RoleManager likes to terminate apps when roles are changed which does
not work in CTS tests. We need to use a temp override in Telecom
for now.
Test: Run the CTS tests over, and over and over again.
Bug: 131065482
Change-Id: Id36942f2813abdfa0020ce4805c492a69bd07d0e
(cherry picked from commit 509ef150f2)
When built as part of the system, the network stack and the
captive portal login app should have the BYPASS_PRIVATE_DNS
and CONNECTIVITY_USE_RESTRICTED_NETWORKS permissions.
These are necessary to validate restricted networks, bypass VPNs,
bypass private DNS for captive portal login, etc. Add these
permissions to privapp-permissions-platform.xml.
When installed as mainline modules that cannot use signature
permissions, the modules get this ability by virtue of having the
MAINLINE_NETWORK_STACK permissions.
Additionally, add the CONNECTIVITY_USE_RESTRICTED_NETWORKS
permission to the captive portal login app manifest, which did
not contain it.
Bug: 129789428
Test: builds, boots
Test: dumpsys package shows permissions
Change-Id: I632359f7eff09fed71167733ac75824a5aa57894
Merged-In: I632359f7eff09fed71167733ac75824a5aa57894
(cherry picked from commit 109dbf9c05)
Fixed by granting START_ACTIVITIES_FROM_BACKGROUND
to the cell broadcast receiver.
Test: Manual
Bug: 130384940
Change-Id: Ie563a8f11ac991ab9568f65df6a4d14eebe47c5e
If an app can access the fine location it can obviously also access the
coarse location. There is code inside checkPermission that encapsulates
the logic.
This code fixes two issues:
- checkPermission might return for the coarse location even though the
permission is not even mentioned in PackageInfo.requestedPermissions.
Now the coarse location is always added to requstedPermissions when
the fine location is in the manifest even if the app does not have
the coarse location in the manifest
- If the app requests the fine location only we might unintentionally
kill the requesting app.
1. App does not have any permissions granted
2. App request FINE_LOCATION
3. Permission controller reads (and caches) permission state: FINE=revoked,
COARSE=revoked
4. User grants FINE_LOCATION -> Perm controller updates internal
state: FINE=revoked, COARSE=revoke
5. Perm controller applies FINE_LOCATION state to the system
6. Perm controller looks as COARSE and checks if it is granted.
Because it is implied, it now shows up as granted. Hence perm
controller will try to revoke it which kills the app
The solution is that it will be impossible to only request
FINE_LOCATION by itself. This change will automatically add requesting
COARSE_LOCATION, whenever FINE_LOCATION is requested
Fixes: 130358762
Test: Reproduced scenario in bug 130358762
Change-Id: I217c0b23063617f60b98c805af1d122a6ec0608e
Creates Dark Theme tile and adds it to the default config,
under the fold.
Test: manually toggle tile
Fixes: 130253100
Change-Id: I2859d2eb20db1c6d9dd8e8e24979294316b905bb
- Also remove typed media permissions
- Leave typed media app-ops
Bug: 129716569
Test: Used apps, looked at permissions in the UI
Change-Id: If7714fb1a6955584157e1a60ab72b09e35287827
Add NETWORK_SCAN to shell permissions to enable CTS testing of the
network scan changes
Bug: 126779616
Test: CTS
Change-Id: I1f75c9005620b3b0e06f066677cba6190f1d266c
The app is moving to /product, to separate out its permission
grants to a separate file and move that file to /product as well.
Bug: 122353713
Test: boot aosp_arm64 emulator
Change-Id: Ic165aae180a002c3566e3c1b1495a1d50dfd0e4a
This app will pretend to be the Settings app when sending
location access notifications.
Bug: 128608303
Test: boot
Change-Id: I447510bbe323f3de40828a5cb4a37abe1c44c990
Add Shell permission for new CTS tests to test the multi-display
functionality in WallpaperService/WallpaperManagerService.
Bug: 123707989
Test: atest WallpaperManagerMultiDisplayTests
Test: atest ActivityManagerMultiDisplayTests
Change-Id: Id97db050a0b9d1940c2dfaa793fbe526df578105
This change adds PACKET_KEEPALIVE_OFFLOAD to shell, which allows
shell or code with shell permission identity to use privileged
tcp keepalive offload API.
Bug: 114151147
Test: -atest ConnectivityManagerTest#testCreateTcpKeepalive
-build, flash, boot
Change-Id: Ib6660a5eaa72f83042596481452be4d415383f02
Some API changes per API reivew:
- Move DynamicAndroidClient and ~Manager to android.os.image.
- Rename them to DynamicSystemClient and ~Manager.
- Rename permission MANAGE_DYNAMIC_ANDROID to MANAGE_DYNAMIC_SYSTEM
- Corresponding changes in the installation service.
- Corresponding changes in privapp-permissions-platform.xml.
- Add missing annotations.
- Change setOnStatusChangedListener's parameters order.
- Improve documentations.
- Re-generate api/system-current.txt.
Bug: 126613281
Test: adb shell am
Change-Id: Ia920e9ccf6de1dbbd38c52910cb72cb81b9b5b32
This reverts commit 38ea50c63e.
Revert and clean up merge conflicts. The checkbox which asks
to remove app data is still here
Fixes:112002130
Test: Build and check that the correct box is gone
atest CtsPackageUninstallTestCases
Change-Id: I47d8632d2fca360c02151ad54a4b927a5c2801f1
Shell app needs the permission when we run KeyguardManager CTS for
allowing private notifications as a privileged app.
Bug: 127351183
Test: m -j
Change-Id: I199bac8c8fed9ff0fc63b8c62f8002a6b273b28f
- Pre-Q apps use the legacy READ/WRITE_EXTERNAL_STORAGE permissions
- Post-Q apps use the READ_MEDIA_* permissions
- Grandfathered Q apps have all storage permission granted fixed. In the
UI they show only the legacy storage permissions
- The OP_LEGACY_STORAGE controls whether an app is grandfathered
Data providers should check both old and new permission model as
permissions that are not used are set as granted.
Test: atest CtsPermissionTestCases:android.permission.cts.DualStoragePermissionModelTest
Fixes: 126785920
Change-Id: I668530e62125d95f122a94ae39f17007391bcaa5
Set the new name to com.android.networkstack. Also rename the stub APK
to com.android.networkstack.permissionstub.
Also add shared UID to the NetworkStackPermissionStub to enforce
signature restrictions on the UID.
Test: booted, WiFi working
Bug: 124033493
Change-Id: Id8967db08b7faaa659b20f86f1013493eb0e188f
This is needed if internal component wants to listen to
precise call state change.
Bug: 117980553
Test: unittest
Change-Id: Id5a60519cbf1d724f939fc10b1f03cccfe5c1b5c
Merged-In: Id5a60519cbf1d724f939fc10b1f03cccfe5c1b5c
Replace with INTERACT_ACROSS_USERS, which is needed to send the
ACTION_NETWORK_CONDITIONS_MEASURED broadcast.
Also cleanup some non-privileged permissions that were added to the
priv-app file.
Test: built, booted, broadcast and captive portal login work
Bug: 123846255
Change-Id: I3c97c166e80c19bf57fa047709c8b91fca75d635
