- This is a low-priority source that can be preempted by others
- This is required for scenarios where someone wants an alway-on
graceful microphone
Bug: 10640877.
Change-Id: Idb3577541103717cb713a7a93d3762ad2c2f4710
- Currently redundant with PROVIDERS_CHANGED_ACTION, but that may
change in the future
- Part of fix for b/10409275
Change-Id: I12daaf20e6546fd9e9dc71c599967fa0ad95e27f
1. Updated the security mode of the print spooler. Now the spooler
is not signed with the system key, it is not a privileged app so if
it gets compromised (PDF rendering is a potential attack vector)
it cannot access dangerous permissions. Also only the system
can bind to the spooler.
2. Added APIs for asking a print service to start and stop tracking
a given printer. This is need for the case when the user selects
the printer and the print service should do a best effort to keep
the system updated for the current state of the printer.
3. Added APIs for putting a print job in a blocked state. A print
service would report the print job as blocked if for some reason
the printer cannot proceed, e.g. 99 pages are printed but there
is no paper for the last one. The user has to add more paper
and the print service can resume the job.
4. Changed the read/write APIs to use ParcelFileDescriptor instead
of FileDescriptor since the latter does not have a clean API for
detaching the wrapped Linux file descriptor when one wants to
push it to native.
5. Added API for getting the size of the printed document so the
print service can avoid handling big filed over cellular network
or ask the user if needed.
6. Now the print services that are preinstalled on the system image
are automatically enabled.
Change-Id: Ia06c311d3d21cabb9e1368f13928e11cd0030918
When a sim is new or it has expired it needs to be provisioned
with the carrier. Basically provisioning is associating a sim with
a user account. When a sim isn't provisioned then operators will
restrict access to the network and only allow certain addresses
or services to be used.
This set of changes allows two types of provisioning networks to be
recognized. The first is a network that causes all DNS lookups to be
redirected to a different address than was intended. This is exemplified
by how T-Mobile works.
The second technique uses a special apn for provisioning. An example is
AT&T where lwaactivate is the provisioning apn and broadband is the
normal apn. We first try broadband and if we are unable to connect we
try lwaactivate. When we see the activate we identify it as special and
the ApnContext.isProvisioningApn will return true.
In the future our plan is to create a new network type that can be added
to the apn list, but for now it identified by name.
Here is a list of significant changes:
- CaptivePortalTracker now only test WiFi networks instead of all networks
- checkMobileProvisioning checks for provisioning networks and doesn't
try to ping.
- IConnectivityManager.aidl changes:
* getProvisioningOrActiveNetworkInfo was added to and used by Manage
mobile plan in WirelessSettings so even when there is no active
network it will still allow provisioning. Otherwise it would report
no internet connection.
* setSignInErrorNotificationVisible is used by both
CaptiviePortalTracker and checkMobileProvisioning so they use the
same code for the notifications.
* checkMobileProvisioning was simplified to have only a timeout as
returning the result is now harder as we abort simultaneous call
otherwise we'd could get into loops because we now check every time
we connect to mobile.
- Enhanced MDST to handle the provisioning network.
- Added CONNECTED_TO_PROVISIONING_NETWORK to NetworkInfo to make a new
state so we don't announce to the world we're connected.
- TelephonyIntents.ACTION_DATA_CONNECTION_CONNECTED_TO_PROVISIONING_APN
is sent by the low level data connection code to notify Connectivity
Service that a provisioning apn has connected. This allows CS to
handle the connection differently than a normal connection.
Bug: 10328264
Change-Id: I3925004011bb1243793c4c1b963d923dc2b00cb5
This change starts tracking traffic quality data for WiFi and mobile
networks. The quality is tracked based on incidental traffic, and not
on specific measurements. Theoretical bandwidths are hard-coded, as
well as sampling interval; although sampling interval can be changed
by setting a system policy.
Bugs filed to remove shortcomings of this change -
10342372 Change LinkInfo name to something better
10342318 Move hardcoded values of MobileLinkInfo to resources
so they can be updated without changing code
Bug: 10006249
Change-Id: I83d8c7594da20fe53abbd5e1f909b1f606b035bb
All the changed intents are restricted. Only Bluetooth Process can
broadcast/send them.
bug 7622253
Change-Id: I098664bf266ac44b7904f8f79b1804d5130f5cd5
This switches the PacProcessor over to an Android Service. The service
is bound and unbound by the PacManager, which also adds it to the
ServiceManager, allowing for Context-Free access by the PacProxySelector
in all DVMs.
bug:10182711
Change-Id: Id1ff7660be56e8976cdcccd76e041feb47a17a61
Guard install/uninstall by enforcing that the caller have the new system-only permission MANAGE_CA_CERTIFICATES.
