Reason: There is only one telephony stack shared
between the personal and work profile.
Bug: 194382185
Bug: 189942529
Test: build
Change-Id: If0d27a317a7c0ee46af371b30208327e5636c7cf
This is a CP of ag/14736230 to qt-dev.
Apps were able to bypass BAL and BG-FGS restrictions by retrieving their
own notifications and firing their PI since those were allowlisted for
those operations.
Now we strip the token that granted them that ability
from notifications returned via NM.getActiveNotifications(), which
returns the notifications of the caller.
Notifications returned via notification listener APIs still contain such
token, as they should.
Bug: 185388103
Bug: 169821287
Test: Manually tested
Change-Id: I2ede0d639a560f6acacec3864a0a7d23af152ba5
Merged-In: I2ede0d639a560f6acacec3864a0a7d23af152ba5
(cherry picked from commit 5fbeff59df)
SlicePermissionActivity reads provider_pkg from intent, which can be
modified at will. As a result user might see incorrect package name in
the dialog granting slice permission.
Bug: 159145361
Test: manual
Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
(cherry picked from commit 0ad32a2d70)
Test: manual; monitor SystemUI performance when an app tries to
post a messaging style notification with messages with long text
Bug: 158304295
Bug: 147358092
Merged-In: c953fdf6bc
Change-Id: I0e2ea12fc3351b1a56645b556720ea2306f5422a
(cherry picked from commit c953fdf6bc)
This change is the union of
I2aaab1903dee54190338f7b6e49888aa51437108 and I58834636e092f992e403342e36b475dc60e8f20ai
Original CL descriptions:
*** I2aaab1903dee54190338f7b6e49888aa51437108
Block TYPE_PRESENTATION windows on default display
... and any other display that isn't considered a public presentation
display, as per Display.isPublicPresentation()
*** I58834636e092f992e403342e36b475dc60e8f20a
Use TYPE_PRIVATE_PRESENTATION for private presentations
Detect if the Presenation is targeting a private virtual display, and if they
are use the windowType TYPE_PRIVATE_PRESENTATION.
***
Bug: 141745510
Test: atest CtsWindowManagerDeviceTestCases:android.server.wm.PresentationTest CtsDisplayTestCases:android.display.cts.VirtualDisplayTest
Change-Id: I9f1c4b140ab4bc6183151aafc5501e8648fbc3fa
This change is the union of
I2aaab1903dee54190338f7b6e49888aa51437108 and I58834636e092f992e403342e36b475dc60e8f20a
Original CL descriptions:
*** I2aaab1903dee54190338f7b6e49888aa51437108
Block TYPE_PRESENTATION windows on default display
... and any other display that isn't considered a public presentation
display, as per Display.isPublicPresentation()
*** I58834636e092f992e403342e36b475dc60e8f20a
Use TYPE_PRIVATE_PRESENTATION for private presentations
Detect if the Presenation is targeting a private virtual display, and if they
are use the windowType TYPE_PRIVATE_PRESENTATION.
***
Bug: 141745510
Test: atest CtsWindowManagerDeviceTestCases:android.server.wm.PresentationTest CtsDisplayTestCases:android.display.cts.VirtualDisplayTest
Change-Id: I9f1c4b140ab4bc6183151aafc5501e8648fbc3fa
Block TYPE_PRESENTATION windows on default display
... and any other display that isn't considered a public presentation
display, as per Display.isPublicPresentation()
Bug: 141745510
Test: cts-tradefed run cts -m CtsActivityManagerDeviceTestCases -t android.server.am.PresentationTest
Change-Id: I2aaab1903dee54190338f7b6e49888aa51437108
Block TYPE_PRESENTATION windows on default display
... and any other display that isn't considered a public presentation
display, as per Display.isPublicPresentation()
Bug: 141745510
Test: cts-tradefed run cts -m CtsWindowManagerDeviceTestCases -t android.server.wm.PresentationTest
Change-Id: I2aaab1903dee54190338f7b6e49888aa51437108
This change introduces a means of introducing an artificial long task to
the package handler to help reproduce timing issues related to it.
Bug: 141413692
Test: atest PackageManagerTest
Change-Id: I61ddee1fe8b94f5803d981a77babb4bb19e31662
Explains in more complete detail who should call lockNow(), when to call the method,
and what happens when there's no lock set on a device.
Test: make ds-docs -j32
Bug: 28831838
Change-Id: I5acc0cbfa63dffe8676e8b60476b584fd43b5bde
And also pre-grant it to all apps that currently get any storage
permission pre-granted
Test: atest SplitPermissionTest
m -j gts && gts-tradefed run commandAndExit gts-dev -m GtsPermissionTestCases --test=com.google.android.permission.gts.DefaultPermissionGrantPolicyTest#testDefaultGrantsWithRemoteExceptions
Manual testing:
All combinations of
- App targetSdk = 28 and 29 (and 22 for extra credit)
- App having the <uses-permission> tag for
ACCESS_MEDIA_LOCATION or not
- Upgrade from P->Q-QPR and from vanilla Q->Q-QPR
Further upgrade of targetSdk from 28->29 while on Q-QPR
==> All permission behavior should make sense. Sometimes there
are weird, but expected behaviors. Hence we need to
collect the results and then look at the unexpected ones.
