OSDN Git Service
Automerger Merge Worker [Thu, 9 Jan 2020 14:06:22 +0000 (14:06 +0000)]
[automerger skipped] Merge "Fix security problem on PermissionMonitor#hasPermission" into oc-dev am:
5e0b069876 am:
81db8d8a83 am:
5b6d8d7724 -s ours
am skip reason: Change-Id Iae9c273af822b18c2e6fce04848a86f8dea6410a with SHA-1
d0205a3469 is in history
Change-Id: Ifa87cac191ad07937dc70770ff74a9d025131a40
Automerger Merge Worker [Thu, 9 Jan 2020 13:53:42 +0000 (13:53 +0000)]
Merge "Fix security problem on PermissionMonitor#hasPermission" into oc-dev am:
5e0b069876 am:
81db8d8a83
Change-Id: I5660cafce05a0e3c6edff03bd645d8df329c5d50
Automerger Merge Worker [Thu, 9 Jan 2020 13:40:20 +0000 (13:40 +0000)]
Merge "Fix security problem on PermissionMonitor#hasPermission" into oc-dev am:
5e0b069876
Change-Id: I4c255820617a86afdfa239febdd46fff7d082381
TreeHugger Robot [Thu, 9 Jan 2020 13:25:46 +0000 (13:25 +0000)]
Merge "Fix security problem on PermissionMonitor#hasPermission" into oc-dev
Paul Hu [Thu, 9 Jan 2020 08:53:08 +0000 (08:53 +0000)]
Merge "Fix security problem on PermissionMonitor#hasPermission" into pi-dev
Automerger Merge Worker [Thu, 9 Jan 2020 01:50:54 +0000 (01:50 +0000)]
Merge changes I8ae4e331,Id4e37c3e,If0fd4834 into oc-dev am:
e422bc0c8f am:
43d5e3bb62 am:
929c2c5e1b
Change-Id: I59ffea6df5c62eb899b3603c8767318e96af195a
Automerger Merge Worker [Thu, 9 Jan 2020 01:50:38 +0000 (01:50 +0000)]
Use KNOWN_PACKAGES when shared lib consumers am:
08315953bc am:
e580843476 am:
d46ef183b1
Change-Id: I6a21d79dc45635a49540f5d821094925b2e71d01
Automerger Merge Worker [Thu, 9 Jan 2020 01:50:24 +0000 (01:50 +0000)]
Handles null outInfo in deleteSystemPackageLI am:
6afabce549 am:
ae901aceda am:
3e28284fb8
Change-Id: Ib34f13ac3d1e34dbe639dc19c1c664aab9d7f17d
Automerger Merge Worker [Thu, 9 Jan 2020 01:04:14 +0000 (01:04 +0000)]
Merge changes I8ae4e331,Id4e37c3e,If0fd4834 into oc-dev am:
e422bc0c8f am:
43d5e3bb62
Change-Id: I5df542202c561a4ed931b918ccbaed317a8ba942
Automerger Merge Worker [Thu, 9 Jan 2020 01:03:58 +0000 (01:03 +0000)]
Use KNOWN_PACKAGES when shared lib consumers am:
08315953bc am:
e580843476
Change-Id: I64af9ee49999f2de11f1a6779e116357649f63b2
Automerger Merge Worker [Thu, 9 Jan 2020 01:03:45 +0000 (01:03 +0000)]
Handles null outInfo in deleteSystemPackageLI am:
6afabce549 am:
ae901aceda
Change-Id: I2741bc7999cd2b1c1e16b982791f72e3023361c7
Automerger Merge Worker [Thu, 9 Jan 2020 00:08:31 +0000 (00:08 +0000)]
Merge changes I8ae4e331,Id4e37c3e,If0fd4834 into oc-dev am:
e422bc0c8f
Change-Id: I7efbfda4517e46abf406fd53487836704a941a2e
Automerger Merge Worker [Thu, 9 Jan 2020 00:08:14 +0000 (00:08 +0000)]
Use KNOWN_PACKAGES when shared lib consumers am:
08315953bc
Change-Id: I3ab4cc8d36bd79f3b7342cf0d0fa3056d08988e7
Automerger Merge Worker [Thu, 9 Jan 2020 00:08:02 +0000 (00:08 +0000)]
Handles null outInfo in deleteSystemPackageLI am:
6afabce549
Change-Id: I077e6febea84013403feb65842ae99bc449ac737
Bryan Ferris [Wed, 8 Jan 2020 22:46:45 +0000 (22:46 +0000)]
Merge changes I8ae4e331,Id4e37c3e,If0fd4834 into oc-dev
* changes:
Fixes NPE when preparing app data during init
Use KNOWN_PACKAGES when shared lib consumers
Handles null outInfo in deleteSystemPackageLI
Patrick Baumann [Wed, 6 Nov 2019 18:36:39 +0000 (10:36 -0800)]
Fixes NPE when preparing app data during init
When deleting an unused static shared library on Q, the user manager was
fetched via mContext.getSystemService. At this time during boot, the
service wasn't registered and so null was returned. This has already
been addressed in R with a move to injecting dependencies in the
PackageManagerService constructor.
