frameworks-base

Fork

Work around foreground app not updating issue

The foreground app not updating anymore after the second sleep/wake
sequence. I managed to work around it using this patch.

Fixes NPE when preparing app data during init

When deleting an unused static shared library on Q, the user manager was
fetched via mContext.getSystemService. At this time during boot, the
service wasn't registered and so null was returned. This has already
been addressed in R with a move to injecting dependencies in the
PackageManagerService constructor.

Bug: 142083996
Bug: 141413692
Test: manual; remove static dependency on eng Q build and reboot
Change-Id: I8ae4e331d09b4734c54cdc6887b273705dce88b1
Merged-In: I8ae4e331d09b4734c54cdc6887b273705dce88b1
(cherry picked from commit 5d3fc339b57950fd8621cb410865e8800ccb6873)

Handles null outInfo in deleteSystemPackageLI

This change adds null checks before accessing outInfo in
deleteSystemPackageLI.

Bug: 142083996
Bug: 141413692
Test: manual; remove static dependency on eng build and reboot
Change-Id: If0fd48343e89cbb77ccd25826656194195d5b0cd
(cherry picked from commit 17471016508bb9c9ffb8c3946dda0b4897d722f1)
Merged-In: If0fd48343e89cbb77ccd25826656194195d5b0cd
(cherry picked from commit 6afabce549f5725988b9c03de932c34e9d22f10e)

Fix security problem on PermissionMonitor#hasPermission

PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.

Bug: 144679405
Test: Build, flash, manual test
Change-Id: I5eba4909e4c2e1d9f275f66be90ac36466b93e90
Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
Merged-In: Iae9c273af822b18c2e6fce04848a86f8dea6410a
(cherry picked from commit 305946b910a9ab3974daa4277f155614a3fc27a4)

Merge cherrypicks of [10484934, 10484473, 10472987, 10481068] into qt-qpr2-release

Change-Id: I3ba00e16f09289a9368e55b59b0a527bc55bb3f3

DO NOT MERGE: Revert Move startInput for WINDOW_FOCUS_GAIN to background thread

Reason for revert:
Caused an unexpected regression Bug 144174015

Bug: 139806621
Bug: 144103599
Fix: 144174015
Test: Manually verified Bug 144174015 disappeared as follows
1. Open Gmail then start composing an email
2. Swipe up the home button to recents then re-launch Gmail
3. Do the step 2 several times.
4. Make sure that you can still type something on Gmail.
Change-Id: I9265f01ed2f6e4aca7728d278f06ceea5633dac5
(cherry picked from commit 344858dd9c5616a0de16fa0ac72e0d384e2406c4)

DO NOT MERGE: Revert: Freeup lock when IME is set inactive and unbound

Reason for revert:
Caused an unexpected regression Bug 144174015

Bug: 139806621
Bug: 144103599
Fix: 144174015
Test: Manually verified Bug 144174015 disappeared as follows
1. Open Gmail then start composing an email
2. Swipe up the home button to recents then re-launch Gmail
3. Do the step 2 several times.
4. Make sure that you can still type something on Gmail.
Change-Id: I04a77afea17f9d3eb05017fa00313fad4e48cd5c
(cherry picked from commit 9494c9dbb73b0ce237cb2f64fba90434b1b09c09)

Merge cherrypicks of [10460465, 10460521, 10460352, 10458819] into qt-qpr2-release

Change-Id: Iceb99c57cf8adeb4ffa9fa79fbc5f8246058e2cf

Allow settingIgnored for DBH request if inEmergency

Bug: 150232136

Test: on device
Change-Id: Ia987418a591d716b787d406d725338a8563a55dd
(cherry picked from commit 6d19cef854bdb382507daefae2a5956400a255d5)

Merge cherrypicks of [10297641, 10298303, 10298494, 10298514, 10297196, 10298164, 10297642, 10297643, 10296046, 10296047, 10298245, 10298246, 10297197, 10297198, 10298495, 10298496] into qt-qpr2-release

Change-Id: I1f8470eec0bf64e28290002664f6e5a6c8d733dc

Fix serialization issue of ExternalVibration

Remove excessive serialization of Audio Attributes
Bug: 140417434
Test: atest ExternalVibrationTest#testSerialization

Change-Id: Ib7ceaed875889126a53f874eec64fab4817e48d1
(cherry picked from commit b1a33a8b4fd4b1603c0465a904be29f0c4a07e64)

Revoke 'always' web handler status when not autoverifying

If an app has previously used autoVerify to make claims about its status
re handling web navigation intents, but is updated such that it no
longer makes those claims, step down its "official handler" status as
though it had never invoked autoVerify in the first place.

