| 2938f11d0b1e409089828c0247a5b79f3550a35a |
|
01-Jul-2017 |
Jeff Davidson <jpd@google.com> |
Bypass consent dialogs for privileged eUICC switches.
Privileged code should only be triggering switches in response to user
action or at other trusted times. Don't require user consent so the
code can have finer-grained control over its consent UI as needed.
Change-Id: If1ce4cf4de4d1d1287d801812de4109c505c7799
Fixes: 63134740
Test: Unit test
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| a9c50823e758d35bac39cf2a7e674fcaf957fd4b |
|
17-Jun-2017 |
Jeff Davidson <jpd@google.com> |
Passthrough implementation of retainSubscriptionsForFactoryReset.
Change-Id: I000aed82e63a22d5d29667a277171e43c4aec25c
Test: TreeHugger
Fixes: 62681577
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 3cdb72eb9fb44d4aefc1add506b290a660340905 |
|
27-Jun-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Make eUICC SubInfo refreshes blocking." into oc-dr1-dev
|
| d728841b17b19ab8268a426051f51f64a6913142 |
|
10-Jun-2017 |
Jeff Davidson <jpd@google.com> |
Make eUICC SubInfo refreshes blocking.
Otherwise, after a profile download/delete completes and returns
control to the caller, the SubscriptionInfo may not be in a complete
state. For example, a newly-downloaded profile will not return true in
SubscriptionInfo#isEmbedded() until this refresh completes.
Fixes: 62547811
Test: TreeHugger / verified bug fix
Change-Id: I40ef30feb3dce94ed456abe930749e9c30da6d96
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 9af6424827eb9e023e037dd5aefd229235aceddb |
|
14-Jun-2017 |
Jeff Davidson <jpd@google.com> |
Fix double prompt when downloading profiles.
Currently, if a carrier app wants to download a profile, two consent
dialogs may be triggered:
1. One to deactivate the current SIM and activate the eSIM, as we
cannot check for calling permissions without the eSIM being active.
2. Another to prompt the user for permission if the current carrier is
different, to prevent a carrier from hijacking cellular service.
Since the dialog for 2 is stronger than 1 (an assumption we were
already leveraging), when an unprivileged app requests a download,
skip straight to the second prompt even if the eSIM isn't active. If
the user accepts the prompt, we assume it's okay to switch to the eSIM
first and move forward.
In addition, we pass the calling app package name so the prompt UI can
show details of the app requesting consent.
Fixes: 38049463
Test: TreeHugger + E2E verification
Change-Id: Iaeb33f8a88aec92f323d91586e45d4852bb7a489
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 31e69b5efbc9b9a39183acce93a4c1b2e73b3006 |
|
15-May-2017 |
Jeff Davidson <jpd@google.com> |
eUICC error code cleanup.
Fixes: 38206601
Test: TreeHugger
Change-Id: I2305e4cb360adccc26483098070cf50890fee249
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 289a4ed2be7629b52e21b0f5494a2a5c62953368 |
|
13-Jun-2017 |
Jeff Davidson <jpd@google.com> |
Merge "Refresh subscription list on erase." into oc-dr1-dev
|
| 27590b4156bff85bcd8b68536216526d2dd029c7 |
|
10-Jun-2017 |
Jeff Davidson <jpd@google.com> |
Fix NPE in EuiccController.
getActiveSubscriptionInfoList() can return null - don't crash in this
case.
Change-Id: I160561f2240f02d1136964f59a694cfe3bff18c1
Test: TreeHugger / local verification
Fixes: 62493915
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| fe80f4088f1e04dd809d44547811279f26f47b28 |
|
23-May-2017 |
Jeff Davidson <jpd@google.com> |
Refresh subscription list on erase.
If the user erases the eSIM, that will naturally clear the profile
list, so ensure we refresh it.
Bug: 38483036
Test: TreeHugger
Change-Id: Ic69869a96c724e6ecb8821bb82ad5f2d1fb8c39f
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 4f62c3ddcc69bc8217e4794c73d38945e97380ee |
|
20-May-2017 |
Jeff Davidson <jpd@google.com> |
Write eUICC provisioned bit after successful download.
Bug: 38460669
Test: Unit Test / TreeHugger
Change-Id: Id7a00283a1948879c78ccb5a5fb97410cfe9a122
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 8f32416b4c5f5657e7ccf3a1ee031598a0203fd9 |
|
14-Apr-2017 |
Jeff Davidson <jpd@google.com> |
Implement remaining core eUICC APIs.
These APIs follow the template of the APIs which have already been
implemented, in general. Switch, delete, and update nickname take a
subscription ID and map this to an ICCID before passing it to the
EuiccService implementation.
This completes the baseline implementation as designed; any additional
APIs or tweaks to the APIs will be tracked as separate bugs.
Fixes: 33075886
Test: Build/boot/unit test
Change-Id: I98ad64fb70b8989d14f3f3b6f875e693258faf5d
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| dce529f00c52bedf4377ee5f7ae1b284fe6452be |
|
09-Apr-2017 |
Jeff Davidson <jpd@google.com> |
Implement embedded subscription list APIs.
Listing embedded subscriptions is fairly simple - we just return all
subscriptions for which IS_EMBEDDED = 1. We expose these through two
new APIs which return subscriptions which are either active or
embedded; one API (for the LPA and other callers with permission)
returns all such subscriptions, and the other (for carrier apps)
returns only subscriptions accessible to the calling app.
The cache of embedded subscriptions is updated whenever the SIM state
becomes ABSENT, ERROR, or LOADED; whenever an API call happens which
impacts the list of subscriptions (like a download or a delete); or
whenever the LPA requests a refresh due to some data change.
