Merge "Restart Bypassable VPNs when changing lockdown mode state"
diff --git a/core/java/android/os/image/DynamicSystemClient.java b/core/java/android/os/image/DynamicSystemClient.java
index d5b0ecc..7cdaecd 100644
--- a/core/java/android/os/image/DynamicSystemClient.java
+++ b/core/java/android/os/image/DynamicSystemClient.java
@@ -238,6 +238,15 @@
*/
public static final String KEY_ONE_SHOT = "KEY_ONE_SHOT";
+ /**
+ * Intent key: Whether to use default strings when showing the dialog that prompts
+ * user for device credentials.
+ * False indicates using the custom strings provided by {@code DynamicSystem}.
+ * @hide
+ */
+ public static final String KEY_KEYGUARD_USE_DEFAULT_STRINGS =
+ "KEY_KEYGUARD_USE_DEFAULT_STRINGS";
+
private static class IncomingHandler extends Handler {
private final WeakReference<DynamicSystemClient> mWeakClient;
diff --git a/core/java/android/security/net/config/ManifestConfigSource.java b/core/java/android/security/net/config/ManifestConfigSource.java
index b885e72..0e20997 100644
--- a/core/java/android/security/net/config/ManifestConfigSource.java
+++ b/core/java/android/security/net/config/ManifestConfigSource.java
@@ -25,7 +25,7 @@
/** @hide */
public class ManifestConfigSource implements ConfigSource {
- private static final boolean DBG = true;
+ private static final boolean DBG = false;
private static final String LOG_TAG = "NetworkSecurityConfig";
private final Object mLock = new Object();
diff --git a/core/java/android/view/DisplayEventReceiver.java b/core/java/android/view/DisplayEventReceiver.java
index 3a74b2e..c7f7456 100644
--- a/core/java/android/view/DisplayEventReceiver.java
+++ b/core/java/android/view/DisplayEventReceiver.java
@@ -138,8 +138,12 @@
mMessageQueue = null;
}
- static final class VsyncEventData {
-
+ /**
+ * Class to capture all inputs required for syncing events data.
+ *
+ * @hide
+ */
+ public static final class VsyncEventData {
static final FrameTimeline[] INVALID_FRAME_TIMELINES =
{new FrameTimeline(FrameInfo.INVALID_VSYNC_ID, Long.MAX_VALUE, Long.MAX_VALUE)};
diff --git a/core/java/com/android/internal/app/OWNERS b/core/java/com/android/internal/app/OWNERS
index a1d571f..52f18fb 100644
--- a/core/java/com/android/internal/app/OWNERS
+++ b/core/java/com/android/internal/app/OWNERS
@@ -1,15 +1,16 @@
per-file *AppOp* = file:/core/java/android/permission/OWNERS
per-file UnlaunchableAppActivity.java = file:/core/java/android/app/admin/WorkProfile_OWNERS
per-file IntentForwarderActivity.java = file:/core/java/android/app/admin/WorkProfile_OWNERS
-per-file *Resolver* = file:/packages/SystemUI/OWNERS
-per-file *Chooser* = file:/packages/SystemUI/OWNERS
-per-file SimpleIconFactory.java = file:/packages/SystemUI/OWNERS
-per-file AbstractMultiProfilePagerAdapter.java = file:/packages/SystemUI/OWNERS
-per-file *EmptyStateProvider.java = file:/packages/SystemUI/OWNERS
per-file NetInitiatedActivity.java = file:/location/java/android/location/OWNERS
per-file *BatteryStats* = file:/BATTERY_STATS_OWNERS
per-file *SoundTrigger* = file:/media/java/android/media/soundtrigger/OWNERS
+# Chooser and Resolver.
+per-file *Chooser* = file:chooser/OWNERS
+per-file *Resolver* = file:chooser/OWNERS
+per-file SimpleIconFactory.java = file:chooser/OWNERS
+per-file AbstractMultiProfilePagerAdapter.java = file:chooser/OWNERS
+per-file *EmptyStateProvider.java = file:chooser/OWNERS
# Voice Interaction
per-file *Assist* = file:/core/java/android/service/voice/OWNERS
diff --git a/core/java/com/android/internal/app/chooser/OWNERS b/core/java/com/android/internal/app/chooser/OWNERS
index a6f1632..0844cfa 100644
--- a/core/java/com/android/internal/app/chooser/OWNERS
+++ b/core/java/com/android/internal/app/chooser/OWNERS
@@ -1 +1,3 @@
-file:/packages/SystemUI/OWNERS
\ No newline at end of file
+# Bug component: 324112
+
+include platform/packages/modules/IntentResolver:/OWNERS
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
index 05cad77..d8aeb51 100644
--- a/core/java/com/android/internal/os/Zygote.java
+++ b/core/java/com/android/internal/os/Zygote.java
@@ -1018,7 +1018,7 @@
* Applies debugger system properties to the zygote arguments.