Bug:
142083996
Bug:
141413692
Test: manual; remove static dependency on eng Q build and reboot
Change-Id: I8ae4e331d09b4734c54cdc6887b273705dce88b1
Merged-In: I8ae4e331d09b4734c54cdc6887b273705dce88b1
Patrick Baumann [Thu, 10 Oct 2019 22:50:28 +0000 (15:50 -0700)]
Use KNOWN_PACKAGES when shared lib consumers
This change ensures we find ALL known packages that could be consuming a
shared library, not only currently installed ones. Without this check,
the system may get into a state in which we have currently uninstalled
but on-device apps that depend on a shared library that does not exist
on device.
This change also leaves static shared library packages on device even if
it's not installed for any of the remaining users as it could still be
used, but marked uninstalled for users in which it is consumed.
Bug:
141413692
Bug:
142083996
Test: Manual; attempt to remove shared lib after marking its consumer uninstalled.
Test: atest StaticSharedLibsHostTests
Change-Id: Id4e37c3e4d3ea3ad5fddae5d2c7305e56f50eeea
Merged-In: Id4e37c3e4d3ea3ad5fddae5d2c7305e56f50eeea
Patrick Baumann [Fri, 23 Aug 2019 20:50:23 +0000 (13:50 -0700)]
Handles null outInfo in deleteSystemPackageLI
This change adds null checks before accessing outInfo in
deleteSystemPackageLI.
Bug:
142083996
Bug:
141413692
Test: manual; remove static dependency on eng build and reboot
Change-Id: If0fd48343e89cbb77ccd25826656194195d5b0cd
(cherry picked from commit
17471016508bb9c9ffb8c3946dda0b4897d722f1)
Merged-In: If0fd48343e89cbb77ccd25826656194195d5b0cd
Automerger Merge Worker [Thu, 2 Jan 2020 20:47:01 +0000 (20:47 +0000)]
Merge "Fix MediaCodec FLAC Javadoc" into oc-mr1-dev am:
546c644f27
Change-Id: I511da6d59c3b525cb678d6bb08a6cfa8e4e5a94f
TreeHugger Robot [Thu, 2 Jan 2020 20:31:27 +0000 (20:31 +0000)]
Merge "Fix MediaCodec FLAC Javadoc" into oc-mr1-dev
paulhu [Mon, 16 Dec 2019 10:24:05 +0000 (18:24 +0800)]
Fix security problem on PermissionMonitor#hasPermission
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug:
144679405
Test: Build, flash, manual test
Change-Id: Iae9c273af822b18c2e6fce04848a86f8dea6410a
Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
Merged-In: I2da730feda4d7ebed1f158b073167bb3964b3e7d
paulhu [Mon, 16 Dec 2019 10:24:05 +0000 (18:24 +0800)]
Fix security problem on PermissionMonitor#hasPermission
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug:
144679405
Test: Build, flash, manual test
Change-Id: I5eba4909e4c2e1d9f275f66be90ac36466b93e90
Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
Merged-In: Iae9c273af822b18c2e6fce04848a86f8dea6410a
Automerger Merge Worker [Fri, 13 Dec 2019 17:37:31 +0000 (17:37 +0000)]
[automerger skipped] Merge "RESTRICT AUTOMERGE Make toasts non-clickable" into oc-dev am:
0f41dc420f am:
5f1d7675ea am:
ad56194783 -s ours
am skip reason: subject contains skip directive
Change-Id: I5b7670226082f60abc45ae023e687a8b0191f20e
Automerger Merge Worker [Fri, 13 Dec 2019 17:37:15 +0000 (17:37 +0000)]
[automerger skipped] RESTRICT AUTOMERGE am:
fe4bf7926e am:
9680a6d75d am:
e0465e2881 -s ours
am skip reason: subject contains skip directive
Change-Id: I67f8185d1a6d3b75fad924d07e8eb6e8e9db0207
Automerger Merge Worker [Fri, 13 Dec 2019 17:14:42 +0000 (17:14 +0000)]
Merge "RESTRICT AUTOMERGE Make toasts non-clickable" into oc-dev am:
