At least one of these was getting spoofed in the wild.
We don't want to go too far this late in the game, but this is a good start.
bug:7622253
(cherry picked from commit 47918ae3b4e7ebb54711884e9ff9d0300591ab8b)
Conflicts:
core/res/AndroidManifest.xml
Change-Id: I118b31489fe7add5b8d69289cab9f4e8ab269495
At least one of these was getting spoofed in the wild.
We don't want to go too far this late in the game, but this is a good start.
bug:7622253
Change-Id: Id8ec2778b15fe001e6fd0d5a010181bb21c52ad8
Also, remove ability to filter widgets by feature
in appwidget picker in anticipation of api change
Change-Id: I325de0b98f03d3a250758d504229ea27794b5330
Create a BLUETOOTH_STACK permission to share between all users of
Bluetooth apk. Bluetooth Manager binds to apk of current user
bug 6925422
Change-Id: I2df5546e977c2d77bc66d97d12479d933826922a
Issue #7211769: Crash dialog from background user has non-working "report"
The report button now launches the issue reporter for the correct user.
Also for crashes on background users, either disable the report button,
or simply don't show the dialog depending on the build config.
Issue #7244492: Bugreport button in Quick Settings doesn't actually do anything
Now they do.
Issue #7226656: second user seeing primary user's apps
I haven't had any success at reproducing this. I have tried to tighten up
the path where we create the user to ensure nothing could cause the
user's applications to be accessed before the user it fully created and thus
make them installed... but I can't convince myself that is the actual problem.
Also tightened up the user switch code to use forground broadcasts for all
of the updates about the switch (since this is really a foreground operation),
added a facility to have BOOT_COMPELTED broadcasts not get launched for
secondary users and use that on a few key system receivers, fixed some debug
output.
Change-Id: Iadf8f8e4878a86def2e495e9d0dc40c4fb347021
Contacts app uses a custom account picker which calls the system account picker
when an account needs to be added. The system accout picker invokes choose
accout type dialog which overlays over the system acccount picker. Because these
two dialog boxes use different themes, he one behind is wider than the one in
foreground and ends up looking like a thin black strip protruding from the two
sides.
Bug: 6980517
Change-Id: Ia8b23767d995dcbe1a58087cb4bfbee140c2c744
1. This change adds a global gesture for enabling accessibility.
To enable this gesture the user has to allow it from the
accessibility settings or use the setup wizard to enable
accessibility. When the global gesture is enabled the user
can long press on power to bring the global actions dialog
and then hold with two fingers for a few seconds to enable
accessibility. The appropriate feedback is also provided.
2. The global gesture is writing directly into the settings for
the current user if performed when the keyguard is not on. If
the keygaurd is on and the current user has no accessibility
enabled, the gesture will temporary enable accessibility
for the current user, i.e. no settings are changed, to allow
the blind user to log into his account. As soon as a user
switch happens the new user settings are inherited. If no
user change happens after temporary enabling accessibility
the temporary changes will be undone when the keyguard goes
away and the device will works as expected by the current user.
bug:6171929
3. The initialization code for the owner was not executed due
to a redundant check, thus putting the accessibility layer in
an inconsistent state which breaks pretty much everything.
bug:7240414
Change-Id: Ie7d7aba80f5867b7f88d5893b848b53fb02a7537
Dream manager now fires broadcast intents when entering + exiting
dreamland (except when testing).
Power manager can now listen for dreams ending, using polling only
as a backstop.
Also:
- Bullet-proof dream-manager/dream against known failure modes
- Add new read/write dream permissions
- Refactor dream-manager to delegate work + state management into
a new DreamController class, via a handler
Bug:6999949
Bug:7152024
Change-Id: I986bb7812209d8c95ae1d660a5eee5998a7b08b1
7173152 API REVIEW: android.content.pm.PackageUserState
7172969 API REVIEW: android.app.PendingIntent
7172730 API REVIEW: android.content.Context
7172726 API REVIEW: android.manifest.permission
Change-Id: Iad470256d3b5ca5596487f6a699ec1871457c3b5
- New "cost money" flag can be put on a permission to
have this emphasized in the UI.
- Some further re-organization of permissions to better
match UX spec.
Change-Id: I450ac739eff6b90e7c7fc39589d68db82b61f897
- New public APIs to find out when a user goes to the foreground,
background, and is first initializing.
- New activity manager callback to be involved in the user switch
process, allowing other services to let it know when it is safe
to stop freezing the screen.
- Wallpaper service now implements this to handle its user switch,
telling the activity manager when it is done. (Currently this is
only handling the old wallpaper going away, we need a little more
work to correctly wait for the new wallpaper to get added.)
- Lock screen now implements the callback to do its user switch. It
also now locks itself when this happens, instead of relying on
some other entity making sure it is locked.
- Pre-boot broadcasts now go to all users.
