We keep track which process saw and account to whitelist
the app for future access as an optimization to avoid
prompting the user for account access approval. Some apps
use SefeParcelable where the parcels are marshalled
which does not allow the parcel to contain IBinders.
To avoid this we are switching from account tracker remote
objects to unforgeable tokens.
bug:31162498
Change-Id: I3b52bff720655f695ad0c58d420eb35ef93161b9
This patch defines a new metrics service for IpConnectivity events
defined in android.net.metrics, separate from currently existing
MetricsLoggerService.
Similarly to MetricsLoggerService, the new service has an event buffer.
It also implements a dumpsys interface that can be used to flush events
and output a serialized proto.
Bug: 31254800
Change-Id: I0c3faeb4008b283f85d9ba9460371fa68956ea3b
Sync adapters without an account access cannot run until the
user approves the account access (for the case the account
access is not allowed by other policy such as being singed
with the same cert as the authenticator). However, if the
sync adapter package already got the account from another
app which means it already saw the account we white-list
the sync adapter app to access the account as it already
saw it - the bird is out of the cage.
bug:31162498
Change-Id: I2b72f3b0d6307561ed68db2f2e9c900b15e8d098
also update all non-DAC builds to use the "referenceonly" flag for a cleaner output and faster build.
Change-Id: Iebd9791305479c5dc406ba3b81eaf076855bc632
When checking for the credentials, we add a new callback
onEarlyVerified which gets called as soon as we know that the
credential was correct.
In KeyguardUpdateMonitor, we track the unlocked state of the user,
and if it's still locked, we slow down all the transitions to allow
for a more gradual unlock experience.
Bug: 29007436
Change-Id: I406d228f9f3e41e07fe3292a61df175a7f579e4d
Add new offline-docs-referenceonly make rule.
And update online-sdk and offline-sdk to use the new site templates.
Change-Id: I1a9b8e3ff4973a147c6878092ae960a6980cb3d8
This is a follow up CL to my previous CLs [1][2] that introduced
InputConnection#commitContent(InputContentInfo, Bundle) API to enable
IMEs to send a content to the target application.
With this CL, IME developers are able to temporarily expose
InputContentInfo object to the target package without permanently
granting URI permission. Although calling IMS#exposeContent() is
allowed only for the IME that is currently selected, the client is able
to request a temporary read-only access even after the current IME is
switched to any other IME as long as the client keeps InputContentInfo
object.
Here is a sample code snippet about how to use this mechanism.
[IME]
InputContentInfo contentInfo = new InputContentInfo(
contentUri,
new ClipDescription(description, new String[]{mimeType}),
linkUrl);
exposeContent(contentInfo, getCurrentInputEditorInfo());
getCurrentInputConnection().commitContent(inputContentInfo, null);
[App]
try {
contentInfo.requestPermission();
// Load inputContentInfo.getContentUri() here.
} finally {
contentInfo.releasePermission();
}
[1]: Iaadf934a997ffcd6000a516cc3c1873db56e60ad
152944f4909c47917473293b258d266435c6ab35
[2]: Ica1ba3154795c1bf44e140dfe639b299f83cd8af
adebb52588b098a1af678d4e33a234ef1ce783b2
Bug: 29450031
Change-Id: I2772889ca01f2ecb2cdeed4e04a9319bdf7bc5a6
PCO is a container in data-call responses with a range
of optional fields devoted to carrier-proprietary signalling.
This change includes a class to contain this opaque info on
its way to carrier apps.
bug:28961371
bug:28567303
Change-Id: Ibfc304800bb3d5b8706d56c08400c1d0b4453a55
am: c25a9b0104
* commit 'c25a9b0104802454487ee6c428f9f070d389c02f':
Pass -yaml to ds builds to generate _book.yaml version of reference TOC.
Change-Id: Ib8ff6165cbcb1d3fb52611e9f5e61ac69a0083b6
am: 6049306d8c
* commit '6049306d8c0f88f78dbc097bfcc971b095c6a9a3':
Pass -yaml to ds builds to generate _book.yaml version of reference TOC.
Change-Id: I6b6a65147254b0d2ba5ec6aa52429819ddca9b77
We used the system proterties as a shared memory mechanism
to propagate information to local settings caches when the
content has changed and the cache should be cleared. The
system properties are unfortunately updated asynchronously
leading to cases where clients may read stale data.
This change adds a simple int array data structure backed
by shared memory which guarantees individual values are
atomically read and updated without memory tear. Multi-
index opearations are not synchronized between each other.
The settings provider is using the new data structure to
propagate the settings generation which drives when caches
are purged.
We have a single memory array keeping the generation for
different settings tables per user. Since memory array is
not a compact data structure and the user space exceeds
the memory array size we use an in-memory map from keys
to indices in the memory array where the generation id of
a key is stored. A key is derived by the setting type in
the 4 most significant bits and the user id in the 28 least
significant bits.
The mapping from a key to an index is cleared if the user is
removed and the corresponding index in the memory arry is
reset to make it available for other users. The size of the
memory array is derived from the max user count that can be
created at the same time.
bug:18826179
Change-Id: I64009cc5105309ef9aa83aba90b82afc8ad8c659
The PackageInstaller app manages side-loading apps as well
as permission management. It should be updatable, hence
should rely on system APIs to talk to the platform. This
is the first step of defining an API boundary.
Change-Id: I9814eafd0b22ae03b4b847a7007cdbf14c9e5466
- New service TVRemoteService triggered by SystemServer
- Provider service proxy and watcher for maintaining connections to unbundled
services which have the BIND_TV_REMOTE_SERVICE permission.
- Shared library to facilitate connections between unbundled service and
TVRemoteService.
- Unbundled service needs TV_VIRTUAL_REMOTE_CONTROLLER
permission to be fully functional.
b/23792608
Change-Id: Ief5c6995883d1f7268a73bdd0c920c4c3f42cddb
