Call onError for caller of BugreportManager.start() if any io error
occurs during runtime.
Test: Tested manually by throwing IO exception in the code when
bugreport is being generated, onError of the callback successfully
called.
Change-Id: I9033d85d392b926041fc26a86806a370752d062d
screenshotFd needs to be optional in Bugreport API. For some bugreports
such as wifi,telephony, interactive etc taking a screenshot is not
required.
Initially, the API was sending invalid file descriptor to the Binder, but
that binder transaction could not be completed as Binder validates the
file descriptor to be valid and not-null.
Adding a tmp.png screenshot file to pass to bugreport API call. In a
separate CL in frameworks/native, added check that the bugreports that
don't require screenshots would not use this file descriptor value.
Bug: 128981582
Test: Tested by taking bugreports using Bugreport API in shell
Merged-In: I3233f5753506ae159c9fa591742e6b99e361039b
Change-Id: I3233f5753506ae159c9fa591742e6b99e361039b
(cherry picked from commit b462e2e499)
Game Driver and ANGLE require to disable graphics driver preloading, which
results in app launch time regression. Given that in early stage, only a few
applications will use them, we would like to make sure Zygote prefork comes
with a preloaded graphics driver, such that applications that don't go through
ANGLE or Game Driver can directly use Zygote prefork without having to load the
driver.
BUG: 130029351
Test: Verify with testing applications.
Change-Id: I8097f0f7a908be9967b08afb01dc0ce5ff7b3413
This allows applications to specify both a GLES layer app and a
Vulkan layer app, so both APIs can be debugged at the same time.
To specify multiple debug layer apps, colon separate them just
like the layers:
adb shell settings put global gpu_debug_layer_app app1:app2:appN
Bug: 110883880
Test: atest CtsGpuToolsHostTestCases
Change-Id: I5f721b7d9de59577adb6cc03e909ff99ca79d75e
To let developers focus on specific concrete storage devices in Q,
we need a volume name that can be used to point at the primary
external storage device. We had been using VOLUME_EXTERNAL for that,
but we've heard that certain apps are making deep assumptions that
media item IDs are globally unique across all volumes.
Thus these changes merge all volumes back into a single underlying
database, and VOLUME_EXTERNAL works with all of the currently
attached volumes. The new VOLUME_PRIMARY name can be used to focus
on the primary storage device when desired.
When developers try inserting items directly into VOLUME_EXTERNAL,
we gracefully assume they meant VOLUME_PRIMARY.
Bug: 128451765
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: I682ff6e9aaab4f5315a46c9825313a438548c7e6
The feature needs to be tweaked for it, and currently
regresses app startup.
Test: build jitzygote config, check there is no usap processes
Bug: 119800099
Change-Id: Ic33c539636f206da72d6d0cc51219e8d2dfe23dc
Some changes to follow string review suggestions:
- Simplify some messages.
- Replace 'Reboot' with 'Restart'.
- Notification action button order: 'Restart' button on the right.
Bug: 129100345
Test: verified with test app
Change-Id: I1ee97b0adbf74add68d3561fc647dc4923ee7237
This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
Set the default value for the USAP Pool to true for devices that don't
receive DeviceConfig profiles.
Bug: 128851983
Test: m & boot & check log for USAP creation
Change-Id: Id171336671a4fb8b8ad59c5b0e2e725657361107
(cherry picked from commit 0f7bce31a8)
This is for statsd to log new metrics, as statsd has moved to use
thermal service in framework instead of connecting to HAL directly.
Bug: 119688911
Test: Build and dumpsys thermalservice
Test: atest $ANDROID_BUILD_TOP/frameworks/base/services/tests/servicestests/src/com/android/server/power/ThermalManagerServiceTest.java
Change-Id: Ib334c448c3615bf9d1cb0f1b6c2dd8a83d44f371
restorecon_recursive updates the SELinux label of the files in the
filesystem, and then attempts to write the xattr "security.sehash" as an
optimization for future restorecons. Writing security.* extended
attributes requires CAP_SYS_ADMIN, which system_server doesn't have (and
shouldn't have).
Suppress the computation and writing of the hash value. It's not
needed.
This bug has been around for a long time, but due to the fix for
bug 62302954, the error message is being generated more frequently
now.
TODO: It would be better if the default for restorecon was to suppress
the hash computation, since otherwise it encourages programs to be
overprivileged with CAP_SYS_ADMIN. I'll plan on doing that in a followup
commit.
Bugs where this error message has been called out:
Bug: 129766333
Bug: 129271240
Bug: 128700692
Bug: 129925723
Test: install an APK and ensure that no "SELinux: setxattr failed"
error messages are generated.
