* No longer support a package name stanza outside of
a signature tag. Package names, by themselves, have
no security associated with them in Android and thus we
should not be allowing or encouraging this
type of policy.
* Allow for nested package name stanzas inside
signature stanzas. There are cases where a finer
distinction needs to be made among apps signed with
the same cert. New code allows a different seinfo
tag to be assigned to the listed package names
signed by the parent cert. When a determination needs
to be made concerning seinfo assignments, the inner
seinfo tag takes precedence over the outer seinfo
labels which are assigned to just the signature.
* Temp structures are now used to parse new policy files
until the entire xml file is parsed and deemed correct,
at which time the temp structures are copied over to the
permanent class structures. This ensures that any structural
errors with the policy will not result in partial loads.
* Valid stanzas look like the following with the inner
package piece being optional.
<signer signature="">
<seinfo value=""/>
<package name="">
<seinfo value=""/>
</package>
<signer>
<default>
<seinfo value=""/>
</default>
Change-Id: Ia204d71211776dcf9b2dcc86ad6d77c4ad39dc25
This is necessary so that the framework can know whether an IPv6
address is likely to be usable (i.e., if it's global scope and
preferred). Also, it will simplify the address notification
methods in INetworkManagementEventObserver, which currently take
the address, the flags, and the scope as separate arguments.
1. Add flags and scope to the class and update the unit test.
Use the IFA_F_* and RT_SCOPE_* constants defined by libcore.
Since most callers don't know about flags and scope, provide
constructors that default the flags to zero and determine the
scope from the address. Addresses notified by the kernel will
have these properly set. Make multicast addresses invalid.
Update the class documentation.
2. Provide an isSameAddressAs() method that compares only the
address and prefix information between two LinkAddress
objects. This is necessary because an interface can't have
two addresses with the same address/prefix but different
flags.
3. Update LinkProperties's addLinkAddress and removeLinkAddress
to identify existing addresses to add/remove using
isSameAddressAs instead of implicit equals(). Specifically:
- If addLinkAddress is called with an address that is already
present, the existing address's flags and scope are updated.
This allows, for example, an address on an interface to go
from preferred to deprecated when it expires, without it
having to be removed and re-added.
- If removeLinkAddress is called with an address that is
present but with different flags, it deletes that address
instead of failing to find a match.
4. Update the INetworkManagementEventObserver address
notification methods to take just a LinkAddress instead of
LinkAddress, flags, and scope. While I'm at it, change the
order of the arguments for consistency with the other
functions in the interface.
Change-Id: Id8fe0f09a7e8f6bee1ea3b52102178b689a9336e
It never worked anyhow, at least in AOSP, as nothing checks that property,
and is pointless now that enforcing mode is set by init.
Change-Id: If05dd49963c5d7081e00039b5e378032bea0939b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Currently address{Updated,Removed} pass in the address as a
string such as "fe80::1/64". Use LinkAddresses instead, since
that's what it is.
This makes the code more robust in the unlikely case that netd
passes in an invalid string. In the future we can move flags and
scope into the LinkAddress itself and simplify the code further.
Bug: 9180552
Change-Id: I66599f9529cf421caa7676fdd0141bb110b8589e
These are sent if the device receives IPv6 Router Advertisements
with DNS server configuration options. Currently, nothing listens
to them; in a future change we will use them as IPv6 DNS servers.
[Cherry-pick of 416740ad4d9132005a71dc0883334e852235a18a]
Bug: 9180552
Change-Id: I05000c0cd3867a68ab390102e8470b6912a9d3aa
Tethering currently inherits from the AIDL interface
INetworkManagementEventObserver, so it has to provide no-op
implementations of all the interface's methods. Inherit from
BaseNetworkObserver and get rid of the no-ops.
[Cherry-pick of f4e90eac87bc31611ddd80c46fc924d35ce66c1c]
Bug: 9180552
Change-Id: I74859b0d77951005651aaaa418185857e40eeedb
Since SurfaceView layers are located below application layers,
SurfaceView is not captured by screenshotApplications()
when the application is running in fullscreen.
Moreover, ws.isFullscreen(dw, dh) returns mostly true
on the devices which do not use the navigation bar.
Change-Id: Ia1036c79054950384a97504714929fd85c8147de
Signed-off-by: Sangkyu Lee <sk82.lee@lge.com>
BatteryStatsImpl can reset its collected data, including
removing a BatteryStatsImpl$Uid$Proc object. If a ProcessRecord
has a direct reference, then the battery stats for a process
will be recorded in an old Proc object and prevent GC, causing
a memory leak.
bug:11087238
Change-Id: I19a9cd9d8361c10446a8ebdd5c0860b56c442209
There is still a flash of black when going to a non-wallpaper activity
from keyguard. This is not a regression from jb-mr2 and any fixes to
clean it up are too risky at this late date.
Fixes (partially) bug 11570753.
Change-Id: I17aaae4ab8be570f7e28276a7b8ac4b8685e7551
Only allow the system ui and settings to connect to a remote display.
To do this, we essentially hide the remote displays from applications
by using the ROUTE_TYPE_REMOTE_DISPLAY then add permission checks
around the operations that connect to them.
As a bonus, this may actually save power on devices since applications
that use MediaRouter will not longer be performing discover on
remote display routes at all.
Bug: 11257292
Change-Id: I9ea8c568df4df5a0f0cf3d0f11b39c87e2110795
It looks like we could add services to the restart list because
they end up left in the process's list of running services after
they have been removed from the main activity list, and we can
trip up on them there when the app is being force stopped.
Change-Id: I79805b67fcf5b593430dc5c856c97927e1a54a57
User removal or eviction inherently races with broadcast delivery. This
patch introduces a latest-possible recheck of the availbility of the
target application before attempting to send it a broadcast.
Once the process has actually been spun up the system is essentially
committed to presenting it as a running application, and there is no
later check of the availability of the app: the failure mode for
continuing to attempt delivery is a crash *in the app process*,
and is user-visible.
We now check the app+userid existence of the intended recipient
just prior to committing to launch its process for receipt, and
if it is no longer available we simply skip that receiver and
continue normally.
Bug 11652784
Bug 11272019
Bug 8263020
Change-Id: Ib19ba2af493250890db7371c1a9f853772db1af0
Bug:11559103
Added a new getCurrentSyncsCopy() that is public. The other version
is needed for internal SSE calls.
Change-Id: I0287f039a6f75abf04b65b85cb30f78353aeef4f
Adding validation for Global Proxy setting before it is
being set.
Proxy is validated at the boot time also to make sure
the value set is valid.
Signed-off-by: Raj Mamadgi <rmamadgi@sta.samsung.com>
bug:11598568
Change-Id: Idff5ae81119d8143da096b5291ecbfbc5875cbd4
