If private user data is send to an app the data provider should note an
app-op. This change adds a new API AppOpsManager#setNotedAppOpsCollector
that allows an app to get notified every time such an private data access
happens.
This will allow apps to monitor their own private data usage. Esp. with
big, old apps, distributed teams or 3rd party libraries it might not always
be clear what subsystems access private data.
There are three different situations how private data can be accessed and
an app op is noted:
1. Private data access inside a two-way binder call.
E.g. LocationManager#getLastKnownLocation. When we start a two way
binder transaction, we remember the calling uid via
AppOpsManager#collectNotedAppOps. Then when the data providing code
calls AppOpsManager#noteOp->AppOpsManager#markAppOpNoted the noted
app-op is remembered in
AppOpsManager#sAppOpsNotedInThisBinderTransaction. Then when returning
from the binder call, we add the list of noted app-ops to the
reply-parcel via AppOpsManager#prefixParcelWithAppOpsIfNeeded. On the
calling side we check if there were any app-ops noted in
AppOpsManager#readAndLogNotedAppops and then call the collector while
still in the binder code. This allows the collector e.g. collect a stack
trace which can be used to figure out what app code caused the
private data access.
2. Very complex apps might do permissions checks internal to themself.
I.e. an app notes an op for itself. We detect this case in
AppOpsManager#markAppOpNoted and immediately call the collector similar
to case (1).
3. Sometimes private data is accessed outside of a two-way binder call.
E.g. if an app registers a LocationListener an app-op is noted each time
a new location is send to the app. In this case it is not clear to the
framework which app-action triggered this app-op-note. Hence the data
provider has to describe in a AsyncNotedAppOp object when an why the
access happened. These objects are then send to the system server via
IAppOpsService#noteAsyncOp and then the collector in the app. There are
rare cases where a private data access happens before the app is running
(e.g. when a geo-fence is triggered). In this case we cache a small
amount of AsyncNotedAppOps (in AppOpsService#mUnforwardedAsyncNotedOps)
and deliver them when the app is ready for these events (in
AppOpsManager#setNotedAppOpsCollector).
Test: atest CtsAppOpsTestCases (includes new tests covering this
functionality)
Bug: 136505050
Change-Id: I96ded4a8d8d9bcb37a4555d9b1281cb57945ffa9
To prepare for enabling MissingNullability Metalava check this CL
works on adding missing nullability issues that metalava flags if
we tell it to flag new things since API 29.
This is not a complete CL, mostly addresses public api and
toString/equals for @SystemApi
Exempt-From-Owner-Approval: Large scale nullability clean up
Bug: 124515653
Test: make -j checkapi
Change-Id: I109260842cfc25f06e40694997fcbb4afa02c867
We still need to populate mValues when the ContentValues was empty.
Bug: 139356941
Test: atest --test-mapping packages/providers/ContactsProvider
Change-Id: Ice90afbb7994e1a1d10076a2aa48b4d1187abe9f
As of Android Q, an app is included in the return value of
LauncherApps#getActivityList() unless it fulfills specific criteria.
This CL describes the conditions necessary for an app's activities
to *not* appear in the list.
Test: make ds-docs -j32
Bug: 130352392
Change-Id: I6a6e17351a6c1234229d1d7eb8147ee2c24ee2c9
No change to logic, only documentation.
This updates Context#getSharedPreferences docs:
* Fix a typo ("thead" -> "thread")
* Formatting: use <p> when appropriate, {@link} to other APIs, limit
the @param to only a single sentence
* Mention getSharedPreferences() may actually perform disk IO (this was
undocumented)
* Mention Editor#apply() as well as #commit()
Fixes: 140137651
Test: make docs
Change-Id: I245371d13d4f317c6c522debcdf7938ab783f897
This changes RollbackTest to retry checks for available rollbacks for
a certain period of time, using a new RollbackUtils method
waitForAvailableRollbacks.
Currently many of the tests in RollbackTest are flaky due to race conditions
between checking for available rollbacks and the installer onFinished callback.
This CL should fix all of those issues.
The previous attempt to resolve this by adding NewRollbacks speculatively to
the results of getAvailableRollbacks was not successful. This CL reverts that
change so that getAvailableRollbacks once again only returns rollbacks that are
actually available.
Bug: 136548146
Test: atest RollbackTest run on cuttlefish on acloud repeatedly
Change-Id: I27e2513b34f49af2f41cd627a5d2550541831e11
Line was too long in previous commit so just updating that fix and
cleaning it up.
