Merge "Add owners to view_flags.aconfig" into main
diff --git a/MULTIUSER_OWNERS b/MULTIUSER_OWNERS
index b8857ec..1738a35 100644
--- a/MULTIUSER_OWNERS
+++ b/MULTIUSER_OWNERS
@@ -3,7 +3,5 @@
bookatz@google.com
nykkumar@google.com
olilan@google.com
-omakoto@google.com
tetianameronyk@google.com
tyk@google.com
-yamasani@google.com
diff --git a/OWNERS b/OWNERS
index afa60be..eb2bfcf 100644
--- a/OWNERS
+++ b/OWNERS
@@ -7,8 +7,6 @@
hackbod@android.com #{LAST_RESORT_SUGGESTION}
hackbod@google.com #{LAST_RESORT_SUGGESTION}
jjaggi@google.com #{LAST_RESORT_SUGGESTION}
-jsharkey@android.com #{LAST_RESORT_SUGGESTION}
-jsharkey@google.com #{LAST_RESORT_SUGGESTION}
lorenzo@google.com #{LAST_RESORT_SUGGESTION}
michaelwr@google.com #{LAST_RESORT_SUGGESTION}
nandana@google.com #{LAST_RESORT_SUGGESTION}
@@ -33,19 +31,19 @@
per-file TestProtoLibraries.bp = file:platform/platform_testing:/libraries/health/OWNERS
per-file TestProtoLibraries.bp = file:platform/tools/tradefederation:/OWNERS
-per-file INPUT_OWNERS = file:/INPUT_OWNERS
-per-file ZYGOTE_OWNERS = file:/ZYGOTE_OWNERS
-per-file SQLITE_OWNERS = file:/SQLITE_OWNERS
-
per-file *ravenwood* = file:ravenwood/OWNERS
per-file *Ravenwood* = file:ravenwood/OWNERS
+per-file INPUT_OWNERS = file:/INPUT_OWNERS
+per-file ZYGOTE_OWNERS = file:/ZYGOTE_OWNERS
+per-file SQLITE_OWNERS = file:/SQLITE_OWNERS
per-file PERFORMANCE_OWNERS = file:/PERFORMANCE_OWNERS
-
per-file PACKAGE_MANAGER_OWNERS = file:/PACKAGE_MANAGER_OWNERS
-
per-file WEAR_OWNERS = file:/WEAR_OWNERS
-
+per-file ACTIVITY_MANAGER_OWNERS = file:/ACTIVITY_MANAGER_OWNERS
+per-file BATTERY_STATS_OWNERS = file:/BATTERY_STATS_OWNERS
+per-file OOM_ADJUSTER_OWNERS = file:/OOM_ADJUSTER_OWNERS
+per-file MULTIUSER_OWNERS = file:/MULTIUSER_OWNERS
+per-file BROADCASTS_OWNERS = file:/BROADCASTS_OWNERS
per-file ADPF_OWNERS = file:/ADPF_OWNERS
-
per-file GAME_MANAGER_OWNERS = file:/GAME_MANAGER_OWNERS
diff --git a/apex/jobscheduler/service/java/com/android/server/DeviceIdleController.java b/apex/jobscheduler/service/java/com/android/server/DeviceIdleController.java
index c1894f0..a37779e 100644
--- a/apex/jobscheduler/service/java/com/android/server/DeviceIdleController.java
+++ b/apex/jobscheduler/service/java/com/android/server/DeviceIdleController.java
@@ -3568,7 +3568,7 @@
Slog.i(TAG, "becomeActiveLocked, reason=" + activeReason
+ ", changeLightIdle=" + changeLightIdle);
}
- if (mState != STATE_ACTIVE || mLightState != STATE_ACTIVE) {
+ if (mState != STATE_ACTIVE || mLightState != LIGHT_STATE_ACTIVE) {
moveToStateLocked(STATE_ACTIVE, activeReason);
mInactiveTimeout = newInactiveTimeout;
resetIdleManagementLocked();
diff --git a/core/api/current.txt b/core/api/current.txt
index e2feb20..2c4c146 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -10740,6 +10740,7 @@
field public static final String IPSEC_SERVICE = "ipsec";
field public static final String JOB_SCHEDULER_SERVICE = "jobscheduler";
field public static final String KEYGUARD_SERVICE = "keyguard";
+ field @FlaggedApi("android.security.keystore_grant_api") public static final String KEYSTORE_SERVICE = "keystore";
field public static final String LAUNCHER_APPS_SERVICE = "launcherapps";
field @UiContext public static final String LAYOUT_INFLATER_SERVICE = "layout_inflater";
field public static final String LOCALE_SERVICE = "locale";
@@ -39946,6 +39947,14 @@
method @NonNull public android.security.keystore.KeyProtection.Builder setUserPresenceRequired(boolean);
}
+ @FlaggedApi("android.security.keystore_grant_api") public class KeyStoreManager {
+ method @NonNull public java.util.List<java.security.cert.X509Certificate> getGrantedCertificateChainFromId(long) throws android.security.keystore.KeyPermanentlyInvalidatedException, java.security.UnrecoverableKeyException;
+ method @NonNull public java.security.Key getGrantedKeyFromId(long) throws android.security.keystore.KeyPermanentlyInvalidatedException, java.security.UnrecoverableKeyException;
+ method @NonNull public java.security.KeyPair getGrantedKeyPairFromId(long) throws android.security.keystore.KeyPermanentlyInvalidatedException, java.security.UnrecoverableKeyException;
+ method public long grantKeyAccess(@NonNull String, int) throws android.security.KeyStoreException, java.security.UnrecoverableKeyException;
+ method public void revokeKeyAccess(@NonNull String, int) throws android.security.KeyStoreException, java.security.UnrecoverableKeyException;
+ }
+
public class SecureKeyImportUnavailableException extends java.security.ProviderException {
ctor public SecureKeyImportUnavailableException();
ctor public SecureKeyImportUnavailableException(String);
diff --git a/core/java/android/app/OWNERS b/core/java/android/app/OWNERS
index ba71afb..6e4c28f 100644
--- a/core/java/android/app/OWNERS
+++ b/core/java/android/app/OWNERS
@@ -3,50 +3,54 @@
per-file ContextImpl.java = *
# ActivityManager
-per-file ActivityManager* = file:/services/core/java/com/android/server/am/OWNERS
-per-file *ApplicationStartInfo* = file:/services/core/java/com/android/server/am/OWNERS
-per-file ApplicationErrorReport* = file:/services/core/java/com/android/server/am/OWNERS
-per-file ApplicationExitInfo* = file:/services/core/java/com/android/server/am/OWNERS
-per-file Application.java = file:/services/core/java/com/android/server/am/OWNERS
-per-file ApplicationLoaders.java = file:/services/core/java/com/android/server/am/OWNERS
-per-file ApplicationThreadConstants.java = file:/services/core/java/com/android/server/am/OWNERS
-per-file ContentProviderHolder* = file:/services/core/java/com/android/server/am/OWNERS
-per-file *ForegroundService* = file:/services/core/java/com/android/server/am/OWNERS
-per-file IActivityController.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IActivityManager.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IApplicationThread.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IAppTraceRetriever.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IForegroundServiceObserver.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IInstrumentationWatcher.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IntentService.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IServiceConnection.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IStopUserCallback.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file IUidObserver.aidl = file:/services/core/java/com/android/server/am/OWNERS
