APIs that return package usage data (such as the new StatsManager)
must ensure that callers hold both the PACKAGE_USAGE_STATS permission
and the OP_GET_USAGE_STATS app-op.
Add noteOp() method that can be called from native code.
Also add missing security checks on command interface.
Bug: 77662908, 78121728
Test: builds, boots
Change-Id: Ie0d51e4baaacd9d7d36ba0c587ec91a870b9df17
This is the "Emergency Info" screen available from the lock screen.
It requires the CALL_PRIVILEGED permission in order for it to be able to
place emergency calls. This can occur if a user adds an emergency number
to their emergency contacts.
Test: make checkbuild
Bug: 76086838
Merged-In: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
Change-Id: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
(cherry picked from commit cdc555f489)
This means that APKs signed with the platform cert are allowed to use
hidden APIs, even if they are not on the package whitelist, and if they are
not in the system image. It will also allow a number of packages to be
removed from the package whitelist.
Also remove all platform cert signed apps from the package whitelist, as
there is no longer any need for them to be in there.
Bug: 64382372
Test: device boots
Change-Id: Id805419918de51f946c1f592581bab36ae79de83
Now that Antons cleanup of all packages is complete, we can generate this
whitelist from those packages that specify
LOCAL_PRIVATE_PLATFORM_APIS := true
This is the resulting list of packages. This change also includes fixes to
the method; previously, packges that didn't specify any certificate may
have been exluded.
Test: Verify that device boots.
This is a cherry-pick of change I1f578322135274b80708d4bb7664f7732ac33cc7
from AOSP.
Bug: 64382372
Change-Id: Iada043cb85f9b3281893ed9a2828771b8f1ef045
- Fix issue with testFinishPipActivityWithTaskOverlay failing due to
new permission check in the system
Bug: 71716434
Test: atest CtsActivityManagerDeviceTestCases:ActivityManagerPinnedStackTests#testFinishPipActivityWithTaskOverlay
Change-Id: Ifbcd6c182d928f5aa5372d2db9fa71a142dc8474
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I16574374d2c233221cd1305f031f78aca1947f05
(cherry picked from commit 06c8a439f7)
This app builds directly against the platform. Add it to the whitelist.
Bug: 64382372
Test: make
Test: device boots
Change-Id: I4c308d93d66391da2d3691eb45e5d7b1c1fdd582
These commands allow a user to set the time and the timezone
from the shell. The shell now has signature|privileged
SET_TIME and SET_TIME_ZONE permissions.
Bug: 67751701
Test: manual - correctly sets the time and timezone from unrooted adb.
Change-Id: I1d2820fd7dadd8b1f3900c0592eb28210370ce88
This list of packages is derived from all packages in the tree that do not
specify LOCAL_SDK_VERSION in their Android.mk. It was done by:
1. Modifying biuld/core/package_internal.mk to output a warning for all
packages that do not specify LOCAL_SDK_VERSION, including some
metadata about the target.
2. Parsing the output fom the build, then filtering out those that specify
a test certificate, or with LOCAL_MODULE_TAGS := tests, that depend
on android.test.runner or whose name includes "Test"
3. Look up the java package name of each & build the list from these.
Test: N/A, this change is a no-op while all system apps are excluded
from the checks.
BUG: 73244707
Change-Id: Ie3dcb1b4b83c32e93609bc58dc7a1cd513eeea64
Some packages in the system image are not built against the SDK, so
enforcing hiddenapi checks for these will break them. Add a whitelist
for such packages.
For now, just add the contacts provider to the whitelist. The list will be
further populated later.
Test: Added test app package name to whitelist to verify.
Bug: 73244707
Merged-In: I94746b7f12dd9371d5068bb235eb853f63ee4d97
Change-Id: I1cbbd220c61b1b4b767c301f97096607ee902a7b
Some packages in the system image are not built against the SDK, so
enforcing hiddenapi checks for these will break them. Add a whitelist
for such packages.
For now, just add the contacts provider to the whitelist. The list will be
further populated later.
Test: Added test app package name to whitelist to verify.
Bug: 73244707
Change-Id: I94746b7f12dd9371d5068bb235eb853f63ee4d97
System singed components can watch for starting/finishing of
long running app ops. Also protected the APIs to watch op mode
changes with a singature permission for the cross-uid use case.
Test: atest com.android.server.appops.AppOpsActiveWatcherTest
bug:64085448
Change-Id: Id7fe79ce1de4c5690b4f52786424ec5a5d9eb0fa
Public EuiccManager and other related necessary files.
Mark EuiccCardManager and other related necessary files as @SystemApi.
Solve lint errors and warnings.
Bug: 35851809
Test: test on phone
Change-Id: I8a2c78804cae56b679d311d613edca5be4bc2522
Merged-In: I68853e134e1e31fa9b91a83af6c491a2a8cca971
Public EuiccManager and other related necessary files.
Mark EuiccCardManager and other related necessary files as @SystemApi.
Solve lint errors and warnings.
Bug: 35851809
Test: test on phone
Change-Id: I68853e134e1e31fa9b91a83af6c491a2a8cca971
When sending outbound callbacks on CELL_INFO and CELL_LOCATION, check to
make sure that the user has authorized us and the receiving app to get
information on their location.
