A security leak was discovered whereby a malicious app could get the
IActivityContainer object from one app and use it to inject events
into another app. This fix removes the availability of the
IActivityContainer and replaces its one use with a method for
returning the information the IActivityContainer was used for.
Fixes bug 19394591.
Change-Id: Ib3cec25b25130cd8e098892c057742cfd575cfdd
The current heuristics depend on devices being alive at midnight+ in
order to run periodic background fstrim operations. This unfortunately
means that people who routinely turn their devices off overnight wind
up with their devices *never* running fstrim, and this causes major
performance and disk-life problems.
We now backstop this very-friendly schedule with an increasingly
aggressive one. If the device goes a defined time without a background
fstrim, we then force the fstrim at the next reboot. Once the
device hits the midnight+ idle fstrim request time, then we already
aggressively attempt to fstrim at the first available moment
thereafter, even if it's days/weeks later without a reboot.
'Available' here means charging + device idle. If the device never
becomes idle then we can't do much without rendering an in-use device
inoperable for some number of minutes -- but we have no evidence of
devices ever failing to run fstrim due to this usage pattern.
A new Settings.Global element (type 'long', called
"fstrim_mandatory_interval") is the source of the backstop time. If
this element is zero or negative, no mandatory boot-time fstrim will
ever be performed. If the element is not supplied on a given device,
the default backstop is 3 days.
Adds a new string to display in the upgrading dialog when doing
the fstrim. Note it is too late for this to be localized, but since
this operation can take a long time it is probably better to have
it show *something* even if not localized, rather than just sit there.
Bug 18486922
Change-Id: I5b265ca0a65570fb8931251aa1ac37b530635a2c
TimePickerSpinnerDelegate doesn't need to deal with input when running
inside LayoutLib. So, we just return the keycodes as if it's running in
English locale.
Bug: http://b.android.com/79189
Change-Id: Ife0ae91a1e34a8dac379bc1dda1c1c8ed461c164
There was a window of time in Lollipop where we persisted certificates
after they had passed through a decode/encode cycle. The well-written
OpenSSL library was liberal when decoding (allowing slightly malformed
certs to be parsed), but then strict when encoding, giving us
different bytes for effectively the same certificate.
A related libcore change (0c990ab4a90b8a5492a67b2b728ac9a4a1ccfa1b)
now returns the original bytes verbatim, fixing both pre-Lollipop
installs and installs after that change.
This change recovers any apps that had been installed during the
window of time described above by doing a one-time check to see if
the certs are effectively equal.
Bug: 18228011
Change-Id: Ib82bd6db718d0490d7a26c9c1014b7c8457a7f2d
The choice of Action Bar layout depends on the theme. This also affects
the widget used to render the Action Bar.
Bug: http://b.android.com/77853
Change-Id: I6219a02853b4cd207a6125a5ed96fa5d16699460
Updating the accessibility layer behavior to reflect the new
model where accessibility no longer overrides strong encryption.
Now enabling an accessibility service lowers the encryption
level but the user can bump it up in settings if desired.
bug:17881324
Change-Id: Ic60d760c267d3f934040a42e1963b179bd8b9f5f
To clarify that BluetoothLeAdvertiser object will return null
when BT is off OR if the hw doesn't support these capabilities
bug: 18006072
Change-Id: I635d7971711a3cae7c58f7a0636faf9a03f19970
Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
When restoring hundreds of apps on low-DPI devices, we end up sending
icon Bitmaps inline in the response instead of splitting into ashmem
regions. To avoid triggering TransactionTooLargeException, switch to
using ParceledListSlice under the hood.
Bug: 17926122
Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9
We used to set this from LoadedApk.getClassLoader. This had
the unfortunate side effect of clobbering the threads default
classloader when Context.createPackageContext().getClassLoader()
was called. This happens, for example, to every app that uses
a updatable webview.
bug: 17986934
Change-Id: If2b5938a19f836ea5fe60c94ea53a7125c2098c0
The system should always be using new startActivityAsCaller() when
starting activities on behalf of someone else, to ensure that
security checks are enforced as the original caller.
Bug: 17983737
Change-Id: Ic40816a797cfdb13c0adb48b86ed4ed7d6aae8eb
This is a squashed commit of the following changes:
1. Order apps by priority when performing boot dexopt.
(cherry picked from commit 65cde7d42d)
2. Improve priority ordering of apps when performing boot dexopt.
Added core apps and updated system apps.
(cherry picked from commit 272bf3a274)
3. Stop boot dexopt when low on memory.
(cherry picked from commit 1d892dcb6b)
Bug: 17641843
Change-Id: Ie32f1c21047d3462aaf728f7633fecf647ba2b47
