Bug: 143100231
Test: atest ContextTest#testSendOrderedBroadcastWithAppOp
      atest ContextTest#testSendOrderedBroadcastWithAppOp_NotGranted

Change-Id: Ia75d0db11f337769eaf3cf5436e09a7d38b0564c

This takes the Context#getFeatureId from the calling context and pipes
it all way through to the noteOp calls done by the content provider.

Bug: 136595429
Test: atest CtsAppOpsTestCases (new test added to capture this case)
            TelecomUnitTests:CallLogManagerTest
	    ContentProviderClientTest
	    TelecomUnitTests:MissedCallNotifierImplTest
	    TelecomUnitTests:BasicCallTests
	    MediaInserterTest
	    PreferencesHelperTest
	    RankingHelperTest
	    PinnedSliceStateTest
	    FrameworksCoreTests:ContentResolverTest
Change-Id: I53b1035626229c920b353509a5bece157b52fb51

Bug: 142472686
Test: atest android.content.cts.ContextTest#testCreateContextAsUser
Change-Id: Id2e3d5ffe5887a4916e0872a7e85d62cbb439744

Without it, apps (mainline modules) will need to use createPackageContext...,
which is a bit painful.

Bug: 142472686
Test: atest android.content.cts.ContextTest#testCreateContextAsUser
Change-Id: Id640e03862462724df1a4a3101f0b08faafba22f

This change fixes a regression that java_sdk_libraries under
frameworks/base were built with all framework sources.

Bug: 141149570
Test: m
Change-Id: Iea1d2ae20ca1c5b514a52d8b2a22e8a1d7543efd

This change fixes a problem that entire framework source files are given
to metalava even when many of the source files are not for public. Using
the new property filter_packages, only source files that belongs to the
public packages are given to metalava.

This CL also changes the name of the filegroup 'framework-srcs' to
'framework-non-updatable-sources' to better describe its contents. In
addition, a build-time only library 'framework-all' is introduced. This
library produces a header jar for all framework sources for both
non-updatable and updatable parts. It is put to the classpath when
invoking metalava to give information on the hidden classes that were
filtered-out.

Bug: 140764681
Test: m
Change-Id: I6e16679109ac07820e35037754d4327442c014f2

droiddoc modules for the SDK API documentation and stubs library
generations have depended on the 'framework' (which was recently changed
to framework-minus-apex' module to get the list of Java source files to
be processed.

This however caused a circular dependency when we tried to modularize
some classes in the framework library as a separate library. The
separate java library depended on the stubs library (because it should
only use SDK APIs) and the stubs library depended on the framework
library. The framework library itself depended on the separated library
(or its stub) to use APIs from the separated library, thus forming a
circular dependency.

This change fixes the problem by directly giving the framework source
files via a filegroup `framework-sources-to-document` where all Java
and AIDL files that are to be documented are included in.

This change also put the generated R.java and Manifest.java files from
framework-res into the filegroup for framework sources.

Bug: 70046217
Bug: 135922046
Test: m
Exempt-From-Owner-Approval: Approved internally
Merged-In: I09ad88da47540d31ad089aad5e1151a4b6877ec2
(cherry picked from commit 20426538)
Change-Id: I09ad88da47540d31ad089aad5e1151a4b6877ec2

droiddoc modules for the SDK API documentation and stubs library
generations have depended on the 'framework' (which was recently changed
to framework-minus-apex' module to get the list of Java source files to
be processed.

This however caused a circular dependency when we tried to modularize
some classes in the framework library as a separate library. The
separate java library depended on the stubs library (because it should
only use SDK APIs) and the stubs library depended on the framework
library. The framework library itself depended on the separated library
(or its stub) to use APIs from the separated library, thus forming a
circular dependency.

This change fixes the problem by directly giving the framework source
files via a filegroup `framework-sources-to-document` where all Java
and AIDL files that are to be documented are included in.

This change also put the generated R.java and Manifest.java files from
framework-res into the filegroup for framework sources.

Bug: 70046217
Bug: 135922046
Test: m

Exempt-From-Owner-Approval: Approved internally
Merged-In: I09ad88da47540d31ad089aad5e1151a4b6877ec2
(cherry picked from commit 20426538)
Change-Id: I09ad88da47540d31ad089aad5e1151a4b6877ec2

droiddoc modules for the SDK API documentation and stubs library
generations have depended on the 'framework' (which was recently changed
to framework-minus-apex' module to get the list of Java source files to
be processed.

