The previously used permission was doing double duty as the permission
that device admins to check for to ensure that calls are coming from valid
system components.
MANAGE_DEVICE_ADMINS is system|signature and is now required to add/remove
device admins.
Required for:
Bug: 9856348
Change-Id: I64385d2ec734c3957af21b5a5d9cffd8a3bcd299
Add the manifest entries for the net_mark group that protects marking
traffic as from another user in per user routing.
Change-Id: I97932a9e407467a7adc733caea8746a712bc6b68
Add an intent to invoke a native carrier setup app. This is paired
with the INVOKE_CARRIER_SETUP permission, though it is up to the app
to enforce that callers hold this permission.
Change-Id: I317a40675de7e9587de23c028459be2331a2f8a2
I made the power manager more rigid, not allowing different uids
to use the same wake lock. This never should happen. I would
guess there is somewhere that the activity manager is acquiring
the wake lock without clearing the calling identity... but it is
hard to follow all the paths this may happen in. So here we add
some checks when acquiring/releasing the wake lock to make sure
it is being done as the system uid.
Also:
- Protect the new activity stack calls with a permission, and
make sure to clear the calling uid once past that.
- Collect uid data from process stats so we can correctly
associate CPU use with a uid even if we don't know about the
pid for some reason.
- Fix battery stats dump commands to clear calling uid before
executing so they aren't broken.
Change-Id: I0030d4f7b614e3270d794ecfc3669139a5703ce9
- Sending a broadcast indicating when scan requests could be serviced so that
apps don't request scans we won't do anything with.
- Fix our batt stats accounting so we only count it if we send the request to
the driver.
bug: 8868201
bug: 9496690
Change-Id: I64a4f1c294c848ac64c50d8854ed4a6a1a47f603
Introduces a new "blocked" state for each package. This is used to temporarily
disable an app via Settings->Restrictions.
PIN creation and challenge activities for use by Settings and other apps. PIN
is stored by the User Manager and it manages the interval for retry attempts
across reboots.
Change-Id: I4915329d1f72399bbcaf93a9ca9c0d2e69d098dd
Introduces new DocumentsContract which storage backends must
implement. Backends surface a simple directory-like organizational
structure that enables a document to appear at multiple locations in
that hierarchy. Querying a document or the contents of a directory
will return a Cursor populated with DocumentColumns, which includes
simple metadata.
Adds new OPEN_DOC and CREATE_DOC Intents, and permission to protect
storage backends.
Change-Id: Ib4984bc980182b2cedbe552908e5be94604ef085
With this change, the system process will put up a scrim in the
event keyguard crashes to protect underlying content.
It also adds permission checks to prevent unathorized access
through the binder APIs.
Cleaned up KeyguardTestActivity to build separately.
Removed unused resources.
Change-Id: I9e370c6bfb7dca68eae9eae304c815fb84a753d2
This system-only permission allows a service to disable the transmit LED
when a camera is in use.
Bug: 8554573
Change-Id: I64f7e3fcdc8ded8be3904650bd0c91d3b8f10dd4
Accessibility services can perform special operations such as retrieve
the screen content, enable explore by touch, etc. To ensure the user
is aware that the service will perform special operations we were using
permissions. However, the special operations cannot be performed unless
the service is really enabled by the user and it is at this point that
we want to notify the user about the service capabilities.
This change adds capability attributes to the accessibility service's
meta-data XML file. The service has to declare the capability and when
it is enabled we show the user the capabilities in the warining dialog.
bug:8633951
Change-Id: Id3442dc71dad018e606888afdc40834682fdb037
This covers the scenario where an app doesn't find an account of the
required type and requests the account manager to add one of that
type.
Bug: 8537648
Change-Id: I4d9c8842c2d90aa668f16034d3db007dc61714b8
This is the best and only way for apps to listen for
notifications: create a NotificationListenerService, wait
for the NoMan to bind to you (as a result of the user
checking a box somewhere in Settings and agreeing to a
scary dialog box), and you'll start receiving notification
posted and dismissed callbacks. Your service, while enabled,
will also be able to clear one or all notifications.
Use this power wisely.
This change moves StatusBarNotification out of
com.android.internal into android.service.notification.
[Internal customers, including System UI and early users of
the system-only listener binder API, will need to be
updated.]
Bug: 8199624
Change-Id: I1be46f823d4b3ddc901109ec1e085cd6deb740c2
Protect app widget broadcasts from abuse.
In this case the app was sending an APPWIDGET_UPDATE broadcast
without specifying a target, which (a) should not be allowed (you
should not be able to send updates to other apps), and (b) resulted
in every single potential app widget in the system being launched...
which was about 75 of them.
Change-Id: I9d48733610ce6d5a7c32e69a3e06b9f33bd79a34
