| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Bug: 151394215
Test: Manual
Change-Id: I344d4778d2f423b4b2b5be4adfdad0edbe5b8ef9
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Annotation processor seens annotation args with constants already inlined,
making it challenging to compare to the souce-generated metadata that contains
initial expressions.
For now just ignoring args for all non-DataClass annotations to prevent false positives
Test: . frameworks/base/tests/Codegen/runTest.sh
Exempt-From-Owner-Approval: changing metadata on multiple files
Change-Id: I640816ae0f20f36b1b828bc2161f53788c4a4dae
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the core functionality this changes everything including aidl's and
field names:
- Context
- ContentProvider
- AppOps*
- Package parsing
For the rest, this is a shallow change to only change to the changed
APIs. This keeps the change small-ish
Exempt-From-Owner-Approval: Rename
Fixes: 148792795
Test: TH
Change-Id: I2a2245fe76e09e62cb13d5785d2efb4a304ba54a
|
| |
|
|
|
|
|
|
| |
and annotate time values used by this area of code correctly.
Fixes: 150699068
Test: Only renames
Change-Id: Ibd5b08900d6855603e7ce59048587d391a5c5410
|
| |
|
|
|
|
| |
Bug: 146513245
Test: presubmit
Change-Id: I6f901b7e5dfe64840e7c3c0ee444730ac6eb4cfc
|
| |
|
|
|
|
|
|
|
|
| |
This change includes an AppOp that will be used to grant access to telephony call audio (RX and TX) to the default dialer application (assigned to the Dialer role).
A new permission was created so only apps that also require this permission will be granted. It will also be used to keep track of usage (audit).
Test: Compilation and manual verification
Bug: 135197853
Change-Id: I5d042f667ca5fe64f8048b8aff7b98f51b3c1500
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: 148374455
Test: Manual
Test: Create three packages; 1) only request PACKAGE_USAGE_STATS, 2) only request LOADER_USAGE_STATS, 3) request both
Test: Go to Settings -> Apps & Notifications -> Special app access
Test: See that there is only a single entry for "Usage access"
Test: Under "Usage access", see all three test apps appear
Test: Disable access for each application and verify that only the appop for the declared permisson is flipped using
Test: adb shell cmd appops get <<PACKAGE_NAME>>
Test: atest CtsPermission2TestCases
Change-Id: I7741a703fd4494832347e51e113adf974cc31d2b
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a new appop, ACTIVATE_PLATFORM_VPN, that is a
subset of the ACTIVATE_VPN appop. VPN apps that have been granted the
more dangerous ACTIVATE_VPN appop should be allowed to use platform
VPNs, as they are more restricted, and safer. However, the opposite
must not be true.
Bug: 144246835
Test: Compiles, FrameworksNetTests passing
Change-Id: I609e87e688432f957751058b09f350fa641753d7
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, removes the 'privileged' protection level from the INTERACT_ACROSS_PROFILES permission and replaces it with 'appop'. 'Wellbeing' is also added temporarily, which will also be removed in this release.
This is part of a change to enable users to consent to cross profile app communications
BUG: 136249261
BUG: 144577776
BUG: 141690885
Test: atest AppOpsTest
Test: atest PermissionPolicyTest
Change-Id: I910daf7605f83946af171f38db002b920079f30b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces the overhead of collecting noted app-ops to the same amount
of binder calls as if we would not have the feature
Before (conceptionally):
---------------------------------
mode = service.noteOp()
if (mode == allowed && shouldCollectAsyncOp) {
fixup(message)
service.noteAsyncOp()
}
----------------------------------
After (conceptionally):
----------------------------------
if (shouldCollectAsyncOp) {
fixup(message)
}
mode = service.noteOp(shouldCollectAsyncOp, message)
----------------------------------
Bug: 136505050
Test: atest CtsAppOpsTestCases
Change-Id: If1b535a7c4b0f431f251c5d06cdf496c34920e23
|
| |
|
|
|
|
| |
Test: Booted
Bug: 136219229
Change-Id: I52abec0b7ae08b8bc3e22f875c92cfa8f275ece5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently only used by app-ops, but can be used by other modules too.
AppOps will collect app-ops based on feature. Only the most basic
parts of app-ops are supporting features yet. The rest will be added
later.
Test: atest CtsAppOpsTestCases
atest RunSettingsLibRoboTests
atest com.android.server.wm.ActivityStarterTests
m -j doc-comment-check-docs
Bug: 136595429
Change-Id: Ia664f4ff1c1c2ceea721d76dc491ec50c237e9ce
|
| |
|
|
|
|
| |
Test: . frameworks/base/tests/Codegen/runTest.sh
Fixes: 142783758
Change-Id: I7303d420efd59389c324b3e399fcb3532b5d6c37
|
| |
|
|
|
|
|
|
|
|
|
|
| |
And also pre-grant it to all apps that currently get any storage
permission pre-granted
cherry-pick for qt-qpr1-dev Ib9f50d25c002036f13cf2d42fc4d1b214f20920c
Test: - straight cherry-pick
- atest SplitPermissionTest
Bug: 141048840,140961754
Change-Id: Ia2219639a2104965a382ffef647e5ebaa0f9d540
|
|
|
If private user data is send to an app the data provider should note an
app-op. This change adds a new API AppOpsManager#setNotedAppOpsCollector
that allows an app to get notified every time such an private data access
happens.
This will allow apps to monitor their own private data usage. Esp. with
big, old apps, distributed teams or 3rd party libraries it might not always
be clear what subsystems access private data.
There are three different situations how private data can be accessed and
an app op is noted:
1. Private data access inside a two-way binder call.
E.g. LocationManager#getLastKnownLocation. When we start a two way
binder transaction, we remember the calling uid via
AppOpsManager#collectNotedAppOps. Then when the data providing code
calls AppOpsManager#noteOp->AppOpsManager#markAppOpNoted the noted
app-op is remembered in
AppOpsManager#sAppOpsNotedInThisBinderTransaction. Then when returning
from the binder call, we add the list of noted app-ops to the
reply-parcel via AppOpsManager#prefixParcelWithAppOpsIfNeeded. On the
calling side we check if there were any app-ops noted in
AppOpsManager#readAndLogNotedAppops and then call the collector while
still in the binder code. This allows the collector e.g. collect a stack
trace which can be used to figure out what app code caused the
private data access.
2. Very complex apps might do permissions checks internal to themself.
I.e. an app notes an op for itself. We detect this case in
AppOpsManager#markAppOpNoted and immediately call the collector similar
to case (1).
3. Sometimes private data is accessed outside of a two-way binder call.
E.g. if an app registers a LocationListener an app-op is noted each time
a new location is send to the app. In this case it is not clear to the
framework which app-action triggered this app-op-note. Hence the data
provider has to describe in a AsyncNotedAppOp object when an why the
access happened. These objects are then send to the system server via
IAppOpsService#noteAsyncOp and then the collector in the app. There are
rare cases where a private data access happens before the app is running
(e.g. when a geo-fence is triggered). In this case we cache a small
amount of AsyncNotedAppOps (in AppOpsService#mUnforwardedAsyncNotedOps)
and deliver them when the app is ready for these events (in
AppOpsManager#setNotedAppOpsCollector).
Test: atest CtsAppOpsTestCases (includes new tests covering this
functionality)
Bug: 136505050
Change-Id: I96ded4a8d8d9bcb37a4555d9b1281cb57945ffa9
|
