summaryrefslogtreecommitdiff
path: root/core/java/android/content/ClipboardManager.java
Commit message (Collapse)AuthorAgeFilesLines
* Add attribution tag to clipboard.Achim Thesmann2022-06-241-13/+42
| | | | | | | Bug: 235542330 Test: ClipboardManagerTest ClipboardAutoClearTest ClipboardManagerTest ClipboardManagerListenerTest ClipboardAccessTest ClipboardAccessTest Test: manually tested copy-paste Change-Id: I122a48a299f890ac565afb1042615edfa263b1c7
* Call OnPrimaryClipChanged when classification status changes.Oli Lan2021-04-271-0/+4
| | | | | | | | | | | | | | | | | | | To allow apps to know when text classification has been completed on clipboard clips, ClipboardService will now call any OnPrimaryClipChangedListeners when the classification status of the primary clip changes. This change is made as per API council suggestion. This CL also ensures that the classification status is set on any related profiles. Bug: 185177537 Test: atest ClipboardManagerListenerTest Test: atest ClipDescriptionTest Test: atest atest ManagedProfileCrossProfileTest#testCrossProfileCopyPaste Change-Id: I63c44a051d1e8029b6d56b9af5d1e506355a8466
* Use a DeviceConfig property for the default value of the clipboard ↵Oli Lan2021-03-171-0/+19
| | | | | | | | | | | | | | | notification setting. This adds a DeviceConfig property to hold the default of the new setting to control whether notifications are shown when an app accesses clipboard. Bug: 182349993 Test: manual, "adb shell device_config put clipboard show_access_notifications false" and observe setting changes when not set manually; also check notifications shown when expected. Change-Id: I8c812793db405f0a55aa5ecbc20d893fc4a52bee
* Add system API to attribute source of clip data.Oli Lan2021-03-081-0/+46
| | | | | | | | | | | | | | This adds a system API to allow the source package to be included when clip data is set on CLipboardManager. This is needed to ensure that the clipboard access notifications can be properly attributed. For example, when a copy is performed through the share sheet, the data should be attributed to the app that opened the share sheet, not Android System. Bug: 180577866 Test: new tests added to ClipboardManagerTest in CTS Change-Id: Ic0ef2ea218e1dcb738b401f61cd20cd5bba6baec
* Replace com.android.internal.util.Preconditions.checkNotNull withDaulet Zhanguzin2019-12-301-3/+2
| | | | | | | | | java.util.Objects.requireNonNull Bug: 126528330 Test: Treehugger Change-Id: Iaa2abbefc532965e257a68502ec60aadbe465ed2
* Use new UnsupportedAppUsage annotation.Artur Satayev2019-12-181-1/+1
| | | | | | | | Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library. Bug: 145132366 Test: m && diff unsupportedappusage_index.csv Change-Id: I6ab53570aca580fbee1fcc927871caa09780f58f
* Fix sysui's security issue of cross-user copy/pasteFelka Chang2019-05-211-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Background: The applications with the granted INTERNAL_SYSTEM_WINDOW and INTERACT_ACROSS_USERS_FULL means that it could show the same window for all of users. i.e. to use user 0 presents all of UI things to all of users. INTERNAL_SYSTEM_WINDOW usually comes with INTERACT_ACROSS_USERS_FULL because it will serve all of users to know the information that comes from framework and system server. Solution: Because SystemUI never restarts after the user changing, ClipboardService can't tell if the callingUid has the the same userId with the current user or not. The solution is to use the permission check. Especially, INTERACT_ACROSS_USERS_FULL and INTERNAL_SYSTEM_WINDOW. To check INTERACT_ACROSS_USERS_FULL by using ActivityManagerInternal.handleIncomingUser. Caution: The application with INTERNAL_SYSTEM_WINDOW usually use user 0 to show the window. But, the current user is user 10, WindowManager know the focus windows is belong to user 0 rather user 10. That's why user 10 can't copy the the text from systemui directly reply to the other applications. Readability: ClipboardService use callingUid everywhere but actaully it is not appropriated to fix this kind of bug. This patch refactor the naming to produce two name. i.e. intendingUid and intentdingUserId that are validated by ActivityManagerInternal.handleIncomingUser. Test: manual test Test: atest android.widget.cts.TextViewTest Test: atest CtsTextTestCases Test: atest CtsContentTestCases Bug: 123232892 Bug: 117768051 Change-Id: Ie3daecd1e8fc2f7fdf37baeb5979da9f2e0b3937
* Allow apps to write to the clipboard without input focusChad Brubaker2018-08-281-6/+0
| | | | | | | | | | | Blocking writes breaks common share UI flow in apps. Since common write abuse cases rely on modifying the contents (e.g. injecting spam links) only blocking reads still gives the intended privacy properties. Test: atest tests/tests/content/src/android/content/cts/ClipboardManagerTest.java Fixes: 112844309 Change-Id: I18fdba192fcf9c8d3fb4cbaeaea1468657e5131e
* Limit clipboard access to the default IME or current focused app.Chad Brubaker2018-08-171-0/+15
| | | | | | Test: atest ClipboardManagerTest.java Bug: 6229949 Change-Id: I450ba3d3c2d0f1c4a6a4c24f50539c68ac844c26
* Add @UnsupportedAppUsage annotationsMathew Inwood2018-08-151-0/+3
