Due to the migration to synthetic passwords, the 'token' parameter to
unlockUserKey() is no longer needed. Remove it.
Note: I didn't change unlockUser() in IActivityManager because it is
marked with UnsupportedAppUsage, so it might not be safe to change the
method signature. It now just ignores the 'token' parameter rather than
passing it down the stack.
Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: I35ce09412f47f2f2a17a371d518a0a518b70bfb6
(cherry picked from commit b1bcec9c7d3aa97e39f71cc3ac821656d8b0b981)
Merged-In: I35ce09412f47f2f2a17a371d518a0a518b70bfb6
Due to the migration to synthetic passwords, the 'token' parameter to
clearUserKeyAuth() is no longer needed. Remove it.
Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: I739b519b0e91293acbf018020891d68b3090c175
(cherry picked from commit 2a8ab4778297852738f94ea5dd3f1e6ff9ab9416)
Merged-In: I739b519b0e91293acbf018020891d68b3090c175
Due to the migration to synthetic passwords, the 'token' parameter to
addUserKeyAuth() is no longer needed. Remove it.
Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: I06e7c36787cc7f384acb7742737c3b1cfa50f0ae
(cherry picked from commit 6b220a95e9bcb25e103bc0cb3dc4f4bc18c3e137)
Merged-In: I06e7c36787cc7f384acb7742737c3b1cfa50f0ae
While at first glance it looks like this is still needed, actually the
support for HardwareAuthTokens was already removed from vold in Android
12, so this cannot actually be doing anything.
Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: I3c176ba282f4c7901dd09fe3d66cfd380794fb48
(cherry picked from commit 3654b097b179289fe41a7647dadf8404e72bbb87)
Merged-In: I3c176ba282f4c7901dd09fe3d66cfd380794fb48
This code is no longer used, since the migration to synthetic passwords
is always enabled.
Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: Ieefffb2641f5c12dfcd7556f529830328e8ba292
(cherry picked from commit 2dd97def291b392e85080ba9ab84734dd2bed8af)
Merged-In: Ieefffb2641f5c12dfcd7556f529830328e8ba292
There is no longer any need for FakeStorageManager to keep track of
hardware auth tokens, since they aren't used for real anymore.
Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: Ida3a989ecea974fe79568e381cf0e6ff3fe1f1eb
(cherry picked from commit 2e10d6394a32c5ebaa114569932ab8a255636673)
Merged-In: Ida3a989ecea974fe79568e381cf0e6ff3fe1f1eb
Now that FDE is no longer supported, remove the FDE-related methods from
StorageManager that are no longer called.
Bug: 208476087
Change-Id: Ic24a5b029bdf51dec622d1b70cef9ef26c3d54c5
(cherry picked from commit 41fa601601ecb094fd813ac4c01356045c34cf88)
Merged-In: Ic24a5b029bdf51dec622d1b70cef9ef26c3d54c5
Now that FDE is no longer supported, checking the FDE password cache
will never accomplish anything. Remove this check from Keyguard, and
remove the supporting code from LockSettingsService.
Bug: 208476087
Change-Id: If1bb80dfcc015aeea19916a88c89a4067e6ada32
(cherry picked from commit e9b69111b203bec8266f096a0fec942b570da97a)
Merged-In: If1bb80dfcc015aeea19916a88c89a4067e6ada32
The deviceIsEncrypted() methods in BackupRestoreConfirmation.java and
UserBackupManagerService.java only return true if the device is using
FDE (Full Disk Encryption), for which support has been removed in favor
of FBE (File Based Encryption). Therefore, the logic to require a
backup password no longer applies to any device.
Remove this logic to simplify the code.
It is possible that this was actually a bug, and this logic should have
applied to FBE devices too. But given that the code has worked this way
for years, and there isn't necessarily a logical connection between
whether the device is encrypted and whether a backup *must* be
encrypted, I decided not to change the current behavior.
Bug: 208476087
Test: 'adb backup' and 'adb restore' still work.
Change-Id: Idc72d2a4c3e8bfa10a32cdc57884159b37635e81
(cherry picked from commit d5b040ed643948dd892f4ad8e2d0f3cfa8d4613d)
Merged-In: Idc72d2a4c3e8bfa10a32cdc57884159b37635e81
This reverts commit 59a56500c0c8171427852a0ff95de9622807745c.
- Iorap is being removed and relevant scripts need to be remove, too.
Bug: 214108410
Test: build okay
Change-Id: I560a66eec4050d60b74ad325328128cd3e299662
Merged-In: I560a66eec4050d60b74ad325328128cd3e299662
(cherry picked from commit 25adac3ba6bf88d8966e592e0cd68c6923c913c4)
Ethernet framework and service source code is going to be moved to
Connectivity mainline module, this CL contains below corresponding
changes to adapt the migration in f/b side:
1. Split out ethernet module-lib APIs to Connectivity module.
Add the ethernet resource filegroup to tiramisu-updatable-sources
filegroup as well, build them together. Also update the module-lib
and system api txt to reflect the APIs change. Remove the hidden
APIs which are moved to Connectivity module. This removal fixes the
api inconsistent issue with Tethering/apex/hidden/.