-per-file LoadedApk.java = file:/services/core/java/com/android/server/am/OWNERS
-per-file LocalActivityManager.java = file:/services/core/java/com/android/server/am/OWNERS
-per-file PendingIntent* = file:/services/core/java/com/android/server/am/OWNERS
-per-file *Process* = file:/services/core/java/com/android/server/am/OWNERS
-per-file ProfilerInfo* = file:/services/core/java/com/android/server/am/OWNERS
-per-file Service* = file:/services/core/java/com/android/server/am/OWNERS
-per-file SystemServiceRegistry.java = file:/services/core/java/com/android/server/am/OWNERS
-per-file *UserSwitchObserver* = file:/services/core/java/com/android/server/am/OWNERS
+per-file ActivityManager* = file:/ACTIVITY_MANAGER_OWNERS
+per-file Application.java = file:/ACTIVITY_MANAGER_OWNERS
+per-file ApplicationErrorReport* = file:/ACTIVITY_MANAGER_OWNERS
+per-file ApplicationLoaders.java = file:/ACTIVITY_MANAGER_OWNERS
+per-file ApplicationThreadConstants.java = file:/ACTIVITY_MANAGER_OWNERS
+per-file ContentProviderHolder* = file:/ACTIVITY_MANAGER_OWNERS
+per-file *ForegroundService* = file:/ACTIVITY_MANAGER_OWNERS
+per-file IActivityController.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IActivityManager.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IApplicationThread.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IAppTraceRetriever.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IForegroundServiceObserver.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IInstrumentationWatcher.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IntentService.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IServiceConnection.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IStopUserCallback.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file IUidObserver.aidl = file:/ACTIVITY_MANAGER_OWNERS
+per-file LoadedApk.java = file:/ACTIVITY_MANAGER_OWNERS
+per-file LocalActivityManager.java = file:/ACTIVITY_MANAGER_OWNERS
+per-file PendingIntent* = file:/ACTIVITY_MANAGER_OWNERS
+per-file *Process* = file:/ACTIVITY_MANAGER_OWNERS
+per-file ProfilerInfo* = file:/ACTIVITY_MANAGER_OWNERS
+per-file Service* = file:/ACTIVITY_MANAGER_OWNERS
+per-file SystemServiceRegistry.java = file:/ACTIVITY_MANAGER_OWNERS
+per-file *UserSwitchObserver* = file:/ACTIVITY_MANAGER_OWNERS
+
+# UI Automation
per-file *UiAutomation* = file:/services/accessibility/OWNERS
per-file *UiAutomation* = file:/core/java/android/permission/OWNERS
+
+# Game Manager
per-file GameManager* = file:/GAME_MANAGER_OWNERS
per-file GameMode* = file:/GAME_MANAGER_OWNERS
per-file GameState* = file:/GAME_MANAGER_OWNERS
per-file IGameManager* = file:/GAME_MANAGER_OWNERS
per-file IGameMode* = file:/GAME_MANAGER_OWNERS
+
+# Background Starts
per-file BackgroundStartPrivileges.java = file:/BAL_OWNERS
per-file activity_manager.aconfig = file:/ACTIVITY_MANAGER_OWNERS
# ActivityThread
-per-file ActivityThread.java = file:/services/core/java/com/android/server/am/OWNERS
+per-file ActivityThread.java = file:/ACTIVITY_MANAGER_OWNERS
per-file ActivityThread.java = file:/services/core/java/com/android/server/wm/OWNERS
per-file ActivityThread.java = file:RESOURCES_OWNERS
# Alarm
-per-file *Alarm* = file:/apex/jobscheduler/OWNERS
+per-file *Alarm* = file:/apex/jobscheduler/ALARM_OWNERS
# AppOps
per-file *AppOp* = file:/core/java/android/permission/OWNERS
@@ -97,6 +101,8 @@
# Performance
per-file PropertyInvalidatedCache.java = file:/PERFORMANCE_OWNERS
+per-file *ApplicationStartInfo* = file:/PERFORMANCE_OWNERS
+per-file ApplicationExitInfo* = file:/PERFORMANCE_OWNERS
per-file performance.aconfig = file:/PERFORMANCE_OWNERS
# Pinner
diff --git a/core/java/android/app/SystemServiceRegistry.java b/core/java/android/app/SystemServiceRegistry.java
index 8f298db..093dad6 100644
--- a/core/java/android/app/SystemServiceRegistry.java
+++ b/core/java/android/app/SystemServiceRegistry.java
@@ -66,8 +66,6 @@
import android.companion.virtual.IVirtualDeviceManager;
import android.companion.virtual.VirtualDeviceManager;
import android.compat.Compatibility;
-import android.compat.annotation.ChangeId;
-import android.compat.annotation.EnabledSince;
import android.content.ClipboardManager;
import android.content.ContentCaptureOptions;
import android.content.Context;
@@ -162,8 +160,7 @@
import android.net.PacProxyManager;
import android.net.TetheringManager;
import android.net.VpnManager;
-import android.net.vcn.IVcnManagementService;
-import android.net.vcn.VcnManager;
+import android.net.vcn.VcnFrameworkInitializer;
import android.net.wifi.WifiFrameworkInitializer;
import android.net.wifi.nl80211.WifiNl80211Manager;
import android.net.wifi.sharedconnectivity.app.SharedConnectivityManager;
@@ -198,7 +195,6 @@
import android.os.ServiceManager.ServiceNotFoundException;
import android.os.StatsFrameworkInitializer;
import android.os.SystemConfigManager;
-import android.os.SystemProperties;
import android.os.SystemUpdateManager;
import android.os.SystemVibrator;
import android.os.SystemVibratorManager;
@@ -227,6 +223,7 @@
import android.security.IFileIntegrityService;
import android.security.attestationverification.AttestationVerificationManager;
import android.security.attestationverification.IAttestationVerificationManagerService;
+import android.security.keystore.KeyStoreManager;
import android.service.oemlock.IOemLockService;
import android.service.oemlock.OemLockManager;
import android.service.persistentdata.IPersistentDataBlockService;
@@ -289,28 +286,6 @@
/** @hide */
public static boolean sEnableServiceNotFoundWtf = false;
- /**
- * Starting with {@link VANILLA_ICE_CREAM}, Telephony feature flags
- * (e.g. {@link PackageManager#FEATURE_TELEPHONY_SUBSCRIPTION}) are being checked before
- * returning managers that depend on them. If the feature is missing,
- * {@link Context#getSystemService} will return null.
- *
- * This change is specific to VcnManager.
- */
- @ChangeId
- @EnabledSince(targetSdkVersion = Build.VERSION_CODES.VANILLA_ICE_CREAM)
- static final long ENABLE_CHECKING_TELEPHONY_FEATURES_FOR_VCN = 330902016;
-
- /**
- * The corresponding vendor API for Android V
- *
- * <p>Starting with Android V, the vendor API format has switched to YYYYMM.
- *
- * @see <a href="https://preview.source.android.com/docs/core/architecture/api-flags">Vendor API
- * level</a>
- */
- private static final int VENDOR_API_FOR_ANDROID_V = 202404;
-
// Service registry information.