0f41dc420f am:
5f1d7675ea
Change-Id: I197f9d12435267964c84bfcee18c371611fa728c
Automerger Merge Worker [Fri, 13 Dec 2019 17:14:28 +0000 (17:14 +0000)]
RESTRICT AUTOMERGE am:
fe4bf7926e am:
9680a6d75d
Change-Id: I490bf47b2c6588da4b28998333fbfb197688d6c0
Automerger Merge Worker [Fri, 13 Dec 2019 17:02:07 +0000 (17:02 +0000)]
Merge "RESTRICT AUTOMERGE Make toasts non-clickable" into oc-dev am:
0f41dc420f
Change-Id: I0b4b6a26b538d6f51780413376d70b6906877893
Automerger Merge Worker [Fri, 13 Dec 2019 17:01:46 +0000 (17:01 +0000)]
RESTRICT AUTOMERGE am:
fe4bf7926e
Change-Id: I92627314fc09b129f37b08192084c5b807a00ed2
Automerger Merge Worker [Fri, 13 Dec 2019 16:57:18 +0000 (16:57 +0000)]
[automerger skipped] Merge "RESTRICT AUTOMERGE Make toasts non-clickable" into oc-mr1-dev am:
b64534ceb2 -s ours
am skip reason: subject contains skip directive
Change-Id: I46e62bd45f14b79772dbb584167a01bef66b314b
Sterling Huber [Fri, 13 Dec 2019 16:44:15 +0000 (16:44 +0000)]
Merge "RESTRICT AUTOMERGE Make toasts non-clickable" into oc-dev
Sterling Huber [Fri, 13 Dec 2019 16:44:15 +0000 (16:44 +0000)]
Merge "RESTRICT AUTOMERGE Make toasts non-clickable" into oc-mr1-dev
Sterling Huber [Fri, 13 Dec 2019 16:44:15 +0000 (16:44 +0000)]
Merge "RESTRICT AUTOMERGE Make toasts non-clickable" into pi-dev
Automerger Merge Worker [Thu, 12 Dec 2019 07:10:26 +0000 (07:10 +0000)]
[automerger skipped] Merge "DO NOT MERGE back porting for fixing sysui direct reply" into oc-dev am:
090476d5f3 am:
9d5989df0b am:
ab6b640548 -s ours
am skip reason: subject contains skip directive
Change-Id: I9810b56bf25eca7d1ac4fcb3a40c269637c24558
Automerger Merge Worker [Thu, 12 Dec 2019 07:10:17 +0000 (07:10 +0000)]
[automerger skipped] DO NOT MERGE back porting for fixing sysui direct reply am:
08aae90860 am:
a37fe87922 am:
bf965b484f -s ours
am skip reason: subject contains skip directive
Change-Id: Idb67d00b6ace91b47ec5e633be5c2f23942934bf
Automerger Merge Worker [Thu, 12 Dec 2019 06:50:06 +0000 (06:50 +0000)]
Merge "DO NOT MERGE back porting for fixing sysui direct reply" into oc-dev am:
090476d5f3 am:
9d5989df0b
Change-Id: I6ccba38eeffbdab3ef9b4e90fe269bd61aabf698
Automerger Merge Worker [Thu, 12 Dec 2019 06:49:56 +0000 (06:49 +0000)]
DO NOT MERGE back porting for fixing sysui direct reply am:
08aae90860 am:
a37fe87922
Change-Id: Ic5b84e6b650b01d38801a2ff39c059a51173fe0b
Automerger Merge Worker [Thu, 12 Dec 2019 05:00:29 +0000 (05:00 +0000)]
Merge "DO NOT MERGE back porting for fixing sysui direct reply" into oc-dev am:
090476d5f3
Change-Id: I731a7fa2643382bd0df6f2107424d370a6f765b3
Automerger Merge Worker [Thu, 12 Dec 2019 05:00:18 +0000 (05:00 +0000)]
DO NOT MERGE back porting for fixing sysui direct reply am:
08aae90860
Change-Id: Iebebd941ee806b4e06d35f2134113f609160396f
TreeHugger Robot [Thu, 12 Dec 2019 04:00:33 +0000 (04:00 +0000)]
Merge "DO NOT MERGE back porting for fixing sysui direct reply" into oc-dev
TreeHugger Robot [Thu, 12 Dec 2019 02:38:28 +0000 (02:38 +0000)]
Merge "DO NOT MERGE back porting for fixing sysui direct reply" into pi-dev
Lorenzo Colitti [Wed, 11 Dec 2019 23:55:10 +0000 (23:55 +0000)]
Merge changes Iaa78a7ed,I6497b7ef into pi-dev
* changes:
Support strict mode private DNS on VPNs that provide Internet.
Add test coverage for strict mode private DNS.
