Autofill helps users fill credentials, addresses, payment methods,
emails, etc without manually typing. When focus lands on a fillable
element the platform captures a snapshot of the screen content and
sends it to an autofill service for analysis and suggestions. The
screen snapshot is a structured representation of the screen content.
If this content is composed of standard widgets, autofill works
out-of-the-box. However, some apps do their own rendering and
the content in this case looks like a single view to the platform
while it may have semantic structure. For example, a view may render
a login page with two input test fields.
The platform exposes APIs for apps to report virtual view structure
allowing autofill services to handle apps that have virtual content.
As opposed to apps using standard widgets, this case requires the app
developer to implement the new APIs which may require a fair amount
of code and could be seen as a processes that could take some time.
The most prominent typs of apps that fall into this category are
browsers.
Until most apps rendering virtual content and specifically browsers
don't implement the virutal APIs, autofill providers need to fall-
back to using the accessibliity APIs to provide autofill support
for these apps. This requires developers to work against two sets
of APIs - autofill and accessibility - which is incovenient and error
prone. Also, users need to enable two plugins - autofill and
accessibility which is confusing. Additionally, the privacy and
perfomance impact of using the accessibility APIs cannot be addressed
while autofill providers need to use thes APis.
This change adds an autofill compatibility mode that would allow
autofill services to work with apps that don't implement the
virtual structure autofill APIs. The key idea is to locally enable
accessibility for the target package and remap accessibility to
autofill APIs and vise versa. This way an autofill provider codes
against a single set of APIs, the users enable a single plugin,
the privacy/performance implications of using the accessibility
APIs are addressed, the target app only takes a performance hit
since accessibility is enabled locally which is still more efficient
compared to the performance hit it would incur if accessibility is
enabled globally.
To enable compatibility mode an autofill service declares in its
metadata which packages it is interested in and also what is
the max version code of the package for which to enable compat
mode. Targeted versioning allows targeting only older versions of
the package that are known to not support autofill while newer
versions that are known to support autofill would work in normal
mode.
Since compatibility mode should be used only as a fallback we
have a white list setting with the packages for which this mode
can be requested. This allows applying policy to target only
apps that are known to not support autofill.
Test:
cts-tradefed run cts-dev -m CtsAutoFillServiceTestCases
cts-tradefed run cts-dev -m CtsAccessibilityServiceTestCases
bug:72811034
Change-Id: I11f1580ced0f8b4300a10b3a5174a1758a5702a0
The majority of Manager-style classes already use Context.getUserId()
when making calls into the OS, so clean up the remaining callers to
unify behind this strategy.
This gives @SystemApi developers a nice clean interface to interact
across user boundaries, instead of manually adding "AsUser" or
"ForUser" method variants, which would quickly become unsustainable.
Test: builds, boots
Bug: 72863821
Exempt-From-Owner-Approval: trivial changes
Change-Id: Ib772ec4438e57a2ad4950821b9432f9842998451
openWrite() and openRead() are very flexible APIs, but their design
means they can't take advantage of the recent FileUtils.copy()
optimizations that leverage in-kernel copying.
So add new write() and read() methods where the untrusted caller
hands an FD into the OS, and then PackageInstaller drives the actual
copying process, allowing it to use FileUtils.copy() to speed
up the copying process. (Local benchmarks are showing a 24% speed
improvement.)
We still create a FileBridge to protect the session while an active
copy is happening.
Test: bit FrameworksCoreTests:android.os.FileUtilsTest
Test: vogar --mode app_process --benchmark frameworks/base/core/tests/benchmarks/src/android/os/FileUtilsBenchmark.java
Bug: 71932978, 25510838
Change-Id: Icc237b4c0f80d5d24b74a30f238b7fe505b856ce
In order to tune the API lists, we initialize the light greylist with
APIs we know are used by popular apps. All the other private APIs are
moved into dark greylist. Light greylist will be set to not warn at
all, while dark greylist will produce warnings. This will allow us to
collect logs and tune the lists without breaking all of our dogfooders.
Bug: 64382372
Bug: 72793280
Test: make
Change-Id: Ice6c487eeca8900e6a70abe1b87e8c211ef1066e
This reverts commit 860b8ba719.
The original change that was reverted contained a bug that allowed an
http view/browsable intent used to query for browsers to be considered
as a candidate for instant apps. This was resulting in an attempt to
bind to the instant app resolver while holding a lock on mPackages.
This change ensures that PMS doesn't bind while checking for the browser
status of a package in both the instant app filtering code and by adding
the FLAG_IGNORE_EPHEMERAL to the canonical browser intent.
Reason for revert: Applying fix
Change-Id: I4896b3a15416a11fdc3f6c191e552c4ce8963623
Fixes: 63117034
Fixes: 71916178
Test: Manual using test app at google_experimental/users/patb/InstantAppsInP
Test: atest android.appsecurity.cts.EphemeralTest passes after modification
This reverts commit 5564f880db.
Reason for revert: Resolve merge conflict for another revert (ag/3537193)
Bug: 72710855
Change-Id: Id7c3a3993a45c588ee4668d7486d67d764541b1e
Change certificate checks to also consider the possibility of
signing certificate rotation by checking the
SigningDetails#pastSigningCertificates field. In particular, add a
SigningDetails#checkCapability method which reports whether or not
the older SigningDetails is an ancestor of the current one, and
queries whether or not the old one has been granted capabilities,
such as being a sharedUser.
