For some markets we have to allow the user to review permissions
for legacy apps at runtime despite them not supporting the new
permission model. This is achieved by showing a review UI before
launching any app component. If an update is installed the user
should see a permission review UI for the newly requested
permissions.
To allow distinguishing which permissions need a review we set
a special flag in the permission flags that a review is required.
This flag is set if a runtime permission is granted to a legacy
app and the system does not launch any app components until this
flag is cleared. Since install permissions are shared across all
users the dangerous permissions for legacy apps in review mode
are represented as always granted runtime permissions since the
reivew requirement is on a per user basis.
Whether the build supports permission review for legacy apps is
determined by a build constant allowing us to compile away the
unnecessary code for markets that do not require a permissions
review.
If an app launches an activity in another app that has some
permissions needing review, we launch the permissions review
UI and pass it a pending intent to launch the activity after
the review is completed.
If an app sends a broadcast to another app that has some permissions
needing review, we do not deliver the broadcast and if the sending
app is in the foreground plus the broadcast is explicit (has a
component) we launch the review UI giving it a pending intent to
send the broadcast after the review is completed.
If an app starts a service in another app that has some permissions
needing review, we do not start the service and if the calling app
is in the foreground we launch the review UI and pass it a pending
intent to start the service after the review is completed.
If an app binds to a service in another app that has some permissions
needing review, we schedule the binding but do not spin the target
service's process and we launch the review UI and pass it a callback
to invoke after the review is completed which spins the service
process and completes the binding.
If an app requests a content provider in another app that has some
permissions needing review we do not return the provider and if
the calling app is in the foreground we show the review UI.
Change-Id: I550f5ff6cadc46a98a1d1a7b8415eca551203acf
Minimally deform CopyService such that we can listen
to the completion of operations in the test.
Add test coverage.
Add equals and hashcode to DocumentInfo...so we can compare
the heck out of 'em. + a test.
WIP: Expose (@hide style) DocumentsProvider.isChildDocument via
DocumentsContract. Use that to check for recusive copies.
Bug: 25794511
Change-Id: I05bb329eb10b43540c6806d634e5b96a753e8178
This is a plumbing CL from IMMS to IMS to notify when the current input
method subtype is changed. Those events are supposed to be used to
change physical keyboard layout depending on input method subtype, which
is to be implemented in subsequent CLs.
Bug: 25753054
Change-Id: I58e71ffce9ac9131551a00dd35e24235dadfef87
Previously the notification header had a seperate implementation
in SystemUI from which the platform implementation was derived.
Now that everything is in the framework, we’re migrating the
implementation for notification groups.ß
Change-Id: Ia61a75bd6c85e1805d4364a9e7e4587a020c1271
In order to ensure reusability and separate inflation,
the expand touch listener is now moved to its view.
Change-Id: I363fc4ae2c68833dc9f1258398ec9ad3bf44dc7f
If an image was present, the first line of the
Inbox style could run into the image. This Is fixed
now.
Change-Id: I60ee22166a2dc1d2de2f1fe311effc419a95748d
If there is an image instead of applying the same
margin everywhere, the text now floats around the
image.
Change-Id: I87f9ca9f51fb270b0732a99374544381bd1fc4e0
The padding was off in a few cases and the layout
was jumping when expanding when there were actions
Change-Id: Ia9a9ddbfd1c9a8104278a56ce6e1ef2a4ceafbe9
Now first the App name shrinks up to a minumum and then
the subtext shrinks. This way the expand button is always
visible.
Change-Id: Ibda8e9efbac7119cc31ce4c129be33a7a192f974
Most of the notification templates have been updated.
Some cases like media notifications don't yet work well
but will be fixed in a later CL.
Bug: 25376106
Change-Id: I26c366e58ebba3852cea20de6fca311bd302bb24
Use restrictions from mGuestRestrictions when creating a guest. Initially
phone calls, SMS and installing from unknown sources is not allowed.
Bug: 25904144
Bug: 25729516
Change-Id: I461c492ad64842d3707f73dfd83b533aa31b63ef
This allows for faster lookups of TrustAnchors when checking pin
overrides without needing to iterate over all certificates.
Currently only the system and user trusted certificate store are
optimized to avoid reading the entire source before doing the trust
anchor lookup, improvements to the resource source will come in a later
commit.
This also refactors System/UserCertificateSource to avoid code
duplication.
Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
Needed to support storage of SharedPreferences on both credential-
encrypted and device-encrypted storage paths.
Bug: 22358539
Change-Id: I576b696951b2a9de817d5be63d31b06f7e166a19
When the correct lock pattern is presented, ask the system to also
unlock credential-encrypted storage, if enabled. The token passed
along is empty for now, but can be wired up to gatekeeper in the
future.
During each system boot, ask vold to lock all users keys to give us
a known starting state. This also has the effect of chmod'ing away
any CE data when in emulation mode.
Define and send a new foreground broadcast when the CE storage is
unlocked for the first time. Add stronger last-ditch checking for
encryption-awareness before starting an app.
Bug: 22358539
Change-Id: Id1f1bece96a2b4e6f061214d565d51c7396ab521
We achieve the removal by notifying System UI about the visibility of
the dock divider. This way System UI can change visibility of the root
view, which in turn will cause the WMS to destroy or create the surface
as necessary.
Bug: 25844096
Bug: 25683717
Change-Id: Idbc33368db697a059af49106dfadb80c3d7d06c1
Send AccessibilityEvents to all accessibility services
that request them. No longer refuse to send them to
services with the same feedback type.
Change-Id: I137905c24fc75c075ab938175ecb6ea5f39112cf
Previously we would check whether relayout was required and optionally
invalidate; however, with partial layout we leave this work for the
makeNewLayout() method. We still need to manually invalidate, though,
since makeNewLayout() does not handle invalidation.
Bug: 25857300
Change-Id: I81ef9062c9fb4964d5e42a3562e6c782492ad65f
Bug 25375640
When popping multiple back stacks or replacing multiple times
within a transaction, the wrong fragment could have been
chosen. This normally occured when one of the Fragments had
a null Transition.
Change-Id: Ic2c842d9228ee7d26bf067016cb3f307bdf92991
Bug 23688972
An incoming fragment that is going to execute a transition may
need to have a context in order to load the transition. This
CL moves the state of incoming fragments to CREATED prior to
getting their Transitions.
Change-Id: I08b8cda479f7542fb326aa4f0f62a07ccc5662b0