| | | | | | | | | | | | | | | | | | | | | | For packages: android.content.res android.content.pm.split android.content.pm.permission android.content.pm.dex android.content.pm android.content.om android.content This is an automatically generated CL. See go/UnsupportedAppUsage for more details. Exempted-From-Owner-Approval: Mechanical changes to the codebase which have been approved by Android API council and announced on android-eng@ Bug: 110868826 Test: m Change-Id: Ia79256a3d04e16dd78331a61af0dcddc5fc1599b
* Add explicit method to clear clipboard.Jeff Sharkey2018-02-261-20/+34
| | | | | | | | | | | | | | | | | | | Fix several bugs along the way: -- Clipboard permissions weren't being revoked for related users when a new primary clip was set. -- checkGrantUriPermissionLocked() wasn't checking to see if an otherwise-open provider requires permissions on specific paths. -- When granting Uri permissions for clipboard data, we need to include the real source UID for the grant; we no longer allow the system UID to source grants, to avoid confused deputy problems. -- Use the Handler passed into ClipboardManager constructor so it lives on the right thread. Test: cts-tradefed run commandAndExit cts-dev -m CtsContentTestCases -t android.content.cts.ClipboardManagerTest Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests Bug: 71711122, 73797203 Change-Id: I99315035efc0c6a90471c279311294dc86766c8d
* Annotate @SystemApi with required permissions.Jeff Sharkey2017-06-051-6/+2
| | | | | | | | | | | | | | | | | Most @SystemApi methods should be protected with system (or higher) permissions, so annotate common methods with @RequiresPermission to make automatic verification easier. Verification is really only relevant when calling into system services (where permissions checking can happen on the other side of a Binder call), so annotate managers with the new @SystemService annotation, which is now automatically documented. This is purely a docs change; no logic changes are being made. Test: make -j32 update-api && make -j32 offline-sdk-docs Bug: 62263906 Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651
* Replace possibly-expensive size() == 0 with isEmpty()Mike Tsao2017-03-241-2/+2
| | | | | | Bug: 36596458 Change-Id: Ieb0ea65be056bb8ce0613280e6213c330fbf783c Test: added ContentValuesTest
* Avoid caching services with missing binders.Jeff Sharkey2016-08-111-25/+13
| | | | | | | | | | | | | | | | When fetching system services early during boot, if the underlying binder interface hasn't been published yet, we end up caching a manager class that is broken for the remainder of the process lifetime, and innocent downstream callers end up using the broken cached manager. Fix this by using an explicit exception to quickly abort manager creation when the underlying binder is missing. The exception is only used to skip the remainder of the manager creation, and it doesn't actually crash the process. Bug: 28634953 Change-Id: I0cb62261e6d6833660704b93a11185aa11a2ac97
* Add missing @Deprecated annotations.Aurimas Liutikas2016-05-241-0/+3
| | | | | | | Add missing @Deprecated annotations for methods with @deprecated tag in javadoc. Change-Id: I35b78ccb97832d86b914c21a300444ba29e33844
* When system server goes down, crash apps more.Jeff Sharkey2016-02-271-4/+7
| | | | | | | | | | | | | | Similar to first patch, but now using new "rethrowFromSystemServer()" method which internally translates DeadObjectException into DeadSystemException. New logic over in Log.printlns() now suppresses the DeadSystemException stack traces, since they're misleading and just added pressure to the precious log buffer space. Add some extra RuntimeInit checks to suppress logging-about-logging when the system server is dead. Bug: 27364859 Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123
* Exposing file:// beyond your app is bad, m'kay?Jeff Sharkey2016-01-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For several releases now we've told developers that sharing raw files between apps is a recipe for trouble. There are at least three major problems with sending raw files: -- Apps sending generic intents can't know who is at the other end, so they may not have access to shared storage locations. This is more likely now that runtime permissions require apps to explicitly ask users for permission. -- Apps making files in their private storage world-readable has been deprecated for several releases, and now in N it's fully blocked. If we let these intents through, the receiving app would fail to open the file, when the real blame rests on the sending app. -- Devices with user profiles can't share raw files when using cross-profile intent filters, since filesystem access is fully locked down between users. The time has finally come to communicate clearly that if you're sharing content between apps, you need to use content:// Uris. We added the simple FileProvider several years ago to give apps a clean way to migrate with minimal work on their part. Bug: 26860922, 9069185 Change-Id: I075f627f6a0d6c7fca2c090ca133b9aae9801c64
* Remove unused imports from frameworks/base.John Spurlock2013-11-201-2/+0
| | | | Change-Id: Ia1f99bd2c1105b0b0f70aa614f1f4a67b2840906
