Currently there are two mac permission files:
- /system/etc/selinux/plat_mac_permissions.xml
- /vendor/etc/selinux/nonplat_mac_permissions.xml
The change renames nonplat_mac_permissions.xml to
vendor_mac_permissions.xml.
It also adds odm_mac_permissions.xml but allows it to be optional:
- /system/etc/selinux/plat_mac_permissions.xml
- /vendor/etc/selinux/vendor_mac_permissions.xml
- /odm/etc/selinux/odm_mac_permissions.xml (optional)
Also cleans up comments to reflect the change.
Bug: 64240127
Test: boot sailfish normally without odm
Test: boot another device having odm
Change-Id: I87d01215a65e75bf33659ed03797ffda5393d5a4
The CL contains parts of the EuiccCard APIs. getEid() is sync. All the
other APIs are async.
Move ResetOptions from EuiccCard to EuiccCardManager.
The other APIs will be added in a follow-up CL.
Bug: 38206971
Test: test on phone
Change-Id: Iba098ee779b8ea4e244e0e4cf7318139666cc94b
Add a new interface and a new management object,
IpSecTunnelInterface to the IpSecManager surface.
This object will be used to control IPsec tunnels.
-Add IpSecTunnelInterface object
-Add methods to create and use an IpSecTunnelInterface
-Update the IpSecTransform builder to create Tunnel
mode IpSecTransform objects (usable with an IpSecTunnel)
Bug: 36033193
Test: compilation
Change-Id: Ib6948b12c15c93674234dc36288058ae44435b90
HwParcel's verifySuccess method doesn't actually check
to see if the call succeeded.
Change-Id: Iaa99cbfd6f5f211facaa20c09c5e1dae8e2b8a7f
Fixes: 71813867
Test: boot walleye, hidl_test_java
Added some extra comments on reference counting and moved a few methods
around. No significant logical changes made in this CL
Bug: 63409385
Test: CTS, Unit tests (both frameworks-base and netd) and binder tests
all pass
Change-Id: I89f1f4a021db48ae406fefefa6aca7406045736c
The interface for mobile data service. This is the base class
for vendor or first party data service provider to implement
the data service for cellular or IWLAN data support.
Test: Manual
bug: 64132030
Change-Id: I3e5f48b88905f4533cac60975802d4da3746e7f8
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
The filter setup is done in Zygote's ForkAndSpecializeCommon. This is
because adding a seccomp filter must be done when either the caller has
CAP_SYS_ADMIN or after the PR_SET_NO_NEW_PRIVS bit is set. Given that
setting PR_SET_NO_NEW_PRIVS breaks SELinux domain transition
(b/71859146), this must be done after Zygote forks but before
CAP_SYS_ADMIN is droppped.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Test: no selinux denial flood in dmesg with selinux enforced
Test: debuggerd -b `pidof com.android.phone` # logcat shows tombstoned
received crash request
Bug: 63944145
Bug: 71859146
Change-Id: I8215c8530d3d0de504a270488f8e29635805e8b0
1. New telephony APIs to getCurrentCarrierId
and getCurrentCarrierName
2. New broadcast intent to notify carrier id changed
Bug: 64131637
Test: Build
Change-Id: I9a240ba7df313ad701f98bb3982f29c3d5317da8
(cherry picked from commit fff6f59a63304be50e7a251fb4fca38ae0090fc4)
Merged-in: I9a240ba7df313ad701f98bb3982f29c3d5317da8
Those are testing extracted zip corruption and also corruption of their
corresponding odex file and the capacity of MultiDex.install to restore
a runnable state.
Bug: 28832787
Test: This is the test
Change-Id: I8dd99172d545e700b12c2a2b1391ef1aeb5560ce
The API can be used to obtain the maximum number of connected
devices for A2DP or HFP.
Test: Manual
Bug: 64767509
Change-Id: I80b8a1c85e33ae0b23fdc4812f8991a4202d9abc
Can be used by a network to indicate when it's congested, meaning that
apps should defer network traffic that could be done at a later time.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.,com.android.server.connectivity.VpnTest,com.android.server.ConnectivityServiceTest
Bug: 64133169
Change-Id: I8a60b6f02dd0f42268b59690556c16335d34e220
Because IpSecTransforms are now unidirectional,
and because the only mechanism for removing Transforms
removes it from both directions, the API can no longer
use the Transform parameter to meaningfully validate
that the caller had applied a transform. Since that
functionality was as-yet unimplemented and is now
infeasible, the transform parameter is removed.
Bug: 72079356
Test: cts - IpSecManagerTest; runtest frameworks-net
Change-Id: If19b0d34bdc6daf31a40d6d62bff326dcbca08c0
The version of applyTransportModeTransform() and
removeTransportModeTransform() that accepted
Socket and DatagramSocket were closing the underlying
FDs upon return. It's unclear whether this is due to
a behavior change elsewhere in ParcelFileDescriptor,
but either way, converting to using getFileDescriptor$
and then calling dup() explicitly rather than relying
on ParcelFileDescriptor seems like a better idea anyway.
Bug: 72047396
Test: CTS - IpSecManagerTest.testCreateTransform()
Change-Id: Ia2f02564e1289f25bf113dbb861fcfd2240537a7
The IpSecService Unit tests relied on the
directionality of the IpSecConfig and previously
did not specify a source address. Unit tests
updated without functional change other than to
address these two requirements.
Bug: 71717213
Test: runtest frameworks-net
Change-Id: Iedbed735bc50fd4fdfe985f9e173956062a7b0d1
On Android, if the process containing the service being bound to
crashes before the bind succeeds, the app doing the binding won't
get a success or failure callback.
When that happens in this code, this leaves notif. manager thinking
that a binding is in progress, so it never attempts to rebind until
the device is rebooted.
Bug: 69064494
Test: original CL was manually tested --
crashed listener on proc start, verified not unbound forever
Change-Id: Id2082744208e21a709d9453365f282449a2e9407
(cherry picked from commit 4a86a51b672617b02994fc812e4f96342daf424e)
Dex2oat now accepts targetSdkVersion as a parameter to determine
whether ART should treat the app as "legacy" and allow or restrict
access to private APIs.
We also bump arguments of otapreopt to v4 to accommodate the new value.
Bug: 64382372
Test: manual
Change-Id: Iae3867325dfaf8deaba51626ab04b97ad797d3b6
Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Make transforms unidirectional
-Add Convert allocateSpi() to use destination rather
than direction and remote address
-Remove directionality from builders for IpSecTransform
-Change applyTransportModeTransform() to take a
direction in which to apply the transform object.
-Additional minor naming updates
-Restrict IpSecConfig to only print keys on eng builds
-Move DIRECTION constants to IpSecManager
-Add sourceAddress parameter to IpSecTransform to provide
additional guarantees about the source address of data;
(explicit failure rather than implicit failure).
-Move SPI to the build() method of IpSecTransform
Bug: 71717213
Test: runtest frameworks-net, CTS - IpSecManagerTest
Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
Integrates the new IMS Registration API into the framework
and add two APIs for feature parity.
1) Moves ImsRegistrationImplBase to the android.telephony.ims
namespace
2) Expose ImsRegistration AIDL in TelephonyManager as hidden
API.
3) Adds onVoicemailCountUpdate and
onSubscriberAssociatedUriChanged APIs for feature parity.
Bug: 63987047
Test: Telephony unit tests, manual IMS tests
Merged-In: I51a8ae5cf58b81708c21adc1b26a9eb59f6280fd
Change-Id: I51a8ae5cf58b81708c21adc1b26a9eb59f6280fd
