Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Change-Id: Id0e63ae4a7be578d1e93838b371320f86a787e0e
Bug: 138422309
This reverts commit 390d9e6a18.
Reason for revert: crashes documented in b/138422309
Change-Id: I235f727d0fe87c09f6f05dddcae7759bab64dfd8
Previously, the Cleaner we create to close the ashmem file descriptor
used a thunk that held a strong reference to the FileDescriptor we
wanted to clean up, which prevented the Cleaner from ever running.
Break the cycle by storing the integer value of the file descriptor
instead.
Bug: http://b/138323667
Test: treehugger
Change-Id: I613a7d035892032f9567d59acb04672957c96011
(cherry picked from commit 6ca916a657)
In Q, these APIs were either:
- removed from the greylist entirely without good reason
- Moved to the restricted greylist without any public alternative
information added
So they are being moved back to the greylist for Q.
Test: Treehugger
Bug: 136102585
Change-Id: I5ac8b8b9b23c3789d80239cf456072cc7dfa1203
This changes RescueParty to call vold over binder directly for
Checkpointing related calls. It turns out that if the system is in a bad
enough state, the other method would not work, as some of the services
required would not be running.
Bug: 135558798
Test: setprop persist.sys.enable_rescue 1
setprop debug.crash_system 1 or setprop debug.crash_sysui 1
vdc checkpoint startCheckpoint 3
stop
start
Device should go through the rescueparty flow, and reboot.
Repeat without checkpoint. Device should prompt reboot.
Change-Id: I8b11d68075cc291e9557d524bc87b54d17b370e4
Previously, there's only one Game Driver existed in the system, so we process
sphal libraries in GPU service to save the launch time for loading Game Driver.
Now we need to support a separate prerelease driver, so we have to move the
processing back to app launch time.
Bug: 134881329
Test: Manual test with prerelease driver and Settings UI.
Change-Id: Ic1bb412a6a026c68f55243c906bd56fe1fee44c3
This patch partially reversts ag/6991475 and ag/7161709. These changes
are no longer needed due to a change in the graphics driver strategy for
Q.
In addition, the preloading of the graphics driver in the USAPs need to
be removed to avoid causing a memory regression on devices with graphics
driver preloading in the Zygote disabled.
Bug: 134526352
Test: Treehugger
Change-Id: I570037866d1ae90794c711622e6045ebbffa5b9c
Merged-In: I570037866d1ae90794c711622e6045ebbffa5b9c
(cherry picked from commit fcd68fd74b)
Earlier, this API only used to consider op_legacy_storage
appop to decide whether an app will get legacy storage view
or not but there are few other factors it needs to consider
like whether the app has WRITE_MEDIA_STORAGE permission or
whether app was allowed to be an installer in which case it
will get legacy access.
Bug: 132760141
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I227a171bf40e43e135e1a6dbc819cfad21d91520
It's possible that the Ringtone URIs will be pre-canonicalized, which
don't maintain equality when compared to uncanonicalized URIs. In order
to handle this case, we just need to uncanonicalize both URIs before
comparing.
Fixes: 134394754
Test: manual, verified audio-coupled haptics works again on B1C1
Change-Id: I2e216db1013d5bc0db0a1622e0670853663f0db8
Bug: 133515802
Test: Verified that malloc debug can be enabled on a USAP enabled device.
(cherry picked from commit 86bd25d5ed)
Change-Id: I5f25030ce8e667d175712796c0950f38baa2532d
Merged-In: I5f25030ce8e667d175712796c0950f38baa2532d
An app opting in to "profileable" does not mean we should
allow it to load ANGLE libraries from the debug package.
Bug: 128637647
Test: atest CtsGpuToolsHostTestCases
Change-Id: I5c6ea33a1e1624e006bc4865bc0a06ea92d9d806
This reverts commit 3832aa9906.
Loading layers for apps that have opted for "profileable" breaks
the Android security model. They have only consented to exposing
profiling information, not exposing data under its control. Layers
have access to everything in the API calls.
Bug: 128637647
Test: atest CtsGpuToolsHostTestCases
Change-Id: I5aed181c3cec616c3ce98a1a30287b30f190ba9b
StatsService to update UID data and overflows kernel transfer buffer.
In this case, the IPC call silently fails. The issue was discovered in Android Automotive Embedded use case that employs multiuser setup. This causes more uid data being sent via one-way StatsCompanionService::informAllUidData call than usual and can trigger the issue. As the result, uid map on statsd side is empty and many metrics are not captured.
Bug: b/132444397
Fixes: b/132444397
Test: Did a clean build of master branch and flashed the device. adb
shell cmd stats print-uid-map returned without any result. Repeated the
steps after implementing the fix, print-uid-map returns the results now.
Change-Id: I1451c13b36696449c145c51618c68d10e29a596a
Stores experiment ids to disk for watchdog rollback initiate/success
events as discussed.
Test: gts in topic
Bug: 131768455
Change-Id: I32768fe5c5c21c43811e25d8f87faae0c8d82c1f
StorageManagerService needs to trigger update of storage mountpoints
when an app gets storage access, so update AppOpsService to notify
StorageManagerService synchronously when storage related app ops change.
Also, when an app gets REQUEST_INSTALL_PACKAGES appop denied, kill the
app.
Bug: 132466536
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I130dde1bcffea6c96e5d8c173055737850af6151
USAP improve app startup by ~5ms, so enable it for the
jitzygote experiment.
Bug: 119800099
Test: boots and usap processes live
Change-Id: I918d81f56cc7e9fcc8a053feadd7878108e6d590
This is @hide for Q now that we're past API freeze, and will be
@SystemApi in master.
Bug: 126700920
Bug: 126701153
Bug: 130351719
Test: bit GtsIncidentConfirmationTestCases
Test: bit GtsIncidentManagerTestCases
Change-Id: Iac6a058017a86c1927502c529e5a7f3881eb56a7
This prevents any object data from being accidentally overwritten by the
exception, which could cause unexpected malformed objects to be sent
across the transaction.
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
Fixes: 34175893
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
Similar to how we target DE and CE storage areas, callers need to
specifically ask to work with EXTERNAL storage. This is because
external storage often lives on a separate device from where internal
DE and CE data lives.
As one specific example, if we're moving an app between two
"internal" storage devices, we don't want to clean up the data
for that package on external storage, since it's not being moved.
This change also expands to all mounted external storage devices,
not just the storage backed by the incoming UUID.
Bug: 113277754
Test: atest android.appsecurity.cts.StorageHostTest
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Test: atest --test-mapping frameworks/base/services/core/java/com/android/server/pm/
Change-Id: Ie125303726dd757ee45bd373f53addb35569c2f7
This reverts commit 60c71cee6e.
Reason for revert: Rolling forward for Q-Finalization
Bug: 131429032
Bug: 129975435
Change-Id: Idd812d93b767d8a672b9ada58c8bcc2441395847
The ACCESS_MEDIA_LOCATION and WRITE_OBB permissions will always be
available.
Bug: 112545973
Fixes: 132226317
Test: presubmit
Change-Id: Ie61eba427b48f347438522bc11cfa748ad5ba1f1
