A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug: 33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
Merged-In: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit 7ff418d9a9)
System server is no longer allowed to grant uri permission directly. As a result
we use grantUriPermissionFromIntent() to grant permission from the shell UID,
who is the owner of the bug report content.
Also fix a security bug where the broadcast to notify user consent of remote
bug report mismatches the <protected-broadcast> definition, causing it to be
sendable by anyone.
Bug: 34159108
Test: manual - Install TestDPC and request bugreport, try accept and decline
once the report is ready (Bullhead).
Merged-In: I66e3f2a16d4547549f09d3c96d52aed2330caedf
Change-Id: I66e3f2a16d4547549f09d3c96d52aed2330caedf
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug: 33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit 7ff418d9a9)
On FBE devices, don't save the metrics to disk but compute them when the
password is first entered and only store them in RAM.
Merged-in: 5daf273b7e
Bug: 32793550
Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug: 32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
Fix issue #30766518: Document what targeting N does
Also small documentation cleanup in a few other places.
(cherry picked from commit b34cbedb4e)
Change-Id: I9560b29faa4f2674277349272af8193122a1f95e
We can no longer return the "my_downloads" paths: if those Uris were
shared beyond the app that requested the download, access would be
denied. Instead, we need to switch to using "all_downloads" Uris so
that permission grants can be issued to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, DownloadProvider now issues narrow grants
toward the owner of each download, both at device boot and when new
downloads are started.
Bug: 30537115, 30945409
Change-Id: I533125b36444877f54373d88922f2acc777e250b
The Fragments API guide was moved, but apparently a redirect was
never set up. Also, there are a few links to the old location in
the Javadocs.
Staged the revised Javadocs (see first comment for stage location).
Not going to stage the redirects file since it would trash another,
bigger CL that deals with the redirects file, but it's pretty
straightforward.
bug: 30559011
Change-Id: Ibd65f85c1ebb9789c1d40614fe11fe4ffda97e58
Bug 30786309
If the Activity used in makeSceneTransitionAnimation isn't
the same one used in the startActivity call, a NullPointerException
could be thrown.
Change-Id: Id21c54fcf99b353feab62f7fc160997ed06e7d23
(cherry picked from commit 3289bfa289)
(cherry picked from commit a3edbf6a5d)
Mitigates an issue where a LevelListDrawable would constantly
be reloaded even if unchanged. To avoid this, small icons are
now only reloaded if they no longer point to the same resource.
Note that StatusBarIconView already has this logic.
Change-Id: I6be436e5cef7b7ca91a28edc413b1aaa0f1007d5
Fixes: 30496073
In the class description, fixed the reference link that points to the
Fragments guide.
Bug: 29007808
Change-Id: I3399e5f10c461eb6666a04f8829c6cde774948e0
* changes:
Improved the transition when clicking on the last notification
Fixed a bug that could lead to an empty notification
Removed contentDescriptions that hindered accessibility usability
Fixes a bug where setting a null bigLargeIcon would not clear it
Fixed the transition of the background of the notifications
Fixed a bug where the notification would fade out in a ugly way
This is a squashed rollup of backup/restore infrastructural work in
the N release. It intentionally omits semantic/API changes such
as the introduction of the onQuotaExceeded() callback.
This patchset should not be merged beyond M maintenance releases.
Bug 29617908
Bug 29848715
Change-Id: I1eb25ad07f3bbf1132198d8a233722c41f1ac4cc
An accidental side-effect of introducing the XML content file and its
domain semantic checking was that the shared-storage domain got
dropped on the floor. Now the mechanism understands what it means
again.
Bug 29999884
Change-Id: I22b99c96869683d1a92430f237dda54b170b8f60
