Bug: 324085891
Test: atest CtsResumeOnRebootHostTestCases \
FrameworksServicesTests: RebootEscrowDataTest \
FrameworksServicesTests: LockSettingsServiceTests \
FrameworksServicesTests: RecoverySystemServiceTest \
FrameworksServicesTests: RebootEscrowManagerTests \
FrameworksServicesTests: RebootEscrowProviderServerBasedImplTests
Change-Id: Ibba55830bb3168d312d3f92094d7a266931439e6

Bug: None
Test: presubmit
Change-Id: Iaf8ed5e440b5514c68d09e803a6fd6a6a0944245

Since the underlying code in connectivity manager is moving to metered
firewalls to denote the uid policy for metered restrictions, NPMS can
start using them now.
Rather than having a single PENALTY_BOX, we have separate firewalls for
user and admin imposed restrictions. Once NPMS uses the appropriate
firewalls for these, it does not need to separately convey the blocked
reasons for metered restrictions on uids to the ConnectivityManager.

Flag: com.android.server.net.use_metered_firewall_chains

Test: atest FrameworksServicesTests:NetworkManagementServiceTest
Test: atest FrameworksServicesTests:NetworkPolicyManagerTest
Test: atest CtsHostsideNetworkPolicyTests

Bug: 336693007
Change-Id: I8da11ff663257d3dafcb5e22ae3313a9255ef0a6
Merged-In: I8da11ff663257d3dafcb5e22ae3313a9255ef0a6

Bug: 332981866
Test: atest com.android.server.audio.MusicFxHelperTest
Flag: NONE, impact of this fix is limited
Change-Id: I996951c7f71678c76afec78efd452b275f17213e
(cherry picked from commit 52c9b652)
Merged-In: I996951c7f71678c76afec78efd452b275f17213e

Bug: 335982533
Change-Id: I975641f193917101645cfcf2b78e198801c59a2c

Disable flags in old test, these could be removed during flag cleanup

Bug: 333720513
Test: atest RescuePartyTest
Change-Id: If659c702e3348c1c814f922f55d97776b99f2ff8

To services/tests/servicestests/src/com/android/server/autofill

Change-Id: Ibcd6798627dc3506e4ef4ed690daf5c4e90c53d1
Test: n/a
Bug: n/a

With upcoming changes, test_module_config modules need to live in
the same test-suite as their base, in this case FrameworksServicesTests.
It lives in device-tests, so the derived tests should as well.

In the future we can migrate to general-tests if that makes more sense.
FYI: b/149420197 has some context on the difference.

Test: mm
Test: atest FrameworksServicesTests_contentprotection
Change-Id: I8358e2b026eea4b8fe449e9c51d13ea5623389a1

Test: atest
Bug: 336802415
Flag: test_only
Merged-In: Ic2c3b07e0d1a69600514930e52bcee655d06dcf5
Change-Id: Ic2c3b07e0d1a69600514930e52bcee655d06dcf5

1. Enabling "flag resets" behind aconfig flag
2. Mocking the above flag in Tests

Bug: 333720513
Test: atest RescuePartyTest
Change-Id: I87e82def65b01367dbb36c7324b91c36203f2409

This is the second of several cls to start the migration of options in
TEST_MAPPING files to being specified in Android.bp files.

These tests already fail and will not pass the SLO checker, but
we will get an exception.

https://android-build.corp.google.com/test_investigate/invocation/I90500010261340262/test/TR68129237142233643/
java.lang.SecurityException: You either need MANAGE_USERS or CREATE_USERS permission to: query users
	at com.android.server.pm.UserManagerService.checkCreateUsersPermission(UserManagerService.java:3824)
	at com.android.server.pm.UserManagerService.getUsers(UserManagerService.java:1362)
	at com.android.server.pm.UserManagerService.getUsers(UserManagerService.java:1355)
	at com.android.server.pm.UserManagerServiceUserInfoTest.setup(UserManagerServiceUserInfoTest.java:102)

The overall goal is to get local (atest) runs closer to CI runs of the
tests and split FrameworksServicesTests at runtime to different owners
can be assigned to different parts of the test.

