Merge "Set legacy type for VPN"
diff --git a/OWNERS b/OWNERS
index 4970dd1..ccb56d3 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,23 +1,23 @@
# This top-level list should remain narrowly defined as team leads; individual
# teams are strongly encouraged to define narrower OWNERS files at deeper
# levels within the source tree; see OWNERS.md for more details
-akulian@google.com
-dsandler@android.com
-dsandler@google.com
-hackbod@android.com
-hackbod@google.com
-jjaggi@google.com
-jsharkey@android.com
-jsharkey@google.com
-lorenzo@google.com
-michaelwr@google.com
-nandana@google.com
-narayan@google.com
-ogunwale@google.com
-roosa@google.com
-svetoslavganov@android.com
-svetoslavganov@google.com
-yamasani@google.com
+akulian@google.com #{LAST_RESORT_SUGGESTION}
+dsandler@android.com #{LAST_RESORT_SUGGESTION}
+dsandler@google.com #{LAST_RESORT_SUGGESTION}
+hackbod@android.com #{LAST_RESORT_SUGGESTION}
+hackbod@google.com #{LAST_RESORT_SUGGESTION}
+jjaggi@google.com #{LAST_RESORT_SUGGESTION}
+jsharkey@android.com #{LAST_RESORT_SUGGESTION}
+jsharkey@google.com #{LAST_RESORT_SUGGESTION}
+lorenzo@google.com #{LAST_RESORT_SUGGESTION}
+michaelwr@google.com #{LAST_RESORT_SUGGESTION}
+nandana@google.com #{LAST_RESORT_SUGGESTION}
+narayan@google.com #{LAST_RESORT_SUGGESTION}
+ogunwale@google.com #{LAST_RESORT_SUGGESTION}
+roosa@google.com #{LAST_RESORT_SUGGESTION}
+svetoslavganov@android.com #{LAST_RESORT_SUGGESTION}
+svetoslavganov@google.com #{LAST_RESORT_SUGGESTION}
+yamasani@google.com #{LAST_RESORT_SUGGESTION}
# API changes are already covered by API-Review+1 (http://mdb/android-api-council)
# via https://android.git.corp.google.com/All-Projects/+/refs/meta/config/rules.pl.
diff --git a/api/Android.bp b/api/Android.bp
index 438e7dc..6dc177e 100644
--- a/api/Android.bp
+++ b/api/Android.bp
@@ -65,7 +65,10 @@
dest: "current.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/public/api",
dest: "android.txt",
},
@@ -139,7 +142,10 @@
dest: "removed.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/public/api",
dest: "removed.txt",
},
@@ -171,7 +177,10 @@
dest: "system-current.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/system/api",
dest: "android.txt",
},
@@ -222,7 +231,10 @@
dest: "system-removed.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/system/api",
dest: "removed.txt",
},
@@ -255,7 +267,10 @@
dest: "module-lib-current.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/module-lib/api",
dest: "android.txt",
},
@@ -308,7 +323,10 @@
dest: "module-lib-removed.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/module-lib/api",
dest: "removed.txt",
},
@@ -348,7 +366,10 @@
dest: "system-server-current.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/system-server/api",
dest: "android.txt",
},
@@ -371,7 +392,10 @@
dest: "system-server-removed.txt",
},
{
- targets: ["sdk", "win_sdk"],
+ targets: [
+ "sdk",
+ "win_sdk",
+ ],
dir: "apistubs/android/system-server/api",
dest: "removed.txt",
},
diff --git a/cmds/app_process/Android.bp b/cmds/app_process/Android.bp
index 0eff83c..a157517 100644
--- a/cmds/app_process/Android.bp
+++ b/cmds/app_process/Android.bp
@@ -29,7 +29,16 @@
},
},
- ldflags: ["-Wl,--export-dynamic"],
+ // Symbols exported from the executable in .dynsym interpose symbols in every
+ // linker namespace, including an app's classloader namespace. Provide this
+ // version script to prevent unwanted interposition.
+ //
+ // By default, the static linker doesn't export most of an executable's symbols,
+ // but it will export a symbol that appears to override a symbol in a needed DSO.
+ // This commonly happens with C++ vaguely-linked entities, such as template
+ // functions or type_info variables. Hence, a version script is needed even for
+ // an executable.
+ version_script: "version-script.txt",
shared_libs: [
"libandroid_runtime",
diff --git a/cmds/app_process/version-script.txt b/cmds/app_process/version-script.txt
new file mode 100644
index 0000000..a98066a
--- /dev/null
+++ b/cmds/app_process/version-script.txt
@@ -0,0 +1,4 @@
+{
+ local:
+ *;
+};
diff --git a/core/java/android/accounts/OWNERS b/core/java/android/accounts/OWNERS
index 8dcc04a..6ad9d92 100644
--- a/core/java/android/accounts/OWNERS
+++ b/core/java/android/accounts/OWNERS
@@ -1,9 +1,4 @@
-carlosvaldivia@google.com
+jcivelli@google.com
dementyev@google.com
-sandrakwan@google.com
-hackbod@google.com
-svetoslavganov@google.com
-fkupolov@google.com
yamasani@google.com
omakoto@google.com
-
diff --git a/core/java/android/app/LoadedApk.java b/core/java/android/app/LoadedApk.java
index 5d2370d..8e51cc1 100644
--- a/core/java/android/app/LoadedApk.java
+++ b/core/java/android/app/LoadedApk.java
@@ -886,6 +886,21 @@
boolean registerAppInfoToArt = false;
if (mDefaultClassLoader == null) {
+ // Setup the dex reporter to notify package manager
+ // of any relevant dex loads. The idle maintenance job will use the information
+ // reported to optimize the loaded dex files.
+ // Note that we only need one global reporter per app.
+ // Make sure we do this before creating the main app classloader for the first time
+ // so that we can capture the complete application startup.
+ //
+ // We should not do this in a zygote context (where mActivityThread will be null),
+ // thus we'll guard against it.
+ // Also, the system server reporter (SystemServerDexLoadReporter) is already registered
+ // when system server starts, so we don't need to do it here again.
+ if (mActivityThread != null && !ActivityThread.isSystem()) {
+ BaseDexClassLoader.setReporter(DexLoadReporter.getInstance());
+ }
+
// Temporarily disable logging of disk reads on the Looper thread
// as this is early and necessary.
StrictMode.ThreadPolicy oldPolicy = allowThreadDiskReads();
@@ -985,14 +1000,6 @@
}
private void registerAppInfoToArt() {
- // Setup the dex reporter to notify package manager
- // of any relevant dex loads. The idle maintenance job will use the information
- // reported to optimize the loaded dex files.
- // Note that we only need one global reporter per app.
- // Make sure we do this before invoking app code for the first time so that we
- // can capture the complete application startup.
- BaseDexClassLoader.setReporter(DexLoadReporter.getInstance());
-
// Only set up profile support if the loaded apk has the same uid as the
// current process.
// Currently, we do not support profiling across different apps.
diff --git a/core/java/android/app/usage/NetworkStatsManager.java b/core/java/android/app/usage/NetworkStatsManager.java
index fe99f85..8a6c85d 100644
--- a/core/java/android/app/usage/NetworkStatsManager.java
+++ b/core/java/android/app/usage/NetworkStatsManager.java
@@ -48,6 +48,7 @@
import android.os.ServiceManager;
import android.os.ServiceManager.ServiceNotFoundException;
import android.telephony.TelephonyManager;
+import android.text.TextUtils;
import android.util.DataUnit;
import android.util.Log;
@@ -214,6 +215,10 @@
* null} value when querying for the mobile network type to receive usage
* for all mobile networks. For additional details see {@link
* TelephonyManager#getSubscriberId()}.
+ * <p>Starting with API level 31, calling apps can provide a
+ * {@code subscriberId} with wifi network type to receive usage for
+ * wifi networks which is under the given subscription if applicable.
+ * Otherwise, pass {@code null} when querying all wifi networks.
