We're not actually clearing any files, only deciding how much free
space is available, so we're fine assuming the remote caller has the
permission.
Test: builds, boots
Bug: 37169076
Change-Id: I6cd42f77c43e9d2de40e2b8b937c7f2145f1b869
It already has CLEAR_APP_USER_DATA to clear everything inside app
storage, and clearing cached data is a subset of that.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 36731175
Change-Id: Iefc5be6c80e2562a95424fd6fe413bdb018201a9
Shell needs to have this permission in order for the deviceidle
tempwhitelist shell command to exist.
Bug 34715096
Test: cts-tradefed run cts -m CtsAppTestCases \
-t android.app.cts.ActivityManagerTest#testBackgroundCheckService
Change-Id: Ic1fdd87b6020649705ba0c9349dd00dd096037f3
BluetoothManagerService for some reason leaks the Android's Bluetooth
MAC address via Settings.Secure which is normally readable by all
apps. This lets apps bypass the restriction on access to Bluetooth MAC
address from apps.
This commit fixes the issue by restricting access to bluetooth_address
secure setting (Settings.Secure). Only packages which hold the
android.permission.LOCAL_MAC_ADDRESS permission retain access.
This commit accordingly grants LOCAL_MAC_ADDRESS permission to the
system Shell app because a number of scripts (including Android CTS)
use "adb shell settings get secure bluetooth_address" as a convenient
way to query the device's Bluetooth MAC address over ADB. This is
acceptable because the user of the device can see the Bluetooth MAC
address and thus it's fine for shell to be able to see the address as
well.
Test: See CTS test added in the cts project in this topic.
Test: "adb shell settings get secure bluetooth_address" returns the
Bluetooth MAC address of the Android.
Test: "adb shell settings list secure | grep bluetooth_address"
returns the Bluetooth MAC address of the Android.
Test: Bluetooth works (toggling off/on, pairing, file transfer)
Bug: 33701414
Change-Id: I17b110b96eb3794b25c1661e93d29a7a003e3c9a
The Shell application needs access to change which overlays are
enabled in OverlayManagerService.
Test: Manual: invoke adb exec-out cmd overlay enable some.package.name
when shell is not root (adb unroot on eng builds).
Change-Id: I1849f68e244cfc9b1e13eb0e673dde7be03cba6d
Adds android.permission.BIND_IMS_SERVICE to the permissions
whitelist xml file.
Bug: 34813244
Test: Manual
Change-Id: I7a7ad1a361c9d2dcc51769bc74a436878ad4adc5
Added support for privapp-permissions config element. It allows to explicitly
control what privileged permissions applications should be granted.
Feature is controlled by ro.control_privapp_permissions property.
Possible values:
- 0/false, the feature is completely disabled - signature|privileged
permissions are granted automatically without logging. *Default behavior*
- 1/true, enforce that only whitelisted permissions are granted. Only
devices with ro.control_privapp_permission=1 will pass CTS tests.
Test: Manual
Bug:31008485
Change-Id: I93a8c2782cc72b3953f32c237086d08d82ac0d5b
