Please see commit 3082eb7c72 for an
explanation of this change.
This capability is not used by system_server.
Bug: 34951864
Bug: 38496951
Test: code compiles, device boots, no selinux errors ever reported.
Change-Id: I4242b1abaa8679b9bfa0d31a1df565b46b7b3cc3
(cherry picked from commit 35775783fc)
Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. system_server uses this capability to collect
smaps from managed processes. Presumably this was done to avoid the
implications of granting CAP_SYS_PTRACE to system_server.
However, with SELinux enforcement, we can grant CAP_SYS_PTRACE but not
allow ptrace attach() to other processes. The net result of this is that
CAP_SYS_PTRACE and CAP_SYS_RESOURCE have identical security controls, as
long as system_server:process ptrace is never granted.
Add CAP_SYS_PTRACE to the set of capabilities granted to system_server.
Don't delete CAP_SYS_RESOURCE for now. SELinux has blocked the use of
CAP_SYS_RESOURCE, but we still want to generate audit logs if it's
triggered. CAP_SYS_RESOURCE can be deleted in a future commit.
Bug: 34951864
Bug: 38496951
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Change-Id: I2570266165396dba2b600eac7c42c94800d9c65b
(cherry picked from commit 3082eb7c72)
On FBE devices, don't save the metrics to disk but compute them when the
password is first entered and only store them in RAM.
Merged-in: 5daf273b7e
Bug: 32793550
Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
Added a service that listens whether emergency affordances
are necessary.
If the they are needed, it adds an option to the
global actions dialog that directly launches the
emergency call and also adds a long-press listener
to the keyguard emergency button.
Test: adb shell settings put global force_emergency_affordance 1 && adb shell settings put global emergency_affordance_number 111112
Bug: 30404490
Change-Id: Ib96a15da2ef4b568a8d77140ebca6aa6f20f5ddb
Added a service that listens whether emergency affordances
are necessary.
If the they are needed, it adds an option to the
global actions dialog that directly launches the
emergency call and also adds a long-press listener
to the keyguard emergency button.
Test: adb shell settings put global force_emergency_affordance 1 && adb shell settings put global emergency_affordance_number 111112
Bug: 30404490
Change-Id: Ib96a15da2ef4b568a8d77140ebca6aa6f20f5ddb
Added a service that listens whether emergency affordances
are necessary.
If the they are needed, it adds an option to the
global actions dialog that directly launches the
emergency call and also adds a long-press listener
to the keyguard emergency button.
Test: adb shell settings put global force_emergency_affordance 1 && adb shell settings put global emergency_affordance_number 111112
Bug: 30404490
Change-Id: Ib96a15da2ef4b568a8d77140ebca6aa6f20f5ddb
Symptom:
When sharing an image from Album, ChooserActivity can be shown.
But then the app to be located to the bottom part of the list may not
be started even if user tap it.
Root cause:
ChooserActivity uses ResolverDrawerLayout. And ResolverDrawerLayout
can display only some items on the list (known as "Collapse mode").
When the item clipping along the bottom edge is tapped by the user,
ResolverDrawerLayout tries to expand the list and scroll it to a
better position, instead of starting an application.
In this problem case, ResolverDrawerLayout continues to try to expand
the list whenever tapping, so an application will never start.
Solution:
Change a condition so that mOpenOnClick becomes true only when the list
has been collapsed (mCollapseOffset > 0).
Bug: 30153542
Change-Id: I576fb6c8b6a91d79c1e0d46d069146779f4dbd17
(cherry picked from commit 4f3a843ea9)
Use application context to get the screen's display metrics.
Bug: 30127070
Change-Id: I2c453c494ef210c12d89fc7e3ff026728f9ecb0f
(cherry picked from commit afb38c5cc4)
If we return to the lockscreen from a FLAG_SHOW_WHEN_LOCKED activity,
there was an additional black flicker as the wallpaper wasn't shown
for a couple of frames. The issue is that we didn't set the wallpaper
flag again, to fix another flicker with lockscreen wallpapers. Now,
we pass the state whether we currently have a lockscreen wallpaper
and if we don't have one, we immediately set the wallpaper flag
again.
Bug: 30829255
Bug: 30883413
Change-Id: I9faeaa77b98eb02058171ce19cf90b43826ebe9e
This type behaves like a normal TYPE_APPLICATION, except that WM
will always wait for it to be drawn before starting a transition.
WM always waits for TYPE_BASE_APPLICATION (main window), but for
TYPE_APPLICATION, it only waits if the window relayouts to visible
and gets a surface before the main window is drawn. If main window
itself is ready very fast, transition could start without the other
window.
bug: 30830849
Change-Id: Ife71a9812db7c8eba6ee4ead10ce4f31d9e93b40
The summary is supposed to just hold enough data to continue counting
once the device has reset. Since kernel stats reset when the device
resets, and the first update is ignored to account for soft resets where the
kernel continues running, SamplingTimer should not be recording the last value
it saw from /proc/wakelocks in the summary.
Bug:30575302
Change-Id: Ic193bc5af9a0ede514e3abc8146523d7316c47d3
Previously trust agents would be disabled even after one
wrong attempt. Now we wait for the cooldown (usually 5 attempts),
the same as fingerprint.
Also adds a TrustArchive entry of when device policy changes are sent to
trust agents.
Bug: 30037948
Change-Id: I9e284d994ddae45ef66b5b8b601297c63d8ba667
Do not terminate when the system server classpath cannot be
compiled. This can be the case in fallback mode, e.g., when
a device ran out of space.
Bug: 30765660
Change-Id: I3aca3f2f789e2201e4019e1bf04d239ab54b0d3d
This change rolls back functionality added in ag/747748.
The idea was to restore accessibility focus on
configuration changes, but the restoration was happening
too early, which caused ViewRootImpl and the View to
disagree about accessibility focus. This confusion makes
some views unreachable by swiping after a configuration
change.
Bug: 30042251
Change-Id: Iae32b5425a1e7de9a8f5be965feb912fd2d9a0bb
Mitigates an issue where a LevelListDrawable would constantly
be reloaded even if unchanged. To avoid this, small icons are
now only reloaded if they no longer point to the same resource.
Note that StatusBarIconView already has this logic.
Change-Id: I6be436e5cef7b7ca91a28edc413b1aaa0f1007d5
Fixes: 30496073
