Before this change, when a death recipient is set on a binder proxy via
linkToDeath, a JNI global ref to the recipient object was created. That
global ref is cleared only when unlinkToDeath is explicitly called or
binderDied is notified.

In addition, since binderDied didn't give the IBinder which has died,
people has kept a strong reference to IBinder in the death recipient
object. Ex:

class FooHolder implements Binder.DeathRecipient {
    private IFoo mFoo;
    public FooHolder(IFoo foo) {
        mFoo = foo; // this!!!
        mFoo.linkToDeath(this, 0);
    }
    @Override
    public void binderDied() {
        // know that IFoo has died
    }
}

Unfortunately, this is prone to leak. Even if there's no reference to
FooHolder in your program, it is kept in memory due to the JNI global
ref as mentioned above. It means that you keep IFoo as well, and that
in turn keeps the binder service in the remote side. As a result,
binderDied will never be called (well, except when the server process
crashes).

The only way to release this object is calling unlinkToDeath explicitly
when you drop references to FooHolder. However, it's error prone and
keeping that practice is hard to be enforced.

Recently, the need for this pattern has become weaker as we introduced
binderDied(IBinder who). However, the API is quite new and its use is
not mandated. There still are many cases where this pattern is used.

This change is an attempt to fix the issue without having to touch the
existing uses. The idea is to change the way that death recipient
objects are strongly referenced - depending on whether you are targeting
Android V+ or not.

If targeting Android V+, the death recipient object is "weakly"
referenced from JNI. Instead, it is "strongly" referenced from the
BinderProxy object it is registered at. This means that if you drop
a BinderProxy object, you are dropping its death recipients as well,
unless you keep references to the recipients separately.

For apps targeting pre-V versions, we keep the JNI strong reference.

An important implication of this is that you won't get binderDied if you
drop BinderProxy object before the binder actually dies. This actually
is the documented behavior and has been the actual behavior "if you
don't use the FooHolder pattern mentioned above". I'd argue that this CL
fixes the undocumented incorrect behavior. However, we should be
conservative when making any behavioral change, thus we are hiding this
change behind the target SDK level.

Bug: 298374304
Test: atest BinderLeakTest BinderLeakTest_legacy

Change-Id: Ibb371f4de45530670d5f783f8ead8404c39381b4

Bug: 282058146
Test: Treehugger
Merged-In: Idd66455b28cc61e53c68f559244ad2d022cf65d3
Change-Id: Iaa956dec6c64220bcd3a83390b4a9811c42e518e

Use null class loader to fuzz readParcelable.

Bug: 301519740
Test: m java_binder_parcel_fuzzer && ./jazzer_helper.sh --fuzz_target
      java_binder_parcel_fuzzer --target_class parcelfuzzer.ParcelFuzzer
Change-Id: Ieeff3cf9ea5734441d417d16691d7ca9b708c5b3

Commit df4cd065 updated how command line arguments are parsed. However,
sys.argv[0] should be ignored (as this is the name of the program).
Remove the argument, so the default value (sys.argv[1:]) is used.

Also, use the embedded_launcher so that the help renders
as:
    usage: lint_fix [-h]
instead of:
    usage: usage: __soong_entrypoint_redirector__.py [-h]

Test: lint_fix --print --no-fix --check AnnotatedAidlCounter \
       --lint-module AndroidUtilsLintChecker services.autofill
Change-Id: I00e3e3b70c9715e363d3448ae84bf9ff161f2306

Bug: 284266229
Test: presubmit
Flag: none
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f00d54005df32200eaf8c7eaaa95bba266bda8dc)
Merged-In: Ie7f7d334a4904bfbb19baa5dc814291828a8c9eb
Change-Id: Ie7f7d334a4904bfbb19baa5dc814291828a8c9eb

The auto-generated Flags.FLAG_NAME constants are difficult to review in
API tracking files. metalava will expand annotation arguments if

  (1) the field declaration is known to metalava, and
  (2) the constant is not part of the API surface.

The auto-generated constants are hidden, so not part of any API surface.
This satisfies (1).

