In order to allow inclusion of device identifiers in the key attestation
record generated by the profile owner, the platform needs an explicit
signal that it is OK for the profile owner to access those identifiers.
Add a system-privileged method to the DevicePolicyManager that allows
system applications, as well as Managed Provisioning to indicate that the
profile owner may access those identifiers.
In the DevicePolicyManagerService the following has changed:
* The OwnerInfo now contains a flag indicating whether the profile owner
was granted access to the device identifiers or not.
* The permission check for use of the Device ID Attestation flags in
generateKeyPair has been adjusted to allow profile owner (or its
delegate) to use them, if device identifiers access has been granted.
* A couple of utility methods have been added to ease checking of
profile owner presence for a user and whether the profile owner can
access device identifiers.
Additionally, a new adb command has been added to give this grant to an
existing profile owner for testing purposes.
Bug: 111335970
Test: Manual, using TestDPC + ADB command.
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: Additional CTS tests, see cts change in the same topic.
Change-Id: I05f2323d5edacd774cd3ce082ee9c551100f4afd
BatteryStats calculates power usage of the device and various components
(such as apps). This information is used, e.g., in the battery panel of
Settings. We now log it to statsd. It can be used for validating how
good the information displayed in Settings is. In the long-term, it is
likely not ideal for off-device calculations, since that can be
hopefully estimated using statsd's raw data.
Three atoms: one for the total power use, one for the power use of each
uid, and one for each non-uid component. Since they will all likely be
pulled together, StatsCompanionService will provide stale data for
BatteryStats pulls called within a second of a previous BatteryStats
pull.
Also in this cl:
Remove StatsLogEventWrapper.writeDouble. Statsd doesn't support actually
writing doubles into its proto reports, so having this function is
misleading (the data will get to statsd and then be completely ignored).
It's less confusing if we don't pretend it does something.
Change-Id: If80bab8ea938afa4632535bb88ff59879fbe8099
Fixes: 119111972
Test: cts-tradefed run cts-dev -m CtsStatsdHostTestCases -t android.cts.statsd.atom.UidAtomTests#testDeviceCalculatedPowerUse
Test: cts-tradefed run cts-dev -m CtsStatsdHostTestCases -t android.cts.statsd.atom.UidAtomTests#testDeviceCalculatedPowerBlameUid
Test: BatteryStatsHelperTest#testDrainTypesSyncedWithProto
Adding a new permission for managed provisioning to access privileged network
operations.
Bug: 115980767
Test: Compiles
Change-Id: I6375c119a7c5e13f1648803c7da5cebd6830d46c
Per requirement of cross profile calendar feature, CalendarProvider will
need MANAGE_USER to get work profile user, and INTERACT_WITH_USER to
access its work profile equivalent.
Personal CalendarProvider needs to get the corp user ID, so it needs to
call userManager.getUsers() which requires
{@link android.Manifest.permission#MANAGE_USERS} permission.
We'll maintain a whitelist of packages set by DPC that are granted access
to cross profile Uris in CalendarProvider, so random personal apps
won't be able to access those Uris.
Bug: 118456304
Test: manual
Change-Id: I59e4a7f39f9abc69f0dcc7ff03d822b8d44b4dbc
This will be installed in /system/etc/permission when the TZ updater
app is installed.
Bug: 119481876
Test: make
Change-Id: I85a9ac353ee0ed0e30bc1db12a37370445e05527
This creates the PowerManager APIs that allow apps with the
appropriate permissions to interact with Dynamic Power Saver.
Bug: 111450127
Test: WIP
Change-Id: I5b9483fa0fba81a4ade622b1f3dbaec580b68a67
Previously reverted due to b/72554856, fix for that in topic.
Original commit message:
Security model for moving sharesheet to systemui
ResolverActivity (still in frameworks) now requests a "permission token"
that it hands to a stubbed system ui activity ChooserActivity.
This permission token allows an app (SysUI) with the signed permission
"START_ACTIVITY_AS_CALLER" to call
ActivityManagerService#startActivityAsCaller. Permission tokens are a
one-time use, limited-time offer.
Test: runtest systemui && manual testing
Bug: 69850752
Change-Id: Ia50e21e2f8c6b6d0ed7207625e3b5aef214396bb
Ia5b3f47b73c9feea924373268a4eee142f555091 introduced a bug where the targetSdk for android.permission.ACCESS_FINE_LOCATION and android.permission.ACCESS_COARSE_LOCATION was set to 28 instead of Q (10000).
