Most of the time MediaProvider is making Binder calls on behalf of
an external caller, so use PropagateWorkSourceTransactListener to
ensure that we record the original source.
Bug: 125725916
Test: atest --test-mapping packages/apps/MediaProvider
Change-Id: I591dfb2903a54239639452954ea2d780e79b280c
Add new calls to bugreport API, all the while keeping the previous code
and logic untouched.
Added feature flag in Settings which if untouched, runs the old dumpstate workflow
by default. To test the new workflow turn on the feature flag from UI or
`adb shell setprop settings_call_bugreport_api true`.
Add permission TRIGGER_SHELL_BUGREPORT so that not all can send
broadcasts to trigger bugreports.
Create new receiver BugreportRequestedReceiver for the new broadcast intent that the shell app will
use.
Whitelist Shell app to use the bugreport API.
Bug: 123617758
Test: manually built and flash to device. Turn on the feature flag, generate bugreports and check
the onProgress and onFinish notifications.
Test: Turn off the feature flag test old workflow.
Change-Id: I1c7c258a48815a0386d7d4771301cd76f9cae3d0
The native services should specify their permissions in platform.xml if
they need internet permission, otherwise the eBPF program will block the
socket creation request. Fixing the known services that are in group
AID_INET but didn't specify their permission in the xml file.
Bug: 132217906
Test: CtsJdwpTestCases dumpsys netd trafficcontroller
Change-Id: I84cde7d3757953bc0bf761727d64a715bcdd68bb
Merged-In: I84cde7d3757953bc0bf761727d64a715bcdd68bb
(cherry picked from commit e5d6f0fa6c)
Now that we have LocalCallingIdentity, we can start caching it in
very narrow cases. We must be careful to not cache too long, since
any changes to granted permissions for the UID mean we need to
re-evaluate any cached answers.
The best middle-ground for this in the Q release is to use an active
camera session as a proxy for when we should create a cache object
and then later invalidate it. (It's very unlikely that a user
changes permissions while actively using the camera, and this is
a strong signal that the caller is sensitive to performance.)
Many other sprinkled optimizations to avoid extra binder calls into
the OS, such as aggressively caching VolumeInfo related details.
Track IDs that are owned by each LocalCallingIdentity, to speed up
all future security checks.
Dispatch all change notifications asynchronously, and delay them by
several seconds while the camera is being actively used, to give
more important foreground work a fighting chance. Invalidate
thumbnails asynchronously.
Optimizations to ModernMediaScanner where it's safe to skip the
"reconcile" and "clean" steps when we're focused on a single file
that we successfully scanned.
Local tests show this CL improves performance of a test app that
takes 100 rapid shots by 45%. (All the collective optimizations
done so far this week add up to a 70% improvement.)
Bug: 130758409
Test: atest --test-mapping packages/providers/MediaProvider
Exempt-From-Owner-Approval: trivial manifest change
Change-Id: I38cc826af47d41219ef44eae6fbd293caa0c01d5
Hence mark the new split permissions as 29 instead of 10000.
Fixes: 132898943
Test: atest SplitPermissionTest
Change-Id: I0aa3e9b4d60cea1a59b891f2fb2d94a734efebf2
1.Protect Device Identifiers: Starting in Android Q, apps must have the READ_PRIVILEGED_PHONE_STATE privileged permission in order to access the device's non-resettable identifiers
IMEI and serial is used for the *#06# dialog. OEMs needs this to run factory tests. Perhaps it is something that should be moved to telephony, but as the current state dialer is showing it.
2.Limit pre-installed app network permission:Preinstalled apps that want to access restricted network needs to declare the CONNECTIVITY_USE_RESTRICTED_NETWORKS permission.
Restricted network is used for VVM access.
Bug: 132081872,132080738
Test: Compile and load build
Change-Id: I246ab62a252d8a0335b8cc9ac5bb2089910781c9
RoleManager likes to terminate apps when roles are changed which does
not work in CTS tests. We need to use a temp override in Telecom
for now.
