Create a new class which will hold persisted information about how an
app was installed that cannot be modified, even by the installer of
record or an app with INSTALL_PACKAGES permission.
Add a first field to hold the package name of the app that initiated
the install session.
Plumb this into SessionParams, PackageInstallerSession, InstallParams,
InstallArgs, PackageSettings, PackageProto, ActiveInstallSession etc.
Various minor refactorings along the way.
Bug: 134746019
Test: atest -p services/core/java/com/android/server/pm
Change-Id: I96d9b5034bc98af8c63088df2341e6d4a1fb1b6e
Wifi mainline module needs some permissions which are currently only
granted to signature components. Since mainline modules are not going to
be signed with OEM's signature, we need a new protection level to grant
some of these permissions to the wifi mainline APK.
Bug: 142234604
Test: Verified that wifi can get INTERACT_ACROSS_USERS_FULL permission
Change-Id: I26b0edff62497b5e08c2f2f504b0cd5f950682ad
for oems which take telephony mainline module, all telephony related
apks will be signed with non-platform certificate. that said apks won't
be able to grant platform signature permission. Solution is to add a new
telephony protection level.
Bug: 141479803
Test: cts & manual
Change-Id: Ib3be016080d42fd76e7c131f4e44d815ce431e6e
We've already been parsing them for many years, and they're well
defined by other public APIs, so let's reveal them in MediaStore.
Also get some storage-related documentation updated to guide
developers towards replacements in a post-scoped-storage world.
Bug: 140247264, 139185855, 141523097, 139185322
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: Id39a74a9972a330b3f83913b2eef5100ec59627d
ResourceLoaders allow inserting another .apk/.arsc into AssetManager's
resource resolution search. The effect is similar to overlays,
where a entry of >= config later in the path list will return that
ApkAsset's resource value instead.
Because loading from an .arsc is supported, which doesn't contain
any actual files, ResourceLoader exposes loadDrawable and
loadXmlResourceParser to allow an application load those files from
anywhere or create them in code.
The data being loaded is either pushed into an .apk or .arsc that
mocks itself as the package being "overlaid" and is passed in
through ResourcesProvider, an interface with static methods that
supports loading from a readable path on disk or a FileDescriptor.
The APIs are accessed through a Context's getResources(), which
has been changed to be unique per "Context-scope", which is usually
the lifetime of the Java object. The exception is that Activities
who get their Resources object persisted across recreations
maintain that logic for persisting ResourceLoaders.
Bug: 135270223
Test: atest FrameworksResourceLoaderTests
Change-Id: I6929f0828629ad39a21fa155e7fec73bd75eec7d
The Javadoc for OverlayManager#invalidateCachesForOverlay was mistakenly copied
from OverlayManager#getOverlayInfosForTarget.
Test: builds
Change-Id: I1e12e8f52262619e9ac55fdeb8833cd8a110fa55
Without it, apps (mainline modules) will need to use createPackageContext...,
which is a bit painful.
Bug: 142472686
Test: atest android.content.cts.ContextTest#testCreateContextAsUser
Change-Id: Id640e03862462724df1a4a3101f0b08faafba22f
The one messy internal caller is the settings provider, so a new @hide
API on PackageManager was introduced to decouple the provider from
LocalServices. That new entry point is only callable by uid 1000,
paralleling the previous system-caller-only availability.
Bug: 140833849
Test: system boots & runs normally
Change-Id: I93ae38b8f55db7864893a97795aea63014bf5e12
Define a new change id and use it for gating the change.
Test: atest -p cts/tests/signature, atest AndroidTestBaseUpdaterTest
Bug: 30188076
Change-Id: Ic8c85eae0c490a7eca117b74c4326dd50df2b352
We've heard that some developers want more detailed influence over
the sort order applied internally inside of a ContentProvider. For
example, when the locale is "zh", the caller may want to sort using
either "pinyin" or "zhuyin" style collations.
Thankfully ICU already supports this type of collation control when
creating a ULocale object, and it also supports other useful types
such as "de@collation=phonebook". Thus this CL adds a new
QUERY_ARG_SORT_LOCALE that can be used to pass an ICU locale string
into a ContentProvider.
Similar to the other existing query arguments, we know that only
certain providers may support this new option, so we document that
it should be included in EXTRA_HONORED_ARGS when applied.
