The network policy manager now monitors battery save mode and,
when in battery save, uses its facility to block access to metered
networks to block access to all networks. That is, it tells the
network management service that all networks have an (infinite)
quota, and puts various app uids to be restricted under quota
interfaces as appropriate.
This new network blocking needs a new facility to be able to white
list apps, such as GmsCore. To do this, I refactored the package
manager's permission configuration stuff into a separate SystemConfig
class that can be used by others, and it now has a new tag to
specify package names that should be white-listed for power save
mode. These are retrieved by the network policy manager and used
to build a whitelist of uids.
The new general config files can now go in system/etc/config,
though currently everything still remains in the permissions dir.
Still left to be done is changing the semantics of what uids are
allowed in this mode, to include all perceptable uids. (So that we
can still do things like background music playback.) This will be
done in a follow-on CL.
Change-Id: I9bb7029f61dae62e6236da5ca60765439f8d76d2
Write supplementary GIDs to packages.list for lower-level system
components to parse.
WRITE_EXTERNAL_STORAGE also implies sdcard_r GID. Switch to always
enforce READ_EXTERNAL_STORAGE permission. Update permission docs to
mention new behavior.
Change-Id: I316ba4b21beebb387ac05c80980ae9b38235b37d
This gid is not needed by camera-using apps, since all camera access
is mediated by the camera service, which does not depend on gid for
permission checks.
Bug: 9904186
Change-Id: I859e6cabc905af9d98e2b09f5bbad086b5eb2b26
Rework how the shell user is defined so that it is
associated with an actual apk, instead of being a free
roaming uid with special permissions assigned to it.
This allows us to correctly account for its operations
in app ops.
Implement a special case for the root user in app ops --
it is always allowed, always with the package name "root".
Add various code to take care of cleaning up package state
from app ops -- when packages are uninstalled, and during
boot if any packages currently being stored no longer exist.
Also fix a bug in the activity manager to correctly grant
permissions in all cases when onNewIntent() is being called.
Change-Id: Iae9f6d793ee48b93518c984ad957e46ae4582581
Create a BLUETOOTH_STACK permission to share between all users of
Bluetooth apk. Bluetooth Manager binds to apk of current user
bug 6925422
Change-Id: I2df5546e977c2d77bc66d97d12479d933826922a
We also now send the correct broadcasts to each user.
You no longer need to be running the shell as root
to be able to create/remove users.
Also added some more man page material to the pm command, and
got rid of a bunch of showUsage() calls that now make error
messages completely buried because of how large the usage info
has become.
And the package manager now shows the user each historical broadcast
was sent to.
Change-Id: Iab42498e1352a0c023069139c80fc04d2d69ab4b
1. Added methods to the ActivityManagerService remote interface
that allow accessing content providers outside of an application.
These methods are guarded by an internal signature protected
permission which is given to the shell user. This enables a
shell program to access content providers.
2. Implemented a shell command that takes as input as standart
fagls with values and manipulates content via the content provider
mechanism.
Change-Id: I2943f8b59fbab33eb623458fa01ea61a077b9845
- IME service now switches between visible and perceptible depending on
whether it is being showm, allowing us to more aggressively free its
memory when not shown.
- The activity display time is no longer delayed by the activity
transition animation.
- New -R (repeat) option for launching activities with the am command.
- Improved some documentation on Loader to be clear about some methods
that apps should not normally call.
- FrameworkPerf test now allows you to select individual tests to run.
Change-Id: Id1f73de66dc93d63212183958a72119ad174318b
We now do the screenshot in a separate process.
Also change the recents panel to not use hardware acceleration
on lower-end devices. And improve how it gets shown to not
load all data up-front which results in a long delay when you have
lots of recents.
Change-Id: Ia309a90f9939e5405758621b3f7114597bd0c02a
The problem is that the audio HAL fails to acquire the wake lock when playing the notification.
This is because of a change that removed the mediaserver process form the system group for honeycomb.
The fix consists in requesting the wake lock from PowerManagerService when AudioFlinger mixer
wakes up.
