Autofill helps users fill credentials, addresses, payment methods,
emails, etc without manually typing. When focus lands on a fillable
element the platform captures a snapshot of the screen content and
sends it to an autofill service for analysis and suggestions. The
screen snapshot is a structured representation of the screen content.
If this content is composed of standard widgets, autofill works
out-of-the-box. However, some apps do their own rendering and
the content in this case looks like a single view to the platform
while it may have semantic structure. For example, a view may render
a login page with two input test fields.
The platform exposes APIs for apps to report virtual view structure
allowing autofill services to handle apps that have virtual content.
As opposed to apps using standard widgets, this case requires the app
developer to implement the new APIs which may require a fair amount
of code and could be seen as a processes that could take some time.
The most prominent typs of apps that fall into this category are
browsers.
Until most apps rendering virtual content and specifically browsers
don't implement the virutal APIs, autofill providers need to fall-
back to using the accessibliity APIs to provide autofill support
for these apps. This requires developers to work against two sets
of APIs - autofill and accessibility - which is incovenient and error
prone. Also, users need to enable two plugins - autofill and
accessibility which is confusing. Additionally, the privacy and
perfomance impact of using the accessibility APIs cannot be addressed
while autofill providers need to use thes APis.
This change adds an autofill compatibility mode that would allow
autofill services to work with apps that don't implement the
virtual structure autofill APIs. The key idea is to locally enable
accessibility for the target package and remap accessibility to
autofill APIs and vise versa. This way an autofill provider codes
against a single set of APIs, the users enable a single plugin,
the privacy/performance implications of using the accessibility
APIs are addressed, the target app only takes a performance hit
since accessibility is enabled locally which is still more efficient
compared to the performance hit it would incur if accessibility is
enabled globally.
To enable compatibility mode an autofill service declares in its
metadata which packages it is interested in and also what is
the max version code of the package for which to enable compat
mode. Targeted versioning allows targeting only older versions of
the package that are known to not support autofill while newer
versions that are known to support autofill would work in normal
mode.
Since compatibility mode should be used only as a fallback we
have a white list setting with the packages for which this mode
can be requested. This allows applying policy to target only
apps that are known to not support autofill.
Test:
cts-tradefed run cts-dev -m CtsAutoFillServiceTestCases
cts-tradefed run cts-dev -m CtsAccessibilityServiceTestCases
bug:72811034
Change-Id: I11f1580ced0f8b4300a10b3a5174a1758a5702a0
The majority of Manager-style classes already use Context.getUserId()
when making calls into the OS, so clean up the remaining callers to
unify behind this strategy.
This gives @SystemApi developers a nice clean interface to interact
across user boundaries, instead of manually adding "AsUser" or
"ForUser" method variants, which would quickly become unsustainable.
Test: builds, boots
Bug: 72863821
Exempt-From-Owner-Approval: trivial changes
Change-Id: Ib772ec4438e57a2ad4950821b9432f9842998451
This command fetches the most recent batch of the logs
and makes them available to the DPC. Primary purpose is
to make security logging testable in CTS without having
to either wait for 2 hours or relying on implementation
details.
To prevent the user from abusing the command and
annoying the DPC, it is throttled if run more than once
per 10 seconds. Waiting happens in Dpm command.
Test: adb shell dpm force-security-logs
Bug: 70886042
Bug: 62251154
Change-Id: Ic5acd5a3e5c3b060881385c472df2b972961b626
Also extend API to accept a "count" argument of exactly how many
bytes to copy, and return the actual number of copied bytes.
Improve docs.
Test: bit FrameworksCoreTests:android.os.FileUtilsTest
Test: vogar --mode app_process --benchmark frameworks/base/core/tests/benchmarks/src/android/os/FileUtilsBenchmark.java
Bug: 71932978
Change-Id: I8d255e4f97462838c02a8ecb6d2d221188c4eff0
This reverts commit 860b8ba719.
The original change that was reverted contained a bug that allowed an
http view/browsable intent used to query for browsers to be considered
as a candidate for instant apps. This was resulting in an attempt to
bind to the instant app resolver while holding a lock on mPackages.
This change ensures that PMS doesn't bind while checking for the browser
status of a package in both the instant app filtering code and by adding
the FLAG_IGNORE_EPHEMERAL to the canonical browser intent.
Reason for revert: Applying fix
Change-Id: I4896b3a15416a11fdc3f6c191e552c4ce8963623
Fixes: 63117034
Fixes: 71916178
Test: Manual using test app at google_experimental/users/patb/InstantAppsInP
Test: atest android.appsecurity.cts.EphemeralTest passes after modification
We use the approach of outsetting the stack bounds and then
insetting windows which don't have surfaceInsets by said outsets.
Test: Manual. go/wm-smoke
Bug: 72657549
Change-Id: I9ac7e13ec696f88f02794175d0d44ac870f91d33
In order to not spam users with warning toasts, add a boolean flag
that guards the displaying of a warning message about hidden API
usage and is set after the first time a message is shown.
Bug: 64382372
Test: manual
Change-Id: If7ea995ddf4727a15eccf55dad42ef7775b1fc91
This reverts commit 5564f880db.
Reason for revert: Resolve merge conflict for another revert (ag/3537193)
Bug: 72710855
Change-Id: Id7c3a3993a45c588ee4668d7486d67d764541b1e
This CL switches order of onSaveInstanceState and onStop
callbacks for app that target P+. Now activity state will
be saved after onStop.
Bug: 68763258
Test: Manual
Change-Id: If0410cbfe7920bfff9e3b9fd8879646c5622cb33
This change removes deprecated classes and constants that were not
renamed from ephemeral to instant prior to O. There were no
consumers of these APIs as correctly named alternatives existed and were
referenced in docs. No known consumers of these APIs exist on user
builds.
Fixes: 38137176
Fixes: 38121489
Test: manual; builds and instant apps launch
Change-Id: I982f8a6edc5668dd42cea65e52a1433ec8d6f8ef
When trying to listen to slices without permission before hand, it
would previously crash. Now it works properly with the grant dialog
and whatnot.
Test: uiservicestests
Bug: 68751119
Change-Id: I3aedab9c75ac8486026723dea5c93ee950995295
We need this so that Settings can check if an app is
restricted by admin from using metered data.
Bug: 63700027
Test: manual
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I9a2ea9c458b0f10a3c3c6edcbe82da9eccaa51c3
Because onStop is guaranteed to be called when activity goes away
and onSaveInstanceState is always called before onStop (starting
with Honeycomb), we can execute these two callbacks together.
This CL consolidates all call points to stop the activity and
moves them to callActivityOnStop, which will also take care of
saving instance state.
Bug: 68325009
Bug: 68763258
Test: Manual
Change-Id: I1062c6be28581a7de7961babd55664640aaae359
