Require callers hold a new MANAGE_ROLLBACKS permission to interact with
the RollbackManager.
Bug: 112431924
Test: atest RollbackTest, with new test for permissions added,
and with selinux in permissive mode.
Test: atest CtsPermission2TestCases:PermissionPolicyTest
Change-Id: I73f4f3457d85be580670cd69c89066d2cc348186
1. decouple disconnectCause and preciseDisconnectCuase from
preciseCallState.
2. expose preciseCallState to SystemAPI and expose
onPreciseCallStateChanged to System API
3. remove/hide ImsReasonInfo from PreciseDisconnectCuase
4. expose DiconnectCuase and PreciseDisconnectCause to System API
5. new onDisconnectCauseChanged API on PhoneStateListener for CS call
and use ImsCallSessionListener for IMS call(imsreasonInfo)
6. add read_precise_phone_state to shell apk to enable GTS test
Bug: 119890559
Test: atest GtsGmscoreHostTestCases:TelephonyHostTest#testPhoneStateListener
Change-Id: If9256feff16b6bcaef1dfe194c2b0df2a48436b0
If a system component calls to a remote provider, and that provider
hangs, we end up burning that Binder thread until the remote process
is killed for some unrelated reason.
This change adds an API to detect these hangs, and kill the remote
process after a specific timeout, but only when the caller holds a
permission that lets them kill other apps.
Bug: 117635768
Test: atest android.content.cts.ContentResolverTest
Change-Id: I81b0d993d9d585cdeb5e2559c68052ba6cbbced9
Bunch of changes:
- Split public SmartSuggestionsService info ContentCaptureService and
AugmentedAutofillService
- Renamed 'intelligence' packages to either 'contentcapture' or
'autofil.augmented'
- Renamed internal packages and classes.
- Changed permissions, resource names, etc...
- Moved Augmented Autofill logic from IntelligeceManagerService (R.I.P.) to
Autofill.
- Optimized IPCs by passing a String instead of the InteractionSessionId
(that also solves the view -> service dependency).
Test: atest CtsContentCaptureServiceTestCases \
CtsAutoFillServiceTestCases \
FrameworksCoreTests:SettingsBackupTest
Test: manual verification with Augmented Autofill Service
Bug: 119638877
Bug: 117944706
Change-Id: I787fc2a0dbd9ad53e4d5edb0d2a9242346e4652d
This change adds the MANAGE_ROLE_HOLDERS permission to shell, which
allows shell or code with Shell permission identity to use privileged
RoleManager APIs.
Bug: 110557011
Test: build
Change-Id: I6b8be9eec2a1dfb169536cfcda9d21cb802df327
This creates the PowerManager APIs that allow apps with the
appropriate permissions to interact with Dynamic Power Saver.
Bug: 111450127
Test: WIP
Change-Id: I5b9483fa0fba81a4ade622b1f3dbaec580b68a67
A lot of CTS tests involve the clipboard and making all of them input
focus is somewhat wasteful and invasive, instead we will adopt the
shell's permissions when relevant.
Test: atest ClipboardManagerTest
Bug: 6229949
Change-Id: I10f07e89b0baead625464c2afd5da1e229a45473
This splits the
- review permissions
- individually control permissions
- consent to manage wireleess (wifi + bluetooth)
properties.
Almost all code cares only for the first and it is now always true.
Hence a lot of code can be simplified.
Bug: 110431654
Test: atest PermissionsHostTest
started pre-M app
Change-Id: I733cd476ccd0bf5eaa59e9a9506db34f57c6baee
Since this permission protects system apis, this is required for
instrumentation tests.
Test: atest com.google.android.suspendapps.gts.SuspendPackagesTest
Bug: 79773970
Change-Id: Ib283018c50cc19c3958bd61e2d19befbf2805cc5
Add a new internal permission required to disable hidden API checks using
"am instrument". Grant this permission to the shell.
Test: $ adb shell am instrument --no-hidden-api-checks mypackage/.MainInstrumentation
Bug: 64382372
Change-Id: I193dba412560f17810ad0c67c733a1eec15fa7b7
- Fix issue with testFinishPipActivityWithTaskOverlay failing due to
new permission check in the system
Bug: 71716434
Test: atest CtsActivityManagerDeviceTestCases:ActivityManagerPinnedStackTests#testFinishPipActivityWithTaskOverlay
Change-Id: Ifbcd6c182d928f5aa5372d2db9fa71a142dc8474
Add a new platform-only permission for being able to change
app ops mode, so nothing outside of the platform can do this.
Bug: 62342672
Test: Booted, ran, settings works, shell works, apps install
Change-Id: I372e649c019a8f9b95919ff0da6f56612d7061c2
Now requires permission if targeting P.
