* changes:
Apply fg/bg state in default grant policy
Do not inherit grant of background location
Split permissions inherit state from their parents
Have a map of background -> foreground permssions
Give 'restorePermissionState' a better name
The old hack to grant permissions on upgrade was removed. The new code
applies to
- platfrom upgrade
- initial package installation
- package update
Inheriting the grant state is the default behavior for split permissions.
Special cases will be added later.
Also make sure to revoke the permission once the app declares that it is
aware of the permission.
Test: atest CtsPermissionTestCases:SplitPermissionTest
Change-Id: Ie51971530607f0b585cf7a3e11b01b11a28e1de9
This reverts commit 7e1c9d75bc.
This change adds the new atomic install system API to
PackageInstaller and plumbs it through to PackageManager. It also
adds support for committing multiple sessions via command line.
Bug: 109941548
Test: Manually install 2 apps from command line
Reason for revert: Forward fix build breakage
Change-Id: I1e518f7b8998599c849fb0e8c040be974e4ac821
This system service will listen to ThermalHAL for throttling events and
take actions accordingly, e.g. shutdown device and/or sending
notification to registered listeners to IThermalSerivce.
Bug: 79443945
Bug: 118510237
Bug: 111086696
Bug: 116541003
Test: Boot and test callback on ThermalHAL 1.1
Test: Boot and test callback on ThermalHAL 2.0
Test: Kill ThermalHAL process
Test: Change device threshold to trigger shutdown
Change-Id: I1f4066c9f1cf9ab46c1738a0a4435802512e4339
Clarified that #onSharedPreferenceChanged does not get called after
Editor#clear.
Bug: 117752822
Test: atest cts/tests/tests/content/src/android/content/cts/SharedPreferencesTest.java#testSharedPrefsChangeListenerIsCalledOnCommit
Test: atest cts/tests/tests/content/src/android/content/cts/SharedPreferencesTest.java#testSharedPrefsChangeListenerIsCalledOnApply
Change-Id: I6fd33d13ae706882131dafdfe0d095f9b48a1744
This change adds the new atomic install system API to
PackageInstaller and plumbs it through to PackageManager. It also
adds support for committing multiple sessions via command line.
Bug: 109941548
Test: Manually install 2 apps from command line
Change-Id: I71d77026a55a40c76925e55e6956fb76efe16224
It's still full of TODOs, but at leats it now provides an end-to-end
workflow from the activity creation / destruction to the service implementation.
Test: mmm -j packages/experimental/FillService && \
adb install -r ${OUT}/data/app/FillService/FillService.apk && \
adb shell settings put secure intel_service foo.bar.fill/.AiaiService
Bug: 111276913
Change-Id: Id5daf7b8b51e97c74d9b6ec00f953ddb02b48e46
* changes:
Update USB tests for ADB split
Move AdbDebuggingManager to AdbService
AdbService: move source of truth for enabled
Add empty AdbHandler
Add systemReady call for AdbService
Add function to query ADB state
Register USB as an ADB transport type
Add ADB transport skeleton
Add empty AdbManagerInternal for system server
Add empty AdbService to SystemServer
Move ADB debugging manager to core
Rename to AdbDebuggingManager
Move UsbDebuggingManager to new package
The docuemntation of setTo states that the resources two styles from
different AssetManagers have in common will be set in the destination
theme. This change adds this functionality. The package ids of the
attributes, the package ids of reference values, and the cookie of
attribute values have to be rewritten to match the destination
AssetManager. This change can later be made more generic if rewriting
references between packages is needed elsewhere.
Bug: 115897657
Test: libandroidfw_tests and manual test of app specified in the bug
Change-Id: Iee999ea2cc8473168cac11aaf3c34e14c958e5ae
The new hidden app detail activity was being added to all packages being
installed, even static shared libraries, which may not have any
activities and which we do not want to surface to the user in launcher.
Change-Id: I80e7d379abed04f2464d1dc7e8b75456e43063f4
Fixes: 118145903
Test: atest android.os.cts.StaticSharedLibsHostTests
Create skeleton service to migrate functions from UsbService in later
change.
Bug: 63820489
Test: make
Change-Id: I07672fe87cfae188fe77c173fc49119e182c6b05
API refactoring:
- Replace Font.getWeight()/getSlant() with Font.getStyle().
- Change Typeface.CustomFallbackBuilder.setItalic() to setSlant()
Implementation refactoring:
- Add hidden builder API for asset manager with cookie. The cookie is
internal, so hide the API as well.
- Replace createFromResources with Typeface.Builder
- Reimplement Typeface.Builder with Typeface.CustomFallbackBuilder
Ground work for b/114479228
- Keep list of FontFamily in the Typeface.
Bug: 114479228
Test: atest CtsTestCases
Test: atest CtsGraphicsTestCases
Test: atest CtsWidgetTestCases
Change-Id: Ifaaa58ddea147644a93158aa075394c2f645617c
Bug: 117841084
Test: atest CtsAtraceHostTestCases:AtraceHostTest
Allow apps to opt-in to important profiling features (systrace, binder
tracing), without requiring debuggable=true. Debuggable has
significant performance overhead, and is undesirable for profiling.
Profileable is set to true when debuggable is true.
Change-Id: I16aaa7bc60dee4b1b262e169ac285759d57d8198
To support teamfooding of the new storage privacy features coming
in Q, we need apps to request new AUDIO/VIDEO/IMAGES permissions, but
most of those apps are prebuilts that won't land updates until
several months in the future.