Bug: 146204120
Test: manual: as described in bug; observe policy before/after via
'adb shell dumpsys package d'
Test: atest CtsOsHostTestCases
Change-Id: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
Merged-In: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
(cherry picked from commit d2a71cc4b8f11688f85f33507b75d00041c14852)

Fix potential double destroy of AssetManager

Assume there is a XmlBlock [X] created by a AssetManager [A]
([A] will have mNumRefs = 2). After [A].close is called
(mNumRefs = 1) and then both [X] and [A] are going to be GCed,
if [A].finalize is called first (nativeDestroy), the later
[X].finalize will invoke [A].xmlBlockGone that triggers the
second nativeDestroy of [A] and leads to crash.

By clearing the mObject in AssetManager.finalize, the
decRefsLocked from other paths won't call nativeDestroy again.

Bug: 136721562
Bug: 144028297
Test: atest AssetManagerTest
Test: Build and install CorePerfTests
adb shell am instrument -w -r --no-hidden-api-checks -e class \
android.app.ResourcesPerfTest#getLayoutAndTravese,android.graphics.perftests.RenderNodePerfTest \
com.android.perftests.core/androidx.test.runner.AndroidJUnitRunner

Change-Id: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
Merged-In: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
(cherry picked from commit 0a8a1e9d40a3cdff06150c43c623fa4c415226b6)

Prevent sending early termination of appop use

If a package starts a particular appop both as active and noted, once
one of them is finished (usually noted after 5s), a message will be sent
to callbacks indicating the end of the use. However, the app op may
still be active. This could result in the removal of indicators
prematurely from notifications.

This change prevents that from happening by checking if the app op is
still in use by that combination uid/package (either active or noted)
and not notifying listeners if that's the case.

Test: atest AppOpsControllerTest
Test: use app from bug report. Observe that notification does not lose
the microphone indicator
Bug: 144092031
Merged-In: I180e7c257e6171e7686ba7eda9bf02249358ed0

Change-Id: I94473c3ccf1318dac29f067dade91e540e20285e
(cherry picked from commit 1a459638398446938a20b32fa0fbc63ad4bd505f)

Android 9.0.0 Release 53 (6107734)
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXji5AAAKCRDorT+BmrEO
eFFiAJ9ybleXTQZYkO6bDI+l12aHMQdl+ACbBeS8G0yTl0+dgYL+i8+kk3I+os4=
=wp0G
-----END PGP SIGNATURE-----

Merge tag 'android-9.0.0_r53' into pie-x86

Android 9.0.0 Release 53 (6107734)

Fix potential double destroy of AssetManager

Assume there is a XmlBlock [X] created by a AssetManager [A]
([A] will have mNumRefs = 2). After [A].close is called
(mNumRefs = 1) and then both [X] and [A] are going to be GCed,
if [A].finalize is called first (nativeDestroy), the later
[X].finalize will invoke [A].xmlBlockGone that triggers the
second nativeDestroy of [A] and leads to crash.

By clearing the mObject in AssetManager.finalize, the
decRefsLocked from other paths won't call nativeDestroy again.

Bug: 136721562
Bug: 144028297
Test: atest AssetManagerTest
Test: Build and install CorePerfTests
adb shell am instrument -w -r --no-hidden-api-checks -e class \
android.app.ResourcesPerfTest#getLayoutAndTravese,android.graphics.perftests.RenderNodePerfTest \
com.android.perftests.core/androidx.test.runner.AndroidJUnitRunner

Change-Id: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
Merged-In: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
(cherry picked from commit 0a8a1e9d40a3cdff06150c43c623fa4c415226b6)

Revoke 'always' web handler status when not autoverifying

If an app has previously used autoVerify to make claims about its status
re handling web navigation intents, but is updated such that it no
longer makes those claims, step down its "official handler" status as
though it had never invoked autoVerify in the first place.

Bug: 146204120
Test: manual: as described in bug; observe policy before/after via
'adb shell dumpsys package d'
Test: atest CtsOsHostTestCases
Change-Id: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
Merged-In: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
(cherry picked from commit ce22265eeda3a96613b9a7bb7dd898c69d295964)

Fix potential double destroy of AssetManager

Assume there is a XmlBlock [X] created by a AssetManager [A]
([A] will have mNumRefs = 2). After [A].close is called
(mNumRefs = 1) and then both [X] and [A] are going to be GCed,
if [A].finalize is called first (nativeDestroy), the later
[X].finalize will invoke [A].xmlBlockGone that triggers the
second nativeDestroy of [A] and leads to crash.

By clearing the mObject in AssetManager.finalize, the
decRefsLocked from other paths won't call nativeDestroy again.

Bug: 144028297
Test: atest android.security.cts.AssetManagerTest

Change-Id: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
Merged-In: Ia938502d2443f5a6de6a3cabdb7ce1d41d3ff6d1
(cherry picked from commit 93320661ca9a23c7b38b3f166d0facf048f2a8a3)

Revoke 'always' web handler status when not autoverifying

If an app has previously used autoVerify to make claims about its status
re handling web navigation intents, but is updated such that it no
longer makes those claims, step down its "official handler" status as
though it had never invoked autoVerify in the first place.

