Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13180989

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I8033d0e1c60c957aa149c052dd1ba653f5449d5d

am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13180989

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Ia736a9acfe1f91e2a8d86cb8b7221a1472e5195f

* changes:
  RESTRICT AUTOMERGE Allow CDM to hide overlays
  RESTRICT AUTOMERGE Prevent non-system overlays from showing over CDM UI

* changes:
  RESTRICT AUTOMERGE Allow CDM to hide overlays
  RESTRICT AUTOMERGE Prevent non-system overlays from showing over CDM UI

[automerger skipped] Merge "Only allow BROWSABLE && DEFAULT Intents to be always opened" into oc-mr1-dev am: f4a72918 -s ours

am skip reason: skipped by user chiuwinson

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13307593

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I679f76f348dfc1d72eb42e3704faa8208409ef0c

[automerger skipped] Merge "DO NOT MERGE: WM: Only allow system to use NO_INPUT_CHANNEL." into oc-mr1-dev am: e3f76444 -s ours

am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13210727

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I505e9e636e908e23e3b229262e522dd628d2faff

Bug: 177561690
Test: on device
Change-Id: Icafbdf54fe807f8779377b13cb4e4eb265db692e

Auto verification of app links requires that an intent filter declare
action=VIEW, scheme=HTTP(S), category=BROWSABLE. However,
PackageManagerService was not taking that into account, missing the
category requirement.

But the app info Settings UI did take category into account, so it was
possible for a user to set an application to automatically open web URIs
without understanding that this also granted domains that were not
visible in the app info UI.

To resolve both this, this change makes it so that both auto
verification and the Settings state can only consider the app as
"always" open only if the Intent contains both BROWSABLE and DEFAULT.

Bug: 175139501
Bug: 175319005

Test: manual, see bug for reproduction steps

Merged-In: Ib957258735893bf2779bed19bd400c6726ee6478
Change-Id: Ib957258735893bf2779bed19bd400c6726ee6478
(cherry picked from commit 4266f938)

Auto verification of app links requires that an intent filter declare
action=VIEW, scheme=HTTP(S), category=BROWSABLE. However,
PackageManagerService was not taking that into account, missing the
category requirement.

But the app info Settings UI did take category into account, so it was
possible for a user to set an application to automatically open web URIs
without understanding that this also granted domains that were not
visible in the app info UI.

To resolve both this, this change makes it so that both auto
verification and the Settings state can only consider the app as
"always" open only if the Intent contains both BROWSABLE and DEFAULT.

Bug: 175139501
Bug: 175319005

Test: manual, see bug for reproduction steps

Merged-In: Ib957258735893bf2779bed19bd400c6726ee6478
Change-Id: Ib957258735893bf2779bed19bd400c6726ee6478
(cherry picked from commit 4266f938)

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13194523

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iec137ae2642e0a5ac5247e9939c68d65179f02fd

NO_INPUT_CHANNEL is a hidden WM flag that allows creation of a window
without an input channel. Unfortunately in releases prior to Android R
this would allow creation of a Window which will not be known to the
InputDispatcher at all. This means that the logic generating
FLAG_OBSCURED will work and a window will be able to overlay another
window without the overlayed window being notified. In Android R and
later this isn't a problem as the InputDispatcher is informed of all
windows, input channel or not. For past Android releases, this patch
disables NO_INPUT_CHANNEL for use outside of the WM.

Bug: 152064592
Test: Existing tests pass
Change-Id: I7e1f45cba139eab92e7df88d1e052baba0ae2cc6

NO_INPUT_CHANNEL is a hidden WM flag that allows creation of a window
without an input channel. Unfortunately in releases prior to Android R
this would allow creation of a Window which will not be known to the
InputDispatcher at all. This means that the logic generating
FLAG_OBSCURED will work and a window will be able to overlay another
window without the overlayed window being notified. In Android R and
later this isn't a problem as the InputDispatcher is informed of all
windows, input channel or not. For past Android releases, this patch
disables NO_INPUT_CHANNEL for use outside of the WM.

