Starting in R, there is a new public API overload that delivers a
flags argument. Some apps may be relying on a previous hidden API
that delivered a userId argument, and this change is used to control
delivery of the new flags argument in its place.
There are dozens of these hidden API users are in the system UID,
either in the system process or the Settings app, so we hard-code
giving them the legacy behavior, since refactoring would be messy
between internal and AOSP branches.
Also adjust incoming and outgoing method signatures to use slightly
more flexible Collection<Uri>, which has handy methods like
contains() and isEmpty().
Bug: 150939131
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest
Exempt-From-Owner-Approval: trivial refactoring
Change-Id: If6a77449e19215cf1c60d4217e62fc04b0959bfc
with appOp as String and options as Bundle
Bug: 139077993
Bug: 146423958
Test: Build
Change-Id: I5325e08d60016741139251813a5df9b42f2efc82
Merged-In: I5325e08d60016741139251813a5df9b42f2efc82
Make obtaining a visual service from non-visual Context instance
report a strict mode violation and print the stacktrace.
Make calling getDisplay() throw an exception if called on an instance
that is not associated with a display. For existing usages introduce
a new internal method that does not perform the verification until
the usages are properly fixed.
Bug: 128338354
Test: StrictModeTest#testIncorrectContextUse_GetSystemService
Test: StrictModeTest#testIncorrectContextUse_GetDisplay
Change-Id: Id25d590eca6e10066e55d7ed6436d3bc9e433beb
SystemTextClassifier that is backed by ExtServices
1. The default textclassifier is always provided by
config_servicesExtensionPackage (i.e. ExtServices)
2. OEM can specify a system text classifier by specifying
config_defaultTextClassifierPackage.
3. System text classifiers can get an instance of the default textclassifier
by calling TCS.getDefaultTextClassifierImplementation(), so that
they can add their customization on top of the default TCS.
4. If config_systemTextClassifierPackage is set, the specified package
is used to process requests from apps and the platform. Otherwise,
the default textclassifier is used.
5. For testing and droidfooding purpose, text classifier service package
can be overridden. If the overridden package is neither
the default one nor the system one, the package is considered as a
untrusted text classifier, which can only see requests from itself.
Test: m mts && mts-tradefed run mts-extservices
Test: Not setting config_defaultTextClassifierPackage. Select some text and
make sure smart selection works. Run dumpsys textclassification
to make sure the default TCS is bound.
Test: Setting config_defaultTextClassifierPackage and repeat the above.
Make sure the specified OEM text classifier is used.
Test: Set the service override config to be ExtServices.
Run dumpsys textclassification to make sure everything is unbound.
Select some text and make sure ExtServices is bound.
Test: Set the service override to be AiAi and repeat the above.
Test: Set the service to be something invalid and repeat the above.
Observe that no TC is bound and fallback to NO_OP.
BUG: 148049185
Change-Id: Ia2fb549fda49363e0d0ebc4b7e0d31cb76e11ee0
Make TCS.getDefaultTextClassifierImplementation returns a ...
SystemTextClassifier that is backed by ExtServices
1. The default textclassifier is always provided by
config_servicesExtensionPackage (i.e. ExtServices)
2. OEM can specify a system text classifier by specifying
config_defaultTextClassifierPackage.
3. System text classifiers can get an instance of the default textclassifier
by calling TCS.getDefaultTextClassifierImplementation(), so that
they can add their customization on top of the default TCS.
4. If config_systemTextClassifierPackage is set, the specified package
is used to process requests from apps and the platform. Otherwise,
the default textclassifier is used.
5. For testing and droidfooding purpose, text classifier service package
can be overridden. If the overridden package is neither
the default one nor the system one, the package is considered as a
untrusted text classifier, which can only see requests from itself.
Test: m mts && mts-tradefed run mts-extservices
Test: Not setting config_defaultTextClassifierPackage. Select some text and
make sure smart selection works. Run dumpsys textclassification
to make sure the default TCS is bound.
Test: Setting config_defaultTextClassifierPackage and repeat the above.
Make sure the specified OEM text classifier is used.
Test: Set the service override config to be ExtServices.
Run dumpsys textclassification to make sure everything is unbound.
Select some text and make sure ExtServices is bound.
Test: Set the service override to be AiAi and repeat the above.
Test: Set the service to be something invalid and repeat the above.
Observe that no TC is bound and fallback to NO_OP.
BUG: 148049185
Change-Id: Ia2fb549fda49363e0d0ebc4b7e0d31cb76e11ee0
Add Bundle parameter to createWindowContext method to allow
passing window-related options.
Bug: 128338354
Test: Build, auto test
Change-Id: I19cf9335068ecf94c9d94a99be0e8f1021f78e34
Context.getCrateDir() creates and returns the File for the
root of the crates for the application context. Any child directories
under the crates root in Context.getDataFile() is called
the crate directory.