(cherry picked from commit cb1dddad27)
Change-Id: Ifc5be24d14029cb616d5564366fc10a0b93c9939
restorecon_recursive updates the SELinux label of the files in the
filesystem, and then attempts to write the xattr "security.sehash" as an
optimization for future restorecons. Writing security.* extended
attributes requires CAP_SYS_ADMIN, which system_server doesn't have (and
shouldn't have).
Suppress the computation and writing of the hash value. It's not
needed.
This bug has been around for a long time, but due to the fix for
bug 62302954, the error message is being generated more frequently
now.
TODO: It would be better if the default for restorecon was to suppress
the hash computation, since otherwise it encourages programs to be
overprivileged with CAP_SYS_ADMIN. I'll plan on doing that in a followup
commit.
Bugs where this error message has been called out:
Bug: 129766333
Bug: 129271240
Bug: 128700692
Bug: 129925723
Test: install an APK and ensure that no "SELinux: setxattr failed"
error messages are generated.
Change-Id: I83f4f225e4e73453daea42dbcabf0f8a06d320d6
It needs to use the same STOPSHIP logic for consistency with the
two other enforcement sites across the OS.
Bug: 129487770
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I7a3fa836e0795912c264aae58a55472ffae3d8c3
* changes:
Use setEnable() when there is an installed image
Use gsid.isGsiEnabled to refine DynamicSystemService
Use FeatureFlagPersistent to guard DynamicSystem
Make feature flag settings_dynamic_system persistent
Check persistent feature flag 'settings_dynamic_system' before
invoking the installation service. User can still use gsi_tool if
the device is unlocked.
Bug: 119647479
Test: Verified with 'adb shell am' and test app.
Change-Id: If2265d877bc7eedf9b7a107bba04d2e95cf1b89a
System.currentTimeMillis() is NEVER okay to use to calculate a time delta.
The original spirit of this probably should have used SystemClock.uptimeMillis(),
but use SystemClock.elapsedRealtime because it's the same as
System.currentTimeMillis() in all the cases where System.currentTimeMillis() is
correct.
Test: Treehugger
Change-Id: Ib6e090425af83e7e822fb12814d87e8a37e2d2ac
For service and provider bindings from TOP and
FOREGROUND_SERVICE apps, don't elevate bound apps
to above BOUND_FOREGROUND_SERVICE.
For service bindings, it is possible to explicitly
request the binding to match the foreground app
such that the bound app can get similar privileges
of foreground permissions.
For instance, when a foreground service has a location
type, providers it binds to don't automatically get the
location privilege. On the other hand, sometimes apps
showing UI want to treat their dependencies also as if
they are showing UI.
This change does not affect the oom_adj calculation,
only the proc state calculation for bound processes.
New BIND_INCLUDE_CAPABILITIES flag can be used to restore old
behavior for bound services.
Introduces a new state PROCESS_STATE_BOUND_TOP
Bug: 128337543
Test: atest CtsAppTestCases:ActivityManagerProcessStateTest
Change-Id: I13733e7f43a78903299254bc110cd8f7a8db4c40
Per design pivot, access to legacy behavior will be determined by
the new "allowExternalStorageSandbox" manifest flag.
Bug: 124818022, 129487770
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I169e5eb3612c23aad47204cde9ff263f9df6f8c1
- Also remove typed media permissions
- Leave typed media app-ops
Bug: 129716569
Test: Used apps, looked at permissions in the UI
Change-Id: If7714fb1a6955584157e1a60ab72b09e35287827
Add a new setting that allows a developer to specify where
to load ANGLE libraries from, rather than the default location.
This is only allowed for apps that are dumpable, i.e. can have
libraries injected. That includes debuggable, profileable,
and root.
To use the new setting:
adb shell settings put global angle_debug_package <package>
This allows a developer to build an APK directly from Chromium
and use it with a production build of Android. It will override
pre-installed system packages and updates.
Note: Use of ANGLE Developer Options UI will cease to function
until the debug package is uninstalled.
Bug: 80239516
Test: Apply setting, see new ANGLE used
Test: cts-tradefed run singleCommand cts -m CtsAngleIntegrationHostTestCases
Change-Id: Ib3b1fb52c0eb669e7ea931959a73aba2bd15bedf
1. Making a full copy of the config Builder's map so that changing
the map in the builder doesn't change the config's map.
2. Ensuring that location mode and brightness adjustment factors are
within valid ranges.
Bug: 129474588
Test: manual
Change-Id: I6117b7857afa10d71c1fc3de818c51d8719a281b
