- User flow is now similar to requesting access to notification
content, namely prompting the user to visit a settings page
for enabling/disabling apps access.
- New ACTION_NOTIFICATION_POLICY_ACCESS_GRANTED_CHANGED intent
for apps to listen to this state change.
- Removed obsolete request method and associated internal callback
aidl.
- Added new android.permission.ACCESS_NOTIFICATION_POLICY permission
for apps to include as a signal that they want to request this access
(and therefore appear in the list on the settings page).
- Improve javadocs, outline the user flow in NotificationManager#isNotificationPolicyAccessGranted
and link to this method elsewhere.
- NoManService now persists the user-enabled package list across reboots
and does so per-user.
- Rename public settings intent to correspond with the noman api.
Bug: 21621663
Change-Id: I72cbc21cd736e6a157b6be5d1d0ba0b4a8e7ef4e
Previously when a MidiManager client opened a virtual or Bluetooth device,
the client bound directly to the virtual device's MidiDeviceService
or BluetoothMidiDevice's IMidiDeviceServer for the given BluetoothDevice.
Only USB devices were opened in MidiService.
Now opening any type of MIDI device is done via IMidiManager.openDevice() or
IMidiManager.openBluetoothDevice(). MidiService tracks all connnections between
clients and devices.
Services that implement virtual devices must now require android.permission.BIND_MIDI_DEVICE_SERVICE
so only MidiService can bind to these services.
Bug: 21044677
Change-Id: I7172f7b1e0cbfe4a2a87dff376c32dc9b41aa563
API to allow an app to be whitelisted for network and wakelock
access for a short period. So even if the device is in idle
mode, such apps can be given a chance to download the payload
related to a high priority cloud-to-device message.
This API is meant for system apps only.
A new permission CHANGE_DEVICE_IDLE_TEMP_WHITELIST is required
to make this call.
Bug: 21525864
Change-Id: Id7a761a664f21af5d7ff55aa56e8df98d15511ca
Now that *_PROFILE permissions are in the same permission
group as *_CONTACTS, these permissions have no visible
impact on the user. However, they complicate developer's
lives and prevent us from using Context#grantUriRequest().
Bug: 21090207
Change-Id: I31e6ae7b0f49c3589071f6a95f8d69a9456c144d
As a part of the new runtime permissions work we are limiting
the PII apps can access. BT and WiFi MAC addresses are PII and
based on our research there is no valid use case for app dev
to get these addresses aside of user tracking which we are
trying to limit.
bug:21078858
Change-Id: Ib48223b272c0fd4f5c36acc889d4f44df204b309
Replace BIND_CARRIER_MESSAGING_SERVICE and
BIND_CARRIER_CONFIG_SERVICE since we don't really
need one permission for each carrier service type.
Deprecate BIND_CARRIER_MESSAGING_SERVICE since it
already shipped, but remove BIND_CARRIER_CONFIG_SERVICE
since it hasn't.
b/21165906
Change-Id: I716f3f1c98a228afcfee84cf4a48911f0736ce8c
Added an API to pass an open file descriptor of DVB devices and
addressed the security issue of setting the permissions on DVB devices
to 0666.
Bug: 20436120
Change-Id: I4649e76084f3356ec22b7e776fb87c6a8fdc00d6
The access mock location is no longer a runtime permission. It is a
signature protected one that apps cannot get but the fact they request
it means they want to inject location into the system. Now the user
gets to choose the current mock location app in developer options from
the apps that request the mock location permission. The access to mock
location is no longer guarded by the permisson but from a new app op
which is off by default and the settiings UI sets it to enabled only
for the currently selected mock location app.
bug:21078873
Change-Id: I19e3f9dc7c7de82eab46b30fec1abfbca54a0e59
Permissions ACCESS_NETWORK_STATE, INTERNET, NFC, DISABLE_KEYGUARD
do not lead to unrecoverable damage and do not lead to PII leaks,
hence they do not meet the bar to be runtime permissions and we
are lowering their protection level.
bug:21078873
Change-Id: I30c8e742d6a69474171994b65ce070068402ae47
The whitelist is now maintained by DeviceIdleController,
which is moving out into its own independent system service.
Network stats now queries it for the whitelist, instead of
collecting that itself.
Also did a few improvements in alarm manager -- made the
code for moving alarms out of the pending list more robust,
and fixed the debug output to always print the contents of
the pending list even if we aren't in a pending state. (That
would have helped me identify the problem much earlier.)