*
* For eng builds all apps are debuggable. On userdebug and user builds
- * if persist.debuggable.dalvik.vm.jdwp.enabled is 1 all apps are
+ * if persist.debug.dalvik.vm.jdwp.enabled is 1 all apps are
* debuggable. Otherwise, the debugger state is specified via the
* "--enable-jdwp" flag in the spawn request.
*
diff --git a/packages/DynamicSystemInstallationService/src/com/android/dynsystem/VerificationActivity.java b/packages/DynamicSystemInstallationService/src/com/android/dynsystem/VerificationActivity.java
index 64e42cc..b522729 100644
--- a/packages/DynamicSystemInstallationService/src/com/android/dynsystem/VerificationActivity.java
+++ b/packages/DynamicSystemInstallationService/src/com/android/dynsystem/VerificationActivity.java
@@ -16,6 +16,8 @@
package com.android.dynsystem;
+import static android.os.image.DynamicSystemClient.KEY_KEYGUARD_USE_DEFAULT_STRINGS;
+
import android.app.Activity;
import android.app.KeyguardManager;
import android.content.Context;
@@ -47,10 +49,7 @@
KeyguardManager km = (KeyguardManager) getSystemService(Context.KEYGUARD_SERVICE);
if (km != null) {
- String title = getString(R.string.keyguard_title);
- String description = getString(R.string.keyguard_description);
- Intent intent = km.createConfirmDeviceCredentialIntent(title, description);
-
+ Intent intent = createConfirmDeviceCredentialIntent(km);
if (intent == null) {
Log.d(TAG, "This device is not protected by a password/pin");
startInstallationService();
@@ -63,6 +62,23 @@
}
}
+ private Intent createConfirmDeviceCredentialIntent(KeyguardManager km) {
+ final boolean useDefaultStrings =
+ getIntent().getBooleanExtra(KEY_KEYGUARD_USE_DEFAULT_STRINGS, false);
+ final String title;
+ final String description;
+ if (useDefaultStrings) {
+ // Use default strings provided by keyguard manager
+ title = null;
+ description = null;
+ } else {
+ // Use custom strings provided by DSU
+ title = getString(R.string.keyguard_title);
+ description = getString(R.string.keyguard_description);
+ }
+ return km.createConfirmDeviceCredentialIntent(title, description);
+ }
+
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (requestCode == REQUEST_CODE && resultCode == RESULT_OK) {
diff --git a/packages/SettingsProvider/src/android/provider/settings/OWNERS b/packages/SettingsProvider/src/android/provider/settings/OWNERS
index 0f88811..d901e2c 100644
--- a/packages/SettingsProvider/src/android/provider/settings/OWNERS
+++ b/packages/SettingsProvider/src/android/provider/settings/OWNERS
@@ -1,4 +1,4 @@
# Bug component: 656484
-include platform/frameworks/base:/services/backup/OWNERS
+include platform/frameworks/base:/services/backup/BACKUP_OWNERS
diff --git a/packages/SettingsProvider/test/src/android/provider/OWNERS b/packages/SettingsProvider/test/src/android/provider/OWNERS
index 0f88811..db4b27c 100644
--- a/packages/SettingsProvider/test/src/android/provider/OWNERS
+++ b/packages/SettingsProvider/test/src/android/provider/OWNERS
@@ -1,4 +1,3 @@
# Bug component: 656484
-include platform/frameworks/base:/services/backup/OWNERS
-
+include platform/frameworks/base:/services/backup/BACKUP_OWNERS
diff --git a/services/backup/BACKUP_OWNERS b/services/backup/BACKUP_OWNERS
new file mode 100644
index 0000000..f8f4f4f
--- /dev/null
+++ b/services/backup/BACKUP_OWNERS
@@ -0,0 +1,10 @@
+# Bug component: 1193469
+
+jstemmer@google.com
+martinoh@google.com
+millmore@google.com
+niamhfw@google.com
+piee@google.com
+philippov@google.com
+rthakohov@google.com
+sarpm@google.com
\ No newline at end of file
diff --git a/services/backup/OWNERS b/services/backup/OWNERS
index 79709a3..3bd2db1 100644
--- a/services/backup/OWNERS
+++ b/services/backup/OWNERS
@@ -2,12 +2,4 @@
set noparent
-bryanmawhinney@google.com
-jstemmer@google.com
-martinoh@google.com
-millmore@google.com
-niamhfw@google.com
-piee@google.com
-philippov@google.com
-rthakohov@google.com
-sarpm@google.com
+include platform/frameworks/base:/services/backup/BACKUP_OWNERS
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 7ff53e6..71c4aed 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -152,6 +152,7 @@
import com.android.internal.net.VpnProfile;
import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.BinderUtils;
+import com.android.net.module.util.LinkPropertiesUtils;
import com.android.net.module.util.NetdUtils;
import com.android.net.module.util.NetworkStackConstants;
import com.android.server.DeviceIdleInternal;
@@ -231,6 +232,33 @@
* used as a repeating interval.