// This information is never changed once static initialization has completed.
private static final Map<Class<?>, String> SYSTEM_SERVICE_NAMES =
@@ -472,22 +447,6 @@
return new VpnManager(ctx, service);
}});
- registerService(Context.VCN_MANAGEMENT_SERVICE, VcnManager.class,
- new CachedServiceFetcher<VcnManager>() {
- @Override
- public VcnManager createService(ContextImpl ctx) throws ServiceNotFoundException {
- final String telephonyFeatureToCheck = getVcnFeatureDependency();
-
- if (telephonyFeatureToCheck != null
- && !ctx.getPackageManager().hasSystemFeature(telephonyFeatureToCheck)) {
- return null;
- }
-
- IBinder b = ServiceManager.getService(Context.VCN_MANAGEMENT_SERVICE);
- IVcnManagementService service = IVcnManagementService.Stub.asInterface(b);
- return new VcnManager(ctx, service);
- }});
-
registerService(Context.COUNTRY_DETECTOR, CountryDetector.class,
new StaticServiceFetcher<CountryDetector>() {
@Override
@@ -1668,6 +1627,17 @@
}
});
+ registerService(Context.KEYSTORE_SERVICE, KeyStoreManager.class,
+ new StaticServiceFetcher<KeyStoreManager>() {
+ @Override
+ public KeyStoreManager createService()
+ throws ServiceNotFoundException {
+ if (!android.security.Flags.keystoreGrantApi()) {
+ throw new ServiceNotFoundException("KeyStoreManager is not supported");
+ }
+ return KeyStoreManager.getInstance();
+ }});
+
registerService(Context.CONTACT_KEYS_SERVICE, E2eeContactKeysManager.class,
new CachedServiceFetcher<E2eeContactKeysManager>() {
@Override
@@ -1721,6 +1691,8 @@
OnDevicePersonalizationFrameworkInitializer.registerServiceWrappers();
DeviceLockFrameworkInitializer.registerServiceWrappers();
VirtualizationFrameworkInitializer.registerServiceWrappers();
+ VcnFrameworkInitializer.registerServiceWrappers();
+
if (com.android.server.telecom.flags.Flags.telecomMainlineBlockedNumbersManager()) {
ProviderFrameworkInitializer.registerServiceWrappers();
}
@@ -1782,30 +1754,6 @@
return manager.hasSystemFeature(featureName);
}
- // Suppressing AndroidFrameworkCompatChange because we're querying vendor
- // partition SDK level, not application's target SDK version (which BTW we
- // also check through Compatibility framework a few lines below).
- @SuppressWarnings("AndroidFrameworkCompatChange")
- @Nullable
- private static String getVcnFeatureDependency() {
- // Check SDK version of the client app. Apps targeting pre-V SDK might
- // have not checked for existence of these features.
- if (!Compatibility.isChangeEnabled(ENABLE_CHECKING_TELEPHONY_FEATURES_FOR_VCN)) {
- return null;
- }
-
- // Check SDK version of the vendor partition. Pre-V devices might have
- // incorrectly under-declared telephony features.
- final int vendorApiLevel = SystemProperties.getInt(
- "ro.vendor.api_level", Build.VERSION.DEVICE_INITIAL_SDK_INT);
- if (vendorApiLevel < VENDOR_API_FOR_ANDROID_V) {
- return PackageManager.FEATURE_TELEPHONY;
- } else {
- return PackageManager.FEATURE_TELEPHONY_SUBSCRIPTION;
- }
-
- }
-
/**
* Gets a system service from a given context.
* @hide
diff --git a/core/java/android/content/Context.java b/core/java/android/content/Context.java
index 4050b82..36bdf73 100644
--- a/core/java/android/content/Context.java
+++ b/core/java/android/content/Context.java
@@ -4753,6 +4753,18 @@
/**
* Use with {@link #getSystemService(String)} to retrieve a {@link
+ * android.security.keystore.KeyStoreManager} for accessing
+ * <a href="/privacy-and-security/keystore">Android Keystore</a>
+ * functions.
+ *
+ * @see #getSystemService(String)
+ * @see android.security.keystore.KeyStoreManager
+ */
+ @FlaggedApi(android.security.Flags.FLAG_KEYSTORE_GRANT_API)
+ public static final String KEYSTORE_SERVICE = "keystore";
+
+ /**
+ * Use with {@link #getSystemService(String)} to retrieve a {@link
* android.os.storage.StorageManager} for accessing system storage
* functions.
*
diff --git a/core/java/android/content/OWNERS b/core/java/android/content/OWNERS
index a37408b..743623f 100644
--- a/core/java/android/content/OWNERS
+++ b/core/java/android/content/OWNERS
@@ -1,11 +1,11 @@
# Remain no owner because multiple modules may touch this file.
per-file Context.java = *
per-file ContextWrapper.java = *
-per-file *Content* = file:/services/core/java/com/android/server/am/OWNERS
-per-file *Sync* = file:/services/core/java/com/android/server/am/OWNERS
+per-file *Content* = varunshah@google.com, yamasani@google.com
+per-file *Sync* = file:/apex/jobscheduler/JOB_OWNERS
per-file IntentFilter.java = file:/PACKAGE_MANAGER_OWNERS
per-file UriRelativeFilter* = file:/PACKAGE_MANAGER_OWNERS
-per-file IntentFilter.java = file:/services/core/java/com/android/server/am/OWNERS
+per-file IntentFilter.java = file:/INTENT_OWNERS
per-file Intent.java = file:/INTENT_OWNERS
per-file AutofillOptions* = file:/core/java/android/service/autofill/OWNERS
per-file ContentCaptureOptions* = file:/core/java/android/service/contentcapture/OWNERS
diff --git a/core/java/android/net/vcn/VcnFrameworkInitializer.java b/core/java/android/net/vcn/VcnFrameworkInitializer.java
new file mode 100644
index 0000000..8cb213b
--- /dev/null
+++ b/core/java/android/net/vcn/VcnFrameworkInitializer.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.vcn;
+
+import android.annotation.Nullable;
+import android.app.SystemServiceRegistry;
+import android.compat.Compatibility;
+import android.compat.annotation.ChangeId;
+import android.compat.annotation.EnabledSince;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.os.Build;
+import android.os.SystemProperties;
+
+/**
+ * Class for performing registration for VCN service.
+ *
+ * @hide
+ */
+// TODO: Expose it as @SystemApi(client = MODULE_LIBRARIES)
+public final class VcnFrameworkInitializer {
+ /**
+ * Starting with {@link VANILLA_ICE_CREAM}, Telephony feature flags (e.g. {@link
+ * PackageManager#FEATURE_TELEPHONY_SUBSCRIPTION}) are being checked before returning managers
+ * that depend on them. If the feature is missing, {@link Context#getSystemService} will return
+ * null.
+ *
+ * <p>This change is specific to VcnManager.
+ */
+ @ChangeId
+ @EnabledSince(targetSdkVersion = Build.VERSION_CODES.VANILLA_ICE_CREAM)
+ private static final long ENABLE_CHECKING_TELEPHONY_FEATURES_FOR_VCN = 330902016;
+
+ /**
+ * The corresponding vendor API for Android V
+ *
+ * <p>Starting with Android V, the vendor API format has switched to YYYYMM.
+ *
+ * @see <a href="https://preview.source.android.com/docs/core/architecture/api-flags">Vendor API
+ * level</a>
+ */
+ private static final int VENDOR_API_FOR_ANDROID_V = 202404;
+
+ private VcnFrameworkInitializer() {}
+
+ // Suppressing AndroidFrameworkCompatChange because we're querying vendor
+ // partition SDK level, not application's target SDK version (which BTW we
+ // also check through Compatibility framework a few lines below).
+ @Nullable
+ private static String getVcnFeatureDependency() {
+ // Check SDK version of the client app. Apps targeting pre-V SDK might
+ // have not checked for existence of these features.
+ if (!Compatibility.isChangeEnabled(ENABLE_CHECKING_TELEPHONY_FEATURES_FOR_VCN)) {
+ return null;
+ }
+
+ // Check SDK version of the vendor partition. Pre-V devices might have
+ // incorrectly under-declared telephony features.
+ final int vendorApiLevel =
+ SystemProperties.getInt(
+ "ro.vendor.api_level", Build.VERSION.DEVICE_INITIAL_SDK_INT);
+ if (vendorApiLevel < VENDOR_API_FOR_ANDROID_V) {
+ return PackageManager.FEATURE_TELEPHONY;
+ } else {
+ return PackageManager.FEATURE_TELEPHONY_SUBSCRIPTION;
+ }
+ }
+
+ /**
+ * Register VCN service to {@link Context}, so that {@link Context#getSystemService} can return
+ * a VcnManager.
