StorageManagerService needs to trigger update of storage mountpoints
when an app gets storage access, so update AppOpsService to notify
StorageManagerService synchronously when storage related app ops change.
Also, when an app gets REQUEST_INSTALL_PACKAGES appop denied, kill the
app.
Bug: 132466536
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I130dde1bcffea6c96e5d8c173055737850af6151
USAP improve app startup by ~5ms, so enable it for the
jitzygote experiment.
Bug: 119800099
Test: boots and usap processes live
Change-Id: I918d81f56cc7e9fcc8a053feadd7878108e6d590
This is @hide for Q now that we're past API freeze, and will be
@SystemApi in master.
Bug: 126700920
Bug: 126701153
Bug: 130351719
Test: bit GtsIncidentConfirmationTestCases
Test: bit GtsIncidentManagerTestCases
Change-Id: Iac6a058017a86c1927502c529e5a7f3881eb56a7
This prevents any object data from being accidentally overwritten by the
exception, which could cause unexpected malformed objects to be sent
across the transaction.
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
Fixes: 34175893
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
Similar to how we target DE and CE storage areas, callers need to
specifically ask to work with EXTERNAL storage. This is because
external storage often lives on a separate device from where internal
DE and CE data lives.
As one specific example, if we're moving an app between two
"internal" storage devices, we don't want to clean up the data
for that package on external storage, since it's not being moved.
This change also expands to all mounted external storage devices,
not just the storage backed by the incoming UUID.
Bug: 113277754
Test: atest android.appsecurity.cts.StorageHostTest
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Test: atest --test-mapping frameworks/base/services/core/java/com/android/server/pm/
Change-Id: Ie125303726dd757ee45bd373f53addb35569c2f7
This reverts commit 60c71cee6e.
Reason for revert: Rolling forward for Q-Finalization
Bug: 131429032
Bug: 129975435
Change-Id: Idd812d93b767d8a672b9ada58c8bcc2441395847
The ACCESS_MEDIA_LOCATION and WRITE_OBB permissions will always be
available.
Bug: 112545973
Fixes: 132226317
Test: presubmit
Change-Id: Ie61eba427b48f347438522bc11cfa748ad5ba1f1
USAP preloads the driver in usap pool, and those processes in the pool
are not bound with any applications. Previously we send GpuStats based
on the completion of driver loading. So with usap enabled, we won't be
able to receive stats for system built-in driver.
If we send the stats when all the existing stats fields are filled,
there will be tons of selinux violations, because those non app
processes are trying to send the stats as well.
So we end up sending the stats based on the hint of activity launch.
Bug: 131866357
Test: dumpsys gpu with enable/disable usap and check the selinux
Change-Id: I32fcc15aeba2f2e89ba6dd9deae2c27187d2071e
This change plumbs the advertised Vulkan api version into GraphicsEnv.
GLES api version and CPU Vulkan api version will be appended when statd
pulls GpuStatsGlobalInfo from GpuStats to save app launch overhead.
Bug: 131866357
Test: build, flash and boot
Change-Id: I7faa924eccc81499cd4f1fd54803e3a62bd3153a
As originally coded, debug ANGLE packages could only be used
if ANGLE was properly installed, such that a single answer
was received from ANGLE_FOR_ANDROID. Since ANGLE is only
required on new Q devices, debug packages could not be loaded
on devices that upgraded from P.
This CL changes the ordering such that debug packages are
detected before checking for propertly installed ANGLE package.
Bug: 132076614
Test: Manually test app with and without debug package
Test: atest CtsAngleIntegrationHostTestCases
Change-Id: I88f0417c7e74c2c20d087f2137eeb78879143ce5
Use dev/null fd (instead of using fd from temporary file) when
screenshot fd is passed as null, as file deletion does not need
to be handled for dev/null.
Test: Take interactive bugreport (which does not need screenshot)
manually using shell (which calls bugreport API)
Bug: 128981582
Merged-In: I1719899e6cf3bffe1a96849691c051ff4f3a05ec
Change-Id: I1719899e6cf3bffe1a96849691c051ff4f3a05ec
Call onError for caller of BugreportManager.start() if any io error
occurs during runtime.
