Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
The filter setup is done in Zygote's ForkAndSpecializeCommon. This is
because adding a seccomp filter must be done when either the caller has
CAP_SYS_ADMIN or after the PR_SET_NO_NEW_PRIVS bit is set. Given that
setting PR_SET_NO_NEW_PRIVS breaks SELinux domain transition
(b/71859146), this must be done after Zygote forks but before
CAP_SYS_ADMIN is droppped.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Test: no selinux denial flood in dmesg with selinux enforced
Test: debuggerd -b `pidof com.android.phone` # logcat shows tombstoned
received crash request
Bug: 63944145
Bug: 71859146
Change-Id: I8215c8530d3d0de504a270488f8e29635805e8b0
The API can be used to obtain the maximum number of connected
devices for A2DP or HFP.
Test: Manual
Bug: 64767509
Change-Id: I80b8a1c85e33ae0b23fdc4812f8991a4202d9abc
Can be used by a network to indicate when it's congested, meaning that
apps should defer network traffic that could be done at a later time.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.,com.android.server.connectivity.VpnTest,com.android.server.ConnectivityServiceTest
Bug: 64133169
Change-Id: I8a60b6f02dd0f42268b59690556c16335d34e220
Because IpSecTransforms are now unidirectional,
and because the only mechanism for removing Transforms
removes it from both directions, the API can no longer
use the Transform parameter to meaningfully validate
that the caller had applied a transform. Since that
functionality was as-yet unimplemented and is now
infeasible, the transform parameter is removed.
Bug: 72079356
Test: cts - IpSecManagerTest; runtest frameworks-net
Change-Id: If19b0d34bdc6daf31a40d6d62bff326dcbca08c0
The version of applyTransportModeTransform() and
removeTransportModeTransform() that accepted
Socket and DatagramSocket were closing the underlying
FDs upon return. It's unclear whether this is due to
a behavior change elsewhere in ParcelFileDescriptor,
but either way, converting to using getFileDescriptor$
and then calling dup() explicitly rather than relying
on ParcelFileDescriptor seems like a better idea anyway.
Bug: 72047396
Test: CTS - IpSecManagerTest.testCreateTransform()
Change-Id: Ia2f02564e1289f25bf113dbb861fcfd2240537a7
Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Make transforms unidirectional
-Add Convert allocateSpi() to use destination rather
than direction and remote address
-Remove directionality from builders for IpSecTransform
-Change applyTransportModeTransform() to take a
direction in which to apply the transform object.
-Additional minor naming updates
-Restrict IpSecConfig to only print keys on eng builds
-Move DIRECTION constants to IpSecManager
-Add sourceAddress parameter to IpSecTransform to provide
additional guarantees about the source address of data;
(explicit failure rather than implicit failure).
-Move SPI to the build() method of IpSecTransform
Bug: 71717213
Test: runtest frameworks-net, CTS - IpSecManagerTest
Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
This patch adds to the MacAddress class:
- getAddressType() method which replaces addressType(), for naming
consistency
- @NonNull annotations on all input and output reference values for
all public methods (@hide and public).
TYPE_UNKNOWN, which currently cannot be observed with a non @hide
method, is also removed from the public api.
Bug: 71866627
Test: $ runtest frameworks-net
Change-Id: I2af70408d46f431b7b32183e6b48ddae9a261a2c
Try to use the app's (main) classloader when an attach-agent request
is handled. If that fails, retry without a classloader.
Add bind-application-time flag to ProfilerInfo. Use the flag to have
a second attach-agent point on app startup. Add --attach-agent-bind
to cmd activity start to expose the difference between pre-bind and
bind-time attaching.
Bug: 70901841
Test: m
Test: cts-tradefed run commandAndExit cts-dev -m CtsJvmtiAttachingHostTestCases
Change-Id: I21698ec3be43a6d095d577100b2adfb22daca7d5
Being able to update this handle is necessary to ensure that
system-only OTAs do not break vendor code that relies on
nethandles.
Bug: 63052780
Test: walleye builds, boots, networking works
Test: MultinetworkApiTest CTS tests passes
Change-Id: I049a4ad2610ca68b8f56377b63be7e5e8ce76039
- Rename varaibles holding LoadedApk to make the code easier to read.