+ *
+ * @throws IllegalStateException if this is called anywhere besides {@link
+ * SystemServiceRegistry}.
+ */
+ public static void registerServiceWrappers() {
+ SystemServiceRegistry.registerContextAwareService(
+ VcnManager.VCN_MANAGEMENT_SERVICE_STRING,
+ VcnManager.class,
+ (context, serviceBinder) -> {
+ final String telephonyFeatureToCheck = getVcnFeatureDependency();
+ if (telephonyFeatureToCheck != null
+ && !context.getPackageManager()
+ .hasSystemFeature(telephonyFeatureToCheck)) {
+ return null;
+ }
+ IVcnManagementService service =
+ IVcnManagementService.Stub.asInterface(serviceBinder);
+ return new VcnManager(context, service);
+ });
+ }
+}
diff --git a/core/java/android/net/vcn/flags.aconfig b/core/java/android/net/vcn/flags.aconfig
index efddd1f..5b30624 100644
--- a/core/java/android/net/vcn/flags.aconfig
+++ b/core/java/android/net/vcn/flags.aconfig
@@ -14,11 +14,4 @@
namespace: "vcn"
description: "Feature flag for adjustable safe mode timeout"
bug: "317406085"
-}
-
-flag{
- name: "network_metric_monitor"
- namespace: "vcn"
- description: "Feature flag for enabling network metric monitor"
- bug: "282996138"
}
\ No newline at end of file
diff --git a/core/java/android/os/OWNERS b/core/java/android/os/OWNERS
index a1b75034..590ddb4 100644
--- a/core/java/android/os/OWNERS
+++ b/core/java/android/os/OWNERS
@@ -122,3 +122,6 @@
per-file StatsBootstrapAtomValue.aidl = file:/services/core/java/com/android/server/stats/OWNERS
per-file StatsBootstrapAtomService.java = file:/services/core/java/com/android/server/stats/OWNERS
per-file StatsServiceManager.java = file:/services/core/java/com/android/server/stats/OWNERS
+
+# Dropbox
+per-file DropBoxManager* = mwachens@google.com
diff --git a/core/java/android/security/flags.aconfig b/core/java/android/security/flags.aconfig
index aedf8e0..1d35344 100644
--- a/core/java/android/security/flags.aconfig
+++ b/core/java/android/security/flags.aconfig
@@ -113,3 +113,10 @@
description: "AFL feature"
bug: "365994454"
}
+
+flag {
+ name: "keystore_grant_api"
+ namespace: "hardware_backed_security"
+ description: "Feature flag for exposing KeyStore grant APIs"
+ bug: "351158708"
+}
diff --git a/core/proto/android/app/OWNERS b/core/proto/android/app/OWNERS
index a137ea9..519bf9a 100644
--- a/core/proto/android/app/OWNERS
+++ b/core/proto/android/app/OWNERS
@@ -1,3 +1,3 @@
-per-file appstartinfo.proto = file:/services/core/java/com/android/server/am/OWNERS
+per-file appstartinfo.proto = file:/PERFORMANCE_OWNERS
per-file location_time_zone_manager.proto = file:platform/frameworks/base:/services/core/java/com/android/server/timezonedetector/OWNERS
per-file time_zone_detector.proto = file:platform/frameworks/base:/services/core/java/com/android/server/timezonedetector/OWNERS
diff --git a/core/res/OWNERS b/core/res/OWNERS
index d109cee..faed4d8 100644
--- a/core/res/OWNERS
+++ b/core/res/OWNERS
@@ -53,7 +53,7 @@
per-file res/values/dimens_car.xml = file:/platform/packages/services/Car:/OWNERS
# Device Idle
-per-file res/values/config_device_idle.xml = file:/apex/jobscheduler/OWNERS
+per-file res/values/config_device_idle.xml = file:/apex/jobscheduler/DEVICE_IDLE_OWNERS
# Display Manager
per-file res/values/config_display.xml = file:/services/core/java/com/android/server/display/OWNERS
diff --git a/keystore/java/android/security/OWNERS b/keystore/java/android/security/OWNERS
index ed30587..32759b2 100644
--- a/keystore/java/android/security/OWNERS
+++ b/keystore/java/android/security/OWNERS
@@ -1 +1,2 @@
per-file *.java,*.aidl = eranm@google.com,pgrafov@google.com,rubinxu@google.com
+per-file KeyStoreManager.java = mpgroover@google.com
diff --git a/keystore/java/android/security/keystore/KeyStoreManager.java b/keystore/java/android/security/keystore/KeyStoreManager.java
new file mode 100644
index 0000000..197aaba
--- /dev/null
+++ b/keystore/java/android/security/keystore/KeyStoreManager.java
@@ -0,0 +1,327 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.keystore;
+
+import android.annotation.FlaggedApi;
+import android.annotation.NonNull;
+import android.annotation.SystemService;
+import android.content.Context;
+import android.security.KeyStore2;
+import android.security.KeyStoreException;
+import android.security.keystore2.AndroidKeyStoreProvider;
+import android.security.keystore2.AndroidKeyStorePublicKey;
+import android.system.keystore2.Domain;
+import android.system.keystore2.KeyDescriptor;
+import android.system.keystore2.KeyPermission;
+import android.util.Log;
+
+import com.android.internal.annotations.GuardedBy;
+
+import java.io.ByteArrayInputStream;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * This class provides methods for interacting with keys stored within the
+ * <a href="/privacy-and-security/keystore">Android Keystore</a>.
+ */
+@FlaggedApi(android.security.Flags.FLAG_KEYSTORE_GRANT_API)
+@SystemService(Context.KEYSTORE_SERVICE)
+public class KeyStoreManager {
+ private static final String TAG = "KeyStoreManager";
+
+ private static final Object sInstanceLock = new Object();
+ @GuardedBy("sInstanceLock")
+ private static KeyStoreManager sInstance;
+
+ private final KeyStore2 mKeyStore2;
+
+ /**
+ * Private constructor to ensure only a single instance is created.
+ */
+ private KeyStoreManager() {
+ mKeyStore2 = KeyStore2.getInstance();
+ }
+
+ /**
+ * Returns the single instance of the {@code KeyStoreManager}.
+ *
+ * @hide
+ */
+ public static KeyStoreManager getInstance() {
+ synchronized (sInstanceLock) {
+ if (sInstance == null) {
+ sInstance = new KeyStoreManager();
+ }
+ return sInstance;
+ }
+ }
+
+ /**
+ * Grants access to the key owned by the calling app stored under the specified {@code alias}
+ * to another app on the device with the provided {@code uid}.
+ *
+ * <p>This method supports granting access to instances of both {@link javax.crypto.SecretKey}
+ * and {@link java.security.PrivateKey}. The resulting ID will persist across reboots and can be
+ * used by the grantee app for the life of the key or until access is revoked with {@link
+ * #revokeKeyAccess(String, int)}.
+ *
+ * <p>If the provided {@code alias} does not correspond to a key in the Android KeyStore, then
+ * an {@link UnrecoverableKeyException} is thrown.
+ *
+ * @param alias the alias of the key to be granted to another app
+ * @param uid the uid of the app to which the key should be granted
+ * @return the ID of the granted key; this can be shared with the specified app, and that
+ * app can use {@link #getGrantedKeyFromId(long)} to access the key
+ * @throws UnrecoverableKeyException if the specified key cannot be recovered
+ * @throws KeyStoreException if an error is encountered when attempting to grant access to
+ * the key
+ * @see #getGrantedKeyFromId(long)
+ */
+ public long grantKeyAccess(@NonNull String alias, int uid)
+ throws KeyStoreException, UnrecoverableKeyException {
+ KeyDescriptor keyDescriptor = createKeyDescriptorFromAlias(alias);
+ final int grantAccessVector = KeyPermission.USE | KeyPermission.GET_INFO;
+ // When a key is in the GRANT domain, the nspace field of the KeyDescriptor contains its ID.
