* NotificationAccessConfirmationActivity (triggered through CompanionDeviceManager) -> Don't show the dialog, bail out early similarly to other invalid inputs.
* NotificationAccessSettings (from Special App Access) -> No changes, but use the canonical constant now.
* NotificationAccessDetails -> Disable the toggle, unless the NLS was previously approved (in which case it can still be removed).
Fixes: 260570119
Fixes: 286043036
Test: atest + manually
Change-Id: Ifc048311746c027e3683cdcf65f1079d04cf7c56
Merged-In: Ifc048311746c027e3683cdcf65f1079d04cf7c56
Note that an NLS that shouldn't be approvable (because its name is too long) but was already approved (either before the max length check was introduced, or through other means) will disappear from the list if the user revokes its access. This might be somewhat confusing, but since this is a very-edge case already it's fine.
Bug: 282932362
Test: manual
Change-Id: Iccfe7b53d643d6c9f9516f91d3cee3309b11551e
Currently selected IME can inject KeyEvent on DeviceAdminAdd screen to
activate itself as device admin and cause various DoS attacks.
This CL ensures KeyEvent on "Activate" button can only come from system
apps.
Bug: 280793427
Test: atest DeviceAdminActivationTest
Change-Id: I6470d1684d707f4b1e86f8b456be0b4e0af5f188
(cherry picked from commit 70a501d02e)
Test: install test app with long CN
Test: ServiceListingTest
Bug: 260570119
Change-Id: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
Merged-In: I3ffd02f6cf6bf282e7fc264fd070ed3add4d8571
When using EXTRA_USER_HANDLE, check for INTERACT_ACROSS_USERS_FULL permission on calling package.
Bug: 259385017
Test: 1. Build a test app that creates and starts an intent to NOTIFICATION_LISTENER_DETAIL_SETTINGS while setting the intent extra android.intent.extra.user_handle to UserHandle(secondaryUserId).
2. Create and switch to a secondary user
Settings > System > Multiple users > Allow multiple users > Add user > Switch to New user
3. Open Settings > Notifications > Device & app notifications and choose an app from the list (uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE). Enable Device & app notifications for selected app and disable all attributed permissions.
4. Switch back to the Owner user.
5. Get the userId of the secondary user: adb shell pm list users.
6. Open the test app and enter the userId for the secondary user and the component name that uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE.
8. In the settings window that open, enable all 4 sub-options.
9. Switch to the secondary user and note that the all sub-options for the app are disabled.
Change-Id: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
Merged-In: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
Settings App info page supports a "Uninstall for all users" function
when multiple users are enabled. It bypasses the restriction of
DISALLOW_APPS_CONTROL which breaks the user isolation guideline.
To fix this vulnerability, we should check the DISALLOW_APPS_CONTROL
restriction to provide the "Uninstall for all users" function.
Bug: 258653813
Test: manual & robotests
Change-Id: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
Merged-In: I5d3bbcbaac439c4f7a1e6a9ade7775ff4f2f2ec6
Over the last few years, there have been a number of
Factory Reset Protection bypass bugs in the SUW flow.
It's unlikely to defense all points from individual apps.
Therefore, we decide to block some critical pages when
user doesn't complete the SUW flow.
Test: Can't open the certain pages in the suw flow.
Bug: 258422561
Fix: 200746457
Bug: 202975040
Fix: 213091525
Fix: 213090835
Fix: 201561699
Fix: 213090827
Fix: 213090875
Change-Id: Ia18f367109df5af7da0a5acad7702898a459d32e
Merged-In: Ia18f367109df5af7da0a5acad7702898a459d32e
Bug: 244423101
Test: make RunSettingsRoboTests ROBOTEST_FILTER=BluetoothSwitchPreferenceControllerTest
Test: make RunSettingsRoboTests ROBOTEST_FILTER=BluetoothDashboardFragmentTest
Test: manual test by test apk
Change-Id: I13562d227e06627fac33239a9d21fd405a18d012
This adds mitigations to prevent system files being exfiltrated
via the settings content provider when a content URI is provided
as a chosen user image.
The mitigations are:
1) Copy the image to a new URI rather than the existing takePictureUri
prior to cropping.
2) Only allow a system handler to respond to the CROP intent.
This is a fixed version of ag/17003629, to address b/239513606.
Bug: 187702830
Test: build and check functionality
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
Change-Id: I98eea867f926c508456ec9bc654e24eeeffa0e54
This reverts commit 8950a90024.
Reason for revert: regression if multiple crop system crop handlers are present
Change-Id: Ib83dbb2f1109d26b7e85192379291bffef187e77
Merged-In: I15e15ad88b768a5b679de32c5429d921d850a3cb
Use correct user id context to query the type,
so we won't get empty result unexpectedly.
If we get the null result, then we won't set sound sucessfully.
Bug: 233580016
Bug: 221041256
Test: Manual test and set work profile sound works.
Change-Id: I7f8fb737a7c6f77a380f3f075a5c89a1970e39ad
Merged-In: I7f8fb737a7c6f77a380f3f075a5c89a1970e39ad
Use correct user id context to query the type,
so we won't get empty result unexpectedly.
If we get the null result, then we won't set sound sucessfully.
Bug: 233580016
Bug: 221041256
Test: Manual test and set work profile sound works.
Change-Id: I7f8fb737a7c6f77a380f3f075a5c89a1970e39ad
Merged-In: I7f8fb737a7c6f77a380f3f075a5c89a1970e39ad
Ringtone picker may callback a null ringtone Uri
if users select None.
This change pass null ringtone Uri to RingtoneManager
and return.
Bug: 232502532
Bug: 221041256
Test: maunal
Settings - Sound & Vibration -> Phone ringtone
-> My Sounds -> None
Change-Id: I044b680871472a3c272f6264c4ef272df542112e
Merged-In: I044b680871472a3c272f6264c4ef272df542112e
Ringtone picker may callback a null ringtone Uri
if users select None.
This change pass null ringtone Uri to RingtoneManager
and return.
Bug: 232502532
Bug: 221041256
Test: maunal
Settings - Sound & Vibration -> Phone ringtone
-> My Sounds -> None
Change-Id: I044b680871472a3c272f6264c4ef272df542112e
Merged-In: I044b680871472a3c272f6264c4ef272df542112e
Make DISALLOW_CONFIG_LOCATION effectively disallow wifi scanning and
bluetooth scanning settings for location services.
screenshots: https://screenshot.googleplex.com/AqvEW2kTrQT2Ufp
Bug: 228315522
Bug: 228315529
Test: manually on sunfish flashed with rvc.
Change-Id: I6ef64a34764e52de7b461e87ea0af40a6d050587