*/
private static final long[] IKEV2_VPN_RETRY_DELAYS_SEC = {1L, 2L, 5L, 30L, 60L, 300L, 900L};
+
+ /**
+ * A constant to pass to {@link IkeV2VpnRunner#scheduleStartIkeSession(long)} to mean the
+ * delay should be computed automatically with backoff.
+ */
+ private static final long RETRY_DELAY_AUTO_BACKOFF = -1;
+
+ /**
+ * How long to wait before trying to migrate the IKE connection when NetworkCapabilities or
+ * LinkProperties change in a way that may require migration.
+ *
+ * This delay is useful to avoid multiple migration tries (e.g. when a network changes
+ * both its NC and LP at the same time, e.g. when it first connects) and to minimize the
+ * cases where an old list of addresses is detected for the network.
+ *
+ * In practice, the IKE library reads the LinkProperties of the passed network with
+ * the synchronous {@link ConnectivityManager#getLinkProperties(Network)}, which means in
+ * most cases the race would resolve correctly, but this delay increases the chance that
+ * it correctly is.
+ * Further, using the synchronous method in the IKE library is actually dangerous because
+ * it is racy (it races with {@code IkeNetworkCallbackBase#onLost} and it should be fixed
+ * by using callbacks instead. When that happens, the race within IKE is fixed but the
+ * race between that callback and the one in IkeV2VpnRunner becomes a much bigger problem,
+ * and this delay will be necessary to ensure the correct link address list is used.
+ */
+ private static final long IKE_DELAY_ON_NC_LP_CHANGE_MS = 300;
+
/**
* Largest profile size allowable for Platform VPNs.
*
@@ -977,15 +1005,21 @@
// Allow VpnManager app to temporarily run background services to handle this error.
// If an app requires anything beyond this grace period, they MUST either declare
// themselves as a foreground service, or schedule a job/workitem.
- DeviceIdleInternal idleController = mDeps.getDeviceIdleInternal();
- idleController.addPowerSaveTempWhitelistApp(Process.myUid(), packageName,
- VPN_MANAGER_EVENT_ALLOWLIST_DURATION_MS, mUserId, false, REASON_VPN,
- "VpnManager event");
+ final long token = Binder.clearCallingIdentity();
try {
- return mUserIdContext.startService(intent) != null;
- } catch (RuntimeException e) {
- Log.e(TAG, "Service of VpnManager app " + intent + " failed to start", e);
- return false;
+ final DeviceIdleInternal idleController = mDeps.getDeviceIdleInternal();
+ idleController.addPowerSaveTempWhitelistApp(Process.myUid(), packageName,
+ VPN_MANAGER_EVENT_ALLOWLIST_DURATION_MS, mUserId, false, REASON_VPN,
+ "VpnManager event");
+
+ try {
+ return mUserIdContext.startService(intent) != null;
+ } catch (RuntimeException e) {
+ Log.e(TAG, "Service of VpnManager app " + intent + " failed to start", e);
+ return false;
+ }
+ } finally {
+ Binder.restoreCallingIdentity(token);
}
}
@@ -3736,13 +3770,20 @@
}
}
- private void scheduleRetryNewIkeSession() {
+ /**
+ * Schedule starting an IKE session.
+ * @param delayMs the delay after which to try starting the session. This should be
+ * RETRY_DELAY_AUTO_BACKOFF for automatic retries with backoff.
