| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Use the passed in executor for getUnusedCount so that the work is
actually handled on the main executor.
Bug: 231931350
Test: bug repro steps
Change-Id: I7c97e1e6d55457662920a3a15a5605324dd7963f
|
| |
|
|
|
|
| |
Bug: 215555831
Test: atest android.permission.cts.RevokeSelfPermissionTest
Change-Id: I887e2b8a86868352e772537addd8cd20ef305d7b
|
| |
|
|
|
|
| |
Test: None, this is just a doc update
Bug: 210387494
Change-Id: Ib6555c9c419e2f5b890d31c249f09207632d7724
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This param controls how long to wait before revoking permission after
every process has been killed.
Deprecate previous API and update all known uses of the deprecated API.
Use updated API for self-revocation feature.
If multiple one-time permission sessions are started for the same
package with different parameters, always use the shortest parameters.
Test: atest android.permission.cts.RevokeOwnPermissionTest,
atest android.permission.cts.OneTimePermissionTest
Bug: 210387494
Change-Id: I0c0e21b3b48dd31f0c267d5c8b89336714835289
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an API to get a package's eligibility for hibernation for a given
user. A package is either eligible, exempt by the system, or exempt by
the user.
This information can be used to show more accurate UI for hibernation
controls (e.g. disabling the user-controlled exemption toggle if the app
is already exempt by the system)
Bug: 200087723
Test: CTS test in topic
Change-Id: Iea844477184fadb55ea14485dff172ed7be2b715
|
| |
|
|
|
|
| |
Test: atest android.permission.cts.RevokeOwnPermissionTest
Bug: 210387494
Change-Id: Iaa3a4c00847d5411c5b829d190eba8231d046d8c
|
| |
|
|
|
|
|
|
| |
Test: atest android.permission.cts.RevokeOwnPermissionTest
Bug: 215555831
Bug: 210575642
Bug: 210387494
Change-Id: I94e29f66d13ac76669fab2ccc08879c30c26b7ea
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Test: Manual test using a non-privileged app, atest
android.permission.cts.SelfRevokeRuntimePermissionTest
When calling the API, the permission (along with any other permissions
from the same group) for the current package is downgraded to a one-time
permission, and a one-time permission session is started.
Bug: 210387494
Change-Id: I9f061cbc8c3db720127c96200fe94a644246b6d7
|
| |
|
|
|
|
|
|
|
|
| |
Add unused count API to PermissionControllerManager to allow Settings to
pull the number of unused apps from PermissionController.
Bug: 200087723
Bug: 187465752
Test: CTS test in topic
Change-Id: I197b07af0e7a40bb5daececd8ef7d053a2895016
|
| |
|
|
|
|
|
|
|
| |
The API is moved from PermissionControllerManager (only a System API)
to PackageManager to expose it as public API.
Bug: 182094776
Test: atest GetPermissionGroupInfoTest
Change-Id: I175afb2e37bf2651b91765029645f7940f58f39c
|
| |
|
|
|
|
| |
Test: atest GetPermissionGroupInfoTest
Fixes: 185177089
Change-Id: I6b3ff9c02d013ee48dc2f7f39d556cc6da0edac4
|
| |
|
|
|
|
|
|
|
|
| |
Create a GET_RUNTIME_PERMISSION_GROUP_MAPPING permission to gate the
permission group methods behind, and changes the methods to have
callbacks.
Test: atest GetPermissionGroupInfoTest
Fixes: 185177089
Change-Id: Ifd2ebc74f16e51b62068bdc6c8748f69bc63e923
|
| |
|
|
|
|
| |
Bug: 182094776
Test: atest GetPermissionGroupInfoTest
Change-Id: I872b0658ea0d8a5aca80a83cff1e29f25b7d6d3d
|
| |
|
|
|
|
|
| |
Fixes: 181681395
Fixes: 181562406
Test: presubmit
Change-Id: I51fc6e1568a8fadf82c8c1c5b52c1356a94ce36d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Restrict the admin of a fully-managed device or managed profile from
granting sensors-related permissions.
The admin of a managed profile cannot control permission grants for
sensors-related permissions at all.
The admin of a fully-managed device can opt-out of having said control
by providing a provisioning extra.