+ KeyDescriptor result = null;
+ try {
+ result = mKeyStore2.grant(keyDescriptor, uid, grantAccessVector);
+ } catch (KeyStoreException e) {
+ // If the provided alias does not correspond to a valid key in the KeyStore, then throw
+ // an UnrecoverableKeyException to remain consistent with other APIs in this class.
+ if (e.getNumericErrorCode() == KeyStoreException.ERROR_KEY_DOES_NOT_EXIST) {
+ throw new UnrecoverableKeyException("No key found by the given alias");
+ }
+ throw e;
+ }
+ if (result == null) {
+ Log.e(TAG, "Received a null KeyDescriptor from grant");
+ throw new KeyStoreException(KeyStoreException.ERROR_INTERNAL_SYSTEM_ERROR,
+ "No ID was returned for the grant request for alias " + alias + " to uid "
+ + uid);
+ } else if (result.domain != Domain.GRANT) {
+ Log.e(TAG, "Received a result outside the grant domain: " + result.domain);
+ throw new KeyStoreException(KeyStoreException.ERROR_INTERNAL_SYSTEM_ERROR,
+ "Unable to obtain a grant ID for alias " + alias + " to uid " + uid);
+ }
+ return result.nspace;
+ }
+
+ /**
+ * Revokes access to the key in the app's namespace stored under the specified {@code
+ * alias} that was previously granted to another app on the device with the provided
+ * {@code uid}.
+ *
+ * <p>If the provided {@code alias} does not correspond to a key in the Android KeyStore, then
+ * an {@link UnrecoverableKeyException} is thrown.
+ *
+ * @param alias the alias of the key to be revoked from another app
+ * @param uid the uid of the app from which the key access should be revoked
+ * @throws UnrecoverableKeyException if the specified key cannot be recovered
+ * @throws KeyStoreException if an error is encountered when attempting to revoke access
+ * to the key
+ */
+ public void revokeKeyAccess(@NonNull String alias, int uid)
+ throws KeyStoreException, UnrecoverableKeyException {
+ KeyDescriptor keyDescriptor = createKeyDescriptorFromAlias(alias);
+ try {
+ mKeyStore2.ungrant(keyDescriptor, uid);
+ } catch (KeyStoreException e) {
+ // If the provided alias does not correspond to a valid key in the KeyStore, then throw
+ // an UnrecoverableKeyException to remain consistent with other APIs in this class.
+ if (e.getNumericErrorCode() == KeyStoreException.ERROR_KEY_DOES_NOT_EXIST) {
+ throw new UnrecoverableKeyException("No key found by the given alias");
+ }
+ throw e;
+ }
+ }
+
+ /**
+ * Returns the key with the specified {@code id} that was previously shared with the
+ * app.
+ *
+ * <p>This method can return instances of both {@link javax.crypto.SecretKey} and {@link
+ * java.security.PrivateKey}. If a key with the provide {@code id} has not been granted to the
+ * caller, then an {@link UnrecoverableKeyException} is thrown.
+ *
+ * @param id the ID of the key that was shared with the app
+ * @return the {@link Key} that was shared with the app
+ * @throws UnrecoverableKeyException if the specified key cannot be recovered
+ * @throws KeyPermanentlyInvalidatedException if the specified key was authorized to only
+ * be used if the user has been authenticated and a
+ * change has been made to the users
+ * lockscreen or biometric enrollment that
+ * permanently invalidates the key
+ * @see #grantKeyAccess(String, int)
+ */
+ public @NonNull Key getGrantedKeyFromId(long id)
+ throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
+ Key result = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore(mKeyStore2, null,
+ id, Domain.GRANT);
+ if (result == null) {
+ throw new UnrecoverableKeyException("No key found by the given alias");
+ }
+ return result;
+ }
+
+ /**
+ * Returns a {@link KeyPair} containing the public and private key associated with
+ * the key that was previously shared with the app under the provided {@code id}.
+ *
+ * <p>If a {@link java.security.PrivateKey} has not been granted to the caller with the
+ * specified {@code id}, then an {@link UnrecoverableKeyException} is thrown.
+ *
+ * @param id the ID of the private key that was shared with the app
+ * @return a KeyPair containing the public and private key shared with the app
+ * @throws UnrecoverableKeyException if the specified key cannot be recovered
+ * @throws KeyPermanentlyInvalidatedException if the specified key was authorized to only
+ * be used if the user has been authenticated and a
+ * change has been made to the users
+ * lockscreen or biometric enrollment that
+ * permanently invalidates the key
+ */
+ public @NonNull KeyPair getGrantedKeyPairFromId(long id)
+ throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
+ KeyDescriptor keyDescriptor = createKeyDescriptorFromId(id, Domain.GRANT);
+ return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(mKeyStore2,
+ keyDescriptor);
+ }
+
+ /**
+ * Returns a {@link List} of {@link X509Certificate} instances representing the certificate
+ * chain for the key that was previously shared with the app under the provided {@code id}.
+ *
+ * <p>If a {@link java.security.PrivateKey} has not been granted to the caller with the
+ * specified {@code id}, then an {@link UnrecoverableKeyException} is thrown.
+ *
+ * @param id the ID of the asymmetric key that was shared with the app
+ * @return a List of X509Certificates with the certificate at index 0 corresponding to
+ * the private key shared with the app
+ * @throws UnrecoverableKeyException if the specified key cannot be recovered
+ * @throws KeyPermanentlyInvalidatedException if the specified key was authorized to only
+ * be used if the user has been authenticated and a
+ * change has been made to the users
+ * lockscreen or biometric enrollment that
+ * permanently invalidates the key
+ * @see #grantKeyAccess(String, int)
+ */
+ // Java APIs should prefer mutable collection return types with the exception being
+ // Collection.empty return types.
+ @SuppressWarnings("MixedMutabilityReturnType")
+ public @NonNull List<X509Certificate> getGrantedCertificateChainFromId(long id)
+ throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
+ KeyDescriptor keyDescriptor = createKeyDescriptorFromId(id, Domain.GRANT);
+ KeyPair keyPair = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(mKeyStore2,
+ keyDescriptor);
+ PublicKey keyStoreKey = keyPair.getPublic();
+ if (keyStoreKey instanceof AndroidKeyStorePublicKey) {
+ AndroidKeyStorePublicKey androidKeyStorePublicKey =
+ (AndroidKeyStorePublicKey) keyStoreKey;
+ byte[] certBytes = androidKeyStorePublicKey.getCertificate();
+ X509Certificate cert = getCertificate(certBytes);
+ // If the leaf certificate is null, then a chain should not exist either
+ if (cert == null) {
+ return Collections.emptyList();
+ }
+ List<X509Certificate> result = new ArrayList<>();
+ result.add(cert);
+ byte[] certificateChain = androidKeyStorePublicKey.getCertificateChain();
+ Collection<X509Certificate> certificates = getCertificates(certificateChain);
+ result.addAll(certificates);
+ return result;
+ } else {
+ Log.e(TAG, "keyStoreKey is not of the expected type: " + keyStoreKey);
+ }
+ return Collections.emptyList();
+ }
+
+ /**
+ * Returns an {@link X509Certificate} instance from the provided {@code certificate} byte
+ * encoding of the certificate, or null if the provided encoding is null.
