The PermissonController is going to become a mainline module, hence it
has to compile against @SystemApi.
PackageManager#arePermissionsIndividuallyControlled controls how certain
permissions are presented in the UI, hence Permission controller needs
to read it. The value of this API comes from a config option.
Bug: 110953302
Test: Built
Change-Id: If78b1bb594af0c85e92abf70ae8315e7ba3f31fa
No need to create an extra field for a boolean flag. Move the recently
added ApplicationInfo.usesNonSdkApi to one bit in privateFlags.
This also solves an issue where the field was not propagated during
copying of the data structure.
Bug: 113315999
Test: phone boots
Change-Id: I09f8f39454c013a84893ac304904a4412fc542bf
The change introduces the following:
- BiometricPrompt communicatates with BiometricPromptService (new)
system service. The service does the decision making for which
biometric modality to use.
- As a result, a lot of logic is moved from <Biometric>Manager
to BiometricPrompt. FingerprintManager now does not care about
BiometricPrompt logic anymore (reverts several P changes).
Face, and all future <Biometric>Service interfaces must be protected by
the signature-only MANAGE_BIOMETRIC permission. Settings, SystemUI, and
BiometricPromptService are their only clients.
Bug: 72825012
Test: BiometricPromptDemo works
Test: Keyguard works
Test: Settings works
Change-Id: I2b7d6eff81bc07950202c50e592d733032523bf0
Also make the new lib only use system-apis.
This allows mainline module to use the new
RestrictedLockUtilsSettingLib.
Unfortunately the whole RestrictedLockUtils would have caused to much
new system-api. Hence it was split into RestrictedLockUtils and
RestrictedLockUtilsInternal. This caused a lot of trivial code changes.
Bug: 110953302
Test: Built
Change-Id: I693b3bf56f3be71f0790776e3aad5694717786ef
Recently in I830717428e72ac37c5ecd1f23d915aa878ef3744, we greatly
improved the underlying file-extension-to-MIME-type mappings defined
in libcore and used across the OS.
Instead of maintaining divergent mappings here in MediaFile, this
change delegates all file extension logic down to libcore, and
standardizes all MediaScanner internals on using MIME types. To
register new file types in the future:
1. Add the MIME-to-extension registration in libcore.
2. Add the MIME-to-MTP mapping here in MediaFile.
This change also ensures that unknown MIME types are surfaced
across MTP, using constants like FORMAT_UNDEFINED_AUDIO for audio/*
until an explicit format is defined.
We now surface WMA/WMV file formats, even if the device can't
natively play them back, since we still want to offer the ability
for users to copy them around, and the user may have a third-party
app capable of playing them.
Keeps @UnsupportedAppUsage intact for now.
Bug: 111268862, 112162449
Test: atest frameworks/base/media/tests/MediaFrameworkTest/src/com/android/mediaframeworktest/unit/MediaFileTest.java
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: I2f6a5411bc215f776f00e0f9a4b7d825b10b377d
ActivityManagerService decides on the non-SDK API enforcement policy
of every newly spawned process. System apps can be exempted by adding
their package name to a config XML file, tests can pass a flag to
'am instrument'. This patch adds a new @hide attribute on the <application>
manifest tag, "android:usesNonSdkApi", which can be used by both
system apps and tests, and is automatically set by the build system.
The use of the attribute remains guarded as follows:
- if invoked via 'am instrument', must hold shell user permission,
- if app launched, must be a system app or an updated system app.
The attribute is ignored in all other cases.
Bug: 113315999
Test: N/A
Change-Id: I2f6cb56f63fa2c5dd6c7c25fcefe8205da1ec96a
StorageManagerService uses DefaultContainerService to obtain ObbInfo
for files passed through mountObb() transaction. This change moves this
logic to client side and so ObbInfo will be passed as part of mountObb()
transaction.
Bug: 111838160
Test: atest src/android/os/storage/cts/StorageManagerTest.java
Test: atest core/tests/coretests/src/android/os/storage/StorageManagerIntegrationTest.java
Test: atest services/tests/servicestests/src/com/android/server/MountServiceTests.java
Change-Id: I29aee3aa54a45057df96aae289888161a3e3af71
In P we moved destroying per-user shared storage into installd,
where it can iterate quickly over large sets of files. This change
now moves cleaning/destroying of per-app shared storage data down into
installd, letting us greatly simplify the logic in PMS to no longer
require spinning up DefaultContainerService. This also fixes an
obscure bug where DCS (which always runs as USER_SYSTEM) wasn't able
to clear shared storage for secondary users.
This also gives us the ability to target specific storage devices
by UUID, such as when the user has migrated their primary shared
storage to an adopted device.
We no longer distinguish between keeping or deleting OBB files
during various operations, since upcoming changes in the Q release
will mean OBB files are no longer shared between users, and they'll
now live inside a sandbox that will be fully cleared when the user
clears data. (Going forward, apps should be using splits instead
of OBBs, so they're effectively deprecated.)
