| Age | Commit message (Collapse) | Author |
|---|
|
'googleplex-android-review.googlesource.com/24310393', 'googleplex-android-review.googlesource.com/23982977', 'googleplex-android-review.googlesource.com/24424817', 'googleplex-android-review.googlesource.com/24270326'] into security-aosp-tm-release.
Change-Id: I67f3e69797c4afcb2703ccd7be4a5dc2e83457d2
|
|
Currently the full user (e.g. userId 0) is required to enter device
credential (e.g. device PIN/pattern/password) to unlock the device in
certain cases as specified by StrongAuthFlags (e.g. the user has
triggered lockdown). After successfully verify the device credential,
StrongAuthFlags for the full user will be set back to
STRONG_AUTH_NOT_REQUIRED. This may or may not clear StrongAuthFlags for
a profile of the user, depending on whether the profile has a separate
or unified lock.
Case #1: the profile has a seprate lock. In this case, the user will
need to enter the device credential on lockscreen to unlock the device,
and then enter the different profile lock to unlock the profile.
StrongAuthFlags for the profile will only be cleared after successfully
verifying the profile lock.
Case #2: the profile has a unified lock. Currently in this case,
StrongAuthFlags for the profile doesn't get cleared properly after the
user verifies the device credential on lockscreen and unpauses the
profile. For example, if the user triggers lockdown and later enters the
device credential to unlock the device, StrongAuthFlags for the full
user gets cleared (so the full user exits lockdown) while
StrongAuthFlags for the profile doesn't get cleared (so the profile
remains in lockdown), and thus notifications for the profile won't be
shown properly.
This CL fixes the issue above for the case #2. The user will only need
to enter the device credential on lockscreen once to unlock the device.
If the profile is already unpaused, at this point StrongAuthFlags
should already be cleared; otherwise, StrongAuthFlags will be cleared
after the user unpauses the profile (but without having to enter any
lock again since the profile uses a unified lock).
Test: (1) Set up a profile (e.g. a managed profile) with a unified lock.
(2) Trigger the lockdown mode on lockscreen, and verify that
StrongAuthFlags for the full user and the profile are both set
properly, via "adb shell dumpsys lock_settings".
(3) Enter the device credential on lockscreen for the full user,
and verify that StrongAuthFlags for the full user is unset.
StrongAuthFlags for the profile should also be cleared at this
point if the profile was unpaused already before lockdown;
otherwise
(4) Unpause the profile and verify that StrongAuthFlags for the
profile is cleared.
Fix: 176924824
Bug: 173721373
(cherry picked from commit ea925cf0b1293ddece4a77f8cce60196ee27f146)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a3e155e8060b3652baac209e4e48fa988e255206)
Merged-In: Ic466fc22a5be9047d39194ad42c56dc4a2acb4dc
Change-Id: Ic466fc22a5be9047d39194ad42c56dc4a2acb4dc
|
|
Similar to ag/24422287, but the same URI verification should be done in
SettingsProvider as well, which can be called by apps via
Settings.System API or ContentProvider APIs without using
RingtoneManager.
BUG: 227201030
Test: manual with a test app. Will add a CTS test.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1b234678ec122994ccbfc52ac48aafdad7fdb1ed)
Merged-In: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
Change-Id: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
|
|
We stripped the token that allows app to retrieve their own notification
and fire their own PI to launch activities from background. But we
forgot to strip the token from notification.publicVersion
Bug: 278558814
Test: NotificationManagerTest#testActivityStartFromRetrievedNotification_isBlocked
(cherry picked from commit cf851d81a954f0a6dd0c2fd7defa93932539e7f9)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1896c2e7068c9ec1ab8355d863d7e8107d5d5706)
Merged-In: I8f25d7a5e47890a0496af023149717e1df482f98
Change-Id: I8f25d7a5e47890a0496af023149717e1df482f98
|
|
Bug: 291299076
Test: Build and flash the device and check if it throws exception for
non UsbInterface object
Test: atest CtsUsbManagerTestCases
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8c55c8ca3f3646ba15e5f4bda4e28f713860e3f0)
Merged-In: I2917c8331b6d56caaa9a6479bcd9a2d089f5f503
Change-Id: I2917c8331b6d56caaa9a6479bcd9a2d089f5f503
|
|
AM.backupAgentCreated() should enforce that caller belongs the package called in the API.