+ */
+ private static X509Certificate getCertificate(byte[] certificate) {
+ X509Certificate result = null;
+ if (certificate != null) {
+ try {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ result = (X509Certificate) certificateFactory.generateCertificate(
+ new ByteArrayInputStream(certificate));
+ } catch (Exception e) {
+ Log.e(TAG, "Caught an exception parsing the certificate: ", e);
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Returns a {@link Collection} of {@link X509Certificate} instances from the provided
+ * {@code certificateChain} byte encoding of the certificates, or null if the provided
+ * encoding is null.
+ */
+ private static Collection<X509Certificate> getCertificates(byte[] certificateChain) {
+ if (certificateChain != null) {
+ try {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ Collection<X509Certificate> certificates =
+ (Collection<X509Certificate>) certificateFactory.generateCertificates(
+ new ByteArrayInputStream(certificateChain));
+ if (certificates == null) {
+ Log.e(TAG, "Received null certificates from a non-null certificateChain");
+ return Collections.emptyList();
+ }
+ return certificates;
+ } catch (Exception e) {
+ Log.e(TAG, "Caught an exception parsing the certs: ", e);
+ }
+ }
+ return Collections.emptyList();
+ }
+
+ /**
+ * Returns a new {@link KeyDescriptor} instance in the app domain / namespace with the {@code
+ * alias} set to the provided value.
+ */
+ private static KeyDescriptor createKeyDescriptorFromAlias(String alias) {
+ KeyDescriptor keyDescriptor = new KeyDescriptor();
+ keyDescriptor.domain = Domain.APP;
+ keyDescriptor.nspace = KeyProperties.NAMESPACE_APPLICATION;
+ keyDescriptor.alias = alias;
+ keyDescriptor.blob = null;
+ return keyDescriptor;
+ }
+
+ /**
+ * Returns a new {@link KeyDescriptor} instance in the provided {@code domain} with the nspace
+ * field set to the provided {@code id}.
+ */
+ private static KeyDescriptor createKeyDescriptorFromId(long id, int domain) {
+ KeyDescriptor keyDescriptor = new KeyDescriptor();
+ keyDescriptor.domain = domain;
+ keyDescriptor.nspace = id;
+ keyDescriptor.alias = null;
+ keyDescriptor.blob = null;
+ return keyDescriptor;
+ }
+}
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index 99100de..dcc8844 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -17,6 +17,7 @@
package android.security.keystore2;
import android.annotation.NonNull;
+import android.annotation.Nullable;
import android.security.KeyStore2;
import android.security.KeyStoreSecurityLevel;
import android.security.keymaster.KeymasterDefs;
@@ -335,11 +336,11 @@
}
/**
- * Loads an an AndroidKeyStoreKey from the AndroidKeyStore backend.
+ * Loads an AndroidKeyStoreKey from the AndroidKeyStore backend.
*
* @param keyStore The keystore2 backend.
* @param alias The alias of the key in the Keystore database.
- * @param namespace The a Keystore namespace. This is used by system api only to request
+ * @param namespace The Keystore namespace. This is used by system api only to request
* Android system specific keystore namespace, which can be configured
* in the device's SEPolicy. Third party apps and most system components
* set this parameter to -1 to indicate their application specific namespace.
@@ -351,14 +352,40 @@
public static AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore(
@NonNull KeyStore2 keyStore, @NonNull String alias, int namespace)
throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
- KeyDescriptor descriptor = new KeyDescriptor();
+ int descriptorNamespace;
+ int descriptorDomain;
if (namespace == KeyProperties.NAMESPACE_APPLICATION) {
- descriptor.nspace = KeyProperties.NAMESPACE_APPLICATION; // ignored;
- descriptor.domain = Domain.APP;
+ descriptorNamespace = KeyProperties.NAMESPACE_APPLICATION; // ignored;
+ descriptorDomain = Domain.APP;
} else {
- descriptor.nspace = namespace;
- descriptor.domain = Domain.SELINUX;
+ descriptorNamespace = namespace;
+ descriptorDomain = Domain.SELINUX;
}
+ return loadAndroidKeyStoreKeyFromKeystore(keyStore, alias, descriptorNamespace,
+ descriptorDomain);
+ }
+
+ /**
+ * Loads an AndroidKeyStoreKey from the AndroidKeyStore backend.
+ *
+ * @param keyStore The keystore2 backend
+ * @param alias The alias of the key in the Keystore database
+ * @param namespace The Keystore namespace. This is used by system api only to request
+ * Android system specific keystore namespace, which can be configured
+ * in the device's SEPolicy. Third party apps and most system components
+ * set this parameter to -1 to indicate their application specific namespace.
+ * See <a href="https://source.android.com/security/keystore#access-control">
+ * Keystore 2.0 access control</a>
+ * @param domain The Keystore domain
+ * @return an AndroidKeyStoreKey corresponding to the provided values for the KeyDescriptor
+ * @hide
+ */
+ public static AndroidKeyStoreKey loadAndroidKeyStoreKeyFromKeystore(@NonNull KeyStore2 keyStore,
+ @Nullable String alias, long namespace, int domain)
+ throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
+ KeyDescriptor descriptor = new KeyDescriptor();
+ descriptor.nspace = namespace;
+ descriptor.domain = domain;
descriptor.alias = alias;
descriptor.blob = null;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
index 0b3be32..bcf619b 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
@@ -44,6 +44,22 @@
mEncoded = x509EncodedForm;
}
+ /**
+ * Returns the byte array encoding of the certificate corresponding to this public key.
+ * @hide
+ */
+ public byte[] getCertificate() {
+ return mCertificate;
+ }
+
+ /**
+ * Returns the byte array encoding of the certificate chain for this public key.
+ * @hide
+ */
+ public byte[] getCertificateChain() {
+ return mCertificateChain;
+ }
+
abstract AndroidKeyStorePrivateKey getPrivateKey();
@Override
diff --git a/libs/androidfw/CursorWindow.cpp b/libs/androidfw/CursorWindow.cpp
index cbb1e8f..5e645cc 100644
--- a/libs/androidfw/CursorWindow.cpp
+++ b/libs/androidfw/CursorWindow.cpp
@@ -18,11 +18,10 @@
#include <androidfw/CursorWindow.h>
-#include "android-base/logging.h"
-#include "android-base/mapped_file.h"
-#include "cutils/ashmem.h"
+#include <sys/mman.h>
-using android::base::MappedFile;
+#include "android-base/logging.h"
+#include "cutils/ashmem.h"
namespace android {
@@ -40,7 +39,7 @@
CursorWindow::~CursorWindow() {
if (mAshmemFd != -1) {
- mMappedFile.reset();
+ ::munmap(mData, mSize);
::close(mAshmemFd);
} else {
free(mData);
@@ -76,7 +75,6 @@
status_t CursorWindow::maybeInflate() {
int ashmemFd = 0;
void* newData = nullptr;
- std::unique_ptr<MappedFile> mappedFile;
// Bail early when we can't expand any further
if (mReadOnly || mSize == mInflatedSize) {
@@ -97,12 +95,11 @@
goto fail_silent;
}
- mappedFile = MappedFile::FromFd(ashmemFd, 0, mInflatedSize, PROT_READ | PROT_WRITE);
- if (mappedFile == nullptr) {
+ newData = ::mmap(nullptr, mInflatedSize, PROT_READ | PROT_WRITE, MAP_SHARED, ashmemFd, 0);
+ if (newData == MAP_FAILED) {
PLOG(ERROR) << "Failed mmap";
goto fail_silent;
}
- newData = mappedFile->data();
if (ashmem_set_prot_region(ashmemFd, PROT_READ) < 0) {
PLOG(ERROR) << "Failed ashmem_set_prot_region";
@@ -123,7 +120,6 @@
mData = newData;
mSize = mInflatedSize;
mSlotsOffset = newSlotsOffset;
- mMappedFile = std::move(mappedFile);
updateSlotsData();
}
@@ -134,7 +130,7 @@
fail:
LOG(ERROR) << "Failed maybeInflate";
fail_silent:
- mappedFile.reset();
+ ::munmap(newData, mInflatedSize);
::close(ashmemFd);
return UNKNOWN_ERROR;
}
@@ -171,12 +167,11 @@
goto fail_silent;
}
- window->mMappedFile = MappedFile::FromFd(window->mAshmemFd, 0, window->mSize, PROT_READ);
- if (window->mMappedFile == nullptr) {
+ window->mData = ::mmap(nullptr, window->mSize, PROT_READ, MAP_SHARED, window->mAshmemFd, 0);
+ if (window->mData == MAP_FAILED) {
PLOG(ERROR) << "Failed mmap";
goto fail_silent;
}
- window->mData = window->mMappedFile->data();
} else {
window->mAshmemFd = -1;
diff --git a/libs/androidfw/include/androidfw/CursorWindow.h b/libs/androidfw/include/androidfw/CursorWindow.h
index c2eac12..9ec026a 100644
--- a/libs/androidfw/include/androidfw/CursorWindow.h
+++ b/libs/androidfw/include/androidfw/CursorWindow.h
@@ -26,8 +26,6 @@
#include "binder/Parcel.h"
#include "utils/String8.h"
-#include "android-base/mapped_file.h"
-
#define LOG_WINDOW(...)