* @param startTime Start of period. Defined in terms of "Unix time", see
* {@link java.lang.System#currentTimeMillis}.
* @param endTime End of period. Defined in terms of "Unix time", see
@@ -255,6 +260,10 @@
* null} value when querying for the mobile network type to receive usage
* for all mobile networks. For additional details see {@link
* TelephonyManager#getSubscriberId()}.
+ * <p>Starting with API level 31, calling apps can provide a
+ * {@code subscriberId} with wifi network type to receive usage for
+ * wifi networks which is under the given subscription if applicable.
+ * Otherwise, pass {@code null} when querying all wifi networks.
* @param startTime Start of period. Defined in terms of "Unix time", see
* {@link java.lang.System#currentTimeMillis}.
* @param endTime End of period. Defined in terms of "Unix time", see
@@ -300,6 +309,10 @@
* null} value when querying for the mobile network type to receive usage
* for all mobile networks. For additional details see {@link
* TelephonyManager#getSubscriberId()}.
+ * <p>Starting with API level 31, calling apps can provide a
+ * {@code subscriberId} with wifi network type to receive usage for
+ * wifi networks which is under the given subscription if applicable.
+ * Otherwise, pass {@code null} when querying all wifi networks.
* @param startTime Start of period. Defined in terms of "Unix time", see
* {@link java.lang.System#currentTimeMillis}.
* @param endTime End of period. Defined in terms of "Unix time", see
@@ -388,6 +401,10 @@
* null} value when querying for the mobile network type to receive usage
* for all mobile networks. For additional details see {@link
* TelephonyManager#getSubscriberId()}.
+ * <p>Starting with API level 31, calling apps can provide a
+ * {@code subscriberId} with wifi network type to receive usage for
+ * wifi networks which is under the given subscription if applicable.
+ * Otherwise, pass {@code null} when querying all wifi networks.
* @param startTime Start of period. Defined in terms of "Unix time", see
* {@link java.lang.System#currentTimeMillis}.
* @param endTime End of period. Defined in terms of "Unix time", see
@@ -450,6 +467,10 @@
* null} value when querying for the mobile network type to receive usage
* for all mobile networks. For additional details see {@link
* TelephonyManager#getSubscriberId()}.
+ * <p>Starting with API level 31, calling apps can provide a
+ * {@code subscriberId} with wifi network type to receive usage for
+ * wifi networks which is under the given subscription if applicable.
+ * Otherwise, pass {@code null} when querying all wifi networks.
* @param startTime Start of period. Defined in terms of "Unix time", see
* {@link java.lang.System#currentTimeMillis}.
* @param endTime End of period. Defined in terms of "Unix time", see
@@ -531,6 +552,10 @@
* null} value when registering for the mobile network type to receive
* notifications for all mobile networks. For additional details see {@link
* TelephonyManager#getSubscriberId()}.
+ * <p>Starting with API level 31, calling apps can provide a
+ * {@code subscriberId} with wifi network type to receive usage for
+ * wifi networks which is under the given subscription if applicable.
+ * Otherwise, pass {@code null} when querying all wifi networks.
* @param thresholdBytes Threshold in bytes to be notified on.
* @param callback The {@link UsageCallback} that the system will call when data usage
* has exceeded the specified threshold.
@@ -644,7 +669,7 @@
: NetworkTemplate.buildTemplateMobileAll(subscriberId);
break;
case ConnectivityManager.TYPE_WIFI:
- template = subscriberId == null
+ template = TextUtils.isEmpty(subscriberId)
? NetworkTemplate.buildTemplateWifiWildcard()
: NetworkTemplate.buildTemplateWifi(NetworkTemplate.WIFI_NETWORKID_ALL,
subscriberId);
diff --git a/core/java/android/bluetooth/BluetoothAdapter.java b/core/java/android/bluetooth/BluetoothAdapter.java
index 63221c5..331fd07 100644
--- a/core/java/android/bluetooth/BluetoothAdapter.java
+++ b/core/java/android/bluetooth/BluetoothAdapter.java
@@ -17,6 +17,8 @@
package android.bluetooth;
+import static java.util.Objects.requireNonNull;
+
import android.Manifest;
import android.annotation.CallbackExecutor;
import android.annotation.IntDef;
@@ -53,8 +55,6 @@
import android.util.Log;
import android.util.Pair;
-import com.android.internal.util.Preconditions;
-
import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -3091,8 +3091,8 @@
*/
WrappedOobDataCallback(@NonNull OobDataCallback callback,
@NonNull @CallbackExecutor Executor executor) {
- Preconditions.checkNotNull(callback);
- Preconditions.checkNotNull(executor);
+ requireNonNull(callback);
+ requireNonNull(executor);
mCallback = callback;
mExecutor = executor;
}
@@ -3158,7 +3158,7 @@
!= BluetoothDevice.TRANSPORT_LE) {
throw new IllegalArgumentException("Invalid transport '" + transport + "'!");
}
- Preconditions.checkNotNull(callback);
+ requireNonNull(callback);
if (!isEnabled()) {
Log.w(TAG, "generateLocalOobData(): Adapter isn't enabled!");
callback.onError(OOB_ERROR_ADAPTER_DISABLED);
@@ -3293,7 +3293,7 @@
* @hide
*/
public static boolean isAddressRandomStatic(@NonNull String address) {
- Preconditions.checkNotNull(address);
+ requireNonNull(address);
return checkBluetoothAddress(address)
&& (Integer.parseInt(address.split(":")[5], 16) & 0b11) == 0b11;
}
diff --git a/core/java/android/bluetooth/OobData.java b/core/java/android/bluetooth/OobData.java
index 2dfa91d..4e5ede7 100644
--- a/core/java/android/bluetooth/OobData.java
+++ b/core/java/android/bluetooth/OobData.java
@@ -16,6 +16,8 @@
package android.bluetooth;
+import static java.util.Objects.requireNonNull;
+
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
@@ -23,8 +25,6 @@
import android.os.Parcel;
import android.os.Parcelable;
-import com.android.internal.util.Preconditions;
-
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -214,7 +214,7 @@
@NonNull
@SystemApi
public LeBuilder setDeviceName(@NonNull byte[] deviceName) {
- Preconditions.checkNotNull(deviceName);
+ requireNonNull(deviceName);
this.mDeviceName = deviceName;
return this;
}
@@ -308,8 +308,8 @@
@SystemApi
public LeBuilder(@NonNull byte[] confirmationHash, @NonNull byte[] deviceAddressWithType,
@LeRole int leDeviceRole) {
- Preconditions.checkNotNull(confirmationHash);
- Preconditions.checkNotNull(deviceAddressWithType);
+ requireNonNull(confirmationHash);
+ requireNonNull(deviceAddressWithType);
if (confirmationHash.length != OobData.CONFIRMATION_OCTETS) {
throw new IllegalArgumentException("confirmationHash must be "
+ OobData.CONFIRMATION_OCTETS + " octets in length.");
@@ -344,7 +344,7 @@
@NonNull
@SystemApi
public LeBuilder setLeTemporaryKey(@NonNull byte[] leTemporaryKey) {
- Preconditions.checkNotNull(leTemporaryKey);
+ requireNonNull(leTemporaryKey);
if (leTemporaryKey.length != LE_TK_OCTETS) {
throw new IllegalArgumentException("leTemporaryKey must be "
+ LE_TK_OCTETS + " octets in length.");
@@ -366,7 +366,7 @@
@NonNull
@SystemApi
public LeBuilder setRandomizerHash(@NonNull byte[] randomizerHash) {
- Preconditions.checkNotNull(randomizerHash);
+ requireNonNull(randomizerHash);
if (randomizerHash.length != OobData.RANDOMIZER_OCTETS) {
throw new IllegalArgumentException("randomizerHash must be "
+ OobData.RANDOMIZER_OCTETS + " octets in length.");
@@ -534,9 +534,9 @@
@SystemApi
public ClassicBuilder(@NonNull byte[] confirmationHash, @NonNull byte[] classicLength,
@NonNull byte[] deviceAddressWithType) {
- Preconditions.checkNotNull(confirmationHash);
- Preconditions.checkNotNull(classicLength);
- Preconditions.checkNotNull(deviceAddressWithType);
+ requireNonNull(confirmationHash);
+ requireNonNull(classicLength);
+ requireNonNull(deviceAddressWithType);
