Merge cherrypicks of [7077329, 7077440, 7077330, 7077468, 7076852, 7077469, 7077580, 7077581, 7077582, 7074025, 7077706, 7077707, 7077708, 7077388, 7077583, 7077584, 7077585, 7077726, 7077727, 7077331, 7077332, 7077459, 7077709, 7077710, 7077711, 7077712, 7077460, 7077461, 7077333, 7077334, 7077696] into pi-qpr3-release
Change-Id: I7388064ae931f71c9df3bf2f5300417a85270cfb
diff --git a/cmds/statsd/src/atoms.proto b/cmds/statsd/src/atoms.proto
index 18aa0d06d..30995d2 100644
--- a/cmds/statsd/src/atoms.proto
+++ b/cmds/statsd/src/atoms.proto
@@ -122,6 +122,8 @@
WTFOccurred wtf_occurred = 80;
LowMemReported low_mem_reported = 81;
ThermalThrottlingStateChanged thermal_throttling = 86;
+ // 86 - 165 are not available
+ BluetoothClassicPairingEventReported bluetooth_classic_pairing_event_reported = 166;
}
// Pulled events will start at field 10000.
@@ -1027,6 +1029,42 @@
}
/**
+ * Logs there is an event related Bluetooth classic pairing
+ *
+ * Logged from:
+ * system/bt
+ */
+message BluetoothClassicPairingEventReported {
+ // An identifier that can be used to match events for this device.
+ // Currently, this is a salted hash of the MAC address of this Bluetooth device.
+ // Salt: Randomly generated 256 bit value
+ // Hash algorithm: HMAC-SHA256
+ // Size: 32 byte
+ // Default: null or empty if the device identifier is not known
+ // Note: string is here for backward compatibility purpose only
+ optional string obfuscated_id = 1;
+ // Connection handle of this connection if available
+ // Range: 0x0000 - 0x0EFF (12 bits)
+ // Default: 0xFFFF if the handle is unknown
+ optional int32 connection_handle = 2;
+ // HCI command associated with this event
+ // Default: CMD_UNKNOWN
+ optional int32 hci_cmd = 3;
+ // HCI event associated with this event
+ // Default: EVT_UNKNOWN
+ optional int32 hci_event = 4;
+ // HCI command status code if this is triggered by hci_cmd
+ // Default: STATUS_UNKNOWN
+ optional int32 cmd_status = 5;
+ // HCI reason code associated with this event
+ // Default: STATUS_UNKNOWN
+ optional int32 reason_code = 6;
+ // A status value related to this specific event
+ // Default: 0
+ optional int64 event_value = 7;
+}
+
+/**
* Logs when something is plugged into or removed from the USB-C connector.
*
* Logged from:
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 82363d1..1928cb7d 100644
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -2186,6 +2186,11 @@
@Override
public boolean areNotificationsEnabledForPackage(String pkg, int uid) {
checkCallerIsSystemOrSameApp(pkg);
+ if (UserHandle.getCallingUserId() != UserHandle.getUserId(uid)) {
+ getContext().enforceCallingPermission(
+ android.Manifest.permission.INTERACT_ACROSS_USERS,
+ "canNotifyAsPackage for uid " + uid);
+ }
return mRankingHelper.getImportance(pkg, uid) != IMPORTANCE_NONE;
}
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 82ad46f..3cde709b 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -18141,6 +18141,12 @@
@Override
public boolean isPackageDeviceAdminOnAnyUser(String packageName) {
final int callingUid = Binder.getCallingUid();
+ if (checkUidPermission(android.Manifest.permission.MANAGE_USERS, callingUid)
+ != PERMISSION_GRANTED) {
+ EventLog.writeEvent(0x534e4554, "128599183", -1, "");
+ throw new SecurityException(android.Manifest.permission.MANAGE_USERS
+ + " permission is required to call this API");
+ }
if (getInstantAppPackageName(callingUid) != null
&& !isCallerSameApp(packageName, callingUid)) {
return false;
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 11fe763..4c0646c 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3930,6 +3930,9 @@
@Override
public boolean isSeparateProfileChallengeAllowed(int userHandle) {
+ if (!isCallerWithSystemUid()) {
+ throw new SecurityException("Caller must be system");
+ }
ComponentName profileOwner = getProfileOwner(userHandle);
// Profile challenge is supported on N or newer release.
return profileOwner != null &&
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
index f02c3f0..5622622 100644
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
@@ -34,6 +34,7 @@
import static android.app.NotificationManager.Policy.SUPPRESSED_EFFECT_STATUS_BAR;
import static android.content.pm.PackageManager.FEATURE_WATCH;
import static android.content.pm.PackageManager.PERMISSION_DENIED;
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.os.Build.VERSION_CODES.O_MR1;
import static android.os.Build.VERSION_CODES.P;
@@ -106,6 +107,7 @@
import android.testing.TestableContext;
import android.testing.TestableLooper;
import android.testing.TestableLooper.RunWithLooper;
+import android.testing.TestablePermissions;
import android.text.Html;
import android.util.ArrayMap;
import android.util.AtomicFile;
@@ -3145,4 +3147,21 @@
assertEquals(0, captor.getValue().getNotification().flags);
}
+
+ @Test
+ public void testAreNotificationsEnabledForPackage_crossUser() throws Exception {
+ try {
+ mBinderService.areNotificationsEnabledForPackage(mContext.getPackageName(),
+ mUid + UserHandle.PER_USER_RANGE);
+ fail("Cannot call cross user without permission");
+ } catch (SecurityException e) {
+ // pass
+ }
+
+ // cross user, with permission, no problem
+ TestablePermissions perms = mContext.getTestablePermissions();
+ perms.setPermission(android.Manifest.permission.INTERACT_ACROSS_USERS, PERMISSION_GRANTED);
+ mBinderService.areNotificationsEnabledForPackage(mContext.getPackageName(),
+ mUid + UserHandle.PER_USER_RANGE);
+ }
}