Bug: 146204120
Test: manual: as described in bug; observe policy before/after via
'adb shell dumpsys package d'
Test: atest CtsOsHostTestCases
Change-Id: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
Merged-In: I58502d1b32d793aba9aa772fa2ad5ac38acca48a
(cherry picked from commit ef5220e5b2a4b90d4260eb058475fdcdf30d861d)

RESTRICT AUTOMERGE Make toasts non-clickable

Since enforcement was only on client-side, in Toast class, an app could
use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.

This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.

Test: atest CtsWindowManagetDeviceTestCases:ToastTest
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:
1) Observe click events are logged without this CL.
2) Observer click events are not logged with this CL.
Bug: 128674520

(cherry picked from commit 6bf18c39d9fc727523fa3201567b836032bb2114)
Change-Id: Ica346c853dcb9a1e494f7143ba1c38d22c0003d0

DO NOT MERGE back porting for fixing sysui direct reply

Root cause: systemui run as user 0 service to handle all of users'
notifications. And, the users can user the copy/cut/paste
functionality.

Solution: To crate @hide API in TextView let SystemUI to mark the
TextView instance should check if the power of
INTERACT_ACROSS_USER_FULL is needed to be restricted.
e.x. Keyguard password textview/Notificaiton entries

Bug: 123232892
Test: manual test
Reference: I6d11e4d6a84570bc2991a8552349e8b216b0d139
Reference: Ibabe13e5b85e5bb91f9f8af6ec07c395c25c4393
Reference: I975baa748c821538e5a733bb98a33ac609bf40a7

Merged-In: Ie3daecd1e8fc2f7fdf37baeb5979da9f2e0b3937
(cherry picked from commit 08391b3da7e2da3b0220eb5766e0a1774d28e9a5)

[basilgello: Back-ported to 14.1:
- packages/SystemUI/src/com/android/keyguard/KeyguardPasswordView.java ->
packages/Keyguard/src/com/android/keyguard/KeyguardPasswordView.java]

Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
Change-Id: I6d11e4d6a84570bc2991a8552349e8b216b0d139

DO NOT MERGE: Disable SpellChecker in secondary user's direct reply

For secondary users, when AOSP keyboard is used to type in
direct-reply, unknown words can be added to dictionary.
It's *not* OK for SpellCheckerService of primary user to
check unknown words typed by a secondary user.
The dialog to add these words shows up in primary user instead.

TextView uses TextView#isSuggestionsEnabled() to determine if
SpellChecker is enabled. This can be disabled by setting the flag
TYPE_TEXT_FLAG_NO_SUGGESTIONS in inputType.

Note: This doesn't affect workprofile users on P or older versions since
they use same SpellCheckerService for all workprofiles.

Bug: 123232892
Test: Manually tested using the steps mentioned in the bug.
1. Flash latest P build.
2. Install AOSP keyboard (LatinIME) and set it as default.
3. Install and open EditTextVariations
4. Initiate direct reply in primary user and type non-english
words like "ggggg hhhhh".
5. Observe that they get red underline and tapping it brings "add
to dictionary" popup.
6. Create a new secondary user and switch to it.
7. Once the setup completes, initiate a direct reply and type words
similar to step 4.
8. Verify that red underlines dont appear.
9. switch back to primary user and verify direct reply still has red
underlines.

(cherry picked from commit b5c0e01aca6f19ae3e305ce6d1c1ecec6aba0532)
Change-Id: I93918eb2c12e37908e03a7951a9e2c5375bc0ecc

Android 9.0.0 release 52
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXhOwnQAKCRDorT+BmrEO
eJDAAJ48JUzJ6PhC+y89Qcivv6cGHy0bPwCgiH/dAv63yqrxQarp/ZyJFK9vvyM=
=XYG7
-----END PGP SIGNATURE-----

Merge tag 'android-9.0.0_r52' into pie-x86

Android 9.0.0 release 52

Add STATUS_BAR permission to dialer in oc-rm1

Similar to pie-dev

Change-Id: Iaab5f82ba008603ba5996ec012d38352e86c2f1b
Merged-In: If88aa90f4dcab51b6e11562cadbe003948b6c149
Fixes: 147301827

Snap for 6129081 from 7fffbe673fc3a7273075aa36bd1e1f2820729fac to qt-qpr2-release

Change-Id: I4a8b091440effb0da17287dca3b7300c8676c577

Merge "Import translations. DO NOT MERGE" into qt-qpr1-dev

Merge "Import translations. DO NOT MERGE" into qt-qpr1-dev

Merge "Import translations. DO NOT MERGE" into qt-qpr1-dev

Import translations. DO NOT MERGE

Change-Id: Ie6d5b00e740371bb1e11dbce49edddebd466b25a
Auto-generated-cl: translation import

Import translations. DO NOT MERGE

Change-Id: I2a6a13d41fb703ccee7d24a5be0fbe2d26110bf0
Auto-generated-cl: translation import