For example:
/data/user/0/com.exmaple.app/crates/IAmCratedFolder/decentFiles
/data/user/0/com.exmaple.app/crates/IAmCratedFolder/decentDirs
Context.getCrateDir return the crate dir
--> /data/user/0/com.exmaple.app/crates/IAmCratedFolder
The crate dir
--> IAmCratedFolder
The decent directories or files are not crated folders
--> decentFiles, decentDirs
Test: atest CtsOsTestCases:android.os.storage.cts.StorageCrateTest
Bug: 141660526
Change-Id: If3ec1e121fb8f72bab5571d6190378e3ae208832
with appOp as String and options as Bundle
Bug: 139077993
Test: Build, GsmInboundSmsHandlerTest, CdmaInboundSmsHandlerTest and WapPushOverSmsTest
Change-Id: I60e21c7202d1bc7c5d28dfad2e2edde902f28a15
A few releases ago we added ContentResolver.QUERY_ARG_* constants
to query() as a new best-practice that will help wean us off raw
SQL arguments. (For example, a provider could add their own
custom arguments like QUERY_ARG_INCLUDE_PENDING to cause the query
to reveal pending items that would otherwise be hidden.) This
change expands update() and delete() to accept those arguments.
This change also expand insert() to accept extras too, as part of
preparing to support an upcoming MediaProvider feature that will let
apps place new media "adjacent" to an existing media item. (Sending
that adjacent item through extras is cleaner than trying to send it
through escaped query parameters.)
Bug: 131643582
Test: atest CtsContentTestCases
Change-Id: I436296155b9b5f371b4cbe661feaf42070285fcc
MediaProvider makes heavy use of Uri change notifications, which
currently need to be delivered one at a time through the Binder
interface. To optimize this, allow callers to provide a collection
of multiple Uris to notify with a single Binder call.
Bug: 134170767
Test: atest cts/tests/tests/content/src/android/content/cts/ContentResolverTest.java
Change-Id: Ifef778e88bb772b5580f70929c6f2e9c166d1c0e
android.test.mock is built with its own sources plus a small number of
framework sources that provides private APIs that the library's APIs
have references to. Previously, it was built with the entire framework
sources which is too many and should have slowed the build performance.
Bug: 141149570
Test: m
Change-Id: I165ffdfc053a71b323ef7058651d5908df06870f
This takes the Context#getFeatureId from the calling context and pipes
it all way through to the noteOp calls done by the content provider.
Bug: 136595429
Test: atest CtsAppOpsTestCases (new test added to capture this case)
TelecomUnitTests:CallLogManagerTest
ContentProviderClientTest
TelecomUnitTests:MissedCallNotifierImplTest
TelecomUnitTests:BasicCallTests
MediaInserterTest
PreferencesHelperTest
RankingHelperTest
PinnedSliceStateTest
FrameworksCoreTests:ContentResolverTest
Change-Id: I53b1035626229c920b353509a5bece157b52fb51
Without it, apps (mainline modules) will need to use createPackageContext...,
which is a bit painful.
Bug: 142472686
Test: atest android.content.cts.ContextTest#testCreateContextAsUser
Change-Id: Id640e03862462724df1a4a3101f0b08faafba22f
This change fixes a regression that java_sdk_libraries under
frameworks/base were built with all framework sources.
Bug: 141149570
Test: m
Change-Id: Iea1d2ae20ca1c5b514a52d8b2a22e8a1d7543efd
This change fixes a problem that entire framework source files are given
to metalava even when many of the source files are not for public. Using
the new property filter_packages, only source files that belongs to the
public packages are given to metalava.
This CL also changes the name of the filegroup 'framework-srcs' to
'framework-non-updatable-sources' to better describe its contents. In
addition, a build-time only library 'framework-all' is introduced. This
library produces a header jar for all framework sources for both
non-updatable and updatable parts. It is put to the classpath when
invoking metalava to give information on the hidden classes that were
filtered-out.
Bug: 140764681
Test: m
Change-Id: I6e16679109ac07820e35037754d4327442c014f2
droiddoc modules for the SDK API documentation and stubs library
generations have depended on the 'framework' (which was recently changed
to framework-minus-apex' module to get the list of Java source files to
be processed.
This however caused a circular dependency when we tried to modularize
some classes in the framework library as a separate library. The
separate java library depended on the stubs library (because it should
only use SDK APIs) and the stubs library depended on the framework
library. The framework library itself depended on the separated library
(or its stub) to use APIs from the separated library, thus forming a
circular dependency.
This change fixes the problem by directly giving the framework source
files via a filegroup `framework-sources-to-document` where all Java
and AIDL files that are to be documented are included in.
This change also put the generated R.java and Manifest.java files from
framework-res into the filegroup for framework sources.
