This is a preparation to mark
InputMethodManager#setCurrentInputMethodSubtype() deprecated.
InputMethodManager#setCurrentInputMethodSubtype(), which was
introduced in Android 4.0 ICS [1], was probably mistakenly exposed as
a public API, because it has required WRITE_SECURE_SETTINGS that
typical applications cannot have.
Keeping maintaining InputMethodManager#setCurrentInputMethodSubtype()
is not that simple because now we are about to enable per-profile IME
mode, where this method needs to have a more clear spec about what
"Current" means.
An ideal solution is just removing this method, because if the caller
already has WRITE_SECURE_SETTINGS permission, they can just directly
update Settings.Secure.SELECTED_INPUT_METHOD_SUBTYPE to achieve the
same goal. However, given that this has been a public API, it would
probably make sense to provide a fallback implementation like I did
for null IME token in InputMethodManager#setInputMethod() [2].
Either way, InputMethodManager#setCurrentInputMethodSubtype() will be
marked as deprecated in a subsequent CL.
[1]: I55daa19ba924999def544bf841f00bf54852f3e1
b66d287e30
[2]: I42dd0325b01c527009bf85566ca8ba0766b2294e
0c1ebffdb3
Bug: 123249820
Test: manually done with a test app that has WRITE_SECURE_SETTINGS
Change-Id: I76da83c57cffc6b73defccfd4a1b5734c958a97e
To represent the UI location of a Notification we add the class enum
NotificationVisibility.NotificationLocation.
Bug: 120767764
Test: atest SystemUITests
Change-Id: I572c1cb7e585158f29675afd5255898e7f78e820
A system API VrManager#setVrInputMethod(), which was originally
introduced in Android P [1], has hever been used actually. To avoid
unnecessary maintenance burden in the Android Framework, this CL makes
VrManager#setVrInputMethod() no-op.
For those who want to develop VR Keyboard, they should be able to use
Android P build to see if it actually works and it's actually what
they want. In the future, if we can have a working prototype, we can
revisit here to see if we want to restore the framework implementation
or not.
Note that with this CL IMEs that have android:isVrOnly="true" will
always be ignored.
There should be no user/developer visible behavior change because this
is about an unused system API.
[1]: I1db7981b5198e7e203d4578cae7e5b6d20037d0d
89a6c48a8b
Bug: 72522822
Fix: 122058241
Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases
Test: atest FrameworksCoreTests:InputMethodInfoTest
Test: atest FrameworksServicesTests:InputMethodManagerServiceTests
Change-Id: I5464ff74b92ff4a0d30002d643bd3c89925f0f0c
In framework's ShareSheet, load direct share targets from both
ShortcutManager(new API) and ChooserTargetService(old API).
Bug: 111698461
Test: Manual test on device
Test: atest ChooserActivityTest
Change-Id: I1113b6b1d625ad938d61db9af825a688bd5ef93c
This commit adds Java Language wrappers for native blastula management
functions. No changes are made to the application lifecycle.
Topic: zygote-prefork
Test: make & flash & launch apps & check log for messages
Bug: 68253328
Change-Id: Ie9fd0aea2952dbd3baaca22c820e9af700f5e89d
This commit moves the ZygoteConnection.Arguments class into its own file
and re-names it to ZygoteArgumens. Doing this also required small
changes to files that used ZygoteConnection.Arguments. In turn, this
required some changes to make the files conform to the Frameworks style
guide.
Highlights include:
* Moving ZygoteConnection.Arguments to ZygoteArguments
* Moving helper functions from ZygoteConnection to Zygote
* Re-named member variables in the ZygoteArguments class
* Removed unused imports.
Topic: zygote-prefork
Test: make & flash & launch apps & check log for messages
Bug: 68253328
Change-Id: Ideb414c87a92020128a644147949ef4f4133ae33
This commit mostly re-flows the code in ZygoteInit.java to conform to
the Frameworks style guide.
Topic: zygote-prefork
Test: make & flash & launch apps
Bug: 68253328
Change-Id: I0d348caa1d9ca2a4c1e32430e0eebdd91672e473
This commit made the following changes to make the code conform to the
Frameworks style guide:
* Re-named variables
* Re-flowed code
* Organized includes
Topic: zygote-prefork
Test: make & flash & launch apps
Bug: 68253328
Change-Id: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
This patch adds native support for spawning and managing blastula pools,
as well as several code cleanups and modernizations.
Changes includes:
* A function to fork blastulas
* A table for managing blastula-related data
* Functions for adding and removing blastula data from the
aforementioned table
* Switching from NULL to nullptr
* Replacing string-passing error handling with a curried failure
function
* Utility functions for handling managed objects
* JNI functions for blastula pool management
Change-Id: I12cd9f2c87a2e3c00d64b683edf3631e29a51551
Topic: zygot-prefork
Test: make & flash & launch apps & check log for messages
Bug: 68253328
To know from what UI location a notification was expanded we here pass
the location of the notification through
onNotificationExpansionChanged().
