Bluetooth app will indicate BluetoothOppReceiver to receive
device picker intent. But for fix the security issue we
removed the setClassName() method in ag/14111132 to avoid attack.
It causes BluetoothOppReceiver cannot receive the intent.
This CL will compare to calling package name with launch package name.
If they are not equal, the setClassName() will not invoke.
Bug: 186490534
Bug: 179386960
Bug: 179386068
Test: make RunSettingsRoboTests -j56
Change-Id: Ia51528f2a44ab73edbc86899ca0846d3262fe1f0
(cherry picked from commit bb5be240c0)
(cherry picked from commit c556938807)
BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.
This CL will not allow to set package name and class name to avoid
the attacker.
Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.
Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
(cherry picked from commit 8adedc6249)
(cherry picked from commit e21d06f6ee)
The root issue is that CharSequence is an interface.
String implements that interface, however, Spanned class
too which is a rich text format that can store HTML code.
The solution is enforce to use String type which won't include
any HTML function.
Test: Rebuilt apk and see the string without HTML style.
Bug: 179042963
Change-Id: I53b460b12da918e022d2f2934f114d205dbaadb0
Merged-In: I53b460b12da918e022d2f2934f114d205dbaadb0
(cherry picked from commit 0bf3c98b2f)
(cherry picked from commit 52f9039d5c)
To improve security.
Bug: 181962311
Test: manual
Show an AlertDialog and observe if it will hide after below command.
adb shell am start -a android.intent.action.PICK_ACTIVITY -n com.android.settings/.ActivityPicker
Change-Id: I6e2845cc19dc012cba2933318a067bbb8db90a23
(cherry picked from commit 3b4853e109)
(cherry picked from commit aef628646a)
First, if the VPN is configured by an admin, the preference is
disabled and tapping on it will results in a policy disclouser
dialog.
In addition restriction checks in the dialog also check if the
VPN is admin-configured.
Bug: 179975048
Test: Manual, setting VPN in profile and primary user and via DPM API.
Test: make RunSettingsRoboTests -j
Merged-In: Id59d2ac2782e83601bc3093d3a092faea36ff5d9
Change-Id: Id59d2ac2782e83601bc3093d3a092faea36ff5d9
When a malicious device admin app’s name includes
a bunch of CRLF characters, it will cause incorrect shows
and selection confusion in Settings Device admin apps listView.
Test: Built the apk and saw single line title.
Bug: 169936038
Change-Id: I98d9a93bfdc792017124dda52a59d25a6462079e
Merged-In: I98d9a93bfdc792017124dda52a59d25a6462079e
This reverts commit 121041cf58.
Reason for revert: Some use cases don't need single line design. see b/184108687
Fix: 184108687
Change-Id: I1d095ae198cf2fd73eef39caf93895c7d96ca7f7
When a malicious device admin app’s name includes
a bunch of CRLF characters, it will cause incorrect shows
and selection confusion in Settings Device admin apps listView.
Change-Id: Ifc3cc689a221830c6687b7d69cf86f1ed7f2d698
Test: Built the apk and saw single line title.
Bug: 169936038
Merged-In: I0c9d80273ed752c5a83afcad18d67400bcfc1618
- Current design is only to check mms type, but if there are other APN
types group in one apn settings, it will show the radio button and the
user can see the radio button and select it.
- Improvement: Only make APN setting with defalut APN type be able to be selected.
- https://screenshot.googleplex.com/8pfQinjya2NJWoV
Bug: 180475805
Test: Maunal test with ATT SIM.
Change-Id: Ic14121d7ce2a53b0f883a0637fc390c2aa4dd1d7
Merged-In: Iae6943971c0cc6d31dc0e9d4dd97e850117adbfd
When activity is recreated, fragments are automatically reattached.
Need to check the savedInstanceState is null or not when we want to add framgment in MobileNetworkActivity.
(lost to check in ag/9667137)
Bug: 154087690
Test: Manual
make RunSettingsRoboTests -j ROBOTEST_FILTER=MobileNetworkActivityTest
Change-Id: Id169353f6dc10306dddd823a904f0803b26a6ddc
Merged-In: Id169353f6dc10306dddd823a904f0803b26a6ddc
- Disallowed non system overlay windows
- Screenshot
https://screenshot.googleplex.com/77fJ9QN6pV4zFYc
Bug: 174047492
Test: manual test
Merged-In: Ia7acad6d456ce5ebea2d982d4cb063d4f28cbfff
Change-Id: Ia7acad6d456ce5ebea2d982d4cb063d4f28cbfff
(cherry picked from commit d47d8e4fc5)
Settings#CredentialStorage could be overlaid to
trick user into clearing all credentials.
Disallow non-system overlay on activity.
Test: Trigger the debug apk again, and no overlay
Bug: 176753731
Change-Id: I657de039d667f5aee0941336e9361ae04f056c33
Merged-In: I657de039d667f5aee0941336e9361ae04f056c33
- Disallowed non system overlay windows
- Screenshot
https://screenshot.googleplex.com/77fJ9QN6pV4zFYc
Bug: 174047492
Test: manual test
Merged-In: Ia7acad6d456ce5ebea2d982d4cb063d4f28cbfff
Change-Id: Ia7acad6d456ce5ebea2d982d4cb063d4f28cbfff
(cherry picked from commit d47d8e4fc5)
When initialized SimStatusDialogController, also create TelephonyManager
with sub id.
