The path-permission element offers prefix or regex style matching of
paths, but most providers internally use UriMatcher to decide what
to do with an incoming Uri.
This causes trouble because UriMatcher uses Uri.getPathSegments(),
which quietly ignores "empty" paths. Consider this example:
<path-permission android:pathPrefix="/private" ... />
uriMatcher.addURI("com.example", "/private", CODE_PRIVATE);
content://com.example//private
The Uri above will pass the security check, since it's not
technically a prefix match. But the UriMatcher will then match it
as CODE_PRIVATE, since it ignores the "//" zero-length path.
Since we can't safely change the behavior of either path-permission
or UriMatcher, we're left with recovering these shady paths by
trimming away zero-length paths.
Bug: 112555574
Test: atest android.appsecurity.cts.AppSecurityTests
Test: atest FrameworksCoreTests:android.content.ContentProviderTest
Change-Id: Ibadbfa4fc904ec54780c8102958735b03293fb9a
The CL deprecates the old constructor for Magnifier instances in favor
of the usage of builder Magnifier#Builder.
Bug: 116116502
Test: atest CtsWidgetTestCases:android.widget.cts.MagnifierTest
Change-Id: I3daa9f066c77144e9d5c62bc666ecd37041f4bbb
resolveColor() now considers that black backgrounds should have
monochromatic icons. Ambient style is an exception because we
do want colors in there.
Change-Id: Ia21202bb354babb77013feda67c313323ec1e070
Fixes: 115887386
Test: visual
We're trying to reduce unnecessary direct dependencies on Conscrypt.
These two methods are simple and the implementations can't change, so
they're good candidates for inlining directly instead of depending on
the Conscrypt implementation.
Bug: 110404540
Test: atest NetworkSecurityConfigTests (same failures pre/post)
Change-Id: I303d955e3f49885326fe75f451c06a52af745053
PooledRunnable has a nice optional method recycleOnUse(), which can be
used if the Runnable is guaranteed to be executed at most once.
By calling this method, PooledRunnable instance will be auto-recycled
into the internal object pool once it's executed.
Test: presubmit
Change-Id: I6ff341be5d0abddba8134489950be0b7c1affcbb
As its JavaDoc says, in most of cases PooledLambda.obtainMessage() is
a better choice than PooledLambda.obtainRunnable().
If PooledLambda.obtainRunnable() is really necessary, let's make sure
to call recycleOnUse() whenever possible.
Test: presubmit
Change-Id: I3dbe500f49c0df187f2ffefd11c71836696dfd4e
Introduced the process config and adjusted mergedconfiguration
related calls. Such that we can override configuration for a process
when need to.
The potential use cases include:
1. Maintain process window bounds for the latest activity to override
the display info for legacy apps;
2. Override the display info for IME process to make sure the IME can be
shown with the correct display metrics.
ActivityManagerService:
- Use process configuration instead of the global configuration when
it's for app.
ActivityStackSupervisor:
- Use process configuration when start activity.
WindowProcessController:
- Make it a ConfigurationContainer.
ActivityTaskManagerService:
- Add interface to get configuration for a process. If the process is a
system process or non-existing process, return the global
configuration.
- Return device configuration related to the process.
- Propagate configuration updates from Global to Process.
ActivityTaskManagerInternal:
- API to update configuration for IME process.
WindowManagerService/WindowManagerInternal:
- Propagate the process configuration change to wm.
WindowState:
- Use process configuration instead of global.
Test: go/wm-smoke
Test: servicestests will remain the same result as without this patch.
Bug: 113253755
Change-Id: I3660723352d2e8779d40528ae92d71f59ddbf1f1
All future biometrics share the same USE_BIOMETRIC permission.
Bug: 116340012
Test: BiometricPromptDemo works
Change-Id: I6e5af4d6dc1b467e67957c0aec90f6c0a67028a7
Fixes: 112570477
Test: BiometricPromptDemo works
Test: Able to get/use BiometricManager
Test: Tested with enrolled and non-enrolled biometrics
Change-Id: I26231894eccc87c42b5b3007aa0b7c6f09830452
Synced with alanv@ that doc weren't federated against AndroidX yet, use
this v7 reference until they migrate the docs to AndroidX.
Test: m -j offline-sdk-docs
Bug: b/116163454
Change-Id: Ib5167c4815708d159945ce6db239f8debdf8f865
With this CL, no one in the Framework is using
InputMethodManager#getInstance() directly or indirectly. It is time
to mark this method deprecated.
For applications that still call InputMethodManager#getInstance()
directly or indirectly via reflection, they will start seeing warnings
with stacktrace in logcat.
Except for that explict warnings in logcat, there is no behavior
change in this CL. Added a new test to make sure that
InputMethodManager#getInstance() and InputMethodManager#peekInstance()
are still working in a way we expected for such applications.
Fix: 115891476
Test: atest FrameworksCoreTests:android.view.inputmethod.InputMethodManagerTest
Test: atest CtsInputMethodTestCases CtsInputMethodServiceHostTestCases
Change-Id: Ib393086d921f91993395b5f0007b725a5db7bf22
FillCallback.onFailure() was not working as intented - it finished the session
on AutofillManagerService, but didn't update the client state on
AutofillManager.
And both of these methods were displaying Toasts to the user, which is something
the autofill services could take care of. Hence, for services target with SDK
Q, the message is ignored.
Also added a new Autofill Metric: FIELD_AUTOFILL_MESSAGE_LEN
Test: atest CtsAutoFillServiceTestCases:android.autofillservice.cts.LoginActivityTest#testAutofillAgainAfterOnFailure
Test: atest CtsAutoFillServiceTestCases # to make sure it didn't break anything
Test: time mmm -j frameworks/base/:doc-comment-check-docs
Test: m -j update-api
Bug: 112192360
Fixes: 116103297
Change-Id: I499909200980943dedf1fc8524dd1f14b49e2158
This is in preparation for BiometricManager. Each Manager should have its
own Service.
Bug: 112570477
Test: BiometricPromptDemo works
Change-Id: Ibbbd499a0fd5a2050b329ee038776c6c9f49cdb2
Allow VPN apps to lookup the UID owner of a network connection.
Requires specifying the:
- IP address and port for both the source and destination of a TCP
connection.
- IP address and port for either source and destination or just
source for a UDP connection.
Only TCP and UDP protocols are supported. Only connections for UIDs
that apply to the calling VPN app will be resolved. This is intended
to replace direct app access to /proc/net/{tcp,tcp6,udp,udp6}.
The implementation uses netlink inet_diag sockets[1] to perform
the lookup on TCP sockets as well as UDP sockets when supported
(kernel has CONFIG_INET_UDP_DIAG=y).
[1] http://man7.org/linux/man-pages/man7/sock_diag.7.html
Bug: 9496886
Bug: 109758967
Test: atest HostsideVpnTests
Test: atest InetDiagSocketTest on Taimen with CONFIG_INET_UDP_DIAG
and on Sailfish without CONFIG_INET_UDP_DIAG.
Change-Id: I2bbc7072dd091e2e653dadf6dc05024c04180f34