Bug: 289549315
Test: atest android.security.cts.ActivityManagerTest#testActivityManager_backupAgentCreated_rejectIfCallerUidNotEqualsPackageUid
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c31434d6a097f815e8daec899ba92348487cbfac)
Merged-In: I9f3ae5ec0b8f00e020d471cc0eddf8bd8bdbb82d
Change-Id: I9f3ae5ec0b8f00e020d471cc0eddf8bd8bdbb82d
|
|
into security-aosp-tm-release.
Change-Id: I5936507b5ddfcb6a6190b295fa1ec0b8d9f0db19
|
|
'googleplex-android-review.googlesource.com/23502366', 'googleplex-android-review.googlesource.com/23877018', 'googleplex-android-review.googlesource.com/23785419', 'googleplex-android-review.googlesource.com/23818219', 'googleplex-android-review.googlesource.com/23835332', 'googleplex-android-review.googlesource.com/23436487', 'googleplex-android-review.googlesource.com/24057913', 'googleplex-android-review.googlesource.com/23982566', 'googleplex-android-review.googlesource.com/24301063', 'googleplex-android-review.googlesource.com/24359722'] into security-aosp-tm-release.
Change-Id: I7bb82f716f1748eabeb461fc4d8a7c9d48231ea6
|
|
Revert submission 22621774-cherrypicker-L22000000959901080:N28400001357657640
Reason for revert: causing a partner bug
Fixes: 295205456
Bug: 222446076
Reverted changes: /q/submissionid:22621774-cherrypicker-L22000000959901080:N28400001357657640
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0afa6707fa632c1f5fba5dff46a94b5d734e2ab2)
Merged-In: Icb27b4d897696b4fbb4e4a878751d925f5205dfd
Change-Id: Icb27b4d897696b4fbb4e4a878751d925f5205dfd
|
|
BUG:286996125
Auto-generated-cl: translation import
(cherry picked from commit 192e1926b13df12563dfb0bb38f98d31b7f41d67)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:602de6cbd4d51222625e849ffedd5e58977aecbd)
Merged-In: I4fa0c7c0df0bd5c2eac924c012c541f910348568
Change-Id: I4fa0c7c0df0bd5c2eac924c012c541f910348568
|
|
When RescueParty detects that a system process is crashing frequently,
it tries to recover in various ways, such as by resetting all settings.
Unfortunately, this included resetting the secure_frp_mode setting,
which is the means by which the system keeps track of whether the
Factory Reset Protection (FRP) challenge has been passed yet. With this
setting reset, some FRP restrictions went away and it became possible to
bypass FRP by setting a new lockscreen credential.
Fix this by excluding secure_frp_mode from resets.
Note: currently this bug isn't reproducible on 'main' due to ag/23727749
disabling much of RescueParty, but that is a temporary change.
Bug: 253043065
Test: With ag/23727749 reverted and with my fix to prevent
com.android.settings from crashing *not* applied, tried repeatedly
setting lockscreen credential while in FRP mode, using the
smartlock setup activity launched by intent via adb. Verified
that although RescueParty is still triggered after 5 attempts,
secure_frp_mode is no longer reset (its value remains "1").
Test: Verified that secure_frp_mode still gets changed from 1 to 0 when
FRP is passed legitimately.
