Modify source stamp verifier to account for APK signature schemes V1,
V2, and V3. The verifier would verify the signature schemes found in the
APK.
If the APK is signed using a signature scheme that does not have a
corresponding verified source stamp signed digest, the source stamp is
considered unverified.
Bug: 158196850
Test: atest FrameworksCoreTests:SourceStampVerifierTest
Change-Id: I07e3606a346b598d192771945335770ce964726e
The target shouldn't be a directory, but if it is, it would be
deleted (as long as it's empty). This became some kind of API and we
need to remain compatible with it.
Bug: 151959443
Test: Reboot and ensure ShortcutService can persist its state
Change-Id: I11a80cd4252128b025912b7aab86b113935e549a
Merged-In: I11a80cd4252128b025912b7aab86b113935e549a
Although it may seems a left-over from a previous interrupted write,
actually there are callers who call startWrite(), openRead() and then
finishWrite(), and this was okay in the previous implementation, so we
have to keep supporting it.
The new file is virtually ignored in the new implementation, and we
have no good way to know if it's actually a left-over or one that's
being written, so simply leaving it there is also okay.
Fixes: 157092639
Test: atest AppIdleHistoryTests#testFilesCreation
Change-Id: I4dc7fde99d2b8e04356f082a6e6ad61c2835022e
The previous implementation of backing up beforehand doesn't handle
the case where the file is created for the first time, and might leave
a corrupted file in case of failure.
This new implementation creates a new file for writing data into, and
renames it into the place of the original file after writing
finished.
Fixes: 151959443
Test: atest android.util.AtomicFileTest
Change-Id: I5c4c438526a2aecdd2af18f71e16b41a05817c61
Merged-In: I5c4c438526a2aecdd2af18f71e16b41a05817c61
These were previously being suppressed by doclava but with this change,
all failures are fixed and the suppression logic has been removed.
To fix the issues, there were a few possible changes made:
- broken reference to a public API (such as incorrect parameters): fixed
- unnecessary @link inside an @see tag: fixed
- @see referring to an @hide or @SystemApi: reference removed
- broken references to inner class constructors
- worked around by fully qualifying the constructor
Bug: 6963924
Test: make doc-comment-check-docs
Exempt-From-Owner-Approval: cherry-picked from master
Change-Id: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85
Merged-In: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85
(cherry picked from commit e0624c7a40)
Added a new flag "--statsd" to dumpsys procstats, it'll dump
the identical protobuf data as the one being sent to statsd;
these data is aggregated/reduced. The tradtional "--proto"
is still supported in case the full data is needed.
Align the ProcStats's proto message definition with the statsd.
Fixed various other issues with ProcStats's dumping.
Bug: 148542701
Test: atest ProcStatsValidationTests
Change-Id: I5a22603bfbc97bfac93179289df839710364677d
So we can show it in developer options. Also fix a bug
where the setting wasn't being respected in systemui.
Test: atest
Bug: 152907434
Change-Id: I1eaed93a0c8a1ec4486c7072972e2f924402bb94
-Use more idiomatic and efficient parceling
-Cleanup LocationRequest a bit
Bug: 151026407
Test: presubmits
Change-Id: I3865421a128417a5096e39ee110139a13ab9ab3b
This CL doens't change println_native() because:
- To avoid potential risks (jank?) because it's kind of late in the RVC
cycle.
- The JNI overhead is unlikely to be a major problem in logging. If apps
are making *that* many log calls, that itself would be a bigger
problem.
Test: treehugger / boot
Bug: 152217649
Change-Id: I86aeb62b217e5331e6bbd02a0ba592fd050a41b2
Use the same ordering of digest algorithms as the apksigner and
the general v3 checking do.
Test: adb install --incremental <apk> with v4 signature
Bug: b/151241461
Change-Id: I5c4c8339d7fd2ba127bd0f453efc9c04a8be7ac7
This is mainly refactoring, without any new logic.
Bug: 148005911
Test: Refactoring, presubmits are sufficient
Change-Id: I3b9b35f4a952edc04357a2c1b265b1d0f346d515
Modify source stamp verifier to produce non-present stamps when
receiving an error while reading the stamp file in an APK.
Bug: 148005911
Test: atest FrameworksCoreTests:SourceStampVerifierTest
Change-Id: I7682f51761e60b4236424cf2cdb6119f53259ab0
After the feature flag default enabled, Wi-Fi Settings
will use it in Wi-Fi picker / Wi-Fi detal / Saved Wi-Fi network
activities.
Bug: 70983952
Test: compile
Change-Id: Ia88ecd7b8f9eb5962c18c772cc130dc1153bfa1e
Reading a corrupted stream/file could cause an infinite loop while
reading values. Throw an exception if unexpectedly reached the end of
the stream.
Bug: 150192344
Test: atest ProtoInputStreamTests
Change-Id: Ie660545152ba821be0c371dd1e3bf7235372bc6d
This reverts commit 27c64a3bed.
Reason for revert: The GMSCore code to handle the flag will be part of DP2 and so we can remove the flag ahead of the cut.
GMSCore CL Status; https://cl-status.corp.google.com/#/summary/gmscore_prod/291378558
GMSCore Calendar; http://go/gms-schedule
Bug: 147481066
Test: m -j RunBackupFrameworksServicesRoboTests
Change-Id: I4159e064e739c6f366063c7fadd7cca40a7f07d9
When security logging is enabled on org-owned profile devices,
Security events will be redacted to preserve privacy on the personal
profile as follows:
* TAG_ADB_SHELL_CMD
Shell command will be redacted.
* TAG_MEDIA_MOUNT
* TAG_MEDIA_UNMOUNT
The media's volume name will be redacted.
* TAG_APP_PROCESS_START
* TAG_CERT_AUTHORITY_INSTALLED
* TAG_CERT_AUTHORITY_REMOVED
* TAG_KEY_GENERATED
* TAG_KEY_IMPORT
* TAG_KEY_DESTRUCTION
* TAG_KEY_INTEGRITY_VIOLATION
Only events happening inside the managed profile will be returned
to the admin.
Bug: 148437300
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest FrameworksServicesTests:SecurityEventTest
Test: atest FrameworksCoreTests:EventLogTest
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithSingleUser
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithTwoUsers
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingEnabledLogged
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testSecurityLogging
Change-Id: I2e52229a3163b3e0dc3d80d71700023394d84587
Make Settings UI feature flag's default value consistent with
default value of FUSE flag (as it is now on by default).
Test: Settings->Feature Flags->settings_fuse shows true (expected
default value)
Change-Id: I296063af08455fbcdf0442388fae566a1a0e6372
v4 is a streaming add-on to the existing v2/v3 schemas.
Flow:
- APK is signed with v2/v3 and v4 signature blocks,
- on installation, v4 signature bytes are stored next to the APK in
hidden block,
- on each read from APK, kernel verifies the v4 signature using
fs-verity-like code,
- on parsing/verification, we extract certificates from kernel and
compare them with certificates extracted from v2/v3 signature block.
By doing this we are making sure that v4 signature is produced by developer and original APK bytes are not changed.
Test: atest PkgInstallSignatureVerificationTest
Bug: b/136132412 b/133435829
Change-Id: Ia2a56c82c9864bf65e1338700dfe51abf6800deb