Bug: 69637693
Test: manual: telephony testapp
Change-Id: Iacfc894428b11a7ec973567d7a797eedb281355f
The WRITE_MEDIA_STORAGE permission had inadvertently been giving apps
the "default" view of storage. This had worked for a long since,
since we also gave them the "sdcard_rw" permission, but a recent
security patch broke this for secondary users.
Apps holding this permission should have been mounted "write" all
along, and relied on that view to access storage devices. This also
means they no longer need the "sdcard_rw" GID.
Test: builds, boots, secondary user media/camera works
Bug: 72732906, 71737806, 72224817
Change-Id: I5cd687a1e128024f33b4acd93c15e75192ed1c85
This is to make sure only the system can bind the data service.
Test: Manual
Bug: 64132030
Merged-In: Iaf4e4a604396ec37c83516f1d1f163614ef23c3d
Change-Id: Iaf4e4a604396ec37c83516f1d1f163614ef23c3d
When sending outbound callbacks on CELL_INFO and CELL_LOCATION, check to
make sure that the user has authorized us and the receiving app to get
information on their location.
Bug: 69637693
Test: manual: telephony testapp
Change-Id: Ib4c8c6a9765f504823016e538dd46768d1032792
Adding carrier configuration option to specify whether the carrier requires
the incall recording tone be played.
Added phone account extra used in Telephony to communicate this to
Telecom.
Added permission pregrant for Telecom for MODIFY_AUDIO_ROUTING; this is
needed as Telecom listening to the AudioRecordingConfiguration callback
from the audio framework. It needs the permission so that it can be
informed of the package names of recording apps.
Test: Manually enabled for local carrier and confirmed that recording
tone plays to remote party when a recording app is started on the device.
Bug: 64138141
Change-Id: I1ab521b79cbeeb4ff4dcbf83de7c17c539637bdc
This makes the runtime handling of the android.test.base library
conditional based on a build flag REMOVE_ATB_FROM_BCP.
When REMOVE_ATB_FROM_BCP=true:
* The framework-atb-backward-compatibility is added to the
bootclasspath instead of android.test.base.
* Any APK that targets pre-P (or has a dependency on android.test.runner)
has android.test.base added to their library list.
Otherwise:
* The android.test.base library is added to the bootclasspath.
* Any APK that explicitly specifies that it depends on the
android.test.base library has the library removed as the classes
are available at runtime.
Added android.test.base to platform libraries so it can be used when
not on the bootclasspath.
Tested both cases by building with or without the build flag, flashing,
setting up, adding an account, adding a trusted place.
Also, tested that all combinations of REMOVE_ATB_FROM_BCP and
REMOVE_OAHL_FROM_BCP work.
adb install -r -g out/target/product/marlin/testcases/FrameworksCoreTests/FrameworksCoreTests.apk
adb shell am instrument -w -e class android.content.pm.PackageBackwardCompatibilityTest,android.content.pm.AndroidTestRunnerSplitUpdaterTest,android.content.pm.OrgApacheHttpLegacyUpdaterTest,android.content.pm.RemoveUnnecessaryOrgApacheHttpLegacyLibraryTest,android.content.pm.RemoveUnnecessaryAndroidTestBaseLibraryTest,android.content.pm.AndroidTestBaseUpdaterTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Bug: 30188076
Test: as above
Change-Id: I4b9d8a5bed6787cd334c2b13a458bbc0efc3f3b6
Using the new control mechanism introduced in order
to coordinate notification launches and smoothly
transform the notification into the launching window.
Bug: 69168591
Test: add notification, launch it
Change-Id: Ib2d671c65f276ec596a2f07edf64d65bf27a2882
ResolverActivity (still in frameworks) now requests a "permission token"
that it hands to a stubbed system ui activity ChooserActivity.
This permission token allows an app (SysUI) with the signed permission
"START_ACTIVITY_AS_CALLER" to call
ActivityManagerService#startActivityAsCaller. Permission tokens are a
one-time use, limited-time offer.
Test: runtest systemui && manual testing
Bug: 69850752
Change-Id: I3600e1a8ff9eea7397f5f59853423c79b6401f98
If a UID is idle (being in the background for more than
cartain amount of time) it should not be able to use the
camera. If the UID becomes idle we generate an eror and
close the cameras for this UID. If an app in an idle UID
tries to use the camera we immediately generate an error.
Since apps already should handle these errors it is safe
to apply this policy to all apps to protect user privacy.
Test: Pass - cts-tradefed run cts -m CtsCameraTestCases
Added - CameraTest#testCameraAccessForIdleUid
Change-Id: If6ad1662f2af6592b6aca1aeee4bd481389b5e00
Adds the ability for another app to control an entire app
transition. It does so by creating an ActivityOptions object that
contains a RemoteAnimationAdapter object that describes how the
animation should be run: Along of some meta-data, this object
contains a callback that gets invoked from WM when the transition
is ready to be started.
Window manager supplies a list of RemoteAnimationApps into the
callback. Each app contains information about the app as well as
the animation leash. The controlling app can modify the leash like
any other surface, including the possibility to synchronize
updating the leash's surface properties with a frame to be drawn
using the Transaction.deferUntil API.
When the animation is done, the app can invoke the finished
callback to get WM out of the animating state, which will also
clean up any closing apps.
We use a timeout of 2000ms such that a buggy controlling app can
not break window manager forever (duration subject to change).
Test: go/wm-smoke
Test: RemoteAnimationControllerTest
Bug: 64674361
Change-Id: I34e0c9a91b28badebac74896f95c6390f1b947ab
