| 7afcb3f98e7342985ba5e62bf6d3a5ac1282e545 |
|
09-Apr-2018 |
Jeff Sharkey <jsharkey@android.com> |
Protect usage data with OP_GET_USAGE_STATS.
APIs that return package usage data (such as the new StatsManager)
must ensure that callers hold both the PACKAGE_USAGE_STATS permission
and the OP_GET_USAGE_STATS app-op.
Add noteOp() method that can be called from native code.
Also add missing security checks on shell commands.
Bug: 77662908
Test: builds, boots
Change-Id: I15efd6f5dde61e807269b5132a052548ea4e800f
/frameworks/native/libs/binder/IPermissionController.cpp
|
| e752a5cc64b78f799525aa4e44e5f74e8c402465 |
|
16-Jan-2018 |
Svet Ganov <svetoslavganov@google.com> |
No sensor access to idle UIDs - native framework
Idle UIDs are ones that were in the background for long enough time.
Currently such apps can access sensor data even though they have no
user perceptible components running. This affects the user's privacy
since an app in the background can use sensor data to infer location,
activity, habits, etc.
The goal is to restrict sensor access for all apps in the ecosystem
regardless of target SDK which means the solution should be backwards
compatible. At the high level the sesnor service observes UID state
changes and applies policy like this:
Continuous sensors: for sensros in this reporting mode when the UID
goes in the background we will stop dispatching events. Once the UID
goes active we will start reporting the events. While this is an
app visible behavior change we would rather do that vs delivering
fake events.
Flush events: there is no change in behavior based on the UID state.
Hence, idle apps can request a flush and would get the completion
callback. From an app perspective flushing works at any point.
Trigger events: for sensors in this reporting mode when the UID
goes in the background we will not report any trigger events. From
an app perspective the sensor just did not pick up any events.
On-change events: for sensors in this reporting mode when the UID
goes in the background we will not report any change events. From
an app perspective the sensor just did not pick up any events.
Wake locks: since UIDs in idle state cannot acquire wakelocks we
will not be grabbing a wakelock on behalf of apps in that state.
Test: Added - SensorTest#testSanitizedContinuousEventsUidIdle
Added - SensorTest#testBatchAndFlushUidIdle
Pass - cts-tradefed run cts-dev -m CtsSensorTestCases
bug:63938985
Change-Id: I156803610ad6d86afaae641ebbb0e84f16d2344b
/frameworks/native/libs/binder/IPermissionController.cpp
|
| e2347b7953f70232541bdc1b392230d6231aaeb9 |
|
26-Apr-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix google-explicit-constructor warnings.
Bug: 28341362
Change-Id: I0ce850de85e0de6a5472dd142f738856142db9ec
/frameworks/native/libs/binder/IPermissionController.cpp
|
| b412f6e203b38f8047f760261a5e3dc6d0722f08 |
|
30-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Add body sensors app op - framework native
Change-Id: I727a2bb1e28ae9158f2df9c74dd0aee977dfd47f
/frameworks/native/libs/binder/IPermissionController.cpp
|
| f1377f506c764a8b254b60ee28e38e12ccc8135c |
|
28-Apr-2015 |
Svet Ganov <svetoslavganov@google.com> |
Respect the record audio app op - frameworks native
Change-Id: Id747767377953fd644a538aad3f603d6c50875a2
/frameworks/native/libs/binder/IPermissionController.cpp
|
| 317ff37cf79d31170fa7320f0ba5ded1ec043e4c |
|
29-May-2014 |
Mark Salyzyn <salyzyn@google.com> |
binder: rm utils/Debug.h
Change-Id: I16931919a26c16a0d701771c93fa7fe1c6f60ef8
/frameworks/native/libs/binder/IPermissionController.cpp
|
| 837a0d0fb2c3fba8082d47d04cb6120af1eb9a54 |
|
14-Jul-2010 |
Brad Fitzpatrick <bradfitz@android.com> |
Add Parcel::readExceptionCode() and Parcel::writeNoException()
Add native Parcel methods analogous to the Java versions.
Currently, these don't do much, but upcoming StrictMode work changes
the RPC calling conventions in some cases, so it's important that
everybody uses these consistently, rather than having a lot of code
trying to parse RPC responses out of Parcels themselves.
As a summary, the current convention that Java Binder services use is
to prepend the reply Parcel with an int32 signaling the exception
status:
0: no exception
-1: Security exception
-2: Bad Parcelable
-3: ...
-4: ...
-5: ...
... followed by Parceled String if the exception code is non-zero.
With an upcoming change, it'll be the case that a response Parcel can,
non-exceptionally return rich data in the header, and also return data
to the caller. The important thing to note in this new case is that
the first int32 in the reply parcel *will not be zero*, so anybody
manually checking for it with reply.readInt32() will get false
negative failures.
Short summary: If you're calling into a Java service and manually
checking the exception status with reply.readInt32(), change it to
reply.readExceptionCode().
Change-Id: I23f9a0e53a8cfbbd9759242cfde16723641afe04
/frameworks/native/libs/binder/IPermissionController.cpp
|
| 83c0446f27b9542d6c2e724817b2b2d8d1f55085 |
|
23-May-2009 |
Mathias Agopian <mathias@google.com> |
some work to try to reduce the code size of some native libraries
- make sure that all binder Bn classes define a ctor and dtor in their respective library.
This avoids duplication of the ctor/dtor in libraries where these objects are instantiated.
This is also cleaner, should we want these ctor/dtor to do something one day.
- same change as above for some Bp classes and various other non-binder classes
- moved the definition of CHECK_INTERFACE() in IInterface.h instead of having it everywhere.
- improved the CHECK_INTERFACE() macro so it calls a single method in Parcel, instead of inlining its code everywhere
- IBinder::getInterfaceDescriptor() now returns a "const String16&" instead of String16, which saves calls to String16 and ~String16
- implemented a cache for BpBinder::getInterfaceDescriptor(), since this does an IPC. HOWEVER, this method never seems to be called.
The cache makes BpBinder bigger, so we need to figure out if we need this method at all.
/frameworks/native/libs/binder/IPermissionController.cpp
|
| c5b2c0bf8007562536b822eb060fc54a01f8e08b |
|
20-May-2009 |
Mathias Agopian <mathias@google.com> |
move libbinder's header files under includes/binder
/frameworks/native/libs/binder/IPermissionController.cpp
|
| 208059f67ed2dd9fa025e07fcb6954d3cb61c79e |
|
19-May-2009 |
Mathias Agopian <mathias@google.com> |
checkpoint: split libutils into libutils + libbinder
/frameworks/native/libs/binder/IPermissionController.cpp
|