- WallpaperManager now has an API to find out if a named wallpaper is
in use by any users.
Change-Id: I27877aef1d82126c0a1428c3d1861619ee5f8653
* changes:
DO NOT MERGE Push event logging down into libcore.EventLogger
DO NOT MERGE Added event logging for config installation failures.
DO NOT MERGE Create intermediate directories when installing config data.
DO NOT MERGE Add components for the Android Config Updater to system server.
This adds the necessary bits to verify and install configuration
updates using system server. It also includes the cert pinning
updater as the first user.
Change-Id: I42307f58074157b33b6e01216aab10022340d449
The window manager now has a facility to provide a full-screen
animation, which the activity manager uses every time a user
switch happens.
The current animation is just a simple dumb slide until we get
a design from UX.
Also some cleanup: moved the portrait task animations to the
default config so we always have an animation for them, and finally
got the java symbol stuff out of public.xml.
Change-Id: I726f77422b2ef5f2d98f961f8da003e045f0ebe8
The API is quite simple. There are a few extra functions
on DisplayManager to scan, connect and disconnect from
wifi displays and get status, and a single protected
broadcast sent when the status changes.
Change-Id: Ic91dbab5ee818e790b27fa32e1a1e93788793be0
This change is the initial check in of the screen magnification
feature. This feature enables magnification of the screen via
global gestures (assuming it has been enabled from settings)
to allow a low vision user to efficiently use an Android device.
Interaction model:
1. Triple tap toggles permanent screen magnification which is magnifying
the area around the location of the triple tap. One can think of the
location of the triple tap as the center of the magnified viewport.
For example, a triple tap when not magnified would magnify the screen
and leave it in a magnified state. A triple tapping when magnified would
clear magnification and leave the screen in a not magnified state.
2. Triple tap and hold would magnify the screen if not magnified and enable
viewport dragging mode until the finger goes up. One can think of this
mode as a way to move the magnified viewport since the area around the
moving finger will be magnified to fit the screen. For example, if the
screen was not magnified and the user triple taps and holds the screen
would magnify and the viewport will follow the user's finger. When the
finger goes up the screen will clear zoom out. If the same user interaction
is performed when the screen is magnified, the viewport movement will
be the same but when the finger goes up the screen will stay magnified.
In other words, the initial magnified state is sticky.
3. Pinching with any number of additional fingers when viewport dragging
is enabled, i.e. the user triple tapped and holds, would adjust the
magnification scale which will become the current default magnification
scale. The next time the user magnifies the same magnification scale
would be used.
4. When in a permanent magnified state the user can use two or more fingers
to pan the viewport. Note that in this mode the content is panned as
opposed to the viewport dragging mode in which the viewport is moved.
5. When in a permanent magnified state the user can use three or more
fingers to change the magnification scale which will become the current
default magnification scale. The next time the user magnifies the same
magnification scale would be used.
6. The magnification scale will be persisted in settings and in the cloud.
Note: Since two fingers are used to pan the content in a permanently magnified
state no other two finger gestures in touch exploration or applications
will work unless the uses zooms out to normal state where all gestures
works as expected. This is an intentional tradeoff to allow efficient
panning since in a permanently magnified state this would be the dominant
action to be performed.
Design:
1. The window manager exposes APIs for setting accessibility transformation
which is a scale and offsets for X and Y axis. The window manager queries
the window policy for which windows will not be magnified. For example,
the IME windows and the navigation bar are not magnified including windows
that are attached to them.
2. The accessibility features such a screen magnification and touch
exploration are now impemented as a sequence of transformations on the
event stream. The accessibility manager service may request each
of these features or both. The behavior of the features is not changed
based on the fact that another one is enabled.
3. The screen magnifier keeps a viewport of the content that is magnified
which is surrounded by a glow in a magnified state. Interactions outside
of the viewport are delegated directly to the application without
interpretation. For example, a triple tap on the letter 'a' of the IME
would type three letters instead of toggling magnified state. The viewport
is updated on screen rotation and on window transitions. For example,
when the IME pops up the viewport shrinks.
4. The glow around the viewport is implemented as a special type of window
that does not take input focus, cannot be touched, is laid out in the
screen coordiates with width and height matching these of the screen.
When the magnified region changes the root view of the window draws the
hightlight but the size of the window does not change - unless a rotation
happens. All changes in the viewport size or showing or hiding it are
animated.
5. The viewport is encapsulated in a class that knows how to show,
hide, and resize the viewport - potentially animating that.
This class uses the new animation framework for animations.
6. The magnification is handled by a magnification controller that
keeps track of the current trnasformation to be applied to the screen
content and the desired such. If these two are not the same it is
responsibility of the magnification controller to reconcile them by
potentially animating the transition from one to the other.
7. A dipslay content observer wathces for winodw transitions, screen
rotations, and when a rectange on the screen has been reqeusted. This
class is responsible for handling interesting state changes such
as changing the viewport bounds on IME pop up or screen rotation,
panning the content to make a requested rectangle visible on the
screen, etc.
