| Age | Commit message (Collapse) | Author |
|---|
|
'ag/20406276', 'ag/20327583', 'ag/20302522', 'ag/20454317', 'ag/20425770', 'ag/20541824', 'ag/20510886'] into tm-qpr1-release.
Change-Id: I491b9e378e2806d6ecc1fc895987d1987253cf54
|
|
Bug: 258672042
Test: atest CtsPermission4TestCases
Change-Id: I1d484ed7c72d4ae73f4cbec47522a18ae9088f6e
(cherry picked from commit 297388e374f0a1e5b7f52961a81246c2fecb81e6)
Merged-In: I1d484ed7c72d4ae73f4cbec47522a18ae9088f6e
|
|
Bug: 244154558
Test: manual
Change-Id: I5a86639cd571e14e9a9f5d5ded631b5a7c08db7e
(cherry picked from commit ede0a767c26f144e38b4a0c1c2f530b05ffd29a8)
Merged-In: I5a86639cd571e14e9a9f5d5ded631b5a7c08db7e
|
|
system apps
This is a roll forward of two reverted changes combined into one:
commit b6d04416628ab29df57efcd738332912d9260cea
commit e5e51116fb767162966a8e0d23fafb4f0ff46e86
It additionally fixes an issue where in multi-user profiles (such as a guest user), rules would be incorrectly identified as not created by the system and would therefore fail to be created in settings.
Bug: 257477671
Bug: 245236706
Bug: 242537431
Test: NotificationManagerServiceTest; ZenModeHelperTest; manually verified that it's possible to create zen schedules from guest mode
Change-Id: I0c4c705cfe5fc875151958957daaf8657fbc21a7
(cherry picked from commit 7261cdd30bf18965d421fc28c68c61e380bc952d)
Merged-In: I0c4c705cfe5fc875151958957daaf8657fbc21a7
|
|
used by system to fetch accounts.
When `null` is used with getAccountsFromCache method, there is
conversion from calling UID to packageName (call getPackageNameForUid in
filterAccounts), and then another conversion using packageName to UID in
resolveAccountVisbility). Sometimes (as determined by PackageManager), a package which is installed in primary profile but is not installed in work profile is used to fetch accounts for work profile. This causes fetching accounts in work profile to fail.
The fix uses "android" as packageName for all methods used by system
process. This ensures that this conversion always works.
Test: atest AccountManagerServiceTest
Bug: 246257147
Change-Id: Id2e4b860f49366db5a85a3fd83b3fedeeabc9cbb
(cherry picked from commit 33f942c2efc97ac04feca3d9635ad26aa74fe0da)
(cherry picked from commit 8567a7841a41daf1e025cec7fb47747afab4c139)
Merged-In: Id2e4b860f49366db5a85a3fd83b3fedeeabc9cbb
|
|
This action should be only broadcasted when the user data is cleared
successfully. Broadcasting this action when failed case may result in
unexpected result.
Bug: 240267890
Test: manually using the PoC in the buganizer to ensure the symptom
no longer exists.
Change-Id: Ica8aa541e694d62c768a5a3f965547377198eef7
(cherry picked from commit 94b10bba20f8d96964c80a8157fd8e02286eff68)
Merged-In: Ica8aa541e694d62c768a5a3f965547377198eef7
|
|
While the device is provisioning, do not allow clicks on the privacy
chip.
Test: atest HeaderPrivacyIconsControllerTest
Bug: 253043058
Change-Id: I9c8f642976f3332f4d5c9db89a4917dae501f251
(cherry picked from commit ea4a8ec146f2d916af8a3f6e605690ad2b189755)
Merged-In: I9c8f642976f3332f4d5c9db89a4917dae501f251
|
|
This reverts commit e5e51116fb767162966a8e0d23fafb4f0ff46e86.
Reason for revert: broke DND schedules in multi-user mode b/257477671
Change-Id: Ic5126e4c95c8ef8c17b339a6fb0f08ca9cc97323
(cherry picked from commit 3535f5cb664bda21ca69a3515ac59a927bf6b90d)
Merged-In: Ic5126e4c95c8ef8c17b339a6fb0f08ca9cc97323
|
|
This reverts commit b6d04416628ab29df57efcd738332912d9260cea.
