As general background, OWNERS files expedite code reviews by helping
code authors quickly find relevant reviewers, and they also ensure
that stakeholders are involved in code changes in their areas.
Some teams under frameworks/base/ have been using OWNERS files
successfully for many years, and we're ready to expand them to cover
more areas. Here's the historical coverage statistics for the last
two years of changes before these new OWNERS changes land:
-- 56% of changes are fully covered by OWNERS
-- 17% of changes are partially covered by OWNERS
-- 25% of changes have no OWNERS coverage
Working closely with team leads, we've now identified clear OWNERS on
a per-package basis, and we're using "include" directives whenever
possible to to simplify future maintenance. With this extensive
effort, we've now improved our coverage as follows:
-- 98% of changes are fully covered by OWNERS
-- 1% of changes are partially covered by OWNERS
-- 1% of changes have no OWNERS coverage
This specific change is automatically generated by a script that
identifies relevant "include" directives.
Bug: 174932174
Test: manual
Exempt-From-Owner-Approval: refactoring with team leads buy-in
Merged-In: I3480ddf2fe7ba3dfb922b459d4da01fa17a2c813
Change-Id: I3480ddf2fe7ba3dfb922b459d4da01fa17a2c813
See build/soong/README.md for more information.
Note: tests/ImfTest/Android.mk causes conflict as it hasn't been yet
ported to internal master. Do it later.
Note: the conversion in the following directories has to be done in the
internal master first because of the conflicts:
* tests/ActivityManagerPerfTests
* tests/AppLaunch
* tests/AppLaunchWear
* tests/BackgroundDexOptServiceIntegrationTests
* tests/Camera2Tests/CameraToo
* tests/Camera2Tests/SmartCamera/SimpleCamera
* tests/Compatibility
* tests/Internal
* tests/RcsTests
* tests/ServiceCrashTest
* tests/UsbTests
Bug: 122332340
Test: treehugger
Change-Id: Ie17590c6a96aee5caa80d38092a3de5c1b6efe8d
The dependencies are unnecessary since bouncycastle, okhttp
and conscrypt are included in the "standard libraries".
Test: build
Bug: 113148576
Change-Id: Ic8d15d911decbdd6391db8c1231b845353586a54
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: I4233b9091d9066c4fa69f3d24aaf367ea500f760
Statically including legacy-android-test leads to duplicate classes
which causes build time problems (with Proguard) and runtime problems on
older SDK versions. This change:
* Stops statically including legacy-android-test.
* Adds compile time dependencies on andoid.test.base, android.test.mock
and android.test.runner where necessary.
* Adds <uses-library android:name="android.test.runner"/> to any
affected package to ensure that the classes that were included by
legacy-android-test are still available at runtime. That also adds a
dependency on android.test.base and android.test.mock.
The following change descriptions were generated automatically and so
may be a little repetitive. They are provided to give the reviewer
enough information to check the comments match what has actually been
changed and check the reasoning behind the changes.
* apct-tests/perftests/core/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CorePerfTests results
in duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CorePerfTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
* core/tests/ConnectivityManagerTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
ConnectivityManagerTest's source depends on its classes and because
of these changes they are no longer present on the compilation
path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ConnectivityManagerTest
results in duplicate classes which leads to build time and compile
time issues.
* core/tests/bandwidthtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
BandwidthTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in BandwidthTests results
in duplicate classes which leads to build time and compile time
issues.
* core/tests/bluetoothtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
BluetoothTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in BluetoothTests results
in duplicate classes which leads to build time and compile time
issues.
* core/tests/hosttests/test-apps/DownloadManagerTestApp/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in DownloadManagerTestApp
results in duplicate classes which leads to build time and compile
time issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
DownloadManagerTestApp's source depends on its classes and because
of these changes they are no longer present on the compilation
path.
* core/tests/hosttests/test-apps/ExternalSharedPerms/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsTestApp results in duplicate classes which leads
to build time and compile time issues.
