| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
In order to registerContentObserver as other user, callers need to hold
the INTERACT_ACROSS_USERS_FULL permission.
Bug: 206743591
Test: CtsContentTestCases
Change-Id: I2f373a3f064718cc87bdda35a5854b6a6fd2e7aa
|
| |
|
|
|
|
|
|
|
| |
Unless we are looking at stack traces (e.g. from strict mode) it's not
possible to identify which type of object is not being closed (most
methods are 'close' or 'release). Change the logged text to clarify.
Change-Id: Ib90eac716f43c2c2caf8d8c6fb64a7bd90562da9
Test: manual
|
| |
|
|
|
|
| |
Bug: 206743591
Test: CtsContentTestCases
Change-Id: Iec1a4e773e6f625da9aac03cd7b71d47a251b84f
|
| |
|
|
|
|
|
|
|
|
|
| |
Make the change based on API council's suggestion.
Bug: 206743591
Test: Manual testing to verify the
observer can get notifications for
all the users.
Change-Id: I725307f65c288c4fc8bc3acf923cd7092ccc2f97
|
| |
|
|
|
|
|
|
|
|
|
| |
Also add ContentObserver#onChange(boolean, Collection, int, UserHandle) so
clients can know the corresponding UserHandle for the notification.
Bug: 203606981
Test: atest CtsContentTestCases and manual testing to verify the observer can get notifications for
all the users.
Change-Id: Icec7e70b71d7de1c15faf1736539f169856304a8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
App can read installed sync content providers without requiring
any permission via the api ContentResolver#requestSync and
ContentResolver#addStatusChangeListener.
This cl enforces package visibility filter to the api
ContentResolver#addStatusChangeListener. Application without the
package visibility tag of the target applications in its manifest
cannot receive sync status callbacks of the target applications.
Bug: 190726121
Test: atest AppEnumerationTests
Test: atest CtsSyncManagerTestsCases
Test: atest ContentResolverSyncTestCaseatest
Test: atest SyncManagerTest
Test atest SyncOperationTest
Test: atest SyncStorageEngineTest
Test: atest DeferSyncTest
Change-Id: I58d0baf5baefd942b454f06e1fa9d3b34d532a77
|
| |
|
|
|
|
| |
Change-Id: I356fa893e62b5ad2d61a51b18ea12f5181125375
Fixes: 192685753
Test: n/a
|
| |
|
|
|
|
| |
Bug: 185900460
Test: atest
Change-Id: I72b743affd9c1c47650c4249e855676203033f5e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert "Restore file truncation where expected."
Revert submission 14173486-rwt
Reason for revert: b/186862362 - breaks ContentResolverWrapTest
Reverted Changes:
I41bc298af:Restore file truncation where expected.
Iacec49164:Restore file truncation where expected.
Bug: 186862362
Change-Id: I2afe5e2334cff60c4e7220267095042a60909185
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several years ago ParcelFileDescriptor.parseMode() was fixed to match
the behavior of fopen(), since developers expect consistent behavior
between managed and native code. FileUtilsTest.testTranslateMode()
verifies that all these modes are correctly translated.
However, this unintentionally changed the behavior of
ContentResolver.openOutputStream(), which only sends the 'w' mode
to the remote process. Developers expect this API to behave like
the FileOutputStream constructor, which always truncates the file
unless opened with the append mode.
Since some remote providers may not be prepared to handle the 't'
mode, this change carefully uses Os.ftruncate() to restore this
expected behavior in all cases.
For other APIs that return opened files, this strategy is applied
to restore the original behavior, but only when the target SDK of
the app is expecting this truncation to take place. The reason for
this is that moving forward our goal should always enable
ContentInterface APIs to be a transparent conversation between apps
without attempting to alter the behavior. Apps talking with older
providers can apply the Os.ftruncate() logic themselves, if
desired, once they target Android Q or higher.
Bug: 157888856, 180680924
Test: atest CtsContentTestCases:ContentResolverTest
Change-Id: Iacec49164c4ce3891db0270635e9f458dea7becd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bug:158792096
bug:180647319
bug:184051153
bug:184027531
Test:atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
atest CtsAlarmManagerTestCases
Change-Id: Id324ed0e2a653dface6ba273bba27e92bea14f99
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an app is proxying access to runtime permission protected
data it needs to check whether the calling app has a permission
to the data it is about to proxy which leaves a trace in app ops
that the requesting app perofmed a data access. However, then the
app doing the work needs to get the protected data itself from the
OS which access gets attributed only to itself. As a result there
are two data accesses in app ops where only the first one is a
proxy one that app A got access to Foo through app B - that is the
one we want to show in the permission tracking UIs - and one
for the data access - that is the one we would want to blame on
the calling app, and in fact, these two accesses should be one -
that app A accessed Foo though B. This limitation requires fragile
one off workarounds where both accesses use the same attribution
tag and sys UI has hardcoded rules to dedupe. Since this is not
documented we cannot expect that the ecosystem would reliably
do this workaround in apps that that the workaround in the OS
would be respected by every OEM.
