| Age | Commit message (Collapse) | Author |
|---|
|
'googleplex-android-review.googlesource.com/24413973', 'googleplex-android-review.googlesource.com/24656668', 'googleplex-android-review.googlesource.com/24865306', 'googleplex-android-review.googlesource.com/25174238', 'googleplex-android-review.googlesource.com/25238611'] into security-aosp-rvc-release.
Change-Id: I69c905ff6053e830f888f0745b4d4e92a9ffb2d3
|
|
Test: Flashed device and verified dream settings works as expected
Test: Installed APK from bug and verified the dream didn't allow
launching the inappropriate settings activity.
Fixes: 300090204
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6926fd15fb16c51468dde270bd61ee68772b8c14)
Merged-In: I573040df84bf98a493b39f96c8581e4303206bac
Change-Id: I573040df84bf98a493b39f96c8581e4303206bac
|
|
Log to detect usage of whitelistToken when sending non-PI target
Log ActivityManagerService.sendIntentSender if the target is not a
PendingIntent and a non-null whitelistToken is sent to the client.
This is simply to detect if there are real cases this would happen
before we decide simply remove whitelistToken in that case.
Do not pass whitelistToken when sending non-PI target
In ActivityManagerService.sendIntentSender, if the target is not a
PendingIntent, do not send whitelistToken to the client.
Bug: 279428283
Test: Manual test
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5f12deecd46e79212deba584a1afea97d401dd52)
Merged-In: I017486354a1ab2f14d0472c355583d53c27c4810
Change-Id: I017486354a1ab2f14d0472c355583d53c27c4810
|
|
Bug: 295335110
Test: Test app with long component name
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:447216ecbe5f22ea06379d9587dae530b1202fe8)
Merged-In: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579
Change-Id: I7ea5d5c1f78858db9865f3310d1e0aff9c8b5579
|
|
Fix vulnerability that allows creating users with no restrictions. This is done by creating an intent to create a user and putting extras that are too long to be serialized. It causes IOException and the restrictions are not written in the file.
By truncating the string values when writing them to the file, we ensure that the exception does not happen and it can be recorded correctly.
Bug: 293602317
Test: install app provided in the bug, open app and click add. Check logcat to see there is no more IOException. Reboot the device by either opening User details page or running adb shell dumpsys user | grep -A12 heen and see that the restrictions are in place.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:48d45b507df64708a214a800082b970c8b2bf827)
Merged-In: I633dc10974a64ef2abd07e67ff2d209847129989
Change-Id: I633dc10974a64ef2abd07e67ff2d209847129989
|
|
Ensure that when the usersetup for the user is not complete, we do not
want to go to lockscreen, even if lockscreen is not disabled.
Bug: 222446076
Test: add Unit test,
Test: Wipe device, auth sim pin in setup, observe that lockscreen is
not there.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:01ea2f91df5a1c67da2546d83beeee75c2c1ef94)
Merged-In: I8e33db8eb6e2c917966cab3d6a4f982670473040
Change-Id: I8e33db8eb6e2c917966cab3d6a4f982670473040
|
|
security method is none. This is mostly to fix the case where we auth
sim pin in the set up wizard and it goes straight to keyguard instead of
the setup wizard activity.
This works with the prevent bypass keyguard flag because the device
should be noe secure in this case.
Fixes: 222446076
Test: turn locked sim on, which opens the sim pin screen. Auth the
screen and observe that keyguard is not shown.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:48fa9bef3451e4a358c941af5b230f99881c5cb6)
Cherry-picking this CL as a security fix
Bug: 222446076
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:09f004722284ef6b9790ddf9338a1708b3f0833c)
Merged-In: If4360dd6ae2e5f79b43eaf1a29687ac9cc4b6101
Change-Id: If4360dd6ae2e5f79b43eaf1a29687ac9cc4b6101
|
|
'googleplex-android-review.googlesource.com/23918399', 'googleplex-android-review.googlesource.com/24420753', 'googleplex-android-review.googlesource.com/20065167', 'googleplex-android-review.googlesource.com/24046929', 'googleplex-android-review.googlesource.com/24341231', 'googleplex-android-review.googlesource.com/23623109', 'googleplex-android-review.googlesource.com/24607942', 'googleplex-android-review.googlesource.com/24182288', 'googleplex-android-review.googlesource.com/24761005', 'googleplex-android-review.googlesource.com/24058898', 'googleplex-android-review.googlesource.com/24805807', 'googleplex-android-review.googlesource.com/24640919'] into security-aosp-rvc-release.