Abodunrinwa Toki [Wed, 11 Dec 2019 21:58:38 +0000 (21:58 +0000)]
Merge "RESTRICT AUTOMERGE Disable TextClassifier for RemoteInputView." into pi-dev
TreeHugger Robot [Wed, 11 Dec 2019 21:10:46 +0000 (21:10 +0000)]
Merge "DO NOT MERGE: Disable SpellChecker in secondary user's direct reply" into pi-dev
Automerger Merge Worker [Wed, 11 Dec 2019 19:53:03 +0000 (19:53 +0000)]
[automerger skipped] Merge "DO NOT MERGE: Disable SpellChecker in secondary user's direct reply" into oc-dev am:
70ffc41cad am:
063d83ca63 am:
402a7b2c33 -s ours
am skip reason: subject contains skip directive
Change-Id: Ie33411c2b6b95dba41997171acf0fced3ba4a740
Automerger Merge Worker [Wed, 11 Dec 2019 19:52:49 +0000 (19:52 +0000)]
[automerger skipped] DO NOT MERGE: Disable SpellChecker in secondary user's direct reply am:
b52efcb9d5 am:
9b1ddfe488 am:
4f5d0e446e -s ours
am skip reason: subject contains skip directive
Change-Id: I770bd1ba8cc66b4179e88f194d45bb715be1977c
Automerger Merge Worker [Wed, 11 Dec 2019 19:30:18 +0000 (19:30 +0000)]
Merge "DO NOT MERGE: Disable SpellChecker in secondary user's direct reply" into oc-dev am:
70ffc41cad am:
063d83ca63
Change-Id: I0622df10fdde4fb961c920fc0c9529e4c3b3ecfc
Automerger Merge Worker [Wed, 11 Dec 2019 19:30:08 +0000 (19:30 +0000)]
DO NOT MERGE: Disable SpellChecker in secondary user's direct reply am:
b52efcb9d5 am:
9b1ddfe488
Change-Id: Idcdef9d986a8d0e2f6f0209fd550900a6275796d
Automerger Merge Worker [Wed, 11 Dec 2019 19:10:38 +0000 (19:10 +0000)]
Merge "DO NOT MERGE: Disable SpellChecker in secondary user's direct reply" into oc-dev am:
70ffc41cad
Change-Id: I8439eee725f85cc1e939772663a4217e5dde2e38
Automerger Merge Worker [Wed, 11 Dec 2019 19:10:27 +0000 (19:10 +0000)]
DO NOT MERGE: Disable SpellChecker in secondary user's direct reply am:
b52efcb9d5
Change-Id: I438383977e4b7454e732dba8d2906a8c333f2bad
Taran Singh [Wed, 11 Dec 2019 18:52:54 +0000 (18:52 +0000)]
Merge "DO NOT MERGE: Disable SpellChecker in secondary user's direct reply" into oc-dev
Lorenzo Colitti [Fri, 10 May 2019 11:33:43 +0000 (04:33 -0700)]
Support strict mode private DNS on VPNs that provide Internet.
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Backport of
414b8c8b1ce8ae2ad6ef95c1ffba19062077d3e6.
Bug:
122652057
Test: atest FrameworksNetTests
Test: manually ran a VPN with private DNS in strict mode
Test: atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Lorenzo Colitti [Fri, 25 Oct 2019 16:20:57 +0000 (01:20 +0900)]
Add test coverage for strict mode private DNS.
Support faking out the DNS lookups used by NetworkMonitor to
resolve strict mode DNS, and add more test coverage.
These tests were partly adapted from tests we have in Q but
also contain new coverage. This is because in Q the interface
between ConnectivityService and NetworkMonitor changed
substantially, and it is impractical to backport
NetworkMonitorTest.
Bug:
122652057
Test: atest FrameworksNetTests
Change-Id: I6497b7efa539267576d38d3036eef0af0df4e9cb
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Sterling Huber [Thu, 7 Nov 2019 19:04:03 +0000 (11:04 -0800)]
RESTRICT AUTOMERGE
Make toasts non-clickable
Since enforcement was only on client-side, in Toast class, an app could
use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.
This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:
1) Observe click events are logged without this CL.
2) Observer click events are not logged with this CL.
Bug:
128674520
Change-Id: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
Sterling Huber [Thu, 7 Nov 2019 19:04:03 +0000 (11:04 -0800)]
RESTRICT AUTOMERGE
Make toasts non-clickable
Since enforcement was only on client-side, in Toast class, an app could
use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.
This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:
1) Observe click events are logged without this CL.
2) Observer click events are not logged with this CL.
Bug:
128674520
Change-Id: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
Merged In: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
Sterling Huber [Thu, 7 Nov 2019 19:04:03 +0000 (11:04 -0800)]
RESTRICT AUTOMERGE
Make toasts non-clickable
Since enforcement was only on client-side, in Toast class, an app could
use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.
This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.
Test: atest CtsWindowManagetDeviceTestCases:ToastTest
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:
1) Observe click events are logged without this CL.
2) Observer click events are not logged with this CL.
Bug:
128674520
Change-Id: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0
Evan Laird [Wed, 20 Nov 2019 19:28:47 +0000 (11:28 -0800)]
[automerger skipped] resolve merge conflicts of
88c651eab144bf64acb1d99f11aabe983f23658c to oc-dr1-dev am:
2bb3845dff -s ours
am:
ff797c3ba3 -s ours
am skip reason: change_id I0680034ed9315aa2c05282524d48faaed066ebd0 with SHA1
3b8c4743f6 is in history
Change-Id: I4236581921e3572b932a95c37a69a062e90b9231
Automerger Merge Worker [Wed, 20 Nov 2019 19:05:29 +0000 (19:05 +0000)]
[automerger skipped] resolve merge conflicts of
88c651eab144bf64acb1d99f11aabe983f23658c to oc-dr1-dev am:
2bb3845dff -s ours
am skip reason: Change-Id I0680034ed9315aa2c05282524d48faaed066ebd0 with SHA-1
3692a6d231 is in history
Change-Id: I43e5186089d0f40fccdcf9ac85c78f8bda488aac
Evan Laird [Thu, 14 Nov 2019 16:27:07 +0000 (11:27 -0500)]
resolve merge conflicts of
88c651eab144bf64acb1d99f11aabe983f23658c to oc-dr1-dev
Bug:
119041698
Test: atest SystemUITests
Change-Id: I9d1547f98cc19111ce2dc8ab2f4e2bf2d3cb0baa
Merged-In: I0680034ed9315aa2c05282524d48faaed066ebd0
Yohei Yukawa [Sat, 19 Jan 2019 19:49:37 +0000 (11:49 -0800)]
DO NOT MERGE back porting for fixing sysui direct reply
Root cause: systemui run as user 0 service to handle all of users'
notifications. And, the users can user the copy/cut/paste
functionality.
