Snap for 4603989 from 833770d to oc-m2-release

Change-Id: Id2935bbe1630247131e87ed78cc70a7e3aaa0f5b
FireHound · Mar 15, 2018 · 65ff524 · 65ff524
2 parents 1e79675 + 833770d
commit 65ff524
Show file tree

Hide file tree

Showing 19 changed files with 98 additions and 170 deletions.
diff --git a/core/java/android/app/Activity.java b/core/java/android/app/Activity.java
@@ -5871,16 +5871,6 @@ public ComponentName getComponentName()
         return mComponent;
     }
 
-    /**
-     * Temporary method on O-MR1 only.
-     *
-     * @hide
-     */
-    @Override
-    public ComponentName getComponentNameForAutofill() {
-        return mComponent;
-    }
-
     /**
      * Retrieve a {@link SharedPreferences} object for accessing preferences
      * that are private to this activity.  This simply calls the underlying

diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java
@@ -268,9 +268,4 @@ public abstract int startActivitiesAsPackage(String packageName,
      * @param token The IApplicationToken for the activity
      */
     public abstract void setFocusedActivity(IBinder token);
-
-    /**
-     * Returns {@code true} if {@code uid} is running an activity from {@code packageName}.
-     */
-    public abstract boolean hasRunningActivity(int uid, @Nullable String packageName);
 }
diff --git a/core/java/android/app/assist/AssistStructure.java b/core/java/android/app/assist/AssistStructure.java
@@ -2058,16 +2058,6 @@ public ComponentName getActivityComponent() {
         return mActivityComponent;
     }
 
-    /**
-     * Called by Autofill server when app forged a different value.
-     *
-     * @hide
-     */
-    public void setActivityComponent(ComponentName componentName) {
-        ensureData();
-        mActivityComponent = componentName;
-    }
-
     /** @hide */
     public int getFlags() {
         return mFlags;

diff --git a/core/java/android/view/autofill/AutofillManager.java b/core/java/android/view/autofill/AutofillManager.java
@@ -24,7 +24,6 @@
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.SystemService;
-import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.IntentSender;
@@ -45,7 +44,6 @@
 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.logging.MetricsLogger;
 import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
-import com.android.internal.util.Preconditions;
 
 import java.io.PrintWriter;
 import java.lang.annotation.Retention;
@@ -386,20 +384,13 @@ boolean autofillCallbackRequestShowFillUi(@NonNull View anchor, int width, int h
          * Runs the specified action on the UI thread.
          */
         void runOnUiThread(Runnable action);
-
-        /**
-         * Gets the complete component name of this client.
-         *
-         * <p>Temporary method on O-MR1 only.
-         */
-        ComponentName getComponentNameForAutofill();
     }
 
     /**
      * @hide
      */
     public AutofillManager(Context context, IAutoFillManager service) {
-        mContext = Preconditions.checkNotNull(context, "context cannot be null");
+        mContext = context;
         mService = service;
     }
 
@@ -949,10 +940,6 @@ private AutofillClient getClientLocked() {
         return mContext.getAutofillClient();
     }
 
-    private ComponentName getComponentNameFromContext(AutofillClient client) {
-        return client == null ? null : client.getComponentNameForAutofill();
-    }
-
     /** @hide */
     public void onAuthenticationResult(int authenticationId, Intent data) {
         if (!hasAutofillFeature()) {
@@ -1003,18 +990,13 @@ private void startSessionLocked(@NonNull AutofillId id, @NonNull Rect bounds,
             return;
         }
         try {
-            final AutofillClient client = getClientLocked();
-            final ComponentName componentName = getComponentNameFromContext(client);
-            if (componentName == null) {
-                Log.w(TAG, "startSessionLocked(): context is not activity: " + mContext);
-                return;
-            }
             mSessionId = mService.startSession(mContext.getActivityToken(),
                     mServiceClient.asBinder(), id, bounds, value, mContext.getUserId(),
-                    mCallback != null, flags, componentName);
+                    mCallback != null, flags, mContext.getOpPackageName());
             if (mSessionId != NO_SESSION) {
                 mState = STATE_ACTIVE;
             }
+            final AutofillClient client = getClientLocked();
             if (client != null) {
                 client.autofillCallbackResetableStateAvailable();
             }
@@ -1068,19 +1050,14 @@ private void updateSessionLocked(AutofillId id, Rect bounds, AutofillValue value
 