Change-Id: I3f07490349dd0323351c2194a600e1ec5e84b8ce
|
|
When resumable media is added that has artwork set via URI, check the
permissions for the URI before attempting to load it
Test: atest MediaDataManagerTest UriGrantsManagerServiceTest
Test: manual with test app
Bug: 284297452
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c13567e39cd906c8544011de537490b70ce29b2f)
Merged-In: Ie79915d3d1712f08dc2e8dfbd5bc7fd32bb308a3
Change-Id: Ie79915d3d1712f08dc2e8dfbd5bc7fd32bb308a3
|
|
Additionally, don't hide keyguard when it's disabled if the user has locked
down the device.
Manual test steps:
1. Enable app pinning and disable "Ask for PIN before unpinning" setting
2. Pin an app (ie: Settings)
3. Lockdown from the power menu
4. Observe: user is brought to the keyguard, primary auth is
required to enter the device.
=> After entering correct credential, the device is still in
app pinning mode.
=> After entering an incorrect credential, the keyguard remains
showing and the user can attempt again up to the limit
Bug: 300463732
Bug: 218495634
Test: atest KeyguardViewMediatorTest
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:35a6e2f2c952440b1102033b2c3e496438503cff)
Merged-In: I70fdae80f717712b3dfc9df54b9649959b4bb8f0
Change-Id: I70fdae80f717712b3dfc9df54b9649959b4bb8f0
|
|
Test: manual testing on device
Bug: b/261709193
(cherry picked from commit b651d295b44eb82d664861b77f33dbde1bce9453)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3ef3f18ba3094c4cc4f954ba23d1da421f9ca8b0)
Merged-In: I68903ebd6d3d85f4bc820b745e3233a448b62273
Change-Id: I68903ebd6d3d85f4bc820b745e3233a448b62273
|
|
This reverts commit b23c2d5fb6630ea0da503b937f62880594b13e94.
Reason for revert: b/300463732 regression
Bug: 300463732
Bug: 218495634
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f57217125f2b124c16c463ef4507fb054cc1ba4f)
Merged-In: I31485d0d8caa3060e998636b071dbe03f6b4fc82
Change-Id: I31485d0d8caa3060e998636b071dbe03f6b4fc82
|
|
Bug: 288110451
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:01bfd04ff445db6290ae430d44ea1bf1a115fe3c)
Merged-In: Idbde676f871db83825155730e3714f3727e25762
Change-Id: Idbde676f871db83825155730e3714f3727e25762
|
|
readFileDescriptor doesn't provide ownership of the fds. fdopen
needs ownership of the fds. Fds read from parcel should be duped
in this scenario and readUniqueFileDescriptor dups fds internally.
Test: m incidentd_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/incidentd_service_fuzzer/incidentd_service_fuzzer
Test: atest incidentd_test
Bug: 286931110
Bug: 283699145
(cherry picked from commit ba78ef276951269f7b024baebdf1b8fa40bedb23)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b4aaf180ee8f3e375c7ab411f03cf9c24c1d8055)
Merged-In: Ibe03a17dee91ac5bf25d123d4fd9c0bdd3c7d80e
Change-Id: Ibe03a17dee91ac5bf25d123d4fd9c0bdd3c7d80e
|
|
This CL fixes the issue where, when an app have multiple main
activities, the total number of shortcuts can grow indefinitely if they
were published through addDynamicShortcuts.