Solution: To crate @hide API in TextView let SystemUI to mark the
TextView instance should check if the power of
INTERACT_ACROSS_USER_FULL is needed to be restricted.
e.x. Keyguard password textview/Notificaiton entries
Bug:
123232892
Test: manual test
Reference: I6d11e4d6a84570bc2991a8552349e8b216b0d139
Reference: Ibabe13e5b85e5bb91f9f8af6ec07c395c25c4393
Reference: I975baa748c821538e5a733bb98a33ac609bf40a7
Change-Id: I6d11e4d6a84570bc2991a8552349e8b216b0d139
Merged-In: Ie3daecd1e8fc2f7fdf37baeb5979da9f2e0b3937
Merged-In: I6d11e4d6a84570bc2991a8552349e8b216b0d139
TreeHugger Robot [Fri, 8 Nov 2019 22:30:24 +0000 (22:30 +0000)]
Merge "Force FGS notifications to show for a minimum time" into oc-dev
Evan Laird [Fri, 8 Nov 2019 21:19:35 +0000 (13:19 -0800)]
[automerger skipped] Force FGS notifications to show for a minimum time
am:
3692a6d231 -s ours
am skip reason: change_id I0680034ed9315aa2c05282524d48faaed066ebd0 with SHA1
3b8c4743f6 is in history
Change-Id: I575817ba777d7212391d75a6163c28e75c7ccbc4
Evan Laird [Wed, 6 Nov 2019 19:04:59 +0000 (14:04 -0500)]
Force FGS notifications to show for a minimum time
It's possible for a service to do a start/stop foreground and cause a
couple of things to happen:
NotificationManagerService will enqueue a EnqueueNotificationRunnable,
post a PostNotificationRunnable (for the startForeground), and then also
enqueue a CancelNotificationRunnable. There is some racy behavior here
in that the cancel runnable can get triggered in between enqueue and
post runnables. If the cancel happens first, then
NotificationListenerServices will never get the message.
This behavior is technically allowed, however for foreground services we
want to ensure that there is a minmum amount of time that notification
listeners are aware of the foreground service so that (for instance) the
FGS notification can be shown.
This CL does two things to mitigate this problem:
1. Introduce checking in the CancelNotificationRunnable such that it
will not cancel until after PostNotificationRunnable has finished
executing.
2. Introduce a NotificationLifetimeExtender method that will allow a
lifetime extender to manage the lifetime of a notification that has been
enqueued but not inflated yet.
Bug:
119041698
Test: atest NotificationManagerServiceTest
Test: atest ForegroundServiceLifetimeExtenderTest
Change-Id: I0680034ed9315aa2c05282524d48faaed066ebd0
Merged-In: I0680034ed9315aa2c05282524d48faaed066ebd0
Evan Laird [Wed, 6 Nov 2019 19:04:59 +0000 (14:04 -0500)]
Force FGS notifications to show for a minimum time
It's possible for a service to do a start/stop foreground and cause a
couple of things to happen:
NotificationManagerService will enqueue a EnqueueNotificationRunnable,
post a PostNotificationRunnable (for the startForeground), and then also
enqueue a CancelNotificationRunnable. There is some racy behavior here
in that the cancel runnable can get triggered in between enqueue and
post runnables. If the cancel happens first, then
NotificationListenerServices will never get the message.
This behavior is technically allowed, however for foreground services we
want to ensure that there is a minmum amount of time that notification
listeners are aware of the foreground service so that (for instance) the
FGS notification can be shown.
This CL does two things to mitigate this problem:
1. Introduce checking in the CancelNotificationRunnable such that it
will not cancel until after PostNotificationRunnable has finished
executing.
2. Introduce a NotificationLifetimeExtender method that will allow a
lifetime extender to manage the lifetime of a notification that has been
enqueued but not inflated yet.