This change adds a mechaism to resolve this issue. It allows for
an app to create an attribution context for another app and then
any private data access thorugh this context would result in a
single app op blame that A accessed Foo though B, i.e. we no longer
have double accounting. Also this can be nested through apps, e.g.
app A asks app B which asks app C for contacts. In this case app
B creates an attribution context for app A and calls into app C
which creates an attribution context for app B. When app C gets
contacts the entire attribution chain would get a porper, single
blame: that C accessed the data, that B got the data from C, and
that A got the data form B. Furthermore, this mechanism ensures
that apps cannot forget to check permissions for the caller
before proxying private data. In our example B and C don't need
to check the permisisons for A and B, respectively, since the
permisisons for the entire attribution chain are checked before
data delivery. Attribution chains are not forgeable preventing
a bad actor to create an arbitrary one - each attribution is
created by the app it refers to and points to a chain of
attributions created by their corresponding apps.
This change also fixes a bug where all content provider accesses
were double counted in app ops due to double noting. While at
this it also fixes that apps can now access their own last ops.
There was a bug where one could not pass null getting the attributed
ops from a historical package ops while this is a valid use case
since if there is no attribution everything is mapped to the null
tag. There were some app op APIs not being piped thorough the app
ops delegate and by extension through the app ops policy. Also
now that we have nice way to express the permission chain in a
call we no longer need the special casing in activity manager to
handle content provider accesses through the OS. Fixed a bug
where we don't properly handle the android.os.shell calls with
an invlaid tag which was failing while the shell can do any tag.
Finally, to ensure the mechanims is validated and works end-to-end
we are adding support for a voice recognizer to blame the client
app for the mic access. The recognition service can create a blaming
context when opening the mic and if the mic is open, which would
do all permission checks, we would not do so again. Since changes
to PermissionChercker for handling attribution sources were made
the CL also hooks up renounced permissoins in the request permission
flow and in the permission checks.
bug:158792096
bug:180647319
Test:atest CtsPermissionsTestCases
atest CtsPermissions2TestCases
atest CtsPermissions3TestCases
atest CtsPermissions4TestCases
atest CtsPermissions5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Change-Id: Ib04585515d3dc3956966005ae9d94955b2f3ee08
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to test the platform in emulators that are orders of magnitude
slower than real hardware we need to be able to avoid hitting timeouts
that prevent it from coming up properly. For this purpose introduce
a system property, ro.hw_timeout_multiplier, which may be set to
an integer value that acts as a multiplier for various timeouts on
the system.
Bug: 178231152
Change-Id: I6d7710beed0c4c5b1720e74e7abe3a586778c678
Ignore-AOSP-First: The frameworks/base part of this change conflicts with AOSP so we need to land it internally first
|
| |/
|
|
|
|
|
|
|
|
| |
Bug: 178852366
Test: atest SyncRequestTest
Test: atest SyncOperationTest
Test: atest SyncManagerTest
Test: atest CtsSyncManagerTest
Test: atest ContentResolverTest [all]
Change-Id: I4a78abdc1f2f5313ac18f739209b76fdf49388e5
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(CorePlatformApi) type of
libcore
Bug: 154796679
Bug: 179703584
Test: Treehugger
Change-Id: I06aa9df929abb94f1d9354f57087a973be597a43
Merged-In: I06aa9df929abb94f1d9354f57087a973be597a43
(cherry picked from commit 734ab4902b131b9cb15fa56c8d427909f1a1b2a8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Isolated storage was added in Q (and enabled by default) and has been
replaced by FUSE in R
Additionally, we can remove the ExternalStorageMountPolicy concept
which is only required if isolated storage is false
Cleanup in preparation to introduce DeviceConfig changes for
transcoding
Bug: 169327180
Test: Builds
Change-Id: Ie2686d8efa6654ea6c4b4ca8c121c0c1841a6356
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Having a hidden abstract method for a class that can be extended
means that public implementors cannot implement these hidden methods
posing a risk that custom implementations will not have required
abstract methods resulting in an exception.
Bug: 151134792
Test: make update-api
Change-Id: I758d12465fabc671be19bedeeceb16885de23c87
Exempt-From-Owner-Approval: large scale suppression of existing issues,
no-op in terms of behavior
|
| |
|
|
|
|
|
|
|
| |
This CL is basically identical to http://ag/10353234, which
did the same with the sister method, "canonicalize".