Reason for revert: broke DND schedules in multi-user mode b/257477671
Change-Id: Idf32ab7ebd132ee460504976ba31252fd4da47fa
(cherry picked from commit 9223d270f5474dc4387ad3e6afd4cb660927bfc8)
Merged-In: Idf32ab7ebd132ee460504976ba31252fd4da47fa
|
|
Previously were unable to add new zen rules because rules added via the settings pages were getting registered under package "com.android.settings", which then were not considered "system rules". These rules should have package android, so when we can trust the caller (via checking that the caller is system) we should be taking the package name from the owner of the rule.
Bug: 245236706
Bug: 242537431
Test: NMSTest; manual
Change-Id: Id69b671592396ac3304862dadbe73de328a8e27a
(cherry picked from commit e5e51116fb767162966a8e0d23fafb4f0ff46e86)
Merged-In: Id69b671592396ac3304862dadbe73de328a8e27a
|
|
instead of checking that of the configuration activity, which is potentially spoofable. The package name is verified to be the same app as the caller by NMS.
This change removes isSystemRule (called only once) in favor of checking the provided package name directly.
Bug: 242537431
Test: ZenModeHelperTest, manual by verifying via provided exploit apk
Change-Id: Ic7f350618c26a613df455a4128c9195f4b424a4d
(cherry picked from commit b6d04416628ab29df57efcd738332912d9260cea)
Merged-In: Ic7f350618c26a613df455a4128c9195f4b424a4d
|
|
20029904, 20026935, 20251346, 20036692, 20302671, 20210471, 20219552, 20404110, 20406276] into tm-qpr1-release.
Change-Id: I2d8c1fec1e5ce3ba9227b4cff0c7996c4abc7516
|
|
This reverts commit e5e51116fb767162966a8e0d23fafb4f0ff46e86.
Reason for revert: broke DND schedules in multi-user mode b/257477671
Change-Id: Ic5126e4c95c8ef8c17b339a6fb0f08ca9cc97323
(cherry picked from commit 3535f5cb664bda21ca69a3515ac59a927bf6b90d)
Merged-In: Ic5126e4c95c8ef8c17b339a6fb0f08ca9cc97323
|
|
This reverts commit b6d04416628ab29df57efcd738332912d9260cea.
Reason for revert: broke DND schedules in multi-user mode b/257477671
Change-Id: Idf32ab7ebd132ee460504976ba31252fd4da47fa
(cherry picked from commit 9223d270f5474dc4387ad3e6afd4cb660927bfc8)
Merged-In: Idf32ab7ebd132ee460504976ba31252fd4da47fa
|
|
- Originally added in ag/5139951, this method ensured that activities
launched from widgets are always started in a new task (if the
activity is launched in the home task, the task is not brough forward
with the recents transition). We can restrict this to only recents
callers since this only applies to 1p launchers in gesture nav
(both the gesture with 3p launchers and button nav in general will
always start the home intent directly, which makes adding the
NEW_TASK flag unnecessary).
Bug: 243794108
Test: Ensure that the original bug b/112508020 still works (with the
test app in the bug, swipe up still works after launching an
activity from the widget, and fails without applying the
override flags)
Change-Id: Id53c6a2aa6da5933d488ca06a0bfc4ef89a4c343
(cherry picked from commit c4d3106e347922610f8c554de3ae238175ed393e)
Merged-In: Id53c6a2aa6da5933d488ca06a0bfc4ef89a4c343
|
|
UsbDeviceConnection is closed.
Bug: 204584366
Test: CTS Verifier: USB Accessory Test & USB Device Test
Test: No HWASan use-after-free reports with a test app
Change-Id: Ia3a9b10349efc0236b1539c81465f479cb32e02b
(cherry picked from commit 1691b54b1fda4239249a3871d2c17ed1ec753061)
Merged-In: Ia3a9b10349efc0236b1539c81465f479cb32e02b
|
|
DevicePolicyResourcesManager.getString() was added in T and called in
many places inside system server. However, it uses
DeviceConfig.getBoolean to determine if a feature is enabled or not. In
the places where it is called from inside system server,
`clearCallingIdentity` was not always called, which can result in
DeviceConfig.getBoolean throwing SecurityException due to mismatched
AttributionSource (calling uid is the caller from the binder client,
while the context is "android" which should have calling uid 0). Context
is "android" because it is inside the system server where the
DevicePolicyManager instance is created. This bug might lead to
unexpected behavior such as packages failing to be uninstalled by admin.