Bug:
119041698
Test: atest NotificationManagerServiceTest
Test: atest ForegroundServiceLifetimeExtenderTest
Change-Id: I428bc334362f6e4b95f5f0c6974b71f76175c7ae
Merged-In: I0680034ed9315aa2c05282524d48faaed066ebd0
Ahan Wu [Wed, 6 Nov 2019 09:32:40 +0000 (01:32 -0800)]
[automerger skipped] Merge "DO NOT MERGE Validate wallpaper dimension while generating crop" into oc-dev am:
17fd658061 am:
9c9c1c0f8a
am:
7c50686c92 -s ours
am skip reason: subject contains skip directive
Change-Id: I0c0d041dada006775e7fab48e312d61c3ee5f492
Ahan Wu [Wed, 6 Nov 2019 09:27:05 +0000 (01:27 -0800)]
[automerger skipped] DO NOT MERGE Validate wallpaper dimension while generating crop am:
160c28c36d am:
f4c3460e24
am:
145dcf2c25 -s ours
am skip reason: subject contains skip directive
Change-Id: Id9c033a137dcc5ce774fe864b940a3afa0f65093
Ahan Wu [Wed, 6 Nov 2019 09:23:55 +0000 (01:23 -0800)]
Merge "DO NOT MERGE Validate wallpaper dimension while generating crop" into oc-dev am:
17fd658061
am:
9c9c1c0f8a
Change-Id: I02286162c176e9edc5962f91c65c993767f83afc
Ahan Wu [Wed, 6 Nov 2019 09:20:31 +0000 (01:20 -0800)]
DO NOT MERGE Validate wallpaper dimension while generating crop am:
160c28c36d
am:
f4c3460e24
Change-Id: I7a866644b805e7e71f188051fb3c7d30c5a8b7fb
Ahan Wu [Wed, 6 Nov 2019 09:08:34 +0000 (01:08 -0800)]
Merge "DO NOT MERGE Validate wallpaper dimension while generating crop" into oc-dev
am:
17fd658061
Change-Id: I5d783568dd734e880b7d5a88117cbfad30c880ef
Ahan Wu [Wed, 6 Nov 2019 09:08:32 +0000 (01:08 -0800)]
DO NOT MERGE Validate wallpaper dimension while generating crop
am:
160c28c36d
Change-Id: Icee3d103aee1d5775a7d8feeb7a0ac3fc9b7fa26
TreeHugger Robot [Wed, 6 Nov 2019 04:58:32 +0000 (04:58 +0000)]
Merge "DO NOT MERGE Validate wallpaper dimension while generating crop" into pi-dev
TreeHugger Robot [Wed, 6 Nov 2019 04:45:50 +0000 (04:45 +0000)]
Merge "DO NOT MERGE Validate wallpaper dimension while generating crop" into oc-dev
Jing Ji [Wed, 6 Nov 2019 00:32:53 +0000 (16:32 -0800)]
Merge "Prevent system uid component from running in an isolated app process" into oc-dev am:
909ff7dc71 am:
68f3234072
am:
038be975a1
Change-Id: Ib4d8700eb5f5a8275a0a917ef6f6db2a0a3b85de
Todd Kennedy [Wed, 6 Nov 2019 00:27:32 +0000 (16:27 -0800)]
Only allow INSTALL_ALLOW_TEST from shell or root am:
702d394762 am:
8ff59f6a14
am:
aa1d74e287
Change-Id: If511af964e4705e65e76a9ccb502cddb4f4b0012
Jing Ji [Wed, 6 Nov 2019 00:24:07 +0000 (16:24 -0800)]
Merge "Prevent system uid component from running in an isolated app process" into oc-dev am:
909ff7dc71
am:
68f3234072
Change-Id: I2393d4b5c683892d489398c906790c966a38b36b
Todd Kennedy [Wed, 6 Nov 2019 00:20:48 +0000 (16:20 -0800)]
Only allow INSTALL_ALLOW_TEST from shell or root am:
702d394762
am:
8ff59f6a14
Change-Id: I13fc086058cf0f40614bdb5d19cb53211772e628
Jing Ji [Wed, 6 Nov 2019 00:13:50 +0000 (16:13 -0800)]
Merge "Prevent system uid component from running in an isolated app process" into oc-dev
am:
909ff7dc71
Change-Id: Ib725e69bbd84c7e1e141c32c62c5204bd552b12f
Todd Kennedy [Wed, 6 Nov 2019 00:07:44 +0000 (16:07 -0800)]
Only allow INSTALL_ALLOW_TEST from shell or root
am:
702d394762
Change-Id: I6e19c9738e083ce8863ffd1d9d467cae2f973c37
Jing Ji [Tue, 5 Nov 2019 23:52:53 +0000 (23:52 +0000)]
Merge "Prevent system uid component from running in an isolated app process" into oc-dev
Yohei Yukawa [Sat, 19 Jan 2019 19:49:37 +0000 (11:49 -0800)]
DO NOT MERGE back porting for fixing sysui direct reply
Root cause: systemui run as user 0 service to handle all of users'
notifications. And, the users can user the copy/cut/paste
functionality.
