Bug: 62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Prevent apps to change permission protection level to dangerous
from any other type as this would allow a privilege escalation
where an app adds a normal permission in other app's group and
then redefines it as dangerous leading to the group auto-grant.
Test: Added a CTS test which passes.
Bug: 33860747
Change-Id: I4e86ee54e61d2fa45be601fae577986ef9a84673
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug: 33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit 7ff418d9a9)
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug: 33019296, 32990341, 32879915, 32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug: 33019296, 32990341, 32879915, 32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug 30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Previously we only re-evaluate provisioning for SIM swap case
The new logic covers both SIM swap case
(ABSENT->NOT_READY->UNKNOWN->READY->LOADED) and modem reset
case (NOT_READY->READY->LOADED)
Test: Manual
bug: 33815946
Change-Id: I9960123605b10d3fa5f3584c6c8b70b616acd6f8
- Even if call setTestProviderLocation() with inconsistent providers,
should still end up with a location that is flagged as mocked
- Bug: 33091107
Change-Id: I39e038f25b975989c2e8651bfd9ec9e74073e6cd
Avoid potential race condition between FRP wipe and write operations
during factory reset by making the FRP partition unwritable after
wipe.
Bug: 30352311
Test: manual
Change-Id: If3f024a1611366c0677a996705724458094fcfad
(cherry picked from commit a629c772f4)
is going idle.
The inputs to DeviceIdleController (alarm manager, sensors)
hold wake locks while they call it. But then the real work
happens in a handler which is outside of the wakelock, so
listeners don't get a chance to run right away, which in
the case of NetworkPolicyManager means the device is in a
higher power state than it should be.
It's not clear that this will 100% fix the bug, because
NetworkPolicyManagerService also has its own internal
Handler, and isn't holding its own wakelock for this,
but this change allows NPMS to be fixed if it really
needed to be.
Bug: 31900521
Change-Id: I706045aa189147824c9214c57abc13993aee9a5b
