We had accidental usages of the PermissionChecker for cases where no
private data was provided to the app but the checkPermission API on
the latter also did blame data access on the app. The PermissionChecker
was designed to handle IPC calls and not for generic API checks.
To avoid future accidental incorrect PermissionChecker usages this
change renames the existing APIs of the latter to clearly indicate
that they should be used for data delivery and also adds sibling
methods for doing the same permission checks for preflight purposes.
Also the documentation is improved to furhter assist developers.
In addition, this change fixes accidental permission checker usages
that blame when they should not by using the new preflight flavor
of the permission check APIs.
Test:
atest com.android.settingslib.location.RecentLocationAppsTest
atest CtsPermissionTestCases
added: LocationAccessCheckTest#notificationOnlyForAccessesSinceFeatureWasEnabled
added: LocationAccessCheckTest#noNotificationIfFeatureDisabled
added: LocationAccessCheckTest#noNotificationIfBlamerNotSystemOrLocationProvider
added: LocationAccessCheckTest#testOpeningLocationSettingsDoesNotTriggerAccess
bug:141028068
Merged-In: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
Change-Id: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
This commit is mainly from I7a6a30bf8e8db9f2738594d187bb9148f138b8da, so
test cases and features are mostly same.
We change product_services partition name to "system_ext" because this
partition's purpose changes.
- installing a RRO package for framework from /system_ext/overlay
- installing apps from /system_ext/app
- installing priv-apps from /system_ext/priv-app
- installing permissions from
/system_ext/etc/[default-permissions|permissions|sysconfig]
Bug: 134359158
Test: `mma` under frameworks/base/tests/[libs|privapp]-permissions
adb sync && adb reboot
adb shell cmd package list libraries
=> confirmed com.android.test.libs.system_ext library
adb shell cmd package dump \
com.android.framework.permission.privapp.tests.system_ext
=> confirmed that the package is a priv-app
Change-Id: Ibbccbba64156a7bc464ffb3785fb8fe69ebb973c
Merged-In: Ibbccbba64156a7bc464ffb3785fb8fe69ebb973c
(cherry picked from commit 9ec059ac1d)
1. If a previous version of an app doesn't declare internet permission;
2. The User upgraded it to a new version and the new one does declare the
internet permission;
3. The new app are not allowed to access the internet until next boot
Bug: 137864893
Test: Manual, just make sure the onPackageChanged would be executed on package changes
Change-Id: I69cdbb16a027a9c4e974b32371b1f64a23a51a23
Signed-off-by: wangmingming1 <wangmingming1@xiaomi.com>
If an app doesn't have a launcher activity enabled by default, a
synthesized activity isn't created for that app.
Test: make ds-docs -j32
Bug: 140968734
Change-Id: I2fe8666ee8cde479f404e43c622f03891d96c38f
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Merged-In: I53946ed4e31de0ffe9c84875c391a7dec6f5375a
Change-Id: Idaae690f79a5c680ad0059a52be62160d9dfb5e7
Creating a SystemConfig from a non-system process is taking 500+ ms.
This CL instead exposes the needed split permissions from system_server
to optimize performance.
Tested locally and creating PermissionManager / retrieving SystemConfig
is now less than 1 ms.
Bug: 139828734
Bug: 139485700
Fixes: 139828734
Test: Added systrace / logs to PermissionController app and traced
runtime of onGrantDefaultRoles().
Merged-In: I111403e8dae3bc2b0acafc32e61aa5cd890fea29
Change-Id: I111403e8dae3bc2b0acafc32e61aa5cd890fea29
(cherry picked from commit f69c71e25889d8a9d66da05ee0f386d7fb626c6c)
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Change-Id: Id0e63ae4a7be578d1e93838b371320f86a787e0e
When the configurations are being read from the proto file, if a
duplicate locale is found in the list, an exception is thrown from
LocaleList which causes the UsageStatsService to crash. Instead, we'll
now log a WTF if duplicate locales are found when parsing the
configuration proto and not add the duplicate locale to the list.
Bug: 140197723
Test: atest UsageStatsDatabaseTest
Change-Id: Ie178b3cfdd45e6771a7c0e4bb42e47f79b5c30cc
(cherry picked from commit 5d9031dbee)
When the configurations are being read from the proto file, if a
duplicate locale is found in the list, an exception is thrown from
LocaleList which causes the UsageStatsService to crash. Instead, we'll
now log a WTF if duplicate locales are found when parsing the
configuration proto and not add the duplicate locale to the list.
Bug: 140197723
Test: atest UsageStatsDatabaseTest
Change-Id: Ie178b3cfdd45e6771a7c0e4bb42e47f79b5c30cc
The docs now (correctly) state that, if an intent filter specifies no
actions, then it only matches intents that don't specify/contain an
action.
Test: make ds-docs -j32
Bug: 140435265
Change-Id: I8931c6540cb22edd15e8caa1be984ca70efcdc96
To prepare for enabling MissingNullability Metalava check this CL
works on adding missing nullability issues that metalava flags if
we tell it to flag new things since API 29.
This is not a complete CL, mostly addresses public api and
toString/equals for @SystemApi
Exempt-From-Owner-Approval: Large scale nullability clean up
Bug: 124515653
Test: make -j checkapi
Merged-In: I109260842cfc25f06e40694997fcbb4afa02c867
Change-Id: I109260842cfc25f06e40694997fcbb4afa02c867
