Apps that are already installed on the device before isolated_storage
feature is enabled will be granted MOUNT_EXTERNAL_LEGACY mode. In this
mode, /mnt/runtime/write will be mounted at /storage giving them same
level of access as in P.
A new mount directory /mnt/runtime/full is also created which will be
used for mounting at /storage for apps started with MOUNT_EXTERNAL_FULL
mode. This will allow apps with WRITE_MEDIA_STORAGE permission to
read/write anywhere on the secondary devices without needing to bypass
sdcardfs.
Bug: 121277410
Test: manual
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I4ec73276d7c586ae4afc482580d1eb8ee03d5be1
The dire warning about canonicalising paths before calling
FileUtils#contains was present on two overloads but not the
third. Added it there to try to make it harder to miss.
Test: Builds.
Change-Id: I983fe86e57ff3f7052f4f5d55f2bbd9e5740429a
The application zygote can run untrusted user code; since it also
has the capability to change the uid/gid of the process, we need
to ensure that any changes to the uid and/or gid stay within the
range that we have allocated for this application zygote.
For application zygotes, we install the app_zygote seccomp
filter instead of the regular app filter; the only difference
between this filter and the app one is that it allows
setuid/setgid calls.
To further limit this, pass down the allocated UID range to the
Zygote itself, which in turn installs an additional seccomp
filter that restricts setuid/setgid calls to this range.
The actual calls into seccomp are commented out until the seccomp
changes are merged; to avoid catastrophe, this will leave the
regular app filter for the app_zygote, which is more restrictive
and doesn't allow setuid at all.
Bug: 111434506
Test: atest CtsSeccompHostTestCases passes
Change-Id: I112419629f5ee4774ccbf77e2b1cfa5ddcf77e73
Add methods used by VintfDeviceInfo, a CTS test, to TestApi.
Also remove them from greylist.
Bug: 111610941
Test: builds
Change-Id: Ieccf8c9225132fd604d7df0fc7e9976f63f9077c
We only want to load a temporary rules file for processing if the
current app is debuggable or if adb is running as root. The logic to
do this is a bit less than straightforward to read and we don't
currently log the values to help make it clearer (though we know they were
both 'false' to return early). This change helps make the code a bit
easier to read and adds some logging that helps make reading the logs a
little easier too.
Bug: 122612037
Test: atest CtsAngleIntegrationHostTestCases
Change-Id: I38baf02ebdb847f9423a80a1093385903eda1686
Based on ro.build.version.preview_sdk_fingerprint, which is
generated by the build system based on the contents of the
public / system API fingerprint. This value helps implement
finer grained targeting of packages to preview releases.
Test: atest BuildTest; manual
Bug: 120439642
Change-Id: Ib2c28d96ea0fa2ed9a6be4c05580c164e39cdd9f
Make Nat464Xlat talk to netd directly instead of through
NetworkManagementService. The methods in NetworkmanagementService
don't really provide any value: since the only thing they do is
call into netd, we might as well have the callers talk to netd
directly,
In order to do this, pass INetworkManagementService and INetd to
the NetworkAgentInfo constructor, and update callers appropriately.
Bug: 65674744
Test: builds, boots
Test: atest FrameworksNetTests
Change-Id: Iac4cfe709c6279e4d9682b6754963e533707bd12
Since the CTS test for android.os is build with test_current.
Bug: 78650449
Test: android.os.cts
Change-Id: If784f4949af931c6c4efc284f1d16414705fe2d4
Merged-In: If784f4949af931c6c4efc284f1d16414705fe2d4
Add dummy implementations for status, error and finished callbacks.
Next step: wire these up end-to-end; change Shell's listener to be
BugreportManager.BugreportListener, and make it communicate with the
native service explicitly through the new system api.
BUG: 111441001
Test: Verified progress in interactive bugreport still works
Change-Id: Iad0bb7b23b04f6bc7e3b31e5071df42409c78684
The API is mostly implemented; except for hooking up the listener
and handling an already running bugreport.
BugreportManager is the handle to the new API exposed to apps.
Generating bugreports requires root privileges. To limit the footprint
of the root access, the actual bugreport generation in Dumpstate binary,
is accessed as a oneshot service and dies after it finishes
running.
System server accesses Dumpstate via a binder interface since it does
not have root privileges.
Starting a oneshot service is done via setting a system property, which
needs to be done from system server. BugreportManagerService is the
new system server service that does this. BugreportManager calls into
BugreportManagerService via a binder interface, since the former is in
the app's process.
Both app to system server as well as system server to native service
calls are via implementations of IDumpstate binder interface.
Bug: 111441001
Test: builds. Flashed & verified it boots.
Test: wrote a test client (not included) and verified invoking
startBugreport works.
Change-Id: I4abeb753388c055c36ae0dd916af1ec8d40b7bf0
Merged-In: I4abeb753388c055c36ae0dd916af1ec8d40b7bf0
This change is the main check in for the historical app op feature.
The idea is to store a historical data about past app op rejections,
accesses, and durations per op for any UID state indefinitely.
Keeping all operations on record is not practical as app ops are
very frequently performed. To address this we are storing aggregated
data as snapshots where we store for every UID and its packages
how many times each op was accessed, rejected, lasted as an aggregate.
To allow history scaling indefinitely we are taking a logarithmic
approach with only the most recent state stored in memory and all
preceding state stored on disk. State on disk is stored in separate
files where each preceding file, i.e. for an older period, would
cover X times longer period with X number of snapshots covering
X times longer period. Initially X is ten but can be tweaked. For
example, the first file could contain data for ten days with daily
snapshots, while the file for older period would have data
for a hundred days with snapshots every ten days, etc.
The implementation is optimized for fast history update and no impact
on system runtime performance and minimizing memory footprint. We
are lazily persisting state to disk on a dedicated thread as this is
slow. We are also reading the relevant historical files on a query
as this is very rare as opposed to state updates.
The base snapshot interval, i.e. snapshot time span, in the initial
iteration and the logarithmic step are configurable. These can be
changed dynamically and the history would be rewriten to take this
into account.
Test: atest CtsAppOpsTestCases
bug:111061782
Change-Id: I55c32c79911ba12b2ace58d2a782b8df1e6bff60
The API is mostly implemented; except for hooking up the listener
and handling an already running bugreport.
BugreportManager is the handle to the new API exposed to apps.
Generating bugreports requires root privileges. To limit the footprint
of the root access, the actual bugreport generation in Dumpstate binary,
is accessed as a oneshot service and dies after it finishes
running.
System server accesses Dumpstate via a binder interface since it does
not have root privileges.
Starting a oneshot service is done via setting a system property, which
needs to be done from system server. BugreportManagerService is the
new system server service that does this. BugreportManager calls into
BugreportManagerService via a binder interface, since the former is in
the app's process.
Both app to system server as well as system server to native service
calls are via implementations of IDumpstate binder interface.
Bug: 111441001
Test: builds. Flashed & verified it boots.
Test: wrote a test client (not included) and verified invoking
startBugreport works.
Change-Id: I4abeb753388c055c36ae0dd916af1ec8d40b7bf0
Synchronize settings between sound and accessibility menus
Bug: 116172311
Test: See accessibility vibration settings - ring and notification
settings sould be separate. Try changing vibration settings in sound and
accessibility menus - the settings should stay in sync.
Change-Id: Ia0276dfdd0efafe211c14cda140831b57f8c42b1
This change also fixes typos and adds some missing comments
Bug: 119221883
Test: Build, flash and boot, verify with prototype
Change-Id: Ida976c4fb3d4af5ffc1d9b977f00fa9c7239a434
