This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
This service connects to a remote system captions manager service. This
service is responsible for enabling system captions when the user
requests them. As the system binds to it, this service will be
persistent.
Cherry pick from ag/6761232
Bug: 128925852
Test: Manual. I created an implementation of the service.
Merged-In: Iafde1bb68f4754d8167624f47c6833d43c0ec336
Change-Id: Iafde1bb68f4754d8167624f47c6833d43c0ec336
The system server (in SystemServer.java) defines the boot
sequence, during which an event called SystemReady happens.
This corresponds to a time when critical system services
that are depended upon by other components in the system
server are ready to handle requests from their dependencies.
Some system services are listening to this event to defer
initializations that depend on the critical services.
Because the network stack is only started after SystemReady,
there is no way any NetworkMonitor may be started before
SystemReady. Remove the associated mechanism.
Fix: 129376083
Test: FrameworksNetTests
Change-Id: I071eeb10d0b7c4f71af6653d322c7b442b2cc7ee
Some API changes per API reivew:
- Move DynamicAndroidClient and ~Manager to android.os.image.
- Rename them to DynamicSystemClient and ~Manager.
- Rename permission MANAGE_DYNAMIC_ANDROID to MANAGE_DYNAMIC_SYSTEM
- Corresponding changes in the installation service.
- Corresponding changes in privapp-permissions-platform.xml.
- Add missing annotations.
- Change setOnStatusChangedListener's parameters order.
- Improve documentations.
- Re-generate api/system-current.txt.
Bug: 126613281
Test: adb shell am
Change-Id: Ia920e9ccf6de1dbbd38c52910cb72cb81b9b5b32
The NetworkStack needs to be marked as start requested before any client
can use it from the system server, so it knows to queue requests until
it actually comes up.
This fixes a bug introduced in commit:
I93315ad31925bd436e21d1eabb21d5967e6aae60
where a client trying to use the network stack in the system server
before ActivityManager.systemReady() could block and eventually timeout,
resulting in a null INetworkStackConnector.
Test: booted, WiFi working
Bug: 128620654
Change-Id: Ieca2657373eba78195b387fb266fa0424fce8ada
In practice the NetworkStack was not started after
ActivityManager#systemReady, since ActivityManager was only scheduling
the start (mPendingStarts).
Requesting the start too early causes issues for the PackageManager to
install updates/rollbacks.
Test: flashed AOSP and internal builds, WiFi working
Bug: 128331883
Change-Id: I93315ad31925bd436e21d1eabb21d5967e6aae60
This API is needed for high-level events that happened on activities that are
not whitelisted for Content Capture.
Test: atest CtsContentCaptureServiceTestCases:android.contentcaptureservice.cts.LoginActivityTest#testSimpleLifecycle_defaultSession
Test: atest CtsContentCaptureServiceTestCases # sanity check
Test: m update-api
Bug: 126262658
Change-Id: Id2d4ccfb04d56eba561200d6875374a932c526ae
NSS needed it for getting VpnInfo[], NetworkState[] and
activeLinkProperties which it used to query via ConnectivityManager.
For VpnInfo[], this was racy as NSS may ignore intermediate changes to a
VPN's underlying networks. See http://b/123961098 for more context.
It may also lead to deadlocks b/w ConnectivityService and
NetworkStatsService. See http://b/126245192 for more info.
This change will ensure that NSS is never contending on any of
ConnectivityService locks.
Bug: 123961098
Bug: 126245192
Bug: 120145746
Test: atest FrameworksNetTests
Change-Id: Id1da446b54d95ee68ed14079107b1a10318bcf8b
Merged-In: I57e117bb4e9efe491b19d6b5a479f2d58d1c58e6
NSS needed it for getting VpnInfo[], NetworkState[] and
activeLinkProperties which it used to query via ConnectivityManager.
For VpnInfo[], this was racy as NSS may ignore intermediate changes to a
VPN's underlying networks. See http://b/123961098 for more context.
It may also lead to deadlocks b/w ConnectivityService and
NetworkStatsService. See http://b/126245192 for more info.
This change will ensure that NSS is never contending on any of
ConnectivityService locks.
Bug: 123961098
Bug: 126245192
Bug: 120145746
Test: atest FrameworksNetTests
Change-Id: I57e117bb4e9efe491b19d6b5a479f2d58d1c58e6
Added 3 more system props:
- sys.system_server.start_count
How many times the system server has started, 1-based.