+ */
+ private void scheduleStartIkeSession(final long delayMs) {
if (mScheduledHandleRetryIkeSessionFuture != null) {
Log.d(TAG, "There is a pending retrying task, skip the new retrying task");
return;
}
- final long retryDelay = mDeps.getNextRetryDelaySeconds(mRetryCount++);
- Log.d(TAG, "Retry new IKE session after " + retryDelay + " seconds.");
+ final long retryDelayMs = RETRY_DELAY_AUTO_BACKOFF != delayMs
+ ? delayMs
+ : mDeps.getNextRetryDelaySeconds(mRetryCount++) * 1000;
+ Log.d(TAG, "Retry new IKE session after " + retryDelayMs + " milliseconds.");
// If the default network is lost during the retry delay, the mActiveNetwork will be
// null, and the new IKE session won't be established until there is a new default
// network bringing up.
@@ -3753,7 +3794,7 @@
// Reset mScheduledHandleRetryIkeSessionFuture since it's already run on
// executor thread.
mScheduledHandleRetryIkeSessionFuture = null;
- }, retryDelay, TimeUnit.SECONDS);
+ }, retryDelayMs, TimeUnit.MILLISECONDS);
}
/** Called when the NetworkCapabilities of underlying network is changed */
@@ -3762,20 +3803,26 @@
+ mUnderlyingNetworkCapabilities + " to " + nc);
final NetworkCapabilities oldNc = mUnderlyingNetworkCapabilities;
mUnderlyingNetworkCapabilities = nc;
- if (oldNc == null) {
- // A new default network is available.
- startOrMigrateIkeSession(mActiveNetwork);
- } else if (!nc.getSubscriptionIds().equals(oldNc.getSubscriptionIds())) {
- // Renew carrierConfig values.
- maybeMigrateIkeSessionAndUpdateVpnTransportInfo(mActiveNetwork);
+ if (oldNc == null || !nc.getSubscriptionIds().equals(oldNc.getSubscriptionIds())) {
+ // A new default network is available, or the subscription has changed.
+ // Try to migrate the session, or failing that, start a new one.
+ scheduleStartIkeSession(IKE_DELAY_ON_NC_LP_CHANGE_MS);
}
}
/** Called when the LinkProperties of underlying network is changed */
public void onDefaultNetworkLinkPropertiesChanged(@NonNull LinkProperties lp) {
- mEventChanges.log("[UnderlyingNW] Lp changed from "
- + mUnderlyingLinkProperties + " to " + lp);
+ final LinkProperties oldLp = mUnderlyingLinkProperties;
+ mEventChanges.log("[UnderlyingNW] Lp changed from " + oldLp + " to " + lp);
mUnderlyingLinkProperties = lp;
+ if (oldLp == null || !LinkPropertiesUtils.isIdenticalAllLinkAddresses(oldLp, lp)) {
+ // If some of the link addresses changed, the IKE session may need to be migrated
+ // or restarted, for example if the available IP families have changed or if the
+ // source address used has gone away. See IkeConnectionController#onNetworkSetByUser
+ // and IkeConnectionController#selectAndSetRemoteAddress for where this ends up
+ // re-evaluating the session.
+ scheduleStartIkeSession(IKE_DELAY_ON_NC_LP_CHANGE_MS);
+ }
}
class VpnConnectivityDiagnosticsCallback
@@ -4053,7 +4100,7 @@
markFailedAndDisconnect(exception);
return;
} else {
- scheduleRetryNewIkeSession();
+ scheduleStartIkeSession(RETRY_DELAY_AUTO_BACKOFF);
}
// Close all obsolete state, but keep VPN alive incase a usable network comes up.
