System components (like MediaProvider) will live in a mount namespace
that has a view of the "real" shared storage device, and normal apps
will have "sandboxed" views of the shared storage device. (Parallel
changes are implementing these namespaces in vold and installd.)
The system components mentioned above will need to translate between
the two namespaces, so this change introduces methods that perform
that translation, along with a nice batch of tests to verify.
Test: atest frameworks/base/services/tests/servicestests/src/com/android/server/StorageManagerServiceTest.java
Bug: 111893193, 111892833, 111268862
Change-Id: Iae91a44ce09eb33d6cd9b90f6c7b4f88c8cd12f0
We now have separate permissions that correspond to the various
MediaStore tables:
-- READ/WRITE_MEDIA_AUDIO
-- READ/WRITE_MEDIA_VIDEO
-- READ/WRITE_MEDIA_IMAGES
From a product point-of-view, Images and Videos will being treated as
a single permission group of "Visual" media in Q. We're also defining
two other special permissions:
-- ACCESS_MEDIA_LOCATION: indicating that the app can see any
geographic location related metadata associated with media, such
as being stored in the EXIF data. We're willing to grant this under
the unbrella of the larger "Visual" runtime permission group, but we
still want apps to request it for full disclosure of their intent.
-- WRITE_OBB: can be held by app stores that need to deliver OBB
files into app-specific sandboxes to keep legacy apps working.
Test: manual
Bug: 111801780, 110228267, 111789719, 111892833
Change-Id: If28247efdd7ac185ad3c6cbceda2e6346c26d032
This change implements the equivalent of the C++ native_handle_t type in
Java. Similar to the C++ type, the NativeHandle class wraps an arraylist
of FileDescriptor objects, along with a raw data stream (integer array).
Bug: 35098567
Test: Ran m, hidl_test (C++ and Java). Functionality tests are included
in a separate CL.
Change-Id: Ic53f9a49ae17ce5708577a586230126ab0e222c7
getInterfaceDescriptor() will return an empty string when the call
to retrieve it into the remote process fails. Proxies to a dead binder
process then show up as having an empty descriptor in the proxy dumps,
and can't be distinguished from live proxies with an empty descriptor.
Instead, if we get an empty string, check if the proxy is still alive,
so we can more accurately dump. This will make it much easier to find
proxy leaks to dead binder nodes.
Bug: 109888955
Test: adb shell dumpsys activity binder-proxies
Change-Id: Ib37ec004f38c99743ffb4a62101c12626b649e5d
For the various Build.VERSION_CODES.<version_name> constants, adding
a link to the appropriate "about this release" page in
/about/versions/ , if there is one.
Staged doc to:
http://go/dac-stage/reference/android/os/Build.VERSION_CODES
Bug: 80546406
Test: make ds-docs
Change-Id: If363445c938d325172da6beeed25e821121c5539
This packageName is passed so that the process initialization
after the zygote fork can mount appropriate package sandbox.
Bug: 111890351
Test: n/a
Change-Id: I99d6c1b53fffd53d7387dc807106efe5e1dc9b07
Binder tokens (Binder objects without an attached interface) are used
a lot with Android. These tokens don't have an interface descriptor,
which means that proxies (references) to these tokens are impossible
to identify when looking at a heap dump.
To make that easier, introduce a new constructor for Binder that allows
the caller to specify a descriptor.
Bug: 109888955
Test: builds, boots
Change-Id: I18fd00483abc29edf87f84945323a10fe4f6cd42
This is the first step to move BinderCallsStats implementation to the
server package in order to have an implementation more specific to the
system server (tracking charger on/off).
Removes the volatile keywords in BinderCallsStats.
Also exposes a clean API to StatsCompanionService instead of
BinderCallsStats directly.
Test: unit test
Change-Id: Ied98c555acc8489420104098561b4608346509b5
This splits the
- review permissions
- individually control permissions
- consent to manage wireleess (wifi + bluetooth)
properties.
Almost all code cares only for the first and it is now always true.
Hence a lot of code can be simplified.
Bug: 110431654
Test: atest PermissionsHostTest
started pre-M app
Change-Id: I733cd476ccd0bf5eaa59e9a9506db34f57c6baee
BUG: None
Test: I solemnly swear I tested this conflict resolution.
Change-Id: I7c36f66c4bf9129c1b421290f82bdae83be6979e
Merged-In: If9dd6913868a34ea1e3d14fee1860a4ff368e06b
To make some future refactoring easier.
Added some JavaDoc (mostly links to android.os.IBinder)
to make checkstyle happy.
Test: builds
Merged-In: If9dd6913868a34ea1e3d14fee1860a4ff368e06b
Change-Id: If9dd6913868a34ea1e3d14fee1860a4ff368e06b
(cherry picked from commit 03e6d923c5)
Also, delete a bunch of deprecated functions that are package-private,
and not called anywhere in the package.
Test: booted walleye
Change-Id: I728e63e7d6f9e1ba42644f93983cfcd6a2d2634c
This had to be called from native because serialization
was done from native, but now that serialization is in Java
we can move this back to a more logical place.
Also, this allows us to dump the per-UID proxy counts in
this situation again.
Bug: 109888955
Test: sailfish builds, proxy debug info shown on hitting limits
Change-Id: I4e06b3f93e30ed1c7868ec9e018709a7e796e441
To make some future refactoring easier.
Added some JavaDoc (mostly links to android.os.IBinder)
to make checkstyle happy.
Test: builds
Change-Id: If9dd6913868a34ea1e3d14fee1860a4ff368e06b