Test: Run the CTS tests over, and over and over again.
Bug: 131065482
Change-Id: Id36942f2813abdfa0020ce4805c492a69bd07d0e
(cherry picked from commit 509ef150f2)
When built as part of the system, the network stack and the
captive portal login app should have the BYPASS_PRIVATE_DNS
and CONNECTIVITY_USE_RESTRICTED_NETWORKS permissions.
These are necessary to validate restricted networks, bypass VPNs,
bypass private DNS for captive portal login, etc. Add these
permissions to privapp-permissions-platform.xml.
When installed as mainline modules that cannot use signature
permissions, the modules get this ability by virtue of having the
MAINLINE_NETWORK_STACK permissions.
Additionally, add the CONNECTIVITY_USE_RESTRICTED_NETWORKS
permission to the captive portal login app manifest, which did
not contain it.
Bug: 129789428
Test: builds, boots
Test: dumpsys package shows permissions
Change-Id: I632359f7eff09fed71167733ac75824a5aa57894
Merged-In: I632359f7eff09fed71167733ac75824a5aa57894
(cherry picked from commit 109dbf9c05)
Fixed by granting START_ACTIVITIES_FROM_BACKGROUND
to the cell broadcast receiver.
Test: Manual
Bug: 130384940
Change-Id: Ie563a8f11ac991ab9568f65df6a4d14eebe47c5e
Allows for testing APIs protected by this permission from CTS tests
Test: adb shell dumpsys package com.android.shell | grep "\bSTATUS_BAR:
granted=true" # should find the permission
Bug: 130178313
Change-Id: Ida0950664b98217d9c0801c0f19436c754ee6744
If an app can access the fine location it can obviously also access the
coarse location. There is code inside checkPermission that encapsulates
the logic.
This code fixes two issues:
- checkPermission might return for the coarse location even though the
permission is not even mentioned in PackageInfo.requestedPermissions.
Now the coarse location is always added to requstedPermissions when
the fine location is in the manifest even if the app does not have
the coarse location in the manifest
- If the app requests the fine location only we might unintentionally
kill the requesting app.
1. App does not have any permissions granted
2. App request FINE_LOCATION
3. Permission controller reads (and caches) permission state: FINE=revoked,
COARSE=revoked
4. User grants FINE_LOCATION -> Perm controller updates internal
state: FINE=revoked, COARSE=revoke
5. Perm controller applies FINE_LOCATION state to the system
6. Perm controller looks as COARSE and checks if it is granted.
Because it is implied, it now shows up as granted. Hence perm
controller will try to revoke it which kills the app
The solution is that it will be impossible to only request
FINE_LOCATION by itself. This change will automatically add requesting
COARSE_LOCATION, whenever FINE_LOCATION is requested
Fixes: 130358762
Test: Reproduced scenario in bug 130358762
Change-Id: I217c0b23063617f60b98c805af1d122a6ec0608e
Creates Dark Theme tile and adds it to the default config,
under the fold.
Test: manually toggle tile
Fixes: 130253100
Change-Id: I2859d2eb20db1c6d9dd8e8e24979294316b905bb
- Also remove typed media permissions
- Leave typed media app-ops
Bug: 129716569
Test: Used apps, looked at permissions in the UI
Change-Id: If7714fb1a6955584157e1a60ab72b09e35287827
Add NETWORK_SCAN to shell permissions to enable CTS testing of the
network scan changes
Bug: 126779616
Test: CTS
Change-Id: I1f75c9005620b3b0e06f066677cba6190f1d266c
The app is moving to /product, to separate out its permission
grants to a separate file and move that file to /product as well.
Bug: 122353713
Test: boot aosp_arm64 emulator
Change-Id: Ic165aae180a002c3566e3c1b1495a1d50dfd0e4a
This app will pretend to be the Settings app when sending
location access notifications.
Bug: 128608303
Test: boot
Change-Id: I447510bbe323f3de40828a5cb4a37abe1c44c990