* core/tests/hosttests/test-apps/ExternalSharedPermsBT/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsBTTestApp results in duplicate classes which
leads to build time and compile time issues.
* core/tests/hosttests/test-apps/ExternalSharedPermsDiffKey/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsDiffKeyTestApp results in duplicate classes
which leads to build time and compile time issues.
* core/tests/hosttests/test-apps/ExternalSharedPermsFL/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsFLTestApp results in duplicate classes which
leads to build time and compile time issues.
* core/tests/notificationtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
NotificationStressTests's source depends on its classes and because
of these changes they are no longer present on the compilation
path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in NotificationStressTests
results in duplicate classes which leads to build time and compile
time issues.
* keystore/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in KeystoreTests results
in duplicate classes which leads to build time and compile time
issues.
* media/mca/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CameraEffectsTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CameraEffectsTests
results in duplicate classes which leads to build time and compile
time issues.
* media/tests/MediaFrameworkTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
mediaframeworktest's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in mediaframeworktest
results in duplicate classes which leads to build time and compile
time issues.
* nfc-extras/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in NfcExtrasTests results
in duplicate classes which leads to build time and compile time
issues.
* packages/CarrierDefaultApp/tests/unit/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CarrierDefaultAppUnitTests's source depends on its classes and
because of these changes they are no longer present on the
compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
CarrierDefaultAppUnitTests results in duplicate classes which leads
to build time and compile time issues.
* packages/ExtServices/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
ExtServicesUnitTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ExtServicesUnitTests
results in duplicate classes which leads to build time and compile
time issues.
* packages/MtpDocumentsProvider/tests/Android.mk
Added 'android.test.base' and 'android.test.mock' to
LOCAL_JAVA_LIBRARIES because MtpDocumentsProviderTests's source
depends on their classes and because of these changes they are no
longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
MtpDocumentsProviderTests results in duplicate classes which leads
to build time and compile time issues.
* packages/SettingsLib/tests/integ/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
SettingsLibTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SettingsLibTests
results in duplicate classes which leads to build time and compile
time issues.
* packages/SettingsProvider/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SettingsProvider
results in duplicate classes which leads to build time and compile
time issues.
* packages/SettingsProvider/AndroidManifest.xml
Add uses-library for android.test.runner because otherwise this
change would change the set of files available to SettingsProvider
at runtime.
* packages/Shell/tests/Android.mk
Added 'android.test.base' and 'android.test.mock' to
LOCAL_JAVA_LIBRARIES because ShellTests's source depends on their
classes and because of these changes they are no longer present on
the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ShellTests results in
duplicate classes which leads to build time and compile time
issues.
* packages/SystemUI/shared/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SystemUISharedLibTests
results in duplicate classes which leads to build time and compile
time issues.
* packages/SystemUI/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SystemUITests results
in duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
SystemUITests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
* packages/WAPPushManager/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
WAPPushManagerTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in WAPPushManagerTests
results in duplicate classes which leads to build time and compile
time issues.
* sax/tests/saxtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
FrameworksSaxTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in FrameworksSaxTests
results in duplicate classes which leads to build time and compile
time issues.
* tests/BrowserPowerTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
BrowserPowerTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in BrowserPowerTests
results in duplicate classes which leads to build time and compile
time issues.
* tests/CanvasCompare/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CanvasCompare's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CanvasCompare results
in duplicate classes which leads to build time and compile time
issues.
* tests/CoreTests/android/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CoreTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CoreTests results in
duplicate classes which leads to build time and compile time
issues.
* tests/DataIdleTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
DataIdleTest's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in DataIdleTest results in
duplicate classes which leads to build time and compile time
issues.
* tests/FrameworkPerf/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
FrameworkPerf's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in FrameworkPerf results
in duplicate classes which leads to build time and compile time
issues.