Bug: 120767764
Test: atest SystemUITests
Test: atest NotificationManagerServiceTest
Change-Id: I20612f5a88cf987f434392ae7a004d3ee3098998
Disable certain APIs which require secure lock screen if the device
doesn't have the feature.
Make sure one cannot set the password/PIN if there is no secure lock
screen, because the password/PIN wouldn't be really used afterwards
while the password strength checks would succeed, creating a false
sense of security.
Allow setting password strength requirements in DPM - test if the
current password is sufficient will fail automatically if there is
no secure lock screen.
Bug: 111072170
Bug: 111071972
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases
Test: cts-tradefed run cts -m CtsAdminTestCases
Test: frameworks/base/core/tests/utiltests/runtests.sh
Test: adb shell am instrument -w -e class com.android.internal.widget.LockPatternUtilsTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Test: atest SyntheticPasswordTests
Test: atest LockSettingsServiceTests
Test: atest LockSettingsShellCommandTest
Test: atest DevicePolicyManagerTest (for servicestests)
Change-Id: Ie46b0de6cb03c26dd05c05711c5c3b5e36a872df
- DhcpClient only shares its handler with IpClient, and NetworkMonitor
has its own handler: remove Protocol.BASE_DHCP,
Protocol.BASE_NETWORK_MONITOR
- Remove dependency on Network.netid in NetworkMonitor
- Remove dependency on Sets.newArraySet in DhcpServingParams
- Remove dependency on formatDuration() in DhcpClient
- Replace isMetered() with hasCapability() in NetworkMonitor
- Use WifiManager.isScanAlwaysAvailable instead of reading setting
Test: atest FrameworksNetTests NetworkStackTests
Bug: 112869080
Change-Id: Ieef54d847ddc081fb33cbad0b050b06d2e52548e
This CL deprecates SuggestionSpan#ACTION_SUGGESTION_PICKED and related
constants [1].
There are multiple security concerns, open questions about
compatibility, and maintainance challanges in this protocol.
IME developers can implement their own suggestion picker UI on top of
CursorAnchorInfo API to achieve safer, should give more flexible UI
options, better security, and better compatibility.
[1]: Ia539de0acf66053e0349daec459d75e36805f6bf
f9f0100862
Fix: 123160396
Test: make -j checkbuild
Change-Id: I6d39e838ae47488055162cd44b5f553f68869b17
Since its bettining [1] notifyUserAction() has been implemented as an
async IPC method. This wasn't changed when I recently moved it from
IInputMethodManager to IInputMethodPrivilegedOperations [2].
However, mixing sync and async methods into the same Binder object is
known to be an anti-pattern. Although sending some signals in an
asynchronous manner would make sense, it should be done by converting
all the methods to async (with some result callbacks for operations
that need to receive responce) like we do so in IInputContext.aidl.
As for IInputMethodPrivilegedOperations, I think converting
notifyUserAction() from async to sync is acceptable because there are
already similar sync methods such as:
* setImeWindowStatus
* reportStartInput
* reportFullscreenMode
* updateStatusIcon
[1]: I11ed9a767588f8080753cd9bce011dac7db579ad
d7443c83ce
[2]: Icc1f9c7f530f0144ecfd460e86114e109ae0044e
c07fd4c284
Bug: 114159783
Test: Manually verified as follows
1. Build and flush aosp_taimen-userdebug into Taimen
2. make -j SoftKeyboard
3. adb install -r $OUT/system/app/SoftKeyboard/SoftKeyboard.apk
4. adb shell ime enable com.example.android.softkeyboard/.SoftKeyboard
5. Open AOSP Keyboard settings
6. Enable "English (US)", "French", and "German"
7. Open SoftKeyboard settings
8. Enable "English (United States)", "English (GB)"
9. Open the Dialer app and tap the top edit field.
10. Make sure that the IME layout rotation order when tapping the
globe key will be updated only when you tap the keyboard to enter
some character.
11. Also confirm it with "adb shell dumpsys input_method" by checking
"mSwitchingController:" section there.
Change-Id: I9d41f19e30f205acd4d257a105e285bd32288130
Apps that are already installed on the device before isolated_storage
feature is enabled will be granted MOUNT_EXTERNAL_LEGACY mode. In this
mode, /mnt/runtime/write will be mounted at /storage giving them same
level of access as in P.
A new mount directory /mnt/runtime/full is also created which will be
used for mounting at /storage for apps started with MOUNT_EXTERNAL_FULL
mode. This will allow apps with WRITE_MEDIA_STORAGE permission to
read/write anywhere on the secondary devices without needing to bypass
sdcardfs.
Bug: 121277410
Test: manual
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I4ec73276d7c586ae4afc482580d1eb8ee03d5be1
traffic. These were needed for a transitional period, but are now
irrelevant. Also improve usage documentation of MetricsLogger.
