In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
In onReceive of AppRestrictionsFragment.java, there is a possible way to
start a phone call without permissions due to a confused deputy.
This could lead to local escalation of privilege with no additional
execution privileges needed.
We should not allow the restrictionsIntent to startActivity simply
because it resolves to multiple activities.
Instead, we should call resolveActivity and check the result's package
name is same as current package name, then it is safe to startActivity.
Bug: 200688991
Test: manual verify
Change-Id: Iaa2d3a9497c3266babe0789961befc9776a4db7a
Merged-In: Iaa2d3a9497c3266babe0789961befc9776a4db7a
(cherry picked from commit 359512cd95)
* Only the Settings app can reset credentials
via com.android.credentials.RESET.
* com.android.credentials.INSTALL should still be
callable by CertInstaller.
Manual testing steps:
* Install certificate via Settings
* Verify unable to reset certificates via test app
provided in the bug (app-debug.apk)
* Verify able to reset certificates via Settings
* Verify com.android.credentials.INSTALL isn't changed
Bug: 200164168
Test: manual
Change-Id: I9dfde586616d004befbee529f2ae842d22795065
(cherry picked from commit 4c1272a921)
Merged-In: I9dfde586616d004befbee529f2ae842d22795065
* USB tether option will be grayed out before
USB cable is plugged in.
Bug: 192225597
Test: manual testing
Change-Id: Ibc87416b9aecb03f1ddd3df0d9f11a935f3a290e
Merged-In: Ibc87416b9aecb03f1ddd3df0d9f11a935f3a290e
(cherry picked from commit 685cacb540)
- Only enable device can be discoverable when the user launch
"Connected Devices settings" through settings and systemui
Bug: 194695497
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify the device is not discoversable when open "Connected settings"
through test apk.
Change-Id: Ia04ab759b737acf30b782f5c5831dd59f25fb257
(cherry picked from commit d3abbb9821)
- Only enable device can be discoverable when the user launch
"Connected Devices settings" through settings and systemui
Bug: 194695497
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify the device is not discoversable when open "Connected settings"
through test apk.
Change-Id: Ia04ab759b737acf30b782f5c5831dd59f25fb257
(cherry picked from commit d3abbb9821)
- Only enable device can be discoverable when the user launch
"Connected Devices settings" through settings and systemui
Bug: 194695497
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify the device is not discoversable when open "Connected settings"
through test apk.
Change-Id: Ia04ab759b737acf30b782f5c5831dd59f25fb257
(cherry picked from commit d3abbb9821)
- Only enable device can be discoverable when the user launch
"Connected Devices settings" through settings and systemui
Bug: 194695497
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify the device is not discoversable when open "Connected settings"
through test apk.
Change-Id: Ia04ab759b737acf30b782f5c5831dd59f25fb257
(cherry picked from commit d3abbb9821)
Settings#PaymentDefaultDialog Could be Overlaid to Trick User into
Updating Default Payment App
Bug: 180104327
Test: build ok
Change-Id: Ia7786d05aae8e38a11bd73d02200640cb614e88a
hide camera background running time in the battery usage screen to avoid
users confuse about it, since it will standby in the backgound to sspeed
up launching time, not always running in the background
Bug: 196744910
Test: make SettingsRoboTests
Change-Id: Ia391d661bca44435fc5a68b1c86e5ca32dd0fcfe
Merged-In: Ia391d661bca44435fc5a68b1c86e5ca32dd0fcfe
This removes the top-level UI switch on some of the boolean preference settings.
Bug: 193438173
Test: atest com.android.settings.biometrics
Change-Id: If1cd2cb9ae456021fcdf0efc5002db4a083b9689
Previously, on devices that default to launching Assistant
on long-press power, toggling this checkbox in Settings
would switch between that default (launching Assistant) and
a no-op. Those devices now toggle between Assistant and
GlobalActions (the power menu), just like devices that have
the old default behavior of LPP launching GlobalActions.
Change-Id: Id36031e70825da195f9c30ce05b3ae3d5e49b5fb
Test: make RunSettingsRoboTests \
ROBOTEST_FILTER=LongPressPowerButtonPreferenceControllerTest
Bug: 192946325
Replaces instances of the old fingerprint icon shown during Setup Wizard
or in Settings with either an updated version or an entirely different
icon.
Test: Manual
Fixes: 196600265
Change-Id: If78e8f0dbdb033f557614a019d4c9dde4493b6c6
Work profiles and parental management both utilize the
DevicePolicyManager KEYGUARD_DISABLE_* flags. This CL ensures that
work profile strings are only shown for work profiles, and not
parent-managed devices.
Bug: 196060286
Bug: 196443744
Test: Set up child account, then enroll from Settings > Security
Change-Id: Ib5ed1d63dd5d58ac64caf30010e340ac7784c38f
Fix: 195961101
Test: make RunSettingsRoboTests
Test: manual (enroll via settings and verify preferences enabled after enrolling)
Change-Id: Ie50cd862a42c96eb95f2156a33f34748b2b8b50c