The easiest fix is to place a bypass in SettingsProvider and manually clear
the calling uid there. This fix also allows for the cleanest backporting as
it can be cherry-picked into T without touching all the places where
DevicePolicyResourcesManager.getString() is called in the system server.
BUG: 252663068
Test: manual
Merged-In: I37a6ceb29575593018b93093562c85d49770a43c
Change-Id: I37a6ceb29575593018b93093562c85d49770a43c
(cherry picked from commit b127850fda23698be0247e5b2110cdd01fff8fd7)
(cherry picked from commit 3b873ef5c2e2a1527ded7cbcad1993af15277831)
Merged-In: I37a6ceb29575593018b93093562c85d49770a43c
|
|
Bug: 221040577
Test: atest PermissionTest23#testPre23AppsWithSystemAlertWindowGetDeniedOnUpgrade
Change-Id: I4b4605aaae107875811070dea6d031c5d9f25c96
(cherry picked from commit fba194b998cf22d073a36cb5c6f9397c2dc1a50e)
Merged-In: I4b4605aaae107875811070dea6d031c5d9f25c96
|
|
Prior to targetSdk 22, apps could add random system settings keys which
opens an opportunity for OOM attacks. This CL adds a key size limit.
BUG: 239415997
Test: manual; will add cts test
Merged-In: Ic9e88c0cc3d7206c64ba5b5c7d15b50d1ffc9adc
Change-Id: Ic9e88c0cc3d7206c64ba5b5c7d15b50d1ffc9adc
(cherry picked from commit 783bcba343c480f6ccedaaff41ba7171a1082e0c)
(cherry picked from commit f60e5a4b7ce47d21a6e707fdad7a865dc0b0f0a3)
Merged-In: Ic9e88c0cc3d7206c64ba5b5c7d15b50d1ffc9adc
|
|
The NotificationManagerService registers a LockPatternUtils.StrongAuthTracker
to observe the StrongAuth changes of every user.
More specifically, it’s the STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN flag.
Via this flag, NotificationManagerService can perform the following operations
when the user enter or exit lockdown mode:
Enter lockdown:
1. Remove all the notifications belonging to the user.
2. Set the local flag to indicate the lockdown is on for the user.
The local flag will suppress the user's notifications on the
post, remove and update functions.
Exit lockdown:
1. Clear the local flag to indicate the lockdown is off for the user.
2. Repost the user’s notifications (suppressed during lockdown mode).
The CL also updates corresponding tests.
Bug: 173721373
Bug: 250743174
Test: atest NotificationManagerServiceTest
Test: atest NotificationListenersTest
Ignore-AOSP-First: pending fix for a security issue.
Change-Id: I4f30e56550729db7d673a92d2a1250509713f36d
Merged-In: I4f30e56550729db7d673a92d2a1250509713f36d
(cherry picked from commit de3b12fca23178d8c821058261572449b67d5967)
(cherry picked from commit ccead0884b808d68203568ce3183fc1182ed13e3)
Merged-In: I4f30e56550729db7d673a92d2a1250509713f36d
|
|
Bug: 242537498
Test: atest PermissionMemoryFootprintTest
Change-Id: I15343e84c1802d6b89249106263319a6539fa73b
(cherry picked from commit 973c67f7fc5d1321ff38e861dfe256a2877af5f0)
Merged-In: I15343e84c1802d6b89249106263319a6539fa73b
|
|
settings are updated
Previously, a setting is updated before the memory usage limit
check, which can be exploited by malicious apps and cause OoM DoS.
This CL changes the logic to checkMemLimit -> update -> updateMemUsage.
BUG: 239415861
Test: atest com.android.providers.settings.SettingsStateTest
(cherry picked from commit 8eeb92950f4a7012d4cf282106a1418fd211f475)
Merged-In: I20551a2dba9aa79efa0c064824f349f551c2c2e4
Change-Id: I20551a2dba9aa79efa0c064824f349f551c2c2e4
(cherry picked from commit d7a84dc64d2e19059ec742e0f644c3dc6095e15f)
Merged-In: I20551a2dba9aa79efa0c064824f349f551c2c2e4
|
|
Previous logic would exit the loop after removing the first service
matching the uninstalled package.