Test: CtsAppThatRequestsLocationPermission28.apk requests android.permission.ACCESS_COARSE_LOCATION and android.permission.ACCESS_BACKGROUND_LOCATION
Bug: 118882117
Bug: 111411340
Change-Id: I532379aa2c8a173a516d38e1c8568cff5dbaed33
Instead of defining split permissions in Java file, we now move them to XML allowing us define vendor specific split permissions.
Test: Activity recognition is split correctly and auto granted when below split targetSdk.
Bug: 111411340
Change-Id: Ia5b3f47b73c9feea924373268a4eee142f555091
Also remove the "Usb" from the AIDL function since it's not really
related to USB.
Test: make
Bug: 63820489
Change-Id: Ibf23964665a115a5bc835820dcff98aaf7ba610f
Also create a new MANAGE_ACCESSIBILITY permission to
perform the shortcut.
Bug: 116118615
Test: make, activate accessibility shortcut
Change-Id: Ic65a0cdf7393429e14cb98f4fb0734d20069b05a
This intent is used by the Permissions Hub.
We also give PermissionController the GET_APP_OPS_STATS permission.
Bug: 63532550
Test: Used the Permissions Hub.
Change-Id: If1254f67c12fc5052d6ad5ff8260778a7c59dccc
It already has grant to clear data of application, and instant
application is a subset of that.
This permission is needed for correct performing of the test:
`android.appsecurity.cts.InstantCookieHostTest#
testCookieUpdateAndRetrieval`.
Bug: 77849650
Test: run several times in a row (at least two), note that first time
on the fresh DUT the result is always successful:
cts-tradefed run commandAndExit cts-dev \
-m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.InstantCookieHostTest#testCookieUpdateAndRetrieval
Change-Id: I2d6080259e22ebfa40481213238f569e0988d271
Signed-off-by: Sergii Piatakov <sergii.piatakov@globallogic.com>
These two libraries:
android.hidl.base-V1.0-java
android.hidl.manager-V1.0-java
are being removed from BOOT_JARS. This change facilitates linking to them
for libraries or prebuilts in or before P.
Test: atest android.content.pm.AndroidHidlUpdaterTest
Bug: 77307025
Change-Id: Ic0db24cc68d66f5dbfab126ce7e304eec0bfc969
To implement Settings contextual card. We need this permission to
use CardContentProvider in Settings app.
Test: rebuild and flash ROM
Bug: 114521742
Change-Id: If729b2597a458c26c466e87dfa9b4ddc9c3ef948
android.test.* are built with java_sdk_library and api files are added
by running "make update-api".
android.test.base_static is created for allowing to use
android.test.base as a static library.
Bug:77577799
Test: make -j
Test: make checkapi
Test: make checkapi fails with a random change in the txt file
Test: adb shell cmd package list libraries |\
grep android.test.*
And check the android.test.* libraries
Merged-In: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
Change-Id: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
android.test.* are built with java_sdk_library and api files are added
by running "make update-api".
android.test.base_static is created for allowing to use
android.test.base as a static library.
Bug:77577799
Test: make -j
Test: make checkapi
Test: make checkapi fails with a random change in the txt file
Test: adb shell cmd package list libraries |\
grep android.test.*
And check the android.test.* libraries
Change-Id: Ia27612657532e50b077a9c55dbef59ee3ec04b8a
There are some scenarios under which com.android.proxyhandler is
considered by the framework as never being launched (e.g. if a PAC proxy
is added after a long wait time after an upgrade), which makes all of
its network traffic to be blackholed, due to it being subjected to the
fw_standby firewall chain. Given that all of the outgoing packets from
this app are being dropped, whenever Chrome WebView (or most other apps)
uses a PAC proxy for its networking, it is completely unable to initiate
outgoing connections.
This change whitelists com.android.proxyhandler so that this does not
happen.
Bug: 110762695
Test: dumpsys usagestats' | grep proxy
...
package=com.android.proxyhandler u=0 bucket=5 reason=d ... idle=n
Change-Id: I9e4debc876cbdd2f6ba35928faff8c0beca77ae1
DMService has to use restricted network to do some upgrade form
carrier process. So it needs add
CONNECTIVITY_USE_RESTRICTED_NETWORKS permission since Android Q
is limited preinstalled app permissions.
