- DhcpClient only shares its handler with IpClient, and NetworkMonitor
has its own handler: remove Protocol.BASE_DHCP,
Protocol.BASE_NETWORK_MONITOR
- Remove dependency on Network.netid in NetworkMonitor
- Remove dependency on Sets.newArraySet in DhcpServingParams
- Remove dependency on formatDuration() in DhcpClient
- Replace isMetered() with hasCapability() in NetworkMonitor
- Use WifiManager.isScanAlwaysAvailable instead of reading setting
Test: atest FrameworksNetTests NetworkStackTests
Bug: 112869080
Change-Id: Ieef54d847ddc081fb33cbad0b050b06d2e52548e
This CL deprecates SuggestionSpan#ACTION_SUGGESTION_PICKED and related
constants [1].
There are multiple security concerns, open questions about
compatibility, and maintainance challanges in this protocol.
IME developers can implement their own suggestion picker UI on top of
CursorAnchorInfo API to achieve safer, should give more flexible UI
options, better security, and better compatibility.
[1]: Ia539de0acf66053e0349daec459d75e36805f6bf
f9f0100862
Fix: 123160396
Test: make -j checkbuild
Change-Id: I6d39e838ae47488055162cd44b5f553f68869b17
Since its bettining [1] notifyUserAction() has been implemented as an
async IPC method. This wasn't changed when I recently moved it from
IInputMethodManager to IInputMethodPrivilegedOperations [2].
However, mixing sync and async methods into the same Binder object is
known to be an anti-pattern. Although sending some signals in an
asynchronous manner would make sense, it should be done by converting
all the methods to async (with some result callbacks for operations
that need to receive responce) like we do so in IInputContext.aidl.
As for IInputMethodPrivilegedOperations, I think converting
notifyUserAction() from async to sync is acceptable because there are
already similar sync methods such as:
* setImeWindowStatus
* reportStartInput
* reportFullscreenMode
* updateStatusIcon
[1]: I11ed9a767588f8080753cd9bce011dac7db579ad
d7443c83ce
[2]: Icc1f9c7f530f0144ecfd460e86114e109ae0044e
c07fd4c284
Bug: 114159783
Test: Manually verified as follows
1. Build and flush aosp_taimen-userdebug into Taimen
2. make -j SoftKeyboard
3. adb install -r $OUT/system/app/SoftKeyboard/SoftKeyboard.apk
4. adb shell ime enable com.example.android.softkeyboard/.SoftKeyboard
5. Open AOSP Keyboard settings
6. Enable "English (US)", "French", and "German"
7. Open SoftKeyboard settings
8. Enable "English (United States)", "English (GB)"
9. Open the Dialer app and tap the top edit field.
10. Make sure that the IME layout rotation order when tapping the
globe key will be updated only when you tap the keyboard to enter
some character.
11. Also confirm it with "adb shell dumpsys input_method" by checking
"mSwitchingController:" section there.
Change-Id: I9d41f19e30f205acd4d257a105e285bd32288130
Apps that are already installed on the device before isolated_storage
feature is enabled will be granted MOUNT_EXTERNAL_LEGACY mode. In this
mode, /mnt/runtime/write will be mounted at /storage giving them same
level of access as in P.
A new mount directory /mnt/runtime/full is also created which will be
used for mounting at /storage for apps started with MOUNT_EXTERNAL_FULL
mode. This will allow apps with WRITE_MEDIA_STORAGE permission to
read/write anywhere on the secondary devices without needing to bypass
sdcardfs.
Bug: 121277410
Test: manual
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I4ec73276d7c586ae4afc482580d1eb8ee03d5be1
This is a follow up CL to our previous CL [1], which enabled spell
checker for background users. In that CL, we assumed that spell
checker user ID can and should always be determined by the calling
user ID. This assumption is not valid at least for direct-reply
notifications on System UI, because System UI always runs as user 0 no
matter who is the current active user.