- Move resource creation into LoadedApk, consolidating the logic.
(cherry picked from commit 7541ca4d1a)
Test: manual
Merged-In: I6bdc70482fbbb346ff694ada528ded18d3a63ef7
Change-Id: I6bdc70482fbbb346ff694ada528ded18d3a63ef7
Cherry-pick from 30b9adfad1
The screen unlocked functions save effort on setting
the usb config during each connection. These
functions persist between connections and between
boots. When the screen is unlocked and these
functions are set, the current functions will
be automatically set to the screen unlocked functions.
Also added svc command for this so it can be
used and tested while the UI is worked on.
Bug: 62876645
Test: svc usb setScreenUnlockedFunctions mtp
Test: Test functions with locking, unlocking, and
disconnecting, with no lockscreen, swipe, and pattern
Change-Id: Ia05e095917166d25398c4d310b02971e3a1bb12a
Add a flag to the BluetoothHeadsetClientCall indicating the current
status of in band ring on the connected phone.
Bug: 65673832
Test: runtest bluetooth -c
com.android.bluetooth.hfpclient.HeadsetClientStateMachineTest
Change-Id: I7e839f2790b1a27d336528e93bc8a4c8d8ff3036
(cherry picked from commit f780364a9a1f6171860cbdf4e1b41a01ee7d88c6)
EuiccCardManager is in the same path with EuiccManager.
EuiccCardController is in the same path with EuiccController.
Use getAllProfiles() as an example interface.
The implementation of EuiccCard and its content will be added in a
follow up CL.
The new API is marked as @hide and TODO for @SystemApi.
Bug: 38206971
Test: test on phone
Change-Id: I153937c0f79bdd1a00b06b234a6e254a3f43072c
Merged-In: I153937c0f79bdd1a00b06b234a6e254a3f43072c
In future, managing DNS-over-TLS hostname lookup and netd programming
can be encapsulated here.
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
Bug: 64133961
Change-Id: I47ccfa99c30c780524c45c4af605e720ccba34a0
This function requests calling app has WRITE_EMBEDDED_SUBSCRIPTIONS
permission. It will check whether the OTA update needed to be done
first. If current eUICC OS isn't latest one and OTA needed to be
performed, it will update eUICC OS. When the OS update is started or
finished, a broadcast will be sent.
Bug: 37279356
Test: E2E
Merged-In: Iea86add4bdc01c79a8714af4b3a89735ba78ee74
Change-Id: Iea86add4bdc01c79a8714af4b3a89735ba78ee74
These constants are used by GMSCore car module via reflection. Make
them system API.
Bug: 67052734
Test: Manual - and using make update-api
Change-Id: I0709c0e0eb9fcb9fb29d575e9b74927a70b2a924
* Use BluetoothHeadset.isInbandRingingEnabled() API to check whether
in-band ringing is currently enabled in the system when deciding on
audio routes for ringtone
* Add this as a hidden internal API for system components
Bug: 71646213
Test: make, toggle in-band ringing from Development Settings and observe
whether Telecom service tries to open SCO when there is an
incoming call
Change-Id: I1ef0dd2b54ace7649ddd1f043f0ef5847743a5c4
After EuiccCard is moved to the platform, it can depend on
EuiccProfileInfo directly.
Bug: 70292228
Test: unit test
Change-Id: Ibe2c61ce9c4d2c99bac1cd9df8bb62414c46feee
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
In terms of performance since this happens at fork, the measure shows
the overhead is negligible. Assuming 130 instruction in the BPF, on
walleye, even when running on little core with fixed low frequency, each
setup took about 60.9us on average. When it runs on big core with
higher frequency, it took about 39.3us.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Bug: 63944145
Change-Id: I748735b478405098beac1e200d911c13ea60e380
Merged-In: I748735b478405098beac1e200d911c13ea60e380
Added a new hidden API isMobileDataEnabled in TelephonyManager.
Rename related APIs to isUserMobileDataEnabled,
isUserMobileDataEnabled and setUserMobileDataEnabled to better
clarify their functionality.
Bug: 69814555
Test: build
Change-Id: I2f186f1e7550cafbe4ee3a5af293c39274cbfeaa
Merged-In: I2f186f1e7550cafbe4ee3a5af293c39274cbfeaa