This however caused a circular dependency when we tried to modularize
some classes in the framework library as a separate library. The
separate java library depended on the stubs library (because it should
only use SDK APIs) and the stubs library depended on the framework
library. The framework library itself depended on the separated library
(or its stub) to use APIs from the separated library, thus forming a
circular dependency.

This change fixes the problem by directly giving the framework source
files via a filegroup `framework-sources-to-document` where all Java
and AIDL files that are to be documented are included in.

This change also put the generated R.java and Manifest.java files from
framework-res into the filegroup for framework sources.

Bug: 70046217
Bug: 135922046
Test: m

Change-Id: I09ad88da47540d31ad089aad5e1151a4b6877ec2

Java and AIDL source files under frameworks/base are now modularized
using filegroup. Each filegroup has 'path' property set to the base
directory of the ssource files. This allows us to not rely on
aidl.[local_]include_dirs and srcs_lib_whitelist_dirs to get the base
directories.

Bug: 70046217
Test: m
Exempt-From-Owner-Approval: Approved internally
Merged-In: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2
(cherry picked from commit b360931b)
Change-Id: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2

Java and AIDL source files under frameworks/base are now modularized
using filegroup. Each filegroup has 'path' property set to the base
directory of the ssource files. This allows us to not rely on
aidl.[local_]include_dirs and srcs_lib_whitelist_dirs to get the base
directories.

Bug: 70046217
Test: m
Exempt-From-Owner-Approval: Approved internally
Merged-In: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2
(cherry picked from commit b360931b)
Change-Id: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2

Java and AIDL source files under frameworks/base are now modularized
using filegroup. Each filegroup has 'path' property set to the base
directory of the ssource files. This allows us to not rely on
aidl.[local_]include_dirs and srcs_lib_whitelist_dirs to get the base
directories.

Bug: 70046217
Test: m
Change-Id: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2

Bug: 137763703
Test: Clean local build + "flash -w" and boot
Test: Presubmit
Test: atest CtsJobSchedulerTestCases
Test: ./cts/tests/signature/runSignatureTests.sh
Change-Id: Ie2a5a7a17f903ac18de0bcdde5be25311a62fa01

The new MediaProvider design has an internal dynamic security model
based on the value stored in OWNER_PACKAGE_NAME, so the OS always
needs to consult the provider when resolving Uri permission grants.

Blocking calls from the system process like this are typically
discouraged, but this is the best we can do with the limited time
left, and there is existing precident with getType().

For now, use "forceUriPermissions" as a proxy for determining when
we need to consult the provider directly.

Bug: 115619667
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I1d54feeec93fbb4cf5ff55240ef4eae3a35ed068

Added a version of the onPermissionUpdated and
onInstallPermissionUpdated methods which will notify
OnPermissionChangedListeners, and added this to the
PermissionManagerService "updatePermissionFlags" and
"updatePermissionFlagsForAllApps" methods. Also adds
OnPermissionsChangedListener to @TestApi

Fixes: 135937566
Test: atest PermissionUpdateListenerTest
Change-Id: I906598c366234c3daaa202261678bca04837cb13

Creates a filegroup for each of these files:
* api/current.txt
* api/system-current.txt
* api/system-removed.txt
* test-base/api/current.txt
* test-mock/api/current.txt
* test-runner/api/current.txt

Bug: 122332514
Test: atest -p cts/tests/signature
Change-Id: Ib031dcc39d3c1cca6dcdf977c0277d5e4875591e

This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.

There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).

Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.

Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.

NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.

Exempt-From-Owner-Approval: trivial change due to APi adjustment

Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases

bug:124769181

Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd

Add Shell permission for new CTS tests to test the multi-display
functionality in WallpaperService/WallpaperManagerService.

Bug: 123707989
Test: atest WallpaperManagerMultiDisplayTests
Test: atest ActivityManagerMultiDisplayTests

Change-Id: Id97db050a0b9d1940c2dfaa793fbe526df578105

Allow app to control the thread where ServiceConnection methods are
called on.

Bug: 111434506
Test: Used new bindContext method in chrome and checked callbacks
are on the correct thread.

Change-Id: I480e5bd6773a530fb9e8e73e3a2a2a88b76569ec

Fixes up the android.test.legacy target to stop using sources directly
now that the issue with android.test.runner-minus-junit not being able
to be built against the SDK has been resolved.