* tests/HierarchyViewerTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
HierarchyViewerTest's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in HierarchyViewerTest
results in duplicate classes which leads to build time and compile
time issues.
* tests/ImfTest/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
ImfTestTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ImfTestTests results in
duplicate classes which leads to build time and compile time
issues.
* tests/Internal/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in InternalTests results
in duplicate classes which leads to build time and compile time
issues.
* tests/MemoryUsage/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
MemoryUsage's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in MemoryUsage results in
duplicate classes which leads to build time and compile time
issues.
* tests/NetworkSecurityConfigTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
NetworkSecurityConfigTests's source depends on its classes and
because of these changes they are no longer present on the
compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
NetworkSecurityConfigTests results in duplicate classes which leads
to build time and compile time issues.
* tests/SoundTriggerTests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SoundTriggerTests
results in duplicate classes which leads to build time and compile
time issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
SoundTriggerTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
* tests/SurfaceComposition/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SurfaceComposition
results in duplicate classes which leads to build time and compile
time issues.
Added 'android.test.runner.stubs' to LOCAL_JAVA_LIBRARIES because
SurfaceComposition's source depends on its classes and because of
these changes they are no longer present on the compilation path.
* tests/TtsTests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in TtsTests results in
duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
TtsTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
* tests/WindowAnimationJank/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in WindowAnimationJank
results in duplicate classes which leads to build time and compile
time issues.
* tests/permission/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
FrameworkPermissionTests's source depends on its classes and
because of these changes they are no longer present on the
compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
FrameworkPermissionTests results in duplicate classes which leads
to build time and compile time issues.
* tests/testables/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in TestablesTests results
in duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' and 'android.test.mock' to
LOCAL_JAVA_LIBRARIES because TestablesTests's source depends on
their classes and because of these changes they are no longer
present on the compilation path.
Bug: 30188076
Test: make checkbuild
Change-Id: Iacfc939c97415314366ed61c5f3b7aa1a40f0ec9
Privileged applications provide core system functionality and as such a
MiTM in one can put the entire system at risk. These applications should
not be trusting user added CAs by default.
Bug: 65406503
Test: runtest --path framework/base/tests/NetworkSecurityConfigTest
Change-Id: I033258fe1c66ad245d172899df52e9cd02e9ca75
The new attribute allows both ephemeral and non-ephemeral apps to
opt into a new, tighter security model.
Test: Manual; built app w/ targetSandboxVersion and verified the security domain
Change-Id: I8fcaf84e25f0519b438ba51302f79790e680e025
In preparation for removing junit classes from the Android API
the legacy-test target will be removed from the
TARGET_DEFAULT_JAVA_LIBRARIES. This change adds explicit
dependencies on junit and/or legacy-android-test to ensure that
modules will compile properly once it is removed.
Bug: 30188076
Test: make checkbuild
Change-Id: I13e88297731253420e4e5f5291d503f13a39a156
This pruns all the stored trusted issuers so that changes to the system
or user CA store are detected. Currently this is only exposed as a
TestApi, but it can be hooked up to the trusted storage change event
in a future commit.
Bug: 27526668
Change-Id: Ic426254babab9a3177c968bc05b45e95eaac1fdd
Domain entries can contain whitespace (or newlines) which should be
ignored to avoid unexpectedly failing to match a domain.
Bug: 27816377
Change-Id: I3691aa4abd409e7be97ad0cf1eb0195725e1b0ab
An application can specify its debug-overrides in an extra resource with
the same name suffixed with "_debug" (e.g. res/xml/security_config.xml and
res/xml/security_config_debug.xml).
By specifying the debug-overrides in an extra file release builds can
strip out the file (and any certificate resources that the
debug-overrides depend on) to prevent including testing configuration
information in the release build of an application.
Bug: 27418003
Change-Id: Ibfebc376360ca474fc0f9f2fd565faa0cffd9549
Android's security model is such that the applications data is secure by
default unless the application specifically grants access to it.
