diff options
41 files changed, 365 insertions, 510 deletions
diff --git a/api/current.txt b/api/current.txt index 7185c99a143a..e774f07090b5 100644 --- a/api/current.txt +++ b/api/current.txt @@ -38296,6 +38296,7 @@ package android.security.keystore { method public boolean isRandomizedEncryptionRequired(); method public boolean isStrongBoxBacked(); method public boolean isTrustedUserPresenceRequired(); + method public boolean isUnlockedDeviceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationValidWhileOnBody(); } @@ -38322,6 +38323,7 @@ package android.security.keystore { method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...); method public android.security.keystore.KeyGenParameterSpec.Builder setTrustedUserPresenceRequired(boolean); + method public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int); @@ -38411,6 +38413,8 @@ package android.security.keystore { method public boolean isDigestsSpecified(); method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isRandomizedEncryptionRequired(); + method public boolean isTrustedUserPresenceRequired(); + method public boolean isUnlockedDeviceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationValidWhileOnBody(); } @@ -38428,6 +38432,8 @@ package android.security.keystore { method public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date); method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean); method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...); + method public android.security.keystore.KeyProtection.Builder setTrustedUserPresenceRequired(boolean); + method public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean); method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean); method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean); method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int); diff --git a/cmds/statsd/src/atoms.proto b/cmds/statsd/src/atoms.proto index 27fa67212af8..b32af027f2fd 100644 --- a/cmds/statsd/src/atoms.proto +++ b/cmds/statsd/src/atoms.proto @@ -1214,8 +1214,14 @@ message AppStartMemoryStateCaptured { // # of major page-faults optional int64 pgmajfault = 5; - // RSS+CACHE(+SWAP) - optional int64 usage_in_bytes = 6; + // RSS + optional int64 rss_in_bytes = 6; + + // CACHE + optional int64 cache_in_bytes = 7; + + // SWAP + optional int64 swap_in_bytes = 8; } /* @@ -1237,8 +1243,14 @@ message ProcessMemoryState { // # of major page-faults optional int64 pgmajfault = 5; - // RSS+CACHE(+SWAP) - optional int64 usage_in_bytes = 6; + // RSS + optional int64 rss_in_bytes = 6; + + // CACHE + optional int64 cache_in_bytes = 7; + + // SWAP + optional int64 swap_in_bytes = 8; } /* @@ -1277,8 +1289,14 @@ message LmkKillOccurred { // # of major page-faults optional int64 pgmajfault = 5; - // RSS+CACHE(+SWAP) - optional int64 usage_in_bytes = 6; + // RSS + optional int64 rss_in_bytes = 6; + + // CACHE + optional int64 cache_in_bytes = 7; + + // SWAP + optional int64 swap_in_bytes = 8; } /* diff --git a/core/java/android/app/Activity.java b/core/java/android/app/Activity.java index fd7ad88b4a21..e7d0c8be4761 100644 --- a/core/java/android/app/Activity.java +++ b/core/java/android/app/Activity.java @@ -17,7 +17,6 @@ package android.app; import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS; - import static java.lang.Character.MIN_VALUE; import android.annotation.CallSuper; @@ -4713,7 +4712,6 @@ public class Activity extends ContextThemeWrapper * their launch had come from the original activity. * @param intent The Intent to start. * @param options ActivityOptions or null. - * @param permissionToken Token received from the system that permits this call to be made. * @param ignoreTargetSecurity If true, the activity manager will not check whether the * caller it is doing the start is, is actually allowed to start the target activity. * If you set this to true, you must set an explicit component in the Intent and do any @@ -4722,7 +4720,7 @@ public class Activity extends ContextThemeWrapper * @hide */ public void startActivityAsCaller(Intent intent, @Nullable Bundle options, - IBinder permissionToken, boolean ignoreTargetSecurity, int userId) { + boolean ignoreTargetSecurity, int userId) { if (mParent != null) { throw new RuntimeException("Can't be called from a child"); } @@ -4730,7 +4728,7 @@ public class Activity extends ContextThemeWrapper Instrumentation.ActivityResult ar = mInstrumentation.execStartActivityAsCaller( this, mMainThread.getApplicationThread(), mToken, this, - intent, -1, options, permissionToken, ignoreTargetSecurity, userId); + intent, -1, options, ignoreTargetSecurity, userId); if (ar != null) { mMainThread.sendActivityResult( mToken, mEmbeddedID, -1, ar.getResultCode(), diff --git a/core/java/android/app/ActivityManager.java b/core/java/android/app/ActivityManager.java index 4d5ac6f45703..e2ce8b177d2e 100644 --- a/core/java/android/app/ActivityManager.java +++ b/core/java/android/app/ActivityManager.java @@ -449,31 +449,6 @@ public class ActivityManager { */ public static final int INTENT_SENDER_FOREGROUND_SERVICE = 5; - /** - * Extra included on intents that are delegating the call to - * ActivityManager#startActivityAsCaller to another app. This token is necessary for that call - * to succeed. Type is IBinder. - * @hide - */ - public static final String EXTRA_PERMISSION_TOKEN = "android.app.extra.PERMISSION_TOKEN"; - - /** - * Extra included on intents that contain an EXTRA_INTENT, with options that the contained - * intent may want to be started with. Type is Bundle. - * TODO: remove once the ChooserActivity moves to systemui - * @hide - */ - public static final String EXTRA_OPTIONS = "android.app.extra.OPTIONS"; - - /** - * Extra included on intents that contain an EXTRA_INTENT, use this boolean value for the - * parameter of the same name when starting the contained intent. - * TODO: remove once the ChooserActivity moves to systemui - * @hide - */ - public static final String EXTRA_IGNORE_TARGET_SECURITY = - "android.app.extra.EXTRA_IGNORE_TARGET_SECURITY"; - /** @hide User operation call: success! */ public static final int USER_OP_SUCCESS = 0; diff --git a/core/java/android/app/IActivityManager.aidl b/core/java/android/app/IActivityManager.aidl index 6dcecf197ed2..02be00268a45 100644 --- a/core/java/android/app/IActivityManager.aidl +++ b/core/java/android/app/IActivityManager.aidl @@ -456,11 +456,10 @@ interface IActivityManager { boolean isTopOfTask(in IBinder token); void notifyLaunchTaskBehindComplete(in IBinder token); void notifyEnterAnimationComplete(in IBinder token); - IBinder requestStartActivityPermissionToken(in IBinder delegatorToken); int startActivityAsCaller(in IApplicationThread caller, in String callingPackage, in Intent intent, in String resolvedType, in IBinder resultTo, in String resultWho, int requestCode, int flags, in ProfilerInfo profilerInfo, in Bundle options, - in IBinder permissionToken, boolean ignoreTargetSecurity, int userId); + boolean ignoreTargetSecurity, int userId); int addAppTask(in IBinder activityToken, in Intent intent, in ActivityManager.TaskDescription description, in Bitmap thumbnail); Point getAppTaskThumbnailSize(); diff --git a/core/java/android/app/Instrumentation.java b/core/java/android/app/Instrumentation.java index f90b276ac17f..198bce684c1d 100644 --- a/core/java/android/app/Instrumentation.java +++ b/core/java/android/app/Instrumentation.java @@ -1879,8 +1879,8 @@ public class Instrumentation { */ public ActivityResult execStartActivityAsCaller( Context who, IBinder contextThread, IBinder token, Activity target, - Intent intent, int requestCode, Bundle options, IBinder permissionToken, - boolean ignoreTargetSecurity, int userId) { + Intent intent, int requestCode, Bundle options, boolean ignoreTargetSecurity, + int userId) { IApplicationThread whoThread = (IApplicationThread) contextThread; if (mActivityMonitors != null) { synchronized (mSync) { @@ -1911,8 +1911,7 @@ public class Instrumentation { .startActivityAsCaller(whoThread, who.getBasePackageName(), intent, intent.resolveTypeIfNeeded(who.getContentResolver()), token, target != null ? target.mEmbeddedID : null, - requestCode, 0, null, options, permissionToken, - ignoreTargetSecurity, userId); + requestCode, 0, null, options, ignoreTargetSecurity, userId); checkStartActivityResult(result, intent); } catch (RemoteException e) { throw new RuntimeException("Failure from system", e); diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl index 738eb6865230..c4b7715b458a 100644 --- a/core/java/android/security/IKeystoreService.aidl +++ b/core/java/android/security/IKeystoreService.aidl @@ -71,7 +71,7 @@ interface IKeystoreService { in byte[] entropy); int abort(IBinder handle); boolean isOperationAuthorized(IBinder token); - int addAuthToken(in byte[] authToken); + int addAuthToken(in byte[] authToken, in int androidId); int onUserAdded(int userId, int parentId); int onUserRemoved(int userId); int attestKey(String alias, in KeymasterArguments params, out KeymasterCertificateChain