Also, fixes a couple of comments.

This reverts commit 7d7af10d.

Reason for revert: When this was originally applied it broke the
pi-dev-plus-aosp branch as it contained references to these targets.
Those references have now been removed.

Bug: 63127064
Change-Id: I619e92faf4cc38f8fd4f053bde832e9a76a2a2bf
Test: make checkbuild

Allows us to remove the use of private platform API from CTS.

Bug: 124134247
Test: builds
Change-Id: Iceb81ff7c9385e877d2612fbb7b506245d116928

For testing we often need to run shell commands. This can be done
today via running a shell command from an instrumentation test
started from the shell. However, this requires adding shell commands
which are not in the API contract, involve boilerplate code, require
string parsing, etc.

This change allows an instrumentation started from the shell to
adopt the shell UID permission state. As a result one can call APIs
protected by permissions normal apps cannot get by are granted to
the shell. This enables adding dedicated test APIs protected by
signatures permissions  granted to the shell.

Test: cts-tradefed run cts-dev -m CtsUiAutomationTestCases
          -t android.app.uiautomation.cts.UiAutomationTest#testAdoptShellPermissions

bug:80415658

Merged-In: I4bfd4b475225125512abf80ea98cd8fcacb6a1be
Change-Id: I4bfd4b475225125512abf80ea98cd8fcacb6a1be

This reverts commit 3b0be603.

Reason for revert: Broken build

Change-Id: I71270c7b47163ab7147029f2d3961d1848fdd9eb

tests need to make sure the flags are set correctly.

Bug: 116738135
Test: atest CtsBackupTestCases:android.backup.cts.PermissionTest#testRestorePermReviewed
Change-Id: Ia1000de3594e910c3345e205679bee37be898d17

Fixes up the android.test.legacy target to stop using sources directly
now that the issue with android.test.runner-minus-junit not being able
to be built against the SDK has been resolved.

Also, fixes a couple of comments.

Bug: 63127064
Test: make checkbuild
Change-Id: If38fa0d87b36343896e97efb2269ac070810db84

Changes to the various api directories will run the
tests which make use of the API specification in those directories.

Could not include CtsSystemApiSignatureTestCases as it is broken on
git_master because of bug 116632058.

Bug: 123254057
Test: atest
Change-Id: I1fe4ca498cbd0393aba7cf4c1386a6325ace7937

Bug: 120879205
Test: manual
Test: atest cts/tests/tests/database/src/android/database/cts/AbstractCursorTest.java
Change-Id: If3be228dc6b08ea58d24c9209822f9d8c2348082

Bug: 123221743
Test: m api-stubs-docs-check-last-released-api
Change-Id: I6d34c86582633d696464c8207a7d631be6d31693

The new format is described in tools/metalava/FORMAT.md.

Fixes: 116589402 Switch signature files over to the v2 format
Fixes: 112626813 Drop "synchronized" modifier from the signature format
Fixes: 122358225 Omit overriding methods that only differ in final [...]
Fixes: 73088715 API Review: Need doclava to output nullability
Fixes: 79739773 API Review: Metalava enforcing constants are constant
Exempt-From-Owner-Approval: Large-scale tooling change
Test: make sdk, make update-api, make checkapi
Change-Id: Ia248aece5250e84e47c815c601133b698bf644c2

The new format is described in tools/metalava/FORMAT.md.

Fixes: 116589402 Switch signature files over to the v2 format
Fixes: 112626813 Drop "synchronized" modifier from the signature format
Fixes: 122358225 Omit overriding methods that only differ in final [...]
Fixes: 73088715 API Review: Need doclava to output nullability
Fixes: 79739773 API Review: Metalava enforcing constants are constant
Exempt-From-Owner-Approval: Large-scale tooling change
Test: make sdk, make update-api, make checkapi
Change-Id: I8314f4e7099fa92e4f8ed7d283ccf836cc9a84a0
Merged-In: Ia248aece5250e84e47c815c601133b698bf644c2

The impl lib name of java_sdk_library is changed to {module_name}.jar
instead of {module_name}.impl.jar
android.test.mock.impl is removed from stubs_defaults.
RepetitiveTest class is added to public API in android.test.base