if (confirmationHash.length != OobData.CONFIRMATION_OCTETS) {
throw new IllegalArgumentException("confirmationHash must be "
+ OobData.CONFIRMATION_OCTETS + " octets in length.");
@@ -567,7 +567,7 @@
@NonNull
@SystemApi
public ClassicBuilder setRandomizerHash(@NonNull byte[] randomizerHash) {
- Preconditions.checkNotNull(randomizerHash);
+ requireNonNull(randomizerHash);
if (randomizerHash.length != OobData.RANDOMIZER_OCTETS) {
throw new IllegalArgumentException("randomizerHash must be "
+ OobData.RANDOMIZER_OCTETS + " octets in length.");
@@ -592,7 +592,7 @@
@NonNull
@SystemApi
public ClassicBuilder setDeviceName(@NonNull byte[] deviceName) {
- Preconditions.checkNotNull(deviceName);
+ requireNonNull(deviceName);
this.mDeviceName = deviceName;
return this;
}
@@ -617,7 +617,7 @@
@NonNull
@SystemApi
public ClassicBuilder setClassOfDevice(@NonNull byte[] classOfDevice) {
- Preconditions.checkNotNull(classOfDevice);
+ requireNonNull(classOfDevice);
if (classOfDevice.length != OobData.CLASS_OF_DEVICE_OCTETS) {
throw new IllegalArgumentException("classOfDevice must be "
+ OobData.CLASS_OF_DEVICE_OCTETS + " octets in length.");
diff --git a/core/java/android/bluetooth/le/ScanFilter.java b/core/java/android/bluetooth/le/ScanFilter.java
index a74c663..ddc93327 100644
--- a/core/java/android/bluetooth/le/ScanFilter.java
+++ b/core/java/android/bluetooth/le/ScanFilter.java
@@ -16,7 +16,8 @@
package android.bluetooth.le;
-import android.annotation.IntDef;
+import static java.util.Objects.requireNonNull;
+
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.SystemApi;
@@ -28,7 +29,6 @@
import android.os.Parcelable;
import com.android.internal.util.BitUtils;
-import com.android.internal.util.Preconditions;
import java.util.Arrays;
import java.util.List;
@@ -647,7 +647,7 @@
public Builder setDeviceAddress(@NonNull String deviceAddress,
@AddressType int addressType,
@NonNull byte[] irk) {
- Preconditions.checkNotNull(irk);
+ requireNonNull(irk);
if (irk.length != LEN_IRK_OCTETS) {
throw new IllegalArgumentException("'irk' is invalid length!");
}
@@ -679,7 +679,7 @@
@Nullable byte[] irk) {
// Make sure our deviceAddress is valid!
- Preconditions.checkNotNull(deviceAddress);
+ requireNonNull(deviceAddress);
if (!BluetoothAdapter.checkBluetoothAddress(deviceAddress)) {
throw new IllegalArgumentException("invalid device address " + deviceAddress);
}
diff --git a/core/java/android/net/NetworkPolicyManager.java b/core/java/android/net/NetworkPolicyManager.java
index c1cd09e..12c571f 100644
--- a/core/java/android/net/NetworkPolicyManager.java
+++ b/core/java/android/net/NetworkPolicyManager.java
@@ -479,7 +479,8 @@
* @param overrideMask the bitmask that specifies which of the overrides is being
* set or cleared.
* @param overrideValue the override values to set or clear.
- * @param networkTypes the network types this override applies to.
+ * @param networkTypes the network types this override applies to. If no
+ * network types are specified, override values will be ignored.
* {@see TelephonyManager#getAllNetworkTypes()}
* @param timeoutMillis the timeout after which the requested override will
* be automatically cleared, or {@code 0} to leave in the
diff --git a/core/java/android/net/nsd/NsdManager.java b/core/java/android/net/nsd/NsdManager.java
index 64f20b8..5a25cfc 100644
--- a/core/java/android/net/nsd/NsdManager.java
+++ b/core/java/android/net/nsd/NsdManager.java
@@ -200,6 +200,9 @@
public static final int RESOLVE_SERVICE_SUCCEEDED = BASE + 20;
/** @hide */
+ public static final int DAEMON_CLEANUP = BASE + 21;
+
+ /** @hide */
public static final int ENABLE = BASE + 24;
/** @hide */
public static final int DISABLE = BASE + 25;
diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
index 4731a8e..0e9b56d 100644
--- a/data/etc/privapp-permissions-platform.xml
+++ b/data/etc/privapp-permissions-platform.xml
@@ -437,6 +437,7 @@
<permission name="android.permission.BRIGHTNESS_SLIDER_USAGE" />
<permission name="android.permission.ACCESS_AMBIENT_LIGHT_STATS" />
<permission name="android.permission.CONFIGURE_DISPLAY_BRIGHTNESS" />
+ <permission name="android.permission.GET_TOP_ACTIVITY_INFO" />
<permission name="android.permission.SET_VOLUME_KEY_LONG_PRESS_LISTENER" />
<permission name="android.permission.SET_MEDIA_KEY_LISTENER" />
<permission name="android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS" />
diff --git a/keystore/java/android/security/keystore/AttestationUtils.java b/keystore/java/android/security/keystore/AttestationUtils.java
index 3980d3a..67484d4 100644
--- a/keystore/java/android/security/keystore/AttestationUtils.java
+++ b/keystore/java/android/security/keystore/AttestationUtils.java
@@ -21,20 +21,13 @@
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.content.Context;
-import android.content.res.Resources;
-import android.os.Build;
-import android.security.keymaster.KeymasterArguments;
import android.security.keymaster.KeymasterCertificateChain;
-import android.security.keymaster.KeymasterDefs;
-import android.telephony.TelephonyManager;
-import android.text.TextUtils;
-import android.util.ArraySet;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
-import java.nio.charset.StandardCharsets;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
+import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
@@ -43,7 +36,6 @@
import java.util.Arrays;
import java.util.Collection;
import java.util.Random;
-import java.util.Set;
/**
* Utilities for attesting the device's hardware identifiers.
@@ -112,123 +104,6 @@
}
}
- @NonNull private static KeymasterArguments prepareAttestationArgumentsForDeviceId(
- Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws
- DeviceIdAttestationException {
- // Verify that device ID attestation types are provided.
- if (idTypes == null) {
- throw new NullPointerException("Missing id types");
- }
-
- return prepareAttestationArguments(context, idTypes, attestationChallenge);
- }
-
- /**
- * Prepares Keymaster Arguments with attestation data.
- * @hide should only be used by KeyChain.
- */
- @NonNull public static KeymasterArguments prepareAttestationArguments(Context context,
- @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws
- DeviceIdAttestationException {
- return prepareAttestationArguments(context, idTypes,attestationChallenge, Build.BRAND);
- }
-
- /**
- * Prepares Keymaster Arguments with attestation data for misprovisioned Pixel 2 device.
- * See http://go/keyAttestationFailure and http://b/69471841 for more info.
- * @hide should only be used by KeyChain.
- */
- @NonNull public static KeymasterArguments prepareAttestationArgumentsIfMisprovisioned(
- Context context, @NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws
- DeviceIdAttestationException {
- Resources resources = context.getResources();
- String misprovisionedBrand = resources.getString(
- com.android.internal.R.string.config_misprovisionedBrandValue);
- if (!TextUtils.isEmpty(misprovisionedBrand) && !isPotentiallyMisprovisionedDevice(context)){
- return null;
- }
- return prepareAttestationArguments(
- context, idTypes, attestationChallenge, misprovisionedBrand);
- }
-
- @NonNull private static boolean isPotentiallyMisprovisionedDevice(Context context) {
- Resources resources = context.getResources();
- String misprovisionedModel = resources.getString(
- com.android.internal.R.string.config_misprovisionedDeviceModel);
- return (Build.MODEL.equals(misprovisionedModel));
- }
-
- @NonNull private static KeymasterArguments prepareAttestationArguments(Context context,
- @NonNull int[] idTypes, @NonNull byte[] attestationChallenge, String brand) throws
- DeviceIdAttestationException {
- // Check method arguments, retrieve requested device IDs and prepare attestation arguments.