         try {
             if (restartIfNecessary) {
-                final AutofillClient client = getClientLocked();
-                final ComponentName componentName = getComponentNameFromContext(client);
-                if (componentName == null) {
-                    Log.w(TAG, "startSessionLocked(): context is not activity: " + mContext);
-                    return;
-                }
                 final int newId = mService.updateOrRestartSession(mContext.getActivityToken(),
                         mServiceClient.asBinder(), id, bounds, value, mContext.getUserId(),
-                        mCallback != null, flags, componentName, mSessionId, action);
+                        mCallback != null, flags, mContext.getOpPackageName(), mSessionId, action);
                 if (newId != mSessionId) {
                     if (sDebug) Log.d(TAG, "Session restarted: " + mSessionId + "=>" + newId);
                     mSessionId = newId;
                     mState = (mSessionId == NO_SESSION) ? STATE_UNKNOWN : STATE_ACTIVE;
+                    final AutofillClient client = getClientLocked();
                     if (client != null) {
                         client.autofillCallbackResetableStateAvailable();
                     }

diff --git a/core/java/android/view/autofill/IAutoFillManager.aidl b/core/java/android/view/autofill/IAutoFillManager.aidl
@@ -16,7 +16,6 @@
 
 package android.view.autofill;
 
-import android.content.ComponentName;
 import android.graphics.Rect;
 import android.os.Bundle;
 import android.os.IBinder;
@@ -35,15 +34,14 @@ interface IAutoFillManager {
     int addClient(in IAutoFillManagerClient client, int userId);
     int startSession(IBinder activityToken, in IBinder appCallback, in AutofillId autoFillId,
             in Rect bounds, in AutofillValue value, int userId, boolean hasCallback, int flags,
-            in ComponentName componentName);
+            String packageName);
     FillEventHistory getFillEventHistory();
     boolean restoreSession(int sessionId, in IBinder activityToken, in IBinder appCallback);
     void updateSession(int sessionId, in AutofillId id, in Rect bounds,
             in AutofillValue value, int action, int flags, int userId);
     int updateOrRestartSession(IBinder activityToken, in IBinder appCallback,
             in AutofillId autoFillId, in Rect bounds, in AutofillValue value, int userId,
-            boolean hasCallback, int flags, in ComponentName componentName, int sessionId,
-            int action);
+            boolean hasCallback, int flags, String packageName, int sessionId, int action);
     void finishSession(int sessionId, int userId);
     void cancelSession(int sessionId, int userId);
     void setAuthenticationResult(in Bundle data, int sessionId, int authenticationId, int userId);

diff --git a/core/java/com/android/internal/widget/VerifyCredentialResponse.java b/core/java/com/android/internal/widget/VerifyCredentialResponse.java
@@ -98,6 +98,8 @@ public void writeToParcel(Parcel dest, int flags) {
             if (mPayload != null) {
                 dest.writeInt(mPayload.length);
                 dest.writeByteArray(mPayload);
+            } else {
+                dest.writeInt(0);
             }
         }
     }

diff --git a/core/proto/android/service/diskstats.proto b/core/proto/android/service/diskstats.proto
@@ -47,7 +47,7 @@ message DiskStatsServiceDumpProto {
 }
 
 message DiskStatsCachedValuesProto {
-    // Total app data size, in kilobytes
+    // Total app code size, in kilobytes
     int64 agg_apps_size = 1;
     // Total app cache size, in kilobytes
     int64 agg_apps_cache_size = 2;
@@ -65,15 +65,19 @@ message DiskStatsCachedValuesProto {
     int64 other_size = 8;
     // Sizes of individual packages
     repeated DiskStatsAppSizesProto app_sizes = 9;
+    // Total app data size, in kilobytes
+    int64 agg_apps_data_size = 10;
 }
 
 message DiskStatsAppSizesProto {
     // Name of the package
     string package_name = 1;
-    // App's data size in kilobytes
+    // App's code size in kilobytes
     int64 app_size = 2;
     // App's cache size in kilobytes
     int64 cache_size = 3;
+    // App's data size in kilobytes
+    int64 app_data_size = 4;
 }
 
 message DiskStatsFreeSpaceProto {

diff --git a/proto/src/metrics_constants.proto b/proto/src/metrics_constants.proto
@@ -4006,19 +4006,6 @@ message MetricsEvent {
     // OS: O
     FIELD_NOTIFICATION_GROUP_SUMMARY = 947;
 
