Similar to how we target DE and CE storage areas, callers need to
specifically ask to work with EXTERNAL storage. This is because
external storage often lives on a separate device from where internal
DE and CE data lives.
As one specific example, if we're moving an app between two
"internal" storage devices, we don't want to clean up the data
for that package on external storage, since it's not being moved.
This change also expands to all mounted external storage devices,
not just the storage backed by the incoming UUID.
Bug: 113277754
Test: atest android.appsecurity.cts.StorageHostTest
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Test: atest --test-mapping frameworks/base/services/core/java/com/android/server/pm/
Change-Id: Ie125303726dd757ee45bd373f53addb35569c2f7
This reverts commit 60c71cee6e.
Reason for revert: Rolling forward for Q-Finalization
Bug: 131429032
Bug: 129975435
Change-Id: Idd812d93b767d8a672b9ada58c8bcc2441395847
The ACCESS_MEDIA_LOCATION and WRITE_OBB permissions will always be
available.
Bug: 112545973
Fixes: 132226317
Test: presubmit
Change-Id: Ie61eba427b48f347438522bc11cfa748ad5ba1f1
USAP preloads the driver in usap pool, and those processes in the pool
are not bound with any applications. Previously we send GpuStats based
on the completion of driver loading. So with usap enabled, we won't be
able to receive stats for system built-in driver.
If we send the stats when all the existing stats fields are filled,
there will be tons of selinux violations, because those non app
processes are trying to send the stats as well.
So we end up sending the stats based on the hint of activity launch.
Bug: 131866357
Test: dumpsys gpu with enable/disable usap and check the selinux
Change-Id: I32fcc15aeba2f2e89ba6dd9deae2c27187d2071e
This change plumbs the advertised Vulkan api version into GraphicsEnv.
GLES api version and CPU Vulkan api version will be appended when statd
pulls GpuStatsGlobalInfo from GpuStats to save app launch overhead.
Bug: 131866357
Test: build, flash and boot
Change-Id: I7faa924eccc81499cd4f1fd54803e3a62bd3153a
As originally coded, debug ANGLE packages could only be used
if ANGLE was properly installed, such that a single answer
was received from ANGLE_FOR_ANDROID. Since ANGLE is only
required on new Q devices, debug packages could not be loaded
on devices that upgraded from P.
This CL changes the ordering such that debug packages are
detected before checking for propertly installed ANGLE package.
Bug: 132076614
Test: Manually test app with and without debug package
Test: atest CtsAngleIntegrationHostTestCases
Change-Id: I88f0417c7e74c2c20d087f2137eeb78879143ce5
Use dev/null fd (instead of using fd from temporary file) when
screenshot fd is passed as null, as file deletion does not need
to be handled for dev/null.
Test: Take interactive bugreport (which does not need screenshot)
manually using shell (which calls bugreport API)
Bug: 128981582
Merged-In: I1719899e6cf3bffe1a96849691c051ff4f3a05ec
Change-Id: I1719899e6cf3bffe1a96849691c051ff4f3a05ec
Call onError for caller of BugreportManager.start() if any io error
occurs during runtime.
Bug: 128981582
Test: Tested manually by throwing IO exception in the code when
bugreport is being generated, onError of the callback successfully
called.
Merged-In: I9033d85d392b926041fc26a86806a370752d062d
Change-Id: I9033d85d392b926041fc26a86806a370752d062d
screenshotFd needs to be optional in Bugreport API. For some bugreports
such as wifi,telephony, interactive etc taking a screenshot is not
required.
Initially, the API was sending invalid file descriptor to the Binder, but
that binder transaction could not be completed as Binder validates the
file descriptor to be valid and not-null.
Adding a tmp.png screenshot file to pass to bugreport API call. In a
separate CL in frameworks/native, added check that the bugreports that
don't require screenshots would not use this file descriptor value.
Bug: 128981582
Test: Tested by taking bugreports using Bugreport API in shell
Merged-In: I3233f5753506ae159c9fa591742e6b99e361039b
Change-Id: I3233f5753506ae159c9fa591742e6b99e361039b
Read/Write Locale#script along with language, country, and variant
for the Configuration proto.
Bug: 131507134
Test: atest UsageStatsDatabaseTest
Test: atest LocaleListTest [unit-test, cts, gts]
Change-Id: I09b7d3b2e6c6d339cbb75bf19f89251b777bbbe6
This reverts commit 8a3d1f96e1.
Reason for revert: QT SDK Finalization. Will be merged again on/after May 13th
Bug: 131429032
Bug: 129975435
Change-Id: I7a48ef6a057a97ebd9903b7e934a7d95ec97f00e
Time may be eternal, Captain, but our patience is not. It's time to put
an end to your trek through the stars.
Test: Builds, boots.