Bug: 128981582
Test: Tested manually by throwing IO exception in the code when
bugreport is being generated, onError of the callback successfully
called.
Merged-In: I9033d85d392b926041fc26a86806a370752d062d
Change-Id: I9033d85d392b926041fc26a86806a370752d062d
screenshotFd needs to be optional in Bugreport API. For some bugreports
such as wifi,telephony, interactive etc taking a screenshot is not
required.
Initially, the API was sending invalid file descriptor to the Binder, but
that binder transaction could not be completed as Binder validates the
file descriptor to be valid and not-null.
Adding a tmp.png screenshot file to pass to bugreport API call. In a
separate CL in frameworks/native, added check that the bugreports that
don't require screenshots would not use this file descriptor value.
Bug: 128981582
Test: Tested by taking bugreports using Bugreport API in shell
Merged-In: I3233f5753506ae159c9fa591742e6b99e361039b
Change-Id: I3233f5753506ae159c9fa591742e6b99e361039b
Read/Write Locale#script along with language, country, and variant
for the Configuration proto.
Bug: 131507134
Test: atest UsageStatsDatabaseTest
Test: atest LocaleListTest [unit-test, cts, gts]
Change-Id: I09b7d3b2e6c6d339cbb75bf19f89251b777bbbe6
This reverts commit 8a3d1f96e1.
Reason for revert: QT SDK Finalization. Will be merged again on/after May 13th
Bug: 131429032
Bug: 129975435
Change-Id: I7a48ef6a057a97ebd9903b7e934a7d95ec97f00e
Time may be eternal, Captain, but our patience is not. It's time to put
an end to your trek through the stars.
Test: Builds, boots.
Bug: 131429032
Bug: 129975435
Change-Id: Ia2367124afb642dac0fb365e4fa096db1c648adb
This fix addresses two related issues: one with the
DeviceConfig.onPropertiesChangedListener, and another with
HiddenApiUsageLogger.setHiddenApiAccessLogSampleRates.
In both cases, setting one of the sample rates
(hidden_api_access_log_sampling_rate or
hidden_api_access_statslog_sampling_rate) unsets the other. This is due
to them being sent sequentially instead of simultaneously.
Additionally, out of an abundance of caution, mirror the behaviour in
attemptConnectionToPrimaryZygote and attemptConnectionToSecondaryZygote
for the statslog sample rate. This was overlooked in a previous change.
Bug: 119217680
Test: m
Test: cts-tradefed run cts-dev -m CtsStatsdHostTestCases -t \
android.cts.statsd.atom.UidAtomTests#testHiddenApiUsed
Change-Id: I8a5534403269a2339fcabc8f847199ab837ae71b
"Make RescueParty not wipe if checkpointing" contained an incorrect
return statement, causing the last level of RescueParty to not execute
if checkpointing is not active. This fixes that error
Test: setprop persist.sys.enable_rescue 1
Set device to not commit checkpoints
adb shell setprop debug.crash_sysui 1
adb shell stop
adb shell start
Rescue Party causes wipe prompt
Bug: 131721345
Change-Id: I9376020355b80a4e830e6884b92ade9ad11dc8ee
The Build.VERSION_CODES.P0 was the stub for a potential new API level
after P. Now it's Q thus the usage for P0 field is not valid any more.
This CL also fixed the android.os.cts.BuildTest test failure for
cf_x86_phone-userdebug
Bug: 131601118
Test: presubmit test on ag/7204147
Change-Id: Iee474e95a35e051e6a3f4f96da5d82387d33d013
The new security model in Q requires that apps can't directly write
to media they don't own. They can still gain write access using
RecoverableSecurityException.
Bug: 130367350
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: I1fea108aeee63caa2579187be73ba2f27f2bb932
Previously we were only insuring that the arguments provided to the
Zygote didn't contain any newlines. This adds additional checks for
carriage returns and standalone integer arguments to protect against
malicious argument and packet injection respectively.
Bug: 130164289
Test: m & flash & boot & check logs
Change-Id: I4055c50d52db0047c02c11096710fd07b429660c
Merged-In: I4055c50d52db0047c02c11096710fd07b429660c
(cherry picked from commit c99198249f)