This CL adds the auto-generated sources to metalava's input. This
satisfies (2).

(cherry picked from commit 01544b94)

Bug: 297881670
Test: m checkapi
Test: m <partition>/etc/aconfig_flags.textproto & diff against a clean build
Merged-In: I757c6e87d81768ef6095a4bea67c74c3ae6028a7
Change-Id: I757c6e87d81768ef6095a4bea67c74c3ae6028a7

Fixes: 297949293
Bug: 223153452

Test: run each test with 100 iterations
Change-Id: I333dcc2c10346ce585d1c5e7f16cad113b2b5a95
Merged-In: I333dcc2c10346ce585d1c5e7f16cad113b2b5a95

Google RCS uses FTEU MO SMS for phone number verification.

Ownership proof for PS-37477:

https://screenshot.googleplex.com/5ZBYyjJc8FbzT8c

BUG: 295455225

TEST: tested the regional configuration with and without the allow listing as per go/premiumsms

https://screenshot.googleplex.com/BRCBpc9EMfXDAir

https://screenshot.googleplex.com/7brwQyFs3xMHjqi



Signed-off-by: Pavan Ittamalla <(pittamalla@google.com)>
(cherry picked from https://android-review.googlesource.com/q/commit:acca0a0713fedc8b6edef461c95b86217de6677c)
Merged-In: If6235e67cf06810b22f5c648cb8a04c18875bbbc
Change-Id: If6235e67cf06810b22f5c648cb8a04c18875bbbc

Change-Id: I1698d8cafd5bbd598bc6af7bd8eb763b77e8e0c7

Merge "Update IANA_TOP_LEVEL_DOMAINS in accordance with http://data.iana.org/TLD/tlds-alpha-by-domain.txt" into main

Camera is still visible on Lockscreen after device policy manager
has disabled it. We should only show the camera affordance when
secure camera is enabled.

Test: run android-testdpc apk
Bug: 298924179
Change-Id: I4eb6bf6a45b98c26c6832b0ffd0b9bf2f83f2444

Add a tool "enforce_permission_counter" which leverages lint_fix and the
AndroidUtilsLintChecker linter to report on the number of AIDL methods
that have been migrated to use the @EnforcePermission annotation (or
@RequiresNoPermission).

Test: enforce_permission_counter
Test: lint_fix --print --no-fix --check AnnotatedAidlCounter \
               --lint-module AndroidUtilsLintChecker services.autofill
Bug: 298285238
Change-Id: I521ab5358476f63387674e17c601da3b63cbc1d8

Merge "Update KEY_CARRIER_SERVICE_NUMBER_STRING_ARRAY documentation to reflect new requirement for Service dialing number." into main

Improve documentation for the following public APIs: isKeyguardLocked(),
isKeyguardSecure(), inKeyguardRestrictedInputMode(), isDeviceLocked(),
isDeviceSecure().  Also, don't link to deprecated methods and classes.
Finally, make sure to mention that keyguard means "lock screen".

Bug: 128589540
Test: N/A
Flag: DOCS_ONLY
Change-Id: I0ddc7bc5c365c23a532bd39d7f79f21bdf5ad058

Updating regex for matching IANA top level domains for web URLs using script https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:frameworks/ex/common/tools/make-iana-tld-pattern.py

Bug: 299591129

Change-Id: I7662cffaba4a762d83c5317add551a5c835f489f

Adds OWNERS file to
core/tests/coretests/src/android/service/quicksettings, to cover the
directory. Other directories have an OWNERS file already. Reusing owners
file from existing quicksettings dir.

Test: Changing OWNERS file
Bug: 295006271
Change-Id: Ia278116b661b8cbdc2f2f7810889ea27a3772592

If there are apps on /oem, permission pregrant xmls should
be there too. Remove the old embedded check that stopped
oem pre-grants.

Test: Add pre-grant xml on /oem and check in Settings
Bug: 300042518
Change-Id: Id50c1d77f12734f044b221f80a39f3c253fa51fb

Change-Id: I70df1f30f028a64aded617979006c4eaae036567