-    // An app attempted to forge a different component name in the AssisStructure that would be
-    // passed to the autofill service.
-    // OS: O (security patch)
-    // Package: Real package of the app being autofilled
-    // Tag FIELD_AUTOFILL_SERVICE: Package of the autofill service that processed the request
-    // TAG FIELD_AUTOFILL_FORGED_COMPONENT_NAME: Component name being forged
-    AUTOFILL_FORGED_COMPONENT_ATTEMPT = 948;
-
-    // FIELD - The component that an app tried tro forged.
-    // Type: string
-    // OS: O (security patch)
-    FIELD_AUTOFILL_FORGED_COMPONENT_NAME = 949;
-
     // ---- End O Constants, all O constants go above this line ----
 
     // OPEN: Settings > System > Languages & input > Advanced > Lift to open camera

diff --git a/services/autofill/java/com/android/server/autofill/AutofillManagerService.java b/services/autofill/java/com/android/server/autofill/AutofillManagerService.java
@@ -533,26 +533,25 @@ public void setHasCallback(int sessionId, int userId, boolean hasIt) {
         @Override
         public int startSession(IBinder activityToken, IBinder appCallback, AutofillId autofillId,
                 Rect bounds, AutofillValue value, int userId, boolean hasCallback, int flags,
-                ComponentName componentName) {
+                String packageName) {
 
             activityToken = Preconditions.checkNotNull(activityToken, "activityToken");
             appCallback = Preconditions.checkNotNull(appCallback, "appCallback");
             autofillId = Preconditions.checkNotNull(autofillId, "autoFillId");
-            componentName = Preconditions.checkNotNull(componentName, "componentName");
-            final String packageName = Preconditions.checkNotNull(componentName.getPackageName());
+            packageName = Preconditions.checkNotNull(packageName, "packageName");
 
             Preconditions.checkArgument(userId == UserHandle.getUserId(getCallingUid()), "userId");
 
             try {
                 mContext.getPackageManager().getPackageInfoAsUser(packageName, 0, userId);
             } catch (PackageManager.NameNotFoundException e) {
-                throw new IllegalArgumentException(componentName + " is not a valid package", e);
+                throw new IllegalArgumentException(packageName + " is not a valid package", e);
             }
 
             synchronized (mLock) {
                 final AutofillManagerServiceImpl service = getServiceForUserLocked(userId);
                 return service.startSessionLocked(activityToken, getCallingUid(), appCallback,
-                        autofillId, bounds, value, hasCallback, flags, componentName);
+                        autofillId, bounds, value, hasCallback, flags, packageName);
             }
         }
 
@@ -604,8 +603,7 @@ public void updateSession(int sessionId, AutofillId autoFillId, Rect bounds,
         @Override
         public int updateOrRestartSession(IBinder activityToken, IBinder appCallback,
                 AutofillId autoFillId, Rect bounds, AutofillValue value, int userId,
-                boolean hasCallback, int flags, ComponentName componentName, int sessionId,
-                int action) {
+                boolean hasCallback, int flags, String packageName, int sessionId, int action) {
             boolean restart = false;
             synchronized (mLock) {
                 final AutofillManagerServiceImpl service = peekServiceForUserLocked(userId);
@@ -616,7 +614,7 @@ public int updateOrRestartSession(IBinder activityToken, IBinder appCallback,
             }
             if (restart) {
                 return startSession(activityToken, appCallback, autoFillId, bounds, value, userId,
-                        hasCallback, flags, componentName);
+                        hasCallback, flags, packageName);
             }
 
             // Nothing changed...