Bug: 139554125
Test: atest android.content.ContentProviderTest
Change-Id: Ie63151db35cc47f691b5a4733409c10b1ac4299c
The onSharedPreferenceChanged listener will now also be called on
Editor#clear with a null key.
This change is gated behind a flag using the new app compat framework.
Removed the OnSharedPreferencesClear listener interface.
Bug: 119147584
Bug: 138293946
Test: atest android.content.cts.SharedPreferencesTest
Change-Id: Ieea168eb40afb8f1b5830f1541be20d93d6f94b5
1. If a previous version of an app doesn't declare internet permission;
2. The User upgraded it to a new version and the new one does declare the
internet permission;
3. The new app are not allowed to access the internet until next boot
Bug: 137864893
Test: Manual, just make sure the onPackageChanged would be executed on package changes
Change-Id: I69cdbb16a027a9c4e974b32371b1f64a23a51a23
Signed-off-by: wangmingming1 <wangmingming1@xiaomi.com>
Added internally in Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd,
of which this is a partial cherry-pick.
Bug: 137864893
Test: builds, boots
Change-Id: I6975e0b70ded6047e1ac8013a82bc35ff150f03b
Merged-In: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
The lowest target SDK version (instead of the highest) should be used
in order to stay compatible with existing older apps.
Bug: 136503238
Test: presubmit
Change-Id: If3b23ae4441166c98934cdd1f4adb7ded714abc3
We have getContentUri() for entire collections of items, but we
only have ID-specific overloads for some of the MediaStore classes;
let's get them all added for consistency.
Remove primary/secondary directory logic, which was replaced by
new RELATIVE_PATH column before Q launched.
Bug: 137890034
Test: atest --test-mapping packages/providers/MediaProvider
Exempt-From-Owner-Approval: trivial API refactoring
Change-Id: Iae4e7fe57adff071c35af459e31223a1fd05fef2
SystemService now defines a isSupported(UserInfo), which is used by SystemServiceManager to
skip the service for the unsupported types.
Also added a new argument to SystemService.onSwitch() to indicate which user is
being switched from.
Finally, also fixed VoiceInteractionManagerService so it doesn't start for headless user 0.
Test: manual verification
Test: atest CtsVoiceInteractionTestCases CtsAssistTestCases # on automotive and walleye
Bug: 133242016
Bug: 137878080
Change-Id: Ife4bd875f412f85cccf9c9fd03115abd238d7eab
To com.android.internal.compat.IPlatformCompat. This solves a java9
issue because libcore exported api has the same package android.compat.
Test: EXPERIMENTAL_JAVA_LANGUAGE_LEVEL_9=true make framework
Change-Id: I0918344f670669cecb04f1e9e54dbcb471b587d5
It's needed by ActivityManager and PackageManager.
Also use a constant in Context for the name.
Test: flashed device with ag/9025572 and ag/9204795 and the platfrom
compat was accessible.
Bug: 137769727
Change-Id: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
Merged-In: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
It's needed by ActivityManager and PackageManager.
Also use a constant in Context for the name.
Test: flashed device with ag/9025572 and ag/9204795 and the platfrom
compat was accessible.
Bug: 137769727
Change-Id: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
Merged-In: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
It's needed by ActivityManager and PackageManager.
Also use a constant in Context for the name.
Test: flashed device with ag/9025572 and ag/9204795 and the platfrom
compat was accessible.
Change-Id: Ie1130a3f0bdd1769fe0755db0089702ea64d9db6
Packages with INTERACT_ACROSS_USERS_FULL can now access
ContentProvier#checkUser.
Bug: 139188114
Test: atest ContentProviderTest
Change-Id: Ie71387a26da66ebe34f296476c284c33abba6368
This CL adds NewRollbacks to the return value of getAvailableRollbacks,
as long as the PackageRollbackInfo is complete (i.e. there is one for
each child session in the install).
Including these should avoid the potential race condition between the
install finishing and getAvailableRollbacks being called which affected
some of the tests. This means that the draining of the handler that was
previously added to getAvailableRollbacks can now be removed.
In order to avoid a similar race condition when rollbacks are expired, this
change also cancels corresponding NewRollbacks when expireRollbackForPackage
is called.
Bug: 136241838
Bug: 136548146
Test: atest RollbackTest
Test: manual local test with delay added to onFinished in the service callback
Change-Id: I015ee5925e38118c40f4b9e145f78fb12c0e2890