Bug: 281061287
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2d93aabdc4905b36ee684533904029cfc61533b7)
Merged-In: Ib3eecefee34517b670c59dd5b8526fe9eb24f463
Change-Id: Ib3eecefee34517b670c59dd5b8526fe9eb24f463
|
|
Bug: 288896339
Test: Manual, verify that the app which can be found on the bug can no longer call
keyguardGoingAway successfully
Require permission to unlock keyguard
Bug: 288896339
Test: Manual, verify that the app which can be found on the bug can no longer call
keyguardGoingAway successfully
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bd2aa5d309c5bf8e73161975bd5aba7945b25e84)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ef1345d278bd2a8944c6362bf65cff7305ca6fc5)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ad8e7e3b1db22684988a179e23639567a4096ca6)
Merged-In: I7ba7e56f954c8e6f1f734311f735215918975bc6
Change-Id: I7ba7e56f954c8e6f1f734311f735215918975bc6
|
|
Bug: 288113797
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3d41fb7620ffb9c81b23977c8367c323e4721e65)
Merged-In: I392f8e923923bf40827a2b6207c4eaa262694fbc
Change-Id: I392f8e923923bf40827a2b6207c4eaa262694fbc
|
|
Drop invalid data when writing or reading from XML. PersistableBundle
does lazy unparcelling, so checking the values during unparcelling would
remove the benefit of the lazy unparcelling. Checking the validity when
writing to or reading from XML seems like the best alternative.
Bug: 246542285
Bug: 247513680
Test: install test app with invalid job config, start app to schedule job, then check logcat and jobscheduler persisted file
(cherry picked from commit 666e8ac60a31e2cc52b335b41004263f28a8db06)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:62b37ab21ce27746a79a2071deee98c61b23c8d9)
Merged-In: Ie817aa0993e9046cb313a750d2323cadc8c1ef15
Change-Id: Ie817aa0993e9046cb313a750d2323cadc8c1ef15
|
|
Even if the corresponding styles themselves were not applied to the Notification.Builder.
Test: atest NotificationManagerServiceTest
Bug: 287640400
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a7e0c6585fd155d5bd9354b8b15516f4788c33a7)
Merged-In: I25acab19be7dd486aabede8c91dbad5a1a217abf
Change-Id: I25acab19be7dd486aabede8c91dbad5a1a217abf
|
|
Bug: 273729172
Test: manually
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7f9be7c3c859dc82d37452570d9878b58f6437a9)
Merged-In: Ia8094244f908b20d42711b6ea8f58f9b3345b563
Change-Id: Ia8094244f908b20d42711b6ea8f58f9b3345b563
|
|
Bug: 283962802
Test: atest + manual (POC app now crashes on notify() as expected)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a6f44e911f2d7204cc28c710e54f97c96231abab)
Merged-In: I0da18c631eb5e4844a48760c7aaedab715a0bfed
Change-Id: I0da18c631eb5e4844a48760c7aaedab715a0bfed
|
|
'googleplex-android-review.googlesource.com/24324114', 'googleplex-android-review.googlesource.com/24309763', 'googleplex-android-review.googlesource.com/24181420', 'googleplex-android-review.googlesource.com/24424817'] into security-aosp-rvc-release.
Change-Id: Id39cacf2271b29c8cbaf21b8dd45543ce56e46c2
|
|
Similar to ag/24422287, but the same URI verification should be done in
SettingsProvider as well, which can be called by apps via
Settings.System API or ContentProvider APIs without using
RingtoneManager.
BUG: 227201030
Test: manual with a test app. Will add a CTS test.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1b234678ec122994ccbfc52ac48aafdad7fdb1ed)
Merged-In: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
Change-Id: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
|
|
pushedEventThread references class members after detaching. Making
pushedEventThread as class member and joining in statsService
destructor. Adding a method to stop readLogs thread.
Ignore-AOSP-First: Bug is in still security triage and fuzzer is
crashing on startup.
Test: atest statsd_test
Test: m statsd_service_fuzzer && adb sync data && adb shell
/data/fuzz/arm64/statsd_service_fuzzer/statsd_service_fuzzer -runs=10000
Bug: 285645039
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:03de4e4f1a0546fdd3b002651851bee9ffe0e11b)
Merged-In: I1e886f9ccb7203714216da061c35e793b2a63d8a
Change-Id: I1e886f9ccb7203714216da061c35e793b2a63d8a
|
|
Bug: 291299076
Test: Build and flash the device and check if it throws exception for
non UsbInterface object
Test: atest CtsUsbManagerTestCases
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:60bfbde79f2ffb012abced55d358fdf6380c0bae)
Merged-In: I2917c8331b6d56caaa9a6479bcd9a2d089f5f503
Change-Id: I2917c8331b6d56caaa9a6479bcd9a2d089f5f503
|
|
AM.backupAgentCreated() should enforce that caller belongs the package called in the API.
