The modules 'framework', 'framework-minus-apex', 'framework-all' contain
private symbols that shouldn't be accessible to Mainline modules.
Restrict the access by making the framework modules to be accessible
only to the platform (the non updatable part).
Bug: 145796956
Test: m
Merged-In: I08cb61a67aef88ffe04ef52670144e1cbeff3cf9
Change-Id: I08cb61a67aef88ffe04ef52670144e1cbeff3cf9
FileDescriptor type in AIDL was translated into const unique_fd& in C++.
Now, it is unique_fd, i.e. passed by value, to make it easier to keep it
beyond the scope of the call.
Bug: 144943748
Test: m
Exempt-From-Owner-Approval: cherry-pick from internal
Merged-In: I2b87761401361f9cf96cdda070f26e70a5c6c935
(cherry picked from commit b8ba23418aa6868ec14e82c29311021e382a19bc)
Change-Id: I2b87761401361f9cf96cdda070f26e70a5c6c935
In previous design, interface quota limit does not changed
when network stats are updated. However, this is incorrect
today since there are some offloaded traffic that cannot
be seen by kernel. If the limit is not updated, the offloaded
traffic might still be able to use whole quota as if there is
no embedded traffic.
This change also removes the re-arm global alert after
advising persist threshold if not changed, given that it will
cause an additional alert while updating interface quota limit.
Bug: 145792619
Test: 1. atest NetworkStatsServiceTest
2. atest NetworkPolicyManagerServiceTest
3. manual test: run speedtest, check dumpsys netd
Change-Id: I8d2203e713730d536430a234b1aa8b2468badee3
Since tethering is moved from systemServer to networkStack
process, it would lose privileged capability. Grant privileged
permissions for tethering individually. Grant MANAGE_USB to control
usb rndis function. Grant MODIFY_PHONE_STATE to know whether DUN
is required. Grant READ_NETWORK_USAGE_HISTORY to update tethering
usage. Grant UPDATE_APP_OPS_STATS to check WRITE_SETTINGS permission.
Bug: 144320246
Test: -build, flash, boot
-atest TetheringTests
Change-Id: Id6e71b58e027d6ba90551084367ef881652c2555
Tidy up changes for TimeZoneDetectorStrategy that were noticed while
debugging / making changes to TimeDetectorStrategyImpl.
Bug: 140712361
Test: manual / treehugger
Change-Id: I17a5d91f6864d702599834058694ae3de53173d0
The annotation processor is being modified to produce an intermediate
output that will then be processed to produce the config that ends up on
device. As such, using XmlWriter in frameworks test code no longer makes
sense.
Instead, hard-code XML config in the test to break this problematic
dependency.
Test: atest CompatConfigTest
Change-Id: I371ba32bd83d6a84de94d594169dbb5c63f3d9be
Merged-In: I371ba32bd83d6a84de94d594169dbb5c63f3d9be
Add an additional loading path which is used for libs permission
xml providing from Cronet apex module.
Bug: 145474221
Bug: 139397529
Test: build
Test: manual test with Cronet
Change-Id: I103539a45fe9182f84a79bfe45a6172d94068690
Merged-In: I02541eb2d4808d69ab8cb2d6a48cf8aaa39c86dc
Grant TETHER_PRIVILEGED permissions to the shell identity
for use within CTS tests.
Bug: 145490751
Test: atest CtsTetheringTest
Change-Id: Ifad265cdc5e0b1b1b2fa8f4f79eeb7dd18493624
Merged-In: Ifad265cdc5e0b1b1b2fa8f4f79eeb7dd18493624
We have decided to reuse the existing annotation @SystemApi for all Java
APIs regardless of whether they are for apps or platform internal
modules. This was because introducing new annotation types every time
when we have to create new API surfaces will only increase the confusion
without giving much benefit.
Instead, to differenciate the different API surfaces of @SystemApi, the
annotation type is parameterized. Specifically, it has to axises.
client: specifies the intended client of the API.
process: specifies the process(es) that the API is available.
The default for client and process are priv-apps and all, respectively,
which corresponds to the today's @SystemApi for privileged apps like
GMS.
Exempt-From-Owner-Approval: cherry-pick from internal
Bug: 140202860
Test: m
Merged-In: I3305b71e22970e80db95f3daf3d7713603c7d68d
(cherry picked from commit 119afc0695cf7632700119bab62a965793c34fd1)
Change-Id: I3305b71e22970e80db95f3daf3d7713603c7d68d
* changes:
IKE Session API changes in setting CA cert and retrieving vendor ID
Child Session API changes in configuring and retrieving internal address
Platform VPN profiles keyed by apps must use a different key prefix to
prevent the Settings app from seeing them (and thus exposing potentially
sensitive credential information). Thus, the profiles will be
partitioned as follows:
Custom (Settings-app) based profiles continues using VPN_* prefix
App provisioned profiles will use the new PLATFORM_VPN_* prefix
Bug: 144245359
Test: Compiles, FrameworksNetTests passing
Change-Id: If8762e468c6cbbeb80738f14b066ebbad5cc665f
services-stubs is a stubs library for services.jar. It provides the
in-process APIs that's available inside the system server process
running services.jar.
Currently, all APIs in the jar are hidden by annotating
com.android.server package with @android.annotation.Hide. To add some
APIs,
1) remove package-info.java for com.android.server
2) add package-info.java for other sub packages
3) annotate them with @android.annotation.Hide except for the package
where the newly added APIs are in
This change also added android.annotation.Hide class which can be used
to hide an API without using the @hide javadoc tag. This opens up the
possibility of running metalava over the compiled jar, which is expected
to be much faster than when ran with source files.
Bug: 139391334
Test: m
Test: m services-stubs
Exempt-From-Owner-Approval: cherry-pick from internal
Merged-In: I027b8a22b3e7533f6203aabb9dc3f690e4e842a6
(cherry picked from commit abc72e45c647d6f617ce90b7a5d4a3121c0aa87d)
Change-Id: I027b8a22b3e7533f6203aabb9dc3f690e4e842a6
* changes:
MediaSessionManager: Split abstract class Callback into interfaces
MediaSessionManager: Use Executor instead of Handler
Allow to register multiple callbacks in MediaSessionManager