Bug: 243378132
Test: atest AccessibilityEndToEndTest
Test: m sts;
sts-tradefed run sts-dynamic-develop -m \
CtsAccessibilityServiceTestCases
Change-Id: I4ba30345d8600674ee8a9ea3ff411aecbf3655a3
(cherry picked from commit e1f343acdeeddd9a08c9f6c832faf788ce101763)
Merged-In: I4ba30345d8600674ee8a9ea3ff411aecbf3655a3
|
|
Complete the change in ag/19657256 to also apply in SelectableTargetInfo.
That would ensure that in all cases of cross-profile targets the URIs
are fixed to include the user-id prefix.
Bug:244876518
Bug:242605257
Test: manually share image from work Photos app to personal WhatsApp's
frequent contact target.
Change-Id: Ib41c8a3c46afcc2d62a4c1a924212bcd98bcfbe4
(cherry picked from commit a4fe4bd9a23bccbe29d72bebd6a028ce83383838)
Merged-In: Ib41c8a3c46afcc2d62a4c1a924212bcd98bcfbe4
|
|
QS (Quick Settings) layout could be horizontal or not. When it is horizontal, the media player is displayed on the side of QS.
This is based on orientation, split shade state, and media player visibility. However the configuration changed lister was triggering the update only after orientation changed, neglecting split shade state.
When a foldable device that is in the state "folded and landscape" is unfolded, the orientation stays the same, despite the split shade state changes.
QSPanelControllerBase was updating the QS layout only if the orientation changed, neglecting other condition changes.
Fixes: 216244185
Test: CorrectQSAfterUnfold QSPanelControllerBaseTest
Change-Id: I7f1444adf477f75c267a48bf8f420d3507f82709
(cherry picked from commit 3e6a8bcf0d78f2ed6fc4c298c5d25ace21c11ac8)
Merged-In: I7f1444adf477f75c267a48bf8f420d3507f82709
|
|
The activity info could be from another uid which is different
from the app that hosts the task. The information should be
trimmed if the caller app doesn't have the privilege.
Bug: 243130512
Test: verified locally
Test: atest RecentTasksTest
Change-Id: Ia343ac70e5bb9aeae718fca6674e1ca491a14512
(cherry picked from commit 401e782b244bf84fd5aab371f60c2e52d6226fb3)
Merged-In: Ia343ac70e5bb9aeae718fca6674e1ca491a14512
|
|
Change-Id: I82f6505180dee2555a26b20456b86384fd2cf4ab
|
|
This reverts commit 7319e40b37aba598e081b56095b7ed4e0a04396c.
Reason for revert: b/241798893. Note: this fix is not the root cause of the breakage. It just exposes a previously unknown bug. See linked bug.
Change-Id: I2ec5fd036af1d35c6d3fe000ee41f3347f9aea41
Merged-In: I01bda0f5bf343d73c480ad64b562dd0a2ee46e30
(cherry picked from commit 8914ae87def2171b1fabfc69b36e8b56114866e6)
Merged-In: I2ec5fd036af1d35c6d3fe000ee41f3347f9aea41
|
|
Change-Id: I5b8fca5589d3eee53547667040efd17003eaad70
|
|
Change I27987301ebf393de6f781b17ed7bc789789c01ab introduced the usage of
dynamic categories to prevent the pending intent from being cached. This
is incompatible with the new T explicit intent filter enforcement, as a
dynamic category can never match any intent-filter.
Switch to use the PendingIntent#setIdentifier API introduced in API 29,
specifically designed for this use case.
Bug: 249043995
Test: m + manual
Change-Id: I2bbe4e554ef337299138f2a7691eeffc60e18e9d
(cherry picked from commit 8afc387eb1fe5061250e88d5666ae47c11ab5b07)
Merged-In: I2bbe4e554ef337299138f2a7691eeffc60e18e9d
|
|
Change-Id: I41e61a03e8b7712cb057dbdc4818fed96e496c5c
|
|
Do not invoke the bouncer interactor if the flag is off.
Fixes: 250498666
Test: Manual test. Added a unit test.