- if (attestationChallenge == null) {
- throw new NullPointerException("Missing attestation challenge");
- }
- final KeymasterArguments attestArgs = new KeymasterArguments();
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_CHALLENGE, attestationChallenge);
- // Return early if the caller did not request any device identifiers to be included in the
- // attestation record.
- if (idTypes == null) {
- return attestArgs;
- }
- final Set<Integer> idTypesSet = new ArraySet<>(idTypes.length);
- for (int idType : idTypes) {
- idTypesSet.add(idType);
- }
- TelephonyManager telephonyService = null;
- if (idTypesSet.contains(ID_TYPE_IMEI) || idTypesSet.contains(ID_TYPE_MEID)) {
- telephonyService = (TelephonyManager) context.getSystemService(
- Context.TELEPHONY_SERVICE);
- if (telephonyService == null) {
- throw new DeviceIdAttestationException("Unable to access telephony service");
- }
- }
- for (final Integer idType : idTypesSet) {
- switch (idType) {
- case ID_TYPE_SERIAL:
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_SERIAL,
- Build.getSerial().getBytes(StandardCharsets.UTF_8));
- break;
- case ID_TYPE_IMEI: {
- final String imei = telephonyService.getImei(0);
- if (imei == null) {
- throw new DeviceIdAttestationException("Unable to retrieve IMEI");
- }
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_IMEI,
- imei.getBytes(StandardCharsets.UTF_8));
- break;
- }
- case ID_TYPE_MEID: {
- final String meid = telephonyService.getMeid(0);
- if (meid == null) {
- throw new DeviceIdAttestationException("Unable to retrieve MEID");
- }
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MEID,
- meid.getBytes(StandardCharsets.UTF_8));
- break;
- }
- case USE_INDIVIDUAL_ATTESTATION: {
- attestArgs.addBoolean(KeymasterDefs.KM_TAG_DEVICE_UNIQUE_ATTESTATION);
- break;
- }
- default:
- throw new IllegalArgumentException("Unknown device ID type " + idType);
- }
- }
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_BRAND,
- brand.getBytes(StandardCharsets.UTF_8));
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_DEVICE,
- Build.DEVICE.getBytes(StandardCharsets.UTF_8));
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_PRODUCT,
- Build.PRODUCT.getBytes(StandardCharsets.UTF_8));
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MANUFACTURER,
- Build.MANUFACTURER.getBytes(StandardCharsets.UTF_8));
- attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MODEL,
- Build.MODEL.getBytes(StandardCharsets.UTF_8));
- return attestArgs;
- }
-
/**
* Performs attestation of the device's identifiers. This method returns a certificate chain
* whose first element contains the requested device identifiers in an extension. The device's
@@ -262,6 +137,13 @@
@NonNull public static X509Certificate[] attestDeviceIds(Context context,
@NonNull int[] idTypes, @NonNull byte[] attestationChallenge) throws
DeviceIdAttestationException {
+ if (attestationChallenge == null) {
+ throw new NullPointerException("Missing attestation challenge");
+ }
+ if (idTypes == null) {
+ throw new NullPointerException("Missing id types");
+ }
+
String keystoreAlias = generateRandomAlias();
KeyGenParameterSpec.Builder builder =
new KeyGenParameterSpec.Builder(keystoreAlias, KeyProperties.PURPOSE_SIGN)
@@ -298,6 +180,12 @@
if (e.getCause() instanceof DeviceIdAttestationException) {
throw (DeviceIdAttestationException) e.getCause();
}
+ // Illegal argument errors are wrapped up by a ProviderException. Catch those so that
+ // we can unwrap them into a more meaningful exception type for the caller.
+ if (e instanceof ProviderException
+ && e.getCause() instanceof IllegalArgumentException) {
+ throw (IllegalArgumentException) e.getCause();
+ }
throw new DeviceIdAttestationException("Unable to perform attestation", e);
}
}
diff --git a/media/java/android/media/RingtoneManager.java b/media/java/android/media/RingtoneManager.java
index e2e13b0..be6ff1b 100644
--- a/media/java/android/media/RingtoneManager.java
+++ b/media/java/android/media/RingtoneManager.java
@@ -521,12 +521,12 @@
public int getRingtonePosition(Uri ringtoneUri) {
try {
if (ringtoneUri == null) return -1;
- final long ringtoneId = ContentUris.parseId(ringtoneUri);
final Cursor cursor = getCursor();
cursor.moveToPosition(-1);
while (cursor.moveToNext()) {
- if (ringtoneId == cursor.getLong(ID_COLUMN_INDEX)) {
+ Uri uriFromCursor = getUriFromCursor(mContext, cursor);
+ if (ringtoneUri.equals(uriFromCursor)) {
return cursor.getPosition();
}
}
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index af995f9..eaf8184 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -101,7 +101,6 @@
<uses-permission android:name="android.permission.PERSISTENT_ACTIVITY" />
<uses-permission android:name="android.permission.GET_PACKAGE_SIZE" />
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
- <uses-permission android:name="android.permission.SCHEDULE_EXACT_ALARM" />
<uses-permission android:name="android.permission.REQUEST_DELETE_PACKAGES" />
<uses-permission android:name="android.permission.REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE" />
<uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS" />
@@ -471,6 +470,9 @@
<!-- Permission required for CTS test - GlobalSearchSessionPlatformCtsTests -->
<uses-permission android:name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" />
+ <!-- Permission required for Launcher testing - DigitalWellbeingToastTest -->
+ <uses-permission android:name="android.permission.GET_TOP_ACTIVITY_INFO"/>
+
<!-- Permission required for hotword detection service CTS tests -->
<uses-permission android:name="android.permission.MANAGE_HOTWORD_DETECTION" />
<uses-permission android:name="android.permission.BIND_HOTWORD_DETECTION_SERVICE" />
diff --git a/packages/SystemUI/OWNERS b/packages/SystemUI/OWNERS
index 835471d..1cf14f2 100644
--- a/packages/SystemUI/OWNERS
+++ b/packages/SystemUI/OWNERS
@@ -1,5 +1,7 @@
set noparent
+# Bug component: 78010
+
dsandler@android.com
aaliomer@google.com
diff --git a/services/core/java/com/android/server/NsdService.java b/services/core/java/com/android/server/NsdService.java
index d907505..38f7cf6 100644
--- a/services/core/java/com/android/server/NsdService.java
+++ b/services/core/java/com/android/server/NsdService.java
@@ -61,6 +61,7 @@
private static final String MDNS_TAG = "mDnsConnector";
private static final boolean DBG = true;
+ private static final long CLEANUP_DELAY_MS = 3000;
private final Context mContext;
private final NsdSettings mNsdSettings;
@@ -77,6 +78,7 @@
private final SparseArray<ClientInfo> mIdToClientInfoMap= new SparseArray<>();
private final AsyncChannel mReplyChannel = new AsyncChannel();
+ private final long mCleanupDelayMs;
private static final int INVALID_ID = 0;
private int mUniqueId = 1;
@@ -92,6 +94,22 @@
return NsdManager.nameOf(what);
}
+ void maybeStartDaemon() {
+ mDaemon.maybeStart();
+ maybeScheduleStop();
+ }
+
+ void maybeScheduleStop() {
+ if (!isAnyRequestActive()) {
+ cancelStop();
+ sendMessageDelayed(NsdManager.DAEMON_CLEANUP, mCleanupDelayMs);
+ }
+ }
+
+ void cancelStop() {
+ this.removeMessages(NsdManager.DAEMON_CLEANUP);
+ }
+
/**
* Observes the NSD on/off setting, and takes action when changed.