This change passes the boolean flag in ActiveAdmin indicating whether
the admin has control over sensor permission grants into the permission
controller.
Manual testing:
* Install TestDPC
* Create a work profile using TestDPC.
* Get the BasicLocation app by checking out
https://github.com/android/location-samples and building it from there.
* Install the app onto the device but do not start it.
* In TestDPC, Find "Manage app permissions", choose "Basic Location Sample"
from the drop-down menu.
* Toggle each of the "ACCESS_COARSE_LOCATION" and
"ACCESS_BACKGROUND_LOCATION" to "Allow".
* Observe that no notification appears.
* Start the BasicLocation app and observe the runtime permission prompt
shows up.
Bug: 158735247
Test: Manual (more to be added).
Test: cts (see topic)
Change-Id: I12d9f7e24ad4bc09651a5e5f60b864298506c2c4
|
| |
|
|
|
|
| |
Test: manual
Bug: 165951651
Change-Id: Ie3771df49dca43b9c91f64b32a6b56b211e754ad
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I ran these commands:
cd frameworks/base
grep -rl '@TestApi' --include '*.java' | xargs perl -i -p0e \
's/\@SystemApi[\s\n]+(\@\w+[\s\n]+)?\@TestApi/\@SystemApi\1/gs'
grep -rl '@TestApi' --include '*.java' | xargs perl -i -p0e \
's/\@TestApi[\s\n]+(\@\w+[\s\n]+)?\@SystemApi/\1\@SystemApi/gs'
Bug: 171179806
Test: m checkapi
Change-Id: I772790b783b0a8730b8bf680c9e569a886b8d789
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recently added AndroidFrameworkBinderIdentity Error Prone checker
examines code to ensure that any cleared identities are restored to
avoid obscure security vulnerabilities.
This change is a purely mechanical refactoring that adds the "final"
keyword to the cleared identity to ensure that it's not accidentally
modified before eventually being cleared. Here's the exact command
used to generate this CL:
$ find . -name "*.java" -exec sed -Ei \
's/ (long \w+ = .+?clearCallingIdentity)/ final \1/' \
{} \;
Bug: 155703208
Test: make
Exempt-From-Owner-Approval: trivial refactoring
Change-Id: I832c9d70c3dfcd8d669cf71939d97837becc973a
|
| |
|
|
|
|
| |
Fixes: 158212653
Test: ensure .dump() is no longer run on main thread
Change-Id: I7c6e1c9f54c65c21e411813ffda636377a1c2bbe
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For example, if it's not enabled for managed profiles, the message would now be:
7-13 20:46:38.308 16176 16205 E PermissionControllerManager: No PermissionController package (com.google.android.permissioncontroller) for user 11
07-13 20:46:38.311 22224 22224 E AndroidRuntime: FATAL EXCEPTION: main
07-13 20:46:38.311 22224 22224 E AndroidRuntime: Process: com.afwsamples.testdpc, PID: 22224
07-13 20:46:38.311 22224 22224 E AndroidRuntime: java.lang.RuntimeException: Unable to start receiver com.afwsamples.testdpc.DeviceAdminReceiver: java.lang.IllegalStateException: No PermissionController package (com.google.android.permissioncontroller) for user 11
Instead of:
07-13 18:07:19.887 26168 26168 E AndroidRuntime: FATAL EXCEPTION: main
07-13 18:07:19.887 26168 26168 E AndroidRuntime: Process: com.afwsamples.testdpc, PID: 26168
07-13 18:07:19.887 26168 26168 E AndroidRuntime: java.lang.RuntimeException: Unable to start receiver com.afwsamples.testdpc.DeviceAdminReceiver: java.lang.NullPointerException: Attempt to invoke virtual method 'android.content.pm.ComponentInfo android.content.pm.ResolveInfo.getComponentInfo()' on a null object reference
Bug: 161135695
Test: adb shell setprop persist.debug.user.package_whitelist_mode 1
Test: # then install the TestDPC
Change-Id: I8d27b59cd5b96735e1d5e22a341bf869158e278f
|
| |
|
|
|
|
|
|
|
| |
Also
- enforce permission when dumping PC data
Bug: 155680199
Test: dumpsys permissionmgr
Change-Id: I2cacd6f9d8db0ea329de1d15c96bea9f2ae15dd1
|
| |
|
|
|
|
| |
Test: adb shell dumpsys permissionmgr
Bug: 155680199
Change-Id: Iab5da24277eb6333ef047ab84dfcb65b7c4c2ff2
|
| |
|
|
|
|
| |
Test: atest RuntimePermissionPresentationInfoTest PermissionControllerTest
Bug: 155019930
Change-Id: I4baca0f35e7218fbf127d56fcdf1fe1855d64929
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also parallelizes flag updating.
