This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
This API was added in Q but is not necessary anymore as
Os#setsockoptTimeval was exposed as public API.
Test: m
Fixes: 129433363
Merged-In: If4a75f23c6c0589c23cadce3b088966649062463
(cherry picked from commit 77f9d85f12)
Change-Id: I4669eb2f9fa073d765be6bcb5863a5887eaf1ab5
The SocketUtils.attach*Filter and SocketUtils.addArpEntry methods
were added there because they could not be added as JNI inside
the NetworkStack. This was not possible because on Go devices,
the NetworkStack was a jar library. But now, Go also uses an APK.
Hence, move these methods to the NetworkStack.
Fixes: 129433183
Merged-In: I66d7b3e4fbfa32bb0bc853e8cf9399031daff8a9
(cherry picked from commit fe71be2b04)
Change-Id: Ice433a41469e784385f19498c154345d7b9c69b5
This reverts commit 063eefa78a.
The problem with this fix is that services expect to be able to
determine if a node has certain capabilities, even if it is disabled,
and doesn't have the action associated with them.
Change-Id: Ia17ed6ed5f92737226cfe704dc71957f2ae5541b
Fix: 120247282
Test: it builds.
With the change in I4f13638598037acaeb30d61c8d5178f45882fcba
to separate the PackageWatchdog package expiry deadline from the explicit
health check deadline. It would be cleaner for ExtServices to supply
this deadline per-package. We now do that as a field in
PackageInfo.
Bug: 120598832
Test: Builds
Change-Id: I29e2d619a5296716c29893ab3aa2f35f69bfb4d7
This CL adds a SessionInfo.getUpdateMillis() call to the API in order
for callers to figure out which session was applied last.
Change-Id: I3eed6c80f4777ee248671d17d9428eed2fe73aa8
Fix: 129546185
Test: atest CtsStagedInstallHostTestCases; atest apex_e2e_tests
OverlayInfo#getTargetPackageName will never return null. Correct
@Nullable annotation to say @NonNull instead.
Fixes: 129853770
Test: builds, boots
Change-Id: I70a9634e4f7da99be5d9044a7884b9ad01a22fd8
These two classes were added to @SystemApi because they are used
both by NetworkMonitor and CaptivePortalLogin. However it turns
out they are not needed in the framework, so having them as a
library sounds better.
Change-Id: Iadf77ec5952b6da8812dc6d006a39bd4e93d2bd9
Fix: 129433264
Test: atest NetworkStackTests FrameworksNetTests
- Add documentation to CaptivePortal#logEvent
- Add paragraph breaks to StaticIpConfiguration class javadoc
- Format javadoc for API documentation
- Move setters to a builder and hide fields for apps targeting P or
older
- Document StaticIpConfiguration getters and builder setters
- Add documentation for StaticIpConfiguration#getRoutes
Bug: 129362244
Bug: 129433304
Test: built, flashed, booted, WiFi working
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: Ia66c1097f01ca87d02eba3456547aedb1e480186
- Also remove typed media permissions
- Leave typed media app-ops
Bug: 129716569
Test: Used apps, looked at permissions in the UI
Change-Id: If7714fb1a6955584157e1a60ab72b09e35287827