Fixes: b/147705670
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Change-Id: Ide93850f225cdd61779a62fc2c4666efe438b536
|
| |
|
|
|
|
|
|
|
|
| |
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to
remove from the unsupported list.
Bug: 170729553
Test: Treehugger
Change-Id: I4c8fd0006f950de9955242e93968fb0996ceb372
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I ran these commands:
cd frameworks/base
grep -rl '@TestApi' --include '*.java' | xargs perl -i -p0e \
's/\@SystemApi[\s\n]+(\@\w+[\s\n]+)?\@TestApi/\@SystemApi\1/gs'
grep -rl '@TestApi' --include '*.java' | xargs perl -i -p0e \
's/\@TestApi[\s\n]+(\@\w+[\s\n]+)?\@SystemApi/\1\@SystemApi/gs'
Bug: 171179806
Test: m checkapi
Change-Id: I772790b783b0a8730b8bf680c9e569a886b8d789
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Fixes: 167394574
Test: n/a
Change-Id: I3615887cd08f6dbe34a81e6fade1228111584880
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| | |
741c0a78cc am: da7478b570 am: 487d394296
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1426195
Change-Id: Id01f468b43fd5b2aada78608010625b392c1b647
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
See https://source.android.com/setup/contribute/respectful-code for reference
Test: none
Bug: 168334533
Exempt-From-Owner-Approval: docs updates
Change-Id: Id1a0f2a38e41badee3a34bd71af240511f273a7b
|
| | |\
| | |
| | |
| | |
| | |
| | | |
Bug: 166295507
Merged-In: I3d92a6de21a938f6b352ec26dc23420c0fe02b27
Change-Id: Ifdb80563ef042738778ebb8a7581a97c4e3d96e2
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 0b7e8cc6bc am: b5cf67da5a am: 66ea204537 am: c30e10ff21 am: ac9b44031d
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1375856
Change-Id: Ib47f8d0387bbe97b15d8bd8dfef58ed2d3c5c802
|
| | |\| |
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
am: 0b7e8cc6bc am: b5cf67da5a
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1375856
Change-Id: I041cc607ebe35c8d6e57cb78fa30170f38817ae3
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
See https://source.android.com/setup/contribute/respectful-code for reference
#inclusivefixit
Bug: 161896447
Test: NA (Comment only)
Change-Id: I3e86de365f5a3eb2649ce7166ac34079484cfabd
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I6ab53570aca580fbee1fcc927871caa09780f58f
Merged-In: I6ab53570aca580fbee1fcc927871caa09780f58f
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 16e83d2a45530de47744e6f89252ab35ac878108.
Reason for revert: Droidcop-triggered revert due to breakage
https://android-build.googleplex.com/builds/quarterdeck?testMethod=testConstructor_protectedCancellableEsc&testClass=android.app.cts.DialogTest&atpConfigName=suite%2Ftest-mapping-presubmit-retry_cloud-tf&testModule=CtsAppTestCases&fkbb=6633955&lkbb=6642068&lkgb=6633902&testResults=true&badBuildCount=147&branch=git_master&target=cf_x86_phone-userdebug
, bug https://buganizer.corp.google.com/issues/160310602
Change-Id: I3b04175290a9044ff26800ecc4b382c68f76597e
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: 149110957
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Change-Id: If4beac53d8b47c31503fd980f9a1e38d34e9c671
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
7affd8ffe6 am: e3afc5a2a7 am: c4e23cebc5
Change-Id: I3aba91500075b89e598fa5ff21225b8972f7a442
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Clarify when some of the ContentResolver APIs could return null.
Bug: 112833761
Test: builds (documentation update)
Change-Id: I3af1a23bc484d05b167a86bbff0c93ff1bd364e7
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Point is moving into the UI/graphics module, so hidden apis need to be
cleaned up:
* printShortString is now publicly exposed and renamed to Point#dump, to
mirror already public APIs such as TokenWatcher#dump
* The two convert methods have very few users and their implementations
are both trivial and only rely on the existing public API, so they are
in-lined directly in the callers.
* Introduce a GraphicsProtos utility class living outside of the module
that just converts Graphics parcelables into protobuf objects. Currently
WindowManager and the view system dump protobuf representations for
debugging. Accordingly GraphicsProtos is a hidden public class, as the
protobuf representation of the graphics classes are not publicly
exposed and should be considered an implementation detail of the system.
Bug: 152804266
Test: boots, builds
Change-Id: I5e25dbbe47b3c690d7d763a0082beb8d8a9c86d3
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We've heard reports that some ContentProviders are sensitive to their
notifications being delayed, so this change adds a NOTIFY_NO_DELAY
flag that they can use to bypass any background delays.