Bug: 289549315
Test: atest android.security.cts.ActivityManagerTest#testActivityManager_backupAgentCreated_rejectIfCallerUidNotEqualsPackageUid
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:52b91363583c4e2b68f1a818b067cefe04809285)
Merged-In: I9f3ae5ec0b8f00e020d471cc0eddf8bd8bdbb82d
Change-Id: I9f3ae5ec0b8f00e020d471cc0eddf8bd8bdbb82d
|
|
We stripped the token that allows app to retrieve their own notification
and fire their own PI to launch activities from background. But we
forgot to strip the token from notification.publicVersion
Bug: 278558814
Test: NotificationManagerTest#testActivityStartFromRetrievedNotification_isBlocked
(cherry picked from commit cf851d81a954f0a6dd0c2fd7defa93932539e7f9)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1896c2e7068c9ec1ab8355d863d7e8107d5d5706)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:75fcbb37617246c43c2af34b12c9ae4b4043f9ac)
Merged-In: I8f25d7a5e47890a0496af023149717e1df482f98
Change-Id: I8f25d7a5e47890a0496af023149717e1df482f98
|
|
into security-aosp-rvc-release.
Change-Id: Icffdd140d30b7c9e990a6972f28c6694b4528b30
|
|
'googleplex-android-review.googlesource.com/23483079', 'googleplex-android-review.googlesource.com/23769826', 'googleplex-android-review.googlesource.com/23877020', 'googleplex-android-review.googlesource.com/23792288', 'googleplex-android-review.googlesource.com/23846296', 'googleplex-android-review.googlesource.com/23835332', 'googleplex-android-review.googlesource.com/24029386', 'googleplex-android-review.googlesource.com/23424576', 'googleplex-android-review.googlesource.com/24057913', 'googleplex-android-review.googlesource.com/23918603', 'googleplex-android-review.googlesource.com/24301483', 'googleplex-android-review.googlesource.com/24271007'] into security-aosp-rvc-release.
Change-Id: If88d9136fc3fcabb6f34b5a7611d0aa5c8967c90
|
|
This reverts commit 09f004722284ef6b9790ddf9338a1708b3f0833c.
Reason for revert: causing a partner bug
Fixes: 295205456
Bug: 222446076
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8df038265475bb062ead9eec1749ee92a0f5eb4e)
Merged-In: Ida11d98117727f63547b096617a4778bea429e22
Change-Id: Ida11d98117727f63547b096617a4778bea429e22
|
|
Which may be abused by malicious app to create a non-visible PiP
window that bypasses the background restriction.
Bug: 270368476
Test: Manually, using the POC app
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a54d763886ffd69aa14360dc999c76cd2af263f2)
Merged-In: Ifc0e4ffe8b7a9754053246069cb480aa6a59a7e1
Change-Id: Ifc0e4ffe8b7a9754053246069cb480aa6a59a7e1
|
|
When RescueParty detects that a system process is crashing frequently,
it tries to recover in various ways, such as by resetting all settings.
Unfortunately, this included resetting the secure_frp_mode setting,
which is the means by which the system keeps track of whether the
Factory Reset Protection (FRP) challenge has been passed yet. With this
setting reset, some FRP restrictions went away and it became possible to
bypass FRP by setting a new lockscreen credential.
Fix this by excluding secure_frp_mode from resets.
Note: currently this bug isn't reproducible on 'main' due to ag/23727749
disabling much of RescueParty, but that is a temporary change.
Bug: 253043065
Test: With ag/23727749 reverted and with my fix to prevent
com.android.settings from crashing *not* applied, tried repeatedly
setting lockscreen credential while in FRP mode, using the
smartlock setup activity launched by intent via adb. Verified
that although RescueParty is still triggered after 5 attempts,
secure_frp_mode is no longer reset (its value remains "1").
Test: Verified that secure_frp_mode still gets changed from 1 to 0 when
FRP is passed legitimately.
