| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
If a file descriptor is provided to a recognitionService using the
EXTRA_AUDIO_SOURCE option, then do not make a preflight RECORD_AUDIO
check
Test: manual
Bug: 226969470
Change-Id: Ibc9fa378f5375a38922f1791c13600a3a5ab55f1
|
| |
|
|
|
|
|
| |
Bug: 216474485
Fix: 216474485
Test: atest
Change-Id: I675ab584c3bd063fb8550554e4c60e9e523fb7a8
|
| |
|
|
|
|
|
| |
cd49383e17b0566d4e6107c70fe006ca0dff7886
Test: atest
Change-Id: I8b743e39172e307480d4f4ba6ec21769135c9da8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert "speech: Allow long speech sessions"
Revert submission 16691164-os-long-form
Reason for revert: Breaking OnDeviceRecognitionServiceTest
BUG:218303318
Reverted Changes:
I348fbcd70:speech: Allow long speech sessions
I62adfa7ac:speech: Allow long speech sessions
Change-Id: Ice4435288adb4472538c7426a4b68e9f75a2a2bc
|
| |
|
|
|
|
|
|
|
| |
See go/one-speech-long-form
Bug: 204189031
Cts-Coverage-Bug: 204189031
Test: atest
Change-Id: I62adfa7aca5e8df32253c141bd4dd7bc7e4fad3c
|
| |
|
|
|
|
|
| |
Bug: 204189031
CTS-Coverage-Bug: 208776893
Test: atest, new tests TBD
Change-Id: Id3d7df47f52efc31227edb577db44b9e4ca04265
|
| |
|
|
|
|
|
|
|
| |
Recognition will fail upon attempting to open the microphone, if it is
accessed.
Bug: 197465285
Test: manual
Change-Id: I83f1ae30295caf576eb7a6f0191313cb789f1d52
|
| |
|
|
|
|
|
|
|
|
| |
Ensure that, in the preflight permission check, RecognitionService does
not check the service's own permissions. These will be checked if the
RecognitionService tries to access the mic
Fixes: 193111794
Test: manual
Change-Id: I172849f2e0368f9601dc298e6cf96d7a52219e5a
|
| |
|
|
|
|
|
|
|
| |
Only create the callback (and call onCancel) if the preflight permission
check succeeds.
Bug: 190848702
Test: manual
Change-Id: Ie7155348213e86dea0a9080a9c4ed53144f91c6f
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This ensures that, when platform checks fail, the RecognitionService is
notified that it should cancel recognition
Fixes: 190848702
Test: manual
Change-Id: I5073728e544a47f386824ca0a034e149661d864a
|
| |/
|
|
|
|
| |
Test: manual
Fixes: 192275399
Change-Id: I56b2e59f80da3e4c6f59236637ec32c1aff1a50a
|
| |
|
|
|
|
|
|
| |
Also adds @SuppressLint to RecognitionService#createContext
Fixes: 190759697
Test: manual
Change-Id: I8ad14f93f86285127d5d2674b0f9a4963b03c933
|
| |
|
|
|
|
|
|
| |
Test: manual
bug: 190657833
Change-Id: Id7c65999baa294a53765f5d17f77a7903611e85a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attribution source is the abstraction to capture the data
flows for private data across apps. Checking permissions
for an attribution source does this for all apps in the
chain that would receive the data as well as the relevant
app ops are checked/noted/started as needed.
Teach speech recognition service about attribution
chains. If an implementation does nothing the OS
would enforce permisisons and do blame as always.
This apporach leads to double blaming and doesn't
support attribition chains where app calls into
the default recognizer which calls into the on
device recognizer (this nests recursively). If the
implementer takes advantage of the attribution chain
mechanims the permissions for the entire chain are
checked at mic access time and all apps are blamed
only once.
Fixed a few bugs around finishing ops for attribution
chains. Also ensured that any app death in a started
attribution chain would lead to finishing the op for
this app
bug: 158792096
Test: (added tests for speech reco)
atest CtsMediaTestCases
atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Merged-In: Ic92c7adc14bd2d135ac13b96f17a1b393dd562e4
Change-Id: Ic92c7adc14bd2d135ac13b96f17a1b393dd562e4
|
| |
|
|
|
|
|
|
|
|
|
| |
I've deleted the extra attribution for now just to fix the bug asap, but
we need a long-term sync to make sure attribution works properly. For
both cases when the RS app decides to integrate with the new attribution
framework OR decides to ignore it.
