This change allows the system to perform iterative reset
of changes to settings in order to recover from bad a
state such as a reboot loop.
To enable this we add the notion of a default value. The
default can be set by any package but if the package that
set it is a part of the system, i.e. trusted, then other
packages that are not a part of the system, i.e. untrusted,
cannot change the default. The settings setter APIs that
do not take a default effectively clear the default. Putting
a setting from a system component always makes it the
default and if the package in not trusted then value is
not made the default. The rationale is that the system is
tested and its values are safe but third-party components
are not trusted and their values are not safe.
The reset modes from the least intrusive are: untrusted
defaults - reset only settings set by untrusted components
to their defaults or clear them otherwise; untrusted clear
- clear settings set by untrusted components (or snap to
default if provided by the system); trusted defaults - reset
all settings to defaults set by the system or clear them
otherwise.
Also a package can reset to defaults changes it made to
the global and secure settings. It is also possible to
associate a setting with an optional token which can then
be used to reset settings set by this package and
associated with the token allowing parallel experiments
over disjoint settings subsets.
The default values are also useful for experiment (or
more precisely iterative tuning of devices' behavior in
production) as the stable configuration can be set to
the "graduated" safe defaults and set the values to the
experimental ones to measure impact.
Test: tests pass
Change-Id: I838955ea3bb28337f416ee244dff2fb1199b6943
Tests were added and verified before refactoring to ensure no behavior
changes. This is the first step in revising compat checks for O policy.
Bug: 33455703
Test: PackageParserTest#testComputeMinSdkVersion
Test: PackageParserTest#testComputeTargetSdkVersion
Change-Id: I483b4d23945183702b7e077fa1bd6d3ab5065acc
Activities that have a browsable web intent filter [action.VIEW,
category.BROWSABLE and http(s) scheme] are implicitly exposed to
instant apps. Authors can explicitly hide these activities by
using the attribute android:visibleToInstantApp="false".
Bug: 25119046
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: I88b277a719e7ecd5631f8cbd281757eb3e3d2ce6
Test: Manual test and all the unit tests:
adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest1 -w com.android.frameworks.servicestests
... to test8
Bug 32908854
Change-Id: I30ba421e9730741776c1936e40ccf7b7431289da
There are a few major pieces here:
incidentd
---------
This daemon (started by init) runs and accepts incoming requests to take
incident reports. When prompted, it calls into various system services
and fills in an IncidentProto data structure, and then writes the report
into dropbox.
The next steps for incidentd:
- Security review of SELinux policies. These will be a subset of
the dumpstate permissions. Until this is done, incidentd is
not started at boot time.
incident
--------
This shell command calls into incidentd, and can initiate an incident
report and either capture the output or leave for dropbox.
incident_report
---------------
This host side tool can call adb shell with the correct parameters
and also format the incident report as text. This formatting code
was left of the device on purpose. Right now it's pretty small, but
as the number of fields increases, the metadata and code to do the
formatting will start to grow.
The incident_report command also contains a workaround to let it
work before incidentd is turned on by default. Right now, it is
implemented to call adb shell dumpsys <service> --proto directly,
whereas in the future it will go through the full incidentd flow.
incident_section_gen
--------------------
A build-time tool that generates a stripped down set of information
about the fields that are available.
libincident
-----------
This library contains the code to connect to incidentd, and the
meta proto definitions that are used by the framework protos.
The basics are here now, but they are not fully fleshed out yet.
The privacy.proto file contains annotations that can go in the
proto file that we will later use to filter which fields are
uploaded, and which are used by local sources. For example, a
device in a test lab is safe to upload much much more information
than a real user. These will share the same mechanism, but the
user's output will be filtered according to these annotations.
frameworks/core/proto
---------------------
These .proto files contain the definitions of the system's
output. There is one master android.os.IncidentProto file that
is the top level of an incident report, but some other services
(notification, fingerprint, batterystats, etc) will have others
that are used directly by the logging mechanism.
Other files which are shared by several of the services also go
here, such as ComponentName, Locale, Configuration, etc. There
will be many more.