Bug: 140248907
Test: atest cts/tests/tests/content/src/android/content/cts/ContentResolverTest.java
Change-Id: I3277725ecd21a58680f2b8a5cc62514184d9e179
We had accidental usages of the PermissionChecker for cases where no
private data was provided to the app but the checkPermission API on
the latter also did blame data access on the app. The PermissionChecker
was designed to handle IPC calls and not for generic API checks.
To avoid future accidental incorrect PermissionChecker usages this
change renames the existing APIs of the latter to clearly indicate
that they should be used for data delivery and also adds sibling
methods for doing the same permission checks for preflight purposes.
Also the documentation is improved to furhter assist developers.
In addition, this change fixes accidental permission checker usages
that blame when they should not by using the new preflight flavor
of the permission check APIs.
Test:
atest com.android.settingslib.location.RecentLocationAppsTest
atest CtsPermissionTestCases
added: LocationAccessCheckTest#notificationOnlyForAccessesSinceFeatureWasEnabled
added: LocationAccessCheckTest#noNotificationIfFeatureDisabled
added: LocationAccessCheckTest#noNotificationIfBlamerNotSystemOrLocationProvider
added: LocationAccessCheckTest#testOpeningLocationSettingsDoesNotTriggerAccess
bug:141028068
Exempt-From-Owner-Approval: merge
Change-Id: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
- New class AccessibilityShortcutInfo to describe accessibility
shortcut.
- New Intent category for the target of accessibility shortcut
Bug: 136293963
Test: atest AccessibilityShortcutInfoTest
Change-Id: Id47d397a03f3f710368550e551097214c7839943
ag/9372503 put the order of reading preCreated from a UserInfo parcel
in the wrong spot. We fix it here.
Test: none
Change-Id: I4502e901ff2aac977c584fa8c5a3d1263be33572
We had accidental usages of the PermissionChecker for cases where no
private data was provided to the app but the checkPermission API on
the latter also did blame data access on the app. The PermissionChecker
was designed to handle IPC calls and not for generic API checks.
To avoid future accidental incorrect PermissionChecker usages this
change renames the existing APIs of the latter to clearly indicate
that they should be used for data delivery and also adds sibling
methods for doing the same permission checks for preflight purposes.
Also the documentation is improved to furhter assist developers.
In addition, this change fixes accidental permission checker usages
that blame when they should not by using the new preflight flavor
of the permission check APIs.
Test:
atest com.android.settingslib.location.RecentLocationAppsTest
atest CtsPermissionTestCases
added: LocationAccessCheckTest#notificationOnlyForAccessesSinceFeatureWasEnabled
added: LocationAccessCheckTest#noNotificationIfFeatureDisabled
added: LocationAccessCheckTest#noNotificationIfBlamerNotSystemOrLocationProvider
added: LocationAccessCheckTest#testOpeningLocationSettingsDoesNotTriggerAccess
bug:141028068
Merged-In: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
Change-Id: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
Initial user creation is slow because the system must prepare per-user data (like storage and
permissions) whose cost is proportional to the number of pre-installed apps. On automovive's
reference implementation, it can take more than 10s, which is a bad user experience.
This change lets OEMs pre-create some users , so that high initial-creation cost is "paid" during
the initial boot. On automotive, it improves the creation of an additional user (or guest user)
in about 7s (from ~17s to 9s).
Bug: 111451156
Bug: 132111956
Bug: 140750212
Bug: 140868593
Test: manual verification
Test: atest FrameworksServicesTests:UserControllerTest#testStartTemplateUser_background
Change-Id: I81de1b5376dc9c42b63be8853d7204c88826401f
SYNCHRONOUS is a flag for setComponentEnabledSetting()
which will serialise the given user's package restrictions
state (including enabled + disabled packages) after the
specified component state has been updated.
Test: manual
Bug: 130044763
Change-Id: I615e5af6361718b5f3c355ca4424d1f8c4fb078f
Signed-off-by: Julius D'souza <jdsouza@google.com>
This reverts commit 243e7ea14b.
Reason for revert: b/141854898
Exempt-From-Owner-Approval: Revert for failure to boot
Change-Id: Id6812e5ecf7d88504706b2c4110d83f1034ab85c
