Uses ParsingPackageImpl to generate the PackageInfo for
PackageManager's getPackageArchiveInfo API.
This keeps the migration to v2 hidden and thus the API can
be shipped for this release and then deprecated entirely
if necessary.
Exempt-From-Owner-Approval: Has approval on previous patchsets,
will need non-logic updates to resolve merge conflict and CP
into rvc-dev properly
Bug: 135203078
Bug: 146575910
Bug: 153880854
Test: atest com.android.server.pm.parsing
Test: atest android.content.pm.PackageManagerTests
Merged-In: Ib21dbbdc556502144df8e3d7a26b7a9d33885cd9
Change-Id: Ib21dbbdc556502144df8e3d7a26b7a9d33885cd9
This change checks across all users for the calling uid when doing the
permission check.
Test: Will test in droidfood
Bug: 153868618
Change-Id: Ic599315444212119ce4cb9ac1b06147e9cf19ef3
The initial focus for AlertDialogs in non-touch mode is the positive
button. However, in the PackageInstaller confirmation dialog, the
positive button is initially disabled to prevent tap jacking.
To provide users in non-touch mode with a sensible default focus, put
initial focus in non-touch mode on the cancel button.
Bug: 152026824
Test: On Android TV, with a remote:
1. Install file explorer app
2. Push another apk to device
3. Use file explorer to start apk installation
4. Verify "Cancel" button is focused
Test: Doing the above with touch does not lead to any visible focus
Change-Id: Iafec25df23c45171c450f5f42cc5da9bf0087ae4
Rename the method to setBlockable. Also rename isBlockableSystem in the
same way.
Fixes: 151311073
Test: atest NotificationChannelTest
Change-Id: Ie25f8aed3c22b74d9ad2329863c4ffebbace03f7
This change makes PackageInstaller visible to all apps on device.
Fixes: 150758101
Test: atest RequiredComponentsTest#testPackageInstallerPresent
Change-Id: Ic5eaa97513de3f57fbe7c2ce029d3b64113cee07
Today, the package manager largely routes any permission related
method to the PermissionManagerService. But, PermissionManagerService
is a service in name only. Instead, we will make the
PermissionManagerService a real service and direct API calls directly
to it.
We will likely need to maintain all of the public permission APIs
that already exist on PackageManager. However, the public -> private
implementation will go directly to PermissionManagerService.
Bug: 135279435
Test: Manual. Device boots
Change-Id: Ia4992ba6d1f4b9050db98c7d7647d51a5d45fcbe
It is allowed to install a package via a "package" URI. This means that
if a package with the same name is already installed (for any user), please
(re-)install it for the current user.
This was broken as mPackageURI.getPath() does not work for such package
URIs. This call is only needed when we need to show UI, but for package
URIs we don't even new UI, hence we can move it for the "content" path.
Test: atest CtsPackageInstallTestCases
Bug: 117768093
Change-Id: I58d3abde22ae0a77aabe5068680fd0148d799776
Some system apps may download unknown content and the user should
be explicitly asked whether they trust these files. System apps should
explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check.
Test: Builds, boots, existing tests pass:
atest CtsPackageInstallTestCases
Locally verified they pass if CtsPackageInstallTestCases.apk was signed by
the platform cert.
Bug: 123700348
Change-Id: I2578251906f6656b83464d1c4fc4db99165841c9
This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