To support this change, the update process now runs on a background
thread instead of the main thread, as IPCs can't be made from the main
thread without deadlocking, in general. (Note though that this
probably should have been done before as the update logic was still
reading from/writing to a SQLite-backed ContentProvider, and since the
phone process currently contains UI for settings).
The update process pulls all cached embedded subscriptions (omitting
non-removable ones if the update is for a removable eUICC), as well as
non-embedded subscriptions with matching IMSIs. Subscriptions are
matched with those returned by the LPA and updated; any other cached
subscription in the above list is "removed" by marking it as
IS_EMBEDDED = 0. (This is equivalent to what happens when a physical
SIM is removed).
For the nickname, we repurpose the existing DISPLAY_NAME field.
However, there are settings UIs which allow updating this field, which
means those updates will be clobbered every time the list is updated.
A follow-up CL will propagate updates to this field from Settings to
the stored nickname on the eUICC's profile so that they persist.
Bug: 35851809
Test: Unit tests; e2e tests switching back and forth between embedded
and removable eUICC.
Change-Id: Ie714c0f7fc1a9d147008a2598dfdeac865ba120c
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| fc59bf75ccaaa45fcf8b9895f219a01955b75413 |
|
10-May-2017 |
Jeff Davidson <jpd@google.com> |
Fix EuiccControllerTest's dependency on activity manager internals.
verifyIntentSent() can't directly verify a call to
PendingIntent#send() using Mockito as PendingIntent is final. The
previous solution to this mocked out the highest level part of
PendingIntent's implementation which isn't final, but this part is an
implementation detail that is subject to breakage, so depending on it
is brittle. Instead, we can stub out the call to send() manually and
capture/verify the inputs in the test.
Test: bit FrameworksTelephonyTests:com.android.internal.telephony.euicc.EuiccControllerTest
Change-Id: I79a2213a4edf12b3359ba7425006694362a57854
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 953d76b6865b1f76c6fadbbd69898fe064b6c157 |
|
07-Apr-2017 |
Jeff Davidson <jpd@google.com> |
Implement eUICC error resolution.
When an operation fails with an error that the user can resolve, we
encapsulate the operation + failure in an EuiccOperation object. The
app can run the LUI to resolve the error, at which point the LUI calls
continueOperation with the original EuiccOperation and the result of
the resolution.
The resolution intent is a PendingIntent and thus the EuiccOperation
extra is safe from tampering - it is impossible to override an extra
on a PendingIntent belonging to another app.
Bug: 33075886
Test: Unit tests and manual verification using test LPA
Change-Id: I369e643efd522773d174e5ade8ebff4b8139f6d5
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 08d3d312d13c3194d8434aeb8c92ea220f4d0e2c |
|
04-Apr-2017 |
Jeff Davidson <jpd@google.com> |
Allow carrier-privileged apps to download profiles.
If an app without the privileged permission requests a profile
download, the metadata is fetched from the LPA (which now includes
UiccAccessRules[]). If that profile whitelists the calling app, we
permit the download.
We also check the carrier privileges of the current profile and
require user consent if the current app doesn't have it, to prevent a
silent switch from one carrier to a different one. This check is not
fully implemented yet - the carrier privilege check is using the
profile instead of the metadata, since the SubscriptionManager changes
to store the current profile's metadata are not yet implemented, and
the resolution flows are not yet implemented. These will be addressed
in follow-ups.
Bug: 33075886
Test: Unit tests
Change-Id: Ia3db683932945bfc668f42ebf28a586d7a5805af
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|
| 277a5a2aae73ef0233fffc350f3829aee779899f |
|
01-Mar-2017 |
Jeff Davidson <jpd@google.com> |
Squashed merge of master-sim into master.
Includes the following commits:
==
Add stub implementation of EuiccController.
This class will provide the backing implementation for EuiccManager.
The service is only initialized if the eUICC hardware feature is
defined. This provides a simple gate to turn on/off the feature during
development.
==
Initial implementation of EuiccConnector.
EuiccConnector is a state machine responsible for finding and
connecting to, and then dispatching commands to the system
EuiccService implementation.
==
Update references to UiccAccessRule in UiccCarrierPrivilegeRules.
AccessRule is being moved to frameworks/base/telephony so that it can
be used to transfer access rules between an EuiccService
implementation and the platform.
==
Implementation of getEid() command.
Adds unit tests of command dispatch and bind lingering.
Also fixes a bug in ContextFixture that prevented bindService from
working when the Intent specified a component name but not a package
name.
==
Generalize EuiccConnector's resolution to work for activities.
Overall, resolving the active EuiccService implementation and
resolving the active Activity for a particular LUI intent action are
quite similar - both perform the same permission check on the app and
the activity/service declaration and require a priority. So we can
generalize the existing service lookup method to work for LUI
activities as well, and make this a utility method accessible to other
callers.
Also tweak the priority definition to use the more standard
android:priority instead of our own custom metadata. This reduces the
API surface and also ensures some sane behavior (like unbundled APK
updates not being able to adjust priorities without the OEM updating
the copy in /system in an OTA).
==
Euicc implementations for getting metadata and downloading.
These are fully implemented except for the following, which will be
handled as separate follow-up pieces:
-Carrier privilege checks (the privileged permission is currently a
strict requirement for the download API; this will be relaxed later
per the method spec)
-Resolution of user-resolvable errors
==
Test: TreeHugger
Change-Id: Ide3d81fdbdccff4573d58220fc2c603a7b9de5c4
/frameworks/opt/telephony/src/java/com/android/internal/telephony/euicc/EuiccController.java
|