Test: atest com.android.providers.settings.SettingsProviderTest
Test: atest android.provider.SettingsProviderTest
(cherry picked from commit 9890dd7f15c091f7d1a09e4fddb9f85d32015955)
(changed Global.SECURE_FRP_MODE to Secure.SECURE_FRP_MODE,
needed because this setting was moved in U)
(removed static keyword from shouldExcludeSettingFromReset(),
needed for compatibility with Java 15 and earlier)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8c2d2c6fc91c6b80809a91ac510667af24d2cf17)
Merged-In: Id95ed43b9cc2208090064392bcd5dc012710af93
Change-Id: Id95ed43b9cc2208090064392bcd5dc012710af93
|
|
Test: manual with the steps from the bug
Test: manual with a normal icon
Test: atest CanUseIconPredicate
Test: atest ControlViewHolderTest
Bug: 272025416
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:22f97f081ccc6f6a7230b15447a6c885dfe4fa59)
Merged-In: Ib0e677f7ccbed6299ea07939519c7dcf6d371bec
Change-Id: Ib0e677f7ccbed6299ea07939519c7dcf6d371bec
|
|
Test: tested with POC in bug, also using atest
Bug: 224771621
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)
Merged-In: Ide65205b83063801971c5778af3154bcf3f0e530
Change-Id: Ide65205b83063801971c5778af3154bcf3f0e530
|
|
Bug: 278246904
Test: manually, with the PoC app attached to the bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1aee65603e262affd815fa53dcc5416c605e4037)
Merged-In: Ib3f5b8b6b9ce644fdf1173548d9078e4d969ae2e
Change-Id: Ib3f5b8b6b9ce644fdf1173548d9078e4d969ae2e
|
|
Check permissions of URI inside of FillResponse's RemoteViews. If the
current user does not have the required permissions to view the URI, the
RemoteView is dropped from displaying.
This fixes a security spill in which a user can view content of another
user through a malicious Autofill provider.
Bug: 283137865
Fixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566
b/281534749 b/283101289
Test: Verified by POC app attached in bugs
Test: atest CtsAutoFillServiceTestCases (added new tests)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:93810ba1c0a4d31f49adbf9454731e2b7defdfc0)
Merged-In: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
Change-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a
|
|
The key mapping information between the native key mappings and
the KeyCharacterMap object available in Java is currently shared,
which means that a read can be attempted while it's being modified.
Bug: 274058082
Test: Patch tested by Oppo
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3d993de0d1ada8065d1fe561f690c8f82b6a7d4b)
Merged-In: I745008a0a8ea30830660c45dcebee917b3913d13
Change-Id: I745008a0a8ea30830660c45dcebee917b3913d13
|
|
Also added a step to serialize & deserialize the notification in the
test, to prevent exceptions about not being able to cast e.g.
Parcelable[] to RemoteInputHistoryItem[].
Test: atest NotificationManagerServiceTest & tested with POC from bug
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4e19431a60300c6ea6c7f7dd64299916e4eb09bc)
Merged-In: I7053ca59f9c7f1df5226418594109cfb8b609b1e
Change-Id: I7053ca59f9c7f1df5226418594109cfb8b609b1e
|
|
When an app posts a media control with no available title, show a
placeholder string with the app name instead
Bug: 274775190
Test: atest MediaDataManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a0fda1f36d04331c8d60c5540b09b1a30203581b)
Merged-In: Ie406c180af48653595e8e222a15b4dda27de2e0e
Change-Id: Ie406c180af48653595e8e222a15b4dda27de2e0e
|
|
When a ringtone picker tries to set a ringtone through
RingtoneManager.setActualDefaultRingtoneUri (also
called by com.android.settings.DefaultRingtonePreference),
verify the mimeType can be obtained (not found when caller
doesn't have access to it) and it is an audio resource.
Bug: 205837340
Test: atest android.media.audio.cts.RingtoneManagerTest
(cherry picked from commit 38618f9fb16d3b5617e2289354d47abe5af17dad)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b8c2d03b720f0cc200ac59f6cfb411fddc3b119c)
Merged-In: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
Change-Id: I3f2c487ded405c0c1a83ef0a2fe99cff7cc9328e
|
|
'googleplex-android-review.googlesource.com/23733070', 'googleplex-android-review.googlesource.com/23474146', 'googleplex-android-review.googlesource.com/23905843', 'googleplex-android-review.googlesource.com/23905120', 'googleplex-android-review.googlesource.com/23834726'] into security-aosp-tm-release.
