- Set ThreadLocalWorkSource to the work source uid when app has the
UPDATE_DEVICE_STATS permission. We only enable that in system server for
now.
- By default, set ThreadLocalWorkSource to the calling uid since we
always trust this value.
- If an app sets a work source uid without having the right permission,
we just ignore it (we do not throw an exception)
A follow-up commit will update the code to use the worksource from the
beginning of the call. Currently we get the work source at the end
inside of BinderCallStats, however the value might have been changed
when executing onTransact.
Test: atest binderLibTest BinderWorkSourceTest BinderCallsStatsServiceTest
Change-Id: I351b8ac2b31feececc46c73f373f198b9b603c7e
No permission added for now as there is no sensitive data exposed, other
than get system thermal status.
CTS will be added later to make sure call back triggered when status changes.
Bug: b/119613338
Test: PowerManager CTS test
Change-Id: I2e5ab716df82d82aa31cb1015bd5548fe312c1a4
Temporarily disable ANGLE rules file checking to avoid
LeakedClosableViolation which is triggering crashes.
This can be removed when refactor is completed that avoids
holding a file descriptor open until the driver loads.
Bug: 119516511
Test: cts-tradefed run singleCommand cts -m CtsAngleIntegrationHostTestCases
Change-Id: Icd8a48c853825ebfd64cf0746ae8203554e1684e
When the caller doesn't hold the ACCESS_MEDIA_LOCATION permission,
any location Exif tags should be redacted for privacy reasons. We
still allow unredacted raw file access if the media is owned by the
calling app, since they should be able to see data they contributed.
Certain backup apps really want to see the original contents without
any redaction, so provide them a setRequireOriginal() API so they
get a strong exception whenever the original bits can't be provided.
Add the ability to open a redacted file for read/write access by
stopping redaction for any ranges that have been overwritten with
new data, along with tests to verify this behavior.
Extend "content" tool to bind null values.
Bug: 111892141
Test: atest android.os.RedactingFileDescriptorTest
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: I47b220036a712d9d49547196b90e031b10760f84
Mostly designed for use by tests, but start using it elsewhere in OS
for consistency.
Bug: 119713234
Test: manual
Change-Id: I803671fd84547b75337bebf00c2fa2bdaf0f72e7
This reverts commit 9c7b131996.
Reason for revert: Fixed build failures due to merge
Change-Id: I7d7bfed3a3234b966f3fe3fd6e0cbc63d2bedf83
Test: unit test
This is necessary for low-impact logging useful for training.
Test: gets RSS correctly
bug 119789589
Change-Id: Ie32202ff9280208dbe967a22883d8ed1198fa724
This change updates the permissions design to use app-ops for
controlling write access, which is only extended to the default app
for a particular collection type.
Bug: 119713234
Test: atest android.appsecurity.cts.PermissionsHostTest
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: I40811ff175b3b8410b58ed901948a23a56f8a8c2
This dumping is done with the ActivityManagerService lock held, and
can take a while. Therefore, do the dumping without the lock, and
only dump proxy interface counts if the number of proxies looks
unreasonable to start with.
Bug: 119616995
Test: boots, bugreport doesn't dump proxy interfaces with normal count
Change-Id: If7ca8fbe08362db2ef57bf2e210160f37859fd79
Test: Manually on Thermal HAL 2.0 device
Test: Manually on Thermal HAL 1.1 device
Test: Manually on no Thermal HAL emulator
Test: atest $ANDROID_BUILD_TOP/frameworks/base/services/tests/servicestests/src/com/android/server/power/ThermalManagerServiceTest.java
Bug: 111086696
Bug: 119413961
Change-Id: I6723406123d12339e82e9e87eec14b7f9a301897
go/startdream
This is a simplier alternative to ag/5460565
Bug: 119130690
Test: Use of API from launcherX
Change-Id: I9b8e1dc04095045077c37014290120efec9dc331
