| Age | Commit message (Collapse) | Author |
|---|
|
|
|
If an ECM setting is restricted only by global device state, then it
should not be checked for a per-package restriction.
Fixes: 385317771
Test: atest EnhancedConfirmationInCallTest
Flag:
android.permission.flags.enhanced_confirmation_in_call_apis_enabled
Relnote: 25Q2 feature work
LOW_COVERAGE_REASON=b/387927331
Change-Id: Ia78acdca3071af6310d5bd5ce2c4db0c30195478
|
|
All new mainline APIs must be flagged.
Bug: 380052797
Test: atest PackageManagerShellCommandInstallTest
Flag: android.content.pm.sdk_dependency_installer
Relnote: N/A
Change-Id: I3b2677947608dbe772d81bc6875d45930095afa7
|
|
|
|
LOW_COVERAGE_REASON=NON_CODE_ONLY
Bug: 378965769
Flag: TEST_ONLY
Relnote: N/A
Change-Id: Ic09fa519fd43fc1790865b196ca612b4b4510846
|
|
This also adds a "reason" to the ecm dialog, to be used in determining
which version of the dialog to show
Bug: 364535720
Test: manual
Flag: android.permission.flags.enhanced_confirmation_in_call_apis_enabled
Relnote: 25Q2 feature work
Change-Id: I4be7e63d616d80ac196e88524b2f4cbda2d0c405
|
|
|
|
Bug: 380052797
Test: atest PackageManagerShellCommandInstallTest
Flag: NONE API to avoid hardcoding constant
Relnote: N/A
Change-Id: I8d32ce928ba83211bf864b088c205c56ef96289d
|
|
Followup fixes for RoleManager get/setDefaultHoldersForTest and is/setRoleVisibleForTest
LOW_COVERAGE_REASON=b/382484309
Relnote: N/A
Flag: com.android.permission.flags.cross_user_role_enabled
Bug: 381315745
Test: atest RoleManagerTest
Test: atest RoleManagerMultiUserTest
Change-Id: I19ddcd4a71682f89ccf32322833db3404f46c86f
|
|
This dialog looks similar to the existing ECM dialog, but has a
different message, about being blocked while in a phone call
Also removes the ecm "isUnknownCallOngoing", in favor of using
"isRestricted"
Test: atest EnhancedConfirmationInCallTest
Flag: android.permission.flags.unknown_call_package_install_blocking_enabled
Relnote: android 25Q2 feature
LOW_COVERAGE_REASON=FLAG_NOT_ENABLED
Change-Id: I113114c15df3df483e290f0bab00f5cecb2b44f8
|
|
|
|
Add role methods to assist in setting test role visiblity and default holders
LOW_COVERAGE_REASON=b/382484309
Relnote: N/A
Flag: com.android.permission.flags.cross_user_role_enabled
Bug: 381315745
Test: atest RoleManagerTest
Change-Id: I6d1d4200849a2be994f83da675fc57837ae7204f
|
|
This intent action will be used by settings to trigger the "action
blocked due to being in untrusted call" dialog
Bug: 364535720
Test: build
Flag: android.permission.flags.enhanced_confirmation_in_call_apis_enabled
Relnote: 25Q2 api
LOW_COVERAGE_REASON=NON_CODE_ONLY
Change-Id: Ic96ca1ce17ed5df3a4f4f736c6bd48ea599dadbe
|
|
|
|
Adds new APIs that let certain apps query if there is a call with an
unkown user (read: not a contact) ongoing. Also merges an InCallService
which tracks and updates this state
Bug: 364535720
Test: atest EnhancedConfirmationInCallTest
Flag: android.permission.flags.enhanced_confirmation_in_call_apis_enabled
Relnote: 25Q2 release
LOW_COVERAGE_REASON=FLAG_NOT_ENABLED
Change-Id: I2e260bd911a65f99dd7e7b7b4012b04ef7b51203
|
|
LOW_COVERAGE_REASON=FLAG_NOT_ENABLED
NO_IFTTT=brings jarjar inline with RoleParse transform
Relnote: N/A
Flag: com.android.permission.flags.cross_user_role_enabled
Test: atest RoleManagerTest
Test: atest RoleShellCommandTest
Bug: 372746716
Change-Id: I1b4da27df2f0d1862aa0031b2988bd7562f1a956
|
|
NO_IFTTT=Does not modify RoleParser logic
RelNote: N/A
Bug: 376728836
Flag: EXEMPT refactor
Test: build
Change-Id: I603adc9e8e584bbadda49903bca6c3aba30cad89
|
|
Test of *all* Mainline modules are currently configured in a single
`mainline-presubmit` Test Mapping group. This requires that users indicate the
module to install in every entry and is quite tedious.