Bug: 64686581
Test: Builds, boots, browser and camera work, all with v3 signing.
Change-Id: I4199ff3f2d9ae959325b117b28e666ae31889800
This change removes deprecated classes and constants that were not
renamed from ephemeral to instant prior to O. There were no
consumers of these APIs as correctly named alternatives existed and were
referenced in docs. No known consumers of these APIs exist on user
builds.
Fixes: 38137176
Fixes: 38121489
Test: manual; builds and instant apps launch
Change-Id: I982f8a6edc5668dd42cea65e52a1433ec8d6f8ef
Bug: 63117034
Change-Id: Ie3818e913e8e1077f60434a626bc606c0b5015ab
Test: Manual using test app at google_experimental/users/patb/InstantAppsInP
Test: atest android.appsecurity.cts.EphemeralTest passes after modification
This makes the runtime handling of the android.test.base library
conditional based on a build flag REMOVE_ATB_FROM_BCP.
When REMOVE_ATB_FROM_BCP=true:
* The framework-atb-backward-compatibility is added to the
bootclasspath instead of android.test.base.
* Any APK that targets pre-P (or has a dependency on android.test.runner)
has android.test.base added to their library list.
Otherwise:
* The android.test.base library is added to the bootclasspath.
* Any APK that explicitly specifies that it depends on the
android.test.base library has the library removed as the classes
are available at runtime.
Added android.test.base to platform libraries so it can be used when
not on the bootclasspath.
Tested both cases by building with or without the build flag, flashing,
setting up, adding an account, adding a trusted place.
Also, tested that all combinations of REMOVE_ATB_FROM_BCP and
REMOVE_OAHL_FROM_BCP work.
adb install -r -g out/target/product/marlin/testcases/FrameworksCoreTests/FrameworksCoreTests.apk
adb shell am instrument -w -e class android.content.pm.PackageBackwardCompatibilityTest,android.content.pm.AndroidTestRunnerSplitUpdaterTest,android.content.pm.OrgApacheHttpLegacyUpdaterTest,android.content.pm.RemoveUnnecessaryOrgApacheHttpLegacyLibraryTest,android.content.pm.RemoveUnnecessaryAndroidTestBaseLibraryTest,android.content.pm.AndroidTestBaseUpdaterTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Bug: 30188076
Test: as above
Change-Id: I4b9d8a5bed6787cd334c2b13a458bbc0efc3f3b6
An upcoming change will add another library that needs to be
added for backwards compatibility. Merging the tests for those into the
existing test class makes it much harder to see and the tests start to
overlap, i.e. some tests will test more than one aspect which makes
maintenance more difficult and debugging more complex.
This splits the test methods in PackageBackwardCompatibilityTest out
into separate tests for the different PackageSharedLibraryUpdater
implementations into their own classes and simply tests that the
PackageBackwardCompatibility class uses the correct implementations.
This allows each PackageSharedLibraryUpdater to provide comprehensive
tests for their own behavior without affecting tests for the other
classes.
The OrgApacheHttpLegacyUpdaterTest only runs if the
OrgApacheHttpLegacyUpdater class is on the classpath. That is done
using OptionalClassRunner which is a custom JUnit Runner that runs the
tests in a class iff a specific class is present. Otherwise, it behaves
as if the class had a single test that made an invalid assumption.
Tested by building with and without REMOVE_OAHL_FROM_BCP=true and then
running the following:
adb install -r -g out/target/product/marlin/testcases/FrameworksCoreTests/FrameworksCoreTests.apk &&
adb shell am instrument -w -e class android.content.pm.PackageBackwardCompatibilityTest,android.content.pm.AndroidTestRunnerSplitUpdaterTest,android.content.pm.OrgApacheHttpLegacyUpdaterTest,android.content.pm.RemoveUnnecessaryOrgApacheHttpLegacyLibraryTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Bug: 18027885
Test: as above
Change-Id: Idd1a343d234a57d518010c5a79030cbd7682e0c1
putExtra()" to "the value of an item previously added with putExtra(),"
Test: make ds-docs
Bug: 1429953
Change-Id: Ided080aea7686e7a711376fa380c41027b71b1d3
* changes:
Added the reply draft as an extra to the content intent
Launching notification settings correctly inline
Launching Notification animations inline
This CL will support the followings.
- installing a RRO package for framework from /product/overlay
- installing apps from /product/app
- installing priv-apps from /product/priv-app
- installing permissions from
/product/etc/[default-permissions|permissions|sysconfig]
Bug: 64195575
Test: `mm` under frameworks/base/tests/[libs|privapp]-permissions
adb sync && adb reboot
adb shell cmd package list libraries
=> confirmed com.android.test.libs.product library
adb shell cmd package dump \
com.android.framework.permission.privapp.tests.product
=> confirmed that the package is a priv-app
And I moved vendor/overlay/framework-res__auto_generated_rro.apk into
system/product/overlay/ on sailfish, and I confirmed that the RRO was
installed properly.
Change-Id: I16175933cebd9ec665d190cc5d564b5414a91827