*/
@@ -151,10 +169,6 @@
cInfo.expungeAllRequests();
mClients.remove(msg.replyTo);
}
- //Last client
- if (mClients.size() == 0) {
- mDaemon.stop();
- }
break;
case AsyncChannel.CMD_CHANNEL_FULL_CONNECTION:
AsyncChannel ac = new AsyncChannel();
@@ -180,6 +194,9 @@
replyToMessage(msg, NsdManager.RESOLVE_SERVICE_FAILED,
NsdManager.FAILURE_INTERNAL_ERROR);
break;
+ case NsdManager.DAEMON_CLEANUP:
+ mDaemon.maybeStop();
+ break;
case NsdManager.NATIVE_DAEMON_EVENT:
default:
Slog.e(TAG, "Unhandled " + msg);
@@ -212,16 +229,13 @@
@Override
public void enter() {
sendNsdStateChangeBroadcast(true);
- if (mClients.size() > 0) {
- mDaemon.start();
- }
}
@Override
public void exit() {
- if (mClients.size() > 0) {
- mDaemon.stop();
- }
+ // TODO: it is incorrect to stop the daemon without expunging all requests
+ // and sending error callbacks to clients.
+ maybeScheduleStop();
}
private boolean requestLimitReached(ClientInfo clientInfo) {
@@ -236,12 +250,15 @@
clientInfo.mClientIds.put(clientId, globalId);
clientInfo.mClientRequests.put(clientId, what);
mIdToClientInfoMap.put(globalId, clientInfo);
+ // Remove the cleanup event because here comes a new request.
+ cancelStop();
}
private void removeRequestMap(int clientId, int globalId, ClientInfo clientInfo) {
clientInfo.mClientIds.delete(clientId);
clientInfo.mClientRequests.delete(clientId);
mIdToClientInfoMap.remove(globalId);
+ maybeScheduleStop();
}
@Override
@@ -251,14 +268,12 @@
int id;
switch (msg.what) {
case AsyncChannel.CMD_CHANNEL_HALF_CONNECTED:
- //First client
- if (msg.arg1 == AsyncChannel.STATUS_SUCCESSFUL &&
- mClients.size() == 0) {
- mDaemon.start();
- }
return NOT_HANDLED;
case AsyncChannel.CMD_CHANNEL_DISCONNECTED:
return NOT_HANDLED;
+ }
+
+ switch (msg.what) {
case NsdManager.DISABLE:
//TODO: cleanup clients
transitionTo(mDisabledState);
@@ -274,6 +289,7 @@
break;
}
+ maybeStartDaemon();
id = getUniqueId();
if (discoverServices(id, servInfo.getServiceType())) {
if (DBG) {
@@ -316,6 +332,7 @@
break;
}
+ maybeStartDaemon();
id = getUniqueId();
if (registerService(id, (NsdServiceInfo) msg.obj)) {
if (DBG) Slog.d(TAG, "Register " + msg.arg2 + " " + id);
@@ -357,6 +374,7 @@
break;
}
+ maybeStartDaemon();
id = getUniqueId();
if (resolveService(id, servInfo)) {
clientInfo.mResolvedService = new NsdServiceInfo();
@@ -513,6 +531,10 @@
}
}
+ private boolean isAnyRequestActive() {
+ return mIdToClientInfoMap.size() != 0;
+ }
+
private String unescape(String s) {
StringBuilder sb = new StringBuilder(s.length());
for (int i = 0; i < s.length(); ++i) {
@@ -538,7 +560,9 @@
}
@VisibleForTesting
- NsdService(Context ctx, NsdSettings settings, Handler handler, DaemonConnectionSupplier fn) {
+ NsdService(Context ctx, NsdSettings settings, Handler handler,
+ DaemonConnectionSupplier fn, long cleanupDelayMs) {
+ mCleanupDelayMs = cleanupDelayMs;
mContext = ctx;
mNsdSettings = settings;
mNsdStateMachine = new NsdStateMachine(TAG, handler);
@@ -552,7 +576,8 @@
HandlerThread thread = new HandlerThread(TAG);
thread.start();
Handler handler = new Handler(thread.getLooper());
- NsdService service = new NsdService(context, settings, handler, DaemonConnection::new);
+ NsdService service = new NsdService(context, settings, handler,
+ DaemonConnection::new, CLEANUP_DELAY_MS);
service.mDaemonCallback.awaitConnection();
return service;
}
@@ -681,12 +706,16 @@
@VisibleForTesting
public static class DaemonConnection {
final NativeDaemonConnector mNativeConnector;
+ boolean mIsStarted = false;
DaemonConnection(NativeCallbackReceiver callback) {
mNativeConnector = new NativeDaemonConnector(callback, "mdns", 10, MDNS_TAG, 25, null);
new Thread(mNativeConnector, MDNS_TAG).start();
}
+ /**
+ * Executes the specified cmd on the daemon.
+ */
public boolean execute(Object... args) {
if (DBG) {
Slog.d(TAG, "mdnssd " + Arrays.toString(args));
@@ -700,12 +729,26 @@
return true;
}
- public void start() {
+ /**
+ * Starts the daemon if it is not already started.
+ */
+ public void maybeStart() {
+ if (mIsStarted) {
+ return;
+ }
execute("start-service");
+ mIsStarted = true;
}
- public void stop() {
+ /**
+ * Stops the daemon if it is started.
+ */
+ public void maybeStop() {
+ if (!mIsStarted) {
+ return;
+ }
execute("stop-service");
+ mIsStarted = false;
}
}
@@ -864,6 +907,7 @@
}
mClientIds.clear();
mClientRequests.clear();
+ mNsdStateMachine.maybeScheduleStop();
}
// mClientIds is a sparse array of listener id -> mDnsClient id. For a given mDnsClient id,
diff --git a/services/core/java/com/android/server/VcnManagementService.java b/services/core/java/com/android/server/VcnManagementService.java
index 7fb164a..1718052 100644
--- a/services/core/java/com/android/server/VcnManagementService.java
+++ b/services/core/java/com/android/server/VcnManagementService.java
@@ -18,6 +18,7 @@
import static android.Manifest.permission.DUMP;
import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;
+import static android.net.NetworkCapabilities.TRANSPORT_TEST;
import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
import static android.net.vcn.VcnManager.VCN_STATUS_CODE_ACTIVE;
import static android.net.vcn.VcnManager.VCN_STATUS_CODE_INACTIVE;
@@ -36,6 +37,7 @@
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
+import android.content.pm.PackageManager;
import android.net.ConnectivityManager;
import android.net.LinkProperties;
import android.net.Network;
@@ -73,6 +75,7 @@
import com.android.internal.annotations.VisibleForTesting.Visibility;
import com.android.internal.util.IndentingPrintWriter;
import com.android.net.module.util.LocationPermissionChecker;
+import com.android.net.module.util.PermissionUtils;
import com.android.server.vcn.TelephonySubscriptionTracker;
import com.android.server.vcn.Vcn;
import com.android.server.vcn.VcnContext;
@@ -741,9 +744,10 @@
@NonNull IVcnUnderlyingNetworkPolicyListener listener) {
requireNonNull(listener, "listener was null");
- mContext.enforceCallingOrSelfPermission(
+ PermissionUtils.enforceAnyPermissionOf(
+ mContext,
android.Manifest.permission.NETWORK_FACTORY,
- "Must have permission NETWORK_FACTORY to register a policy listener");
+ android.Manifest.permission.MANAGE_TEST_NETWORKS);
Binder.withCleanCallingIdentity(() -> {
PolicyListenerBinderDeath listenerBinderDeath = new PolicyListenerBinderDeath(listener);
@@ -768,9 +772,10 @@
@NonNull IVcnUnderlyingNetworkPolicyListener listener) {
requireNonNull(listener, "listener was null");
- mContext.enforceCallingOrSelfPermission(
+ PermissionUtils.enforceAnyPermissionOf(
+ mContext,
android.Manifest.permission.NETWORK_FACTORY,
- "Must have permission NETWORK_FACTORY to unregister a policy listener");
+ android.Manifest.permission.MANAGE_TEST_NETWORKS);
Binder.withCleanCallingIdentity(() -> {
synchronized (mLock) {
@@ -821,10 +826,20 @@
requireNonNull(networkCapabilities, "networkCapabilities was null");
requireNonNull(linkProperties, "linkProperties was null");
- mContext.enforceCallingOrSelfPermission(
+ PermissionUtils.enforceAnyPermissionOf(
+ mContext,
android.Manifest.permission.NETWORK_FACTORY,
- "Must have permission NETWORK_FACTORY or be the SystemServer to get underlying"
- + " Network policies");
+ android.Manifest.permission.MANAGE_TEST_NETWORKS);
+
+ final boolean isUsingManageTestNetworks =
+ mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_FACTORY)
+ != PackageManager.PERMISSION_GRANTED;
+
+ if (isUsingManageTestNetworks && !networkCapabilities.hasTransport(TRANSPORT_TEST)) {
+ throw new IllegalStateException(
+ "NetworkCapabilities must be for Test Network if using permission"
+ + " MANAGE_TEST_NETWORKS");
+ }
return Binder.withCleanCallingIdentity(() -> {
// Defensive copy in case this call is in-process and the given NetworkCapabilities
diff --git a/services/core/java/com/android/server/accounts/OWNERS b/services/core/java/com/android/server/accounts/OWNERS
index 8dcc04a..df1b4f4 100644
--- a/services/core/java/com/android/server/accounts/OWNERS
+++ b/services/core/java/com/android/server/accounts/OWNERS
@@ -1,9 +1 @@
-carlosvaldivia@google.com
-dementyev@google.com
-sandrakwan@google.com
-hackbod@google.com
-svetoslavganov@google.com
-fkupolov@google.com
-yamasani@google.com
-omakoto@google.com
-
+include /core/java/android/accounts/OWNERS
diff --git a/services/core/java/com/android/server/compat/CompatConfig.java b/services/core/java/com/android/server/compat/CompatConfig.java
index 909ed11..6dca001 100644
--- a/services/core/java/com/android/server/compat/CompatConfig.java
+++ b/services/core/java/com/android/server/compat/CompatConfig.java
@@ -235,13 +235,11 @@
* @param packageName app for which the overrides will be applied.