The above approach also adds overhead due to installing, checking for, and
uninstalling Mainline modules between test module executions. This eats up
precious presubmit time and gets runtimes close to violating the SLO.
This change moves all PermissionController Mainline module tests into a
dedicated Test Mapping group that installs the Mainline module once before
executing all test modules. This also simplifies the configuration syntax by no
longer requiring brackets that indicate the, now implicit, Mainline module.
Bug: 328102821
Test: presubmit checks
Change-Id: Id7abaaa4096a4afe2175e79e629f59e84588dda4
|
|
Update the methods in IRoleController to catch the exception and
send it back to the caller's site.
This CL is a general fix for exception handling in IRoleController. It
also fixes and an issue we previously encountered where the role migration
failed when PC version mismatched. More details:
In the very rare cases that the PermissionController is not in an
updated version, it's possible that the system-server side of the role
migration code is in place but PC doesn't have the code to return the
legacyFallbackEnabledRoles. In this case currently we throw
UnsupportedOperationException. However, after this exception is thrown,
we didn't resolve the result for the cross-binder remote callback that's
being sent to PC. Hence in system-server it will wait until this call is
timedout.
Fixes: 325264710
Test: RoleManagerTest and additionally tested locally
LOW_COVERAGE_REASON=b/330904893
Change-Id: If77b32e39db5b0853cd54c8b74c871b0684611f5
|
|
We recently moved---well, copied---the "Restricted setting" dialog into
PermissionController. But, we're not using the new dialog yet.
The new dialog receives a different intent action than the old. So, to
migrate to the new dialog, we'll need to update all code that launches
the old intent. Fortunately, we've encapsulated this in
EnhancedConfirmationManager, so this is a one-line change.
Bug: 322026141
Test: CtsPermissionUiTestCases:android.permissionui.cts.EnhancedConfirmationManagerTest
Change-Id: Ied3e2712e409e056945be08e5911ae232149de68
|
|
|
|
In createRestrictedSettingDialogIntent, pass the provided
settingIdentifier to the dialog intent.
Fix: 323225971
Test: CtsPermissionUiTestCases:android.permissionui.cts.EnhancedConfirmationManagerTest
Change-Id: I59efd6601f4254c0fe74b8430ac1f3b6c6d91b6e
|
|
This API then enables TelephonyManager to expose the emergency
role holder to priviliged clients via getEmergencyAssistancePackageName.
Bug: 323157319
Test: atest RoleManagerTest
LOW_COVERAGE_REASON=Flagged test added but flag not enabled
Change-Id: I91089701248a32a720b488147405b2566cca2be9
|
|
Because Intent is more common, and we're not really getting major
advantages from how we're using a PendingIntent, return an Intent
instead of a PendingIntent.
Test: atest CtsPermissionUiTestCases:android.permissionui.cts.EnhancedConfirmationManagerTest
Fix: 324645464
Change-Id: I12062d20edb5a34950fd3cb9c9b993998b906041
|
|
ag/25918135 missed keeping some tests under the API check.
Also, correcting some documentation and using the codename until the
release when the correct sdk version would be available.
Bug: 286539356
Test: manual
Test: atest ParserConfigValidTest
Change-Id: I8a9175131eb364b9eee7947ca8be65882ad57db6
|
|
"sc_private_profile_api" into main
* changes:
Add the titleForPrivateProfile API
Generalise the code for various profile types - 6
Generalise the code for various profile types - 5
Generalise the code for various profile types - 4
Don't add primary profile in default group summary
Generalise the code for various profile types - 3
Generalise the code for various profile types - 2
Generalise the code for various profile types - 1
|
|
This API lets the safety sources set the title for the private
profile in the safety center config file.
This change also temporarily disables the linter. Safety Center team
will look into enabling it later.
