When MediaProvider db gets recreated, all the media content ids
get renumbered. It's possible that when DownloadProvider is
trying to delete an entry, it is holding onto a invalid mediastore
uri. So, don't use linked mediastore uris in DownloadProvider
operations. Also, revoke any prior uri grants of media content from
DownloadStorageProvider.
Bug: 132087334
Test: manual
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java
Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityTests.java
Change-Id: I4885f5a0ae0b3ab660426605a8a43b8c1d66a4c7
Background:
The applications with the granted INTERNAL_SYSTEM_WINDOW and
INTERACT_ACROSS_USERS_FULL means that it could show the same
window for all of users. i.e. to use user 0 presents all of
UI things to all of users.
INTERNAL_SYSTEM_WINDOW usually comes with INTERACT_ACROSS_USERS_FULL
because it will serve all of users to know the information that
comes from framework and system server.
Solution:
Because SystemUI never restarts after the user changing,
ClipboardService can't tell if the callingUid has the the same userId
with the current user or not. The solution is to use the permission
check. Especially, INTERACT_ACROSS_USERS_FULL and
INTERNAL_SYSTEM_WINDOW. To check INTERACT_ACROSS_USERS_FULL by using
ActivityManagerInternal.handleIncomingUser.
Caution:
The application with INTERNAL_SYSTEM_WINDOW usually use user 0
to show the window. But, the current user is user 10, WindowManager
know the focus windows is belong to user 0 rather user 10. That's
why user 10 can't copy the the text from systemui directly reply to
the other applications.
Readability:
ClipboardService use callingUid everywhere but actaully it is not
appropriated to fix this kind of bug. This patch refactor the naming
to produce two name. i.e. intendingUid and intentdingUserId that are
validated by ActivityManagerInternal.handleIncomingUser.
Test: manual test
Test: atest android.widget.cts.TextViewTest
Test: atest CtsTextTestCases
Test: atest CtsContentTestCases
Bug: 123232892
Bug: 117768051
Change-Id: Ie3daecd1e8fc2f7fdf37baeb5979da9f2e0b3937
These traces are small and noisy, so they hurt performance more than they help.
This reverts commit c37457799b.
Test: m
Bug: 132721345
Change-Id: I9ef719f54f2bc8a54f23e88f46d74e35417a6519
(cherry picked from commit 3509b624fe)
The logic in MediaProvider is technically correct, but it's sometimes
inefficient in calling into the OS multiple times with the same
questions, such as validating getCallingPackage().
To mitigate this overhead, and start paving the way for more dynamic
delegation of permission checks, collect these details into a
LocalCallingIdentity object. We carefully perform all permissions
checking against this new object, and avoid using any other
thread-local values from ContentProvider or Binder.
Local tests show this CL improves performance of a test app that
takes 100 rapid shots by 37%.
This change is a no-op refactoring.
Bug: 130758409, 115619667
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: If250a7675f2246cd10881acf615619d6d6061f3d
The code allows to also whitelist only a select set of permissions, but
this is not yet exposed in the API.
Also: Fix up shell commands for restricted permissions
Fixes: 132368462
Test: - Enabled app via device admin in secondary profile
-> verified that permissions were whitelisted
- Installed existing and new app using --restrictpermissions and
not
-> verified that permissions were whitelisted or not
atest AppRestrictionsHelperTest
RestrictedPermissionsTest
Change-Id: I9cd76c555b40663f2e25ad86e8a54991baae346c
Merged-In: I9787e63d8beb8f6b1ba2d15532d4c0f69dbdf863
Adding a new intent acttion for the permission controller to ask an
app to show its permission usage to help the user understand what
and why is being used. We are adding a permission to protect this
action to prevent apps trampolining into other apps when asked to
show their permission usge.
Test: compiles
bug:131760942
Change-Id: I5217d6319fd98d40c8879bdd7af5fe466bf9143e
Explain under what conditions #query and #insert may return null.
Bug: 31043947
Test: n/a (docs update only)
Change-Id: I8880f80bfa2efff296a0a07c0bf28e9606d6db65
The hidden flags should use higher values so as to not
interleave with public flags.
Bug: 132438913
Test: CtsAppTestCases
Change-Id: Ic1dad21c2da5e5e60dc0401ee163f2188cc0f5dc
The ACCESS_MEDIA_LOCATION and WRITE_OBB permissions will always be
available.