In order to allow TextServicesManagerService (TSMS) connect to the
right user for such a special use case, this CL introduces a hidden
parameter "userId" to each IPC so that clients that have
INTERACT_ACROSS_USERS_FULL can override the target user ID when
necessary.
For instance, to interact with user 10's spell checker services, you
can obrain a special instance of TextServicesManager as follows.
TextServicesManager tsmForUser10 = context
.createPackageContextAsUser("android", 0, 10 /* userId */)
.getSystemService(TextServicesManager.class)
If the calling process does not belong to user 10, any operations on
that TextServicesManager will result in SecurityException unless the
calling package needs to have INTERACT_ACROSS_USERS_FULL.
This CL is just a preparation. There should be no user-visible
behavior change yet.
[1]: I06c27ef834203a21cc445dc126602c799384527b
06a2624049
Bug: 123043618
Test: spell checker still works
Change-Id: I31dda3ae8795190d44b0622b8335c34ddbc5dd48
This is a preparation to propagate the expected IME user ID from
direct-reply notification to InputMethodManagerService (IMMS).
When per-profile IME mode [1] is enabled, IMMS basically assumes that
the IME user ID should be determined by calling process's user ID.
This works for most of apps, but does not work for direct-reply hosted
in the System UI process, which always runs as user 0.
With this CL, client apps can explicitly specify the target IME user
ID by using @hide field in EditorInfo. For instance, to tell IMMS to
connect to user 10's IME, do this:
@Override
public InputConnection onCreateInputConnection(EditorInfo info) {
InputConnection ic = super.onCreateInputConnection(info);
info.targetInputMethodUser = UserHandle.of(10); // user 10
return ic;
}
The calling process will receive SecurityException if it does not
belong to user 10 and does not have INTERACT_ACROSS_USERS_FULL.
This CL is just a preparation. There should be no user-visible
behavior change yet.
[1]: Ied99664d3dc61b97c919b220c601f90b29761b96
a878b9500e
Bug: 120744418
Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases
Change-Id: Ia7ea944438d69669ccdf9111b34ba400e786a602
The application zygote can run untrusted user code; since it also
has the capability to change the uid/gid of the process, we need
to ensure that any changes to the uid and/or gid stay within the
range that we have allocated for this application zygote.
For application zygotes, we install the app_zygote seccomp
filter instead of the regular app filter; the only difference
between this filter and the app one is that it allows
setuid/setgid calls.
To further limit this, pass down the allocated UID range to the
Zygote itself, which in turn installs an additional seccomp
filter that restricts setuid/setgid calls to this range.
The actual calls into seccomp are commented out until the seccomp
changes are merged; to avoid catastrophe, this will leave the
regular app filter for the app_zygote, which is more restrictive
and doesn't allow setuid at all.
Bug: 111434506
Test: atest CtsSeccompHostTestCases passes
Change-Id: I112419629f5ee4774ccbf77e2b1cfa5ddcf77e73
This metadata, if present, will be authenticated (but unencrypted)
together with the application key material.
Bug: 112191661
Test: atest FrameworksCoreTests:android.security.keystore.recovery
atest FrameworksServicesTests:com.android.server.locksettings.recoverablekeystore
atest -m RecoveryControllerHostTest RecoverableKeyStoreEndtoEndHostTest RecoverySessionHostTest
Change-Id: I2846952758a2c1a7b1f0849e1adda1f05a3e305e
ACTION_CHARGING is sent when the device is in a good enough charging
state for power-heavy work to be done. It was sent immediately when this
determination was done:
1. plugged in and level >= 90
2. plugged in and level is increasing
However this lead to many jobs being ungated when this happen, and
defeats the purpose of plugging in your device to get a quick boost.
In the case of 2. we defer the sending of ACTION_CHARGING by a
configurable time, defaulting to 15minutes, after said determination.