Bug: 286539356
Test: manual
Change-Id: I99ab006240883065d290b2d9976f2a7c9bf7905e
|
|
In a recent commit, I introduced an AtomicInteger to generate unique
request codes that should never repeat.
But, I mistakenly made it a instance variable. Make it static so it
will be unique across instances of this class.
Bug: 26056958
Test: atest CtsPermissionUiTestCases:android.permissionui.cts.EnhancedConfirmationManagerTest
Change-Id: I04d0b7f2be854cf84155811b15282a66bbc92199
|
|
|
|
We're planning to move the "Restricted setting" dialog into
PermissionController. But, this dialog's intent action string,
Settings.ACTION_SHOW_RESTRICTED_SETTING_DIALOG, is currently bound to
the Settings app.
So, to ease the transition, this change defines a new intent action
string.
This string should only need to be accessed by PermissionController,
which handles the intent, and EnhancedConfirmationManager, which
constructs the intent.
Bug: 322026141
Test: manual
Change-Id: I1ba1d5bc778dd39239abb0dc6e0f0f32bea0c2b2
|
|
Use a unique requestCode for each call to PendingIntent.getActivity.
Without this, each call returns the same object, even if the supplied *extra*s differ. This is a problem because, it would mean that after the first call to PendingIntent.getActivity, each subsequent call will have the wrong extras.
Fix: 322891228
Test: manual
Change-Id: If774bfc1e03963ec32980ea7c935774eb930eaf0
|
|
Accept a 'settingIdentifier' argument to getRestrictedSettingDialogIntent.
We might want to use this to customize the dialog depending on the setting being requested. (Though, we're not doing that yet.)
Bug: 323225971
Change-Id: I51258724c48958176fa436b23f23cfa93a242dc3
Test: manual
|
|
We plan to call EnhancedConfirmationManager::setClearRestrictionAllowed
a hidden API method, from PermissionController. But,
PermissionController can't access hidden API methods. In order to make
this possible, setClearRestrictionAllowed will need to be upgraded from
hidden API to SystemApi.
The reason we need to call setClearRestrictionAllowed from
PermissionController is that we plan to move the
ActionDisabledByAppOpsDialog activity into PermissionController, and
modify it to call setClearRestrictionAllowed instead of directly setting
appops.
Bug: 322026141
Fix: 320517290
Test: atest CtsPermissionUiTestCases:android.permissionui.cts.EnhancedConfirmationManagerTest
Change-Id: Ibd068ac456846fd1af8e867a6b336853a7835c4a
|
|
|
|
This change:
1. Defines EnhancedConfirmationService, a new SystemService
2. Defines IEnhancedConfirmationManager, a new binder interface
implemented within EnhancedConfirmationService
3. Injects EnhancedConfirmationService into EnhancedConfirmationManager
4. Moves the bulk of EnhancedConfirmationManager's logic into
EnhancedConfirmationService
Bug: 321053639
Test: atest CtsPermissionUiTestCases:android.permissionui.cts.EnhancedConfirmationManagerTest
Change-Id: Ib6fbf4dde07391314bfd2a64f22bab79a6cebd23
|
|
We've recently created a new permission:
MANAGE_ENHANCED_CONFIRMATION_STATES
The EnhancedConfirmationManager API should be gated by this permission.
So, add the RequiresPermission annotations.
Bug: 320512579
Test: presubmit
Change-Id: Ia04678c8049e46bdd27ae24dd23e7c842e240c63
|
|
This was a boolean logic typo. Correct the logic by inverting it, and
use a variable to make the intention clear.
Obviously, being installed from a trusted installer should imply *more*
trustworthiness, not less.
Bug: 310655061
Test: manual
Change-Id: Ic1e0b19d5565011bc3aa0dd151b49ff0d0b2458b
|
|
|
|
This is a system service that provides the core API for ECM
(Enhanced Confirmation Mode).
Fix: 310655061
Test: manual
Change-Id: I831391e4437b51b3312b5273a2360bd029a3d8ee
|
|
Bug: 283989236
Bug: 291794775
Test: local testing
Change-Id: Ibd1b48e62b2702678434add5a007ca24d9fbf7d2
|
|
Migrate the isRoleFallbackEnabled preference to system server as a part
of the role logic move project. We only do the migration if it's V+. On
the system server side it will check the existing preference in
SharedPreference and migrate for all roles for the user.