Bug: 112545973
Fixes: 132226317
Test: presubmit
Change-Id: Ie61eba427b48f347438522bc11cfa748ad5ba1f1
Make PackageManager send a ACTION_CANCEL_ENABLE_ROLLBACK intent to
RollbackManager. RollbackManager marks the relevant rollback as invalid.
Allow enable rollback to continue as usual, before making the rollback
available, RollbackManager checks whether it's valid. If it's not, the
rollback data is deleted.
Add a test case for expired rollback enabling attempt in RollbackTest.
Test: atest RollbackTest#testEnableRollbackTimeoutFailsRollback
Test: manual -
* Set ENABLE_ROLLBACK_TIMEOUT_MILLIS to 1 ms using DeviceConfig
* Install a mainline module with rollback enabled
* adb shell dumpsys rollback
* observe that no rollback was made available
Fixes: 131679409
Change-Id: Iaa4dbff002b820aff1fc3e1b985f129cf5ebe2e6
This change removes the permission granting for non-system dialer and
SMS apps in DefaultPermissionGrantPolicy. Permission granting to
system apps is left unchanged. Package manager is also made to query
role manager for the current default dialer instead of maintaining its
own storage.
Bug: 124452117
Bug: 129211673
Test: presubmit
Change-Id: I3c5c122802c3ecf15984a24c24c69a9e2f310bb7
To ensure existing installers would work without a change the
default state of installing a package is now that all restricted
permissions are whitelisted. If the installer specifies another
whitelist at install time, it determines the install state. In
addition to this we now enable the restricted permission checks
as a prebuilt installer is no longer required.
Test: atest CtsPermission2TestCases
Test: atest CtsPermissionTestCases
Test: atest CtsAppSecurityTestCases:android.appsecurity.cts.PermissionsHostTest
bug:132160728
Change-Id: I705e341faebe62fc2d88fd37ad8870b98e1b71b1
Currently only for the ContextImpl.enforcePermission code paths and only
when 'secure debug_package_permission_check' is set.
This feature is disabled on user-builds.
Test: Enabled permission checking for my app and
- checked runtime permision denial
- permission denial because app is instant
Bug: 111075456
Change-Id: Ib85777db69ee490608e9dac32a3b97971c0ba215
Read/Write Locale#script along with language, country, and variant
for the Configuration proto.
Bug: 131507134
Test: atest UsageStatsDatabaseTest
Test: atest LocaleListTest [unit-test, cts, gts]
Change-Id: I09b7d3b2e6c6d339cbb75bf19f89251b777bbbe6
This reverts commit 02014297fd.
Reason for revert: QT SDK Finalization. Will be merged again on/after May 13th
Bug: 129975435
Change-Id: Ia054b193a982dee669630555974d2d7831fe2b50
This is a different approach than
I346d772e1f4aed94f6faead3b6455efc4666b651, suggested during reviews.
Bug: 131046856
Test: marked the NetworkStack APK as persistent, verified that
- adb install networkstack.apk fails
- adb install --staged networkstack.apk succeds (after reboot)
Change-Id: I1facb24786431906a8056a50bff01745cebacf24
If rollback for a package is committed at the same time the package is
updated, it's possible we will incorrectly roll back the newly updated
version of the application.
Add a hidden API to the package installer that lets you set a required
existing version of a package to be updated. If the expected package
version is not installed at the time of commit, the update install
fails.
The RollbackManager uses this new API to ensure that rollback will fail
if the package in question was just updated.
Test: atest RollbackTest, with new test added and manual confirmation
that the race condition was exercised by the new test.
Bug: 128831080
Change-Id: Ifa5627e257d2ef13e2b213ef0dbc93932797ce0d
- When MediaMetadataRetriever can't create the thumbnail of some
HEIF files, attempt decoding it from ExifInterface.
- ImageDecoder can't create the thumbnail with getThumbnailBytes
from ExifInterface in some cases. It will occur DecodeException:
Failed to create image decoder with message 'unimplemented'Input
contained an error. Attempt to decoding the full image in these
cases.
- Use orientation from ExifInterface to transform the thumbnail to
right orientation.
Test: manual
Test: atest ThumbnailUtilsTest
Bug: 130775874
Fix: 130446058
Change-Id: Icd0726ec49fe85651150736199c3caa184fa1a3f