Note that this is a separate permission from the existing one
that is required for instant apps to use foreground services. The
reason for this is that their semantics are different (the instant
apps permission is associated with an app op for control over what
the app is allowed, while the regular app permission is just a
normal permission that is always granted and only there for
auditing of apps), and there are probably going to be cases where
a developer will want to use a foreground service in the full
version of their app but not as an instant app.
Bug: 72116995
Test: atest CtsAppTestCases
Change-Id: I883c9515c307ed8e39f0bf888c4045944c8183ac
These commands allow a user to set the time and the timezone
from the shell. The shell now has signature|privileged
SET_TIME and SET_TIME_ZONE permissions.
Bug: 67751701
Test: manual - correctly sets the time and timezone from unrooted adb.
Change-Id: I1d2820fd7dadd8b1f3900c0592eb28210370ce88
Follow-up to ag/3614843 where we started to enforce the permission in
window manager.
Bug: 67109817
Test: builds
Change-Id: Id5712d2ed4c537da3a443f9c51aa15e3c84d670b
System singed components can watch for starting/finishing of
long running app ops. Also protected the APIs to watch op mode
changes with a singature permission for the cross-uid use case.
Test: atest com.android.server.appops.AppOpsActiveWatcherTest
bug:64085448
Change-Id: Id7fe79ce1de4c5690b4f52786424ec5a5d9eb0fa
Skip Bluetooth consent UI if running on shell, also fix a typo in log message.
Test: Manual test running `adb root; adb shell service call bluetooth_manager 6` and see if BT is on without consent UI.
Bug: 69872231
Change-Id: Ie513794a7fc13041259fd84734bfc651495ba5cf
Now requires permission if targeting P.
Note that this is a separate permission from the existing one
that is required for instant apps to use foreground services. The
reason for this is that their semantics are different (the instant
apps permission is associated with an app op for control over what
the app is allowed, while the regular app permission is just a
normal permission that is always granted and only there for
auditing of apps), and there are probably going to be cases where
a developer will want to use a foreground service in the full
version of their app but not as an instant app.
Bug: 72116995
Test: atest CtsAppTestCases
Change-Id: I95afb7185742b82c525e775ca20bb36015510b43
Now requires permission if targeting P.
Note that this is a separate permission from the existing one
that is required for instant apps to use foreground services. The
reason for this is that their semantics are different (the instant
apps permission is associated with an app op for control over what
the app is allowed, while the regular app permission is just a
normal permission that is always granted and only there for
auditing of apps), and there are probably going to be cases where
a developer will want to use a foreground service in the full
version of their app but not as an instant app.
Bug: 72116995
Test: atest CtsAppTestCases
Change-Id: If5a79e7ed5ab9e0edc77410315eb4d2df8ac850b
If a UID is idle (being in the background for more than
cartain amount of time) it should not be able to use the
camera. If the UID becomes idle we generate an eror and
close the cameras for this UID. If an app in an idle UID
tries to use the camera we immediately generate an error.
Since apps already should handle these errors it is safe
to apply this policy to all apps to protect user privacy.
Test: Pass - cts-tradefed run cts -m CtsCameraTestCases
Added - CameraTest#testCameraAccessForIdleUid
Change-Id: If6ad1662f2af6592b6aca1aeee4bd481389b5e00
To protect user's privacy if a UID is in an idle state we allow
recording but report silence (all zeros in the byte array) and once
the process goes in an active state we report the real mic data.
This avoids the race between the app being notified aboout its
lifecycle and the audio system being notified about the state
of a UID.
Test: Added - AudioRecordTest#testRecordNoDataForIdleUids
Passing - cts-tradefed run cts-dev -m CtsMediaTestCases
-t android.media.cts.AudioRecordTest
bug:63938985
Change-Id: I8b0a0889c4aee07f4e1d3c7e4cee0821f2f8cd91
Idle UIDs are ones that were in the background for long enough time.
Currently such apps can access sensor data even though they have no
user perceptible components running. This affects the user's privacy
since an app in the background can use sensor data to infer location,
activity, habbits, etc.
The goal is to restrict sensor access for all apps in the ecosystem
regardless of target SDK which means the solution should be backwards
compatible. At the high level the sesnor service observes UID state
changes and applies policy like this:
Continuous sensors: for sensros in this reporting mode when the UID
goes in the background we will stop dispatching events. Once the UID
goes active we will start reporting the events. While this is an
app visible behavior change we would rather do that vs delivering
fake events.
Flush events: there is no change in behavior based on the UID state.
Hence, idle apps can request a flush and would get the completion
callback. From an app perspective flushing works at any point.
Trigger events: for sensors in this reporting mode when the UID
goes in the background we will not report any trigger events. From
an app perspective the sensor just did not pick up any events.