Also include API methods for asking whether there are any User CA certs
installed, or if one by a particular name is installed in the keystore.
CA certs will be installed via KeyChain into the TrustedCertificateStore.
Bug: 8232670
Change-Id: I17b47a452e72eb4fe556dc6db823a46c6e854be8
Write supplementary GIDs to packages.list for lower-level system
components to parse.
WRITE_EXTERNAL_STORAGE also implies sdcard_r GID. Switch to always
enforce READ_EXTERNAL_STORAGE permission. Update permission docs to
mention new behavior.
Change-Id: I316ba4b21beebb387ac05c80980ae9b38235b37d
When captive portal check occurs, track its latency, whether or not
we received a response, and whether or not the response was a captive
portal. Pair with information identifying the access point / base
station, and broadcast it (with a system|signature-protected
permission).
Broadcast only occurs if user has consented to
Settings.Global.WIFI_SCAN_ALWAYS_AVAILABLE.
Change-Id: I6fd59954a7ee2cc7acedf064a1465882653b2173
Refactor the new private virtual display API to also support
creating public virtual displays with various characteristics.
This feature requires special permissions and is only intended
for use by the system.
Change-Id: I44dd19f37cf76ea6d6e313afe42f4a412bd96663
- New INfcCardEmulation interface to allow apps to interface
with card emulation system.
- New BIND_NFC_SERVICE permission to prevent malicious apps
from binding to card emulation services.
- ApduServiceInfo is now in the framework.
- Added constants to Settings.Secure for storing defaults.
- Modified XML grammar a bit.
Change-Id: I56b3fa6b42eb5dc132c91c1386ab1e6bac779059
The previously used permission was doing double duty as the permission
that device admins to check for to ensure that calls are coming from valid
system components.
MANAGE_DEVICE_ADMINS is system|signature and is now required to add/remove
device admins.
Required for:
Bug: 9856348
Change-Id: I64385d2ec734c3957af21b5a5d9cffd8a3bcd299
Add the manifest entries for the net_mark group that protects marking
traffic as from another user in per user routing.
Change-Id: I97932a9e407467a7adc733caea8746a712bc6b68
Add an intent to invoke a native carrier setup app. This is paired
with the INVOKE_CARRIER_SETUP permission, though it is up to the app
to enforce that callers hold this permission.
Change-Id: I317a40675de7e9587de23c028459be2331a2f8a2
I made the power manager more rigid, not allowing different uids
to use the same wake lock. This never should happen. I would
guess there is somewhere that the activity manager is acquiring
the wake lock without clearing the calling identity... but it is
hard to follow all the paths this may happen in. So here we add
some checks when acquiring/releasing the wake lock to make sure
it is being done as the system uid.
Also:
- Protect the new activity stack calls with a permission, and
make sure to clear the calling uid once past that.
- Collect uid data from process stats so we can correctly
associate CPU use with a uid even if we don't know about the
pid for some reason.
- Fix battery stats dump commands to clear calling uid before
executing so they aren't broken.
Change-Id: I0030d4f7b614e3270d794ecfc3669139a5703ce9
- Sending a broadcast indicating when scan requests could be serviced so that
apps don't request scans we won't do anything with.
- Fix our batt stats accounting so we only count it if we send the request to
the driver.
bug: 8868201
bug: 9496690
Change-Id: I64a4f1c294c848ac64c50d8854ed4a6a1a47f603
Introduces a new "blocked" state for each package. This is used to temporarily
disable an app via Settings->Restrictions.
PIN creation and challenge activities for use by Settings and other apps. PIN
is stored by the User Manager and it manages the interval for retry attempts
across reboots.
Change-Id: I4915329d1f72399bbcaf93a9ca9c0d2e69d098dd
Introduces new DocumentsContract which storage backends must
implement. Backends surface a simple directory-like organizational
structure that enables a document to appear at multiple locations in
that hierarchy. Querying a document or the contents of a directory
will return a Cursor populated with DocumentColumns, which includes
simple metadata.
Adds new OPEN_DOC and CREATE_DOC Intents, and permission to protect
storage backends.
Change-Id: Ib4984bc980182b2cedbe552908e5be94604ef085
With this change, the system process will put up a scrim in the
event keyguard crashes to protect underlying content.
It also adds permission checks to prevent unathorized access
through the binder APIs.
Cleaned up KeyguardTestActivity to build separately.
Removed unused resources.
Change-Id: I9e370c6bfb7dca68eae9eae304c815fb84a753d2
This system-only permission allows a service to disable the transmit LED
when a camera is in use.
Bug: 8554573
Change-Id: I64f7e3fcdc8ded8be3904650bd0c91d3b8f10dd4