2. Remove EthernetService from SystemServer which will be registered
from ConnectivityServiceInitializer.
3. Replace the BackgroundThread class(imported from f/b/core/java)
with the one in the modules-utils-backgroundthread lib, which is
visible to Connectivity module.
Bug: 210586283
Test: m
Test: atest FrameworksNetTests EthernetServiceTests
Change-Id: I3e13cb9c0e348333af295c2537d459aa6700ff17
Merged-In: I1956848d3248cc56e9841d221e5e4c160bed65a4
Complementing new safer Bundle APIs introduced in aosp/1988908.
Test: Working on CTS
CTS-Coverage-Bug: 224457848
Bug: 224457848
Change-Id: I1d2b15d1214f2bd2eccade45693365098200ae01
Starting from Android 13, the TCP buffer size is fixed after boot up,
and should never be changed based on carriers or the network types.
The value should be configured appropriately based on the device's
memory and performance. It is recommended to use lower values if the
device has low memory or doesn't support high-speed network such like
LTE, NR, or Wifi.
Bug: 213596972
Test: Manual
Merged-In: I1f19e1217f7e7da37b3dd3b511d4859d77ec7bad
Change-Id: I1f19e1217f7e7da37b3dd3b511d4859d77ec7bad
Allow a list of configs to be sent for enterprise slice
Allow device owner to set enterprise slice config
Allow enterprise apn to be configured by profile owner
Bug: 217365439
Bug: 222723840
Test: ran CTS tests
Merged-In: I82c159843d0806cbfc5eea602fbd0304e7ff04ac
Change-Id: I82c159843d0806cbfc5eea602fbd0304e7ff04ac
The interface a ParcelableHolder is in determines its stability,
and it shouldn't change based on what is sent.
Bug: 215458170
Test: aidl_integration_test
Change-Id: I40239e14e59b3998ac19d140453eb29a298cdb76
Revert "Disable pointer authentication in app processes."
Revert submission 1954983-master-I3030c47be9d02a27505bd4775c1982a20755758c
Reason for revert: PAC has shipped with S, and we're going with app compat outreach rather than regressing security.
Reverted Changes:
I3030c47be:Disable pointer authentication in app processes.
I3030c47be:Disable pointer authentication in app processes.
Change-Id: I75c4d2d3cf59aecf99d9c9d37c6750f999e74de8
Some *_ALL constants are exposed in T and they should be mentioned
in documentation. Because there are already defined InDef values
for this kind of constants. Thus, remove the list in the javadoc
and leave these up to the doc tool to list the InDef values.
Bug: 222291452
Test: m doc-comment-check-docs
Change-Id: Ibbaee5389a85bb3d696a518deea0897845553bfa
This patch addresses API review about the naming of
NetworkStatsManager#setUidForeground and it would be
more appropriate to rename it to noteUidForeground.
Bug: 222291301
Test: atest FrameworksNetTests
Change-Id: I952762872850889609c9808aa6e3cdfc04317806
These are processes that are spawned alongside regular app processes.
They have their own UID range, such that they can be properly isolated
from applications.
Add some APIs in Process that allows the system and mainline
modules to verify that a particular UID belongs to a sandbox
process, and to map between the sandbox process and the
corresponding app process.
Bug: 215012578
Test: N/A
Change-Id: I02aaaa1c2bcf9d141ddc97747eb6d7edd52d7b92
Merged-In: I02aaaa1c2bcf9d141ddc97747eb6d7edd52d7b92
* changes:
Stub out some FDE methods in StorageManager
Stop trying to update FDE password from LockSettingsService
Remove clearEncryptionPassword() from LockPatternUtils
Stop trying to get/set fields in FDE footer
For convenience, builds against musl libc currently use the
linux_glibc properties because they are almost always linux-specific
and not glibc-specific. In preparation for removing this hack,
tweak the linux_glibc properties by either moving them to host_linux,
which will apply to linux_glibc, linux_musl and linux_bionic, or
by setting appropriate musl or linux_musl properties. Properties
that must not be repeated while musl uses linux_musl and also still
uses the linux_glibc properties are moved to glibc properties, which
don't apply to musl. Whether these stay as glibc properties or get
moved back to linux_glibc later once the musl hack is removed is TBD.
Bug: 223257095
Test: m checkbuild
Test: m USE_HOST_MUSL=true host-native
Change-Id: I7058c8f1dadd7bbfd7e169bdf0a0441eb6d10ec5
