Let an activity show on top of the lock screen if the activity behind
this can be shown on top of the screen. This is pre-requisite for
showing permission dialog on top of the lock screen only when it makes
sence.
Bug: 109754623
Test: atest server.am.KeyguardTests
Change-Id: Ideaa2b77519649a70c682bc95277e451e149adad
applicationInfo.isDirectBootAware() ||
applicationInfo.isPartiallyDirectBootAware() was used by Settings
to determine whether to show a confirmation message for setting a
direct boot unaware app to be some default app (e.g. SMS). Since
we are moving default app into roles in PermissionController, we
need this as a system API.
Bug: 110557011
Bug: 122270890
Test: build
Change-Id: I8bfc2b4e07239b6b9b1b9948dede3748b6ae974c
This includes laying down some groundwork to make the remaining migrations
more straightforward
Bug: 110557011
Test: atest RoleManagerTest && atest SmsManagerTest
Change-Id: Ie96abd73751d10f521756c9dcdab2a5710ca2045
The API is mostly implemented; except for hooking up the listener
and handling an already running bugreport.
BugreportManager is the handle to the new API exposed to apps.
Generating bugreports requires root privileges. To limit the footprint
of the root access, the actual bugreport generation in Dumpstate binary,
is accessed as a oneshot service and dies after it finishes
running.
System server accesses Dumpstate via a binder interface since it does
not have root privileges.
Starting a oneshot service is done via setting a system property, which
needs to be done from system server. BugreportManagerService is the
new system server service that does this. BugreportManager calls into
BugreportManagerService via a binder interface, since the former is in
the app's process.
Both app to system server as well as system server to native service
calls are via implementations of IDumpstate binder interface.
Bug: 111441001
Test: builds. Flashed & verified it boots.
Test: wrote a test client (not included) and verified invoking
startBugreport works.
Change-Id: I4abeb753388c055c36ae0dd916af1ec8d40b7bf0
The value of the field will be verified in CTS.
Bug: 112837428
Test: atest CtsActivityManagerDeviceTestCases
Change-Id: I7f8e4b20c75077c77f4d723946d6596737523479
This intent action will be used by Settings to launched the new
special app access list UI in PermissionController.
Bug: 110557011
Test: build
Change-Id: Ib3570cf8110d75e443e2c3d63eecea0aa6eaee5c
Allow passing the name of the permission group to
REVIEW_PERMISSION_USAGE.
Bug: 121256299
Test: Pass permission group to an intent.
Change-Id: Ifb7e4f086ceae3513cd6d378c58d026948b4021e
The manifest permission usage info declarations are limited in what they
allow the applications to specify. Applications can have an activity for
that handles this intent in order to provide free form application
specific details such as privacy policies, specific examples, etc.
Test: API definition, usage will follow
Bug: 111207567
Change-Id: I90b292e4c1cb8847a9a9d7b8071aaff2ee7d11fb
* changes:
Add test for multi-package rollback.
Fix bug where RollbackManagerService ignores package name.
Add test for user data rollback.
Move rollback manager implementation to RollbackManagerServiceImpl
Don't expose RollbackManagerService's internal Handler.
Make RollbackManager @SystemApi.
Known files (e.g. base apk, split apks and dex metadata) in installer
session can now be optionally installed with fs-verity signature
(PKCS#7) stored in the corresponding file with addional extension of
".fsv_sig".
For example, fs-verity signature files of foo.apk of foo.dm are
foo.apk.fsv_sig and foo.dm.fsv_sig, respecitvely.
Test: adb install-multiple with .fsv_sig
# with change in adb to accept .fsv_sig, see the setup happened
Test: adb install-multiple with missing .fsv_sig
# failed as expected
Test: atest com.android.cts.dexmetadata.InstallDexMetadataHostTest
Test: atest android.appsecurity.cts.SplitTests # same pass/fail
Test: atest com.android.cts.apkverity.ApkVerityTest # test WIP
Bug: 112037636
Change-Id: I109f580f637f1f538d0bf0bfacb499702dd72937
As this has already evolved from just presenting data. In the future any
permission related calls to the permission controller will be added here.
As the calls are protected by different permissions the binding will not
require a permission anymore, but each individual call checks the
permission.
Bug: 120221960
Test: Looked at settings UI showing data from this interface
Change-Id: I6b4a5c3b7ee17b145e11e2c1b6e11a8a232bffed
This attribute is default to false, and if set to true, indicates that
the app wants to run with strong integrity guarantee currently the
platform can provide the best.
In this change, this flag implies that on install time,
1) .dex and .so must be stored uncompressed and aligned to install
2) android:extractNativeLibs must be false to install
At run time, ART will run from the dex within the APK directly, and NDK
libraries will be mapped directly from the APK. This way, thest files
stay protected by signature.
The attribute currently stays in private to make development progress.
We plan to make it public once we confirm the demand from some apps.
Test: atest AppIntegrityTest (to be added in ag/5554864 after publicized)
Bug: 112037137
Change-Id: Ifde90cb0666fbb57e8b61f90b4ba1a2dd2a2b4ae
Require callers hold a new MANAGE_ROLLBACKS permission to interact with
the RollbackManager.
Bug: 112431924
Test: atest RollbackTest, with new test for permissions added,
and with selinux in permissive mode.
Test: atest CtsPermission2TestCases:PermissionPolicyTest
Change-Id: I73f4f3457d85be580670cd69c89066d2cc348186
This change adds RollbackManagerService as a new system service for
managing apk level rollbacks.
To work properly this requires additional selinux policy changes. Fails
gracefully in case of selinux denials, until we have a chance to sort
out the proper selinux policy.
Bug: 112431924
Bug: 116512606
Test: atest RollbackTest, with selinux enforcement off.
Test: atest CtsPermission2TestCases:PermissionPolicyTest
Change-Id: Id72aae9c4d8da9aaab3922ec9233ba335bc0198f
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0
Merged-In: I020a9c09672ebcae64c5357abc4993e07e744687
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
RegisteredServicesCache caches services in an xml, so the system doesn't
have to scan all the apks. Whenever a package is changed
(add/remove/replaced), the broadcast receiver in RegisteredServicesCache
will refresh this cache by quering all matching services and reading their
xml metadata. There is extra work done here, because only the changed package
will have services added/removed.
This change changes RegisteredServicesCache to only get the service info of changed packages.
Bug: 117755076
Test: atest RegisteredServicesCache
Change-Id: I2d9e7980fcd651617e450ff12e1588601de4ef6c
