Also make these configurable so we have the flexibility to change it if
necessary.
Setting the policy inside ActivityManagerService is not ideal, as that
means that AMS is the only place where the policy in ApplicationInfo is
correct. It should really be set inside PackageManagerService. However,
if it's set there, it would get out of date when the settings change, and
we'd have to update inside AMS anyway. So putting it only here seems ok
for now.
Test: $ adb shell settings put global hidden_api_policy_pre_p_apps 2
Test: $ adb shell settings put global hidden_api_policy_p_apps 2
Bug: 64382372
Change-Id: Ic4cbbb1e6464623e90c17ae08c0b6cbbe0dfa125
Earlier setPackagesSuspended ignored the rest of the paramters when
suspend state did not change. This was a problem because then there was
no good way to update the other parameters without unsuspending the app,
which is not desirable.
Removed setSuspendedPackageAppExtras as now they can be update with this
api.
Also sending broadcasts when packages get unsuspended due to suspending
package removed.
Test: Existing tests pass:
atest com.android.server.pm.PackageUserStateTest
atest com.android.server.pm.SuspendPackagesTest
atest com.android.server.pm.PackageManagerSettingsTests
Bug: 77522553
Change-Id: I72a3c228d3d65c430e242da97b2bc6997ec6a135
Prior to this change there was a chance that an updating app would not
exist in mPackages and cause a permission check for that app to fail.
This change moves all permission checks to use mSettings and the cached
package it contains to do the checks.
Change-Id: I0717bddbb08b1d0dbab3ea79fa0d2067aa858753
Fixes: 76228188
Test: Manual - system starts, permission checks work before / after update
Address API review by describing relationship between the
PackageManager.hasSigningCertificate() methods and the PackageInfo
GET_SIGNING_CERTIFICATES method, as well as differentiating the
UID documentation from the package-name based one.
Bug: 74831566
Test: None, doc change.
Change-Id: I11c556325f9b2efbc2e5e1cf896b9c58db092ae8
Use the common rethrowFromSystemServer() pattern. Carefully only
throws for calls going to system_server; leaves existing behavior
intact when calling a ContentProvider.
Bug: 77671218
Test: builds, boots
Change-Id: Ie5e0763fb5e62b832f2b6a03c8f9d72dab3bf89a
It seems pretty unlikely that we'd ever want to disallow access to the
light greylist in P, since doing do would break do many apps. We don't need
this policy here as an opt-in for apps now, since the StrictMode work will
achieve the same thing.
Instead, make a "just warn" policy which allows access to all APIs, but
leaves the detection and logging logic in place. This gives us the option
of disabling enforcement, but still gathering logs to find out which apps
use which APIs.
Bug: 77517571
Test: Boot device
Test: Hardcode policy of HIDDEN_API_ENFORCEMENT_JUST_WARN and verify log
Change-Id: I588f347716a79ac5887b74763c8afc16b3be699b
Added an AlertActivity to intercept the start for an activity belonging
to a suspended app. More details will be shown if the suspending app
also defines an activity to handle the API action
SHOW_SUSPENDED_APP_DETAILS.
Test: Added tests to existing classes. Can be run via:
atest com.android.server.pm.SuspendPackagesTest
atest com.android.server.pm.PackageManagerSettingsTests
atest com.android.server.pm.PackageUserStateTest
Bug: 75332201
Change-Id: I85dc4e9efd15eedba306ed5b856f651e3abd3e99
This change plumbs the original uid of a startActivity call through to
PackageManagerService#queryIntentActivitiesInternal so that we properly
filter.
Test: manual - launch previously failing instant app
Change-Id: I0a62195f67c2e08315ce2d87f1d8c516c2327ba6
Fixes: 77489209
This compatibility change ensures that apps built for pre-P that rely
on reflection to access ApplicationInfo#versionCode don't crash. The
move to long version code introduces a new field and all modifications
of the field are wrapped in a method that ensures both the new and old
fields are set appropriately.
Test: manual - impacted app runs
Change-Id: I5fb37c65b0fb04042dda12479d1e1a76590daa3d
Fixes: 74393568
This means that APKs signed with the platform cert are allowed to use
hidden APIs, even if they are not on the package whitelist, and if they are
not in the system image. It will also allow a number of packages to be
removed from the package whitelist.
Also remove all platform cert signed apps from the package whitelist, as
there is no longer any need for them to be in there.
Bug: 64382372
Test: device boots
Change-Id: Id805419918de51f946c1f592581bab36ae79de83
Suspended packages get their activities intercepted at start, but they
can still show system_alert or toast_windows from other components.
These need to be hidden when the app goes into suspend and unhidden when
it is unsuspended.
Test: atest com.android.server.wm.WindowStateTests
Bug: 77498821
Change-Id: I9ac446f20feb23e2090ba306b4435c46b9aeec95
Add a new capability that may be granted to past signing certificates
after changing to a new signing certificate that will allow applications
to go back to a previous signing certificate. This capability is
intended to not be granted, but may be added later in the event that
a signing certificate change caused undesirable behavior.
Bug: 73927694
Test: PkgInstallSignatureVerificationTest
Change-Id: I7453a2da00e740a55de45e7b144f308a9bc33772
(cherry picked from commit a1d0cf74f9)
Add a new capability that may be granted to past signing certificates
after changing to a new signing certificate that will allow applications
to go back to a previous signing certificate. This capability is
intended to not be granted, but may be added later in the event that
a signing certificate change caused undesirable behavior.
Bug: 73927694
Test: PkgInstallSignatureVerificationTest
Change-Id: I7453a2da00e740a55de45e7b144f308a9bc33772
The suspending app can provide a Bundle of information to be used by the
launcher for handling suspended packages. Added APIs:
- getSuspendedPackageLauncherExtras(String, UserHandle): To retrieve
the launcher extras for the given package and user.
- Callback#onPackagesSuspended(String[], UserHandle, Bundle): A
callback that will be invoked with the package names and the launcher
extras whenever sent packages are suspended.
Test: atest com.android.server.pm.SuspendPackagesTest
Bug: 76119578
Change-Id: I505d134809639a57c3314f994af34d576d905e74
