Includes the following commits:
==
New system feature: eUICC.
Presence of this feature implies that eUICC-related APIs are expected
to function as long as an eUICC is present in the device. Note that an
eUICC may be embedded in the device but may also be removable.
==
Add empty EuiccManager API and plumbing.
==
Add stub EuiccService.
EuiccService is the class that the LPA app must implement; for now,
just define the action and priority so that the implementation can be
found. Actual methods will come later.
Also declare two relevant permissions: BIND_EUICC_SERVICE, which the
implementation must require (so that nobody else can bind to the
service directly), and WRITE_EMBEDDED_SUBSCRIPTIONS, which permits
signature|privileged apps and CTS (via development) to access
EuiccManager APIs.
==
Add UiccAccessRule based off UiccCarrierPrivilegeRules#AccessRule.
This class can be used to transfer access rules between an
EuiccService implementation and the platform.
We also add a simple encoding/decoding of a list of rules so that they
may be stored in the subscription info table.
==
Add getEid() to EuiccManager/EuiccService.
getEid() fetches the EID. It requires either a privileged permission
(READ_PRIVILEGED_PHONE_STATE) or carrier privileges on the
currently-active profile. Until there is a use case that requires
opening this up to apps with only READ_PHONE_STATE, we shouldn't do
so.
To avoid churn in the future, the API signatures for EuiccService
include a slot ID to identify which SIM slot is being used. However,
this parameter is currently not populated correctly (nor is it usable,
as no Telephony APIs accept a slot ID to address commands). There is
no need to expose it yet in the EuiccManager APIs as we expect to
follow the TelephonyManager pattern of allowing per-slot instances of
EuiccManager in the future while keeping other method signatures the
same.
==
Define Euicc UI actions in EuiccManager/EuiccService.
The EuiccManager actions are to be implemented by the platform (and
only the platform), which forwards the actions to the active
implementation.
Also, remove our explicit priority meta-data tag as we can just rely
on android:priority in the corresponding intent-filter.
==
APIs for downloading embedded subscriptions.
Includes:
-getDownloadableSubscriptionMetadata, used by the platform and LUI to
fetch metadata about a downloadable subscription. The platform will
use this to perform the necessary permission checks (only allowing
otherwise-unprivileged apps to download profiles that are permitted
per the subscription metadata), and the LUI can use this to present
the name of the profile.
-downloadSubscription, to actually perform a profile download.
The stub for startResolutionActivity is included but not implemented;
resolution activities will be handled in a follow-up change.
==
Test: TreeHugger
Change-Id: I47b1da5a69f0736012cb137e02cd6c4e07fdaace
Intents triggered from QS should be resolved as the current user,
not as the user that QS is running as (which will always be user 0).
ActivityStarter knows how to do this and can handle this for us
automatically.
Bug: 36118203
Test: Manual
Change-Id: I48d880f0a17d7a9f218ab07ef807ad49ebeda624
Tests various combinations of empty / non-empty NetworkSpecifiers
and changing specifiers on the fly.
Test: ConnectivityServiceTest passes
Bug: 27533960
Change-Id: Ibd6b4efc861dc51689e46f3882ba859223411bf0
Previously FuseAppLoop instantiates Runnable for each command, which
causes lots of instantiation and GC.
Test: CTS
Bug: 35229514
Change-Id: Ifea098e5ade044b1a954c0b714c5b3270a95cd1a
Some system services are offering package usage data through both
public/system APIs and through dump() calls. In principle, usage
data hould always be protected with PACKAGE_USAGE_STATS, so start
enforcing that. (Otherwise if a user blocked PACKAGE_USAGE_STATS
access to an app, that app could still obtain the data via dump()
if they held the DUMP permission.)
Bottom line, let's respect the user's wishes.
Protecting the entire output like this is pretty blunt, but future
CLs can add more nuance to the output if desired.
Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: I46173562713bea7d89e12a4313c78eb52ea8d77d
This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.
Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
Previously FuseAppLoop instantiates Runnable for each command, which
causes lots of instantiation and GC.
Test: CTS
Bug: 35229514
Change-Id: Ifea098e5ade044b1a954c0b714c5b3270a95cd1a
This patch simplifies wakelock management by acknowledging that only one
acquisition at most is in flight at any time. This allows to remove the
serial number associated with wakelock acquisition and to avoid double
release when regaining a default network.
Example of $ adb shell dumpsys connectivity logs:
NetTransition WakeLock activity (most recent first):
03-31 00:15:13.816 - RELEASE (EVENT_CLEAR_NET_TRANSITION_WAKELOCK)
03-31 00:14:59.216 - ACQUIRE for NetworkAgentInfo [WIFI () - 101]
03-31 00:09:05.799 - RELEASE (EVENT_EXPIRE_NET_TRANSITION_WAKELOCK)
03-31 00:08:05.738 - ACQUIRE for NetworkAgentInfo [WIFI () - 100]
Test: watched wakelock section $ adb shell dumpsys connectivity while
turning on and off Wifi (with no other network).
Bug: 36703718
Change-Id: I899b0816c0e41b3991d9540e9b9a604914ff673a