chain); diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java index 346437032845..479231db70b9 100644 --- a/core/java/android/security/keymaster/KeymasterDefs.java +++ b/core/java/android/security/keymaster/KeymasterDefs.java @@ -74,6 +74,7 @@ public final class KeymasterDefs { public static final int KM_TAG_AUTH_TIMEOUT = KM_UINT | 505; public static final int KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL | 506; public static final int KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED = KM_BOOL | 507; + public static final int KM_TAG_UNLOCKED_DEVICE_REQUIRED = KM_BOOL | 509; public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600; public static final int KM_TAG_APPLICATION_ID = KM_BYTES | 601; @@ -215,6 +216,7 @@ public final class KeymasterDefs { public static final int KM_ERROR_MISSING_MIN_MAC_LENGTH = -58; public static final int KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59; public static final int KM_ERROR_CANNOT_ATTEST_IDS = -66; + public static final int KM_ERROR_DEVICE_LOCKED = -72; public static final int KM_ERROR_UNIMPLEMENTED = -100; public static final int KM_ERROR_VERSION_MISMATCH = -101; public static final int KM_ERROR_UNKNOWN_ERROR = -1000; @@ -261,6 +263,7 @@ public final class KeymasterDefs { sErrorCodeToString.put(KM_ERROR_INVALID_MAC_LENGTH, "Invalid MAC or authentication tag length"); sErrorCodeToString.put(KM_ERROR_CANNOT_ATTEST_IDS, "Unable to attest device ids"); + sErrorCodeToString.put(KM_ERROR_DEVICE_LOCKED, "Device locked"); sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented"); sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error"); } diff --git a/core/java/android/util/FeatureFlagUtils.java b/core/java/android/util/FeatureFlagUtils.java index 25a177edd27c..8af4b7150a31 100644 --- a/core/java/android/util/FeatureFlagUtils.java +++ b/core/java/android/util/FeatureFlagUtils.java @@ -42,7 +42,6 @@ public class FeatureFlagUtils { DEFAULT_FLAGS.put("settings_connected_device_v2", "true"); DEFAULT_FLAGS.put("settings_battery_v2", "true"); DEFAULT_FLAGS.put("settings_battery_display_app_list", "false"); - DEFAULT_FLAGS.put("settings_security_settings_v2", "true"); DEFAULT_FLAGS.put("settings_zone_picker_v2", "true"); DEFAULT_FLAGS.put("settings_suggestion_ui_v2", "false"); DEFAULT_FLAGS.put("settings_about_phone_v2", "false"); diff --git a/core/java/com/android/internal/app/ChooserActivity.java b/core/java/com/android/internal/app/ChooserActivity.java index 997d47fe8cf0..6e0ba3413e8c 100644 --- a/core/java/com/android/internal/app/ChooserActivity.java +++ b/core/java/com/android/internal/app/ChooserActivity.java @@ -841,7 +841,7 @@ public class ChooserActivity extends ResolverActivity { } @Override - public boolean startAsCaller(ResolverActivity activity, Bundle options, int userId) { + public boolean startAsCaller(Activity activity, Bundle options, int userId) { final Intent intent = getBaseIntentToSend(); if (intent == null) { return false; @@ -860,7 +860,8 @@ public class ChooserActivity extends ResolverActivity { final boolean ignoreTargetSecurity = mSourceInfo != null && mSourceInfo.getResolvedComponentName().getPackageName() .equals(mChooserTarget.getComponentName().getPackageName()); - return activity.startAsCallerImpl(intent, options, ignoreTargetSecurity, userId); + activity.startActivityAsCaller(intent, options, ignoreTargetSecurity, userId); + return true; } @Override diff --git a/core/java/com/android/internal/app/IntentForwarderActivity.java b/core/java/com/android/internal/app/IntentForwarderActivity.java index 86731bcb4bf6..398d08791b5c 100644 --- a/core/java/com/android/internal/app/IntentForwarderActivity.java +++ b/core/java/com/android/internal/app/IntentForwarderActivity.java @@ -107,7 +107,7 @@ public class IntentForwarderActivity extends Activity { || ChooserActivity.class.getName().equals(ri.activityInfo.name)); try { - startActivityAsCaller(newIntent, null, null, false, targetUserId); + startActivityAsCaller(newIntent, null, false, targetUserId); } catch (RuntimeException e) { int launchedFromUid = -1; String launchedFromPackage = "?"; diff --git a/core/java/com/android/internal/app/ResolverActivity.java b/core/java/com/android/internal/app/ResolverActivity.java index d6d44908a15b..ceb06f511108 100644 --- a/core/java/com/android/internal/app/ResolverActivity.java +++ b/core/java/com/android/internal/app/ResolverActivity.java @@ -43,7 +43,6 @@ import android.net.Uri; import android.os.AsyncTask; import android.os.Build; import android.os.Bundle; -import android.os.IBinder; import android.os.PatternMatcher; import android.os.RemoteException; import android.os.StrictMode; @@ -858,36 +857,6 @@ public class ResolverActivity extends Activity { } } - public boolean startAsCallerImpl(Intent intent, Bundle options, boolean ignoreTargetSecurity, - int userId) { - // Pass intent to delegate chooser activity with permission token. - // TODO: This should move to a trampoline Activity in the system when the ChooserActivity - // moves into systemui - try { - // TODO: Once this is a small springboard activity, it can move off the UI process - // and we can move the request method to ActivityManagerInternal. - IBinder permissionToken = ActivityManager.getService() - .requestStartActivityPermissionToken(getActivityToken()); - final Intent chooserIntent = new Intent(); - final ComponentName delegateActivity = ComponentName.unflattenFromString( - Resources.getSystem().getString(R.string.config_chooserActivity)); - chooserIntent.setClassName(delegateActivity.getPackageName(), - delegateActivity.getClassName()); - chooserIntent.putExtra(ActivityManager.EXTRA_PERMISSION_TOKEN, permissionToken); - - // TODO: These extras will change as chooser activity moves into systemui - chooserIntent.putExtra(Intent.EXTRA_INTENT, intent); - chooserIntent.putExtra(ActivityManager.EXTRA_OPTIONS, options); - chooserIntent.putExtra(ActivityManager.EXTRA_IGNORE_TARGET_SECURITY, - ignoreTargetSecurity); - chooserIntent.putExtra(Intent.EXTRA_USER_ID, userId); - startActivity(chooserIntent); - } catch (RemoteException e) { - Log.e(TAG, e.toString()); - } - return true; - } - public void onActivityStarted(TargetInfo cti) { // Do nothing } @@ -1212,8 +1181,9 @@ public class ResolverActivity extends Activity { } @Override - public boolean startAsCaller(ResolverActivity activity, Bundle options, int userId) { - return activity.startAsCallerImpl(mResolvedIntent, options, false, userId); + public boolean startAsCaller(Activity activity, Bundle options, int userId) { + activity.startActivityAsCaller(mResolvedIntent, options, false, userId); + return true; } @Override @@ -1272,7 +1242,7 @@ public class ResolverActivity extends Activity { * @param userId userId to start as or {@link UserHandle#USER_NULL} for activity's caller * @return true if the start completed successfully */ - boolean startAsCaller(ResolverActivity activity, Bundle options, int userId); + boolean startAsCaller(Activity activity, Bundle options, int userId); /** * Start the activity referenced by this target as a given user. diff --git a/core/java/com/android/internal/os/BatteryStatsImpl.java b/core/java/com/android/internal/os/BatteryStatsImpl.java index e91b67a4b178..7def87655ae3 100644 --- a/core/java/com/android/internal/os/BatteryStatsImpl.java +++ b/core/java/com/android/internal/os/BatteryStatsImpl.java @@ -10896,7 +10896,7 @@ public class BatteryStatsImpl extends BatteryStats { return null; } - /** + /** * Distribute WiFi energy info and network traffic to apps. * @param info The energy information from the WiFi controller. */ @@ -11160,6 +11160,9 @@ public class BatteryStatsImpl extends BatteryStats { } } + private ModemActivityInfo mLastModemActivityInfo = + new ModemActivityInfo(0, 0, 0, new int[0], 0, 0); + /** * Distribute Cell radio energy info and network traffic to apps. */ @@ -11180,6 +11183,22 @@ public class BatteryStatsImpl extends BatteryStats { } } + int rxTimeMs = 0; + int[] txTimeMs = new int[ModemActivityInfo.TX_POWER_LEVELS]; + int idleTimeMs = 0; + int sleepTimeMs = 0; + if (activityInfo != null) { + rxTimeMs = activityInfo.getRxTimeMillis() - mLastModemActivityInfo.getRxTimeMillis(); + for (int i = 0; i < ModemActivityInfo.TX_POWER_LEVELS; i++) { + txTimeMs[i] = activityInfo.getTxTimeMillis()[i] + - mLastModemActivityInfo.getTxTimeMillis()[i]; + } + idleTimeMs = + activityInfo.getIdleTimeMillis() - mLastModemActivityInfo.getIdleTimeMillis(); + sleepTimeMs = + activityInfo.getSleepTimeMillis() - mLastModemActivityInfo.getSleepTimeMillis(); + } + synchronized (this) { if (!mOnBatteryInternal) { if (delta != null) { @@ -11191,11 +11210,11 @@ public class BatteryStatsImpl extends BatteryStats { if (activityInfo != null) { mHasModemReporting = true; mModemActivity.getIdleTimeCounter().addCountLocked( - activityInfo.getIdleTimeMillis()); - mModemActivity.getRxTimeCounter().addCountLocked(activityInfo.getRxTimeMillis()); + idleTimeMs); + mModemActivity.getRxTimeCounter().addCountLocked(rxTimeMs); for (int lvl = 0; lvl < ModemActivityInfo.TX_POWER_LEVELS; lvl++) { mModemActivity.getTxTimeCounters()[lvl] - .addCountLocked(activityInfo.getTxTimeMillis()[lvl]); + .addCountLocked(txTimeMs[lvl]); } // POWER_MODEM_CONTROLLER_OPERATING_VOLTAGE is measured in mV, so convert to V. @@ -11203,16 +11222,15 @@ public class BatteryStatsImpl extends BatteryStats { PowerProfile.POWER_MODEM_CONTROLLER_OPERATING_VOLTAGE) / 1000.0; if (opVolt != 0) { double energyUsed = - activityInfo.getSleepTimeMillis() * + sleepTimeMs * mPowerProfile.getAveragePower(PowerProfile.POWER_MODEM_CONTROLLER_SLEEP) - + activityInfo.getIdleTimeMillis() * + + idleTimeMs * mPowerProfile.getAveragePower(PowerProfile.POWER_MODEM_CONTROLLER_IDLE) - + activityInfo.getRxTimeMillis() * + + rxTimeMs * mPowerProfile.getAveragePower(PowerProfile.POWER_MODEM_CONTROLLER_RX); - int[] txCurrentMa = activityInfo.getTxTimeMillis(); - for (int i = 0; i < Math.min(txCurrentMa.length, + for (int i = 0; i < Math.min(txTimeMs.length, SignalStrength.NUM_SIGNAL_STRENGTH_BINS); i++) { - energyUsed += txCurrentMa[i] * mPowerProfile.getAveragePower( + energyUsed += txTimeMs[i] * mPowerProfile.getAveragePower( PowerProfile.POWER_MODEM_CONTROLLER_TX, i); } @@ -11293,7 +11311,7 @@ public class BatteryStatsImpl extends BatteryStats { ControllerActivityCounterImpl activityCounter = u.getOrCreateModemControllerActivityLocked(); if (totalRxPackets > 0 && entry.rxPackets > 0) { - final long rxMs = (entry.rxPackets * activityInfo.getRxTimeMillis()) + final long rxMs = (entry.rxPackets * rxTimeMs) / totalRxPackets; activityCounter.getRxTimeCounter().addCountLocked(rxMs); } @@ -11301,7 +11319,7 @@ public class BatteryStatsImpl extends BatteryStats { if (totalTxPackets > 0 && entry.txPackets > 0) { for (int lvl = 0; lvl < ModemActivityInfo.TX_POWER_LEVELS; lvl++) { long txMs = - entry.txPackets * activityInfo.getTxTimeMillis()[lvl]; + entry.txPackets * txTimeMs[lvl]; txMs /= totalTxPackets; activityCounter.getTxTimeCounters()[lvl].addCountLocked(txMs); } @@ -11322,6 +11340,10 @@ public class BatteryStatsImpl extends BatteryStats { } } + // Cache last value for comparison. + private BluetoothActivityEnergyInfo mLastBluetoothActivityEnergyInfo = + new BluetoothActivityEnergyInfo(0, 0, 0, 0, 0, 0); + /** * Distribute Bluetooth energy info and network traffic to apps. * @param info The energy information from the bluetooth controller. @@ -11338,14 +11360,17 @@ public class BatteryStatsImpl extends BatteryStats { mHasBluetoothReporting = true; final long elapsedRealtimeMs = mClocks.elapsedRealtime(); - final long rxTimeMs = info.getControllerRxTimeMillis(); - final long txTimeMs = info.getControllerTxTimeMillis(); - + final long rxTimeMs = info.getControllerRxTimeMillis() - + mLastBluetoothActivityEnergyInfo.getControllerRxTimeMillis(); + final long txTimeMs = info.getControllerTxTimeMillis() - + mLastBluetoothActivityEnergyInfo.getControllerTxTimeMillis(); + final long idleTimeMs = info.getControllerIdleTimeMillis() - + mLastBluetoothActivityEnergyInfo.getControllerIdleTimeMillis(); if (DEBUG_ENERGY) { Slog.d(TAG, "------ BEGIN BLE power blaming ------"); Slog.d(TAG, " Tx Time: " + txTimeMs + " ms"); Slog.d(TAG, " Rx Time: " + rxTimeMs + " ms"); - Slog.d(TAG, " Idle Time: " + info.getControllerIdleTimeMillis() + " ms"); + Slog.d(TAG, " Idle Time: " + idleTimeMs + " ms"); } long totalScanTimeMs = 0; @@ -11424,9 +11449,25 @@ public class BatteryStatsImpl extends BatteryStats { long totalRxBytes = 0; final UidTraffic[] uidTraffic = info.getUidTraffic(); - final int numUids = uidTraffic != null ? uidTraffic.length : 0; - for (int i = 0; i < numUids; i++) { - final UidTraffic traffic = uidTraffic[i]; + final UidTraffic[] lastUidTraffic = mLastBluetoothActivityEnergyInfo.getUidTraffic(); + final ArrayList<UidTraffic> deltaTraffic = new ArrayList<>(); + int m = 0, n = 0; + for (; m < uidTraffic.length && n < lastUidTraffic.length; m++) { + final UidTraffic traffic = uidTraffic[m]; + final UidTraffic lastTraffic = lastUidTraffic[n]; + if (traffic.getUid() == lastTraffic.getUid()) { + deltaTraffic.add(new UidTraffic(traffic.getUid(), + traffic.getRxBytes() - lastTraffic.getRxBytes(), + traffic.getTxBytes() - lastTraffic.getTxBytes())); + n++; + } + } + for (; m < uidTraffic.length; m ++) { + deltaTraffic.add(uidTraffic[m]); + } + + for (int i = 0, j = 0; i < deltaTraffic.size(); i++) { + final UidTraffic traffic = deltaTraffic.get(i); // Add to the global counters. mNetworkByteActivityCounters[NETWORK_BT_RX_DATA].addCountLocked( @@ -11446,8 +11487,8 @@ public class BatteryStatsImpl extends BatteryStats { if ((totalTxBytes != 0 || totalRxBytes != 0) && (leftOverRxTimeMs != 0 || leftOverTxTimeMs != 0)) { - for (int i = 0; i < numUids; i++) { - final UidTraffic traffic = uidTraffic[i]; + for (int i = 0; i < deltaTraffic.size(); i++) { + final UidTraffic traffic = deltaTraffic.get(i); final Uid u = getUidStatsLocked(mapUid(traffic.getUid())); final ControllerActivityCounterImpl counter = @@ -11478,12 +11519,9 @@ public class BatteryStatsImpl extends BatteryStats { } } - mBluetoothActivity.getRxTimeCounter().addCountLocked( - info.getControllerRxTimeMillis()); - mBluetoothActivity.getTxTimeCounters()[0].addCountLocked( - info.getControllerTxTimeMillis()); - mBluetoothActivity.getIdleTimeCounter().addCountLocked( - info.getControllerIdleTimeMillis()); + mBluetoothActivity.getRxTimeCounter().addCountLocked(rxTimeMs); + mBluetoothActivity.getTxTimeCounters()[0].addCountLocked(txTimeMs); + mBluetoothActivity.getIdleTimeCounter().addCountLocked(idleTimeMs); // POWER_BLUETOOTH_CONTROLLER_OPERATING_VOLTAGE is measured in mV, so convert to V. final double opVolt = mPowerProfile.getAveragePower( @@ -11491,8 +11529,10 @@ public class BatteryStatsImpl extends BatteryStats { if (opVolt != 0) { // We store the power drain as mAms. mBluetoothActivity.getPowerCounter().addCountLocked( - (long) (info.getControllerEnergyUsed() / opVolt)); + (long) ((info.getControllerEnergyUsed() - + mLastBluetoothActivityEnergyInfo.getControllerEnergyUsed() )/ opVolt)); } + mLastBluetoothActivityEnergyInfo = info; } /** diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 36082ca1b3b8..a0ba3ade4b34 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1959,12 +1959,6 @@ <permission android:name="android.permission.START_ANY_ACTIVITY" android:protectionLevel="signature" /> - <!-- Allows an application to start an activity as another app, provided that app has been - granted a permissionToken from the ActivityManagerService. - @hide --> - <permission android:name="android.permission.START_ACTIVITY_AS_CALLER" - android:protectionLevel="signature" /> - <!-- @deprecated The {@link android.app.ActivityManager#restartPackage} API is no longer supported. --> <permission android:name="android.permission.RESTART_PACKAGES" diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 38f890a1e95e..a22ca8726dca 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -2283,10 +2283,7 @@ Can be customized for other product types --> <string name="config_chooseTypeAndAccountActivity" translatable="false" >android/android.accounts.ChooseTypeAndAccountActivity</string> - <!-- Name of the activity that will handle requests to the system to choose an activity for - the purposes of resolving an intent. --> - <string name="config_chooserActivity" translatable="false" - >com.android.systemui/com.android.systemui.chooser.ChooserActivity</string> + <!-- Component name of a custom ResolverActivity (Intent resolver) to be used instead of the default framework version. If left empty, then the framework version will be used. Example: com.google.android.myapp/.resolver.MyResolverActivity --> diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml index e8ab0be78b36..09d3121dfa72 100644 --- a/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml @@ -1071,7 +1071,6 @@ <java-symbol type="string" name="owner_name" /> <java-symbol type="string" name="config_chooseAccountActivity" /> <java-symbol type="string" name="config_chooseTypeAndAccountActivity" /> - <java-symbol type="string" name="config_chooserActivity" /> <java-symbol type="string" name="config_customResolverActivity" /> <java-symbol type="string" name="config_appsAuthorizedForSharedAccounts" /> <java-symbol type="string" name="error_message_title" /> diff --git a/core/tests/coretests/src/com/android/internal/app/IntentForwarderActivityTest.java b/core/tests/coretests/src/com/android/internal/app/IntentForwarderActivityTest.java index c0bc3a8eeb9e..b18fa747557d 100644 --- a/core/tests/coretests/src/com/android/internal/app/IntentForwarderActivityTest.java +++ b/core/tests/coretests/src/com/android/internal/app/IntentForwarderActivityTest.java @@ -24,7 +24,6 @@ import android.content.pm.IPackageManager; import android.content.pm.PackageManager; import android.content.pm.UserInfo; import android.os.Bundle; -import android.os.IBinder; import android.os.UserHandle; import android.os.UserManager; import android.support.test.InstrumentationRegistry; @@ -270,8 +269,8 @@ public class IntentForwarderActivityTest { } @Override - public void startActivityAsCaller(Intent intent, @Nullable Bundle options, - IBinder permissionToken, boolean ignoreTargetSecurity, int userId) { + public void startActivityAsCaller(Intent intent, @Nullable Bundle options, boolean + ignoreTargetSecurity, int userId) { mStartActivityIntent = intent; mUserIdActivityLaunchedIn = userId; } @@ -294,4 +293,4 @@ public class IntentForwarderActivityTest { return mPm; } } -} +}