Bug: 149370968
Test: none
Change-Id: I0465c8dee92cd5708c04035bc0396ce2d1083f67
|
| | |
| |
| |
| |
| |
| | |
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Bug: 149184281
Change-Id: Ice6e1207ace7a0cc6b4b8dc1b99da22b13b04031
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Fixes: 149184281
Change-Id: If3c33e58b1d0f3b88148eb3d2085c9d23cf12fc2
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a new ContentProvider.checkUriPermission() method, but we
forgot to add the symmetric ContentResolver.checkUriPermission() to
the public API, and a first-party developer helped identify this
oversight.
Bug: 151165313
Test: atest CtsContentTestCases:android.content.cts.ContentResolverTest
Change-Id: Ic5496b5a6fda14c25cb3752f5af2f71564d003ba
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the core functionality this changes everything including aidl's and
field names:
- Context
- ContentProvider
- AppOps*
- Package parsing
For the rest, this is a shallow change to only change to the changed
APIs. This keeps the change small-ish
Exempt-From-Owner-Approval: Rename
Fixes: 148792795
Test: TH
Change-Id: I2a2245fe76e09e62cb13d5785d2efb4a304ba54a
Merged-In: I2a2245fe76e09e62cb13d5785d2efb4a304ba54a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Starting in R, there is a new public API overload that delivers a
flags argument. Some apps may be relying on a previous hidden API
that delivered a userId argument, and this change is used to control
delivery of the new flags argument in its place.
There are dozens of these hidden API users are in the system UID,
either in the system process or the Settings app, so we hard-code
giving them the legacy behavior, since refactoring would be messy
between internal and AOSP branches.
Also adjust incoming and outgoing method signatures to use slightly
more flexible Collection<Uri>, which has handy methods like
contains() and isEmpty().
Bug: 150939131
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest
Exempt-From-Owner-Approval: trivial refactoring
Change-Id: If6a77449e19215cf1c60d4217e62fc04b0959bfc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug: 150641862, 150641715, 150641138, 150640123
Test: atest cts/tests/tests/content/src/android/content/cts/ContentResolverTest.java
Test: atest cts/tests/tests/os/src/android/os/cts/BinderTest.java
Test: atest cts/tests/tests/provider/src/android/provider/cts/DocumentsContractTest.java
Test: atest cts/tests/tests/provider/src/android/provider/cts/media/MediaStoreTest.java
Change-Id: I6f9ae1dcffd79fd6c422962d9ca64d4b98841766
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As part of MediaProvider becoming a Mainline module, some partners
need to understand more details about what triggered a Uri change
notification. This helps listening apps avoid making expensive and
race-condition-prone calls back into MediaProvider; typically when
they're only interested in insert and delete operations. This change
uses the existing "flags" argument to communicate the reason.
This change adds overloads to ContentObserver for listening apps to
receive these flags. In addition, we add overloads that deliver a
clustered set of multiple Uris together in a single Binder transaction
to improve overall efficiency. (This matches well with the existing
CR.notifyChange() API that we added earlier this year, since they
both work with Iterable<Uri>.)
Tests to verify that we only collapse Uris together when all other
method arguments are identical.
Bug: 147778404, 144464323
Test: atest CtsDatabaseTestCases
Test: atest CtsContentTestCases:android.content.cts.ContentResolverTest
Test: atest FrameworksServicesTests:com.android.server.content.ObserverNodeTest
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: I0bbd8a8b4a898ab6f891d085de0ecb4d68cbe302
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Bug: 146914674
Bug: 140565622
Bug: 137381621
Test: manual
Change-Id: I903a13deb467b45839a7d03b60754c8fc464456c
|
| | |
| |
| |
| |
| |
| | |
Fixes: b/147699082
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Change-Id: I2e851839a454ad5eabc981c76774d03b57a1aa09
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, extends the client-side timeout to match that
in ActivityManagerService.
Also, fixes an ANR that could occur if getType is called for
an unknown content provider
---------------
Revert "Revert "Prevents an NPE when content provider is slow to start""
This reverts commit 3a54effffdb361ccd60169dcce93cf4e87fc6dac.
Reason for revert: Roll forward of the original CL,
with a fix for the regression it caused
Original commit 140fc2e9c9382d5326b72ff28e8782e7bffc493d
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Fixes: 148987678
Change-Id: Ic60acceaabbf6b32c71d0b8bdf831a7d1f13d392
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 140fc2e9c9382d5326b72ff28e8782e7bffc493d.
Reason for revert: b/149176266
Change-Id: I4015fcc1624ee116c4a013c99816d43ce7b24834
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, extends the client-side timeout to match that
in ActivityManagerService.
Test: atest FrameworksCoreTests:android.content.ContentResolverTest
Fixes: 148987678
Change-Id: I1daf8625bd0306cc6f6f08c3268fa191d37bda7a
|