Bug: 70046217
Bug: 135922046
Test: m
Exempt-From-Owner-Approval: Approved internally
Merged-In: I09ad88da47540d31ad089aad5e1151a4b6877ec2
(cherry picked from commit 20426538f85098552f52dffb40d0f7ffff7946d4)
Change-Id: I09ad88da47540d31ad089aad5e1151a4b6877ec2
droiddoc modules for the SDK API documentation and stubs library
generations have depended on the 'framework' (which was recently changed
to framework-minus-apex' module to get the list of Java source files to
be processed.
This however caused a circular dependency when we tried to modularize
some classes in the framework library as a separate library. The
separate java library depended on the stubs library (because it should
only use SDK APIs) and the stubs library depended on the framework
library. The framework library itself depended on the separated library
(or its stub) to use APIs from the separated library, thus forming a
circular dependency.
This change fixes the problem by directly giving the framework source
files via a filegroup `framework-sources-to-document` where all Java
and AIDL files that are to be documented are included in.
This change also put the generated R.java and Manifest.java files from
framework-res into the filegroup for framework sources.
Bug: 70046217
Bug: 135922046
Test: m
Change-Id: I09ad88da47540d31ad089aad5e1151a4b6877ec2
Java and AIDL source files under frameworks/base are now modularized
using filegroup. Each filegroup has 'path' property set to the base
directory of the ssource files. This allows us to not rely on
aidl.[local_]include_dirs and srcs_lib_whitelist_dirs to get the base
directories.
Bug: 70046217
Test: m
Exempt-From-Owner-Approval: Approved internally
Merged-In: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2
(cherry picked from commit b360931bf0f2d011dada18762829c0d0e47c54b6)
Change-Id: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2
Java and AIDL source files under frameworks/base are now modularized
using filegroup. Each filegroup has 'path' property set to the base
directory of the ssource files. This allows us to not rely on
aidl.[local_]include_dirs and srcs_lib_whitelist_dirs to get the base
directories.
Bug: 70046217
Test: m
Change-Id: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2
The new MediaProvider design has an internal dynamic security model
based on the value stored in OWNER_PACKAGE_NAME, so the OS always
needs to consult the provider when resolving Uri permission grants.
Blocking calls from the system process like this are typically
discouraged, but this is the best we can do with the limited time
left, and there is existing precident with getType().
For now, use "forceUriPermissions" as a proxy for determining when
we need to consult the provider directly.
Bug: 115619667
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I1d54feeec93fbb4cf5ff55240ef4eae3a35ed068
Added a version of the onPermissionUpdated and
onInstallPermissionUpdated methods which will notify
OnPermissionChangedListeners, and added this to the
PermissionManagerService "updatePermissionFlags" and
"updatePermissionFlagsForAllApps" methods. Also adds
OnPermissionsChangedListener to @TestApi
Fixes: 135937566
Test: atest PermissionUpdateListenerTest
Change-Id: I906598c366234c3daaa202261678bca04837cb13
This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
Add Shell permission for new CTS tests to test the multi-display
functionality in WallpaperService/WallpaperManagerService.
Bug: 123707989
Test: atest WallpaperManagerMultiDisplayTests
Test: atest ActivityManagerMultiDisplayTests
Change-Id: Id97db050a0b9d1940c2dfaa793fbe526df578105
Allow app to control the thread where ServiceConnection methods are
called on.
Bug: 111434506
Test: Used new bindContext method in chrome and checked callbacks
are on the correct thread.
Change-Id: I480e5bd6773a530fb9e8e73e3a2a2a88b76569ec
Fixes up the android.test.legacy target to stop using sources directly
now that the issue with android.test.runner-minus-junit not being able
to be built against the SDK has been resolved.
Also, fixes a couple of comments.
This reverts commit 7d7af10dc9057a49c617c7c97c174e8b4ec5008c.
Reason for revert: When this was originally applied it broke the
pi-dev-plus-aosp branch as it contained references to these targets.
Those references have now been removed.
Bug: 63127064
Change-Id: I619e92faf4cc38f8fd4f053bde832e9a76a2a2bf
Test: make checkbuild
For testing we often need to run shell commands. This can be done
today via running a shell command from an instrumentation test
started from the shell. However, this requires adding shell commands
which are not in the API contract, involve boilerplate code, require
string parsing, etc.
This change allows an instrumentation started from the shell to
adopt the shell UID permission state. As a result one can call APIs
protected by permissions normal apps cannot get by are granted to
the shell. This enables adding dedicated test APIs protected by
signatures permissions granted to the shell.
Test: cts-tradefed run cts-dev -m CtsUiAutomationTestCases
-t android.app.uiautomation.cts.UiAutomationTest#testAdoptShellPermissions
bug:80415658
Merged-In: I4bfd4b475225125512abf80ea98cd8fcacb6a1be
Change-Id: I4bfd4b475225125512abf80ea98cd8fcacb6a1be