Bug:122470739
Test: atest SystemUITests and manual testing.
Change-Id: Ic93bfe34cedef8e2370d2144aa4b50795f70781c
This is a follow up CL to our previous CL [1], which enabled spell
checker for background users. In that CL, we assumed that spell
checker user ID can and should always be determined by the calling
user ID. This assumption is not valid at least for direct-reply
notifications on System UI, because System UI always runs as user 0 no
matter who is the current active user.
In order to allow TextServicesManagerService (TSMS) connect to the
right user for such a special use case, this CL introduces a hidden
parameter "userId" to each IPC so that clients that have
INTERACT_ACROSS_USERS_FULL can override the target user ID when
necessary.
For instance, to interact with user 10's spell checker services, you
can obrain a special instance of TextServicesManager as follows.
TextServicesManager tsmForUser10 = context
.createPackageContextAsUser("android", 0, 10 /* userId */)
.getSystemService(TextServicesManager.class)
If the calling process does not belong to user 10, any operations on
that TextServicesManager will result in SecurityException unless the
calling package needs to have INTERACT_ACROSS_USERS_FULL.
This CL is just a preparation. There should be no user-visible
behavior change yet.
[1]: I06c27ef834203a21cc445dc126602c799384527b
06a2624049
Bug: 123043618
Test: spell checker still works
Change-Id: I31dda3ae8795190d44b0622b8335c34ddbc5dd48
This is a preparation to propagate the expected IME user ID from
direct-reply notification to InputMethodManagerService (IMMS).
When per-profile IME mode [1] is enabled, IMMS basically assumes that
the IME user ID should be determined by calling process's user ID.
This works for most of apps, but does not work for direct-reply hosted
in the System UI process, which always runs as user 0.
With this CL, client apps can explicitly specify the target IME user
ID by using @hide field in EditorInfo. For instance, to tell IMMS to
connect to user 10's IME, do this:
@Override
public InputConnection onCreateInputConnection(EditorInfo info) {
InputConnection ic = super.onCreateInputConnection(info);
info.targetInputMethodUser = UserHandle.of(10); // user 10
return ic;
}
The calling process will receive SecurityException if it does not
belong to user 10 and does not have INTERACT_ACROSS_USERS_FULL.
This CL is just a preparation. There should be no user-visible
behavior change yet.
[1]: Ied99664d3dc61b97c919b220c601f90b29761b96
a878b9500e
Bug: 120744418
Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases
Change-Id: Ia7ea944438d69669ccdf9111b34ba400e786a602
The application zygote can run untrusted user code; since it also
has the capability to change the uid/gid of the process, we need
to ensure that any changes to the uid and/or gid stay within the
range that we have allocated for this application zygote.
For application zygotes, we install the app_zygote seccomp
filter instead of the regular app filter; the only difference
between this filter and the app one is that it allows
setuid/setgid calls.
To further limit this, pass down the allocated UID range to the
Zygote itself, which in turn installs an additional seccomp
filter that restricts setuid/setgid calls to this range.
The actual calls into seccomp are commented out until the seccomp
changes are merged; to avoid catastrophe, this will leave the
regular app filter for the app_zygote, which is more restrictive
and doesn't allow setuid at all.
Bug: 111434506
Test: atest CtsSeccompHostTestCases passes
Change-Id: I112419629f5ee4774ccbf77e2b1cfa5ddcf77e73
This metadata, if present, will be authenticated (but unencrypted)
together with the application key material.
Bug: 112191661
Test: atest FrameworksCoreTests:android.security.keystore.recovery
atest FrameworksServicesTests:com.android.server.locksettings.recoverablekeystore
atest -m RecoveryControllerHostTest RecoverableKeyStoreEndtoEndHostTest RecoverySessionHostTest
Change-Id: I2846952758a2c1a7b1f0849e1adda1f05a3e305e
Switch to new per-UID CPU concurrent active, concurrent cluster, and
per-frequency time readers added in ag/5516062, used to read CPU times
info from the kernel via proc files in order to calculate per-UID CPU
power consumption.
These readers acquire constant amount of memory space during the first
read, thus do not leave garbage over time. Also, they read the text
version of these CPU time proc files, instead of the binary version
introduced in P, encouraging all kernels to implement a standard
human-readable CPU time proc interface:
* /proc/uid_time_in_state
* /proc/uid_concurrent_active_time
* /proc/uid_concurrent_policy_time
* /proc/uid_cputime/show_uid_stat
Remove old readers that read the binary version, since they are no
longer in use.
Bug: 111216804
Test: atest FrameworksCoreTests:com.android.internal.os.BatteryStatsTests
Test: verified that it works end to end. BatteryStats dumpsys output is
similar to proc file output.
Change-Id: Iaa1321e1facabece1c777eaeb79187cf081436ae