Bug: 19610688
Test: atest frameworks/base/tests/net/java/android/net/
Change-Id: Ie06e73220b61a5bc09e648b49146c2b81707accc
The two components were mostly independant for a long time. Since
I1e80a3f5e63d02b3859ecf74af21ca4c61f96874 the installation flow does
not grant any permissions anymore and the last connection between these
parts was broken.
The new app "com.android.packageinstaller" in
frameworks/base/packages/PackageInstaller will only handle (side load)
package installtion and uninstallation.
The exisiting app will be renamed to "com.android.permissioncontroller"
and only handle permission granting and permission management.
This change does only minimal cleanup cleanup. In particularly it does
not move any files in the old permissions controller. This is to not
disturb other features currently in development.
This change set also updates the make files to install the two apps on
the appropriate devices.
Further the permisson policy xmls need to be updated to point to the
right packages.
Test: Installed + uninstalled packages
Granted permissions + managed permissions
GtsPackageInstallTestCases
GtsNoPermissionTestCases
GtsNoPermissionTestCases25
GtsPackageInstallerTapjackingTestCases
GtsPackageUninstallTestCases
Change-Id: I2d3796b837fc0049e712c82a990907f305c8febf
Since this permission protects system apis, this is required for
instrumentation tests.
Test: atest com.google.android.suspendapps.gts.SuspendPackagesTest
Bug: 79773970
Change-Id: Ib283018c50cc19c3958bd61e2d19befbf2805cc5
javax.obex is built with java_sdk_library and api files are added by
running "make update-api".
Remove java.obex is from platform.xml, since it will be generated
automatically by soong when the library is built with java_sdk_library.
Bug:77577799
Test: make -j
make checkapi
Change-Id: Ib94955e62582ffbdfc7eb88cd0e494c61757c7aa
org.apache.http.legacy is now built using java_sdk_library. Since the
share lib defintion file for the lib is automatically created and
installed, we don't need to have duplicated entry for the lib.
Bug: 77577799
Test: m -j
Test: adb shell cmd package list libraries shows an entry for
org.apache.http.legacy
Merged-In: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
Change-Id: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
(cherry picked from commit 49c0a869550dc6a80f75fb08fd38e11ee84bc33d)
org.apache.http.legacy is now built using java_sdk_library. Since the
share lib defintion file for the lib is automatically created and
installed, we don't need to have duplicated entry for the lib.
Bug: 77577799
Test: m -j
Test: adb shell cmd package list libraries shows an entry for
org.apache.http.legacy
Merged-In: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
Change-Id: I06b356c2ba08abc6c1cece81daf7c1773ed93ed0
(cherry picked from commit 49c0a869550dc6a80f75fb08fd38e11ee84bc33d)
APIs that return package usage data (such as the new StatsManager)
must ensure that callers hold both the PACKAGE_USAGE_STATS permission
and the OP_GET_USAGE_STATS app-op.
Add noteOp() method that can be called from native code.
Also add missing security checks on command interface.
Bug: 77662908, 78121728
Test: builds, boots
Change-Id: Ie0d51e4baaacd9d7d36ba0c587ec91a870b9df17
This is the "Emergency Info" screen available from the lock screen.
It requires the CALL_PRIVILEGED permission in order for it to be able to
place emergency calls. This can occur if a user adds an emergency number
to their emergency contacts.
Test: make checkbuild
Bug: 76086838
Merged-In: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
Change-Id: I2cfc893f8e636790a837e0f71f9f42ea723c8e31
(cherry picked from commit cdc555f4890479813c72a928f67bcbaf0e6847d8)
This is the "Emergency Info" screen available from the lock screen.
It requires the CALL_PRIVILEGED permission in order for it to be able to
place emergency calls. This can occur if a user adds an emergency number
to their emergency contacts.
Test: make checkbuild
Bug: 76086838
Change-Id: I76e8318c5c05bbbbdf02d2c6951f742c3bd67ea6
This means that APKs signed with the platform cert are allowed to use
hidden APIs, even if they are not on the package whitelist, and if they are
not in the system image. It will also allow a number of packages to be
removed from the package whitelist.
Also remove all platform cert signed apps from the package whitelist, as
there is no longer any need for them to be in there.
Bug: 64382372
Test: device boots
Change-Id: Id805419918de51f946c1f592581bab36ae79de83