*/
void addOverrides(CompatibilityOverrideConfig overrides, String packageName) {
- synchronized (mChanges) {
- for (Long changeId : overrides.overrides.keySet()) {
- addOverrideUnsafe(changeId, packageName, overrides.overrides.get(changeId));
- }
- saveOverrides();
- invalidateCache();
+ for (Long changeId : overrides.overrides.keySet()) {
+ addOverrideUnsafe(changeId, packageName, overrides.overrides.get(changeId));
}
+ saveOverrides();
+ invalidateCache();
}
private boolean addOverrideUnsafe(long changeId, String packageName,
@@ -335,27 +333,38 @@
/**
* Unsafe version of {@link #removeOverride(long, String)}.
- * It does not invalidate the cache nor save the overrides.
+ * It does not save the overrides.
*/
private boolean removeOverrideUnsafe(long changeId, String packageName) {
Long versionCode = getVersionCodeOrNull(packageName);
synchronized (mChanges) {
CompatChange c = mChanges.get(changeId);
if (c != null) {
- OverrideAllowedState allowedState =
- mOverrideValidator.getOverrideAllowedState(changeId, packageName);
- if (c.hasPackageOverride(packageName)) {
- allowedState.enforce(changeId, packageName);
- c.removePackageOverride(packageName, allowedState, versionCode);
- invalidateCache();
- return true;
- }
+ return removeOverrideUnsafe(c, packageName, versionCode);
}
}
return false;
}
/**
+ * Similar to {@link #removeOverrideUnsafe(long, String)} except this method receives a {@link
+ * CompatChange} directly as well as the package's version code.
+ */
+ private boolean removeOverrideUnsafe(CompatChange change, String packageName,
+ @Nullable Long versionCode) {
+ long changeId = change.getId();
+ OverrideAllowedState allowedState =
+ mOverrideValidator.getOverrideAllowedState(changeId, packageName);
+ if (change.hasPackageOverride(packageName)) {
+ allowedState.enforce(changeId, packageName);
+ change.removePackageOverride(packageName, allowedState, versionCode);
+ invalidateCache();
+ return true;
+ }
+ return false;
+ }
+
+ /**
* Removes all overrides previously added via {@link #addOverride(long, String, boolean)} or
* {@link #addOverrides(CompatibilityOverrideConfig, String)} for a certain package.
*
@@ -364,10 +373,11 @@
* @param packageName the package for which the overrides should be purged
*/
void removePackageOverrides(String packageName) {
+ Long versionCode = getVersionCodeOrNull(packageName);
synchronized (mChanges) {
for (int i = 0; i < mChanges.size(); ++i) {
CompatChange change = mChanges.valueAt(i);
- removeOverrideUnsafe(change.getId(), packageName);
+ removeOverrideUnsafe(change, packageName, versionCode);
}
saveOverrides();
invalidateCache();
@@ -386,13 +396,11 @@
*/
void removePackageOverrides(CompatibilityOverridesToRemoveConfig overridesToRemove,
String packageName) {
- synchronized (mChanges) {
- for (Long changeId : overridesToRemove.changeIds) {
- removeOverrideUnsafe(changeId, packageName);
- }
- saveOverrides();
- invalidateCache();
+ for (Long changeId : overridesToRemove.changeIds) {
+ removeOverrideUnsafe(changeId, packageName);
}
+ saveOverrides();
+ invalidateCache();
}
private long[] getAllowedChangesSinceTargetSdkForPackage(String packageName,
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index a90dcab..05ba9da 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -348,6 +348,7 @@
import com.android.server.SystemConfig;
import com.android.server.SystemServerInitThreadPool;
import com.android.server.Watchdog;
+import com.android.server.compat.CompatChange;
import com.android.server.compat.PlatformCompat;
import com.android.server.net.NetworkPolicyManagerInternal;
import com.android.server.pm.Installer.InstallerException;
@@ -2612,39 +2613,43 @@
PackageManagerService m = new PackageManagerService(injector, onlyCore, factoryTest);
t.traceEnd(); // "create package manager"
- injector.getCompatibility().registerListener(SELinuxMMAC.SELINUX_LATEST_CHANGES,
- packageName -> {
- synchronized (m.mInstallLock) {
- final AndroidPackage pkg;
- final PackageSetting ps;
- final SharedUserSetting sharedUser;
- final String oldSeInfo;
- synchronized (m.mLock) {
- ps = m.mSettings.getPackageLPr(packageName);
- if (ps == null) {
- Slog.e(TAG, "Failed to find package setting " + packageName);
- return;
- }
- pkg = ps.pkg;
- sharedUser = ps.getSharedUser();
- oldSeInfo = AndroidPackageUtils.getSeInfo(pkg, ps);
- }
-
- if (pkg == null) {
- Slog.e(TAG, "Failed to find package " + packageName);
- return;
- }
- final String newSeInfo = SELinuxMMAC.getSeInfo(pkg, sharedUser,
- m.mInjector.getCompatibility());
-
- if (!newSeInfo.equals(oldSeInfo)) {
- Slog.i(TAG, "Updating seInfo for package " + packageName + " from: "
- + oldSeInfo + " to: " + newSeInfo);
- ps.getPkgState().setOverrideSeInfo(newSeInfo);
- m.prepareAppDataAfterInstallLIF(pkg);
- }
+ final CompatChange.ChangeListener selinuxChangeListener = packageName -> {
+ synchronized (m.mInstallLock) {
+ final AndroidPackage pkg;
+ final PackageSetting ps;
+ final SharedUserSetting sharedUser;
+ final String oldSeInfo;
+ synchronized (m.mLock) {
+ ps = m.mSettings.getPackageLPr(packageName);
+ if (ps == null) {
+ Slog.e(TAG, "Failed to find package setting " + packageName);
+ return;
}
- });
+ pkg = ps.pkg;
+ sharedUser = ps.getSharedUser();
+ oldSeInfo = AndroidPackageUtils.getSeInfo(pkg, ps);
+ }
+
+ if (pkg == null) {
+ Slog.e(TAG, "Failed to find package " + packageName);
+ return;
+ }
+ final String newSeInfo = SELinuxMMAC.getSeInfo(pkg, sharedUser,
+ m.mInjector.getCompatibility());
+
+ if (!newSeInfo.equals(oldSeInfo)) {
+ Slog.i(TAG, "Updating seInfo for package " + packageName + " from: "
+ + oldSeInfo + " to: " + newSeInfo);
+ ps.getPkgState().setOverrideSeInfo(newSeInfo);
+ m.prepareAppDataAfterInstallLIF(pkg);
+ }
+ }
+ };
+
+ injector.getCompatibility().registerListener(SELinuxMMAC.SELINUX_LATEST_CHANGES,
+ selinuxChangeListener);
+ injector.getCompatibility().registerListener(SELinuxMMAC.SELINUX_R_CHANGES,
+ selinuxChangeListener);
m.installWhitelistedSystemPackages();
ServiceManager.addService("package", m);
diff --git a/services/core/java/com/android/server/pm/SELinuxMMAC.java b/services/core/java/com/android/server/pm/SELinuxMMAC.java
index fdd9636..c5fbfba 100644
--- a/services/core/java/com/android/server/pm/SELinuxMMAC.java
+++ b/services/core/java/com/android/server/pm/SELinuxMMAC.java
@@ -18,6 +18,7 @@
import android.compat.annotation.ChangeId;
import android.compat.annotation.EnabledAfter;
+import android.content.pm.ApplicationInfo;
import android.content.pm.PackageParser.SigningDetails;
import android.content.pm.Signature;
import android.os.Environment;
@@ -77,9 +78,21 @@
private static final String TARGETSDKVERSION_STR = ":targetSdkVersion=";
/**
- * This change gates apps access to untrusted_app_R-targetSDk SELinux domain. Allows opt-in
+ * Allows opt-in to the latest targetSdkVersion enforced changes without changing target SDK.