Change-Id: I0f7119d4c553c3af4d77b2f71246fa6e2c13c561
These system|signature only permissions must be required by
an InCallService and ConnectionService respectively.
Bug: 20304458
Change-Id: I26156afb610a7f549c0a1a7c01c2096928ef33a7
* changes:
Rename removeVideoCallListener to unregisterCallback
Bluetooth document fix: remove reference from open API to hidden entities
Fix build due to merge of 7595842 and renaming due to 8eb87f0
Merge commit '052a0da' into merge2
Merge commit 'db1dbb8' into merge2
Merge commit '7e5e791' into merge2
Merge commit '170102d' into merge2
Merge commit '4cb5d80' into merge2
Merge commit '83cda00' into merge2
Merge commit 'c91bc62' into merge2
Merge commit 'cffc360' into merge2
Merge commit '7f61051' into merge2
Merge commit '167c3a7' into merge2
Merge commit '4467b98' into merge2
Merge commit '25a217c' into merge2
Merge commit '04b18ec' into merge2
Merge commit '7595842' into merge2
Merge commit '2bbd2b6' into merge2
Merge commit '4890351' into merge2
Merge commit 'cd405fe' into merge2
Merge commit '6ddbb5e' into merge2
Merge commit 'de93575' into merge2
Merge commit '9561e74' into merge2
Add am shell command to set and get idle
Add public API to check if an app is idle
Bug: 20534955
Bug: 20493806
Change-Id: Ib48b3fe847c71f05ef3905563f6e903cf060c498
Create the new permission MANAGE_PROFILE_OWNERS to restrict setting
the profile/device owner.
BUG:19838376
Change-Id: Ib55a2db85fcb6f34e3b88c398683bddb0ad66868
Create a DevicePolicyManager API which can be used by OTA subsystem
to tell device owners about pending updates. Device owners will get
a callback from its DeviceAdminReceiver when the update service sends
out such notifications.
Bug: 20213644
Change-Id: Ifcc755655e4f441980cf77d76175a046112ca9ae
A new flag for DPM.resetPassword() method that specifies that the
device should be decrypted without asking for the password or pattern.
Bug 19250601
Related CL in Settings App: https://googleplex-android-review.git.corp.google.com/#/c/670206
Change-Id: I9ca3472dc18e66e618ff772dee16ca4a450e9997
Since the demise of the connectivity change delay,
CONNECTIVITY_ACTION_IMMEDIATE has been sent out back to back with
CONNECTIVITY_ACTION.
Interested parties should watch for CONNECTIVITY_ACTION.
Bug: 20013379
Change-Id: I072dddf95adb3bbd17fa1f7159d4ea848ade8f19
Use the term "SystemUpdate" instead of "OTA", in public
DevicePolicyManager APIs that handle OTA policies.
Bug: 19650524
Change-Id: Iebdaea91337d617147cb411b6f47e0f3fae8671c
Currently only one app can write to the SMS provider and it has to
be set as the default SMS app by the user in the UI. The default
SMS app is set by enabling the write SMS app op for it and keeping
this op off for other SMS apps. Hence, this permission does not
guard anything and can be taken out. The API change is fine as if
an app refers to the permission in the manifest as string it will
be ignored and if it was referred in Java the value is statically
compiled in the source.
Change-Id: I1128c3b034e6c7dda4baa051500ac1ef46a53575
UICC privileged carrier apps will extend CarrierConfigService to provide
carrier-specific configuration. Apps/services will use
CarrierConfigManager to read the current configuration.
CarrierConfigManager also defines the set of configuration variables and
their default values.
Bug: b/19483786
Change-Id: I027211b43276afd6fe893ae50048c52f2aed5cf5
This API allows apps other than the system's CaptivePortalLogin
to handle signing in to captive portals.
bug:19416463
Change-Id: I27fce5856b635233e6ff66396d50ccabedd76cf5
UICC privileged carrier apps will extend CarrierConfigService to provide
carrier-specific configuration. Apps/services will use
CarrierConfigManager to read the current configuration.
CarrierConfigManager also defines the set of configuration variables and
their default values.
Bug: b/19483786
Change-Id: I027211b43276afd6fe893ae50048c52f2aed5cf5
The ACCESS_MOCK_LOCATION permission is gated by a secure setting
toggled in developer options by the user. Hence, there is no need
for getting yet another consent from the user for accessing it.
Change-Id: Ica1a72f587a712d7da7c00cfc4a8ca228064286e