Bug: 174171839
Test: Manual test passed, see b/174171839#25
Test: make RunSettingsRoboTests ROBOTEST_FILTER=SimStatusDialogControllerTest passed
Change-Id: I6bd6975e39c75884252b9d0bcd9d5548dbdfe6d5
Merged-In: I6bd6975e39c75884252b9d0bcd9d5548dbdfe6d5
Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Iec4d1963e626829b696c2047c5979a684119acf7
Merged-In: Iec4d1963e626829b696c2047c5979a684119acf7
Bug: 172009945
Test: Trigger adaptive charging and verify string in menu
Change-Id: Iba2d81e779e2b4aaa3c7b7c38710a03c6792c4a9
Merged-In: Iba2d81e779e2b4aaa3c7b7c38710a03c6792c4a9
(cherry picked from commit b60870cb7d)
Before this CL, there is a possible phishing attack allowing a malicious
BT device to acquire permissions based on insufficient information
presented to the user in the consent dialog. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation.
This CL add more prompts presented for users to avoid phishing attacks.
Merge Conflict Notes:
There were a number of entries in strings.xml that did not exist on this
branch. However, as the CL only adds new entries rather than modifying
old ones this should not cause a problem. There were no merge conflicts
in the java files.
Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633
Before this CL, there is a possible phishing attack allowing a malicious
BT device to acquire permissions based on insufficient information
presented to the user in the consent dialog. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is needed for exploitation.
This CL add more prompts presented for users to avoid phishing attacks.
Merge Conflict Notes:
There were a number of entries in strings.xml that did not exist on this
branch. However, as the CL only adds new entries rather than modifying
old ones this should not cause a problem. There were no merge conflicts
in the java files.
Bug: 167403112
Test: send intent to test right prompts message is pop up. make -j42 RunSettingsRoboTests
Change-Id: Idc6ef558b692115bb82ea58cf223f5919b618633
canSubscriptionBeDisplayed is more readable.
Reasonale:
When cherry-picking ag/12886476 into Android R branch (ag/13209427), a comment from code reviewer suggested this change.
Since ag/12886476 has been merged for a while, another patch for it is perferred option when comparing with reverting that CL and resubmit it.
Bug: 175830728
Change-Id: Ie91eb82504fd7cff6671803a2bc2560139690952
Test: build pass
Merged-In: Ie91eb82504fd7cff6671803a2bc2560139690952
Some carrier(s) expand their service through providing eSIM in companion
with pSIM. Group UUID is designed to group them together as a single
SIM.
Bug: 169455114
Bug: 175069803
Test: make RunSettingsRoboTests ROBOTEST_FILTER=SubscriptionsPreferenceControllerTest
Change-Id: I0934a45a2917ab106627c733162efbee9a13f216
(cherry picked from commit a6b249d625)
Merged-In: I0934a45a2917ab106627c733162efbee9a13f216
When configuring CBRS profiles this dialog / notification will be
dismissed after configuration is done, to avoid confusion.
Bug: 142092510
Test: manual and unittest
Change-Id: Iaf30062f555ec2c119c4aafd6aa013e73b5253f0
Merged-In: Iaf30062f555ec2c119c4aafd6aa013e73b5253f0
TelephonyManager#resetSettings triggers modem restart. It could cause
eSIM reset failure since Modem is not available. In order to resolve
this issue, we move eSIM reset befor telephony manager reset.
Bug: 175239934
Test: Manually tested
Change-Id: I44644c67577469898726ba07dcd6b68b3fb73b2a
Before this CL, we only compare whether the value of function is
equal to accessory to ensure usb is in accessory mode. But in some
cases there are different accessory combinations, like
"accessory,audio source". It will make the condition return false
when encountering accessory combinations.
This CL will check whether the function will include accessory mode
to fix this issue.
Bug: 162451162
Test: make -j42 RunSettingsRoboTests
Change-Id: I7c80f02de5340799e292949608e19b86b187b982
Merged-In: I7c80f02de5340799e292949608e19b86b187b982
(cherry picked from commit 7d71081d45)
- Before this CL, the device will be disconnected and reconnected
to accessory mode when choosing "File transfer/Android Auto" in
accessory mode. Because the USB menu didn't check state of
function, it should do nothing when choosing
"File transfer/Android Auto" in accessory mode.
This CL add condition to check state of function, it will do
nothing when choosing "File transfer/Android Auto" in
accessory mode.
Bug: 162451162
Test: make -j42 RunSettingsRoboTests
Change-Id: I1749c6c43d2a192e4ce1bf1ae5343ff8deafbe48
Merged-In: I1749c6c43d2a192e4ce1bf1ae5343ff8deafbe48
(cherry picked from commit 3251a04ba3)
- Before this CL, the usb receivers didn't check the extra information
of the accessory. It causes the usb menu not to be aware that the
usb port is switched to accessory mode.
In this CL, the receivers will check whether the intent has an
accessory extra. If the usb port is switched to accessory mode
the usb menu will switch to "File Transfer/Android Auto".
Bug: 162451162
Test: make -j42 RunSettingsRoboTests
Change-Id: I0eca89a23670c674b74753fc526256cc1d52e759
Merged-In: I0eca89a23670c674b74753fc526256cc1d52e759
(cherry picked from commit af0a45bb7a)
