These are permissions that an application can request, but won't
normally be granted. To have the permission granted, the user
must explicitly do so through a new "adb shell pm grant" command.
I put these permissions in the "development tools" permission
group. Looking at the stuff there, I think all of the permissions
we already had in that group should be turned to development
permissions; I don't think any of them are protecting public APIs,
and they are really not things normal applications should use.
The support this, the protectionLevel of a permission has been
modified to consist of a base protection type with additional
flags. The signatureOrSystem permission has thus been converted
to a signature base type with a new "system" flag; you can use
"system" and/or "dangerous" flags with signature permissions as
desired.
The permissions UI has been updated to understand these new types
of permissions and know when to display them. Along with doing
that, it also now shows you which permissions are new when updating
an existing application.
This also starts laying the ground-work for "optional" permissions
(which development permissions are a certain specialized form of).
Completing that work requires some more features in the package
manager to understand generic optional permissions (having a
facility to not apply them when installing), along with the
appropriate UI for the app and user to manage those permissions.
Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
1. Added methods to the ActivityManagerService remote interface
that allow accessing content providers outside of an application.
These methods are guarded by an internal signature protected
permission which is given to the shell user. This enables a
shell program to access content providers.
2. Implemented a shell command that takes as input as standart
fagls with values and manipulates content via the content provider
mechanism.
Change-Id: I2943f8b59fbab33eb623458fa01ea61a077b9845
SerialManager: provides access to serial ports
SerialPort: for reading and writing data to and from serial ports
IO with both array based and direct ByteBuffers is supported.
Accessing serial ports requires android.permission.SERIAL_PORT permission
Each platform must configure list of supported serial ports in the
config_serialPorts resource overlay
(this is needed to prevent apps from accidentally accessing the bluetooth
or other system UARTs).
In addition, the platform uevent.rc file must set the owner to the
/dev/tty* files to "system" so the framework can access the port.
Signed-off-by: Mike Lockwood <lockwood@android.com>
Services now must explicitly opt in to being accessed by isolated
processes. Currently only the activity manager and surface flinger
allow this. Activity manager is needed so that we can actually
bring up the process; SurfaceFlinger is needed to be able to get the
display information for creating the Configuration. The SurfaceFlinger
should be safe because the app doesn't have access to the window
manager so can't actually get a surface to do anything with.
The activity manager now protects most of its entry points against
isolated processes.
Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
Add a system permission to enable the use of any installed
media decoder when decoding for playback (as opposed to transcode).
Change-Id: Ifb10a5fa8d5663a78ccbb5fa8266ad6535c234f2
This is a manual merge of a change going in to ICS-FactoryROM.
These permissions are needed to separate the (potentially invasive)
access to the user's social stream from the existing read/write
contacts permission.
Per discussion with Android release team, we are also hiding the
stream item API until we figure out a better way to guard the data.
Bug 5406886
Change-Id: I8339d743c3ebe8923c7ee47f2900444efcf82a52
- made the UI match the spec
- added ability to force the account chooser to appear
- added ability to pass in a description that will override the stock one
- added ability to pass in requiredFeatures for addAccount
- added ability to pass in an authTokenType for addAccount
Bug: 5293377
Change-Id: I243c0fd6598c943b1f65753e1f5d3c86629f64f5
A core app is one that has coreApp="true" in its manifest tag.
The system can successfully boot (though a little painfully) with
only framework-res.apk, SettingsProvider.apk, SystemUI.apk,
DefaultContainerService.apk, and Launcher2.apk set as core apps.
Currently this boot mode is always turned off.
Change-Id: Ieaa4a8031c2c391a12996aa8d8b1d65fc2b09d6b
The resolver activity was hiding the following activity from recents.
Also some other fixes: a little better memory use debugging, removed
some unneeded code from window manager, moved some system activities
into their own process, added some more running process information for
manage apps.
Change-Id: I66687d16989ff965d524b92dc360f37c19199717
These intents are sent by Bluetooth-Pbap app which doesn't
have the system uuid. Instead protect with admin permission
on the reciever side.
Change-Id: Ibb788e1526108909b5a3b15462ac3a008b041613
Protects us from apps getting packet snooping ability
(ie, routing all your traffic through their server by
modifing your APN settings). We may eventually revert this
if/when we have time to provide a proper API and scary UI
like VPN has.
bug:5242750
Change-Id: I71d73807ca5268c6aacc2156839b4d11427048c4
New broadcast that is dispatched immediately after connectivity
changes have been handled by ConnectivityService, bypassing any
applicable CONNECTIVITY_CHANGE_DELAY.
Also protect CONNECTIVITY_CHANGE broadcasts, since they should only
be sent by system.
Bug: 5198167
Change-Id: I75f1fb44b21da1879f0ab960bcaa481126d70fde
- Add methods to TelephonyManager to provide access to IMS records on
the ISIM application of the UICC, as well as access to the ISIM
AKA authentication algorithm.
- Add support for the new IMS methods to CDMALTEPhone, using the helper class
ImsUiccRecords to load the IMS records from the ISIM. The same approach
can be used to implement IMS support for UMTS/LTE devices.
- There is a new RIL request, RIL_REQUEST_ISIM_AUTHENTICATION, which is
used to perform IMS AKA authentication using the algorithm on the ISIM
application of the UICC. The challenge nonce and response are both encoded
as Base64 strings.
Change-Id: I73367c7d9bc573d0d883d68adf09891de1319129
When the phone dialer sends an sms, it will use the Messaging app.
