Adds the TrustManager system service that allows
registering for changes to the trust status and
reporting events that are important to trust agents.
Bug: 13723878
Change-Id: I7d0d2ea86fd755702d31aa5d49cac038a6cd4301
This isn't a straightforward conflict resolution. This code
has changed significantly. mSafeMode is now a flag on the activity
manager service, and is set when SystemServer calls enterSafeMode.
Change-Id: I1e8ff524566c5e44bb6bf3b138cdebb70004aca3
This field is written and read exclusively by the system server,
and should therefore belong to the SystemServer class.
Change-Id: I2708a9a45c0c9cd1a6f563e8cc5844bd8c424bf7
First cut of gathering implicit notification signals and computing
running stats.
Tracks:
1. Post, update, remove by apps
2. Click, dismissal by users
Stats are aggregated on user, user+pkg, and getKey() levels.
Current stats are printed as part of 'dumpsys notification'.
Change-Id: I06ecbf76e517509895f2f9eea5b9d19bf9a34975
* commit '1872ce3e7af0e2130a9e8f9f52983cd234f6ead0':
[ActivityManager] Fix a bug: unable to start activity after starting activities during screen off.
* commit '23fd13de62762e98c32f2b7525f01f0bcdf416fd':
Made secure-adb's new-public-key activity configurable. Some devices do not have lockscreens themselves, so the plan is to have them do RPCs to companion devices that can have lockscreens, for allowing or rejecting unwhitelisted adb public keys.
* commit '155e3133407e590f18e7e16eddc6fc743f35b0fd':
[ActivityManager] Fix a bug: unable to start activity after starting activities during screen off.
* commit 'f10d0399bf5f519dff414a9d195a0eaacb37f9b7':
Made secure-adb's new-public-key activity configurable. Some devices do not have lockscreens themselves, so the plan is to have them do RPCs to companion devices that can have lockscreens, for allowing or rejecting unwhitelisted adb public keys.
Some devices do not have lockscreens themselves, so the plan is to have them
do RPCs to companion devices that can have lockscreens, for allowing or
rejecting unwhitelisted adb public keys.
Change-Id: I6f7504313074e6748c0bd467a29ac3a311036f4d
* commit 'd511bc17d614b1291f1b85f84180c1db157d2790':
[ActivityManager] Fix a bug: unable to start activity after starting activities during screen off.
This change achieves a couple of things:
- Let Keyguard be a library, so we can use it in SystemUI.
- Introduce FLAG_KEYGUARD for windows and deprecate TYPE_KEYGUARD. Make
all the TYPE_KEYGUARD behaviour dependant on the flag.
- Implement a new KeyguardService in SystemUI, and bind that service
from PhoneWindowManager.
- Introduce BaseStatusBar.setKeyguardState and inflate
KeyguardSimpleHostView there and use FLAG_KEYGUARD for the window, such
that the status bar window essentially gets the Keyguard.
Bug: 13635952
Change-Id: I059d80d8b9b9818a778ab685f4672ea2694def63
vold will store password securely until KeyGuard requests it
and hands it on to KeyStore.
This is a revision of
https://googleplex-android-review.git.corp.google.com/#/c/418123/
which was reverted. It had two bugs in LockSettingsService.checkVoldPassword.
1) We were not checking password for null, which caused an exception
2) checkPattern/checkPassword return true if there is no saved pattern or password.
This leads to situations where we get true returned even when the password
doesn't match. Call the correct one based on what is there, not what vold
thinks ought to be there.
Bug: 12990752
Change-Id: I05315753387b1e508de5aa79b5a68ad7315791d4
Perform the relabel of the /data/data/<pkg> directories
when the app is being scanned by the PMS. The impetus
for this change was that the data directories of forward
locked apps were receiving the wrong label during an
OTA. Because the PMS doesn't actually scan forward locked
apps til later in the boot process, the prior restorecon
call was actually applying the default label of
system_data_file for all such apps. By performing a
restorecon on each individual app as they are entered into
the PMS we can handle them correctly. This mechanism also
allows us to pass down the seinfo tag as part of the
restorecon call which drops our need to rely on the contents
of packages.list.
Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Passing in the name of an actual admin should be enough to pass the
security check as it was. This is now fixed as the caller is not
given the opportunity to spoof its own name any more.
Change-Id: Id8be4ca4c8bf3751a1ee8125cf119fa100c81d22
The android.security.cts.ServicePermissionsTest--testDumpProtected test was
failing on this service because it is looking for the permission name in the
denial message.
Change-Id: I4b4d38cd27b782470d1f21e36104164d2c8962a3
Signed-off-by: Adam Hampson <ahampson@google.com>
When a Display has been removed there is a delay until all of its
windows have been removed. Therefore there is a possibility that
WindowState.getDisplayContent() returns null. Guard against that
possibility.
Fixes bug 13616765.
Change-Id: Ia2074d293b0e1bd4ca2cd14aeb4a2cc09ed9f41e
...and now fail conservatively when two apps both attempt to define
the same permission. Apps signed with the same certificate are
permitted to redefine permissions.
We also finally have a (hidden) interface class for observing package
installation so that we can now rev the interface without breaking
existing callers.
Bug 13551375
Change-Id: Ifa4e59154dcccbb286ee46a35a6f25e4ad0f0f01