Currently, the broadcast listener is disabled, due to test flake, so it
will not update on app install/changes
Bug: 141311767
Test: - on first boot go to permissions screen, and ensure system apps
categorization makes sense
- install app that requests location, and ensure it's not listed
as system app in permission screen
Change-Id: I37ea4b196313fe9fa71150c21e7cca591067d572
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this change we introduce new system api to manage tracking apps for
inactivity when they hold one-time permissions. The api includes adding
a package, removing a package, and a callback to notify the app has gone
inactive and which permissions are considered one-time.
Also introduce a new permission flag so that it is possible to determine
if a currently granted permission is one-time.
Test: Manual
Bug: 136219229
Change-Id: Iac3cb776a0204c64953f0a03abe76c8e320c9e56
|
| |
|
|
|
|
|
|
|
|
| |
In AOSP the permission backup+restore is driven by the system server,
but some OEMs might drive it from an app. Hence allow a privilidged app
to backup + restore permission backups.
Test: atest CtsBackupTestCases
Fixes: 141007569
Change-Id: Ic89b476948872c491de8ea54b83667afc0183bb4
|
| |
|
|
|
|
|
|
|
| |
This is known to take 500ms and affects only UI,
so can be done async
Test: Ensure nothing looks badly broken; presubmit
Fixes: 139485700
Change-Id: I2b83b51ec5b002e08986019b4b6be3d681741544
|
| |\
| |
| |
| |
| |
| |
| |
| | |
OnGetAppPermissions as Test Api, added Get Runtime Permissions to shell" into qt-dev am: 1ce9983162 am: 40bcb1d3cd
am: 364c09f390
Change-Id: I26127032cd6185632d33e779e33cb7976b9ee2c1
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
OnGetAppPermissions as Test Api, added Get Runtime Permissions to shell
Test: Run PermissionControllerTest
Fixes: 129200595
Change-Id: I44cf152e52895d9344b39b978b85ac263a5cb37c
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This is ag/7529281 + fix ag/7572218
Test: atest AddConfigWidgetTest#testConfigCancelled
atest android.permission.cts.PermissionControllerTest
Change-Id: I9d8f28c0665a7ae4040ea471ed6a0187628a0306
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit e7daff9fa385c2d455d3542a970d76e7316a44c5.
Reason for revert: Broke some tests: b/132981879
Change-Id: I3a707c0a67316246532437718132717f0c601255
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- saves ~3 allocation per ipc
- no longer need to [un]bundleize result
- will become typesafe down the road (b/132732312)
Test: atest android.permission.cts.PermissionControllerTest
Change-Id: I6cd9ec5ae31179474536f22f557afb0d9db6a4b9
|
| |/
|
|
|
|
| |
Test: - atest --test-mapping core/java/com/android/internal/infra
- m -j CtsBackupHostTestCases && atest android.backup.cts.PermissionTest
Change-Id: I6a590194207d08569f41f3c5ac6d56e63737feaa
|
| |
|
|
|
|
|
|
|
|
| |
as this might be null. In PermissionControllerManager we need a context
that outlives the passed in context as we bind to a service that will
only get destroyed after a delay.
Test: atest PermissionControllerTest
Bug: 131356152
Change-Id: Iabeac669f6464b84a4b9e8f9b2a27959b116c25b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
|
| |
|
|
|
|
|
|
|
|
|
| |
in order to support multiple binding flags
And supply BIND_ALLOW_BACKGROUND_ACTIVITY_STARTS for RemoteFillService.