Bug: 152064592
Test: Existing tests pass
Change-Id: I7e1f45cba139eab92e7df88d1e052baba0ae2cc6

Bug: 172841550
Test: manual
Merged-In: I1a16808426934f4a8d12410576d769443e4c2a04
Merged-In: I3cd5a94386f15cf60a7fe3095b00815e4a6485ae
Change-Id: I35dc86b5721a4531447a6d99d6c30f23543130cb

[automerger skipped] Merge "Remove updateIntentVerificationStatusAsUser from ResolverActivity" into oc-dev am: e9954e14 am: b070447e -s ours am: 2d22fe6e -s ours

am skip reason: Change-Id Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6 with SHA-1 4e71b31e is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12940358

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I64a068ccd312d66a480752097e4f05e1d3903bb7

[automerger skipped] Merge "Remove updateIntentVerificationStatusAsUser from ResolverActivity" into oc-dev am: e9954e14 am: b070447e -s ours

am skip reason: Change-Id Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6 with SHA-1 4e71b31e is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12940358

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I346236b82b70e9f4c72648b71b33e22fc1956bf0

[automerger skipped] Merge "Remove updateIntentVerificationStatusAsUser from ResolverActivity" into oc-mr1-dev am: 9109ce17 -s ours

am skip reason: Change-Id Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6 with SHA-1 2b1ed5b7 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12940359

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Icf84df185d39255c4f279831e5d34536edf5cfb6

Merge "Remove updateIntentVerificationStatusAsUser from ResolverActivity" into oc-dev am: e9954e14

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12940358

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I1e138583f75173a4d785707fa5fa4320c986a1d2

Allow CDM to hide overlays

Since CDM has sensitive user consent UIs, it should be able to hide
non-system overlays

Test: use a 3p overlay app with a visible overlay to ensure overlay disappears when CDM is shown
Bug: 171221090
Change-Id: I3274cb7f03f63e1fa99a9ca06759972ce2a51309

Prevent non-system overlays from showing over CDM UI

Since CDM grants privileges, it should have the same overlay
policy as permission UI

Test: use an app wit ha visible overlay to ensure
the overlay disappears when CDM is shown
Fixes: 171221090

Change-Id: I4daaee7d8b710a72f6166cbb2252ef8af84c2c60

Allow CDM to hide overlays

Since CDM has sensitive user consent UIs, it should be able to hide
non-system overlays

Test: use a 3p overlay app with a visible overlay to ensure overlay disappears when CDM is shown
Bug: 171221090
Change-Id: I3274cb7f03f63e1fa99a9ca06759972ce2a51309

Prevent non-system overlays from showing over CDM UI

Since CDM grants privileges, it should have the same overlay
policy as permission UI

Test: use an app wit ha visible overlay to ensure
the overlay disappears when CDM is shown
Fixes: 171221090

Change-Id: I4daaee7d8b710a72f6166cbb2252ef8af84c2c60

[automerger skipped] Merge "Revoke the uri permission when the file is deleted" into oc-mr1-dev am: 90649404 -s ours

am skip reason: Change-Id I4ffb183630aadb2d87b0965e8cecf88af15f4534 with SHA-1 c5c373c2 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12455547

Change-Id: Idbff151067fe8498ebf3c5ee77c49a731537d141

am skip reason: subject contains skip directive

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13092886

Change-Id: Ic6430aa8cec7406ed69b34e64137b97a83a3a94c

Ensure caller identity is restored in CP quick-path.

Bug: 172935267
Test: PoC in bug
Change-Id: I469bde7d0a0f89c94f1234cf40983395048962e2

Ensure caller identity is restored in CP quick-path.

Bug: 172935267
Test: PoC in bug
Change-Id: I469bde7d0a0f89c94f1234cf40983395048962e2

Protect GrantCredentialsPermissionActivity against overlay. am: deddb784 am: 21e36702 am: f312c9e8

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13021294

Change-Id: Ie0a25150cbbd4aeda11f41df9fecebcac4ba7089

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13021294

Change-Id: I3fe44a233948b572499797f954c304ab40d02f35

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13021294

Change-Id: I37e60418b8f67f3223692d370ced45aae46a706f

Activity can be used only in two cases.
1) Calling uid matches uid grantee.
2) Calling uid is is system. This flow is used by getToken methods with
notifyAuthFailure=true.

Test: Existing CTS tests
Bug: 158480899
Merged-In: I1421c333b6cebb4f7cddcdd8766298f6872e933b
Change-Id: I18af48cf3cb4ad23a3e5b02a8ea1416aa5570dba