8. To implement viewport updates the window manger was updated with APIs
to watch for window transitions and when a rectangle has been requested
on the screen. These APIs are protected by a signature level permission.
Also a parcelable and poolable window info class has been added with
APIs for getting the window info given the window token. This enables
getting some useful information about a window. There APIs are also
signature protected.
bug:6795382
Change-Id: Iec93da8bf6376beebbd4f5167ab7723dc7d9bd00
Send the Intent.ACTION_PACKAGE_VERIFIED to all verifiers when
verification is complete (either one verifier verified the package or a
timeout occurred). Details of what occurred is in a new extra,
PackageManager.EXTRA_VERIFICATION_RESULT.
Bug: 7048930
Change-Id: I4f9855a29b0eb6d77f469891402c69e2e8922945
System services holding this permission have external storage bound
one level higher, giving them access to all users' files.
Bug: 7003520
Change-Id: Ib2bcb8455740c713ebd01f71c9a2b89b4e642832
The activity manager now keeps track of which users are running.
Initially, only user 0 is running.
When you switch to another user, that user is started so it is
running. It is only at this point that BOOT_COMPLETED is sent
for that user and it is allowed to execute anything.
You can stop any user except user 0, which brings it back to the
same state as when you first boot the device. This is also used
to be able to more cleaning delete a user, by first stopping it
before removing its data.
There is a new broadcast ACTION_USER_STOPPED sent when a user is
stopped; system services need to handle this like they currently
handle ACTION_PACKAGE_RESTARTED when individual packages are
restarted.
Change-Id: I89adbd7cbaf4a0bb72ea201385f93477f40a4119
Ensure that only applications with
android.Manifest.permission.PACKAGE_VERIFICATION_AGENT can call application
verification APIs, like PackageManager.verifyPendingInstall and
PackageManager.extendVerificationTimeout
Bug: 7049083
Change-Id: I5fc28b37e864d67cd319a1ed9d03a90dd15ad052
Use AtomicFile for usermanager files.
Added a MANAGE_USERS permission that apps (signature permission) can use
to create/query/modify/remove users.
Change-Id: I5cf232232d0539e7508df8ec9b216e29c2351cd9
- Expose the existing Context.sendBroadcast() as
Context.sendBroadcastAsUser().
- Add new android:singleUser attribute for services.
- Add new INTERACT_ACROSS_USERS_FULL permission for full
system-level access to cross-user interface (allows
sendBroadcastAsUser() to send to any receiver).
- Add new INTERACT_ACROSS_USERS_FULL permission for
more restricted cross-user interaction: this is required
for android:singleUser, and allows you to use
sendBroadcastAsUser() but only to send to your own
receivers.
Change-Id: I0de88f6718e9505f4de72e3f45d29c0f503b76e9
The activity notification is received from netd, an intent
DATA_ACTIVITY_CHANGE is then raised for other part of the system to
consume.
Change-Id: Idfcc4763c51c5b314c57f546c12557082f06bebf
1. The window manager was not notifying a window when the latter
has been moved. This was causing incorrect coordinates of the
nodes reported to accessibility services. To workaround that
we have carried the correct window location when making a
call from the accessibility layer into a window. Now the
window manager notifies the window when it is moved and the
workaround is no longer needed. This change takes it out.
2. The left and right in the attach info were not updated properly
after a report that the window has moved.
3. The accessibility manager service was calling directly methods
on the window manager service without going through the interface
of the latter. This leads to unnecessary coupling and in the
long rung increases system complexity and reduces maintability.
bug:6623031
Change-Id: Iacb734b1bf337a47fad02c827ece45bb2f53a79d
Remove volume control and tracking. This will be handled by extensions
to existing audio and media APIs for now.
Tweak/refine other aspects of the API. Pass the router to callbacks for
easier future-proofing. Add group/ungroup callback methods.
Change-Id: Ib69e76e5f46280a9002b545bcf4cbc7b839844ee
Okay this isn't entirely docs. I have un-hidden the new permission
for binding to accessibility services; we were going to go out with
it hidden since it didn't go into factory ROM, but now that we are
doing other things we might as well expose it.
Also changed a log from E to W, since it is not an error.
Change-Id: I9226c95e3b63e12218fe41dc3f4290d9824a9e5c
This is just the initial state tracking. Still to go is
actually triggering Bluetooth A2DP correctly and tracking
process state in the system server.
Change-Id: I33031d52799d6e2d7208910da833831085cc3677
- Added radio buttons to indicate the selected item
- "Add account" is one of the list options instead of a button
- Removed icons
- Added "Cancel" and "OK" buttons
- Use dialog theme
- Omit description text by default
Bug 6505441
Change-Id: I672a11481ee99e183142142bddf8f97b7b149d37