On-change events: for sensors in this reporting mode when the UID
goes in the background we will not report any change events. From
an app perspective the sensor just did not pick up any events.
Wake locks: since UIDs in idle state cannot acquire wakelocks we
will not be grabbing a wakelock on behalf of apps in that state.
Test: Added - SensorTest#testSanitizedContinuousEventsUidIdle
Added - SensorTest#testBatchAndFlushUidIdle
Pass - cts-tradefed run cts-dev -m CtsSensorTestCases
bug:63938985
Change-Id: Iee73dc034f5fe7fbea789a3b60db4290757c5052
We recently created a new GID that can be granted to critical system
processes, so that the system is usable enough for the user to free
up disk space used by abusive apps.
Define a permission for the GID so we can grant it to system apps,
and add the GID to core apps needed for system stability. (The list
was mostly derived from filling a disk and seeing what caused the
device to fall over.)
Test: builds, boots
Bug: 62024591
Change-Id: Icdf471ed3bed4eeb8c01f1d39f0b40c1ea098396
This change adds a special flag when binding to a service to request
instant apps to be considered as well (assuming the caller has the
permission to see instant apps). This flag is scoped only for the
platform to use and is intended only for development and testing.
Specifically, we have a class of CTS tests that has tests plus service
in the same APK (accessibility, printing, autofill, any other plugin
based sub-system).
Instead of doing the tediuous work split all these into one APK with
tests and one with the services where the latter exposes a remote
interface to the former, we will be adding shell commands to the
dedicated sub-system to allow temporary binding to plugins provided
by instant apps. The goal is not validating the plugin behavious,
rather a working plugin is required to test app side funcionality.
This change adds a shell command to allow the a11y manager serivce
to bind to plugins provided by instant apps. This is required to
be able to run relevant CTS test cases in instant mode.
Test: cts-tradefed run cts-dev -m CtsAccessibilityTestCases
cts-tradefed run cts-dev -m CtsAccessibilityServiceTestCases
Bug: 70978575
Change-Id: Ifced735a9a6e495747372dd8b00fdd64933a09c7
Without this change, `lowpanctl`, the command line tool for managing
LoWPAN networks, won't be able to work properly.
Cherry-picked from commit 1b730e4bd2c8e03d2a9bf041a4acd6fd6c0467f1.
Bug: b/65490659
Test: Manually
Change-Id: Ie44bac5c3bdc956dc2b1e79284ad18eae6931a32
This is needed for calling AM.registerUidObserver.
Fixes: 64400666
Test: cts-tradefed run singleCommand cts-dev -m CtsAppTestCases -t \
android.app.cts.ActivityManagerProcessStateTest
Change-Id: I4f500d0d8d516b6b8961ea2f8c083add3ae949a9
Add wifi-related permissions to the shell's manifest.
Bug: 64683466
Test: manually verified wifi can be toggled when airplane mode is active
Change-Id: I790ab5fc01f5c76fd98dedae4b9bfe88ecb48f69
1. Added permission ACTIVITY_EMBEDDING which allows apps to launch
activities on virtual displays.
2. Allow owner of display to launch activities from same app without
permission check to owned display.
3. Added permission checks for launching on secondary displays to
more target task/stack resolution paths in ActivityStarter.
Bug: 63117330
Test: android.server.cts.ActivityManagerDisplayTests
Test: go/wm-smoke
Change-Id: If169a77fb56241e06f7de20168dc38c4b0a217f5
(cherry picked from commit 7158764983)
It already has CLEAR_APP_USER_DATA to clear everything inside app
storage, and clearing cached data is a subset of that.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 36731175
Change-Id: Iefc5be6c80e2562a95424fd6fe413bdb018201a9
Some of the Vr APIs in VrManagerService need to be accessed via shell to
be used for testing and for easy access. Add
android.permission.RESTRICTED_VR_ACCESS to shell uid.
Bug: 36071574
Test: adb shell vr set-persistent-vr-mode-enabled true
adb shell dumpsys vrmanager
>> Persistent VR mode is currently: enabled
adb shell vr set-persistent-vr-mode-enabled false
adb shell dumpsys vrmanager
>> Persistent VR mode is currently: disabled
Change-Id: I486fa19f93d5c6999aa479fdf7e5f2f48f765240
Signed-off-by: Karthik Ravi Shankar <karthikrs@google.com>
- The task overlay activity should only exist when there are activities
present in the task. When the last such activity is finished, we should
remove the whole task entirely including the task overlay.
- Exposing the task overlay apis to CTS
Bug: 36507456
Test: android.server.cts.ActivityManagerPinnedStackTests
Test: #testFinishPipActivityWithTaskOverlay
Change-Id: I1dabe7782fb6769a90d832664e8052be158041e1