\ No newline at end of file diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml index 6c8aaf0b1e8c..8addffbb02db 100644 --- a/data/etc/privapp-permissions-platform.xml +++ b/data/etc/privapp-permissions-platform.xml @@ -369,7 +369,6 @@ applications that come with the platform <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE"/> <permission name="android.permission.REAL_GET_TASKS"/> <permission name="android.permission.RECEIVE_MEDIA_RESOURCE_USAGE"/> - <permission name="android.permission.START_ACTIVITY_AS_CALLER"/> <permission name="android.permission.START_TASKS_FROM_RECENTS"/> <permission name="android.permission.STATUS_BAR"/> <permission name="android.permission.STOP_APP_SWITCHES"/> diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index ded427eb244a..c429fd382d67 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -618,9 +618,9 @@ public class KeyStore { * @return {@code KeyStore.NO_ERROR} on success, otherwise an error value corresponding to * a {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode. */ - public int addAuthToken(byte[] authToken) { + public int addAuthToken(byte[] authToken, int userId) { try { - return mBinder.addAuthToken(authToken); + return mBinder.addAuthToken(authToken, userId); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return SYSTEM_ERROR; diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java index f721ed3af7ba..419eb24e1cc1 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java @@ -243,12 +243,7 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { // Check that user authentication related parameters are acceptable. This method // will throw an IllegalStateException if there are issues (e.g., secure lock screen // not set up). - KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), - spec.isUserAuthenticationRequired(), - spec.getUserAuthenticationValidityDurationSeconds(), - spec.isUserAuthenticationValidWhileOnBody(), - spec.isInvalidatedByBiometricEnrollment(), - GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */); + KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), spec); } catch (IllegalStateException | IllegalArgumentException e) { throw new InvalidAlgorithmParameterException(e); } @@ -284,15 +279,7 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { args.addEnums(KeymasterDefs.KM_TAG_BLOCK_MODE, mKeymasterBlockModes); args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterPaddings); args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests); - KeymasterUtils.addUserAuthArgs(args, - spec.isUserAuthenticationRequired(), - spec.getUserAuthenticationValidityDurationSeconds(), - spec.isUserAuthenticationValidWhileOnBody(), - spec.isInvalidatedByBiometricEnrollment(), - GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */); - if (spec.isTrustedUserPresenceRequired()) { - args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); - } + KeymasterUtils.addUserAuthArgs(args, spec); KeymasterUtils.addMinMacLengthAuthorizationIfNecessary( args, mKeymasterAlgorithm, diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java index d1eb6888bbfd..d68a33de2c61 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -344,12 +344,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato // Check that user authentication related parameters are acceptable. This method // will throw an IllegalStateException if there are issues (e.g., secure lock screen // not set up). - KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), - mSpec.isUserAuthenticationRequired(), - mSpec.getUserAuthenticationValidityDurationSeconds(), - mSpec.isUserAuthenticationValidWhileOnBody(), - mSpec.isInvalidatedByBiometricEnrollment(), - GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */); + KeymasterUtils.addUserAuthArgs(new KeymasterArguments(), mSpec); } catch (IllegalArgumentException | IllegalStateException e) { throw new InvalidAlgorithmParameterException(e); } @@ -540,12 +535,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato args.addEnums(KeymasterDefs.KM_TAG_PADDING, mKeymasterSignaturePaddings); args.addEnums(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigests); - KeymasterUtils.addUserAuthArgs(args, - mSpec.isUserAuthenticationRequired(), - mSpec.getUserAuthenticationValidityDurationSeconds(), - mSpec.isUserAuthenticationValidWhileOnBody(), - mSpec.isInvalidatedByBiometricEnrollment(), - GateKeeper.INVALID_SECURE_USER_ID /* boundToSpecificSecureUserId */); + KeymasterUtils.addUserAuthArgs(args, mSpec); args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, mSpec.getKeyValidityStart()); args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, mSpec.getKeyValidityForOriginationEnd()); diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java index 440e0863fbb1..fc86ca0443b0 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java @@ -497,12 +497,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { importArgs.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterEncryptionPaddings); importArgs.addEnums(KeymasterDefs.KM_TAG_PADDING, KeyProperties.SignaturePadding.allToKeymaster(spec.getSignaturePaddings())); - KeymasterUtils.addUserAuthArgs(importArgs, - spec.isUserAuthenticationRequired(), - spec.getUserAuthenticationValidityDurationSeconds(), - spec.isUserAuthenticationValidWhileOnBody(), - spec.isInvalidatedByBiometricEnrollment(), - spec.getBoundToSpecificSecureUserId()); + KeymasterUtils.addUserAuthArgs(importArgs, spec); importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, spec.getKeyValidityStart()); importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, @@ -699,12 +694,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { int[] keymasterPaddings = KeyProperties.EncryptionPadding.allToKeymaster( params.getEncryptionPaddings()); args.addEnums(KeymasterDefs.KM_TAG_PADDING, keymasterPaddings); - KeymasterUtils.addUserAuthArgs(args, - params.isUserAuthenticationRequired(), - params.getUserAuthenticationValidityDurationSeconds(), - params.isUserAuthenticationValidWhileOnBody(), - params.isInvalidatedByBiometricEnrollment(), - params.getBoundToSpecificSecureUserId()); + KeymasterUtils.addUserAuthArgs(args, params); KeymasterUtils.addMinMacLengthAuthorizationIfNecessary( args, keymasterAlgorithm, diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index a896c72463fb..0291b8ac6989 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -21,6 +21,7 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.app.KeyguardManager; import android.hardware.fingerprint.FingerprintManager; +import android.security.GateKeeper; import android.security.KeyStore; import android.text.TextUtils; @@ -232,7 +233,7 @@ import javax.security.auth.x500.X500Principal; * key = (SecretKey) keyStore.getKey("key2", null); * }</pre> */ -public final class KeyGenParameterSpec implements AlgorithmParameterSpec { +public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAuthArgs { private static final X500Principal DEFAULT_CERT_SUBJECT = new X500Principal("CN=fake"); private static final BigInteger DEFAULT_CERT_SERIAL_NUMBER = new BigInteger("1"); @@ -264,6 +265,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { private final boolean mUserAuthenticationValidWhileOnBody; private final boolean mInvalidatedByBiometricEnrollment; private final boolean mIsStrongBoxBacked; + private final boolean mUnlockedDeviceRequired; /** * @hide should be built with Builder @@ -293,7 +295,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { boolean uniqueIdIncluded, boolean userAuthenticationValidWhileOnBody, boolean invalidatedByBiometricEnrollment, - boolean isStrongBoxBacked) { + boolean isStrongBoxBacked, + boolean unlockedDeviceRequired) { if (TextUtils.isEmpty(keyStoreAlias)) { throw new IllegalArgumentException("keyStoreAlias must not be empty"); } @@ -341,6 +344,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody; mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment; mIsStrongBoxBacked = isStrongBoxBacked; + mUnlockedDeviceRequired = unlockedDeviceRequired; } /** @@ -646,6 +650,22 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } /** + * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * + * @see Builder#SetUnlockedDeviceRequired(boolean) + */ + public boolean isUnlockedDeviceRequired() { + return mUnlockedDeviceRequired; + } + + /** + * @hide + */ + public long getBoundToSpecificSecureUserId() { + return GateKeeper.INVALID_SECURE_USER_ID; + } + + /** * Builder of {@link KeyGenParameterSpec} instances. */ public final static class Builder { @@ -675,6 +695,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { private boolean mUserAuthenticationValidWhileOnBody; private boolean mInvalidatedByBiometricEnrollment = true; private boolean mIsStrongBoxBacked = false; + private boolean mUnlockedDeviceRequired = false; /** * Creates a new instance of the {@code Builder}. @@ -1220,6 +1241,18 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } /** + * Sets whether the keystore requires the screen to be unlocked before allowing decryption + * using this key. If this is set to {@code true}, any attempt to decrypt using this key + * while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. + */ + @NonNull + public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { + mUnlockedDeviceRequired = unlockedDeviceRequired; + return this; + } + + /** * Builds an instance of {@code KeyGenParameterSpec}. */ @NonNull @@ -1249,7 +1282,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { mUniqueIdIncluded, mUserAuthenticationValidWhileOnBody, mInvalidatedByBiometricEnrollment, - mIsStrongBoxBacked); + mIsStrongBoxBacked, + mUnlockedDeviceRequired); } } } diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index dbacb9c53dd6..a5b85ceec1ad 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -212,7 +212,7 @@ import javax.crypto.Mac; * ... * }</pre> */ -public final class KeyProtection implements ProtectionParameter { +public final class KeyProtection implements ProtectionParameter, UserAuthArgs { private final Date mKeyValidityStart; private final Date mKeyValidityForOriginationEnd; private final Date mKeyValidityForConsumptionEnd; @@ -228,6 +228,8 @@ public final class KeyProtection implements ProtectionParameter { private final boolean mInvalidatedByBiometricEnrollment; private final long mBoundToSecureUserId; private final boolean mCriticalToDeviceEncryption; + private final boolean mTrustedUserPresenceRequired; + private final boolean mUnlockedDeviceRequired; private KeyProtection( Date keyValidityStart, @@ -241,10 +243,12 @@ public final class KeyProtection implements ProtectionParameter { boolean randomizedEncryptionRequired, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, + boolean trustedUserPresenceRequired, boolean userAuthenticationValidWhileOnBody, boolean invalidatedByBiometricEnrollment, long boundToSecureUserId, - boolean criticalToDeviceEncryption) { + boolean criticalToDeviceEncryption, + boolean unlockedDeviceRequired) { mKeyValidityStart = Utils.cloneIfNotNull(keyValidityStart); mKeyValidityForOriginationEnd = Utils.cloneIfNotNull(keyValidityForOriginationEnd); mKeyValidityForConsumptionEnd = Utils.cloneIfNotNull(keyValidityForConsumptionEnd); @@ -262,6 +266,8 @@ public final class KeyProtection implements ProtectionParameter { mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment; mBoundToSecureUserId = boundToSecureUserId; mCriticalToDeviceEncryption = criticalToDeviceEncryption; + mTrustedUserPresenceRequired = trustedUserPresenceRequired; + mUnlockedDeviceRequired = unlockedDeviceRequired; } /** @@ -414,6 +420,14 @@ public final class KeyProtection implements ProtectionParameter { } /** + * Returns {@code true} if the key is authorized to be used only if a test of user presence has + * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls. + */ + public boolean isTrustedUserPresenceRequired() { + return mTrustedUserPresenceRequired; + } + + /** * Returns {@code true} if the key will be de-authorized when the device is removed from the * user's body. This option has no effect on keys that don't have an authentication validity * duration, and has no effect if the device lacks an on-body sensor. @@ -471,6 +485,15 @@ public final class KeyProtection implements ProtectionParameter { } /** + * Returns {@code true} if the key cannot be used unless the device screen is unlocked. + * + * @see Builder#SetRequireDeviceUnlocked(boolean) + */ + public boolean isUnlockedDeviceRequired() { + return mUnlockedDeviceRequired; + } + + /** * Builder of {@link KeyProtection} instances. */ public final static class Builder { @@ -488,6 +511,9 @@ public final class KeyProtection implements ProtectionParameter { private int mUserAuthenticationValidityDurationSeconds = -1; private boolean mUserAuthenticationValidWhileOnBody; private boolean mInvalidatedByBiometricEnrollment = true; + private boolean mTrustedUserPresenceRequired = false; + private boolean mUnlockedDeviceRequired = false; + private long mBoundToSecureUserId = GateKeeper.INVALID_SECURE_USER_ID; private boolean mCriticalToDeviceEncryption = false; @@ -764,6 +790,16 @@ public final class KeyProtection implements ProtectionParameter { } /** + * Sets whether a test of user presence is required to be performed between the + * {@code Signature.initSign()} and {@code Signature.sign()} method calls. + */ + @NonNull + public Builder setTrustedUserPresenceRequired(boolean required) { + mTrustedUserPresenceRequired = required; + return this; + } + + /** * Sets whether the key will remain authorized only until the device is removed from the * user's body up to the limit of the authentication validity period (see * {@link #setUserAuthenticationValidityDurationSeconds} and @@ -845,6 +881,18 @@ public final class KeyProtection implements ProtectionParameter { } /** + * Sets whether the keystore requires the screen to be unlocked before allowing decryption + * using this key. If this is set to {@code true}, any attempt to decrypt using this key + * while the screen is locked will fail. A locked device requires a PIN, password, + * fingerprint, or other trusted factor to access. + */ + @NonNull + public Builder setUnlockedDeviceRequired(boolean unlockedDeviceRequired) { + mUnlockedDeviceRequired = unlockedDeviceRequired; + return this; + } + + /** * Builds an instance of {@link KeyProtection}. * * @throws IllegalArgumentException if a required field is missing @@ -863,10 +911,12 @@ public final class KeyProtection implements ProtectionParameter { mRandomizedEncryptionRequired, mUserAuthenticationRequired, mUserAuthenticationValidityDurationSeconds, + mTrustedUserPresenceRequired, mUserAuthenticationValidWhileOnBody, mInvalidatedByBiometricEnrollment, mBoundToSecureUserId, - mCriticalToDeviceEncryption); + mCriticalToDeviceEncryption, + mUnlockedDeviceRequired); } } } diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java index 34c8d1f75f60..eb6a2a2c9e67 100644 --- a/keystore/java/android/security/keystore/KeymasterUtils.java +++ b/keystore/java/android/security/keystore/KeymasterUtils.java @@ -98,17 +98,23 @@ public abstract class KeymasterUtils { * require user authentication. */ public static void addUserAuthArgs(KeymasterArguments args, - boolean userAuthenticationRequired, - int userAuthenticationValidityDurationSeconds, - boolean userAuthenticationValidWhileOnBody, - boolean invalidatedByBiometricEnrollment, - long boundToSpecificSecureUserId) { - if (!userAuthenticationRequired) { + UserAuthArgs spec) { + args.addUnsignedInt(KeymasterDefs.KM_TAG_USER_ID, 0); + + if (spec.isTrustedUserPresenceRequired()) { + args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); + } + + if (spec.isUnlockedDeviceRequired()) { + args.addBoolean(KeymasterDefs.KM_TAG_UNLOCKED_DEVICE_REQUIRED); + } + + if (!spec.isUserAuthenticationRequired()) { args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); return; } - if (userAuthenticationValidityDurationSeconds == -1) { + if (spec.getUserAuthenticationValidityDurationSeconds() == -1) { // Every use of this key needs to be authorized by the user. This currently means // fingerprint-only auth. FingerprintManager fingerprintManager = @@ -124,9 +130,9 @@ public abstract class KeymasterUtils { } long sid; - if (boundToSpecificSecureUserId != GateKeeper.INVALID_SECURE_USER_ID) { - sid = boundToSpecificSecureUserId; - } else if (invalidatedByBiometricEnrollment) { + if (spec.getBoundToSpecificSecureUserId() != GateKeeper.INVALID_SECURE_USER_ID) { + sid = spec.getBoundToSpecificSecureUserId(); + } else if (spec.isInvalidatedByBiometricEnrollment()) { // The fingerprint-only SID will change on fingerprint enrollment or removal of all, // enrolled fingerprints, invalidating the key. sid = fingerprintOnlySid; @@ -139,14 +145,14 @@ public abstract class KeymasterUtils { args.addUnsignedLong( KeymasterDefs.KM_TAG_USER_SECURE_ID, KeymasterArguments.toUint64(sid)); args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeymasterDefs.HW_AUTH_FINGERPRINT); - if (userAuthenticationValidWhileOnBody) { + if (spec.isUserAuthenticationValidWhileOnBody()) { throw new ProviderException("Key validity extension while device is on-body is not " + "supported for keys requiring fingerprint authentication"); } } else { long sid; - if (boundToSpecificSecureUserId != GateKeeper.INVALID_SECURE_USER_ID) { - sid = boundToSpecificSecureUserId; + if (spec.getBoundToSpecificSecureUserId() != GateKeeper.INVALID_SECURE_USER_ID) { + sid = spec.getBoundToSpecificSecureUserId(); } else { // The key is authorized for use for the specified amount of time after the user has // authenticated. Whatever unlocks the secure lock screen