Test: atest com.android.providers.settings.SettingsProviderTest
Test: atest android.provider.SettingsProviderTest
(cherry picked from commit 9890dd7f15c091f7d1a09e4fddb9f85d32015955)
(changed Global.SECURE_FRP_MODE to Secure.SECURE_FRP_MODE,
needed because this setting was moved in U)
(removed static keyword from shouldExcludeSettingFromReset(),
needed for compatibility with Java 15 and earlier)
(resolved conflict in resetSettingsLocked())
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f0f020c21fd29d8076733e07847e6314172a312e)
Merged-In: Id95ed43b9cc2208090064392bcd5dc012710af93
Change-Id: Id95ed43b9cc2208090064392bcd5dc012710af93
|
|
Test: manual with the steps from the bug
Test: manual with a normal icon
Test: atest CanUseIconPredicate
Test: atest ControlViewHolderTest
Bug: 272025416
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ffa97f42dd9496bb404e01727c923292d05a4466)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:331f2f1baaf7b62e90a7d7cb6d4481925b3d9071)
Merged-In: I354469a53611c094c7bb695b1c2017c6786dd396
Change-Id: I354469a53611c094c7bb695b1c2017c6786dd396
|
|
Test: tested with POC in bug, also using atest
Bug: 224771621
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)
Merged-In: Ide65205b83063801971c5778af3154bcf3f0e530
Change-Id: Ide65205b83063801971c5778af3154bcf3f0e530
|
|
Bug: 278246904
Test: manually, with the PoC app attached to the bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5f5a87d8a0dc9190327ba0e6113d5b80ee96abae)
Merged-In: Iecfc1fb962de611cbe3c51a44ba4fded53925a7d
Change-Id: Iecfc1fb962de611cbe3c51a44ba4fded53925a7d
|
|
ag/23792288 tried to fix a security issue by cloning the key
mappings, but unfortunately the parcel was not being rewinded.
Bug: 274058082
Test: Confirmed change works in newer Android versions
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:aaaba6cf190d976efdc5db6c78997dbdc9214c15)
Merged-In: I6f75b9202e20d82ebf81a35a2916e653ee1b8372
Change-Id: I6f75b9202e20d82ebf81a35a2916e653ee1b8372
|
|
Check permissions of URI inside of FillResponse's RemoteViews. If the
current user does not have the required permissions to view the URI, the
RemoteView is dropped from displaying.
This fixes a security spill in which a user can view content of another
user through a malicious Autofill provider.
Bug: 283137865
Fixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566
b/281534749 b/283101289
Test: Verified by POC app attached in bugs
Test: atest CtsAutoFillServiceTestCases (added new tests)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:26beceb9a252a50374d056b162fa7e8ea55051b3)
Merged-In: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
Change-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
|
|
The key mapping information between the native key mappings and
the KeyCharacterMap object available in Java is currently shared,
which means that a read can be attempted while it's being modified.
Because the code changed between R and S, this CL fixes it just
for R; the patch for versions S+ is ag/23785419
Bug: 274058082
Test: Presubmit
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4b3c4620166071561ec44961fb08a56676b4fd6c)
Merged-In: I3be94534dcda365da473f82347ae2e3f57bb1b42
Change-Id: I3be94534dcda365da473f82347ae2e3f57bb1b42
|
|
Also added a step to serialize & deserialize the notification in the
test, to prevent exceptions about not being able to cast e.g.
Parcelable[] to RemoteInputHistoryItem[].
Test: atest NotificationManagerServiceTest & tested with POC from bug
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:88e597d2b31d054ab5286b3a666accb08a8db5d5)
Merged-In: I7053ca59f9c7f1df5226418594109cfb8b609b1e
Change-Id: I7053ca59f9c7f1df5226418594109cfb8b609b1e
|
|
BUG:286996125
Auto-generated-cl: translation import
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:917729f52b84d8ff1140ece2dd696914426adcd3)
Merged-In: I9f1045f17a003528a57cb8e9dfc53e5df40579f3
Change-Id: I9f1045f17a003528a57cb8e9dfc53e5df40579f3
|
|
When an app posts a media control with no available title, show a
placeholder string with the app name instead
Bug: 274775190
Test: atest MediaDataManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:070eff919c85fd83501e380a92e30caf082e9ffc)
Merged-In: Ie406c180af48653595e8e222a15b4dda27de2e0e
Change-Id: Ie406c180af48653595e8e222a15b4dda27de2e0e
|
|
When a ringtone picker tries to set a ringtone through
RingtoneManager.setActualDefaultRingtoneUri (also
called by com.android.settings.DefaultRingtonePreference),
verify the mimeType can be obtained (not found when caller
doesn't have access to it) and it is an audio resource.