API-Coverage-Bug: 314281553
Bug: 302563864
Test: RolePersistenceTest and RoleManagerTest
Change-Id: Ib24ebb8211359a652e52007fecf79a2390575e9c
|
|
|
|
We created the role_controller_in_system_server feature flag, then later
made it a fixed flag. However, it has been observed that the fixed
flag documentation shows the following warning:
IMPORTANT: Modifying the type of an existing flag is not supported.
For example, you cannot change a regular flag to a fixed read-only
flag, or vice versa. If you need to change the flag type, the best
practice is to create a new flag.
By renaming the flag, we're effectively removing the old flag and
creating a new one. This should mitigate any issues implied by the
above warning.
Fix: 313529525
Test: atest CtsRoleTestCases
Change-Id: I75e8c88984bdf9f5b98cc0a4745e205bcf8a798b
|
|
In a previous CL, some code was left out, causing an issue. (Only
results in an issue when the feature flag is enabled.)
Fix: 309139048
Test: atest CtsRoleTestCases (with flag enabled)
Change-Id: I8c548ecf20820f39eb467fe92ddc788f4648301c
|
|
Currently, the methods:
- RoleManager::isRoleVisible
- RoleManager::isApplicationVisibleForRole
...directly call corresponding RoleControllerManager methods. These are
the only two methods in RoleManager that call RoleControllerManager.
But, RoleControllerManager calls the RoleControllerService API which
runs in PermissionController, and, we want to invoke this logic in
System Server.
So, call RoleService instead, and have RoleService conditionally route
to either System Server or PermissionController depending on the flag
state.
Bug: 309139048
Test: atest CtsRoleTestCases
Change-Id: I417637269d70e28bd2bebcabc85f9ac6a033b0f8
|
|
Typedef annotations are meant to have SOURCE retention, as they're
only analyzed by metalava to produce a separate file that's actually
consumed by the tools. Update typedefs as such.
Bug: 309971481
Test: m checkapi
Change-Id: I1fde1203c85db138bd4078541a98719b1f2777d8
|
|
Some RoleManager API methods are not multi-user-aware; for example, the
methods named "...FromController", among others. These methods lead to
Binder.getCallingUid().
And, many of those methods are called from the role-controller business
logic. But, that business logic will will be moving from a per-user app
into SystemServer. So, we need to make these methods multi-user-aware
to support the Role Business Logic Move project.
To do so, modify these methods to receive the user from the context,
and mark the APIs as @UserHandleAware.
For compatibility reasons, use CompatChanges, which will only enable
this change for callers with targetSdk V+. Since this is the first time
we've used CompatChanges in the Permission APEX, this involves updating
Android.bp files.
Test: atest CtsRoleTestCases
Bug: 303742236
Change-Id: I8efae9ffe083f8e33ea1bd221bc1ed05c1100a13
|
|
main
|
|
Add the isFallbackEnabled related fields (and setting/getting this value)
in System Server. We will assume all current RolesState have version=0.
If the version is undefined, it will be -1. If the isFallbackEnabled is
migrated, it will be 1.
What's not included in this CL:
(1) Code in PC to read this value from System Server
(2) Code in System Server to read from SharedPreference, migrate the
current user settings, and update RolesState version
Notes for the reviewer(s): (and open for discussions)
(1) If the version doesn't support isFallbackEnabled (when version < 1),
it will assume isFallbackEnabled is false. I think if the version < 1,
we should try to migrate (in a followup CL) this user settings and
update the version to be >= 1 instead of asssuming isFallbackEnabled to true.
Hence there's a constructor for RolesState that sets
mFallbackEnabledRoles to null. This should be used when version < 1.
(2) If the roles doesn't present or the version doesn't support
fallbackEnabled (see the condition in RoleUserState.setFallbackEnabled),
we don't allow setting fallbackEnabled to true.
Bug: 302563864
Test: Will add it after fallback logic described in Notes (2) is discussed.
Change-Id: Iaeb037ae014323f0af0c43031b20f3239e359027
|
|
014192e024
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Permission/+/24853824
Change-Id: I25af6083c37e7b7832f389c26dca0b6b73fe3cab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|