Change-Id: I1c7b53328eea2729a45e9a9fe000606df017518a
|
|
- Before trying to query recent media from a saved component, check
whether the current user actually has that component installed
- Track user when creating the MediaBrowser, in case the user changes
before the MBS returns a result
Test: atest MediaResumeListenerTest
Bug: 284297711
(cherry picked from commit e566a250ad61e269119b475c7ebdae6ca962c4a7)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d61741288b4d7614e4677428aac6418f6f1d79f0)
Merged-In: I838ff0e125acadabc8436a00dbff707cc4be6249
Change-Id: I838ff0e125acadabc8436a00dbff707cc4be6249
|
|
Bug: 265798288
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8476b140eed0235df4e8f07d94420a1471191b55)
Merged-In: Ia2030a9dc371dccadd4e188a529351ac4232bb4f
Change-Id: Ia2030a9dc371dccadd4e188a529351ac4232bb4f
|
|
Currently, we extract the quickshare intent and re-wrap it as a new
PendingIntent once we get the screenshot URI. This is insecure as
it leads to executing the original with SysUI's permissions, which
the app may not have. This change switches to using Intent.fillin
to add the URI, keeping the original PendingIntent and original
permission set.
Bug: 278720336
Test: manual (to test successful quickshare), atest
SaveImageInBackgroundTaskTest (to verify original pending intent
unchanged)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:02938e8ccae910d96578475a19dff0a5e746b03d)
Merged-In: Icad3d5f939fcfb894e2038948954bc2735dbe326
Change-Id: Icad3d5f939fcfb894e2038948954bc2735dbe326
|
|
This makes the limitation, which was previously only checked on the Settings UI, enforced everywhere.
Fixes: 260570119
Fixes: 286043036
Test: atest + manually
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6fcdbd0c6efc67b014b8e1b43c5ec233f912ee8b)
Merged-In: I4c25d80978cb37a8fa1531f5045259d25ac64692
Change-Id: I4c25d80978cb37a8fa1531f5045259d25ac64692
|
|
Windows of TYPE_PRESENTATION on virtual displays should not be counted
as visible windows to determine if BAL is allowed.
Test: manual test, atest BackgroundActivityLaunchTest
Bug: 264029851, 205130886
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4c40b187cd5277c27d20758c675865bf89180c7a)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5bf9607bec3f1224158cfcff7dd91ac558b46c0f)
Merged-In: I08b16ba1c155e951286ddc22019180cbd6334dfa
Change-Id: I08b16ba1c155e951286ddc22019180cbd6334dfa
|
|
into security-aosp-tm-release.
Change-Id: Id3701bf5352ac1ccdef741292a9893cdb041b3ec
|
|
EXTRA_REMOTE_INPUT_HISTORY_ITEMS."
This reverts commit 43b1711332763788c7abf05c3baa931296c45bbb.
Reason for revert: regression reported at b/289223315
Bug: 289223315
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:bdc9b977e376fb3b6047530a179d00fd77f2aec1)
Merged-In: I101938fbc51592537023345ba1e642827510981b
Change-Id: I101938fbc51592537023345ba1e642827510981b
|
|
'googleplex-android-review.googlesource.com/22915959', 'googleplex-android-review.googlesource.com/22599577', 'googleplex-android-review.googlesource.com/23083139', 'googleplex-android-review.googlesource.com/23031226', 'googleplex-android-review.googlesource.com/23090199', 'googleplex-android-review.googlesource.com/23327545', 'googleplex-android-review.googlesource.com/23410117', 'googleplex-android-review.googlesource.com/23210299', 'googleplex-android-review.googlesource.com/23352460', 'googleplex-android-review.googlesource.com/23386456', 'googleplex-android-review.googlesource.com/23389120', 'googleplex-android-review.googlesource.com/23473144', 'googleplex-android-review.googlesource.com/23430378', 'googleplex-android-review.googlesource.com/23449211', 'googleplex-android-review.googlesource.com/23475240', 'googleplex-android-review.googlesource.com/23439342', 'googleplex-android-review.googlesource.com/23505029'] into security-aosp-tm-release.