should authorize this key. @@ -157,8 +163,8 @@ public abstract class KeymasterUtils { args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeymasterDefs.HW_AUTH_PASSWORD | KeymasterDefs.HW_AUTH_FINGERPRINT); args.addUnsignedInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, - userAuthenticationValidityDurationSeconds); - if (userAuthenticationValidWhileOnBody) { + spec.getUserAuthenticationValidityDurationSeconds()); + if (spec.isUserAuthenticationValidWhileOnBody()) { args.addBoolean(KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY); } } diff --git a/keystore/java/android/security/keystore/UserAuthArgs.java b/keystore/java/android/security/keystore/UserAuthArgs.java new file mode 100644 index 000000000000..6fb348639594 --- /dev/null +++ b/keystore/java/android/security/keystore/UserAuthArgs.java @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.keystore; + +/** + * @hide + * + * This is an interface to encapsulate the user authentication arguments that + * are passed to KeymasterUtils.addUserAuthArgs. Classes that represent + * authorization characteristics for new or imported keys can implement this + * interface to be passed to that method. + */ +public interface UserAuthArgs { + + boolean isUserAuthenticationRequired(); + int getUserAuthenticationValidityDurationSeconds(); + boolean isUserAuthenticationValidWhileOnBody(); + boolean isInvalidatedByBiometricEnrollment(); + boolean isTrustedUserPresenceRequired(); + boolean isUnlockedDeviceRequired(); + long getBoundToSpecificSecureUserId(); + +} diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml index 1fc36bef215d..9613a6a8c059 100644 --- a/packages/SystemUI/AndroidManifest.xml +++ b/packages/SystemUI/AndroidManifest.xml @@ -90,7 +90,6 @@ <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" /> <uses-permission android:name="android.permission.GET_TOP_ACTIVITY_INFO" /> <uses-permission android:name="android.permission.MANAGE_ACTIVITY_STACKS" /> - <uses-permission android:name="android.permission.START_ACTIVITY_AS_CALLER" /> <uses-permission android:name="android.permission.START_TASKS_FROM_RECENTS" /> <uses-permission android:name="android.permission.GET_INTENT_SENDER_INTENT" /> @@ -560,22 +559,6 @@ </intent-filter> </activity> - <activity android:name=".chooser.ChooserActivity" - android:theme="@*android:style/Theme.NoDisplay" - android:finishOnCloseSystemDialogs="true" - android:excludeFromRecents="true" - android:documentLaunchMode="never" - android:relinquishTaskIdentity="true" - android:configChanges="screenSize|smallestScreenSize|screenLayout|orientation|keyboard|keyboardHidden" - android:process=":ui" - android:visibleToInstantApps="true"> - <intent-filter> - <action android:name="android.intent.action.CHOOSER_UI" /> - <category android:name="android.intent.category.DEFAULT" /> - <category android:name="android.intent.category.VOICE" /> - </intent-filter> - </activity> - <!-- Doze with notifications, run in main sysui process for every user --> <service android:name=".doze.DozeService" diff --git a/packages/SystemUI/src/com/android/systemui/chooser/ChooserActivity.java b/packages/SystemUI/src/com/android/systemui/chooser/ChooserActivity.java deleted file mode 100644 index 085ece75362d..000000000000 --- a/packages/SystemUI/src/com/android/systemui/chooser/ChooserActivity.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (C) 2017 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.systemui.chooser; - -import android.app.Activity; -import android.app.ActivityManager; -import android.content.Intent; -import android.os.Bundle; -import android.os.IBinder; -import android.util.Log; - -import com.android.systemui.R; - -import java.lang.Thread; -import java.util.ArrayList; - -public final class ChooserActivity extends Activity { - - private static final String TAG = "ChooserActivity"; - - @Override - protected void onCreate(Bundle savedInstanceState) { - super.onCreate(savedInstanceState); - ChooserHelper.onChoose(this); - finish(); - } -} diff --git a/packages/SystemUI/src/com/android/systemui/chooser/ChooserHelper.java b/packages/SystemUI/src/com/android/systemui/chooser/ChooserHelper.java deleted file mode 100644 index ac22568f7368..000000000000 --- a/packages/SystemUI/src/com/android/systemui/chooser/ChooserHelper.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (C) 2017 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.systemui.chooser; - -import android.app.Activity; -import android.app.ActivityManager; -import android.content.Intent; -import android.os.Bundle; -import android.os.IBinder; -import android.util.Log; - -import com.android.systemui.R; - -public class ChooserHelper { - - private static final String TAG = "ChooserHelper"; - - static void onChoose(Activity activity) { - final Intent thisIntent = activity.getIntent(); - final Bundle thisExtras = thisIntent.getExtras(); - final Intent chosenIntent = thisIntent.getParcelableExtra(Intent.EXTRA_INTENT); - final Bundle options = thisIntent.getParcelableExtra(ActivityManager.EXTRA_OPTIONS); - final IBinder permissionToken = - thisExtras.getBinder(ActivityManager.EXTRA_PERMISSION_TOKEN); - final boolean ignoreTargetSecurity = - thisIntent.getBooleanExtra(ActivityManager.EXTRA_IGNORE_TARGET_SECURITY, false); - final int userId = thisIntent.getIntExtra(Intent.EXTRA_USER_ID, -1); - activity.startActivityAsCaller( - chosenIntent, options, permissionToken, ignoreTargetSecurity, userId); - } -} diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/notification/ActivityLaunchAnimator.java b/packages/SystemUI/src/com/android/systemui/statusbar/notification/ActivityLaunchAnimator.java index 907af690a615..11d20b221051 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/notification/ActivityLaunchAnimator.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/notification/ActivityLaunchAnimator.java @@ -56,10 +56,15 @@ public class ActivityLaunchAnimator { public static final long ANIMATION_DELAY_ICON_FADE_IN = ANIMATION_DURATION - CollapsedStatusBarFragment.FADE_IN_DURATION - CollapsedStatusBarFragment.FADE_IN_DELAY - 16; + private static final long LAUNCH_TIMEOUT = 500; private final NotificationPanelView mNotificationPanel; private final NotificationListContainer mNotificationContainer; private final StatusBarWindowView mStatusBarWindow; - private final StatusBar mStatusBar; + private StatusBar mStatusBar; + private final Runnable mTimeoutRunnable = () -> { + setAnimationPending(false); + mStatusBar.collapsePanel(true /* animate */); + }; private boolean mAnimationPending; public ActivityLaunchAnimator(StatusBarWindowView statusBarWindow, @@ -92,6 +97,11 @@ public class ActivityLaunchAnimator { private void setAnimationPending(boolean pending) { mAnimationPending = pending; mStatusBarWindow.setExpandAnimationPending(pending); + if (pending) { + mStatusBarWindow.postDelayed(mTimeoutRunnable, LAUNCH_TIMEOUT); + } else { + mStatusBarWindow.removeCallbacks(mTimeoutRunnable); + } } class AnimationRunner extends IRemoteAnimationRunner.Stub { diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java index b51982415bbd..426268ba490c 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java @@ -2656,6 +2656,10 @@ public class StatusBar extends SystemUI implements DemoMode, if (mStatusBarView != null) { dumpBarTransitions(pw, "mStatusBarView", mStatusBarView.getBarTransitions()); } + pw.println(" StatusBarWindowView: "); + if (mStatusBarWindow != null) { + mStatusBarWindow.dump(fd, pw, args); + } pw.println(" mMediaManager: "); if (mMediaManager != null) { diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarWindowView.java b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarWindowView.java index e32914fa368b..a79a41b07797 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarWindowView.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarWindowView.java @@ -62,6 +62,9 @@ import com.android.systemui.statusbar.DragDownHelper; import com.android.systemui.statusbar.StatusBarState; import com.android.systemui.statusbar.stack.NotificationStackScrollLayout; +import java.io.FileDescriptor; +import java.io.PrintWriter; + public class StatusBarWindowView extends FrameLayout { public static final String TAG = "StatusBarWindowView"; @@ -398,6 +401,13 @@ public class StatusBarWindowView extends FrameLayout { mExpandAnimationPending = pending; } + public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { + pw.print(" mExpandAnimationPending="); pw.println(mExpandAnimationPending); + pw.print(" mExpandAnimationRunning="); pw.println(mExpandAnimationRunning); + pw.print(" mTouchCancelled="); pw.println(mTouchCancelled); + pw.print(" mTouchActive="); pw.println(mTouchActive); + } + public class LayoutParams extends FrameLayout.LayoutParams { public boolean ignoreRightInset; diff --git a/packages/SystemUI/tests/src/com/android/systemui/chooser/ChooserHelperTest.java b/packages/SystemUI/tests/src/com/android/systemui/chooser/ChooserHelperTest.java deleted file mode 100644 index 8e0426a15eee..000000000000 --- a/packages/SystemUI/tests/src/com/android/systemui/chooser/ChooserHelperTest.