The system shouldn't be granting read URI permissions as itself. This
means that heap dumps aren't successfully shared. Moving the heap dump
sharing mechanism to SHELL, which already has the permission to dump
heaps so that dumps can be shared properly.
The ActivityManagerService changes are submitted separately.
Bug: 126885951
Bug: 135150619
Test: collect a heap dump and confirm it's successfully shared with an app
Test: do manual test on a secondary user & confirm it's not available to
other user
Change-Id: I6fad69280b5124c8ec2d3b4bef0f7dddb6a9422c
Bugreport is now triggered using API and not via broadcasts from
dumpstate. As migration to API flow is stable, we can remove methods and
broadcasts that were used in non-API bugreport flow. Now, callbacks are used
for communication between dumpsate and Shell instead of broadcasts.
* Remove BugreportReceiver.java as it used to handle BUGREPORT_STARTED and
BUGREPORT_FINISHED intents which are not required by Shell anymore to
track bugreports.
* Remove RemoteBugreportReceiver.java as it used to handle
REMOTE_BUGREPORT_FINISHED intent which is not required by Shell
anymore.
* Remove methods that were being used when processing these broadcasts.
* Remove pid as that is not used anymore.
* Since Shell owns the file now, don't need mTempName, mSavedName,
onFocusListener and disable file name after the bugreport is finished.
File name can be sanitized and updated even after bugreport finished.
Bug: 136066578
Test: Build and flash. Interactive/Full bugreports from Settings/Power button.
Test: Rename workflow for interactive bugreports works as expected.
Test: * Build and flash
* Install TestDPC
* Make it device owner
* Take a remote bugreport. Works as expected
Change-Id: I5e0f829631cb63074c41c914236e78abe95ba162
Previously added "android:theme="@android:style/Theme.
DeviceDefault.DayNight" to the application tag in this manifest file to
enable dark theme for bugreport info.
BugreportWarningActivity is nested within this application tag, so
assumed all the child tags to have DayNight theme.
android:theme="@android:style/Theme.DeviceDefault.Dialog.Alert" shows
the dialog always as Dark mode.
android:theme="@android:style/Theme.DeviceDefault.Light.Dialog.Alert"
shows the dialog always as Light mode.
This bug is not easily notice-able as "Do not show this again" checkbox
is checked by default for this dialog. Unless one wipes data partition,
this dialog doesn't come up even after flashing new builds.
Bug: 141663298
Test: Normal (light mode) Trigger interactive/full/wifi bugreport.
Click on bugreport finished "Share" notification.
Light mode warning dialog should appear. (with white background)
Uncheck the "Do not show this again" checkbox to test with dark
mode.
Test: Go to Settings. Turn on Dark theme.
Trigger interactive/full/wifi bugreport.
Click on bugreport finished "Share" notification.
Dark mode warning dialog should appear. (with dark grey background)
Change-Id: I200c592608261665e4c2416303f573522c6bc59a
Camera CTS tests, while running with system cameras assume shell
identity for permission checking, recording tests need permissions to
record audio.
Bug: 138130599
Test: CTS camera RecordingTest with system camera.
Change-Id: I987eff88ebd06ff85024de1bfe0edb7e0fb0fa8e
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
This bug was introduced when fixing dark theme for bugreport dialogs.
Bug: 135446537
Test: manually (both in light and dark theme)
Change-Id: Ib8c16d068c00632d009033c2eab7d2d6cb7e4eea
In order to access system-only cameras client processes need
SYSTEM_CAMERA permissions in addition to CAMERA permissions. A
permission was preferred over other mechanisms such as having private
connections would need to hard-code the package name(s) of clients using
system only camera devices. A system | signature permission on the other hand,
would make this more flexible and would be better for security.
Bug: 133508924
Test: cts CameraManagerTest, CameraDeviceTest
Test: Give cts test SYSTEM_CAMERA permissions by using
adoptShellPermissions and run some camera tests.
Change-Id: Ibcd6ccdb231dcca949ed4fb14712d033a5801d36
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS
It would be duplicated and we can remove it.