Change-Id: Ia6f2b9f35100e76997a71dc6ab612a8577790b82
|
|
e371b3018f
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/23465066
Fixes: 285211549
Fixes: 280797684
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3fc6dd50937d23c854fde540380c51fd451b1c55)
Merged-In: Idd360f69fc9e5a9f32fd3ca76ec0440c8bb12cf4
Change-Id: Idd360f69fc9e5a9f32fd3ca76ec0440c8bb12cf4
|
|
Bug: 213170822
Remove the code that CursorWindow::writeToParcel() uses to ensure slot
data is 4-byte aligned. Because mAllocOffset and mSlotsOffset are
already 4-byte aligned, the alignment step here is unnecessary.
CursorWindow::spaceInUse() returns the total space used. The tests
verify that the total space used is always a multiple of 4 bytes.
Test: atest
* libandroidfw_tests
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d4afa0986cbc440f458b4b8db05fd176ef3e6d2)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5b0232d7e1c2087839d9bc029943c8780b2484ab)
Merged-In: I720699093d5c5a584283e5b76851938f449ffa21
Change-Id: I720699093d5c5a584283e5b76851938f449ffa21
|
|
specific settings are used
Bug: 265431505
Test: atest KeyguardViewMediatorTest
(cherry picked from commit 625e009fc195ba5d658ca2d78ebb23d2770cc6c4)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dbdfadc24c81453c9c51e0d549b0ace924f4341e)
Merged-In: I66a660c091c90a957a0fd1e144c013840db3f47e
Change-Id: I66a660c091c90a957a0fd1e144c013840db3f47e
|
|
Verify URI permissions in MediaMetadata
Add a check for URI permission to make sure that user can access the URI
set in MediaMetadata. If permission is denied, clear the URI string set
in metadata.
Bug: 271851153
Test: atest MediaSessionTest
Test: Verified by POC app attached in bug, image of second user is not
the UMO background of the first user.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:277e7e05866a3da3c5871c071231b2b7c911d81e)
Merged-In: I932d5d5143998db89d7132ced84faffa4a0bd5aa
Change-Id: I932d5d5143998db89d7132ced84faffa4a0bd5aa
|
|
Bug: 281018094
Test: atest RemoteViewsTest NotificationVisitUrisTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:634a69b7700017eac534f3f58cdcc2572f3cc659)
Merged-In: I2014bf21cf90267f7f1b3f370bf00ab7001b064e
Change-Id: I2014bf21cf90267f7f1b3f370bf00ab7001b064e
|
|
Bug: 277741109
Test: atest RemoteViewsTest
(cherry picked from commit ae0d45137b0f8ea49a085bbce4d39f901685c4a5)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:902f020bc81e5b584d5cb0276568b888a728fc4a)
Merged-In: Iceb33606da3a49b9638ab21aeae17a168c1b411a
Change-Id: Iceb33606da3a49b9638ab21aeae17a168c1b411a
|
|
Addresses a BAL bypass where Pip could be started without the launcher
being visible.
Bug: 271576718
Test: atest CtsWindowManagerDeviceTestCases:PinnedStackTests
Test: atest android.server.wm.BackgroundActivityLaunchTest#testPipCannotStartFromBackground
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1848b559059e021d1a923513ca2a936c6212a7ac)
Merged-In: Ibadc9c21f1d23f9904fc11009a9c2a40535db5e0
Change-Id: Ibadc9c21f1d23f9904fc11009a9c2a40535db5e0
|
|
Bug: 281807669
Test: Manual, i.e. posting the following sequence of events (within few milliseconds) to the scheduler and observe the behaviour with and without the fix: Mic in use -> Mic not in use -> Mic in use
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a45e1d045770eaabfdbf0e1212c9eb84caf1d565)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:20ea049a4a52dbc8d4e5ed957a2b6b9aa02a2f34)
Merged-In: I9851e6ed4cb956d0459ef56251eb0ef3210764b8
Change-Id: I9851e6ed4cb956d0459ef56251eb0ef3210764b8
|
|
This is a security fix for b/270049379.