Solution: To crate @hide API in TextView let SystemUI to mark the
TextView instance should check if the power of
INTERACT_ACROSS_USER_FULL is needed to be restricted.
e.x. Keyguard password textview/Notificaiton entries
Bug:
123232892
Test: manual test
Reference: I6d11e4d6a84570bc2991a8552349e8b216b0d139
Reference: Ibabe13e5b85e5bb91f9f8af6ec07c395c25c4393
Reference: I975baa748c821538e5a733bb98a33ac609bf40a7
Change-Id: I6d11e4d6a84570bc2991a8552349e8b216b0d139
Merged-In: Ie3daecd1e8fc2f7fdf37baeb5979da9f2e0b3937
Jing Ji [Mon, 4 Nov 2019 22:22:27 +0000 (14:22 -0800)]
Prevent system uid component from running in an isolated app process
Bug:
140055304
Test: Manua
Change-Id: Ie7f6ed23f0c6009aad0f67a00af119b02cdceac3
Merged-In: I5a1618fab529cb0300d4a8e9c7762ee218ca09eb
Todd Kennedy [Fri, 20 Sep 2019 20:45:15 +0000 (13:45 -0700)]
Only allow INSTALL_ALLOW_TEST from shell or root
Bug:
141169173
Test: Manual. App can't be installed as test-only
Change-Id: Ib6dcca7901aa549d620448c0165c22270a3042be
Merged-In: Ib6dcca7901aa549d620448c0165c22270a3042be
Kim Van Den Eeckhaut [Tue, 15 Oct 2019 10:56:31 +0000 (11:56 +0100)]
Fix MediaCodec FLAC Javadoc
Make the Javadoc about the data expected in CSD buffer #0 for FLAC
consistent with the code.
Bug:
140613717
Test: javadoc-only fix
Change-Id: Ic2a35c6bd308a4f79215d920a88ccc2dd6f8cd12
Seigo Nonaka [Thu, 17 Oct 2019 04:07:12 +0000 (21:07 -0700)]
[automerger skipped] Merge "RESTRICT AUTOMERGE Revive runLimit check logic" into oc-mr1-dev
am:
9f7fb87dc4 -s ours
am skip reason: subject contains skip directive
Change-Id: If95365aeca3f84f75f571dcf705f477b01425a0c
TreeHugger Robot [Thu, 17 Oct 2019 02:33:30 +0000 (02:33 +0000)]
Merge "RESTRICT AUTOMERGE Revive runLimit check logic" into pi-dev
TreeHugger Robot [Thu, 17 Oct 2019 01:46:22 +0000 (01:46 +0000)]
Merge "RESTRICT AUTOMERGE Revive runLimit check logic" into oc-mr1-dev
Seigo Nonaka [Thu, 17 Oct 2019 00:38:11 +0000 (17:38 -0700)]
[automerger skipped] RESTRICT AUTOMERGE Revive runLimit check logic am:
b730f1984f am:
2af4f537ff
am:
709e9e6855 -s ours
am skip reason: subject contains skip directive
Change-Id: Ib2c5674e2cf4442fe10d3dd5eb7ae7906e432254
Seigo Nonaka [Thu, 17 Oct 2019 00:26:09 +0000 (17:26 -0700)]
RESTRICT AUTOMERGE Revive runLimit check logic am:
b730f1984f
am:
2af4f537ff
Change-Id: Ia671d3f5a7fa62c80dd3c2468d199ce66fe734f1
Seigo Nonaka [Thu, 17 Oct 2019 00:14:15 +0000 (17:14 -0700)]
RESTRICT AUTOMERGE Revive runLimit check logic
am:
b730f1984f
Change-Id: I329515d36c12ee5e12a63262ff7db8daff350832
Seigo Nonaka [Wed, 16 Oct 2019 21:48:30 +0000 (14:48 -0700)]
RESTRICT AUTOMERGE
Revive runLimit check logic
The runLimit check logic was accidentally removed by
I7089ed9b711dddd7de2b27c9c2fa0fb4cb53a735
Bug:
142134328
Bug:
140632678
Test: Manually done with reported step
Test: StaticLayoutTest passes
Change-Id: Ib1d5efdcb9adcc18a6a43370dc016ea464f48148
Seigo Nonaka [Wed, 16 Oct 2019 21:48:30 +0000 (14:48 -0700)]
RESTRICT AUTOMERGE
Revive runLimit check logic
The runLimit check logic was accidentally removed by
I7089ed9b711dddd7de2b27c9c2fa0fb4cb53a735
Bug:
142134328
Bug:
140632678
Test: Manually done with reported step
Test: StaticLayoutTest passes
Change-Id: Ib1d5efdcb9adcc18a6a43370dc016ea464f48148
Seigo Nonaka [Wed, 16 Oct 2019 21:48:30 +0000 (14:48 -0700)]
RESTRICT AUTOMERGE
Revive runLimit check logic
The runLimit check logic was accidentally removed by
I7089ed9b711dddd7de2b27c9c2fa0fb4cb53a735
Bug:
142134328
Bug:
140632678
Test: Manually done with reported step
Test: StaticLayoutTest passes
Change-Id: Ib1d5efdcb9adcc18a6a43370dc016ea464f48148
Evan Laird [Fri, 4 Oct 2019 18:18:59 +0000 (14:18 -0400)]
Force FGS notifications to show for a minimum time
It's possible for a service to do a start/stop foreground and cause a
couple of things to happen:
NotificationManagerService will enqueue a EnqueueNotificationRunnable,
post a PostNotificationRunnable (for the startForeground), and then also
enqueue a CancelNotificationRunnable. There is some racy behavior here
in that the cancel runnable can get triggered in between enqueue and
post runnables. If the cancel happens first, then
NotificationListenerServices will never get the message.
