Don't install packages where we have multiple, conflicting
<uses-permission> lines for the same permission.
For example, a package which contains:
<uses-permission android:name="android.permission.INTERNET" android:required="false" />
<uses-permission android:name="android.permission.INTERNET" android:required="true" />
will now fail to install.
In addition, this change slightly refactors the code, and creates a new
parseUsesPermission() method.
Change-Id: I0f4bb8b51dc4a0c5b73458a70f706e19829275d2
Don't honor <uses-permission android:required="false"> on older apps.
Lots of apps in the wild are improperly using this, and we don't
want to break them.
Bug: 8528162
Change-Id: I6e0a10bc9feac58d13ef624239c6b91e9fc34590
Check for file:// Uris inside Intents, ClipData, Notifications and
RemoteViews when StrictMode option is enabled.
Also introduces Intent.prepareToLeaveProcess() to uniformly handle
Intents about to leave an app process.
Bug: 8529070
Change-Id: I8efb43877cbc5f21eb029fc6492b3ee1415059ef
Add global key configuration file. A global key is one that is handled by
PhoneWindowManager before dispatching and sent to a given component via
broadcast instead of going to the foreground app.
Bug: 8510681
Change-Id: Ic6a8e559680d005613ed22874b27eb78bbfc4499
This makes it faster for applications that don't want to collect all the
certificates but do want the AndroidManifest.xml digest.
Bug: 8528639
Change-Id: Ide9498d0981188960af194a9568387337c075bcc
More getters and setters, better naming.
New extra defined for returning a custom intent that handles showing the
restrictions UI.
Change-Id: I2ee0cdb4edd99e71a9004ff5e929dbe243b45557
Updated API headers. Add BluetoothManager to be retrieved by
context.getSystemService(Context.BLUETOOTH_SERVICE).
LE scan functions are placed in BluetoothAdapter
The GATT API are device driven instead of a profile-driver.
bug 8450158
Change-Id: I424a4cedaac3ef8120a05996500008dd210d2553
When accounts are shared to a restricted/limited user, apps can
opt-in to viewing accounts of a certain type. Other shared accounts
are not visible to the app.
App would specify the account type in the manifest <application> tag
with the attribute restrictedAccountType="foo.bar", where "foo.bar"
is the account type as defined by the authenticator.
Change-Id: I7586da04d6d6d32aae15adc6b1366f325bb07384
Modify the package parsing code to understand optional permissions
(android:required="false"). This is essentially a rollback of
e824120016 with some minor changes.
Expose the requestPermission API to third party apps. This allows
an app to request an Intent which, when passed to
startActivityForResult, will prompt the user to approve permissions
for an app.
In the event we decide to not launch with this feature, this change
can be rolled back.
Change-Id: Ie3626deae9b16e510323f94a2c80377f7c84b26f
Add the buildPermissionRequestIntent API to PackageManager. This allows
an app to request an Intent which, when passed to
startActivityForResult, will prompt the user to approve permissions
for an app.
Currently, the API is @hide. It will be unhidden in a future change.
Change-Id: I4ec677002afa799a6eb5c2657c28452c91012436
The original documentation for this class indicated a leading slash was possible
but the code did not support it. Since then, the docs were changed to reflect
what the code does.
The purpose of this change is to allow the use of uri.getPath() as an argument.
With this change, the following can be done
matcher.addURI(ContactsContract.AUTHORITY,
ContactsContract.CONTENT_FILTER_URI.getPath(), CONTACTS_FILTER)
instead of
matcher.addURI(ContactsContract.AUTHORITY,
"contacts/filter", CONTACTS_FILTER)
Change-Id: I76a9e3133365be9fe7a8de86eae57f9eea1cd2a3
This patch set allows the PMS to parse the
mac_permissions.xml file which contains the
seinfo values. Each package that is installed
on the device will be assigned an seinfo value
based on policy. This seinfo value will help label
the app process and data directory. Modifications
include adjustments to ApplicationInfo.java
to store the seinfo tag per package as well as
adjustments to installd to communicate the seinfo
tag to libselinux.
Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This patch set allows the PMS to parse the
mac_permissions.xml file which contains the
seinfo values. Each package that is installed
on the device will be assigned an seinfo value
based on policy. This seinfo value will help label
the app process and data directory. Modifications
include adjustments to ApplicationInfo.java
to store the seinfo tag per package as well as
adjustments to installd to communicate the seinfo
tag to libselinux.
Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
If the caller supplied an empty selection string (instead
of null) we would crash due to creating a bad SQLite statement.
Change-Id: I462803b80c81815ed9a3a320c23060daa28e8114
8323587: Add feature for supporting app widgets
8323342: Add feature for replacing the home screen
8323590: Add feature for supporting input methods
The app widget service looks for the app widget feature
and refuses to work if it doesn't exist. I didn't do
this for the input method service because some devices
will probably want to still make use of that mechanism
without supporting third party input methods.
Change-Id: Ie3b089105e104f4d767cdb03cdbe4fdb1c17382e
Adds the ability for apps to export some restrictions. The restrictions
are presented in Settings based on the restriction type. The user's
selections are stored by UserManagerService and provided to the
target user's application as a list of RestrictionEntry objects which
contain the key, value(s).
Also introduce a manifest entry for system apps to request that the
app be automatically installed in all users, so that they cannot be
deselected by the owner user.
Shared account filtering for non-whitelisted apps.
Change-Id: I15b741e3c0f3448883cb364c130783f1f6ea7ce6
If AsyncTaskLoader starts a background update due to a
content change, and that update is cancelled, we drop the
data when it finally arrives and forget that the content changed.
If we later come back to the loader, we then end up showing
stale data because we don't know that we still need to update
due to the old content change.
This change adds a couple new APIs to Loader to deal with the
time between when you ask for whether there is a content change
and finally either commit the data or cancel the update.
AsyncTaskLoader is changed to make use of this so that it doesn't
lose changes.
Change-Id: I3866236b1c22bb9138f2d9f6032b126aeaee2e6e
You can now declare shared libraries in apks that are
on the system image. This is like the existing mechanism
of using raw jar files as shared libraries, but since they
are contained in an apk the library can actually be updated
from the Play Store. And this even (mostly) works.
There are some deliberate limitations on this feature. A
new shared library *must* be declared by an apk on the system
image. Installing an update to a system image apk does not
allow you to add new shared libraries; they must be defined
by everything on the base system image. This allows us to
get rid of a lot of ugly edge cases (shared libraries that were
there disappearing after an update is uninstalled for example)
and give some brakes on apps that happen to be pre-installed
on devices from being able to throw in new shared libraries
after the fact.
In working on this, I ran into a recently introduced bug where
uninstalling updated to system apps would fail. This was done
to allow for the new restricted users that don't have all
system apps, but conflicts with the existing semantics for
uninstalling system apps. To fix this I added a new uninstall
flag that lets you switch on the new mode if desired.
Also to implement the desired logic for limitations on declaring
new shared libraries in app updates, I needed to slightly tweak
the initial boot to keep the Package object for hidden system
packages associated with their PackageSetting, so we can look at
it to determine which shared libraries are allowed. I think
this is probably more right than it was before -- we already
need to parse the package anyway, so we have it, and when you
install an update to a system app we are in this same state
until you reboot anyway.
And having this fixed also allowed me to fix another bug where
we wouldn't grant a new permission to an updated app if its
system image version is updated to request the permission but
its version is still older than whatever is currently installed
as an update. So that's good.
Also add new sample code showing the implementation of an apk
shared library and a client app using it.
Change-Id: I8ccca8f3c3bffd036c5968e22bd7f8a73e69be22
