Ia5b3f47b73c9feea924373268a4eee142f555091 introduced a bug where the targetSdk for android.permission.ACCESS_FINE_LOCATION and android.permission.ACCESS_COARSE_LOCATION was set to 28 instead of Q (10000).
Test: CtsAppThatRequestsLocationPermission28.apk requests android.permission.ACCESS_COARSE_LOCATION and android.permission.ACCESS_BACKGROUND_LOCATION
Bug: 118882117
Bug: 111411340
Change-Id: I532379aa2c8a173a516d38e1c8568cff5dbaed33
Instead of defining split permissions in Java file, we now move them to XML allowing us define vendor specific split permissions.
Test: Activity recognition is split correctly and auto granted when below split targetSdk.
Bug: 111411340
Change-Id: Ia5b3f47b73c9feea924373268a4eee142f555091
Also remove the "Usb" from the AIDL function since it's not really
related to USB.
Test: make
Bug: 63820489
Change-Id: Ibf23964665a115a5bc835820dcff98aaf7ba610f
Also create a new MANAGE_ACCESSIBILITY permission to
perform the shortcut.
Bug: 116118615
Test: make, activate accessibility shortcut
Change-Id: Ic65a0cdf7393429e14cb98f4fb0734d20069b05a
This intent is used by the Permissions Hub.
We also give PermissionController the GET_APP_OPS_STATS permission.
Bug: 63532550
Test: Used the Permissions Hub.
Change-Id: If1254f67c12fc5052d6ad5ff8260778a7c59dccc
These two libraries:
android.hidl.base-V1.0-java
android.hidl.manager-V1.0-java
are being removed from BOOT_JARS. This change facilitates linking to them
for libraries or prebuilts in or before P.
Test: atest android.content.pm.AndroidHidlUpdaterTest
Bug: 77307025
Change-Id: Ic0db24cc68d66f5dbfab126ce7e304eec0bfc969
To implement Settings contextual card. We need this permission to
use CardContentProvider in Settings app.
Test: rebuild and flash ROM
Bug: 114521742
Change-Id: If729b2597a458c26c466e87dfa9b4ddc9c3ef948
android.test.* are built with java_sdk_library and api files are added
by running "make update-api".
android.test.base_static is created for allowing to use
android.test.base as a static library.
Bug:77577799
Test: make -j
Test: make checkapi
Test: make checkapi fails with a random change in the txt file
Test: adb shell cmd package list libraries |\
grep android.test.*
And check the android.test.* libraries
Merged-In: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
Change-Id: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
android.test.* are built with java_sdk_library and api files are added
by running "make update-api".
android.test.base_static is created for allowing to use
android.test.base as a static library.
Bug:77577799
Test: make -j
Test: make checkapi
Test: make checkapi fails with a random change in the txt file
Test: adb shell cmd package list libraries |\
grep android.test.*
And check the android.test.* libraries
Change-Id: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
There are some scenarios under which com.android.proxyhandler is
considered by the framework as never being launched (e.g. if a PAC proxy
is added after a long wait time after an upgrade), which makes all of
its network traffic to be blackholed, due to it being subjected to the
fw_standby firewall chain. Given that all of the outgoing packets from
this app are being dropped, whenever Chrome WebView (or most other apps)
uses a PAC proxy for its networking, it is completely unable to initiate
outgoing connections.
This change whitelists com.android.proxyhandler so that this does not
happen.
Bug: 110762695
Test: dumpsys usagestats' | grep proxy
...
package=com.android.proxyhandler u=0 bucket=5 reason=d ... idle=n
Change-Id: I9e4debc876cbdd2f6ba35928faff8c0beca77ae1
DMService has to use restricted network to do some upgrade form
carrier process. So it needs add
CONNECTIVITY_USE_RESTRICTED_NETWORKS permission since Android Q
is limited preinstalled app permissions.
Bug: 19610688
Test: atest frameworks/base/tests/net/java/android/net/
Change-Id: Ie06e73220b61a5bc09e648b49146c2b81707accc
The two components were mostly independant for a long time. Since
I1e80a3f5e63d02b3859ecf74af21ca4c61f96874 the installation flow does
not grant any permissions anymore and the last connection between these
parts was broken.
The new app "com.android.packageinstaller" in
frameworks/base/packages/PackageInstaller will only handle (side load)
package installtion and uninstallation.
The exisiting app will be renamed to "com.android.permissioncontroller"
and only handle permission granting and permission management.
This change does only minimal cleanup cleanup. In particularly it does
not move any files in the old permissions controller. This is to not
disturb other features currently in development.
This change set also updates the make files to install the two apps on
the appropriate devices.
Further the permisson policy xmls need to be updated to point to the
right packages.
