The new methods are:
- getGrantedUriPermissions(String packageName)
- clearGrantedUriPermissions(String packageName)
These methods will be used by the Settings app to allow users to clear
the URI permissions granted to an application.
BUG: 26447975
Change-Id: I6867402e42b3d6fd03050ec57b73973ccd8a17af
After receiving android.intent.action.REMOTE_BUGREPORT_FINISHED
in newly created RemoteBugreportReceiver, Shell will generate URI
to the bugreport zip file and send the broadcast
android.intent.action.REMOTE_BUGREPORT_DISPATCH.
Bug: 26152603
Change-Id: I058d626e021b488c9347b45467a4e3505134e79c
This permissions is not protecting access to the flashlight.
Anyone can use the latter via CameraManager.setTorchMode().
bug:26383626
Change-Id: I44c6395b5a0f80c1c539cffe61715b29b401a775
Better wrapper around the service that will handle rebinding
when it dies, binding when it becomes available, and forwarding
along all messages to the service once it binds.
Also better handling of too many services at a time. Will only
ever bind to at most 3 tiles and will manage which ones are most
important to show based on pending clicks, last update, etc.
Change-Id: I5f4da0bc751f7eb25baa32e5c0bb9f1bc418f5bb
Permission protection level changed from signature|system,
which is deprecated to signature|privileged.
Change-Id: I697723221617f8c12255d6911d34cd1bf96eff8b
Signed-off-by: Yury Zhauniarovich <y.zhalnerovich@gmail.com>
Add APIs for an ephemeral app to set a cookie which is a small
peice of data cached longer than the app itself. This is useful
for avoiding the user to login every time they use the ephemeral
app. The cookie is stored after an ephemeral app is uninstalled.
Normal apps or ephemeral apps upgraded to full apps can also use
these APIs with the difference that once they are uninstalled
the cookie is deleted.
The cookie size defaults to 16KB and is configurable by a global
settings which can be adjusted via gservices. Also eviction policy
is time based with a default of one month and is configurable by
a global setting which can be adjusted via gservices. If the cert
of the app cahnges (when ephemeral is installed, uninstalled and
installed again) the cooke is wiped to prevent data leaks.
This cahange also adds an API for apps to know whether they run in
an ephemeral mode since it this mode some APIs will not be available.
Another API exposed by this change is private for the system and
exposes all ephemeral apps - installed and uninstalled. Only the
system can call this API. When an ephemeral app is uninstalled the
system stores its name, icon, and permissions. When the app is
reinstalled or a full version is installed the permissions are
propagated.
Change-Id: Id4a73a7750bfbabda0bfcb9bf9018d2062e94367
When the system sends broadcast intents, it's in a very authoritative
position, and many apps blindly trust the sender. This is why we've
historically had the concept of "protected broadcasts" which can only
be sent by the system.
However, it's far too easy to send new broadcasts from the system
without adding them to the protected list. This CL adds logic to help
catch those cases. Currently it just logs the error and continues
sending the broadcast.
Based on boot analysis of a typical device, add 36 new protected
broadcasts.
Bug: 24571095
Change-Id: Ie2cc6b0b2026e67c64730af897e4eb3e0e8404f1
Quiet mode means the user will be free from visual and audio interruptions
from apps inside the managed profile, including notifications, widgets and
others. This CL adds the underlying state bit to users and exposes various
APIs to control and query the quiet mode state.
Bug: 22541941
Change-Id: If5f8e5a897843050e83b6ec26cb39561098f12b9
- add config to lock UI mode change: When this is enabled,
request to change car mode will be ignored. Apps can check
the config using UiModeManager.isUiModeLocked()
- add config to lock day / night mode: When this is enabled,
apps cannot change day / night mode without having
MODIFY_DAY_NIGHT_MODE permission.
Apps can check the config using UiModeManager.isNightModeLocked()
- add config to disable car dock intent launch for home key
and mode change
- All new configs have default values which keeps the current behavior.