namespace android {
@@ -151,8 +149,6 @@
String8 mName;
int mAshmemFd = -1;
void* mData = nullptr;
- std::unique_ptr<android::base::MappedFile> mMappedFile;
-
/**
* Pointer to the first FieldSlot, used to optimize the extremely
* hot code path of getFieldSlot().
diff --git a/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java b/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java
index daaafcb..c38ad60 100644
--- a/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java
+++ b/services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java
@@ -115,7 +115,7 @@
}
@LockoutTracker.LockoutMode
- public int handleFailedAttempt(int userId) {
+ private int handleFailedAttempt(int userId) {
if (mLockoutTracker != null) {
mLockoutTracker.addFailedAttemptForUser(getTargetUserId());
}
diff --git a/services/core/java/com/android/server/content/OWNERS b/services/core/java/com/android/server/content/OWNERS
index b6a9fe86..5642382 100644
--- a/services/core/java/com/android/server/content/OWNERS
+++ b/services/core/java/com/android/server/content/OWNERS
@@ -1 +1,3 @@
-include /services/core/java/com/android/server/am/OWNERS
\ No newline at end of file
+include /services/core/java/com/android/server/am/OWNERS
+
+per-file Sync* = file:/apex/jobscheduler/JOB_OWNERS
\ No newline at end of file
diff --git a/services/core/java/com/android/server/net/OWNERS b/services/core/java/com/android/server/net/OWNERS
index bbc7c01..4596a44 100644
--- a/services/core/java/com/android/server/net/OWNERS
+++ b/services/core/java/com/android/server/net/OWNERS
@@ -2,7 +2,5 @@
file:platform/packages/modules/Connectivity:main:/OWNERS_core_networking
per-file NetworkPolicyManagerService.java=jackyu@google.com, sarahchin@google.com
-jsharkey@android.com
sudheersai@google.com
-yamasani@google.com
suprabh@google.com
diff --git a/services/core/java/com/android/server/security/advancedprotection/OWNERS b/services/core/java/com/android/server/security/advancedprotection/OWNERS
new file mode 100644
index 0000000..9bf5e58
--- /dev/null
+++ b/services/core/java/com/android/server/security/advancedprotection/OWNERS
@@ -0,0 +1 @@
+file:platform/frameworks/base:main:/core/java/android/security/advancedprotection/OWNERS
diff --git a/services/core/java/com/android/server/vcn/VcnContext.java b/services/core/java/com/android/server/vcn/VcnContext.java
index 6a4c9c2..a492a72 100644
--- a/services/core/java/com/android/server/vcn/VcnContext.java
+++ b/services/core/java/com/android/server/vcn/VcnContext.java
@@ -70,10 +70,6 @@
return mIsInTestMode;
}
- public boolean isFlagNetworkMetricMonitorEnabled() {
- return mFeatureFlags.networkMetricMonitor();
- }
-
public boolean isFlagIpSecTransformStateEnabled() {
// TODO: b/328844044: Ideally this code should gate the behavior by checking the
// android.net.platform.flags.ipsec_transform_state flag but that flag is not accessible
diff --git a/services/core/java/com/android/server/vcn/VcnGatewayConnection.java b/services/core/java/com/android/server/vcn/VcnGatewayConnection.java
index b574782..a81ad22 100644
--- a/services/core/java/com/android/server/vcn/VcnGatewayConnection.java
+++ b/services/core/java/com/android/server/vcn/VcnGatewayConnection.java
@@ -1913,7 +1913,6 @@
mIpSecManager.applyTunnelModeTransform(tunnelIface, direction, transform);
if (direction == IpSecManager.DIRECTION_IN
- && mVcnContext.isFlagNetworkMetricMonitorEnabled()
&& mVcnContext.isFlagIpSecTransformStateEnabled()) {
mUnderlyingNetworkController.updateInboundTransform(mUnderlying, transform);
}
diff --git a/services/core/java/com/android/server/vcn/routeselection/NetworkMetricMonitor.java b/services/core/java/com/android/server/vcn/routeselection/NetworkMetricMonitor.java
index b9b1060..0d4c373 100644
--- a/services/core/java/com/android/server/vcn/routeselection/NetworkMetricMonitor.java
+++ b/services/core/java/com/android/server/vcn/routeselection/NetworkMetricMonitor.java
@@ -62,12 +62,6 @@
@Nullable PersistableBundleWrapper carrierConfig,
@NonNull NetworkMetricMonitorCallback callback)
throws IllegalAccessException {
- if (!vcnContext.isFlagNetworkMetricMonitorEnabled()) {
- // Caller error
- logWtf("networkMetricMonitor flag disabled");
- throw new IllegalAccessException("networkMetricMonitor flag disabled");
- }
-
mVcnContext = Objects.requireNonNull(vcnContext, "Missing vcnContext");
mNetwork = Objects.requireNonNull(network, "Missing network");
mCallback = Objects.requireNonNull(callback, "Missing callback");
diff --git a/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkController.java b/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkController.java
index 2b0ca08..ad5bc72 100644
--- a/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkController.java
+++ b/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkController.java
@@ -204,8 +204,7 @@
List<NetworkCallback> oldCellCallbacks = new ArrayList<>(mCellBringupCallbacks);
mCellBringupCallbacks.clear();
- if (mVcnContext.isFlagNetworkMetricMonitorEnabled()
- && mVcnContext.isFlagIpSecTransformStateEnabled()) {
+ if (mVcnContext.isFlagIpSecTransformStateEnabled()) {
for (UnderlyingNetworkEvaluator evaluator : mUnderlyingNetworkRecords.values()) {
evaluator.close();
}
@@ -431,8 +430,7 @@
.getAllSubIdsInGroup(mSubscriptionGroup)
.equals(newSnapshot.getAllSubIdsInGroup(mSubscriptionGroup))) {
- if (mVcnContext.isFlagNetworkMetricMonitorEnabled()
- && mVcnContext.isFlagIpSecTransformStateEnabled()) {
+ if (mVcnContext.isFlagIpSecTransformStateEnabled()) {
reevaluateNetworks();
}
return;
@@ -447,8 +445,7 @@
*/
public void updateInboundTransform(
@NonNull UnderlyingNetworkRecord currentNetwork, @NonNull IpSecTransform transform) {
- if (!mVcnContext.isFlagNetworkMetricMonitorEnabled()
- || !mVcnContext.isFlagIpSecTransformStateEnabled()) {
+ if (!mVcnContext.isFlagIpSecTransformStateEnabled()) {
