We can no longer return the "my_downloads" paths: if those Uris were
shared beyond the app that requested the download, access would be
denied. Instead, we need to switch to using "all_downloads" Uris so
that permission grants can be issued to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, DownloadProvider now issues narrow grants
toward the owner of each download, both at device boot and when new
downloads are started.
Bug: 30537115, 30945409
Change-Id: I533125b36444877f54373d88922f2acc777e250b
This is a squashed rollup of backup/restore infrastructural work in
the N release. It intentionally omits semantic/API changes such
as the introduction of the onQuotaExceeded() callback.
This patchset should not be merged beyond M maintenance releases.
Bug 29617908
Bug 29848715
Change-Id: I1eb25ad07f3bbf1132198d8a233722c41f1ac4cc
Get the canonical identity and metadata about the package from the
Package Manager at time of usage rather than rely on the caller to
have gotten things right, even when the caller has the system uid.
Bug 28795098
Change-Id: I215786bc894dedf7ca28e9c80cefabd0e40ca877
Screen on time should be measured in elapsed realtime, not wallclock.
Cause a checkIdleStates to occur when reloading stats
(on rollover and on time change).
When time changes occur in the negative direction, the new stats file
we create can overlap the previous one with regards to its end timestamp.
Use the begin timestamp to determine which of the latest stats to merge.
(b/22716352)
Bug: 26488100
Change-Id: If31b29bbbee9e98401205b5e26bce86e181286e7
I think what probably happened is that since we only report an app
going in to the "interaction" state as an interaction event to usage
stats, apps that sit around in that state forever will only see one
interaction at the start and never again. So usage stats could start
thinking they are idle.
Fix this by having the activity manager report an interaction event
for such long running applications at least once a day.
Also, because it is correct and for paranoia by protected us another
way, system uids should never go in to standby.
Change-Id: I8a3805bfca86cbe78560488a649ecd07427da99a
Remove the partial fix [it did not work for child fragment managers]
and replace with a more general fix that works with all fragments.
Bug: 23838271
Change-Id: I88b465f6a06a6ad627b9651b9e2eea41fae08972
When we restore a fragment [i.e. on configuration change], we need to
make sure the host is set prior to calling into lifecycle methods
such as onInflate(). These use data contained within the host.
Bug: 22512520
Change-Id: I709365a858cfc555ec5b7fc200629fa8d022faad
When an app doesn't define installLocation, the default behavior
should be to treat it as internal only. This matches all the
published developer documentation.
Without this, apps could be unwittingly be moved to adopted storage
devices.
Bug: 24771264
Change-Id: Iaf38ab45329aad6cb5d6deac81fb1781f680189b
We cannot pull the "retain loader" state from the Activity; an Activity may
not always be hosting a Fragment. Instead, save the "retain loader" state
inside the individual fragments.
Bug: 23838271
Change-Id: I8358183a7689b5a571ea7be03d769186b2812600
For each runtime permission we have an app op to toggle the
permission for legacy apps as they cannot handle permission
revocations. We were lacking an app op for get_accounts
which prevented the user from controlling access to accounts
regardelss that they change the state of the permission
toggle in the UI. Even worse the permission UI is written
with the assumption that every runtime permission has an
app op and as a result revoking the contacts group (if the
app requests the get_accounts permission) is reset back to
allowed in the UI.
bug:23854618
Change-Id: I9e3f9bfeb320bed561d718db99ee285915d5701b
The platform grants runtime permissions by default to apps on the
system image that provide core device use cases which a user expects
to work out-of-the-box. We are now adding a test to ensure that
OEMs cannot pregrant premissions on non approved components.
bug:23043018
Change-Id: Id76717cce0ee59678956bd0be347d3c045fe4c51
... by never rebasing the theme. We don't need to do this unless the
system theme is configuration-dependent, which it is not currently.
Bug: 22943781
Change-Id: I96e695441543379e4d5fdf3cc6f18d9e6cf953b4
We now have a new whitelist you can put apps in, which
opts them out of the old battery saver mode and new app idle,
but doesn't keep them from going in to doze. This is for a few
special cases that we had previously whitelisted for battery saver,
and inherited to the new modes... ultimately we should figure out
how to get these apps out of the whitelist completely, but this
will help for now.
Apps in this new whitelist are not shown in the UI, because they
are still significantly restricted by not being able to operate
normally in doze. This also means they are still visible in the
list of all apps for the user to be able to put them on/off the
complete whitelist if that is what they really want.
In the course of doing this, I needed to clean up code in the
network policy manager to better separate management of the
two firewall rules that now have different whitelists applied
to them. This also hopefully just generally simplifies and cleans
up that code. Hopefully!
Change-Id: I92e15f2f85899571dd8b049b5e3eb1354f55f353
1. When a permission is revoked we kill the app immediately but do
not do an immediate kill for shared uid processes. This fixes it.
2. Remove system APIs that are used only by the package installer.
bug:22984670
Change-Id: I3d4ae52ea8679f894aa7c5972941263903479183
BUG: 22957980
If a file was present in the backup but excluded on restore,
it can result in the restored data being corrupted.
Ensure that FullBackup.restoreFile is called with a
null destination, which will result in the file not
being written to disk, but still properly pulled
from the socket.
Change-Id: Iac882a961b76e687654535aec352678486a08c39
Add additional information about the intentions of result codes in
device-owner and profile-owner launch intents, in alignment with
changes made in http://ag/732321.
Bug: 21063241
Change-Id: I0e0a931739cee5f46e8fc7622fe1de49e26dcb0a
Add new Activity callback to tell it when its saved state has
been invalidated.
The problem is that delivering the permission result does not go
through a path where the compatibility code can see it first to
mark its fragment manager as no longer having saved state. So this
new callback gives it a place to do that.
Change-Id: I5a4a185d9c746bae1afb5c588aba82c8daccf079
