Instant Apps can only see apps that explicitly expose a component via
android:visibleToInstantApp.
Bug: 34087569
Test: cts-tradefed run commandAndExit cts-dev -m
CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Ibcba43597f545966abc883e90008369fb20d61ae
Different versions of this feature specify different levels of
headtracking capability.
Bug: 36294374
Test: build
Change-Id: I00273c9093321661b5ca519d7cd065ae0105c3b2
Allow all client targeting Android O to assume paging
support for any provider.
Adds a new PageViewCursor that adapts an unpaged cursor
to a paged request.
Updates ContentProviderNative to perform wrapping on
unpaged results.
Bug: 30927484
Change-Id: I4e225dc16761793c85ef8a195bf049113c79cd20
Test: Added for new class. Run info @ frameworks/base/core/tests/coretests/README
This CL contains following clean up:
- Hide unnecessary constructors.
- Change List<XX> to XX[] since actually all fields are immutable.
- Change font's variant type from String to int.
- Decouple resource related members to FontResourcesParser.
- Add NonNull/Nullable to all fields.
Test: ran android.content.res.FontResourcesParserTest
Change-Id: If456266ffff86d41342572a19662cc8f3cd13181
Ostensibly for instant apps, we allow play to mark an app as having
an update available. This will trigger instant app resolution even
if the instant app is already installed on device.
Bug: 35143464
Test: Manual; launch URI of installed instant app, see it runs w/o resolution. set bit. launch URI of installed instant app, see it runs resolution
Change-Id: I511df2b2a3eab39377167c770255ccbe02d5dad2
Static RRO package is designed to support resource overlay for system
server and they shouldn't be disabled or changed by a user.
The design details are in go/treble-static-rro.
Selection method for static RROs will be applied later when its design
is determined.
Test: building succeeded and tested on sailfish.
Bug: 35742444
Change-Id: I8cbf2fd37a73a24bf6ad291e2c5cf75a0fc757fc
When PackageInstaller was originally written, we needed a way to
ensure that untrusted apps were fully hands-off of any opened
FileDescriptors before we could proceed with certificate checks.
The best way to satisfy this security constraint was to build
a utility called FileBridge which was a (terribly slow) RPC
mechanism that could be cut off when needed.
However, a new feature called "AppFuse" offers to create a "proxy"
FileDescriptor which relays file operations back into userspace, and
it's much more performant than FileBridge. (Local benchmark tests
that deliver a 64MB APK show that AppFuse is about 45% faster than
FileBridge.) Because userspace is still involved in every operation,
we can still "revoke" access at any time to deliver on our security
requirements.
This change adds support for AppFuse, while keeping around FileBridge
as the default for now. An upcoming flag-flip CL can be used to
easily switch between the two modes.
Test: builds, boots, benchmarking, stress tests
Bug: 35728404, 31332379, 25510838
Change-Id: I2a70c0ca922a5ba468ffdef7b2fd8ab79f7cfefd
These broadcasts resulted in a terrible user experience where dozens
of apps would wake up and try deleting everything they possibly can,
meaning that we'd thrash between showing/hiding the low space
notification to users.
Instead, if apps have data that they're okay being purged when the
system is chronically low on space, we want to strongly encourage
them to rely on the much-improved getCacheDir() behaviors in OC.
Test: builds, boots
Bug: 35406598
Change-Id: I74abfba1b8d3948363b79f8b66ca0ad60faac756
This change will affects 2 types of apps: autofill service implementations
and apps that use autofill APIs.
Since just the former is known to be used at the moment, we're not trying
to keep backward compatibility with the latter.
Bug: 35956626
Test: CtsAutoFillServiceTestCases pass
Test: android.provider.SettingsBackupTest pass
Change-Id: Ia720083508716deae9e887f9faa7ae7c5a82f471
This will be used to help document the expected behavior of various
broadcast actions defined by the OS.
Also add logic to PackageParser that will then yell at developers
whose manifests are making bad assumptions about which broadcasts
they'll receive.
Test: builds, boots
Bug: 35925551
Change-Id: I059c2bf8aa3ce53d9ff18dcc263db7620cd14bd6
Bug 33185424
When stopping an CursorLoader while data is being loaded,
the load task will be canceled. This CL marks the data as
changed if the cancel is called while the loader is stopped.
Test: I63b48210a25be72d13a2a6182eb1757cbe6a1949
Change-Id: Ibf9c5facdcc5160f6ed146c5fdd063549ac2a7a8
Over the last month we've been moving everyone over to the new
StorageStatsManager public APIs, but we missed these users.
The ApplicationsState changes are straightforward, but we had to
completely rewrite StorageMeasurement to use the new fast-path
quota APIs.
Test: builds, boots, UI using StorageMeasurement works.
Bug: 36056120
Change-Id: If02177c95bf8c96ae4eceac4d631a168f99bef84
Instant apps can only send broadcasts to receivers that are declared in
the manifest with android:visibleToInstantApps=true or if the app
registers a receiver at runtime using the new methods that take
visibleToInstantApps.
Bug:33350280
Test: Manually sending broadcasts from Instant Apps only goes to
receivers with visibleToInstantApps set to true.
Test: Receiving a broadcast from within the same app does not require
visibleToInstantApps to be set.
Change-Id: I54d79a502ba9c5fd03ede3c09e08afc88fe2775f
This lets settings use one call to set the current theme overlay
for the "android" package.
Test: Change theme in Settings -> Display
Change-Id: Ia566e58c5479dedb7184f4218151f8080f8ebc0f
These were created in MR1 but couldn't be submitted because
they were defined too late [after API freeze].
Change-Id: Ie6884236776bd26e9d0b557fd125b8c77b0ad93b
Fixes: 34890162
Fixes: 35193180
Fixes: 35193418
Test: manual
To do this, the developer must specify the set of certificate
hashes that represent the authority's app. This allows us to
verify that the authority we find is indeed the one intended
by the developer.
Bug: 35025705
Test: runtest --path frameworks/base/core/tests/coretests/src/android/provider/FontsContractTest.java
runtest --path frameworks/base/core/tests/coretests/src/android/content/res/FontResourcesParserTest.java
CTS attached to topic
Change-Id: I605f9a93bbca8705936ead08efb4a5b4fdcc4882
In order to prevent Instant Apps from receiving potentially sensitive
broadcasts they will only receive those that the sender explicitly
exposes to Instant Apps by setting
Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS.
Bug:33350280
Test: `adb shell am broadcast` does not get delivered to Instant App
Test: `adb shell am broadcast -f 0x0x200000` gets delivered to Instant
App
Test: Verified that an Instant App can send a broadcast to itself
without FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS
Change-Id: Ie363448bf224abba530dd4caf69258939fff00af
* Change name to InstantAppResolverService
* Left old service in place to handle existing client
[to be removed prior to O launch]
* When resolving phase II, return a list instead of a single item
Bug: 34763730
Test: Build and verify resolution occurs w/ legacy & new resolver service
Change-Id: Ieccaf91538bd91c04f4be4e35d8264619d7cd6d7
.. since it is implemented by a system app. This allows the
CTS test that verifies android.* namespace intents to pass.
Change-Id: I083e1d12a79fa67e15158ca7390353303cd0e06e
Fixes: 35274957
Test: cts-tradefed run cts-dev -m CtsSignatureTestCases
This will let the ResourcesImpl be updated and handle null cases
better.
Test: Select text while composing email.
Change-Id: Ia8aed22f02b040a202db9cbb2bc02687c693cfa1
Fixes: 34761805
Fixes: 35869547
