If isDeviceLocked is called with clearCallingIdentity,
original userId should be explicitly passed
Bug: 67621847
Test: Manual
Change-Id: I2bcb92572898811cc96bda1149ef806e6239e929
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.
Test: builds, boots
Bug: 32990341, 32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.
Test: builds, boots
Bug: 32990341, 32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
Clipboard should not return data if the device is locked. This CL checks
for device locked state before returning values from get/has functions.
Bug: 64934810
Change-Id: I856a9079fe64db0af44383fae1a9a418de959420
Merged-In: Icefac226615fe22a7735dff4ba4c3b528fb2ac12
Any app with permission WRITE_SYNC_SETTINGS could write sync settings
for authorities or accounts that are not valid. This results in invalid
data being persisted to disk which can effectively lead to a DOS style
attack. Clearing such entries on boot will make sure that a reboot fixes
any such issues.
Test: cts-tradefed run cts-dev -m CtsSyncContentHostTestCases
Bug: 35028827
Change-Id: I9e206a42508e3cba65d7523bf47fff743f47dcb2
Merged-In: I9e206a42508e3cba65d7523bf47fff743f47dcb2
(cherry picked from commit 042a478b73)
Bug: 62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Prevent apps to change permission protection level to dangerous
from any other type as this would allow a privilege escalation
where an app adds a normal permission in other app's group and
then redefines it as dangerous leading to the group auto-grant.
Test: Added a CTS test which passes.
Bug: 33860747
Change-Id: I4e86ee54e61d2fa45be601fae577986ef9a84673
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug: 33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit 7ff418d9a9)
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug: 33019296, 32990341, 32879915, 32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug: 33019296, 32990341, 32879915, 32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug 30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Previously we only re-evaluate provisioning for SIM swap case
The new logic covers both SIM swap case
(ABSENT->NOT_READY->UNKNOWN->READY->LOADED) and modem reset
case (NOT_READY->READY->LOADED)
Test: Manual
bug: 33815946
Change-Id: I9960123605b10d3fa5f3584c6c8b70b616acd6f8