Bug: 270049379
Test: atest CtsMediaMiscTestCases
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c573c83a2aa36ca022302f675d705518dd723a3c)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ba546a306217389a8ff9e5e948612651fd496081)
Merged-In: I05626f7abf1efef86c9e01ee3f077d7177d7f662
Change-Id: I05626f7abf1efef86c9e01ee3f077d7177d7f662
|
|
This is to prevent a vulnerability where notifications can show
resources belonging to other users, since the URI in the nested views
was not being checked.
Bug: 277740082
Test: atest RemoteViewsTest NotificationVisitUrisTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:850fd984e5f346645b5a941ed7307387c7e4c4de)
Merged-In: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
Change-Id: I5c71f0bad0a6f6361eb5ceffe8d1e47e936d78f8
|
|
Bug: 276294099
Test: atest NotificationManagerServiceTest NotificationVisitUrisTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:67cd169d073486c7c047b80ab83843cdee69bf53)
Merged-In: I670198b213abb2cb29a9865eb9d1e897700508b4
Change-Id: I670198b213abb2cb29a9865eb9d1e897700508b4
|
|
PermissionManagerServiceImpl.restorePermissionState() creates a new
UID permission state for non-shared-UID packages that have been
updated (i.e. replaced), however the existing logic for non-runtime
permission never carried over the flags from the old state. This
wasn't an issue for much older platforms because permission flags
weren't used for non-runtime permissions, however since we are
starting to use them for role protected permissions (ROLE_GRANTED) and
app op permissions (USER_SET), we do need to preserver the permission
flags.
This change merges the logic for granting and revoking a non-runtime
permission in restorePermissionState() into a single if branch, and
appends the logic to copy the flag from the old state in that branch.
Bug: 283006437
Test: PermissionFlagsTest#nonRuntimePermissionFlagsPreservedAfterReinstall
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4ebd48959ce962b87c3468724ee4d7390714e3f3)
Merged-In: Iea3c66710e7d28c6fc730b1939da64f1172b08db
Change-Id: Iea3c66710e7d28c6fc730b1939da64f1172b08db
|
|
Manual test steps:
1. Enable app pinning and disable "Ask for PIN before unpinning" setting
2. Pin an app (ie: Settings)
3. Lockdown from the power menu
Observe: user is brought to the keyguard, primary auth is required
to enter the device. After entering credential, the device is still in
app pinning mode.
Test: atest KeyguardViewMediatorTest
Test: manual steps outlined above
Bug: 218495634
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:100ae42365d7fc8ba7d241e8c9a7ef6aa0cdb961)
Merged-In: I9a7c5e1acadabd4484e58573331f98dba895f2a2
Change-Id: I9a7c5e1acadabd4484e58573331f98dba895f2a2
|
|
The following APIs now enforce limits and throw IllegalArgumentException
when limits are violated:
* DPM.setTrustAgentConfiguration() limits agent packgage name,
component name, and strings within configuration bundle.
* DPM.setPermittedAccessibilityServices() limits package names.
* DPM.setPermittedInputMethods() limits package names.
* DPM.setAccountManagementDisabled() limits account name.
* DPM.setLockTaskPackages() limits package names.
* DPM.setAffiliationIds() limits id.
* DPM.transferOwnership() limits strings inside the bundle.
Package names are limited at 223, because they become directory names
and it is a filesystem restriction, see FrameworkParsingPackageUtils.
All other strings are limited at 65535, because longer ones break binary
XML serializer.
The following APIs silently truncate strings that are long beyond reason:
* DPM.setShortSupportMessage() truncates message at 200.
* DPM.setLongSupportMessage() truncates message at 20000.