So add system properties so teamfooders can "force" apps to request
these permissions, making them work on Q builds. Only takes effect
when isolated feature is enabled, and guarded with STOPSHIP to ensure
we remove it.
Here's a typical set of commands to use with this CL:
adb shell setprop persist.fw.force_legacy 1
- or -
adb shell setprop persist.fw.force_audio com.google.android.music
adb shell setprop persist.fw.force_video com.google.android.apps.photos
adb shell setprop persist.fw.force_images com.google.android.apps.photos,com.google.android.apps.messaging
- then -
adb shell setprop persist.sys.isolated_storage 1
adb reboot
Bug: 118504670
Test: manual
Change-Id: I631819648334994255256b6046bb4c8aec07ce3a
A role is a unique name within the system associated with certain
privileges. There can be multiple applications qualifying for a role,
but only a subset of them can become role holders. To qualify for a
role, an application must meet certain requirements, including
defining certain components in its manifest. Then the application will
need user consent to become the role holder.
Upon becoming a role holder, the application may be granted certain
privileges that are role specific. When an application loses its role,
these privileges will also be revoked.
Bug: 110557011
Test: build
Change-Id: Icd453a3b032857a8fd157048de8b9609f04e28b8
As part of the storage changes in Q, we're removing the ability for
apps to directly access storage devices like /sdcard/. (Instead,
they'll need to go through ContentResolver.openFileDescriptor() to
gain access.) However, in several places we're returning raw
filesystem paths in the "_data" column. An initial attempt to simply
redact these with "/dev/null" shows that many popular apps are
depending on these paths, and become non-functional.
So we need to somehow return "_data" paths that apps can manually
open. We explored tricks like /proc/self/fd/ and FUSE, but neither
of those are feasible. Instead, we've created a cursor that returns
paths of this form:
/mnt/content/media/audio/12
And we then hook Libcore.os to intercept open() syscalls made by
Java code and redirect these to CR.openFileDescriptor() with Uris
like this:
content://media/audio/12
This appears to be enough to keep most popular apps working! Note
that it doesn't support apps that try opening the returned paths
from native code, which we'll hopefully be solving via direct
developer outreach.
Since this feature is a bit risky, it's guarded with a feature flag
that's disabled by default; a future CL will actually enable it,
offering a simple CL to revert in the case of trouble.
Bug: 111268862, 111960973
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: Ied15e62b46852aef73725f63d7648da390c4e03e
Instead of maintaining local copy of all appIds and sandboxIds,
StorageManagerService will just get required packages info
from PackageManagerService when an user starts and passes it
to vold.
Bug: 117988901
Test: manual
Change-Id: Ib7411645bd0c5e2801bc998d92fda00bceb9c258
- Create a check file for each database in order to detect
1) an unexpected DB file removal
2) DB wipe caused by a DB corruption.
- Either case, do a WTF to collect information on APR.
- Also print file timestamps in "dumpsys dbinfo". Example:
=====================
Database files in /data/system:
locksettings.db 20480b ctime=2018-10-23T22:48:35Z mtime=2018-10-23T22:48:35Z atime=2018-10-23T18:54:12Z
locksettings.db-wipecheck 0b ctime=2018-10-23T18:54:12Z mtime=2018-10-23T18:54:12Z atime=2018-10-23T18:54:12Z
notification_log.db 45056b ctime=2018-10-23T22:48:08Z mtime=2018-10-23T22:48:08Z atime=2018-10-23T18:54:13Z
:
=====================
Change-Id: I77fbeb0bb635c787aba797412f116475fecbe41c
Fixes: 117886381
Test: manual test
Test 1: corruption
1. Stop CP2 process (adb shell killall android.process.acore)
2. shell 'echo abc > /data/user/0/com.android.providers.contacts/databases/contacts2.db'
3. Launch the contacts app.
Test 2: Unexpected file removal
1. Stop CP2 process (adb shell killall android.process.acore)
2. shell 'rm -f /data/user/0/com.android.providers.contacts/databases/contacts2.db'
3. Launch the contacts app.
In both cases, logcat shows a client side stacktrace and also a WTF. (am_wtf)
Process BOOT_COMPLETED on this new queue
Change-Id: I14e7e7cc42f02b38a9becb47f7913684f55979fa
Test: boot device, dumpsys activity broadcasts
Bug: 111368744
ContentProvider has a getCallingPackage() method, which verifies
the remote package name against the current Binder identity. When a
provider wants to clear that IPC identity, they need to clear both
the Binder state and the ContentProvider.getCallingPackage() state
together, so add methods to facilitate that.
Also fix subtle bug so we don't try translating relative paths.
Bug: 117627072
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: Ifa3e1f745334abf625fdcc314b308a047c49ce73
This intent is used by the Permissions Hub.
We also give PermissionController the GET_APP_OPS_STATS permission.
Bug: 63532550
Test: Used the Permissions Hub.
Change-Id: If1254f67c12fc5052d6ad5ff8260778a7c59dccc
Obtaining a thumbnail for a Uri requires opening it with the slightly
obscure openTypedAssetFileDescriptor(), passing in "image/*" with the
right Bundle of EXTRA_SIZE to hint the target area on screen, and
defensively scaling any returned results.
This is pretty tedious to get right, so offer a convenience method
that does all this for the developer. Internally uses ImageDecoder
to follow best-practices, and replaces older getDocumentThumbnail()
implementation by delegating to this one.
A future CL will teach ImageDecoder about how to read any embedded
EXIF thumbnails, including any required rotation.
Bug: 111268862
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Change-Id: I5c9c09ddf9b480f3b5c6ade0a078cccb68de2f2b
