DPM can currently control the master location toggle, but cannot
influence the behavior of individual providers. This adds an API for
DPM (or other privileged entities) to request a provider to turn itself
on.
Practically, this is necessary to allow DPM to control network location,
which may be gated by additional consents. This change also renames some
internal location code to make clearer the distinction between provider
enabled and provider allowed: enabled = location on && allowed
Bug: 136219903
Test: CTS tests to be added
Change-Id: I05f03c976428f0f5a8a2cf627a84dc9e2baf3e67
Fix some minor bugs and ensure fused location provider correctly
supports location bypass. This is especially important for when
location bypass is invoked in direct boot.
The added UPDATE_DEVICE_STATS permission is necessary for FusedLocation
to correctly update WorkSources. FusedLocation receives work from LMS and
then further delegates that work to other location providers. The other
location providers should be informed of the correct applications for
battery blame, and should not be blaming the FusedLocation package.
1) This is the minimally scoped permission necessary to battery blame
correctly.
2) There is no way to attribute battery blame without this permission.
3) This is the correct permission - as required by LocationManager, and
this permission will likely never be removed (FusedLocation will always
need to battery blame).
Test: atest FusedLocationTests
Change-Id: If7126fffaae5577ddf8e366a0b5c17b3e5286582
Put enabled/disabled state under location provider control, and use it
to represent whether a location provider may be used, not whether the
user has enabled or disabled a location provider.
Bug: 118885128
Test: manually
Change-Id: I1209c49c13ca8995b223f383ad332322fffc7a96
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: I4233b9091d9066c4fa69f3d24aaf367ea500f760
Mostly consists of removing the word "encryption" from most APIs,
since we can't actually make promises about the data being encrypted.
Bug: 27531029
Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
Add granular StorageManager APIs for key creation/destruction and
unlocking/locking. Start passing through an opaque token as part
of the unlock command, but leave it empty for now. We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.
Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE. Wire
a command to "sm", but persisting will come later.
Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model. Small tweaks to handle non-encryptionAware voice interaction
services. Switch PackageManager to consult StorageManager about the
unlocked state of a user.
Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
Prevent crash in case where NLP is not available. Also fix an integer
overflow bug that remained uncaught.
BUG: 22345134
Change-Id: If6ff7b12f0d15bb2fe97589f8b0be10f9ed06197
This commit prevents a system_server crash when applications attempt
to use the fused location provider on systems that do not have a
network location provider available.
Bug: 10845061
Change-Id: I85b33806e05566e8b68ee2ccc401b1c565fd7b9a
"signatureOrSystem" permissions are no longer available to all apps
residing en the /system partition. Instead, there is a new /system/priv-app
directory, and only apps whose APKs are in that directory are allowed
to use signatureOrSystem permissions without sharing the platform cert.
This will reduce the surface area for possible exploits of system-
bundled applications to try to gain access to permission-guarded
operations.
The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is
says in the documentation: it indicates that the application apk was
bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED
has been introduced that reflects the actual right to access these
permissions.
At some point the "system" permission category will be
renamed to "privileged".
Bug 8765951
Change-Id: I6f0fd9cdb9170e076dfc66d83ecea76f8dd7335d
This changelist revises LocationManager's previous multiuser system.
Location provider services that are not multiuser-aware continue to
run as before: ServiceWatcher binds to location provider services as
the current active user. When the device switches from one user to
another, ServiceWatcher unbinds from the old user's location provider
service and binds to the new user's instance.
Now, location provider services that are multiuser-aware or
user-agnostic can declare "serviceIsMultiuser" metadata in their
AndroidManifest.xml to prevent ServiceWatcher from performing this
switching. These services will run as singleton services and will be
expected to handle user switches on their own.
With this feature in, I was able to switch FusedLocationProvider to
run in multiuser mode, sharing the system_server process instead of
running in its own process. The NetworkLocationProvider is unchanged,
still running in singleuser mode, cheerfully oblivious to the
possibility that there might be any user on the device besides the
one it services.
Bug: 8028045
Change-Id: I1a5bd032918419bab6edb46c62ff8c6811170654
Hide all new location APIs related to LocationRequest/Geofence and
undeprecate all deprecated APIs consequently to the LocationRequest and
Geofence introduction. Also introduce LocationRequestUnbundled for
LocationProviders to use.
Change-Id: I5b116c7d342041f45b341c88a4b6813571118018
