The overlay manager service handles package upgrades and downgrades the
same way: all it cares about is a difference in versions, not if the new
version has a higher or lower value. In both cases, the same family of
methods are called: onPackageUpgrading and onPackageUpgraded.
Rename onPackageUpgrading and onPackageUpgraded to onPackageReplacing
and onPackageReplaced to better highlight that both upgrades and
downgrades are supported.
Test: atest OverlayDeviceTests OverlayHostTests
Change-Id: I04c5c550f504114c22bb30d35c9f2809194d2543
For service and provider bindings from TOP and
FOREGROUND_SERVICE apps, don't elevate bound apps
to above BOUND_FOREGROUND_SERVICE.
For service bindings, it is possible to explicitly
request the binding to match the foreground app
such that the bound app can get similar privileges
of foreground permissions.
For instance, when a foreground service has a location
type, providers it binds to don't automatically get the
location privilege. On the other hand, sometimes apps
showing UI want to treat their dependencies also as if
they are showing UI.
This change does not affect the oom_adj calculation,
only the proc state calculation for bound processes.
New BIND_INCLUDE_CAPABILITIES flag can be used to restore old
behavior for bound services.
Introduces a new state PROCESS_STATE_BOUND_TOP
Bug: 128337543
Test: atest CtsAppTestCases:ActivityManagerProcessStateTest
Change-Id: I13733e7f43a78903299254bc110cd8f7a8db4c40
- Also remove typed media permissions
- Leave typed media app-ops
Bug: 129716569
Test: Used apps, looked at permissions in the UI
Change-Id: If7714fb1a6955584157e1a60ab72b09e35287827
Addresses API council feedback to appropriately annotate
SessionInfo.getChildSessionIds.
Test: None
Bug: 126699287
Change-Id: Iaebc4f2db07b359cef0aff863e517c221259b47c
"meta-data" in AndroidManifest was not getting parsed by the existing logic.
Bug: 129091257
Test: atest android.content.pm.PackageParserTest
Change-Id: I3d1c38ba3b2a0ccef6a0d7d0ee5ab857b62a7b82
Along with tests to verify that they're all delegated as expected.
Bug: 129564663
Test: atest cts/tests/tests/content/src/android/content/cts/ContentResolverTest.java
Test: atest cts/tests/tests/content/src/android/content/cts/ContentResolverWrapTest.java
Change-Id: I07dcabb78174ed2bb63061394bf737df71f49bb0
A major goal of the Q release is to promote user transparency around
permission usage, and to also give user controls over those
permissions. To further this goal, all apps requesting the
internal WRITE_MEDIA_STORAGE permission must also request (and be
granted) the "Storage" runtime permission in order to gain the
associated access.
If the user revokes the "Storage" runtime permission, then the app
must lose all access granted to it via WRITE_MEDIA_STORAGE.
Bug: 129144016
Test: atest android.permission.cts.ProviderPermissionTest#testWriteMediaStorage
Change-Id: I7e747de0107cf9364a0ff2401686906340d31995
* changes:
Revert ContextImpl LoadedApk packageInfo caching workaround
Fix AssetManager2 isUpToDate check
Diff resource dirs when checking LoadedApk packageInfo cache in ActivityThread
Diff overlays between PackageManagerService and OverlayManagerService
Propagate base code path and split dir changes to Resources objects
This logic was lost in the AssetManager1 -> 2 migration.
The old AM1 checked the last modification time of the file
and compared it to a previously stored value. This re-adds the
logic to ApkAssets and fixes the checks in the JNI/Java layer.
Unfortunately I couldn't find a failing/practical case where
this check mattered. It only came up when diagnosing an issue
which ended up being unrelated.
Test: manually ran with other overlay changes
Change-Id: I758e4af1d32a9c03b2204a8a3a26e82b7e83feda
When uninstalling an update to a system app, PMS re-creates the
PackageSetting object, and OMS doesn't get notified of the change.
This makes OMS diff the known valid overlays with the resourceDirs
in the target's ApplicationInfo and forces a reload when they
disagree.
Bug: 124363683
Test: manual ran Wellbeing reproduction steps in bug
Change-Id: Ib080d8593d12596ae8f8a729cc9740462c4b9b69
We're iterating on the design to let apps request via a manifest
flag if they'd like to opt-in or opt-out of storage sandboxing. The
default is to assume that P apps don't allow sandboxing, and that
Q apps do allow sandboxing.
Bug: 129487770
Test: manual
Change-Id: I8fddb35eed412c78622be4ccae57c7b7d2aa1286
PackageInstallerSession:
* Add multipackage consistency check to sealAndValidateLocked. The check
asserts all child sessions match parent session in respect to:
* Staged parameter
* Rollback enabled parameter
* Remove the staged conistency check from addChildSessionId
* Remove sealAndValidateLocked from constructor because it was used only
when sessions where loaded (from XML file) and there's no guarantee that
child sessions will be loaded before parent. Instead, mark the session
as ShouldBeSealed.
PackageInstallerService:
* To make sure relevant sessions are sealed and validated after they are
loaded from an XML file, iterate through the loaded seasions and seal and
validate those marked as ShouldBeSealed. Sessions that do not pass the
validation are destroyed.
Test: atest StagedRollbackTest
Test: atest CtsAtomicInstallTestCases
Test: atest PackageInstallerSessionTest
Fixes: 127765168
Fixes: 124215984
Change-Id: I8f152332cadb0f6c9063264f27668821fad1cec7
We've converged on explicit scanVolume() and scanFile() methods
which tests should be calling. These are more robust than the
previous broadcast-based events, which could hang for a long time.
Bug: 127323913
Test: atest --test-mapping packages/apps/MediaProvider
Change-Id: I4f7918c70a67bcafab69ae2a71ee8e4bdaff01eb
Some of the applicationInfo was hard coded while some packageInfo was
missing. Using AndroidManifest, they are completed as much as possible.
For remaining missing values, sane defaults are used where possible.
Bug: 124043099
Test: 1. added more assert rules in PackageParserTest.java
2. atest PackageParserTest
Change-Id: I950283d822966ee2cb97f7bf13b7f55bb1227946
When sending the ACTION_MEDIA_SCANNER_SCAN_FILE broadcast, an app
provides a raw filesystem path, which might be inside of their
sandbox.
Once the broadcast is delivered, we don't know where it came from,
so we need to translate the path before leaving the app process.
Bug: 117909601
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: Ibddd72a2d85e1f6541e0d6209e539fe6b5c4bde0
Needed for androidx dark mode to recreate UI without triggering
lifecycle event.
Bug: 128982541
Test: none needed
Change-Id: I7d16692f074cc7e50470868a6e232e26ff9d1ed3
Any process state-based capabilities such as location
can be allowed to permeate to the bound app, if the app
has the required permissions as well.
Bug: 128337543
Test: N/A
Change-Id: I0b066d2667333fbd65985959e202785641f704fc