Bug: 184963112
Test: atest CtsVoiceRecognitionTestCases
Change-Id: I20bd8174c1a188da6c5af55cdd3bebee8a638d2d
|
| |
|
|
|
|
|
|
|
|
| |
Additionally, address minor feedback from API council regarding errors
and documentation.
Test: N/A, adding constants
Bug: 176578753
Bug: 183427999
Change-Id: I46358373e8d562cb829ff44232252d26bb5acda4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an app is proxying access to runtime permission protected
data it needs to check whether the calling app has a permission
to the data it is about to proxy which leaves a trace in app ops
that the requesting app perofmed a data access. However, then the
app doing the work needs to get the protected data itself from the
OS which access gets attributed only to itself. As a result there
are two data accesses in app ops where only the first one is a
proxy one that app A got access to Foo through app B - that is the
one we want to show in the permission tracking UIs - and one
for the data access - that is the one we would want to blame on
the calling app, and in fact, these two accesses should be one -
that app A accessed Foo though B. This limitation requires fragile
one off workarounds where both accesses use the same attribution
tag and sys UI has hardcoded rules to dedupe. Since this is not
documented we cannot expect that the ecosystem would reliably
do this workaround in apps that that the workaround in the OS
would be respected by every OEM.
This change adds a mechaism to resolve this issue. It allows for
an app to create an attribution context for another app and then
any private data access thorugh this context would result in a
single app op blame that A accessed Foo though B, i.e. we no longer
have double accounting. Also this can be nested through apps, e.g.
app A asks app B which asks app C for contacts. In this case app
B creates an attribution context for app A and calls into app C
which creates an attribution context for app B. When app C gets
contacts the entire attribution chain would get a porper, single
blame: that C accessed the data, that B got the data from C, and
that A got the data form B. Furthermore, this mechanism ensures
that apps cannot forget to check permissions for the caller
before proxying private data. In our example B and C don't need
to check the permisisons for A and B, respectively, since the
permisisons for the entire attribution chain are checked before
data delivery. Attribution chains are not forgeable preventing
a bad actor to create an arbitrary one - each attribution is
created by the app it refers to and points to a chain of
attributions created by their corresponding apps.
This change also fixes a bug where all content provider accesses
were double counted in app ops due to double noting. While at
this it also fixes that apps can now access their own last ops.
There was a bug where one could not pass null getting the attributed
ops from a historical package ops while this is a valid use case
since if there is no attribution everything is mapped to the null
tag. There were some app op APIs not being piped thorough the app
ops delegate and by extension through the app ops policy. Also
now that we have nice way to express the permission chain in a
call we no longer need the special casing in activity manager to
handle content provider accesses through the OS. Fixed a bug
where we don't properly handle the android.os.shell calls with
an invlaid tag which was failing while the shell can do any tag.
Finally, to ensure the mechanims is validated and works end-to-end
we are adding support for a voice recognizer to blame the client
app for the mic access. The recognition service can create a blaming
context when opening the mic and if the mic is open, which would
do all permission checks, we would not do so again. Since changes
to PermissionChercker for handling attribution sources were made
the CL also hooks up renounced permissoins in the request permission
flow and in the permission checks.
bug:158792096
bug:180647319
Test:atest CtsPermissionsTestCases
atest CtsPermissions2TestCases
atest CtsPermissions3TestCases
atest CtsPermissions4TestCases
atest CtsPermissions5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Change-Id: Ib04585515d3dc3956966005ae9d94955b2f3ee08
|
| |
|
|
|
|
| |
Test: atest CtsVoiceRecognitionTestCases
Bug: 176578753
Change-Id: I5783257b76fa21c2a6f1d2e589fb843b93753350
|
| |
|
|
|
|
| |
Bug: 176578753
Test: local demo, CTS will follow
Change-Id: Ia7766c506bf43a5db5b9719363da66aab263fd8d
|
| |
|
|
|
|
|
|
| |
restoring Q behavior
Bug: 160933537
Test: TH
Change-Id: I66e5b743f1e61f744f9aad2248a9b619fd9b97f7
|
| |
|
|
|
| |
Test: Built
Change-Id: Iab40419af886cccc1565f62bad29086b12ec1945
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had accidental usages of the PermissionChecker for cases where no
private data was provided to the app but the checkPermission API on
the latter also did blame data access on the app. The PermissionChecker
was designed to handle IPC calls and not for generic API checks.