This behavior is technically allowed, however for foreground services we
want to ensure that there is a minmum amount of time that notification
listeners are aware of the foreground service so that (for instance) the
FGS notification can be shown.
This CL does two things to mitigate this problem:
1. Introduce checking in the CancelNotificationRunnable such that it
will not cancel until after PostNotificationRunnable has finished
executing.
2. Introduce a NotificationLifetimeExtender method that will allow a
lifetime extender to manage the lifetime of a notification that has been
enqueued but not inflated yet.
Bug:
119041698
Test: atest NotificationManagerServiceTest
Test: atest ForegroundServiceLifetimeExtenderTest
Change-Id: I0680034ed9315aa2c05282524d48faaed066ebd0
Merged-In: I0680034ed9315aa2c05282524d48faaed066ebd0
Seigo Nonaka [Wed, 2 Oct 2019 17:10:34 +0000 (10:10 -0700)]
[automerger skipped] RESTRICT AUTOMERGE Do not compute outside given range in TextLine am:
4ce901e405 am:
b51c7bb175
am:
af62f3a7b3 -s ours
am skip reason: subject contains skip directive
Change-Id: Ifb67887f4b1a5860dca2569e57a74911efde801d
Seigo Nonaka [Wed, 2 Oct 2019 16:59:45 +0000 (09:59 -0700)]
RESTRICT AUTOMERGE Do not compute outside given range in TextLine am:
4ce901e405
am:
b51c7bb175
Change-Id: I6770f4b1a884020c374a75f67eb762b2c2bfd538
Seigo Nonaka [Wed, 2 Oct 2019 16:33:53 +0000 (09:33 -0700)]
RESTRICT AUTOMERGE Do not compute outside given range in TextLine
am:
4ce901e405
Change-Id: I739746d80a8dd29998a67c1d9aaa2d3f804ac57c
Sterling Huber [Wed, 2 Oct 2019 15:51:19 +0000 (15:51 +0000)]
Merge "RESTRICT AUTOMERGE Do not compute outside given range in TextLine" into pi-dev
Ahan Wu [Thu, 26 Sep 2019 11:00:26 +0000 (19:00 +0800)]
DO NOT MERGE Validate wallpaper dimension while generating crop
If dimensions of cropped wallpaper image exceed max texture size that
GPU can support, it will cause ImageWallpaper keep crashing
because hwui crashes by invalid operation (0x502).
Bug:
120847476.
Test: Write a custom app to set a 8000x800 bitmap as wallpaper.
Test: The cropped file will be 29600x2960 and make sysui keep crashing.
Test: After applyed this cl, wallpaper will use fallback.
Test: Sysui will not keep crashing any more.
Change-Id: Ifaf2085a0bc94448e49fa2f30066f47310586236
Ahan Wu [Thu, 26 Sep 2019 10:29:59 +0000 (18:29 +0800)]
DO NOT MERGE Validate wallpaper dimension while generating crop
If dimensions of cropped wallpaper image exceed max texture size that
GPU can support, it will cause ImageWallpaper keep crashing
because hwui crashes by invalid operation (0x502).
Bug:
120847476.
Test: Write a custom app to set a 8000x800 bitmap as wallpaper.
Test: The cropped file will be 29600x2960 and make sysui keep crashing.
Test: After applyed this cl, wallpaper will use fallback.
Test: Sysui will not keep crashing any more.
Change-Id: I8ed5931298c652a2230858cf62df3f6fcd345c5a
Seigo Nonaka [Mon, 16 Sep 2019 21:49:49 +0000 (14:49 -0700)]
RESTRICT AUTOMERGE
Do not compute outside given range in TextLine
This is second attempt of I646851973b3816bf9ba32dfe26748c0345a5a081
which breaks various layout test on application.
The empty string must be also handled by the TextLine since it
retrieves the default line height from the empty string.
Bug:
140632678
Test: StaticLayoutTest
Test: Manually done
Change-Id: I7089ed9b711dddd7de2b27c9c2fa0fb4cb53a735
Seigo Nonaka [Mon, 16 Sep 2019 21:49:49 +0000 (14:49 -0700)]
RESTRICT AUTOMERGE
Do not compute outside given range in TextLine
This is second attempt of I646851973b3816bf9ba32dfe26748c0345a5a081
which breaks various layout test on application.
The empty string must be also handled by the TextLine since it
retrieves the default line height from the empty string.
Bug:
140632678
Test: StaticLayoutTest
Test: Manually done
Change-Id: I7089ed9b711dddd7de2b27c9c2fa0fb4cb53a735