diff --git a/services/core/java/com/android/server/display/PersistentDataStore.java b/services/core/java/com/android/server/display/PersistentDataStore.java
index 73131a1..06dd500 100644
--- a/services/core/java/com/android/server/display/PersistentDataStore.java
+++ b/services/core/java/com/android/server/display/PersistentDataStore.java
@@ -300,8 +300,11 @@
}
public boolean setBrightness(DisplayDevice displayDevice, float brightness) {
+ if (displayDevice == null || !displayDevice.hasStableUniqueId()) {
+ return false;
+ }
final String displayDeviceUniqueId = displayDevice.getUniqueId();
- if (!displayDevice.hasStableUniqueId() || displayDeviceUniqueId == null) {
+ if (displayDeviceUniqueId == null) {
return false;
}
final DisplayState state = getDisplayState(displayDeviceUniqueId, true);
diff --git a/services/core/java/com/android/server/infra/OWNERS b/services/core/java/com/android/server/infra/OWNERS
index 0466d8a..4fea05d 100644
--- a/services/core/java/com/android/server/infra/OWNERS
+++ b/services/core/java/com/android/server/infra/OWNERS
@@ -1,3 +1,3 @@
# Bug component: 655446
-include /core/java/android/service/cloudsearch/OWNERS
+srazdan@google.com
diff --git a/services/core/java/com/android/server/wm/TaskFpsCallbackController.java b/services/core/java/com/android/server/wm/TaskFpsCallbackController.java
index c099628..8c79875 100644
--- a/services/core/java/com/android/server/wm/TaskFpsCallbackController.java
+++ b/services/core/java/com/android/server/wm/TaskFpsCallbackController.java
@@ -26,8 +26,8 @@
final class TaskFpsCallbackController {
private final Context mContext;
- private final HashMap<ITaskFpsCallback, Long> mTaskFpsCallbacks;
- private final HashMap<ITaskFpsCallback, IBinder.DeathRecipient> mDeathRecipients;
+ private final HashMap<IBinder, Long> mTaskFpsCallbacks;
+ private final HashMap<IBinder, IBinder.DeathRecipient> mDeathRecipients;
TaskFpsCallbackController(Context context) {
mContext = context;
@@ -36,32 +36,42 @@
}
void registerListener(int taskId, ITaskFpsCallback callback) {
- if (mTaskFpsCallbacks.containsKey(callback)) {
+ if (callback == null) {
+ return;
+ }
+
+ IBinder binder = callback.asBinder();
+ if (mTaskFpsCallbacks.containsKey(binder)) {
return;
}
final long nativeListener = nativeRegister(callback, taskId);
- mTaskFpsCallbacks.put(callback, nativeListener);
+ mTaskFpsCallbacks.put(binder, nativeListener);
final IBinder.DeathRecipient deathRecipient = () -> unregisterListener(callback);
try {
- callback.asBinder().linkToDeath(deathRecipient, 0);
- mDeathRecipients.put(callback, deathRecipient);
+ binder.linkToDeath(deathRecipient, 0);
+ mDeathRecipients.put(binder, deathRecipient);
} catch (RemoteException e) {
// ignore
}
}
void unregisterListener(ITaskFpsCallback callback) {
- if (!mTaskFpsCallbacks.containsKey(callback)) {
+ if (callback == null) {
return;
}
- callback.asBinder().unlinkToDeath(mDeathRecipients.get(callback), 0);
- mDeathRecipients.remove(callback);
+ IBinder binder = callback.asBinder();
+ if (!mTaskFpsCallbacks.containsKey(binder)) {
+ return;
+ }
- nativeUnregister(mTaskFpsCallbacks.get(callback));
- mTaskFpsCallbacks.remove(callback);
+ binder.unlinkToDeath(mDeathRecipients.get(binder), 0);
+ mDeathRecipients.remove(binder);
+
+ nativeUnregister(mTaskFpsCallbacks.get(binder));
+ mTaskFpsCallbacks.remove(binder);
}
private static native long nativeRegister(ITaskFpsCallback callback, int taskId);
diff --git a/services/tests/PackageManagerServiceTests/TEST_MAPPING b/services/tests/PackageManagerServiceTests/TEST_MAPPING
index e98acb2..5d96af9 100644
--- a/services/tests/PackageManagerServiceTests/TEST_MAPPING
+++ b/services/tests/PackageManagerServiceTests/TEST_MAPPING
@@ -55,23 +55,10 @@
// TODO(b/204133664)
"exclude-filter": "com.android.server.pm.test.SdCardEjectionTests"
},
- {
- // TODO(b/272575212)
- "exclude-filter": "com.android.server.pm.test.SettingsTest#testWriteCorruptDataBinaryXml"
- },
- {
- "exclude-filter": "com.android.server.pm.test.SettingsTest#testWriteCorruptDataTextXml"
- },
- {
- "exclude-filter": "com.android.server.pm.test.SettingsTest#testWriteCorruptHeaderBinaryXml"
- },
- {
- "exclude-filter": "com.android.server.pm.test.SettingsTest#testWriteCorruptHeaderTextXml"
- },
- {
+ {
// TODO(b/272714903)
"exclude-filter": "com.android.server.pm.test.OverlayPathsUninstallSystemUpdatesTest#verify"
- }
+ }
]
}
],