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.systemui.chooser; - -import android.app.Activity; -import android.app.ActivityManager; -import android.content.Intent; -import android.os.Binder; -import android.support.test.runner.AndroidJUnit4; -import android.test.suitebuilder.annotation.SmallTest; -import android.util.Log; - -import com.android.systemui.chooser.ChooserHelper; -import com.android.systemui.SysuiTestCase; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; - -import static org.mockito.Mockito.any; -import static org.mockito.Mockito.anyBoolean; -import static org.mockito.Mockito.anyFloat; -import static org.mockito.Mockito.anyInt; -import static org.mockito.Mockito.anyString; -import static org.mockito.Mockito.eq; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.never; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - -@SmallTest -@RunWith(AndroidJUnit4.class) -public class ChooserHelperTest extends SysuiTestCase { - - @Test - public void testOnChoose_CallsStartActivityAsCallerWithToken() { - final Intent intent = new Intent(); - final Binder token = new Binder(); - intent.putExtra(ActivityManager.EXTRA_PERMISSION_TOKEN, token); - - final Activity mockActivity = mock(Activity.class); - when(mockActivity.getIntent()).thenReturn(intent); - - ChooserHelper.onChoose(mockActivity); - verify(mockActivity, times(1)).startActivityAsCaller( - any(), any(), eq(token), anyBoolean(), anyInt()); - } -} diff --git a/services/core/java/com/android/server/PinnerService.java b/services/core/java/com/android/server/PinnerService.java index 3d7408ee6a54..2869114601b7 100644 --- a/services/core/java/com/android/server/PinnerService.java +++ b/services/core/java/com/android/server/PinnerService.java @@ -372,15 +372,19 @@ public final class PinnerService extends SystemService { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; + long totalSize = 0; pw.println("Pinned Files:"); synchronized(this) { for (int i = 0; i < mPinnedFiles.size(); i++) { pw.println(mPinnedFiles.get(i).mFilename); + totalSize += mPinnedFiles.get(i).mLength; } for (int i = 0; i < mPinnedCameraFiles.size(); i++) { pw.println(mPinnedCameraFiles.get(i).mFilename); + totalSize += mPinnedCameraFiles.get(i).mLength; } } + pw.println("Total size: " + totalSize); } } diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 7e952f1e9634..f6f7d4bf4fd5 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -26,7 +26,6 @@ import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.READ_FRAME_BUFFER; import static android.Manifest.permission.REMOVE_TASKS; -import static android.Manifest.permission.START_ACTIVITY_AS_CALLER; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; import static android.app.ActivityManager.LOCK_TASK_MODE_NONE; import static android.app.ActivityManager.RESIZE_MODE_PRESERVE_WINDOW; @@ -571,23 +570,6 @@ public class ActivityManagerService extends IActivityManager.Stub // could take much longer than usual. static final int PROC_START_TIMEOUT_WITH_WRAPPER = 1200*1000; - // Permission tokens are used to temporarily granted a trusted app the ability to call - // #startActivityAsCaller. A client is expected to dump its token after this time has elapsed, - // showing any appropriate error messages to the user. - private static final long START_AS_CALLER_TOKEN_TIMEOUT = - 10 * DateUtils.MINUTE_IN_MILLIS; - - // How long before the service actually expires a token. This is slightly longer than - // START_AS_CALLER_TOKEN_TIMEOUT, to provide a buffer so clients will rarely encounter the - // expiration exception. - private static final long START_AS_CALLER_TOKEN_TIMEOUT_IMPL = - START_AS_CALLER_TOKEN_TIMEOUT + 2*1000; - - // How long the service will remember expired tokens, for the purpose of providing error - // messaging when a client uses an expired token. - private static final long START_AS_CALLER_TOKEN_EXPIRED_TIMEOUT = - START_AS_CALLER_TOKEN_TIMEOUT_IMPL + 20 * DateUtils.MINUTE_IN_MILLIS; - // How long we allow a receiver to run before giving up on it. static final int BROADCAST_FG_TIMEOUT = 10*1000; static final int BROADCAST_BG_TIMEOUT = 60*1000; @@ -696,13 +678,6 @@ public class ActivityManagerService extends IActivityManager.Stub final ArrayList<ActiveInstrumentation> mActiveInstrumentation = new ArrayList<>(); - // Activity tokens of system activities that are delegating their call to - // #startActivityByCaller, keyed by the permissionToken granted to the delegate. - final HashMap<IBinder, IBinder> mStartActivitySources = new HashMap<>(); - - // Permission tokens that have expired, but we remember for error reporting. - final ArrayList<IBinder> mExpiredStartAsCallerTokens = new ArrayList<>(); - public final IntentFirewall mIntentFirewall; // Whether we should show our dialogs (ANR, crash, etc) or just perform their @@ -1881,8 +1856,6 @@ public class ActivityManagerService extends IActivityManager.Stub static final int PUSH_TEMP_WHITELIST_UI_MSG = 68; static final int SERVICE_FOREGROUND_CRASH_MSG = 69; static final int DISPATCH_OOM_ADJ_OBSERVER_MSG = 70; - static final int EXPIRE_START_AS_CALLER_TOKEN_MSG = 75; - static final int FORGET_START_AS_CALLER_TOKEN_MSG = 76; static final int FIRST_ACTIVITY_STACK_MSG = 100; static final int FIRST_BROADCAST_QUEUE_MSG = 200; @@ -2547,19 +2520,6 @@ public class ActivityManagerService extends IActivityManager.Stub } } } break; - case EXPIRE_START_AS_CALLER_TOKEN_MSG: { - synchronized (ActivityManagerService.this) { - final IBinder permissionToken = (IBinder)msg.obj; - mStartActivitySources.remove(permissionToken); - mExpiredStartAsCallerTokens.add(permissionToken); - } - } break; - case FORGET_START_AS_CALLER_TOKEN_MSG: { - synchronized (ActivityManagerService.this) { - final IBinder permissionToken = (IBinder)msg.obj; - mExpiredStartAsCallerTokens.remove(permissionToken); - } - } break; } } }; @@ -4845,54 +4805,16 @@ public class ActivityManagerService extends IActivityManager.Stub } - /** - * Only callable from the system. This token grants a temporary permission to call - * #startActivityAsCallerWithToken. The token will time out after - * START_AS_CALLER_TOKEN_TIMEOUT if it is not used. - * - * @param delegatorToken The Binder token referencing the system Activity that wants to delegate - * the #startActivityAsCaller to another app. The "caller" will be the caller of this - * activity's token, not the delegate's caller (which is probably the delegator itself). - * - * @return Returns a token that can be given to a "delegate" app that may call - * #startActivityAsCaller - */ @Override - public IBinder requestStartActivityPermissionToken(IBinder delegatorToken) { - int callingUid = Binder.getCallingUid(); - if (UserHandle.getAppId(callingUid) != SYSTEM_UID) { - throw new SecurityException("Only the system process can request a permission token, " + - "received request from uid: " + callingUid); - } - IBinder permissionToken = new Binder(); - synchronized (this) { - mStartActivitySources.put(permissionToken, delegatorToken); - } - - Message expireMsg = mHandler.obtainMessage(EXPIRE_START_AS_CALLER_TOKEN_MSG, - permissionToken); - mHandler.sendMessageDelayed(expireMsg, START_AS_CALLER_TOKEN_TIMEOUT_IMPL); - - Message forgetMsg = mHandler.obtainMessage(FORGET_START_AS_CALLER_TOKEN_MSG, - permissionToken); - mHandler.sendMessageDelayed(forgetMsg, START_AS_CALLER_TOKEN_EXPIRED_TIMEOUT); - - return permissionToken; - } + public final int startActivityAsCaller(IApplicationThread caller, String callingPackage, + Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, + int startFlags, ProfilerInfo profilerInfo, Bundle bOptions, boolean ignoreTargetSecurity, + int userId) { - @Override - public final int startActivityAsCaller(IApplicationThread caller, - String callingPackage, Intent intent, String resolvedType, IBinder resultTo, - String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, - Bundle bOptions, IBinder permissionToken, boolean ignoreTargetSecurity, int userId) { // This is very dangerous -- it allows you to perform a start activity (including - // permission grants) as any app that may launch one of your own activities. So we only - // allow this in two cases: - // 1) The caller is an activity that is part of the core framework, and then only when it - // is running as the system. - // 2) The caller provides a valid permissionToken. Permission tokens are one-time use and - // can only be requested by a system activity, which may then delegate this call to - // another app. + // permission grants) as any app that may launch one of your own activities. So + // we will only allow this to be done from activities that are part of the core framework, + // and then only when they are running as the system. final ActivityRecord sourceRecord; final int targetUid; final String targetPackage; @@ -4900,47 +4822,17 @@ public class ActivityManagerService extends IActivityManager.Stub if (resultTo == null) { throw new SecurityException("Must be called from an activity"); } - - final