The adb command to play with this is:
adb shell settings put global battery_stats_constants battery_charged_delay_ms=90000
Bug: 111360323
Test: Set the delay to 15s, then cmd battery unplug and reset,
verify that broadcast is sent in dumpsys activity broadcasts
Change-Id: I71f8d06604041efeba12fbdfd0374aaff2f04807
This CL introduces a new configurable sensor type: config_dozeTapSensorType
Test: atest SystemUITests
Test: set config_dozeTapSensorType to double tap gesture on overlay
Bug: 121198822
Bug: 111414690
Change-Id: I54f3c20473a6d97c860ee02f324edbcf89ba85d1
Add the page fragmentation data to the current protobuf.
Also fix bugs in how it was being collected... the data in the kernel
didn't match what it was collecting (it was combining node and zone
together in a zone int... but node is an int, zone is a separate
string).
Example new output:
vailable pages by page size:
Node 0 Zone DMA Unmovable 0 1 1 1 0 1 1 0 0 0 0
Node 0 Zone DMA Reclaimable 1 1 0 1 1 1 1 1 1 0 0
Node 0 Zone DMA Movable 1 1 0 0 1 0 1 0 1 1 291
Node 0 Zone DMA CMA 1 1 0 0 0 1 1 1 1 1 35
Node 0 Zone DMA Reserve 0 0 0 0 0 0 0 0 0 0 1
Node 0 Zone DMA Isolate 0 0 0 0 0 0 0 0 0 0 0
Node 0 Zone Normal Unmovable 1 9 3 2 1 0 1 0 1 0 0
Node 0 Zone Normal Reclaimable 0 15 3 3 1 0 1 0 1 0 0
Node 0 Zone Normal Movable 0 1 1 1 0 0 1 1 0 1 338
Node 0 Zone Normal CMA 0 0 0 0 0 0 0 0 0 0 0
Node 0 Zone Normal Reserve 0 0 0 0 0 0 0 0 0 0 2
Node 0 Zone Normal Isolate 0 0 0 0 0 0 0 0 0 0 0
Change-Id: I029d59b8d088b20fafaea04dde766012c3d448cd
Fixes: 122854187
Test: manual
The native implementation of network stats no longer keep a persistent
stats since boot. Everytime networkStatsService read the detail stats,
the data will be cleaned for performance reason. For the service that
are directly calling networkStatsFactory, the results are no longer
accurate anymore. Use the binder interface provided by
networkStatsService instead to get a cumulative detailed uid stats since
device boot.
Bug: 111441138
Test: android.app.usage.cts.NetworkUsageStatsTest
Change-Id: I230c1edbf64cfeb3dbb560db368b5e420f7b79a4
* changes:
Add launchDeviceDiscovery when devices just plugged into the current device or the current device just conneted to a TV.
Fix pathToPort logic in HdmiControlService
Update the power status of an existing hdmi device with TIF once receive Report Power Status or Active Source from the existing device.
Add HDMI device info into TIF once receive report Physical Address or Set Osd Name from a new device.
Change the pathToPort(int path) method in HdmiControlService to apply to not only TV device.
Modify on hotPlug logic for Audio devices
Add array and add/remove methods to track connected device info
Modify doManualPortSwitching logic in Audio System
Add HdmiSwitchClient and move isSwitch property to system ro property
Wake up device when device is in dozing but CEC power status is on.
Otherwise the handleUnbind will try to unbind from a dead service
which causes an IAE.
Bug: 117779333
Test: Killed service-app while service was bound. Save death, but not
IAE anymore
Change-Id: Iff91feaf0656a349ba38391ea9294bda49e3e61a
No need for services to think about unbinding anymore. Now the
AbstractRemoteService counts how many requests are not yet finished and
once the number of unfinished requests drops to zero, schedules an
unbind.
Bug: 117779333
Test: - Started settings which makes many calls to
PermissionControllerManager. Saw the automatic unbind to eventually
happen.