A consequence of this change is that audio HALs or pcm drivers do not have to hold wake locks
anymore as in the past.
Change-Id: I4fb3cc84816c9c408ab7fec75886baf801e1ecb5
Introduces new "net_bw_stats" group which will protect reading
detailed bandwidth statistics from the kernel. Also introduce
"net_bw_acct" group which will enable specific applications to
request that their network traffic be counted against other UIDs.
This change associates manifest permissions with the low-level GIDs.
Change-Id: If3fc28053afda201ff305d798a8878ff1f35b997
1. Views are represented as AccessibilityNodeInfos to AccessibilityServices.
2. An accessibility service receives AccessibilityEvents and can ask
for its source and gets an AccessibilityNodeInfo which can be used
to get its parent and children infos and so on.
3. AccessibilityNodeInfo contains some attributes and actions that
can be performed on the source.
4. AccessibilityService can request the system to preform an action
on the source of an AccessibilityNodeInfo.
5. ViewAncestor provides an interaction connection to the
AccessibiltyManagerService and an accessibility service uses
its connection to the latter to interact with screen content.
6. AccessibilityService can interact ONLY with the focused window
and all calls are routed through the AccessibilityManagerService
which imposes security.
7. Hidden APIs on AccessibilityService can find AccessibilityNodeInfos
based on some criteria. These API go through the AccessibilityManagerServcie
for security check.
8. Some actions are hidden and are exposes only to eng builds for UI testing.
Change-Id: Ie34fa4219f350eb3f4f6f9f45b24f709bd98783c
We need this to allow MTP to access secondary external storage devices
This reverts commit 35a2ea2fbf156a503d1b0bc6ca7784e51e2462f4.
Conflicts:
data/etc/platform.xml
Change-Id: I9faf54526182a786a1c0ca1fd01a09baabca186d
Signed-off-by: Mike Lockwood <lockwood@android.com>
- change from signatureOrSystem to normal
- no longer associate this permission with the "usb" unix group
- add to public API
Change-Id: I3be3a5d138719dd126ff0a798824a77f9ce79e24
Signed-off-by: Mike Lockwood <lockwood@android.com>
Access to the /data/media directory is now restricted exclusively to the
sdcard daemon, so there is no longer a need for this permission.
Change-Id: Iea8400f0eee167df19cc231c502d251a364f98b3
Signed-off-by: Mike Lockwood <lockwood@android.com>
Since the "usb" group and ACCESS_USB permission will be used by regular apps
to access USB devices in host mode, we need a separate permission for the
device side MTP driver.
Change-Id: Id03f7c4f3d2712c489b4b74cf17a72a182084501
Signed-off-by: Mike Lockwood <lockwood@android.com>
Note that WRITE_OWNER_DATA and READ_OWNER_DATA don't actually appear
to be associated with anything or used by anyone, so they are just
deleted.
Also deprecate the activity API to go in the foreground. I didn't
realize that was released in the SDK. It needs to go away.
Change-Id: I96f53702c2c79e4999b6b2c498abb770bd27e03a
re-format comments
move connectible to connectable
remove unnecessary throws
remove not-used function ClientOperation.readResponse()
fix client abort case for PUT
set mOpen for PrivateOutputStream
add to platform.xml
This also means we should no longer do explicit calling-identity fiddling in
dump(), relying instead on the usual permission enforcement mechanism to handle
things.
This change replaces ILocationCollector with a more general mechanism that
passes locations received from a provider to all other providers.
The network location provider now uses this to implement the location collector.
In the future, this could be used to inject network locations to the GPS
as aiding data.
This change also removes the now obsolete permission INSTALL_LOCATION_COLLECTOR.
Signed-off-by: Mike Lockwood <lockwood@android.com>
Now old applications will automatically be granted it. Also renamed it from
SDCARD_WRITE to WRITE_SDCARD to be consistent with our other permissions,
and re-arranged how we do targetSdkVersion to actually be usuable for this
kind of stuff.
Note that right now this results in basically all apps being given the
WRITE_SDCARD permission, because their targetSdkVersion is not set. I will
be dealing with that in a future change.
