This is the crux of the Verified Access feature implementation:
Adding the ability to generate KeyChain keys directly by the
secure hardware, rather than installing software-generated keys
into KeyChain.
Add generateKeyPair to the DevicePolicyManager, which delegates key
generation (via the DevicePolicyManagerService) to the KeyChainService.
Design highlights:
* The key generation is delegated via the DevicePolicyManagerService to
check that only authorized callers request key generation in KeyChain.
* KeyChainService performs the actual key generation so it owns the key
in Keystore outright.
* DevicePolicyManagerService then grants the calling app access to the
Keystore key, so it can actually be used.
* Loading the public/private key pair, as well as attestation
certificate chain, is done in the client code (DevicePolicyManager)
to save parceling / unparceling those objects across process
boundaries twice (for no good reason).
NOTE: The key attestation functionality (that includes Device ID) is
missing/untested. Will be added in a follow-up CL as this one is quite
big already.
HIGHLIGHT FOR REVIEWERS:
* API: New API in DevicePolicyManager.
Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG; adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner' (After building the KeystoreTests target and installing the apk)
Change-Id: I73762c9123f32a94d454ba4f8b533883b55c44cc
This adds TransactionExecutor class, that takes care of executing
a multi-stage ActivityManager client transaction in correct order.
First it executes all callbacks, while also making sure to transition
to the right pre- and post-execution state if requested.
In the end it cycles to the final requested lifecycle state.
This also switches activity launch process to use lifecycler - it
initializes activity launch and sets final desired state in the same
transaction.
Bug: 64797980
Test: android.app.servertransaction.TransactionExecutorTests
Change-Id: I306f9396fab263682f580cc8c924a3cedb40ef89
So, UMS can start the target once user is unlocked.
Test: No secure lock. Try turn off and on work mode by tapping work app.
Test: Have secure lock. Try turn off and on work mode by tapping work app.
Test: Turn off work mode. Reboot. Try to tap on any work app to turn on work mode.
BUG:69926710
Change-Id: Iaaccd5d763f7e36e5a43bad5261f1eb16060f9d6
Historically, if a service returns null from onBind(), the binding app
gets no information about the outcome: the ServiceConnection is never
invoked. We now introduce a new connection callback, onNullBinding(),
for apps that need to detect this situation. When the service rejects
the binding by returning null, the onNullBinding() callback in the
associated ServiceConnection is invoked instead of onServiceConnected().
onNullBinding() has an empty default implementation, so there is no
binary-compatibility impact of this new interface method.
Bug: 67377345
Test: atest android.app.cts.ServiceTest
Change-Id: I224512c118f7d6e5c1c2bb69eca1902882e73594
Apps seem to rely on this undocumented behavior so that the
threaded sync adapter doesn't crash an app. That's really
bad on the app side, but we will have to live with it.
Bug: 67986472
Bug: 70122540
Test: m
Test: Device boots
Test: m cts && cts-tradefed run commandAndExit cts-dev --module CtsContentTestCases -c android.content.cts.SharedPreferencesTest
Change-Id: I1ee4dfba4ad29c4f66fa60d3c8f8a99900b3447a
The API allows a system apps which acquired
{@code android.permission.READ_RUNTIME_PROFILE} to snapshot the runtime
profiles of installed packages.
The API is implemented in a new service class (AndroidRuntimeManager)
accessible from the context using
context().getPackageManager().getAndroidRuntimeManager().
The main functionality is exposed as a one way call into the
AndroidRuntimeManager with the result being posted on a callback. The
profile is available to the caller as a read-only ParcelFileDescriptor.
This CL only adds the API interfaces and validation. It does not fully
implement the functionality.
oneway void snapshotRuntimeProfile(in String packageName,
in String codePath, in ISnapshotRuntimeProfileCallback callback)
Bug: 30934496
Test: gts-tradefed -m GtsAndroidRuntimeManagerHostTestCases
Change-Id: Iaa6be4715840f24508acba3162ea9c1ab725bd38
Bug: 67843538
Test: Manual test with CloudDpc that logout button can be controlled by DevicePolicyManager API and only enabled in shared userse
Test: Logout button can actually exit the user and ActivityManager log shows that user is stopped
Test: CTS is tracked in b/67843605
Change-Id: I9f27050654958ce55f574dd05ff80609255ffeb4
It turns the version code into almost a 64-bit integer, with the
new major part being the upper 32 bits.
The only tricky part about this is the backup manager, since it
stored 32-bit version codes in its backup data sets. This is dealt
with by, when the major version code is not 0, writing MIN_INT as
the version code and following that by the full long version code,
which we can detect when reading. Note that this makes backup sets
containing apps with major version codes incompatible with older
versions of the platform.