To avoid future accidental incorrect PermissionChecker usages this
change renames the existing APIs of the latter to clearly indicate
that they should be used for data delivery and also adds sibling
methods for doing the same permission checks for preflight purposes.
Also the documentation is improved to furhter assist developers.
In addition, this change fixes accidental permission checker usages
that blame when they should not by using the new preflight flavor
of the permission check APIs.
Test:
atest com.android.settingslib.location.RecentLocationAppsTest
atest CtsPermissionTestCases
added: LocationAccessCheckTest#notificationOnlyForAccessesSinceFeatureWasEnabled
added: LocationAccessCheckTest#noNotificationIfFeatureDisabled
added: LocationAccessCheckTest#noNotificationIfBlamerNotSystemOrLocationProvider
added: LocationAccessCheckTest#testOpeningLocationSettingsDoesNotTriggerAccess
bug:141028068
Exempt-From-Owner-Approval: merge
Change-Id: I65c71569d0dd8a40bc6fecabb22c5373dd6e806e
|
| |
|
|
|
|
| |
Fixes: 73511076, 73311729
Test: presubmit
Change-Id: Ie98f67ffee4744050ac85d8b229370a16a76a194
|
| |
|
|
|
|
|
|
|
| |
The body of {@code} must not be HTML escaped. This is one of
several changes that fix the source in conjunction with a
doclava fix.
Bug: 25757239
Change-Id: Ib38a0fa2dd2a3d68e467f78a812071e763d7e881
|
| |
|
|
| |
Change-Id: I596471625eee24ec93d08650c33461d35ad0aa07
|
| |
|
|
|
|
|
|
| |
Use a WeakReference to refer to the outer class to prevent leaks.
Ensure atomicity of access to the reference.
Bug: 17584947
Change-Id: I7ad7c7793b60fa125e04fc4d803ed905e8a00a95
|
| |
|
|
|
|
|
|
|
|
| |
- Make sure cancel is called when consumer of SpeechRecognizer calls
destroy.
- If consumer goes away, make sure to call cancel as well.
b/17584947 Pressing mic button in Music hoses audio
Change-Id: Ibe1198b37fe6167493a8694f9089d970f1eb07de
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug #3458256
If an error occurs and simultaneously user cancels the recognition, here is what happens:
1. dispatchCancel() is called since the user requested cancel. It passes the first "if" successfully.
private void dispatchCancel(IRecognitionListener listener) {
if (mCurrentCallback == null) {
if (DBG) Log.d(TAG, "cancel called with no preceding startListening - ignoring");
} else if (mCurrentCallback.mListener.asBinder() != listener.asBinder()) {
Log.w(TAG, "cancel called by client who did not call startListening - ignoring");
} else { // the correct state
RecognitionService.this.onCancel(mCurrentCallback);
mCurrentCallback = null;
if (DBG) Log.d(TAG, "canceling - setting mCurrentCallback to null");
}
}
2. Error occurs in the app, which sets the mCurrentCallback to null:
public void error(int error) throws RemoteException {
mCurrentCallback = null;
mListener.onError(error);
}
3. the second "if" is reached in dispatchCancel()
4. boom
Change-Id: I54cdcc98b495d820a2caead1709d8dee968c461e
|
| |
|
|
|
|
|
|
| |
Bug fix for: http://b/issue?id=2647644
RecognitionService logcat spam "cancel called with no preceding startListening - ignoring"
Change-Id: I1da8b4d40406929ed0225d40cfac629507e71c7e
|
| |
|
|
|
|
| |
fix for: http://b/issue?id=2599931
Change-Id: Ic27d9eb8b29afa99787e469d9248c20f7d2988de
|
| |
|
|
|
|
|
|
| |
Change 1 of 4
Notes from API Council review:
Rename RecognitionManager to SpeechRecognizer
Change-Id: I892c0d714d928d5e31575c72b6a36281fc4c7a8a
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
to be used by anyone implementing a voice recognition service. Also define
a new <recognition-service> styleable to be used in such service's metadata
xml.
Still to do: Change VoiceSearch's GoogleRecognitionService to respond to this
intent, and actually use this intent instead of ACTION_RECOGNIZE_SPEECH here
in RecognitionService.
|
|
|
Change-Id: Ia2c13d4c7993d646956090aa5c56d1a441af9e5a
|