Bug:
Test: refactoring CL
Change-Id: I75bf3761be64d850781c29b734c2f7e60ef3b6a2
Signed-off-by: jay <jdragon.bae@gmail.com>
Added a version of the onPermissionUpdated and
onInstallPermissionUpdated methods which will notify
OnPermissionChangedListeners, and added this to the
PermissionManagerService "updatePermissionFlags" and
"updatePermissionFlagsForAllApps" methods. Also adds
OnPermissionsChangedListener to @TestApi
Fixes: 135937566
Test: atest PermissionUpdateListenerTest
Change-Id: I906598c366234c3daaa202261678bca04837cb13
Add new calls to bugreport API, all the while keeping the previous code
and logic untouched.
Added feature flag in Settings which if untouched, runs the old dumpstate workflow
by default. To test the new workflow turn on the feature flag from UI or
`adb shell setprop settings_call_bugreport_api true`.
Add permission TRIGGER_SHELL_BUGREPORT so that not all can send
broadcasts to trigger bugreports.
Create new receiver BugreportRequestedReceiver for the new broadcast intent that the shell app will
use.
Whitelist Shell app to use the bugreport API.
Bug: 123617758
Test: manually built and flash to device. Turn on the feature flag, generate bugreports and check
the onProgress and onFinish notifications.
Test: Turn off the feature flag test old workflow.
Change-Id: I1c7c258a48815a0386d7d4771301cd76f9cae3d0
Bugreport info dialog is used in the BugreportProgressService; services
are not themeable from the manifest file. Added themed context wrapper
in the service file.
Text view underlines are no longer black, and are white in color.
Bug: 128364209
Test: build and flash to device, manually verified the color of the dialog
Change-Id: Ia42c1c7c2b6f2e30d91a5522f1d6b3507b032cdb
Now that we have LocalCallingIdentity, we can start caching it in
very narrow cases. We must be careful to not cache too long, since
any changes to granted permissions for the UID mean we need to
re-evaluate any cached answers.
The best middle-ground for this in the Q release is to use an active
camera session as a proxy for when we should create a cache object
and then later invalidate it. (It's very unlikely that a user
changes permissions while actively using the camera, and this is
a strong signal that the caller is sensitive to performance.)
Many other sprinkled optimizations to avoid extra binder calls into
the OS, such as aggressively caching VolumeInfo related details.
Track IDs that are owned by each LocalCallingIdentity, to speed up
all future security checks.
Dispatch all change notifications asynchronously, and delay them by
several seconds while the camera is being actively used, to give
more important foreground work a fighting chance. Invalidate
thumbnails asynchronously.
Optimizations to ModernMediaScanner where it's safe to skip the
"reconcile" and "clean" steps when we're focused on a single file
that we successfully scanned.
Local tests show this CL improves performance of a test app that
takes 100 rapid shots by 45%. (All the collective optimizations
done so far this week add up to a 70% improvement.)
Bug: 130758409
Test: atest --test-mapping packages/providers/MediaProvider
Exempt-From-Owner-Approval: trivial manifest change
Change-Id: I38cc826af47d41219ef44eae6fbd293caa0c01d5
Allows for testing APIs protected by this permission from CTS tests
Test: adb shell dumpsys package com.android.shell | grep "\bSTATUS_BAR:
granted=true" # should find the permission
Bug: 130178313
Change-Id: Ida0950664b98217d9c0801c0f19436c754ee6744
This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
Add NETWORK_SCAN to shell permissions to enable CTS testing of the
network scan changes
Bug: 126779616
Test: CTS
Change-Id: I1f75c9005620b3b0e06f066677cba6190f1d266c
This change adds PACKET_KEEPALIVE_OFFLOAD to shell, which allows
shell or code with shell permission identity to use privileged
tcp keepalive offload API.
Bug: 114151147
Test: -atest ConnectivityManagerTest#testCreateTcpKeepalive
-build, flash, boot
Change-Id: Ib6660a5eaa72f83042596481452be4d415383f02
Merged-in: Ib6660a5eaa72f83042596481452be4d415383f02
Add Shell permission for new CTS tests to test the multi-display
functionality in WallpaperService/WallpaperManagerService.
Bug: 123707989
Test: atest WallpaperManagerMultiDisplayTests
Test: atest ActivityManagerMultiDisplayTests
Change-Id: Id97db050a0b9d1940c2dfaa793fbe526df578105
This change adds PACKET_KEEPALIVE_OFFLOAD to shell, which allows
shell or code with shell permission identity to use privileged
tcp keepalive offload API.
Bug: 114151147
Test: -atest ConnectivityManagerTest#testCreateTcpKeepalive
-build, flash, boot
Change-Id: Ib6660a5eaa72f83042596481452be4d415383f02