Bug: 205837340
Test: atest android.media.audio.cts.RingtoneManagerTest
(cherry picked from commit 38618f9fb16d3b5617e2289354d47abe5af17dad)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:377144b64325dadad102f5233ecb50a4446b205b)
Merged-In: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
Change-Id: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
|
|
'googleplex-android-review.googlesource.com/23687079', 'googleplex-android-review.googlesource.com/23728043', 'googleplex-android-review.googlesource.com/23892861', 'googleplex-android-review.googlesource.com/23883016', 'googleplex-android-review.googlesource.com/23834099'] into security-aosp-rvc-release.
Change-Id: I5e9a42a8c5a5a7d276b09edceb8ecf640d3cc13d
|
|
- Before trying to query recent media from a saved component, check
whether the current user actually has that component installed
- Track user when creating the MediaBrowser, in case the user changes
before the MBS returns a result
Test: atest MediaResumeListenerTest
Bug: 284297711
(cherry picked from commit e566a250ad61e269119b475c7ebdae6ca962c4a7)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:684492a0dfb0c045a07906a2a79d5e785e3b794d)
Merged-In: I838ff0e125acadabc8436a00dbff707cc4be6249
Change-Id: I838ff0e125acadabc8436a00dbff707cc4be6249
|
|
Bug: 265798288
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b117b506ec0504ff9eb2fa523e82f1879ecb8cc1)
Merged-In: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
Change-Id: Iad33851af32a11c99d11bc2b5c76d124c3e97ebb
|
|
This makes the limitation, which was previously only checked on the Settings UI, enforced everywhere.
Fixes: 260570119
Fixes: 286043036
Test: atest + manually
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc71156a29427c8b228129f5b1368392f297835b)
Merged-In: I4c25d80978cb37a8fa1531f5045259d25ac64692
Change-Id: I4c25d80978cb37a8fa1531f5045259d25ac64692
|
|
Windows of TYPE_PRESENTATION on virtual displays should not be counted
as visible windows to determine if BAL is allowed.
Test: manual test, atest BackgroundActivityLaunchTest
Bug: 264029851, 205130886
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:07019d9060d31d12b1d2cbb10635dfaa1b36c95c)
Merged-In: I0f6bc691ca50582cb56e3b8a7ade14eac1660358
Change-Id: I0f6bc691ca50582cb56e3b8a7ade14eac1660358
|
|
TelephonyManager#hasCarrierPrivileges internally uses
SubscriptionManager#canManageSubscription to decide whether to grant
carrier privilege status to an app or not.
SubscriptionManager#canManageSubscription returns true if caller APK's
certificate matches with one of the mNativeAccessRules or
mCarrierConfigAccessRules. This over-grants carrier privilege status
to apps that only has mNativeAccessRules.
Carrier privilege status should
be granted to the caller APK only if it's certificate matches with one
of mCarrierConfigAccessRules.
Replaced SubscriptionManager#canManageSubscription with
PhoneInterfaceManager#hasCarrierConfigAccess which returns true only if
caller APK certificates matches with one of mCarrierConfigAccessRules of
the given subscription.
Bug: 226593252
Test: Manual Testing as explained in b/226593252#comment51
atest CtsTelephonyTestCases
Flashed build on raven-userdebug and performed basic
funtionality tests
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e46bce078fef9dba500a7411e843f7f00a7a33c2)
Merged-In: I662064529d2a9348f395fe3b541366de8bc2fe7d
Change-Id: I662064529d2a9348f395fe3b541366de8bc2fe7d
|
|
into security-aosp-rvc-release.
Change-Id: I924fd9741e485ae80dfa2d30b7d24b0550e0262a
|
|
EXTRA_REMOTE_INPUT_HISTORY_ITEMS."
This reverts commit 43b1711332763788c7abf05c3baa931296c45bbb.
Reason for revert: regression reported at b/289223315
Bug: 289223315
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f9d8830e3264c66d0f39b1d45eadd4039695a112)
Merged-In: I101938fbc51592537023345ba1e642827510981b
Change-Id: I101938fbc51592537023345ba1e642827510981b
|