- sys.system_server.start_elapsed
Elapsed time when the system server started most recently
- sys.system_server.start_uptime
Uptime when the system server started most recently
Also log the same information on event log, as 'system_server_start'.
Bug: 124022170
Test: manual
$ adb logcat -b events -s system_server_start
02-15 23:35:06.151 1222 1222 I system_server_start: [1,4714,4714]
(killed the system server)
02-15 23:35:24.673 4209 4209 I system_server_start: [2,23236,23236]
$ getprop | grep system_server
[sys.system_server.start_count]: [2]
[sys.system_server.start_elapsed]: [23236]
[sys.system_server.start_uptime]: [23236]
Change-Id: Ie3e77903e723eb5b7e79b545d4287d9b07c4b379
NetworkStack is only used in services.net or clients of services.net. It
cannot stay in framework.jar because it needs to depend on AIDL
interfaces, which would conflict with app implementations if they were
in framework.jar.
Test: atest FrameworksNetTests NetworkStackTests
Bug: 124033493
Change-Id: Ib1d08a3669983640119d008db7e2990fa798724f
Merged-In: I501b125a388c1100c2182bde4670944c2f0d7a02
NetworkStack is only used in services.net or clients of services.net. It
cannot stay in framework.jar because it needs to depend on AIDL
interfaces, which would conflict with app implementations if they were
in framework.jar.
(cherry-pick of aosp/905233 with trivial conflicts in SystemServer.java)
Test: atest FrameworksNetTests NetworkStackTests
Bug: 124033493
Change-Id: I501b125a388c1100c2182bde4670944c2f0d7a02
This reverts commit 54271901cd.
Wifi service is assumed to be always up by other parts of the Android
system. So, not starting wifi service will cause NPE crashes all over
the place.
Wifi service already goes into idle mode to handle this FDE transition,
so there is no need for it to be turned off.
Bug: 78663946
Test: Manually verified non-FDE to FDE transition on Taimen (Using
ag/6180881).
Change-Id: I2d4d38e978a671f4dcd671524a1b38f557510bf5
Remove the stubbed TimeZoneDetectorService. Priorities
dictated that it not be worked on so it has never been
used.
This reverts commit 7fb88c3928.
Bug: 112827764
Bug: 78217059
Test: build / boot
Change-Id: I39ed2fc7f8de8d4b2c0d883cd264cc126579af27
Merged-In: I39ed2fc7f8de8d4b2c0d883cd264cc126579af27
(cherry picked from commit f4894d391b)
Define the DynamicAndroid with AIDL.
Add a java implementation.
Start a service instance in the system server.
Add a permission test.
Bug: 122015653
Test: Build & Test on a pixel phone with following command \
./frameworks/base/services/tests/runtests.py -e class com.android.server.DynamicAndroidTest
Merged-In: I2e54b6b71fac4a4c5a9c9c25ce6bdac74cddcfb7
Change-Id: I2e54b6b71fac4a4c5a9c9c25ce6bdac74cddcfb7
Define the DynamicAndroid with AIDL.
Add a java implementation.
Start a service instance in the system server.
Add a permission test.
Bug: 122015653
Test: Build & Test on a pixel phone with following command \
./frameworks/base/services/tests/runtests.py -e class com.android.server.DynamicAndroidTest
Change-Id: I2e54b6b71fac4a4c5a9c9c25ce6bdac74cddcfb7
GPU Service is used to monitor all GPU and graphics driver related features.
This patch implements GPU service into System Server, and implements
functionality to extract the whitelist out of game driver package when the
package is upgraded or removed. This will move the whitelist processing off
critical path when app launches.
BUG: 123290424
Test: Build, flash and boot. Verify by upgrading game driver apk.
Change-Id: I563a138bfe0c4c1bb17ed28dab5d6a8df244021d
It is a helper in the system process that helps dumpstate and incidentd get
user confirmation to share reports
Bug: 123543706
Test: bit GooglePermissionControllerTest:*
Change-Id: Ia3fe4bd5257044ed89fe56ce683876fa03ba6c36
Remove the stubbed TimeZoneDetectorService. Priorities
dictated that it not be worked on so it has never been
used.
This reverts commit 7fb88c3928.
Bug: 112827764
Bug: 78217059
Test: build / boot
Change-Id: I39ed2fc7f8de8d4b2c0d883cd264cc126579af27
This commit made the following changes to make the code conform to the
Frameworks style guide:
* Re-named variables
* Re-flowed code
* Organized includes
Topic: zygote-prefork
Test: make & flash & launch apps
Bug: 68253328
Change-Id: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
Merged-In: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