logWtf("#updateInboundTransform: unexpected call; flags missing");
return;
}
@@ -575,8 +572,7 @@
@Override
public void onLost(@NonNull Network network) {
- if (mVcnContext.isFlagNetworkMetricMonitorEnabled()
- && mVcnContext.isFlagIpSecTransformStateEnabled()) {
+ if (mVcnContext.isFlagIpSecTransformStateEnabled()) {
mUnderlyingNetworkRecords.get(network).close();
}
@@ -652,8 +648,7 @@
class NetworkEvaluatorCallbackImpl implements NetworkEvaluatorCallback {
@Override
public void onEvaluationResultChanged() {
- if (!mVcnContext.isFlagNetworkMetricMonitorEnabled()
- || !mVcnContext.isFlagIpSecTransformStateEnabled()) {
+ if (!mVcnContext.isFlagIpSecTransformStateEnabled()) {
logWtf("#onEvaluationResultChanged: unexpected call; flags missing");
return;
}
diff --git a/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkEvaluator.java b/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkEvaluator.java
index c852fb4..53b0751 100644
--- a/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkEvaluator.java
+++ b/services/core/java/com/android/server/vcn/routeselection/UnderlyingNetworkEvaluator.java
@@ -193,8 +193,7 @@
}
private static boolean isIpSecPacketLossDetectorEnabled(VcnContext vcnContext) {
- return vcnContext.isFlagIpSecTransformStateEnabled()
- && vcnContext.isFlagNetworkMetricMonitorEnabled();
+ return vcnContext.isFlagIpSecTransformStateEnabled();
}
/** Get the comparator for UnderlyingNetworkEvaluator */
diff --git a/services/tests/mockingservicestests/src/com/android/server/alarm/OWNERS b/services/tests/mockingservicestests/src/com/android/server/alarm/OWNERS
index 6f207fb1..6eb986b 100644
--- a/services/tests/mockingservicestests/src/com/android/server/alarm/OWNERS
+++ b/services/tests/mockingservicestests/src/com/android/server/alarm/OWNERS
@@ -1 +1 @@
-include /apex/jobscheduler/OWNERS
+include /apex/jobscheduler/ALARM_OWNERS
diff --git a/services/tests/mockingservicestests/src/com/android/server/job/OWNERS b/services/tests/mockingservicestests/src/com/android/server/job/OWNERS
index 6f207fb1..c8345f7 100644
--- a/services/tests/mockingservicestests/src/com/android/server/job/OWNERS
+++ b/services/tests/mockingservicestests/src/com/android/server/job/OWNERS
@@ -1 +1 @@
-include /apex/jobscheduler/OWNERS
+include /apex/jobscheduler/JOB_OWNERS
diff --git a/services/tests/servicestests/src/com/android/server/OWNERS b/services/tests/servicestests/src/com/android/server/OWNERS
index d49bc43..d8a9400 100644
--- a/services/tests/servicestests/src/com/android/server/OWNERS
+++ b/services/tests/servicestests/src/com/android/server/OWNERS
@@ -1,4 +1,4 @@
-per-file *Alarm* = file:/apex/jobscheduler/OWNERS
+per-file *Alarm* = file:/apex/jobscheduler/ALARM_OWNERS
per-file *AppOp* = file:/core/java/android/permission/OWNERS
per-file *BinaryTransparency* = file:/core/java/android/transparency/OWNERS
per-file *Bluetooth* = file:platform/packages/modules/Bluetooth:master:/framework/OWNERS
diff --git a/services/usage/OWNERS b/services/usage/OWNERS
index f825f55..678c7ac 100644
--- a/services/usage/OWNERS
+++ b/services/usage/OWNERS
@@ -3,7 +3,6 @@
mwachens@google.com
varunshah@google.com
-yamasani@google.com
guanxin@google.com
per-file *StorageStats* = file:/core/java/android/os/storage/OWNERS
diff --git a/tests/JobSchedulerPerfTests/OWNERS b/tests/JobSchedulerPerfTests/OWNERS
index 6f207fb1..c8345f7 100644
--- a/tests/JobSchedulerPerfTests/OWNERS
+++ b/tests/JobSchedulerPerfTests/OWNERS
@@ -1 +1 @@
-include /apex/jobscheduler/OWNERS
+include /apex/jobscheduler/JOB_OWNERS
diff --git a/tests/JobSchedulerTestApp/OWNERS b/tests/JobSchedulerTestApp/OWNERS
index 6f207fb1..c8345f7 100644
--- a/tests/JobSchedulerTestApp/OWNERS
+++ b/tests/JobSchedulerTestApp/OWNERS
@@ -1 +1 @@
-include /apex/jobscheduler/OWNERS
+include /apex/jobscheduler/JOB_OWNERS
diff --git a/tests/vcn/java/com/android/server/vcn/VcnGatewayConnectionTestBase.java b/tests/vcn/java/com/android/server/vcn/VcnGatewayConnectionTestBase.java
index e29e462..e045f10 100644
--- a/tests/vcn/java/com/android/server/vcn/VcnGatewayConnectionTestBase.java
+++ b/tests/vcn/java/com/android/server/vcn/VcnGatewayConnectionTestBase.java
@@ -224,7 +224,6 @@
doReturn(mFeatureFlags).when(mVcnContext).getFeatureFlags();
doReturn(true).when(mVcnContext).isFlagSafeModeTimeoutConfigEnabled();
doReturn(true).when(mVcnContext).isFlagIpSecTransformStateEnabled();
- doReturn(true).when(mVcnContext).isFlagNetworkMetricMonitorEnabled();
doReturn(mUnderlyingNetworkController)
.when(mDeps)
diff --git a/tests/vcn/java/com/android/server/vcn/routeselection/NetworkEvaluationTestBase.java b/tests/vcn/java/com/android/server/vcn/routeselection/NetworkEvaluationTestBase.java
index 421e1ad..bc7ff47 100644
--- a/tests/vcn/java/com/android/server/vcn/routeselection/NetworkEvaluationTestBase.java
+++ b/tests/vcn/java/com/android/server/vcn/routeselection/NetworkEvaluationTestBase.java
@@ -127,7 +127,6 @@
false /* isInTestMode */));
doNothing().when(mVcnContext).ensureRunningOnLooperThread();
- doReturn(true).when(mVcnContext).isFlagNetworkMetricMonitorEnabled();
doReturn(true).when(mVcnContext).isFlagIpSecTransformStateEnabled();
setupSystemService(
diff --git a/tests/vcn/java/com/android/server/vcn/routeselection/UnderlyingNetworkControllerTest.java b/tests/vcn/java/com/android/server/vcn/routeselection/UnderlyingNetworkControllerTest.java
index 588624b..6f31d8d 100644
--- a/tests/vcn/java/com/android/server/vcn/routeselection/UnderlyingNetworkControllerTest.java
+++ b/tests/vcn/java/com/android/server/vcn/routeselection/UnderlyingNetworkControllerTest.java
@@ -226,7 +226,6 @@
private void resetVcnContext(VcnContext vcnContext) {
reset(vcnContext);
doNothing().when(vcnContext).ensureRunningOnLooperThread();
- doReturn(true).when(vcnContext).isFlagNetworkMetricMonitorEnabled();
doReturn(true).when(vcnContext).isFlagIpSecTransformStateEnabled();
}