See SplitPermissionTest for some tests I added for the
location-background permission which was split from
the fine/coarse-location permissions
Fixes: 141048840,140961754
Change-Id: Ib9f50d25c002036f13cf2d42fc4d1b214f20920c
(cherry picked from commit ac7b10c135)
Also converted curly quotes to straight in one of the notes.
Test: make ds-docs -j32
Bug: 135089189
Change-Id: I146fb7eec5da48496467a1bc7706f9d87dc339f7
Enable stricter SQLiteQueryBuilder options.
Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.
This change starts using setStrictColumns() and setStrictGrammar()
on SQLiteQueryBuilder to block this class of attacks. This means we
now need to define the projection mapping of valid columns, which
consists of both the columns defined in the public API and columns
read internally by DownloadInfo.Reader.
We're okay growing sAppReadableColumnsSet like this, since we're
relying on our trusted WHERE clause to filter away any rows that
don't belong to the calling UID.
Remove the legacy Lexer code, since we're now internally relying on
the robust and well-tested SQLiteTokenizer logic.
Bug: 135270103
Bug: 135269143
Test: atest DownloadProviderTests
Test: atest CtsAppTestCases:android.app.cts.DownloadManagerTest
Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
Enable stricter SQLiteQueryBuilder options.
Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.
This change starts using setStrictColumns() and setStrictGrammar()
on SQLiteQueryBuilder to block this class of attacks. This means we
now need to define the projection mapping of valid columns, which
consists of both the columns defined in the public API and columns
read internally by DownloadInfo.Reader.
We're okay growing sAppReadableColumnsSet like this, since we're
relying on our trusted WHERE clause to filter away any rows that
don't belong to the calling UID.
Remove the legacy Lexer code, since we're now internally relying on
the robust and well-tested SQLiteTokenizer logic.
Bug: 135270103
Bug: 135269143
Test: atest DownloadProviderTests
Test: atest CtsAppTestCases:android.app.cts.DownloadManagerTest
Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
Force SurfaceFlinger to update synchronously by applying an empty
transaction. Without this, SurfaceFlinger will only update after the
next vsync, which may only happen after the instrumentation already
starts.
Since InputFlinger will only have the proper InputWindowInfo after
SurfaceFlinger updates, waiting for the vsync caused some
instruemntation tests to be flaky.
Bug: 138263890
Test: atest android.view.cts.HoverTest
Change-Id: I5457ab67ac574530dc1aa84549ca11e7e3f0d714
Make sure the client post execution lifecycle state to RESUMED
only if the activity was RESUMED while delivering new intent.
Bug: 135715788
Test: making skype calls
Test: atest ActivityThreadTest
Change-Id: I1e3054e1d1611aecf6ddf6d482abf2cb3ebdf9a4
In Q, these APIs were either:
- removed from the greylist entirely without good reason
- Moved to the restricted greylist without any public alternative
information added
So they are being moved back to the greylist for Q.
Test: Treehugger
Bug: 136102585
Change-Id: I5ac8b8b9b23c3789d80239cf456072cc7dfa1203
This is a targeted fix for not receiving a task stack change callback
when a task with a resumed Activity is reparented to another display.
Bug: 128932906
Test: manual - launch activity from virtual display onto default display
in a new task, verify callback notified. atest WmTests
Change-Id: Idabad8379cded664bcf302d5c6fb69564d158eb7
Merged-In: Idabad8379cded664bcf302d5c6fb69564d158eb7
We are planning to use this metric to detect leaks.
This CL also decouples the actual memory sampling from AM. This means:
- Less time locking the pid list (we used to lock and then read proc)
- Less serialization / deserialization for the parcel
- Simpler to evolve (e.g. removed the HWM-specific method in AM)
Change-Id: I87a7243156dd8c88cfa85038e7e6cf4963e271e1
Test: manual, MemoryStatUtilTest, UidAtomTests
Bug: b/135418017
Set a trim-level threshold to debug.am.run_gc_trim_level to activate it.
Bug: 135148702
Test: Manual test with "setprop debug.am.run_gc_trim_level 0", run a lot of
heavy apps and take pictures, and check logcat for the "force_gc" event log.
Test: Manual test with "setprop debug.am.run_mallopt_trim_level 0", run a lot of
heavy apps and take pictures, and check logcat for a debug log.
Change-Id: I73b4dc7374e85e9a22c98ab17da53aa6cb25a188
As it was in P. There are no public APIs created, hence there is no
better, _public_, alternative.
Fixes: 135282729
Test: none
Change-Id: I199cfcc125f948b983eb55a199abf673cc58b7e1