Bug: 110404779
Test: m -j
Change-Id: I5dd7f3a28bc22136b4e921de3eb5a3e77e5fc75f
Merged-In: I5dd7f3a28bc22136b4e921de3eb5a3e77e5fc75f
(cherry picked from commit b7540bf1)

The impl lib name of java_sdk_library is changed to {module_name}.jar
instead of {module_name}.impl.jar
android.test.mock.impl is removed from stubs_defaults.
RepetitiveTest class is added to public API in android.test.base

Bug: 110404779
Test: m -j
Change-Id: I5dd7f3a28bc22136b4e921de3eb5a3e77e5fc75f
Merged-In: I5dd7f3a28bc22136b4e921de3eb5a3e77e5fc75f
(cherry picked from commit b7540bf1)

The impl lib name of java_sdk_library is changed to {module_name}.jar
instead of {module_name}.impl.jar
android.test.mock.impl is removed from stubs_defaults.
RepetitiveTest class is added to public API in android.test.base

Bug: 110404779
Test: m -j
Change-Id: I5dd7f3a28bc22136b4e921de3eb5a3e77e5fc75f

android.test.mock, com.android.location.provider and
com.android.mediadrm.signer libraries are change to using metalava
instead of doclava.

Test: m -j
Bug: 117127012
Change-Id: I82e838ab60110698e1c0ea8e567467a1b32707ce

Entries from DownloadProvider are added to MediaStore Downloads
collection. COLUMN_MEDIASTORE_URI will be used to track corresponding
entries in MediaProvider. We can't re-use COLUMN_MEDIAPROVIDER_URI
for this purpose because it is updateable by apps.

Bug: 120876251
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest MediaProviderTests
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: Ifd252c54f4ee739a31be2866896efac6696a088e

This change adds RollbackManagerService as a new system service for
managing apk level rollbacks.

To work properly this requires additional selinux policy changes. Fails
gracefully in case of selinux denials, until we have a chance to sort
out the proper selinux policy.

Bug: 112431924
Bug: 116512606
Test: atest RollbackTest, with selinux enforcement off.
Test: atest CtsPermission2TestCases:PermissionPolicyTest
Change-Id: Id72aae9c4d8da9aaab3922ec9233ba335bc0198f

Existing APIs that accept a ContentResolver are too restrictive when
the caller has their own ContentProviderClient already bound and
configured, so we're in the market for a solution to open those
existing APIs to accept a wider range of inputs.

The solution we've come up with is to introduce a super-interface
which contains the common ContentProvider APIs, and then make
ContentProvider, ContentResolver, and ContentProviderClient all
implement that interface for consistency.

After this change lands, we can then safely relax existing APIs to
accept this new ContentInterface, offering a clean path to solving
the problem outlined above.

Bug: 117635768
Test: atest android.content.cts
Test: atest android.provider.cts
Change-Id: Ic5ae08107f7dd3dd23dcaec2df40c16543e0d86e
Exempted-From-Owner-Approval: keep tests working

Bug: 119748678
Test: build
Change-Id: I79f7d057df5b61fa661987d36f20d24825eb1e5b

This will allow apps to better manage many isolated processes,
telling the system how they are grouped together (so should be
managed as one related entity within the LRU cache) and fine-tune
the ordering within that group.

The API is not yet tested...  though in theory it is implemented.
But the implementation done for that also fixes a *lot* of problems
with activity LRU management that, even without groups, should
make the ordering of processes in the LRU list much more consistently
match how recently the user has interacted with it.

Also clean up some of the new dumpsys output in the activity manager:
move the new sections to before the process output (so it is still
easy to see the process state at the end of the output), and add and
document the command line options for controlling them.  And add a
new "lru" section that gives a clear view of what is going on with
the raw LRU list.

An upcoming change will add tests for the new grouping functionality,
and probably some fixes resulting from that.

Test: atest CtsAppTestCases:ServiceTest
Bug: 111434506
Change-Id: I1f6b6b9de66ccde1573e1a0e9615e8c5f8e6c0d7

This allows clients to run multiple instances of the same
manifest service declaration.  It only works for isolated
services, to avoid too much abuse temptation.  This is part
of the "Chrome site isolation" work, to allow chrome to have
many more render processes running and help it manage them.

Bug: 111434506
Test: atest CtsAppTestCases:ServiceTest
Change-Id: I22e65758678a07075ed32ed6463082ddf846d3a4