A few methods are found to be missing protection with system permission.
Add enforceAccessPermission() like other methods.
Bug: 17408780
Change-Id: I58a336b5cc9df2d195bdfe7b928898dde5ff169f
(cherry picked from commit b22d9ee0a364b10d488dd6a2e8ba69d5ca7f6258)
Waits for BOOT_COMPLETED when enabling system trust agents.
This fixes an issue where no agents were discovered because the
packages were not ready after an OTA.
Bug: 18065140
Change-Id: Ibff9948e1536e07f868d6b29f432923a137091e6
Some tests rely on this being dismissible. Additionally it turns out
some users don't like having a hulking great notification follow them
around everywhere.
Bug: 17985258
Change-Id: If05a07b9eaa402a48f9a14647effc1df32c796e1
Updating the accessibility layer behavior to reflect the new
model where accessibility no longer overrides strong encryption.
Now enabling an accessibility service lowers the encryption
level but the user can bump it up in settings if desired.
bug:17881324
Change-Id: Ic60d760c267d3f934040a42e1963b179bd8b9f5f
DPM's method will return false if encrypted by default password,
preventing the changing of encryption password to lockscreen password.
Check if the device is encrypted by some means, instead.
Also fix a SecurityException when Device Admin queries encryption state
(recent regression)
Bug: 17881324
Change-Id: Id897e61c5e254ab3f8dc569285428a73005303ea
Ensure that the callback always sees the current-operation state in sync
with the various other bits of internal backup-operation state. Previously
only the current-operation state was managed inside the critical section;
this resulted in a slim race window where a callback could see an ongoing
operation as still valid, but after the internal state on which that
operation depended had already been cleared.
Bug 17931760
Change-Id: Ia032668e7a9d22f1029c57fc98db9e86484d5719
An app can send an accessibility event by calling the send methods
on view or directly asking the accessibility manager to do that.
While the recommened way to send such events is calling the methods
on view a legacy app or app whose developer did not read the docs
carefully may be calling the accessibility manager APIs directly.
In such a case the event does not have assigned window id and does
not get send. Since events fired by using the accessibility manager
directly lack context to determine whether thier source is important
for accessibility we assume they come from an important view to
avoid breaking backwards compatibility.
bug:18001711
Change-Id: Ie1c298fa5a0670cbeaedfcd64f820961c296b6ca
The restore-session idle timeout should not be ticking while we're
doing legitimate restore work. We now explicitly stop the timeout
ticker [a delayed message on our handler thread] whenever we undertake
a valid restore operation. The timer is already correctly resumed
when restore operations conclude.
(In practice we need to suspend the timeout tracking at exactly those
times when we're entering the wakelock-protected restore flow. The
timeout is reestablished when the wakelock is released; this part
is already in the code.)
Bug 17990544
Change-Id: I7318020ce30fd9c35bc3a644f8c101fd3d063c8b
Under certain circumstances when launching a new activity, the
topmost stack activity is moved to the front even though the
activity is being created in a different task.
This checks if the topmost stack task matches the desired
task and if not, moves the desired task to the top.
Also make activity dump ordering consistent.
Fixes bug 17721767.
Change-Id: I59397f31b629a208f3863887c57d6f6fb1f6e1f3
This fixes a bug introduced by a change where the function
ignores systems with default encryption where it's disabled.
The fix also checks to see if vold thinks the device is secure.
Fixes bug 17881324
Change-Id: I2c40f76cf990d90d1a825955aa3b080b21684426
Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
Apps can end up in priority mode by setting ringer-mode = silent.
Now they can leave priority mode by setting ringer-mode = non-silent.
(normal or vibrate)
Bug: 17884168
Change-Id: I54c853885f4ae9ee618041dd7ac6ab0663fc7b37
When restoring hundreds of apps on low-DPI devices, we end up sending
icon Bitmaps inline in the response instead of splitting into ashmem
regions. To avoid triggering TransactionTooLargeException, switch to
using ParceledListSlice under the hood.
Bug: 17926122
Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9
This is needed to allow the always-on VPN to survive network
switches. In L, network switches are graceful, and in order to
switch to a network, the system first has to validate it using
DNS requests (from netd, running as root) and HTTP requests
(from NetworkMonitor, running inside the system_server).
This should also allow always-on VPN to work on networks like
T-Mobile that use 464xlat, fixing a bug that has been present
since K.
Bug: 9597277
Bug: 17695048
Change-Id: I0daa5707f2139339f9ececde0e73aac3bf23fdc3
Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.
This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.
Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
The system should always be using new startActivityAsCaller() when
starting activities on behalf of someone else, to ensure that
security checks are enforced as the original caller.
Bug: 17983737
Change-Id: Ic40816a797cfdb13c0adb48b86ed4ed7d6aae8eb
Requests coming in while the service is still being brought up
were discarded. Changed to queue them so that they can be started
after the initialization is completed.
Bug: 17985588
Change-Id: Ic9d9cd2094b830c80dec54dd5ef6a18159a74dc7
Conflicts:
services/core/java/com/android/server/hdmi/HdmiCecLocalDevicePlayback.java
It is possible that the device does not have an owner. If there
is no owner we get a NPE when asking the device policy manager
for cross-profile widget providers.
bug:17989189
Change-Id: I5759f2dec160ed8076ab47fdf09134f78c57458d
This is a squashed commit of the following changes:
1. Order apps by priority when performing boot dexopt.
(cherry picked from commit 65cde7d42d741c7d9aa2714a397b7333f688ab55)
2. Improve priority ordering of apps when performing boot dexopt.
Added core apps and updated system apps.
(cherry picked from commit 272bf3a274daff62995caf05da338c1f2a73dae3)
3. Stop boot dexopt when low on memory.
(cherry picked from commit 1d892dcb6b0ff3a50cc63e387667dc29baf1014f)
Bug: 17641843
Change-Id: Ie32f1c21047d3462aaf728f7633fecf647ba2b47
...handler for its Intents
Fix bug when a third party app is installed as an additional but
worse match for the intent.
Also raise up the limit for when we start printing logs about
overly large strict mode data.
And turn off the logs about services being created and destroyed,
since with the way things are using services these days these have
become way too spammy.
Change-Id: I8fe301dfd80fb4b70213cb7783b7c5426245278d
...even in extreme low memory condition
Bind to Bluetooth with BIND_IMPORTANT, so that it is allowed to
go to a higher oom adj level.
Fix some problems when this is done from a system or persistent
process, where this would go to a level that is *too* high. Instead,
introduce a new oom adj level for it that is right below persistent.
Change-Id: I002bcc4accc36c8579c4cda161be7d2fba21ba17
This is a follow up CL for I2237ded850a0d4ab43ca441d0b7df1.
Seems that we still need to update config settings every
time when "Show input method" is changed.
BUG: 17666032
Change-Id: I480aeaa038bef9c3c20e8f0b36110e92a35809db
- Add docs to Binder, Messenger, ResultReceier to explain their
relation (or lack there-of) to process lifecycle.
- Clarify some aspects of process lifecycle for services.
- Fix help text of am command.
- Fix per-package dumping of battery stats to not include history.
- Fix per-package dumping of proc stats to only include aggregated
and current stats and fix some formatting.
- Fix per-process dumping of meminfo to have an option to interpret
the input as a package, so including all processes that are
running code of that package.
- Fix top-level per-package debug output to correctly include all
of these improvements and give them a little more time (10s) to
complete for timing out.
Change-Id: I2a04c0f862bd47b08329443d722345a13ad9b6e2