Change-Id: I44b7be029b1a1cd1dbd356499252fa3aee6edccb
(cherry picked from commit 46b09796610fed0ebbc517494c0ad122f934127b)
Merged-In: I44b7be029b1a1cd1dbd356499252fa3aee6edccb
|
|
Seems like there is a bug with how TrustManagerService deals with
automotive now that there is the possibility for renewable trust,
preventing the automotive companion from being unlocked by the phone. To
fix this, we'll update canMoveToTrusted to also allow automotive
trustagents to automatically move to trusted (if the right other
conditions are met).
Test: Manually for automotive
Fixes: 250703401
Change-Id: I906be77a2f09582095d24797aebdb0eda420eee6
(cherry picked from commit 2fa61e04624ec9ccbfb9945b7b911ca564b6b6fb)
Merged-In: I906be77a2f09582095d24797aebdb0eda420eee6
|
|
tm-qpr1-release.
Change-Id: Iae7a7663fec2247d8cccb98e048c06ea6b5010df
|
|
When not using combined headers, the padding should be smaller as the
old headers take less vertical space.
Test: manual, with and without flag
Test: atest com.android.systemui.qs
Fixes: 251235055
Change-Id: Ic56f2eceae76e3613737f02f4c511bec9766fe95
(cherry picked from commit e6b106bc75afd8db5f62b37c7418e6bdf71cf440)
Merged-In: Ic56f2eceae76e3613737f02f4c511bec9766fe95
|
|
Addresses a security vulnerability where a (-8) length object would
cause dataPosition to be reset back to the statt of the value, and be
re-read again.
Bug: 240138294
Test: atest ParcelTest BundleTest AmbiguousBundlesTest
Test: manually ran PoC
Change-Id: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
Merged-In: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
(cherry picked from commit 8e01230dd264d652c6f4c82d850da5afc4768bdc)
Merged-In: I1ab1df6f2a802d8cdf02c89c12959b09d7b1a5c4
|
|
For many years, Parcel mismatch typed exploits has been using the
AccoungManagerService's passing of KEY_INTENT workflow, as a foothold of
launching arbitrary intents. We are adding an extra check on the service
side to simulate the final deserialization of the KEY_INTENT value, to
make sure the client side won't get a mismatched KEY_INTENT value.
Bug: 250588548
Bug: 240138294
Test: atest CtsAccountManagerTestCases
Test: local test, also see b/250588548
Change-Id: I433e34f6e21ce15c89825044a15b1dec46bb25cc
(cherry picked from commit ba27731d04d95bf4b17c41a5d85aac09c39b9329)
Merged-In: I433e34f6e21ce15c89825044a15b1dec46bb25cc
|
|
After an app publishes a shortcut that contains malformed intent, the
system can be stuck in boot-loop due to uncaught exception caused by
parsing the malformed intent.
This CL ignores that particular malformed entry. Since shortcuts are
constantly writes back into the xml from system memory, the malformed
entry will be removed from the xml the next time system persists
shortcuts from memory to file system.
Bug: 246540168
Test: manual
Change-Id: I9492fcbd499ab2792c1d08884e3af394c5a4c79f
(cherry picked from commit 5238a70be8c3348f9592de5e625f6311e4d51032)
Merged-In: I9492fcbd499ab2792c1d08884e3af394c5a4c79f
|
|
This adds validation that the package name passed to
setApplicationRestrictions is in the correct format. This will avoid
an issue where a path could be entered resulting in a file being
written to an unexpected place.
Bug: 239701237
Merged-In: I1ab2b7228470f10ec26fe3a608ae540cfc9e9a96
Change-Id: I56c2fc14f906cdad80181ab577e2ebc276c151c1
(cherry picked from commit 1b9b59c63bffc675a042cba6cd666831abef2c3e)
Merged-In: I56c2fc14f906cdad80181ab577e2ebc276c151c1
|
|
Change-Id: I4708b83cd24fe2d12749af66a31bdf8777d753d3
|
|
This reverts commit f348307f7ba56ac38d746cde837638dd623156c6.