Test: atest CtsAutoFillServiceTestCases
Test: atest AutofillManagerServiceTest
Bug: 126267782
Change-Id: Id5262d6a4e0fde0ad874020f783cfbf72fe201f4
|
| |
|
|
|
|
|
|
|
| |
Move isApplicationQualifiedForRole() and isRoleVisible() from
PermissionControllerService to RoleControllerService.
Bug: 127691087
Test: manual
Change-Id: Ic9277f9e737e59dceafffabbf1e19526db609e78
|
| |
|
|
|
|
|
|
|
| |
This allows us to expose both system-only and app available APIs for
role in RoleControllerService.
Bug: 127691087
Test: manual
Change-Id: I86fe3736fc28516aae25d48efe3ba599ffdf45d5
|
| |
|
|
|
|
|
|
|
|
|
| |
The default app shortcut in app info inside Settings needs to know if
a role is visible, and whether it is visible is controlled logic in
PermissionController, hence add this API.
Bug: 124452117
Bug: 124457823
Test: manual
Change-Id: I6058dea3bbda8b06d2fb9bab35268397227dd37b
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Also split some logic from PendingRequest into BasePendingRequest, so they're
not leaked into the async requests.
Test: atest CtsContentCaptureServiceTestCases CtsAutoFillServiceTestCases
Bug: 117779333
Change-Id: Ife9a3ab3a817944408caf9eae69dd75f48ab90c6
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
This is much slower than the old way as we need to call into a different
process. On the other hand this handles the following cases correctly:
- foreground / background permissions
- pre-M apps
- split permissions
Test: CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionGrant,testPermissionPolicy,testPermissionMixedPolicies,testPermissionAppUpdate,testPermissionGrantPreMApp
Change-Id: I5cd139ad29e5b77b77b02e12c75eb774984a7759
Bug: 124128308
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the commands of PermissionControllerManager should go to the
calling user. If not - and the alternate user is running - we should
use the recommended way to talk to alternate users. This recommended way
is to create a package context for the user and call the method on this
new context.
Hence
- At a time we can have more than one RemoteService (one per user)
- Connect to the user declared in Context#getUser instead of the calling
user
Test: Called methods on work-profiles and saw alternate
PermissionController apps to be spawned.
Change-Id: I9ed87db1f658f18b69d19b39ba9f96361ec5af82
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Split system-server internal interface in two. One accessible only
inside of the services part of system server. One accessible
everywhere. This is necessary as the second part needs to be
accessible by the PermissionBackupHelper. But the former uses internal
data structures that should not be moved into android.permission.
- Remove old delayed permission restore code from
PermissionManagerService and Settings. This code now lives in
permission controller
- Keep the logic to remember which users still have delayed permissions
left. It is quite expensive to call into permission controller for
ever install of an app, hence this check is necessary. Currently this
mirrors the original logic. This can be improved further later.
Test: Built
Change-Id: Ibc1d5183c361dc55896882db1f7b765e1bee6e84
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On Android backup restoration first restores and inital state. Then with
the packages getting downloaded the leftover "delayed" backup gets
restored bit by bit.
This currently just created plumming mirroring the previously implemented
behavior.
Bug: 116738135
Test: Built
Change-Id: I528b5f76dfca5bbdc9f69d6402b23b3d2ef11706
|
| |
|
|
|
|
|
|
|
|
| |
- better names
- broken javadoc
- missing input paramter checks
Bug: 116738135
Test: Built
Change-Id: I6056b46776cf32937a113b99584d138ff423f039
|
| |
|
|
|
|
| |
Test: Checked that the api retunred the results
Change-Id: I3f95bf9beee4a7edae5cbd9457ad4efefe83d1be
Fixes: 123697839
|
| |
|
|
|
|
|
|
|
|
| |
Settings DefaultAppShortcutPreference needs this info to determine
whether to show the shortcut to default apps on the app info page.
Bug: 110557011
Bug: 123238935
Test: manual
Change-Id: I3ffa62eb199ba9c761bf09a556443f685f6b6b50
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As runtime permissions are complex, all runtime permission code is
consolidated into the permission controller app.
Hence the package manager service's permission backup code is now
calling into the PermissionControllerManager which is a interface to the
permission controller app.
Bug: 120907838
Test: Triggered a backup and checked the result via the debugger.
Change-Id: I633162189b728921d902050eee125b4b40b618fd
|
| |\ |
|