IBinder sourceToken; - if (permissionToken != null) { - // To even attempt to use a permissionToken, an app must also have this signature - // permission. - enforceCallingPermission(android.Manifest.permission.START_ACTIVITY_AS_CALLER, - "startActivityAsCaller"); - // If called with a permissionToken, we want the sourceRecord from the delegator - // activity that requested this token. - sourceToken = - mStartActivitySources.remove(permissionToken); - if (sourceToken == null) { - // Invalid permissionToken, check if it recently expired. - if (mExpiredStartAsCallerTokens.contains(permissionToken)) { - throw new SecurityException("Called with expired permission token: " - + permissionToken); - } else { - throw new SecurityException("Called with invalid permission token: " - + permissionToken); - } - } - } else { - // This method was called directly by the source. - sourceToken = resultTo; - } - - sourceRecord = mStackSupervisor.isInAnyStackLocked(sourceToken); + sourceRecord = mStackSupervisor.isInAnyStackLocked(resultTo); if (sourceRecord == null) { - throw new SecurityException("Called with bad activity token: " + sourceToken); + throw new SecurityException("Called with bad activity token: " + resultTo); + } + if (!sourceRecord.info.packageName.equals("android")) { + throw new SecurityException( + "Must be called from an activity that is declared in the android package"); } if (sourceRecord.app == null) { throw new SecurityException("Called without a process attached to activity"); } - - // Whether called directly or from a delegate, the source activity must be from the - // android package. - if (!sourceRecord.info.packageName.equals("android")) { - throw new SecurityException("Must be called from an activity that is " + - "declared in the android package"); - } - if (UserHandle.getAppId(sourceRecord.app.uid) != SYSTEM_UID) { // This is still okay, as long as this activity is running under the // uid of the original calling activity. @@ -4951,7 +4843,6 @@ public class ActivityManagerService extends IActivityManager.Stub + sourceRecord.launchedFromUid); } } - if (ignoreTargetSecurity) { if (intent.getComponent() == null) { throw new SecurityException( diff --git a/services/core/java/com/android/server/am/ActivityStack.java b/services/core/java/com/android/server/am/ActivityStack.java index ec8cf91a44cf..fd3f8ec92cf3 100644 --- a/services/core/java/com/android/server/am/ActivityStack.java +++ b/services/core/java/com/android/server/am/ActivityStack.java @@ -453,6 +453,9 @@ class ActivityStack<T extends StackWindowController> extends ConfigurationContai mStackId = stackId; mCurrentUser = mService.mUserController.getCurrentUserId(); mTmpRect2.setEmpty(); + // Set display id before setting activity and window type to make sure it won't affect + // stacks on a wrong display. + mDisplayId = display.mDisplayId; setActivityType(activityType); setWindowingMode(windowingMode); mWindowContainerController = createStackWindowController(display.mDisplayId, onTop, diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java index b5f94b1ce384..25a2100ff885 100644 --- a/services/core/java/com/android/server/fingerprint/FingerprintService.java +++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java @@ -421,7 +421,7 @@ public class FingerprintService extends SystemService implements IHwBinder.Death byteToken[i] = token.get(i); } // Send to Keystore - KeyStore.getInstance().addAuthToken(byteToken); + KeyStore.getInstance().addAuthToken(byteToken, mCurrentUserId); } if (client != null && client.onAuthenticated(fingerId, groupId)) { removeClient(client); diff --git a/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java b/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java index 941cd4441e23..efcadadce3f9 100644 --- a/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java +++ b/services/core/java/com/android/server/policy/keyguard/KeyguardStateMonitor.java @@ -19,6 +19,8 @@ package com.android.server.policy.keyguard; import android.app.ActivityManager; import android.content.Context; import android.os.RemoteException; +import android.os.ServiceManager; +import android.security.IKeystoreService; import android.util.Slog; import com.android.internal.policy.IKeyguardService; @@ -51,11 +53,16 @@ public class KeyguardStateMonitor extends IKeyguardStateCallback.Stub { private final LockPatternUtils mLockPatternUtils; private final StateCallback mCallback; + IKeystoreService mKeystoreService; + public KeyguardStateMonitor(Context context, IKeyguardService service, StateCallback callback) { mLockPatternUtils = new LockPatternUtils(context); mCurrentUserId = ActivityManager.getCurrentUser(); mCallback = callback; + mKeystoreService = IKeystoreService.Stub.asInterface(ServiceManager + .getService("android.security.keystore")); + try { service.addStateMonitorCallback(this); } catch (RemoteException e) { @@ -86,6 +93,12 @@ public class KeyguardStateMonitor extends IKeyguardStateCallback.Stub { @Override // Binder interface public void onShowingStateChanged(boolean showing) { mIsShowing = showing; + + if (showing) try { + mKeystoreService.lock(mCurrentUserId); // as long as this doesn't recur... + } catch (RemoteException e) { + Slog.e(TAG, "Error locking keystore", e); + } } @Override // Binder interface diff --git a/telephony/java/android/telephony/ModemActivityInfo.java b/telephony/java/android/telephony/ModemActivityInfo.java index 03ce2d8e6f6d..521adef8497f 100644 --- a/telephony/java/android/telephony/ModemActivityInfo.java +++ b/telephony/java/android/telephony/ModemActivityInfo.java @@ -36,12 +36,12 @@ public class ModemActivityInfo implements Parcelable { */ public static final int TX_POWER_LEVELS = 5; - private final long mTimestamp; - private final int mSleepTimeMs; - private final int mIdleTimeMs; - private final int [] mTxTimeMs = new int[TX_POWER_LEVELS]; - private final int mRxTimeMs; - private final int mEnergyUsed; + private long mTimestamp; + private int mSleepTimeMs; + private int mIdleTimeMs; + private int [] mTxTimeMs = new int[TX_POWER_LEVELS]; + private int mRxTimeMs; + private int mEnergyUsed; public ModemActivityInfo(long timestamp, int sleepTimeMs, int idleTimeMs, int[] txTimeMs, int rxTimeMs, int energyUsed) { @@ -110,6 +110,10 @@ public class ModemActivityInfo implements Parcelable { return mTimestamp; } + public void setTimestamp(long timestamp) { + mTimestamp = timestamp; + } + /** * @return tx time in ms. It's an array of tx times * with each index... @@ -118,6 +122,10 @@ public class ModemActivityInfo implements Parcelable { return mTxTimeMs; } + public void setTxTimeMillis(int[] txTimeMs) { + mTxTimeMs = txTimeMs; + } + /** * @return sleep time in ms. */ @@ -125,6 +133,10 @@ public class ModemActivityInfo implements Parcelable { return mSleepTimeMs; } + public void setSleepTimeMillis(int sleepTimeMillis) { + mSleepTimeMs = sleepTimeMillis; + } + /** * @return idle time in ms. */ @@ -132,6 +144,10 @@ public class ModemActivityInfo implements Parcelable { return mIdleTimeMs; } + public void setIdleTimeMillis(int idleTimeMillis) { + mIdleTimeMs = idleTimeMillis; + } + /** * @return rx time in ms. */ @@ -139,6 +155,10 @@ public class ModemActivityInfo implements Parcelable { return mRxTimeMs; } + public void setRxTimeMillis(int rxTimeMillis) { + mRxTimeMs = rxTimeMillis; + } + /** * product of current(mA), voltage(V) and time(ms) * @return energy used @@ -147,6 +167,10 @@ public class ModemActivityInfo implements Parcelable { return mEnergyUsed; } + public void setEnergyUsed(int energyUsed) { + mEnergyUsed = energyUsed; + } + /** * @return if the record is valid */ diff --git a/wifi/java/android/net/wifi/IWifiManager.aidl b/wifi/java/android/net/wifi/IWifiManager.aidl index 2a2ff0cf3a6f..309bc80b8864 100644 --- a/wifi/java/android/net/wifi/IWifiManager.aidl +++ b/wifi/java/android/net/wifi/IWifiManager.aidl @@ -158,9 +158,6 @@ interface IWifiManager int getVerboseLoggingLevel(); - void enableAggressiveHandover(int enabled); - int getAggressiveHandover(); - void enableWifiConnectivityManager(boolean enabled); void disableEphemeralNetwork(String SSID, String packageName); diff --git a/wifi/java/android/net/wifi/WifiManager.java b/wifi/java/android/net/wifi/WifiManager.java index 13b7c1ad6dae..897b1eaa2a64 100644 --- a/wifi/java/android/net/wifi/WifiManager.java +++ b/wifi/java/android/net/wifi/WifiManager.java @@ -3532,31 +3532,6 @@ public class WifiManager { } /** - * Set wifi Aggressive Handover. Called from developer settings. - * @hide - */ - public void enableAggressiveHandover(int enabled) { - try { - mService.enableAggressiveHandover(enabled); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } - } - - /** - * Get the WiFi Handover aggressiveness.This is used by settings - * to decide what to show within the picker. - * @hide - */ - public int getAggressiveHandover() { - try { - return mService.getAggressiveHandover(); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } - } - - /** * Removes all saved wifi networks. * * @hide |