Merge the CHANGE_NETWORK_STATE permission with WRITE_SETTINGS.
AndroidManifest.xml:
Raised the protection level of CHANGE_NETWORK_STATE permission from
normal to signature|appops and pre23|preinstall for compatibility
provider/Settings:
Wrote new helper methods to check if app is allowed to change network
state.
ConnectivityManager.java & ConnectivityService.java:
Replace enforcement checks for CHANGE_NETWORK_STATE with
checkAndNoteChangeNetworkStateOperations instead.
Change-Id: If8c2dd3c76a5324ca43f1d90fa17973216c2bcc5
1. When a permission is revoked we kill the app immediately but do
not do an immediate kill for shared uid processes. This fixes it.
2. Remove system APIs that are used only by the package installer.
bug:22984670
Change-Id: I3d4ae52ea8679f894aa7c5972941263903479183
Introduced signature-level permission android.permission.PEERS_MAC_ADDRESS.
It allows access to MAC addresses of WiFi and Bluetooth peer devices, without
having location permission or even if location is turned off.
Bug: 21852542
Bug: 22728628
Change-Id: If0ff80636e57b38dbedc8fcf5f520a3a6d6f734e
Add some new internal APIs to enumerate USB Type C ports, query their
status, determine whether they support changing power or data roles,
and doing so. The API also adds a new ACTION_USB_PORT_CHANGED broadcast
for port state changes.
The implementation includes a mechanism for simulating the behavior
of the USB stack. See 'adb shell dumpsys usb -h' for details.
Note that the underlying kernel driver interface is still subject
to change but its behavior has been encapsulated as much as possible.
Bug: 21615151
Change-Id: I0c853ae179248a4550b3e60d02a7a7e65e4546b2
The permission was lowered in protection level to normal
allowing apps to assess migration strategy. This change
makes the permission dangerous again allowing apps to
implement this strategy.
bug:22385299
Change-Id: I3694c06236a33b97f63761b48745b1df654a2bf4
Raised the protection level of WRITE_SETTINGS permission to appop and also
allowed backwards compatibility with pre23 flag. Also made sure that this
permission is not added as RuntimePermission in DefaultPermissionGrantPolicy as
that breaks a lot of gmscore stuff.
Introduced new action to manage write system settings as a new API and
renamed the string that describes the managing of overlay permission.
Change-Id: Ifd25a6ddc06de68ee37015cb9fb23452e4ef10f4
This allows fingerprint enrollment to be done from
system-installed apps, such as Setup Wizard.
Fixes bug 21695577
Change-Id: I990912dcf229aa03f6350f96a09ff4588b20ca48
This allows you to specify that a permission can be granted to
any pre-installed system app (not just privileged ones).
And as long as I am doing this, clean up the old "system" permission
flag, renaming it to "privileged" which is what it really is today,
deprecating the old names. And switch the platform's permission
declarations to use the new name.
Change-Id: Iabf484746af232144786851ec7fe90e3de9dddb2
Raised the protection level of WRITE_SETTINGS permission to appop and also
allowed backwards compatibility with pre23 flag.
Introduced new action to manage write system settings as a new API and
renamed the string that describes the managing of overlay permission.
Change-Id: I939a95b9a8b1ae75bf67aa6d8190c92a8d2001d3
Typical apps are restricted so they can only view shared storage
belonging to the user they're running as. However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.
Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps. Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.
Bug: 19995822
Change-Id: I504c2a179ba74f142ed0d32da5baa69f4212cd82
...to an explicit toggle to enable in Settings
Add a new permission flag, saying the permission can be automatically
granted to pre-api-23 apps. Apply this to SYSTEM_ALERT_WINDOW.
Change-Id: I24a0ceabe7e9f5e458a864d30eda2696ad14a699
to be manually enabled in Settings.
Raised the protection level of SYSTEM_ALERT_WINDOW from dangerous to
system|signature|appop. Added a new API in Settings for developers to invoke
the main configuration setting. Also added a new metrics in MetricsLogger.
Finally, also made changes to PhoneWindowManager to check the permission to draw
overlay properly.
Change-Id: I4a073e6f038b8b8d2fa5bd6ad60abda496be9701
1. Add the permission protection level in the java doc
2. Make some system permissions that are not mean to be
used by third-parties system API.
bug:21402257
Change-Id: Ic0ae8d6ca44dbbbf12848a9164acc0e908c90402
All options are sent to the VoiceInteractor once ChooserTargetServices
have reported in. We don't perform explicit progressive refinement or
filtering, but an explicit option picked will be invoked.
Also fix a lingering bug around being able to nested-fling the
resolver drawer closed.
Bug 21516866
Change-Id: I6b141f5fa87d74dccec9dcb88110630696e9c38e
Removing the read/write profile/social stream permissions as they
are not needed anymore. These permissions are for accessing data
nested in the conacts provider which is already guaded by the
read/write contacts runtime permissions. The removed permissions
would be in the contacts group which means they would not provide
more protection compated to read/write contacts. Also removing
the permissions voids the need for app op support for legacy apps.
Removed deprecated APIs for social streams as these were deprecated
and will go away in the next release. We want apps targeting M to
not be able to compile if still suing these APIs to help with
migration.
Change-Id: I26ed9055847af7f92c78eb0f4ac8f9f1aa616fcd