There is also a first iplementation of a dump method handling
--proto in the fingerprint service.
IncidentManager
---------------
The java API to trigger an incident report.
Test: Not written yet
Change-Id: I59568b115ac7fcf73af70c946c95752bf33ae67f
This is needed for unbundling of the OobConfig apk.
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases --test com.google.android.gts.devicepolicy.DeviceOwnerUserRestrictionTest#testFactoryReset_disallowFactoryReset
Bug: 32974361
Change-Id: I71e7270bb4c3234ec0516382b18a2ca35aab4c81
... so that multiple applies can be combined into a single write.
Do do this I replaces the executor in the QueuedWork by a more Android-y
handler.
Test: Ran shared preferences CTS tests. Looked at log and saw a lot of
skipped writes
Bug: 33385963
Change-Id: I8f33df717be7091532930ccf6ca8c48940e4edd4
Scaffold for the reporting of non-primary dex files loads to the package
manager.
This will enable:
1) monitoring and compilation of secondary dex file
2) better way to track foreign dex file usage (used to determined the
compilation filter of apks).
Test: device boots
Bug: 32871170
Change-Id: Ib0fe076af2c734dd054f092247a1ec7e2a74a70d
- move BroadcastReceiver info to developer guide. see cl/140402421
- add usage note to CONNECTIVITY_ACTION broadcast
bug:32533262
bug:33106411
Change-Id: Ic2aa517831d29418e0c42aa6fc1e7f9aeb50f802
Test: Manual test and all the unit tests:
adb shell am instrument -e class com.android.server.pm.ShortcutManagerTest1 -w com.android.frameworks.servicestests
... to test8
Bug 32908854
Change-Id: I11b81656959cccfb4efa83f08380b915e6eb84a6
This CL follows up on ag/1530343 and adds:
1) Various network events.
2) Retrieval method in DPM and APIs in DeviceAdminReceiver.
3) Extension of NetworkLogger and it's NetworkLoggingHandler.
Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java
Bug: 29748723
Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
This handles smart selection and language detection features.
This CL only contains code to integrate the TextClassificationManager.
Implementation will be added in a follow up CL.
Test: Test will be added when TextClassificationManager is added.
Bug:32503402
Change-Id: I5f22150ff998156fbc91b51c733d93478efaa51f
Ephemeral apps can only see their own components or those components
exposed via the "visibleToEphemeral" XML attribute.
Normal apps can only see other normal apps. There is no way to expose
ephemeral components to normal apps.
Bug: 33458220
Test: Manually install ephemeral/normal apps and ensure they can only see appropriate components
Change-Id: I6ae65fd2a6ddc9aa9691f02cd55d4953048966b0
to allow for some privileged apps to use it.
Also fixed the javadoc to mention the correct permission.
Test: API already exercised by Settings and PackageInstaller
Bug: 31000380
Change-Id: I5fc810dfe9f8d2b64d01bbaaa0bd26ebef4e8de1
When updating the non direction members of screenLayout
we check that they are not in total undefined, before
accepting the new value in full. This was enough for LONG/SIZE
which are always undefined or set together. It seems we have paths
now where SCREENLAYOUT_ROUND however can be undefined and the others
will be set. In this case if we pass a configuration with
SCREENLAYOUT_ROUND_UNDEFINED but LONG/SIZE set to updateFrom then
we will overwrite our previous SCREENLAYOUT_ROUND value.
This triggers extra configuration changes. We take extra care with
SCREENLAYOUT_COMPAT_NEEDED as it doesn't have an undefined value.
Bug: 33098677
Test: bit FrameworksCoreTests:android.content.res.ConfigurationTest
Change-Id: I6e7d123d5444f93c511aeb6e0f3adfea2a480352
Adding freeform resizing to activities which require
a certain orientation. This is needed for e.g. ARC++.
Bug: 33267688
Test: runtest frameworks-services -c com.android.server.wm.TaskPositionerTests
Test: Visually on ARC++
Change-Id: If708c1602cb2ff464174389af4648ad767b0b079