Reason for revert: Causing sim related regressions on the release branch
Change-Id: I0cd9830056c41971f7f0f7f33f2567aa40969c19
(cherry picked from commit bbd23aef704512a47553fe0008436f7c544af3fe)
Merged-In: I0cd9830056c41971f7f0f7f33f2567aa40969c19
|
|
This reverts commit 140516bf656b0b011868c306d4e099da58decae4.
Reason for revert: Bug where users cannot use biometrics to re-auth after trustagent timeout.
Bug: 251078638
Change-Id: I6254196327e09381eaa047e6444034ada6030113
(cherry picked from commit f60d171a4b4d3ef235023391a77829538f6b339f)
Merged-In: I6254196327e09381eaa047e6444034ada6030113
|
|
tm-qpr1-release.
Change-Id: I5f64396d7269ab1d58d9d96db7792c71729606fe
|
|
Also renaming some trigger type fields to be consistent.
Test: Manually after running:
m -j statsd_testdrive && statsd_testdrive 169
Bug: 242928495
Change-Id: I577f940bf09e3ce7b8da87496af413058f324455
Merged-In: I577f940bf09e3ce7b8da87496af413058f324455
(cherry picked from commit e6ab4d719901432e137539c04f92ce4927bc2242)
(cherry picked from commit cff11ef25e4b30266e3f9f1e3fb60f40918a72c2)
Merged-In: I577f940bf09e3ce7b8da87496af413058f324455
|
|
Adding identification for process starts when the trigger was a
push_message.
When the push_message was over quota it may be deferred, but counting it
separately is still useful, as it could still cause cold process starts.
Test: Manual:
Run `./out/host/linux-x86/bin/statsd_testdrive 169`
Then use a sample app to send it an FCM message when it is not running.
Bug: 242928495
Change-Id: I55c56601af4eb60173ae039d8de7f9e7916c81e8
Merged-In: I55c56601af4eb60173ae039d8de7f9e7916c81e8
(cherry picked from commit 84c7a05dbbe94c5727a2e861399ece8393a542a2)
(cherry picked from commit 8fcf1d63c6ebe3e05fcfa28c227888e6fa627ca9)
Merged-In: I55c56601af4eb60173ae039d8de7f9e7916c81e8
|
|
There is no need to maintain two copies of the same proto message.
Moving framework to directly use the canonical proto used by statsd.
Test: m -j statsd_testdrive
out/host/linux-x86/bin/statsd_testdrive 169
Bug: 242928495
Change-Id: Ie2bdd2151dae26a611c3905342bb49ddddf2788d
Merged-In: Ie2bdd2151dae26a611c3905342bb49ddddf2788d
(cherry picked from commit e6073bc3ce37f0a29018ee0e02a0376f4c37da62)
(cherry picked from commit 83327c47f549db792e43f12385847f2b9b0006e5)
Merged-In: Ie2bdd2151dae26a611c3905342bb49ddddf2788d
|
|
Currently the reason is described as the hosting type and name
of the lifecycle component that is being started. Adding a field to
describe the trigger that led to the component being invoked.
Starting with logging when an alarm caused a broadcast to start in the
app. Other examples of triggers that can be added are jobs for services,
push-messages for broadcasts, etc.
Test: make statsd_testdrive
statsd_testdrive 169
Bug: 242928495
Change-Id: Iffa03bd99f9ef6907444b3e3204d2a2f13e28102
Merged-In: Iffa03bd99f9ef6907444b3e3204d2a2f13e28102
(cherry picked from commit 64d4919530e55f508e3a146fc7eaa13a2fa8e4f5)
Merged-In: Iffa03bd99f9ef6907444b3e3204d2a2f13e28102
|
|
Change-Id: Ia7590bcabebad1db56ad91cab3367d25a7c207d6
|
|
When doze state is no longer dozing, we were not resetting the bouncer
view. Here, when dozing state changes, we want to ensure that the
bouncer is not shown.
Fixes: 237822716
Test: Added a unit test and test manually.
Change-Id: If085851b5e3c8b15cdd4b0a2fce8cbb5e8f48035
(cherry picked from commit f348307f7ba56ac38d746cde837638dd623156c6)
Merged-In: If085851b5e3c8b15cdd4b0a2fce8cbb5e8f48035
|
|
tm-qpr1-release
Change-Id: Ib9d69a2a2db57b1b6a5ff5eb79cde89e4d19d1cd
|