+ * Turning this change off for an app targeting the latest SDK is a no-op.
+ *
+ * <p>Has no effect for apps using shared user id.
+ *
+ * TODO(b/143539591): Update description with relevant SELINUX changes this opts in to.
+ */
+ @EnabledAfter(targetSdkVersion = android.os.Build.VERSION_CODES.R)
+ @ChangeId
+ static final long SELINUX_LATEST_CHANGES = 143539591L;
+
+ /**
+ * This change gates apps access to untrusted_app_R-targetSDK SELinux domain. Allows opt-in
* to R targetSdkVersion enforced changes without changing target SDK. Turning this change
- * off for an app targeting R is a no-op.
+ * off for an app targeting S is a no-op.
*
* <p>Has no effect for apps using shared user id.
*
@@ -87,7 +100,7 @@
*/
@EnabledAfter(targetSdkVersion = android.os.Build.VERSION_CODES.Q)
@ChangeId
- static final long SELINUX_LATEST_CHANGES = 143539591L;
+ static final long SELINUX_R_CHANGES = 168782947L;
// Only initialize sMacPermissions once.
static {
@@ -349,9 +362,11 @@
if ((sharedUserSetting != null) && (sharedUserSetting.packages.size() != 0)) {
return sharedUserSetting.seInfoTargetSdkVersion;
}
- if (compatibility.isChangeEnabledInternal(SELINUX_LATEST_CHANGES,
- pkg.toAppInfoWithoutState())) {
- return android.os.Build.VERSION_CODES.R;
+ final ApplicationInfo appInfo = pkg.toAppInfoWithoutState();
+ if (compatibility.isChangeEnabledInternal(SELINUX_LATEST_CHANGES, appInfo)) {
+ return android.os.Build.VERSION_CODES.S;
+ } else if (compatibility.isChangeEnabledInternal(SELINUX_R_CHANGES, appInfo)) {
+ return Math.max(android.os.Build.VERSION_CODES.R, pkg.getTargetSdkVersion());
}
return pkg.getTargetSdkVersion();
diff --git a/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java
index a550b27..f1930d7 100644
--- a/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java
@@ -44,7 +44,8 @@
public class SELinuxMMACTest {
private static final String PACKAGE_NAME = "my.package";
- private static final int OPT_IN_VERSION = Build.VERSION_CODES.R;
+ private static final int LATEST_OPT_IN_VERSION = Build.VERSION_CODES.S;
+ private static final int R_OPT_IN_VERSION = Build.VERSION_CODES.R;
@Mock
PlatformCompat mMockCompatibility;
@@ -56,7 +57,17 @@
argThat(argument -> argument.packageName.equals(pkg.getPackageName()))))
.thenReturn(true);
assertThat(SELinuxMMAC.getSeInfo(pkg, null, mMockCompatibility),
- is("default:targetSdkVersion=" + OPT_IN_VERSION));
+ is("default:targetSdkVersion=" + LATEST_OPT_IN_VERSION));
+ }
+
+ @Test
+ public void getSeInfoOptInToR() {
+ AndroidPackage pkg = makePackage(Build.VERSION_CODES.P);
+ when(mMockCompatibility.isChangeEnabledInternal(eq(SELinuxMMAC.SELINUX_R_CHANGES),
+ argThat(argument -> argument.packageName.equals(pkg.getPackageName()))))
+ .thenReturn(true);
+ assertThat(SELinuxMMAC.getSeInfo(pkg, null, mMockCompatibility),
+ is("default:targetSdkVersion=" + R_OPT_IN_VERSION));
}
@Test
@@ -70,13 +81,33 @@
}
@Test
- public void getSeInfoNoOptInButAlreadyR() {
- AndroidPackage pkg = makePackage(OPT_IN_VERSION);
+ public void getSeInfoNoOptInButAlreadyLatest() {
+ AndroidPackage pkg = makePackage(LATEST_OPT_IN_VERSION);
when(mMockCompatibility.isChangeEnabledInternal(eq(SELinuxMMAC.SELINUX_LATEST_CHANGES),
argThat(argument -> argument.packageName.equals(pkg.getPackageName()))))
.thenReturn(false);
assertThat(SELinuxMMAC.getSeInfo(pkg, null, mMockCompatibility),
- is("default:targetSdkVersion=" + OPT_IN_VERSION));
+ is("default:targetSdkVersion=" + LATEST_OPT_IN_VERSION));
+ }
+
+ @Test
+ public void getSeInfoNoOptInButAlreadyR() {
+ AndroidPackage pkg = makePackage(R_OPT_IN_VERSION);
+ when(mMockCompatibility.isChangeEnabledInternal(eq(SELinuxMMAC.SELINUX_R_CHANGES),
+ argThat(argument -> argument.packageName.equals(pkg.getPackageName()))))
+ .thenReturn(false);
+ assertThat(SELinuxMMAC.getSeInfo(pkg, null, mMockCompatibility),
+ is("default:targetSdkVersion=" + R_OPT_IN_VERSION));
+ }
+
+ @Test
+ public void getSeInfoOptInRButLater() {
+ AndroidPackage pkg = makePackage(R_OPT_IN_VERSION + 1);
+ when(mMockCompatibility.isChangeEnabledInternal(eq(SELinuxMMAC.SELINUX_R_CHANGES),
+ argThat(argument -> argument.packageName.equals(pkg.getPackageName()))))
+ .thenReturn(true);
+ assertThat(SELinuxMMAC.getSeInfo(pkg, null, mMockCompatibility),
+ is("default:targetSdkVersion=" + (R_OPT_IN_VERSION + 1)));
}
private AndroidPackage makePackage(int targetSdkVersion) {
diff --git a/telecomm/java/android/telecom/Connection.java b/telecomm/java/android/telecom/Connection.java
index ae5db3d..52d560c 100644
--- a/telecomm/java/android/telecom/Connection.java
+++ b/telecomm/java/android/telecom/Connection.java
@@ -1718,11 +1718,13 @@
public abstract void onSetDeviceOrientation(int rotation);
/**
- * Sets camera zoom ratio.