That way the sent messages will end up in the messaging provider db
and sending will be more reliable. Currently, the phone dialer
uses the SmsManager directly. For now, the feature is only
available to system apps and the permission is private. Bug 4563486
Change-Id: I10f7e1042683164ee61d01a2aaf738d19084da72
READ_WRITE_OWN_VOICEMAIL sounds a confusing name. Dianne recommened to
rename it to ADD_VOICEMAILS as this simply allows 3rd party apps to add
new voicemails to the system. The fact that we allow the app to acces
only its own voicemail is implicit and need not be highlighted in the
permission name. See bug: 5098551 for more details
This CL implements the 1st step of this change by adding the permission
ADD_VOICEMAILS. A follow up CL will remove READ_WRITE_OWN_VOICEMAIL once
content provider and contacts app have been modified to start using the
new ADD_VOICEMAILS permission instead.
Bug: 5098551
Change-Id: I515e7967bdb0e8498a60a32983f9122ce10dcc4a
Nice to not load 4MB bitmaps in the system process.
Also, hey, with how we are now scrolling the surface instead of
the bitmap, there is no reason to keep that 4MB bitmap loaded in
to memory. So don't.
Unfortunately it looks like for some reason the VM is still
holding on to the bitmap. I'll need to figure out why. Later.
Change-Id: Ib3503756144502fc5c8d5e294248c2417c4fe8c8
Bug: 4176026
This CL inherits https://android-git.corp.google.com/g/112600
Spec of TextServiceManager
- Chooses the most applicable TextService(e.g. SpellCheckerService, WordBreakIteratorService..)
for each locale
Spec of SpellCheckerService
- Returns whether the given string is a correct word or not
- Returns Suggestions for the given string
Change-Id: Iaa425c7915fe70767ad0b17bf6c6fbcd2a1200b2
This permission is meant to be a 'signature' permission and to be used
only by the contacts app. We recently moved it to framework/base as part
of opening up voicemail api into the SDK. However, the signature of
framework is different from contacts app. Consequently the contacts app
is not granted READ_WRITE_ALL_VOICEMAILS permission. This makes the
contacts app crash on start.
This fix removes the READ_WRITE_ALL_iVOICEMAILS from framework/base so
that the one defined in contacts provider is then used by the system.
Bug: 5054221
Change-Id: Iaa7a23fe95b0142978eff124e25fe2291dc7d212
This is a new content provider implemented to add visual voicemail
support in android.
Voicemail content provider is the central repository for storing
voicemails inserted by various voicemail sources. The content provider
also exposes a status table to let the voicemail source application
convey its current status to the system.
The primary application that reads from this content provider is the phone app.
The phone app shows voicemails along with other call entries within the
call log and optionally any relevent message about the voicemail source
status.
The implementation of this content provider can be found at
https://android-git.corp.google.com/w/?p=platform/packages/providers/ContactsProvider.git;a=blob;f=src/com/android/providers/contacts/VoicemailContentProvider.java
Change-Id: I8ad46aec20c70684f7bfa45530bbb90dd841d81a
New methods for full backup/restore have been added to BackupAgent
(still hidden): onFullBackup() and onRestoreFile(). The former is the
entry point for a full app backup to adb/socket/etc: the app then writes
all of its files, entire, to the output. During restore, the latter
new callback is invoked, once for each file being restored.
The full backup/restore interface does not use the previously-defined
BackupDataInput / BackupDataOutput classes, because those classes
provide an API designed for incremental key/value data structuring.
Instead, a new FullBackupDataOutput class has been introduced, through
which we restrict apps' abilities to write data during a full backup
operation to *only* writing entire on-disk files via a new BackupAgent
method called fullBackupFile().
"FullBackupAgent" exists now solely as a concrete shell class that
can be instantiated in the case of apps that do not have their own
BackupAgent implementations.
Along with the API change, responsibility for backing up the .apk
file and OBB container has been moved into the framework rather than
have the application side of the transaction do it.
Change-Id: I12849b06b1a6e4c44d080587c1e9828a52b70dae
Introduces new "net_bw_stats" group which will protect reading
detailed bandwidth statistics from the kernel. Also introduce
"net_bw_acct" group which will enable specific applications to
request that their network traffic be counted against other UIDs.
This change associates manifest permissions with the low-level GIDs.
Change-Id: If3fc28053afda201ff305d798a8878ff1f35b997
Bug: 4176026
Spec of TextServiceManager
- Chooses the most applicable TextService(e.g. SpellCheckerService, WordBreakIteratorService..)
for each locale
Spec of SpellCheckerService
- Returns whether the given string is a correct word or not
- Returns Suggestions for the given string
Change-Id: Ia25e7b4f308778891929e31b8cbd741f6848cce4
Define NetworkPolicy as cycle-reset day and warning/limit values, and
set/get through NetworkPolicyManager. Watch ConnectivityManager for
network connection events, and apply quota rules based on matching
interfaces. Policy service matches based on strong identity to support
IMSI-specific policy values.
Calculates remaining quota based on current stats recorded since the
last reset cycle day. Tests to verify edge cases around February.
Persist network and UID policies in XML, and restore on boot.
Change-Id: Id40ba7d6eed6094fbd5e18e6331286c606880d80
The user's profile is represented as a single Contact, comprised of
Raw Contacts which may be contributed from any accounts the user has on the
system.
Two new permissions have been added: READ_PROFILE and WRITE_PROFILE. These are
required for reading or writing any contact data that is designated as part of
the user's profile.
Contact queries can include the user's profile data by setting the
include_profile URI parameter to 1 (this requires READ_PROFILE access). By
default, the user's profile data will not be included in any Contact queries.
Change-Id: I25616f59622dbb157032c9c435064eb36af6e8e1