Uses newer "const" feature of AIDL to ensure constant values remain
consistent between native and Java code.
Bug: 111854851, 111838160
Test: atest android.appsecurity.cts.StorageHostTest#testCache
Change-Id: Ib90be155718a768da76110fbfcf010a471b37378
Previously, you could not use references to colors in places that
expected a Drawable. This new class, ColorStateListDrawable bridges the
gap by attaching a ColorStateList to a ColorDrawable, and hooks it into
resource loading wherever you might expect a Drawable.
Fixes: 18126411
Test: Unit tests to be added to CTS
Change-Id: I0ff9a089669da96e6b22b214f04d6726bc278152
Continue trying to reduce the size of PackageManagerService by
extracting intent queries to a separate class. This is the first,
low hanging fruit, pass.
Test: Manual
Fixes: 110090130
Change-Id: I89f6968b3460ad9d64cdac75bea1eac8a9c90599
Much of the time for View inflation is spent in calls to
obtainStyledAttributes. This change adds more granular tracing of this method so
we can better attribute how inflation time is spent.
Test: manual - looked at systrace for starting an app.
Change-Id: Ib72aef1e8b788ce5a61ba13b57bb4417a263b48c
This matches the pattern for other package broadcasts
(e.g. package removed) and reduces ambiguity for
system_server services that handle the broadcast.
Test: presubmit, adb shell pm suspend(/unsuspend)
Change-Id: I41c3b853cbc6aac15a6cef7409309c0859ca783e
Fixes: 112439969
This CL is largely an adaptation of Change-Id
I16175933cebd9ec665d190cc5d564b5414a91827 . I also used the same way for
testing the change.
This CL will support the followings.
- installing a RRO package for framework from /product-services/overlay
- installing apps from /product-services/app
- installing priv-apps from /product-services/priv-app
- installing permissions from
/product-services/etc/[default-permissions|permissions|sysconfig]
Bug: 80741439
Test: `mm` under frameworks/base/tests/[libs|privapp]-permissions
adb sync && adb reboot
adb shell cmd package list libraries
=> confirmed com.android.test.libs.product_services library
adb shell cmd package dump \
com.android.framework.permission.privapp.tests.product_services
=> confirmed that the package is a priv-app
And I moved vendor/overlay/framework-res__auto_generated_rro.apk
into system/product-services/overlay/ on taimen, and I confirmed that the
RRO was installed properly.
Change-Id: I7a6a30bf8e8db9f2738594d187bb9148f138b8da
(cherry picked from commit a4af41736894bd3bf5bdc2a279acbeed2a24dd3d)
Bug: None
Test: I solemnly swear I tested this conflict resolution.
Merged-In: Ia79256a3d04e16dd78331a61af0dcddc5fc1599b
Change-Id: Ieb9836ae90f6f2565fa3ba5c395b42069b58ff71
For packages:
android.content.res
android.content.pm.split
android.content.pm.permission
android.content.pm.dex
android.content.pm
android.content.om
android.content
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ie932bb108f8e21aad8576e444d43e7a553a4d128
Merged-In: Ia79256a3d04e16dd78331a61af0dcddc5fc1599b
For packages:
android.content.res
android.content.pm.split
android.content.pm.permission
android.content.pm.dex
android.content.pm
android.content.om
android.content
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ia79256a3d04e16dd78331a61af0dcddc5fc1599b
System components (like MediaProvider) will live in a mount namespace
that has a view of the "real" shared storage device, and normal apps
will have "sandboxed" views of the shared storage device. (Parallel
changes are implementing these namespaces in vold and installd.)
The system components mentioned above will need to translate between
the two namespaces, so this change introduces methods that perform
that translation, along with a nice batch of tests to verify.
Test: atest frameworks/base/services/tests/servicestests/src/com/android/server/StorageManagerServiceTest.java
Bug: 111893193, 111892833, 111268862
Change-Id: Iae91a44ce09eb33d6cd9b90f6c7b4f88c8cd12f0
We now have separate permissions that correspond to the various
MediaStore tables:
-- READ/WRITE_MEDIA_AUDIO
-- READ/WRITE_MEDIA_VIDEO
-- READ/WRITE_MEDIA_IMAGES
From a product point-of-view, Images and Videos will being treated as
a single permission group of "Visual" media in Q. We're also defining
two other special permissions:
-- ACCESS_MEDIA_LOCATION: indicating that the app can see any
geographic location related metadata associated with media, such
as being stored in the EXIF data. We're willing to grant this under
the unbrella of the larger "Visual" runtime permission group, but we
still want apps to request it for full disclosure of their intent.
-- WRITE_OBB: can be held by app stores that need to deliver OBB
files into app-specific sandboxes to keep legacy apps working.
Test: manual
Bug: 111801780, 110228267, 111789719, 111892833
Change-Id: If28247efdd7ac185ad3c6cbceda2e6346c26d032