Car products should override the configs to get desirable behavior.
bug: 22700993
Change-Id: Ic0e58f3428151e0b1c19a2e9a7d6ded32ff962a6
This API allows a single assistant on the device to help the
user manage their notification stream by taking actions on
individual notifications:
- modifying their priority up or down when they are posted
- possibly changing if and how the notification interrupts the user
- adding annotations under notifications
Bug: 22455414
Change-Id: Idf47972bb71c83f1dc1c9ec68a6fa92ac4fc522f
The body of {@code} must not be HTML escaped. This is one of
several changes that fix the source in conjunction with a
doclava fix.
Bug: 25757239
Change-Id: Ib38a0fa2dd2a3d68e467f78a812071e763d7e881
We achieve the removal by notifying System UI about the visibility of
the dock divider. This way System UI can change visibility of the root
view, which in turn will cause the WMS to destroy or create the surface
as necessary.
Bug: 25844096
Bug: 25683717
Change-Id: Idbc33368db697a059af49106dfadb80c3d7d06c1
Make the following broadcasts protected:
android.intent.action.PRE_BOOT_COMPLETED
android.intent.action.USER_INITIALIZE
Bug: 25022002
Change-Id: Ic36e29c51b930e4d7367688ab837c6a40d74ec23
Standard launcher can be uninstalled for system user. A low priority
placeholder home activity is used to make sure the system can always
boot. By default the component is disabled for all users, and is only enabled
for the system user at boot time.
Bug: 25726710
Change-Id: I97eed02c9e2bbd69a737cc1d203110bed837b803
It is a little bit limited right now, but it contains
the lifecycle of a tile getting added/removed, and
listening/not listening and clicks.
SysUI side will need some cleanup later on.
Change-Id: I4db803c8a271f8bf44f2ef710517969a84a95cf0
- add config to lock UI mode change: When this is enabled,
request to change car mode will be ignored. Apps can check
the config using UiModeManager.isUiModeLocked()
- add config to lock day / night mode: When this is enabled,
apps cannot change day / night mode without having
MODIFY_DAY_NIGHT_MODE permission.
Apps can check the config using UiModeManager.isNightModeLocked()
- add config to disable car dock intent launch for home key
and mode change
- All new configs have default values which keeps the current behavior.
Car products should override the configs to get desirable behavior.
bug: 22700993
Change-Id: I351fc53163575d2f523c2d6e886befdb69a5a0c6
Add granular StorageManager APIs for key creation/destruction and
unlocking/locking. Start passing through an opaque token as part
of the unlock command, but leave it empty for now. We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.
Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE. Wire
a command to "sm", but persisting will come later.
Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model. Small tweaks to handle non-encryptionAware voice interaction
services. Switch PackageManager to consult StorageManager about the
unlocked state of a user.
Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
This is a partial revert of http://ag/738523 , but not a full
revert because M apps that have gone through the WRITE_SETTINGS
route to obtain permission to change network state should
continue to have permission to do so.
Specifically:
1. Change the protection level of CHANGE_NETWORK_STATE back from
"signature|preinstalled|appop|pre23" to "normal". This allows
apps that declare CHANGE_NETWORK_STATE in their manifest to
acquire it, even if they target the M SDK or above.
2. Change the ConnectivityManager permission checks so that they
first check CHANGE_NETWORK_STATE, and then ask Settings
if the app has the WRITE_SETTINGS runtime permission.
3. Slightly simplify the code in the Settings provider code that
deals specifically with the ability to change network state.
4. Make the ConnectivityService permissions checks use the
ConnectivityManager code to avoid code duplication.
5. Update the ConnectivityManager public Javadoc to list both
CHANGE_NETWORK_STATE and WRITE_SETTINGS.
Bug: 21588539
Bug: 23597341
Change-Id: Ic06a26517c95f9ad94183f6d126fd0de45de346e
