real, uncloned ThemeKeys hash code
so the binary search in ArrayMap based off of hash code was failing.
Change-Id: I9df1628b226bfa797bed97875354c19bf64f41ad
If the user clears data for an app we reset the permission but
only the changes made by the user. We do not modify syste or
policy flags and also ensure the permission that were granted
by default are granted after the data wipe. This is the same
as starting with a clean slate.
If the package whose data is cleared is a part of a shared user
we resent to initial state only the permissions that the cleared
package contributed. Hence, if another package also declared the
permission as used we do not clear the permission state as it is
still in use.
When a package is deleted for a user but still present for another
user we reset its permissions to their inital state follwoing
above described strategy.
Lastly when a preinstalled package wtih an upgrade is diabled
(triggers upgrade uninstall) and this package is a part of a
shared user, we do not drop permission state (grants and flags)
for permissions used by the shadowed system package. This ensures
that we do not drop runtime permission state (such state is
default grants and user changes).i
bug:22248525
Change-Id: I3a3007476d2cb9f4ff824e1e137a6e1a4d04408b
This allows you to specify that a permission can be granted to
any pre-installed system app (not just privileged ones).
And as long as I am doing this, clean up the old "system" permission
flag, renaming it to "privileged" which is what it really is today,
deprecating the old names. And switch the platform's permission
declarations to use the new name.
Change-Id: Iabf484746af232144786851ec7fe90e3de9dddb2
Many things can happen while a private volume is ejected, so we need
to reconcile newly mounted volumes against known state.
First, user IDs can be recycled, so we store the serial number in the
extended attributes of the /data/user/[id] directory inode. Since a
serial number is always unique, we can quickly determine if a user
directory "10" really belongs to the current user "10". When we
detect a mismatched serial number, we destroy all data belonging to
that user. Gracefully handles upgrade case and assumes current serial
number is valid when none is defined.
Second, we destroy apps that we find no record of, either due to
uninstallation while the volume was unmounted, or reinstallation on
another volume.
When mounting a volume, ensure that data directories exist for all
current users. Similarly, create data directories on all mounted
volumes when creating a user. When forgetting a volume, gracefully
uninstall any apps that had been installed on that volume.
Bug: 20674082, 20275572
Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9
Perform app op check in addition to the permisison check for all four
paltform components - activities, content providers, broadcast receivers,
services - if they are guarded by a permssion that has an associated app
op. This ensures that legacy apps will behave correctly if the permission
of the caller has been revoked, i.e. the app op for that permission was
disabled.
bug:22199666
Change-Id: Ia22d1c38d58b3cd6aabdc655cb7c7bddd85da7a2
...to an explicit toggle to enable in Settings
Add a new permission flag, saying the permission can be automatically
granted to pre-api-23 apps. Apply this to SYSTEM_ALERT_WINDOW.
Change-Id: I24a0ceabe7e9f5e458a864d30eda2696ad14a699
An intent may bounce several times between users.
In this case, we want mContentUserHint to refer to the original
user.
BUG:19656340
Change-Id: I22a35fab0c228140dcb223899f5e38ff33ee5aed
The default SMS, Phone, Browser are selected in the UI and we
grant default permissions to these. We do this regardless if
they are on the system image as the user has made an explicit
choice in the UI and the permission we grant are considered
essential for such type of a core app to operate properly.
bug:22104986
Change-Id: Ide8caeb524b43dde11a20460666cf34c4d35f84b
Currently registering for changes to a cross-user Uri does not work, as
the calling user id is used to identify the Uri. Change this to use the
userId the Uri is associated with. In order to protect Uris across
users, we only allow registration for a Uri when the caller has read
permission. We also only allow notify calls from across users when the
caller has write permission to the Uri.
Bug: 19312280
Change-Id: Ide216b09980ed5ebefe9b37c946dd8160167809f