+ * Sets the camera zoom ratio.
* <p>
* Sent from the {@link InCallService} via {@link InCallService.VideoCall#setZoom(float)}.
*
- * @param value The camera zoom ratio.
+ * @param value The camera zoom ratio; for the current camera, should be a value in the
+ * range defined by
+ * {@link android.hardware.camera2.CameraCharacteristics#CONTROL_ZOOM_RATIO_RANGE}.
*/
public abstract void onSetZoom(float value);
diff --git a/telecomm/java/android/telecom/InCallService.java b/telecomm/java/android/telecom/InCallService.java
index 0ff288b..5e3d26a 100644
--- a/telecomm/java/android/telecom/InCallService.java
+++ b/telecomm/java/android/telecom/InCallService.java
@@ -764,11 +764,13 @@
public abstract void setDeviceOrientation(int rotation);
/**
- * Sets camera zoom ratio.
+ * Sets the camera zoom ratio.
* <p>
* Handled by {@link Connection.VideoProvider#onSetZoom(float)}.
*
- * @param value The camera zoom ratio.
+ * @param value The camera zoom ratio; for the current camera, should be a value in the
+ * range defined by
+ * {@link android.hardware.camera2.CameraCharacteristics#CONTROL_ZOOM_RATIO_RANGE}.
*/
public abstract void setZoom(float value);
diff --git a/telephony/java/android/telephony/CarrierConfigManager.java b/telephony/java/android/telephony/CarrierConfigManager.java
index f96c243..93b54c2 100644
--- a/telephony/java/android/telephony/CarrierConfigManager.java
+++ b/telephony/java/android/telephony/CarrierConfigManager.java
@@ -3398,6 +3398,21 @@
"additional_nr_advanced_bands_int_array";
/**
+ * This configuration allows the framework to control the NR advanced capable by protocol
+ * configuration options(PCO).
+ *
+ * If this config is 0, then the nr advanced capable is enabled.
+ * If this config is not 0 and PCO container with this config's address is 1, then the nr
+ * advanced capable is enabled.
+ * If this config is not 0 and PCO container with this config's address is 0, then the nr
+ * advanced capable is disabled.
+ *
+ * @hide
+ */
+ public static final String KEY_NR_ADVANCED_CAPABLE_PCO_ID_INT =
+ "nr_advanced_capable_pco_id_int";
+
+ /**
* Controls time in milliseconds until DcTracker reevaluates 5G connection state.
* @hide
*/
@@ -4889,6 +4904,7 @@
/* Default value is 1 hour. */
sDefaults.putLong(KEY_5G_WATCHDOG_TIME_MS_LONG, 3600000);
sDefaults.putIntArray(KEY_ADDITIONAL_NR_ADVANCED_BANDS_INT_ARRAY, new int[0]);
+ sDefaults.putInt(KEY_NR_ADVANCED_CAPABLE_PCO_ID_INT, 0);
sDefaults.putBoolean(KEY_UNMETERED_NR_NSA_BOOL, false);
sDefaults.putBoolean(KEY_UNMETERED_NR_NSA_MMWAVE_BOOL, false);
sDefaults.putBoolean(KEY_UNMETERED_NR_NSA_SUB6_BOOL, false);
diff --git a/telephony/java/android/telephony/SubscriptionManager.java b/telephony/java/android/telephony/SubscriptionManager.java
index 06a2648..9d4db17 100644
--- a/telephony/java/android/telephony/SubscriptionManager.java
+++ b/telephony/java/android/telephony/SubscriptionManager.java
@@ -2765,7 +2765,8 @@
* @param subId the subscriber this override applies to.
* @param overrideUnmetered set if the billing relationship should be
* considered unmetered.
- * @param networkTypes the network types this override applies to.
+ * @param networkTypes the network types this override applies to. If no
+ * network types are specified, override values will be ignored.
* {@see TelephonyManager#getAllNetworkTypes()}
* @param timeoutMillis the timeout after which the requested override will
* be automatically cleared, or {@code 0} to leave in the
@@ -2829,7 +2830,8 @@
* @param subId the subscriber this override applies to.
* @param overrideCongested set if the subscription should be considered
* congested.
- * @param networkTypes the network types this override applies to.
+ * @param networkTypes the network types this override applies to. If no
+ * network types are specified, override values will be ignored.
* {@see TelephonyManager#getAllNetworkTypes()}
* @param timeoutMillis the timeout after which the requested override will
* be automatically cleared, or {@code 0} to leave in the
diff --git a/telephony/java/android/telephony/TelephonyManager.java b/telephony/java/android/telephony/TelephonyManager.java
index 4cc6c3d..93b70ae 100644
--- a/telephony/java/android/telephony/TelephonyManager.java
+++ b/telephony/java/android/telephony/TelephonyManager.java
@@ -14481,6 +14481,15 @@
public static final String CAPABILITY_SIM_PHONEBOOK_IN_MODEM =
"CAPABILITY_SIM_PHONEBOOK_IN_MODEM";
+ /**
+ * Indicates whether PHYSICAL_CHANNEL_CONFIG HAL1.6 is supported. See comments on
+ * respective methods for more information.
+ *
+ * @hide
+ */
+ public static final String CAPABILITY_PHYSICAL_CHANNEL_CONFIG_1_6_SUPPORTED =
+ "CAPABILITY_PHYSICAL_CHANNEL_CONFIG_1_6_SUPPORTED";
+
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@StringDef(prefix = "CAPABILITY_", value = {
diff --git a/tests/vcn/java/com/android/server/VcnManagementServiceTest.java b/tests/vcn/java/com/android/server/VcnManagementServiceTest.java
index 3360d40..b7a6d0f 100644
--- a/tests/vcn/java/com/android/server/VcnManagementServiceTest.java
+++ b/tests/vcn/java/com/android/server/VcnManagementServiceTest.java
@@ -57,6 +57,7 @@
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
+import android.content.pm.PackageManager;
import android.net.ConnectivityManager;
import android.net.LinkProperties;
import android.net.Network;
@@ -707,10 +708,9 @@
@Test(expected = SecurityException.class)
public void testAddVcnUnderlyingNetworkPolicyListenerInvalidPermission() {
- doThrow(new SecurityException())
+ doReturn(PackageManager.PERMISSION_DENIED)
.when(mMockContext)
- .enforceCallingOrSelfPermission(
- eq(android.Manifest.permission.NETWORK_FACTORY), any());
+ .checkCallingOrSelfPermission(any());
mVcnMgmtSvc.addVcnUnderlyingNetworkPolicyListener(mMockPolicyListener);
}
@@ -724,10 +724,9 @@
@Test(expected = SecurityException.class)
public void testRemoveVcnUnderlyingNetworkPolicyListenerInvalidPermission() {
- doThrow(new SecurityException())
+ doReturn(PackageManager.PERMISSION_DENIED)
.when(mMockContext)
- .enforceCallingOrSelfPermission(
- eq(android.Manifest.permission.NETWORK_FACTORY), any());
+ .checkCallingOrSelfPermission(any());
mVcnMgmtSvc.removeVcnUnderlyingNetworkPolicyListener(mMockPolicyListener);
}
@@ -919,10 +918,9 @@
@Test(expected = SecurityException.class)
public void testGetUnderlyingNetworkPolicyInvalidPermission() {
- doThrow(new SecurityException())
+ doReturn(PackageManager.PERMISSION_DENIED)
.when(mMockContext)
- .enforceCallingOrSelfPermission(
- eq(android.Manifest.permission.NETWORK_FACTORY), any());
+ .checkCallingOrSelfPermission(any());
mVcnMgmtSvc.getUnderlyingNetworkPolicy(new NetworkCapabilities(), new LinkProperties());
}