Add a new MANAGE_IPSEC_TUNNELS permission and
protect all IPsec Tunnel mode APIs with it.
This permission is only granted to the system or
through an AppOp.
Bug: 66955045
Test: compilation
Change-Id: I0f618373b500c493ef2211bece681f74652a1833
Changed the existing hidden api setPackagesSuspendedAsUser to a system
api setPackagesSuspended that can be called by apps with either
MANAGE_USERS or SUSPEND_APPS permission. Additionally, the suspending
app can now specify optional extra information meant to be used by the
suspended apps and the launcher to deal with this state.
The following other APIs are added:
- isPackageSuspended(): Apps can query whether they are in a suspended
state
- @SystemApi getPackageSuspendedAppExtras(String): Apps with permission
SUSPEND_APPS can get the appExtras passed to PM when suspending the
app.
- @SystemApi setPackageSuspendedAppExtras(String, PersistableBundle):
Apps with permission SUSPEND_APPS can update app extras for a
suspended package.
- getPackageSuspendedAppExtras(): Apps can call to get the appExtras
passed in to PM when they were suspended.
Test: Can be run via:
atest com.android.server.pm.PackageManagerSettingsTests
atest com.android.server.pm.PackageUserStateTest
atest com.android.server.pm.SuspendPackagesTest
Bug: 74336673
Change-Id: I3b9ed2c8478b34ee2e8986f5f5fddb2839d102e3
It will be removed before the final P build.
Test: atest FrameworksServicesTests:AutofillManagerServiceTest CtsAutoFillServiceTestCases
Fixes: 74445943
Change-Id: I9bc243a3c1ae78f2c385dbb907d362d8ab16b34c
Bug: 73788969
Test: I501e8b76aacd785cb994165ab01dc1b39fea3a1c
Move them into ImageDecoder.DecodeException, which is where they are
actually used. This also provides some more context, so that the prefix
"ERROR_" is no longer necessary, fixing the redundancy/awkwardness in
ERROR_SOURCE_ERROR. Further rename that to SOURCE_MALFORMED_DATA, which
is more descriptive, and does not imply a Java Error.
Change-Id: Ied17ad343650f9c33d9a35b0f9d00ccc22264bd6
The other methods expose raw key materials, which is a security flaw. This
new API is already being used by GMSCore, via reflection (although falling
back to the old methods if it is not available). Would be good to switch it
on ASAP.
Bug: 74345822
Test: Tested with GMSCore
Change-Id: I30d53c9e825888d1122c72d23b7c1c10c6edb1e9
This is so we can add a GTS test to affirm that GMS devices include the
Google Cloud Key Vault root certificate.
Test: runtest frameworks-core -p android.security.keystore.recovery
Bug: 74621045
Change-Id: Ib6431f5739f3dff066832e6aa300dd9da5bc0727
The syntax of that setting changed from P Developer Preview1 to the final P, so
it's safer to use a new name than risk breaking devices during the update.
Bug: 74458004
Test: atest CtsAutoFillServiceTestCases:VirtualContainerActivityCompatModeTest\
FrameworksCoreTests:SettingsBackupTest
Change-Id: I1c507e8eae20f598dfe259178667ae6c2bc892ff
Add a new AppOp to allow bound system services
such as TelephonyDataServices and potentially
VPN providers to access the IPsec tunnel
management APIs. Since this is not directly
user-facing, and not all System apps should have
this privilege, the access is only granted via
an AppOp or to the system itself.
Bug: 66955045
Test: compilation (still WIP)
Change-Id: I0b0528c75c622d8538baeec019c3672cbed5d899