Bug: 64459786
Test: Added in Change-Id: Iab8a682b62103babd6c16a56b8dc1e97d7078658
Change-Id: Ibfffe235bbfcf358b3741abd3f7197fdb063d3f3
If the current activity stack we are resuming is in multi-window mode
and the last resumed activity stack should still be visible, then don't
send userLeaving hint as the activity will still be visible to the user
after onPause is called.
Also, added option to say if recents activity should be shown when
split-screen is activated. starting the recents activity during
CTS testing can cause timing issues since the recents activity might
be started after the activity we are trying to launch adjacent to
split-screen.
Change-Id: Iba1d0749062e7365a207ba1172705b5ab70cb869
Fixes: 69419620
Test: ActivityManagerSplitScreenTests.testNoUserLeaveHintOnMultiWindowModeChanged
Allow apps to query their own standby bucket.
Allow privileged apps with PACKAGE_USAGE_STATS permission to
query apps.
Allow privileged apps with CHANGE_APP_IDLE_STATE to set the
standby state for apps, but not for themselves.
Removed AppStandby class and moved constants into UsageStatsManager.
Bug: 63527785
Test: cts-tradefed run cts-dev -m CtsAppUsageHostTestCases
Change-Id: I3c1c20f6ecb6d54e248233696039286b243d663c
The previous screenshot requests in SystemUI would generate a bitmap
and then adjust crop and rotation afterwards. Bitmaps from screenshots
are now hw Bitmaps so they can't be updated in software. Instead request
the proper crop and rotation from the native code to generate a Bitmap
with the correct configurations.
Change-Id: I4591c468b055c784460e5ddf2f9163ffa943c2ee
Fixes: 69898957
Test: Manual screenshots work and bugreport screenshots work in landscape.
- DevicePolicyManager.setKeyguardDisabled
- DevicePolicyManager.setStatusBarDisabled
- DevicePolicyManager.setDeviceOwnerLockScreenInfo
- PackageInstaller install and uninstall apps
Bug: 64383519
Test: Can set keyguard disabled, status bar disabled and lock screen message in
affliated PO
Test: Can install and uninstall apps in affiliated PO
Test: CTS tracked in b/68925683
Change-Id: I71be25098436ba0b42050478c049850c2b21f6f4
This CL introduces the updateTransportAttributes() API to be used by the
transport hosts. It doesn't actually use the description attributes yet,
this will go in another CL. This is because I want to test that CL
together with transport usage. Tests are lacking for TransportManager
and BMS, I'll still add them, but I'm trying to migrate Robolectric
first.
Ref: http://go/br-binding-on-demand
Bug: 17140907
Test: make RunFrameworksServicesRoboTests
Test: runtest -p com.android.server.backup frameworks-services
Test: gts-tradefed run commandAndExit gts-dev -m GtsBackupTestCases
Test: gts-tradefed run commandAndExit gts-dev -m GtsBackupHostTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsBackupTestCases
Change-Id: I56f7b5a5026d21d8f11afb371d5560d4913c5f2a
Privileged apps can now be located in the vendor partition. This is
mainly to move SoC-dependent apks to the vendor partition so that the
system partition becomes more generic.
Like existing privileged apps in the system partition, the list of
privileged apps in the vendor partition and the permissions they are
using must be white-listed. The whitelist can be specified via
<privapp-permissions> tags in one of /vendor/etc/permissions/*.xml
files. Note: vendors can only white-list the apps in vendor partition,
but not the apps in system partition.
This change also introduces a new flag 'vendor-privileged' to the
permission protection level. It is used to expose platform-defined
permissions to the privileged vendor apps. If a platform permission does
not have this flag, it is not granted to vendor apps even when the app
is privileged and white-listed.
Bug: 35301609
Test: `mm` under frameworks/base/tests/privapp-permissions
adb sync && adb reboot
adb shell cmd package \
com.android.framework.permission.privapp.tests.vendor
shows that the app is installed.
android.permission.BIND_IMS_SERVICE is in the installed permissions list
android.permission.MANAGE_USE is not in the installed permissions list,
but is in the requested permissions list.
Change-Id: I196375aaaa9ea3a2ba15686ef08cf3f70ade7046
The api inKeyguardRestrictedInputMode is no longer needed,
deprecate it. Redirect output to isKeyguardLocked().
Remove inKeyguardRestrictedKeyInputMode.
Test: make, flash, use system ui
Bug: 65998293
Change-Id: Ie2609758fc013aab10530a1be087c983c51d86b0
