Some of the admin policies are throwing security exceptions in
a managed profile without being documented correctly and others
shouldn't be throwing security exceptions.
Changed setCameraDisabled() to not throw an exception. It now just
prevents work profile apps from using the camera.
Changed wipeData() to allow passing in ERASE_EXTERNAL_STORAGE. In
secondary users/profiles, this is just going to remove the user, so
the flag is harmless.
Updated documentation for setKeyguardDisabledFeatures() and resetPassword()
to indicate that they cannot be called in a managed profile.
Bug: 17987913
Change-Id: I8060be4c2d32bdd4edb46ce543551fabb9c8c983
Apps can end up in priority mode by setting ringer-mode = silent.
Now they can leave priority mode by setting ringer-mode = non-silent.
(normal or vibrate)
Bug: 17884168
Change-Id: I54c853885f4ae9ee618041dd7ac6ab0663fc7b37
Bug 17969135
Use query (instead of rawQuery) and pass in arguments instead of building
the query with a giant string. Add a unit test that fails with the old
code but passes with the new code.
Change-Id: Id04a1db6fb95fcd923e1f36f5ab3b94402590918
See first comment on CL for the doc staging location. Setting up a
redirect for the old page with CL http://ag/566783
Change-Id: Ibd391cb3fe357495ecf3dc70b1edeadee12075f3
When restoring hundreds of apps on low-DPI devices, we end up sending
icon Bitmaps inline in the response instead of splitting into ashmem
regions. To avoid triggering TransactionTooLargeException, switch to
using ParceledListSlice under the hood.
Bug: 17926122
Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9
This is needed to allow the always-on VPN to survive network
switches. In L, network switches are graceful, and in order to
switch to a network, the system first has to validate it using
DNS requests (from netd, running as root) and HTTP requests
(from NetworkMonitor, running inside the system_server).
This should also allow always-on VPN to work on networks like
T-Mobile that use 464xlat, fixing a bug that has been present
since K.
Bug: 9597277
Bug: 17695048
Change-Id: I0daa5707f2139339f9ececde0e73aac3bf23fdc3
Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.
This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.
Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
On modern versions of Android running in AOT mode
FloatMath is slower than Math. Calls to Math.sqrt(),
etc. are replaced by intrinsics which can be as small
as a single CPU opcode.
When running in interpreted mode the new
implementation is unfortunately slower, but I'm
judging this acceptable and likely to be improved
over time. This change saves a small amount of native
code.
Example timings:
Mako AOSP AOT:
Method: Original / New / Direct call to Math
ceil: 596ns / 146.ns / 111ns
sqrt: 694ns / 56ns / 25ns
Mako AOSP interpreted:
Method: Original / New / Direct call to Math
ceil: 1900ns / 2307ns / 1485ns
sqrt: 1998ns / 2603ns / 1788ns
Other calls Mako AOT:
Method: Original / New
cos: 635ns / 270ns
exp: 566ns / 324ns
floor: 604ns / 150ns
hypot: 631ns / 232ns
pow: 936ns / 643ns
sin: 641ns / 299ns
The advice to use Math directly, in preference to
FloatMath, is still good. FloatMath will be deprecated
separately.
Bug: https://code.google.com/p/android/issues/detail?id=36199
Change-Id: I8d1947d88b3c576643138b1df589fb9da7c1ab88
We used to set this from LoadedApk.getClassLoader. This had
the unfortunate side effect of clobbering the threads default
classloader when Context.createPackageContext().getClassLoader()
was called. This happens, for example, to every app that uses
a updatable webview.
bug: 17986934
Change-Id: If2b5938a19f836ea5fe60c94ea53a7125c2098c0
The system should always be using new startActivityAsCaller() when
starting activities on behalf of someone else, to ensure that
security checks are enforced as the original caller.
Bug: 17983737
Change-Id: Ic40816a797cfdb13c0adb48b86ed4ed7d6aae8eb
Requests coming in while the service is still being brought up
were discarded. Changed to queue them so that they can be started
after the initialization is completed.
Bug: 17985588
Change-Id: Ic9d9cd2094b830c80dec54dd5ef6a18159a74dc7
Conflicts:
services/core/java/com/android/server/hdmi/HdmiCecLocalDevicePlayback.java