diff --git a/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java b/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
@@ -26,14 +26,12 @@
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.app.ActivityManager;
-import android.app.ActivityManagerInternal;
 import android.app.AppGlobals;
 import android.app.IActivityManager;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageManager;
-import android.content.pm.PackageManager.NameNotFoundException;
 import android.content.pm.ServiceInfo;
 import android.graphics.Rect;
 import android.graphics.drawable.Drawable;
@@ -45,7 +43,6 @@
 import android.os.Looper;
 import android.os.RemoteCallbackList;
 import android.os.RemoteException;
-import android.os.UserHandle;
 import android.os.UserManager;
 import android.provider.Settings;
 import android.service.autofill.AutofillService;
@@ -70,7 +67,6 @@
 import com.android.internal.logging.MetricsLogger;
 import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
 import com.android.internal.os.HandlerCaller;
-import com.android.server.LocalServices;
 import com.android.server.autofill.ui.AutoFillUI;
 
 import java.io.PrintWriter;
@@ -283,7 +279,7 @@ void setHasCallback(int sessionId, int uid, boolean hasIt) {
     int startSessionLocked(@NonNull IBinder activityToken, int uid,
             @NonNull IBinder appCallbackToken, @NonNull AutofillId autofillId,
             @NonNull Rect virtualBounds, @Nullable AutofillValue value, boolean hasCallback,
-            int flags, @NonNull ComponentName componentName) {
+            int flags, @NonNull String packageName) {
         if (!isEnabled()) {
             return 0;
         }
@@ -293,7 +289,7 @@ int startSessionLocked(@NonNull IBinder activityToken, int uid,
         pruneAbandonedSessionsLocked();
 
         final Session newSession = createSessionByTokenLocked(activityToken, uid, appCallbackToken,
-                hasCallback, componentName);
+                hasCallback, packageName);
         if (newSession == null) {
             return NO_SESSION;
         }
@@ -390,8 +386,7 @@ void disableOwnedAutofillServicesLocked(int uid) {
     }
 
     private Session createSessionByTokenLocked(@NonNull IBinder activityToken, int uid,
-            @NonNull IBinder appCallbackToken, boolean hasCallback,
-            @NonNull ComponentName componentName) {
+            @NonNull IBinder appCallbackToken, boolean hasCallback, @NonNull String packageName) {
         // use random ids so that one app cannot know that another app creates sessions
         int sessionId;
         int tries = 0;
@@ -405,44 +400,14 @@ private Session createSessionByTokenLocked(@NonNull IBinder activityToken, int u
             sessionId = sRandom.nextInt();
         } while (sessionId == NO_SESSION || mSessions.indexOfKey(sessionId) >= 0);
 
-        assertCallerLocked(componentName);
-
         final Session newSession = new Session(this, mUi, mContext, mHandlerCaller, mUserId, mLock,
                 sessionId, uid, activityToken, appCallbackToken, hasCallback,
-                mUiLatencyHistory, mInfo.getServiceInfo().getComponentName(), componentName);
+                mUiLatencyHistory, mInfo.getServiceInfo().getComponentName(), packageName);
         mSessions.put(newSession.id, newSession);
 
         return newSession;
     }
 
-    /**
-     * Asserts the component is owned by the caller.
-     */
-    private void assertCallerLocked(@NonNull ComponentName componentName) {
-        final String packageName = componentName.getPackageName();
-        final PackageManager pm = mContext.getPackageManager();
-        final int callingUid = Binder.getCallingUid();
-        final int packageUid;
-        try {
-            packageUid = pm.getPackageUidAsUser(packageName, UserHandle.getCallingUserId());
-        } catch (NameNotFoundException e) {
-            throw new SecurityException("Could not verify UID for " + componentName);
-        }
-        if (callingUid != packageUid && !LocalServices.getService(ActivityManagerInternal.class)
-                .hasRunningActivity(callingUid, packageName)) {
-            final String[] packages = pm.getPackagesForUid(callingUid);
-            final String callingPackage = packages != null ? packages[0] : "uid-" + callingUid;
-            Slog.w(TAG, "App (package=" + callingPackage + ", UID=" + callingUid
-                    + ") passed component (" + componentName + ") owned by UID " + packageUid);
-            mMetricsLogger.write(new LogMaker(MetricsEvent.AUTOFILL_FORGED_COMPONENT_ATTEMPT)
-                    .setPackageName(callingPackage)
-                    .addTaggedData(MetricsEvent.FIELD_AUTOFILL_SERVICE, getServicePackageName())
-                    .addTaggedData(MetricsEvent.FIELD_AUTOFILL_FORGED_COMPONENT_NAME,
-                            componentName == null ? "null" : componentName.flattenToShortString()));
-            throw new SecurityException("Invalid component: " + componentName);
-        }
-    }
-
     /**
      * Restores a session after an activity was temporarily destroyed.
      *