Test: Installed + uninstalled packages
Granted permissions + managed permissions
GtsPackageInstallTestCases
GtsNoPermissionTestCases
GtsNoPermissionTestCases25
GtsPackageInstallerTapjackingTestCases
GtsPackageUninstallTestCases
Change-Id: I2d3796b837fc0049e712c82a990907f305c8febf
Since this permission protects system apis, this is required for
instrumentation tests.
Test: atest com.google.android.suspendapps.gts.SuspendPackagesTest
Bug: 79773970
Change-Id: Ib283018c50cc19c3958bd61e2d19befbf2805cc5
javax.obex is built with java_sdk_library and api files are added by
running "make update-api".
Remove java.obex is from platform.xml, since it will be generated
automatically by soong when the library is built with java_sdk_library.
Bug:77577799
Test: make -j
make checkapi
Change-Id: Ib94955e62582ffbdfc7eb88cd0e494c61757c7aa
org.apache.http.legacy is now built using java_sdk_library. Since the
share lib defintion file for the lib is automatically created and
installed, we don't need to have duplicated entry for the lib.
Bug: 77577799
Test: m -j
Test: adb shell cmd package list libraries shows an entry for
org.apache.http.legacy
Merged-In: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
Change-Id: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
(cherry picked from commit 49c0a86955)
org.apache.http.legacy is now built using java_sdk_library. Since the
share lib defintion file for the lib is automatically created and
installed, we don't need to have duplicated entry for the lib.
Bug: 77577799
Test: m -j
Test: adb shell cmd package list libraries shows an entry for
org.apache.http.legacy
Merged-In: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
Change-Id: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
(cherry picked from commit 49c0a86955)
APIs that return package usage data (such as the new StatsManager)
must ensure that callers hold both the PACKAGE_USAGE_STATS permission
and the OP_GET_USAGE_STATS app-op.
Add noteOp() method that can be called from native code.
Also add missing security checks on command interface.
Bug: 77662908, 78121728
Test: builds, boots
Change-Id: Ie0d51e4baaacd9d7d36ba0c587ec91a870b9df17
This is the "Emergency Info" screen available from the lock screen.
It requires the CALL_PRIVILEGED permission in order for it to be able to
place emergency calls. This can occur if a user adds an emergency number
to their emergency contacts.
Test: make checkbuild
Bug: 76086838
Merged-In: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
Change-Id: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
(cherry picked from commit cdc555f489)
This is the "Emergency Info" screen available from the lock screen.
It requires the CALL_PRIVILEGED permission in order for it to be able to
place emergency calls. This can occur if a user adds an emergency number
to their emergency contacts.
Test: make checkbuild
Bug: 76086838
Change-Id: I76e8318c5c05bbbbdf02d2c6951f742c3bd67ea6
This means that APKs signed with the platform cert are allowed to use
hidden APIs, even if they are not on the package whitelist, and if they are
not in the system image. It will also allow a number of packages to be
removed from the package whitelist.
Also remove all platform cert signed apps from the package whitelist, as
there is no longer any need for them to be in there.
Bug: 64382372
Test: device boots
Change-Id: Id805419918de51f946c1f592581bab36ae79de83
Now that Antons cleanup of all packages is complete, we can generate this
whitelist from those packages that specify
LOCAL_PRIVATE_PLATFORM_APIS := true
This is the resulting list of packages. This change also includes fixes to
the method; previously, packges that didn't specify any certificate may
have been exluded.
Test: Verify that device boots.
This is a cherry-pick of change I1f578322135274b80708d4bb7664f7732ac33cc7
from AOSP.
Bug: 64382372
Change-Id: Iada043cb85f9b3281893ed9a2828771b8f1ef045
- Fix issue with testFinishPipActivityWithTaskOverlay failing due to
new permission check in the system
Bug: 71716434
Test: atest CtsActivityManagerDeviceTestCases:ActivityManagerPinnedStackTests#testFinishPipActivityWithTaskOverlay
Change-Id: Ifbcd6c182d928f5aa5372d2db9fa71a142dc8474
Now that Antons cleanup of all packages is complete, we can generate this
whitelist from those packages that specify
LOCAL_PRIVATE_PLATFORM_APIS := true
This is the resulting list of packages. This change also includes fixes to
the method; previously, packges that didn't specify any certificate may
have been exluded.
Test: Verify that device boots.
Change-Id: I1f578322135274b80708d4bb7664f7732ac33cc7
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I16574374d2c233221cd1305f031f78aca1947f05
(cherry picked from commit 06c8a439f7)
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I16574374d2c233221cd1305f031f78aca1947f05
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: Ia77df2db78adf62a525f08549d71360924f1a3f6
Merged-In: I4c308d93d66391da2d3691eb45e5d7b1c1fdd582
(cherry picked from commit f7e625c19c)
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I4c308d93d66391da2d3691eb45e5d7b1c1fdd582