* Fix issue #10688644: Java crash in com.android.phone:Dianne Hackborn2013-09-111-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | java.lang.SecurityException: Operation not allowed There was a situation I wasn't taking into account -- components declared by the system has a special ability to run in the processes of other uids. This means that if that code loaded into another process tries to do anything needing an app op verification, it will fail, because it will say it is calling as the system package name but it is not actually coming from the system uid. To fix this, we add a new Context.getOpPackageName() to go along-side getBasePackageName(). This is a special call for use by all app ops verification, which will be initialized with either the base package name, the actual package name, or now the default package name of the process if we are creating a context for system code being loaded into a non-system process. I had to update all of the code doing app ops checks to switch to this method to get the calling package name. Also improve the security exception throw to have a more descriptive error message. Change-Id: Ic04f77b3938585b02fccabbc12d2f0dc62b9ef25
* Warn when exposing file:// Uris beyond a process.Jeff Sharkey2013-04-031-0/+4
| | | | | | | | | | | Check for file:// Uris inside Intents, ClipData, Notifications and RemoteViews when StrictMode option is enabled. Also introduces Intent.prepareToLeaveProcess() to uniformly handle Intents about to leave an app process. Bug: 8529070 Change-Id: I8efb43877cbc5f21eb029fc6492b3ee1415059ef
* App ops: adding operations for reading/writing clipboard.Dianne Hackborn2013-02-251-6/+6
| | | | Change-Id: Ic4cade153618fe86954754a3b3edde64a52a0a9c
* Merge "DOC CHANGE: Add javadoc to ClipboardManager" into ics-mr1Joe Malin2012-04-191-0/+13
|\
| * DOC CHANGE: Add javadoc to ClipboardManagerJoe Malin2011-12-191-0/+13
| | | | | | | | Change-Id: Ib499952c45f3448897a2876ed7a7edd5c3dfebfd
* | docs: Add developer guide cross-references, Project ACRE, round 4Joe Fernandez2011-12-221-0/+7
|/ | | | Change-Id: I1b43414aaec8ea217b39a0d780c80a25409d0991
* Fix a bunch of API review bugs.Dianne Hackborn2011-01-171-2/+2
| | | | | | | | | | 3362464 API REVIEW: android.content potpourri 3362445 API REVIEW: Fragment transaction stuff 3362428 API REVIEW: Fragment stuff 3362418 API REVIEW: Loader stuff 3362414 API REVIEW: android.content.pm.ActivityInfo Change-Id: I6475421a4735759b458acb67df4380cc6234f147
* Fix ClipboardManager#hasTextBrian Muramatsu2010-11-191-1/+1
| | | | | | | | | | | Bug 3202642 I didn't see any usage of ClipboardService#hasClipboardText. It seemed like this method was designed to be called by the deprecated hasText method to retain compatibility rather than calling hasPrimaryClip. Change-Id: I84d73d618a6ee2feb2e8e603c611b393850230e7
* Implement permission granting in clipboard.Dianne Hackborn2010-10-051-1/+1
| | | | Change-Id: I9a7a949d1aaf4b3beabceaf807fb7d3b040e4ea8
* Improve clipboard API.Dianne Hackborn2010-08-271-6/+18
| | | | | | | | | | - Rename ClippedData to ClipData. - Introudce ClipDescription subclass. - Add convenience APIs for creating a ClipData. - Add ClipboardManager API to get just the ClipDescription. - Define MIME types associated with a clip. Change-Id: If97ef91aa99a4dd0ec74ccaea504345c9ef12b5c
* Add new ContentProvider for doing conversions to data streams.Dianne Hackborn2010-08-081-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces basic infrastructure that should allow content providers holding complex data to perform on-demand conversion of their data to streams of various types. It is achieved through two new content provider APIs, one to interrogate the possible stream MIME types the provider can return, and the other to request a stream of data in a particular MIME type. Because implementations of this will often need to do on-demand data conversion, there is also a utility intoduced in ContentProvider for subclasses to easily run a function to write data into a pipe that is read by the client. This feature is mostly intended for cut and paste and drag and drop, as the complex data interchange allowing the source and destination to negotiate data types and copy (possible large) data between them. However because it is fundamental facility of ContentProvider, it can be used in other places, such as for more advanced GET_CONTENT data exchanges. An example implementation of this would be in ContactsProvider, which can now provider a data stream when a client opens certain pieces of it data, to return data as flat text, a vcard, or other format. Change-Id: I58627ea4ed359aa7cf2c66274adb18306c209cb2
* First pass at a new clipboard API.Dianne Hackborn2010-08-051-0/+195
ClipboardManager was in android.text(!!) so it needed to be moved up to android.content to have access to the richer data types we now need. ClippedData is the data representation. Still needs a lot of fleshing out to allow holding more than one data type at a time and perhaps conversions between them. (MIME-oriented interrogation and conversion will be done through ContentProvider, which needs to grow an ability to report multiple MIME types and accept a desired MIME type when a stream is being opened.) Change-Id: Ifa51bedcd084a677813b255d171804e8496b0cb5
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 21:24:14 +0000