This reverts commit a0a20dc23b.
Reason for revert: This is causing a number of fatal crashes in SystemUI. See b/158081578, b/158057055, b/158060735, and b/158061923.
Fixes: 158081578
Fixes: 158057055
Fixes: 158060735
Fixes: 158061923
Change-Id: If7e6cd4ade3df540ba7d97d9265564132a235292
Instead of relying on the user hint in the intent, we now explicitly
set the calling user as an intent extra.
Fixes: 149741820
Test: atest ChooserActivityTest
Test: atest ResolverActivityTest
Test: manual
Change-Id: Iaa37fc1330abbb419035d899fad166afc53aaea8
* if the user taps quickly such that there is only ACTION_DOWN and
ACTION_UP, without ACTION_MOVE, it'd be possible that the
isSecure check is not respected. This patch fixes that case.
Test: atest android.autofillservice.cts.inline
Bug: 157772682
Bug: 158038231
Change-Id: Icd21bf2f88259673bb9b20e46e63672648495eac
And fix a bug with toggling priority I noticed while testing
Test: atest
Fixes: 157988478
Bug: 155490513
Change-Id: I8f5a6076ed2aa6c862a187bac15f3ad9af3cd141
To mitigate a boot loop with reading a massive
install_sessions.xml file, this restricts the amount of
data that can be written by limiting the size of
unbounded parameters like package name and app label.
This introduces a lowered max session count. 50 for general
applications without the INSTALL_PACKAGES permission, and
the same 1024 for those with the permission.
Also truncates labels read from PackageItemInfo to 1000
characters, which is probably enough.
These changes restrict a malicious third party app to ~0.15 MB
written to disk, and a valid installer to ~3.6 MB, as opposed to
the >1000 MB previously allowed.
These numbers assume no install granted runtime permissions.
Those were not restricted since there's no good way to do so,
but it's assumed that any installer with that permission is
highly privleged and doesn't need to be limited.
Along the same lines, DataLoaderParams are also not restricted.
This will have to be added if that API is ever made public.
However, installer package was restricted, even though the API is
hidden. It was an easy add and may have some effect since the value
is derived from other data and passed through by other system
components.
It's still possible to inflate the file size if a lot of
different apps attempt to install a large number of packages,
but that would require thousands of malicious apps to be installed.
Bug: 157224146
Test: atest android.content.pm.PackageSessionTests
Change-Id: Iec42bee08d19d4ac53b361a92be6bc1401d9efc8
Since mDeferredDestroySurfaceControl is the same underlying
object as mSurfaceControl we also need to hold the mSurfaceControlLock
when writing to it.
Bug: 157657896
Test: Existing tests pass
Change-Id: Ie0da3ed5d94c7aae2593423fa2767dbc902da4c8
When AutofillManagerService try to trigger AugmentedAutofill, it uses
AutofillId.withoutSession() to get the AutollId without session. It
will return invalid "parentId:NO_ID" if the virtual AutofillId is
created with FLAG_IS_VIRTUAL_INT. The virtual AutofillId flag should
be FLAG_IS_VIRTUAL_INT or FLAG_IS_VIRTUAL_LONG, we should get
mVirtualIntId for FLAG_IS_VIRTUAL_INT or mVirtualLongId for
FLAG_IS_VIRTUAL_LONG.
Bug: 156408900
Test: atest android.autofillservice.cts.augmented
Test: atest android.view.autofill.AutofillIdTest#\
testVirtual_Long_withoutSession
Test: atest android.view.autofill.AutofillIdTest#\
testVirtual_Int_withoutSession
Test: Manual. Write a simple cts test for webview and check the
focused AutofillId is correct while switching between the field.
Change-Id: I7ebb4d7cfb6d6f383724b798dae69269ae3a27be
Allow logging of the RankingSelected variant of UiEventReported.
Change-Id: Ibe1b7bfe4798cdaf07cf87ec8efefb0006909872
Bug: 155061525
Test: atest SystemUiTests