Application data in transit should have similar security properties.
Bug: 27301579
Change-Id: I72f106aefecccd6edfcc1d3ae10131ad2f69a559
Even if the hostname aware method is called if the hostname is null then
the destination is unknown and the configuration can be ambiguous.
Change-Id: I7cacbd57a42604933fdc882371f143dc0a20902d
This will be used to create a custom conscrypt TrustedCertificateStore
to avoid loading all of the trusted certificates into memory in a
keystore.
Change-Id: Iaf54b691393ecadae6c7ff56b8adc6a2a2923d29
This allows for faster lookups of TrustAnchors when checking pin
overrides without needing to iterate over all certificates.
Currently only the system and user trusted certificate store are
optimized to avoid reading the entire source before doing the trust
anchor lookup, improvements to the resource source will come in a later
commit.
This also refactors System/UserCertificateSource to avoid code
duplication.
Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
Debug overrides are only used if the application is debuggable in
order to help local debugging and development by trusting additional
CAs. In a non-debuggable version of the application the debug-overrides
are ignored.
Trust anchors in the debug override configuration have two key
differences from those in base-config and domain-config:
1) trust anchors in the debug-overrides are trusted for all connections
in addition to any trust anchors included in the relevant base/domain
configs.
2) By default trust anchors in the debug config override pins, as their
purpose is for connecting to non-standard servers for debugging and
testing and those servers should not be pinned in the production
configuration.
Change-Id: I15ee98eae182be0ffaa49b06bc5e1c6c3d22baee
Nested domain-config inherit unset parameters from the domain-config
they are nested in. This helps avoid copy and pasted configs that are
almost the same except a few minor differences for a domain with
slightly different requirements.
For example: Consider a domain-config for example.com that, among other
settings, does not enforce hsts. Now if you want the rules for
example.com to apply to secure.example.com except that hsts _is_
enforced you can make a nested domain-config for secure.example.com
under example.com that sets hstsEnforced="true" and nothing else.
Change-Id: I9e33f7e62127fd7f4f15c3560fff2f2626477bd4
XmlConfigSource parses an ApplicationConfig from an xml resource.
Currently this supports app-wide default configuration via the
base-config element, per domain via the domain-config element and
inheritance of unset properties at parse time.
Inheritance of unset properties is currently only:
domain-config -> base-config -> platform default configuration
Where the most specific value is used.
For example: If the base-config specifies trust anchors, all connections
will use those anchors except for connections to a domain which has a
domain-config that specifies trust anchors, in which case the
domain-config's trust anchors will be used. If the domain-config or
base-config don't set trust anchors, or don't exist, then the platform
default trust anchors will be used.
Nested domain-config entries, debug-overrides, and thorough
documentation of the xml format will follow in later commits.
Change-Id: I1232ff1e8079a81b340bc12e142f0889f6947aa0
The builder supports all the standard builder set* methods as well as
setting a parent builder to use when values are not set (recursively).
This allows us to have a level of inheretence in configurations without
complicating the lookup and trust checking logic by doing inheretence
when building the configs.
Change-Id: I054af83451e52761227479eadf9cb9803437505f
Initial implementation of a unified application wide static
network security configuration.
This currently encompases:
* Trust decisions such as what trust anchors to use as well as static
certificate pinning.
* Policy on what to do with cleartext traffic.
In order to prevent issues due to interplay of various components in an
application and their potentially different security requirements
configuration can be specified at a per-domain granularity in addition
to application wide defaults.
This change contains the internal data structures and trust management
code, hooking these up in application startup will come in a future
commit.
Change-Id: I53ce5ba510a4221d58839e61713262a8f4c6699c
Bob Badour
Jeff Sharkey
Sasha Smundak
Neil Fuller
Anton Hansson
Paul Duffin
Chad Brubaker
Todd Kennedy