- atest CtsContentCaptureServiceTestCases (with content capture
enabled and with content capture disabled)
- atest CtsAutoFillServiceTestCases (4 tests out of WebViewActivityTest fail without and with this change)
Change-Id: Ief2f3512df5a1c55694c0c6b449079a49089bcde
* Introduces BadgedImageView / BadgeRenderer for icon & badging
-> These are both semi-temporary until I move things over to using
icon library
* Introduces "shouldShowInShade" bit on NotificationData, this is used
to indicate whether a bubble's notification should display in the
shade or not
* BubbleController uses NotificationEntryListener to annotate notifs
bubble state & add / update / remove bubbles
* Cleans up expansion / dismissing / visibility in BubbleController
General notif / dot / bubble behaviour:
* When a bubble is posted, the notification is also in the shade and
the bubble displays a 'dot' a la notification dots on the launcher
* When the bubble is opened the dot goes away and the notif goes away
* When the notif is dismissed the dot will also go away
* If the bubble is dismissed with unseen notif, we keep the notif in shade
go/bubbles-notifs-manual has more detailed behavior / my manual tests
Bug: 111236845
Test: manual (go/bubbles-notifs-manual) and atest BubbleControllerTests
Change-Id: Ie30f1666f2fc1d094772b0dc352b798279ea72de
This change is the main check in for the historical app op feature.
The idea is to store a historical data about past app op rejections,
accesses, and durations per op for any UID state indefinitely.
Keeping all operations on record is not practical as app ops are
very frequently performed. To address this we are storing aggregated
data as snapshots where we store for every UID and its packages
how many times each op was accessed, rejected, lasted as an aggregate.
To allow history scaling indefinitely we are taking a logarithmic
approach with only the most recent state stored in memory and all
preceding state stored on disk. State on disk is stored in separate
files where each preceding file, i.e. for an older period, would
cover X times longer period with X number of snapshots covering
X times longer period. Initially X is ten but can be tweaked. For
example, the first file could contain data for ten days with daily
snapshots, while the file for older period would have data
for a hundred days with snapshots every ten days, etc.
The implementation is optimized for fast history update and no impact
on system runtime performance and minimizing memory footprint. We
are lazily persisting state to disk on a dedicated thread as this is
slow. We are also reading the relevant historical files on a query
as this is very rare as opposed to state updates.
The base snapshot interval, i.e. snapshot time span, in the initial
iteration and the logarithmic step are configurable. These can be
changed dynamically and the history would be rewriten to take this
into account.
Test: atest CtsAppOpsTestCases
bug:111061782
Change-Id: I55c32c79911ba12b2ace58d2a782b8df1e6bff60
In small mode, tapping the gray are is ignored. Combined
StatusBar#showBiometricTryAgain into onBiometricAuthenticated(bool)
We now create a new BiometricDialogView object for each BiometricPrompt
authenticate call. This makes the view's lifecycle much easier to manage.
Bug: 111461540
Test: Small -> Big when error or rejected
Test: Small -> Authenticated looks good
Test: Try again button is shown when rejected
Test: Icon spacing looks good after animation
Test: Big/small state persists across configuration change
Change-Id: Id0157a7506cea9b0e7de079c43f8bd5ba3cbd8c5
This includes laying down some groundwork to make the remaining migrations
more straightforward
Bug: 110557011
Test: atest RoleManagerTest && atest SmsManagerTest
Change-Id: Ie96abd73751d10f521756c9dcdab2a5710ca2045
Some devices shouldn't render rounded corners because of graphics
limitations.
Bug: 122347746
Test: swipe up on multiple types of devices: walleye, sailfish, blueline
Change-Id: I93fcb4283ed1aa3df5569454483a8867a3bfd06b
1. This change ignores immersive mode request if the window is not in
fullscreen mode in terms of caption visibility;
2. Update caption visibility when app changes system UI visibility.
This change also consolidates the visibility logic into DecorView.
Bug: 119388201
Test: Manual test. Also test that split screen and PIP don't have
caption.
Change-Id: Ia5051d2f53455be2c21e1933b002d07b25c0b74b