Bug: 131429032
Bug: 129975435
Change-Id: Ia2367124afb642dac0fb365e4fa096db1c648adb
This fix addresses two related issues: one with the
DeviceConfig.onPropertiesChangedListener, and another with
HiddenApiUsageLogger.setHiddenApiAccessLogSampleRates.
In both cases, setting one of the sample rates
(hidden_api_access_log_sampling_rate or
hidden_api_access_statslog_sampling_rate) unsets the other. This is due
to them being sent sequentially instead of simultaneously.
Additionally, out of an abundance of caution, mirror the behaviour in
attemptConnectionToPrimaryZygote and attemptConnectionToSecondaryZygote
for the statslog sample rate. This was overlooked in a previous change.
Bug: 119217680
Test: m
Test: cts-tradefed run cts-dev -m CtsStatsdHostTestCases -t \
android.cts.statsd.atom.UidAtomTests#testHiddenApiUsed
Change-Id: I8a5534403269a2339fcabc8f847199ab837ae71b
"Make RescueParty not wipe if checkpointing" contained an incorrect
return statement, causing the last level of RescueParty to not execute
if checkpointing is not active. This fixes that error
Test: setprop persist.sys.enable_rescue 1
Set device to not commit checkpoints
adb shell setprop debug.crash_sysui 1
adb shell stop
adb shell start
Rescue Party causes wipe prompt
Bug: 131721345
Change-Id: I9376020355b80a4e830e6884b92ade9ad11dc8ee
The Build.VERSION_CODES.P0 was the stub for a potential new API level
after P. Now it's Q thus the usage for P0 field is not valid any more.
This CL also fixed the android.os.cts.BuildTest test failure for
cf_x86_phone-userdebug
Bug: 131601118
Test: presubmit test on ag/7204147
Change-Id: Iee474e95a35e051e6a3f4f96da5d82387d33d013
The new security model in Q requires that apps can't directly write
to media they don't own. They can still gain write access using
RecoverableSecurityException.
Bug: 130367350
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: I1fea108aeee63caa2579187be73ba2f27f2bb932
Previously we were only insuring that the arguments provided to the
Zygote didn't contain any newlines. This adds additional checks for
carriage returns and standalone integer arguments to protect against
malicious argument and packet injection respectively.
Bug: 130164289
Test: m & flash & boot & check logs
Change-Id: I4055c50d52db0047c02c11096710fd07b429660c
Merged-In: I4055c50d52db0047c02c11096710fd07b429660c
(cherry picked from commit c99198249f)
This patch causes unspecialized app processes to load the OpenGL driver
after they are forked. The ZygoteProcess code will then take an
application's driver preference into account when selecting how to
launch it.
Test: m & boot & launch & inspect traces for driver loading
Bug: 130029351
Change-Id: If6fa02f9c387596162e75a685b04208b45a5c86b
Merged-In: If6fa02f9c387596162e75a685b04208b45a5c86b
(cherry picked from commit 301a1c46da)
Remove unused public methods setPermission() and clearPermission()
Bug: 114231106
Test: make
Change-Id: I7acbbd36f41bef1356a158bed075c7be330728f4
(cherry picked from commit a430eda4dd)
-- Update behavior of DownloadManager.setDestinationUri(),
DownloadManager.setDestinationInExternalPublicDir() and
DownloadManager.addCompletedDownload() based on the latest
storage re-design. Essentially, going forward these APIs
will only allow downloading files into package owned dirs
or the top-level Download dir.
-- Allow some system components to specify
MediaColumns.OWNER_PACKAGE_NAME when inserting items into
MediaProvider.
-- Don't copy DownloadManager.COLUMN_TITLE to MediaProvider.
DownloadProvider and MediaProvider have different constraints
around "title" and there isn't really a need to keep these
in sync.
-- Sanity check file download paths hinted by apps.
-- Remove sandbox related logic in DownloadProvider.
Bug: 120879208
Bug: 128630262
Bug: 130797842
Test: manual
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java
Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: If48bc9ecf9ed94412c6c62ce4e5e6a55fff9b789
Adds a small delay to avoid turning off the device if the user
hits the power button right after the device wakes up via a gesture.
Bug: 126560003
Test: Manual
Change-Id: I3116ce98f244e5660573d5fa764a77083aee7fc5
We recently changed the attribute name, and the Environment method
used to test it should also change.
Bug: 130984886
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I8ed7fa9232a646b2f2f280c4b82dbc6d3cf31426
It's possible the Bundle has not been initialized when determining if
the ANGLE dialog box should be shown, due to how early that check is
performed. This change will verify the Bundle is not null before using
it and fall back to using the Context if it is.
Bug: 130185493
Test: atest CtsAngleIntegrationHostTestCases
Test: Enable Toast Message and then atest CtsAngleIntegrationHostTestCases
Change-Id: I39f48bdf20616298c66b2bb36082149cb24e908c
(cherry picked from commit 5da6a95eab)