* DPM.setOrganizationName() truncates org name at 200.
Bug: 260729089
Test: atest com.android.server.devicepolicy
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5dd3e81347e3c841510094fb5effd51fc0fa995b)
Merged-In: Idcf54e408722f164d16bf2f24a00cd1f5b626d23
Change-Id: Idcf54e408722f164d16bf2f24a00cd1f5b626d23
|
|
Bug: 277593270
Test: atest NotificationManagerServiceTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:936b58b12851269b878b44cc8df790b3afe9c3f5)
Merged-In: Iaf2a9a82f18e018e60e6cdc020da6ebf7267e8b1
Change-Id: Iaf2a9a82f18e018e60e6cdc020da6ebf7267e8b1
|
|
with content URI.
This prevents the primary user from accessing the secondary user's
photos for QAW card images.
Test: manually, atest
Bug: 272020068
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ff753ae693065685d85bbda6af2953905fdf434c)
Merged-In: I6932c5131b3c795bac4ea9b537938e7ef4f3ea4e
Change-Id: I6932c5131b3c795bac4ea9b537938e7ef4f3ea4e
|
|
Apps should not have direct access to this entry point. Check that the
caller is a vendor, system, or product package.
Test: Ran PoC app and CtsMediaPlayerTestCases.
Bug: 236688380
(cherry picked from commit d0ba7467c2cb2815f94f6651cbb1c2f405e8e9c7)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e37820e47c383aecf9d1173a0676c27e6a59ce4f)
Merged-In: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f
Change-Id: I0335496d28fa5fc3bfe1fecd4be90040b0b3687f
|
|
app only
unless it's a system app.
Bug: 239423414
Bug: 223376078
Test: atest CtsAppTestCases:ActivityManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fa94ce5c7738e449cb6bd68c77af4858018e49e0)
Merged-In: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
Change-Id: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
|
|
'googleplex-android-review.googlesource.com/20946190', 'googleplex-android-review.googlesource.com/20460002', 'googleplex-android-review.googlesource.com/22390145', 'googleplex-android-review.googlesource.com/22616881', 'googleplex-android-review.googlesource.com/21327525', 'googleplex-android-review.googlesource.com/22621774', 'googleplex-android-review.googlesource.com/22898060', 'googleplex-android-review.googlesource.com/17738545', 'googleplex-android-review.googlesource.com/21253698', 'googleplex-android-review.googlesource.com/22787457', 'googleplex-android-review.googlesource.com/22509574', 'googleplex-android-review.googlesource.com/22895638'] into security-aosp-tm-release.
Change-Id: Ied11657b48451b612e638edbf54755756e2fd348
|
|
Bug: 277740848
Test: atest RemoteViewsTest NotificationManagerServiceTest & tested with POC from bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b4692946c10d11c1e935869e11dc709a9cdcba69)
Merged-In: I7d3d35df0ec38945019f71755bed8797b7af4517
Change-Id: I7d3d35df0ec38945019f71755bed8797b7af4517
|
|
profile using ADB
If DISALLOW_DEBUGGING_FEATURES or DISALLOW_INSTALL_APPS restrictions are
set on a work profile, prevent side loading of APKs using ADB in the
work profile.
Bug: 257443065
Test: atest CtsPackageInstallTestCases:UserRestrictionInstallTest
(cherry picked from commit febe3918020a94b2af48ade98eb6a49cdd4a3bdf)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:28e133dff148cf8f43c551073000a459a1573985)
Merged-In: I169a1f72c84528ca606b6a4da165d4fbcd02b08d
Change-Id: I169a1f72c84528ca606b6a4da165d4fbcd02b08d
|
|
Also added the person URIs in the test, since they weren't being
checked.
Test: atest NotificationManagerServiceTest & tested with POC from bug
Bug: 276729064
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:43b1711332763788c7abf05c3baa931296c45bbb)
Merged-In: I848545f7aee202495c515f47a32871a2cb6ae707
Change-Id: I848545f7aee202495c515f47a32871a2cb6ae707
|