Step 1) Introduce new modules and list them in TEST_MAPPING postsubmit
Step 2) Wait a week for SLO checker to accept the new modules.
Step 3) Replace current presubmit TEST_MAPPING entries with the module
names.
This was hand-crafted cl, not using the migration script yet.
I am starting with one directory that has several TEST_MAPPING files

Migration Plan Doc: https://docs.google.com/document/d/1x3w-BvKO3E-GbY8YOSBuzJC6-pkLkuhfjSyZ1hJQBYM/edit?tab=t.0#heading=h.17wg41voij6q

Test: atest FrameworksServicesTests_pm_presubmit
Test: atest -p .:presubmit
Change-Id: I5227f9c4b66e62e2f858b796cfb8aa7b1eea806c
Flag: TEST_ONLY
Test-Mapping-Slo-Bypass-Bug: b/335015078

Test: compiles, lint
Bug: None
Change-Id: I5f927b17a83ff4ef98ecf3be8f8ed53d6912aca1

Since the bootloop is not for complete boot rather for  system-server
restarts, we dont have to be as conscious about performing higher
impact mitigations and we can perform them earlier. (Reboots
initiated by user doesnt trigger a bootloop scenario.)

Removed the increment boot count threshold needed between 2 mitigations.
Also removed BOOT_LOOP_THRESHOLD(default value: 15) which was needed to
perform any high impact mitigations.

PackageWatchdog would wait for DEFAULT_BOOT_LOOP_TRIGGER_COUNT (default
value: 5) after a reboot (ex: WARM_REBOOT step in rescue party, mainline
rollback). Changed the behaviour to wait for DEFAULT_BOOT_LOOP_TRIGGER_COUNT
only for first mitigation.

MitigationCount was not getting reset properly after de-escalation
window. Updated the logic to save mitigationCount to the file after reset.

Did manual tests by killing system_server process using the following
command:
`adb shell kill -9 $(adb shell pidof system_server)`
Verified that the first mitigation was performed at 5 restarts.
Every restart after that resulted in next mitigation being executed.

Ran `atest PackageEatcdogTest` to verify PackageWatchdogTest and
CrashRecoveryTest changes.

Test: Unit test, manual test
Bug: 291137901
Change-Id: Ia0174e0e5dca09c5d4e9d3a12909c5e5087b4dbf

Bug: 331717791
Test: atest UpdatableFontDirTest
Test: Step 1: Build AOSP image and install
Test: Step 2: Install font family.
Test: Step 3: Remove certificate manually by adb shell.
Test: Step 4: Reboot the device
Test: Step 5: Install font family.
Change-Id: I0373a2e66b7a6a51168094772afb36d8905b6979
Merged-In: I0373a2e66b7a6a51168094772afb36d8905b6979

Now that the SLO checker has passed, move these to presubmit
and remove the original entries that had options.

Fixes: b/331020193
Test: CI  https://android-build.corp.google.com/test_investigate/invocation/I94800010261847511/test/TR39329239330934307/?status=passing
Test: atest --test-mapping src/com/android/server/contentcapture:presubmit
Test: atest --test-mapping src/com/android/server/contentprotection:presubmit
Test: atest --test-mapping src/com/android/server/location/contexthub:presubmit
Test: atest --test-mapping src/com/android/server/om:presubmit
Test: atest --test-mapping src/com/android/server/os:presubmit
Test: atest --test-mapping src/com/android/server/recoverysystem:presubmit
  \# waiting on this one: atest --test-mapping src/com/android/server/pm:presubmit
Change-Id: I2e7000482f7f4d95c38abff67d93278d027b2d8b

Currently the IKeystoreAuthorization service is intended to be accessed
through the helper class android.security.Authorization.  However,
because Authorization provides only static methods, it can only be
unit-tested by static mocking, which is only available in
mockingservicestests.  BiometricService works around this in two
different ways: (a) using IKeystoreAuthorization directly, and (b) using
android.security.KeyStore, which is an obsolete class which is now
almost empty and just contains a couple random helpers.  I'd like to
remove it to avoid confusion with java.security.KeyStore.

This CL solves the testability problem in a consistent way by renaming
Authorization to KeyStoreAuthorization and changing all public static
methods to instance methods.  It updates all callers of the keystore
authorization service to go through a KeyStoreAuthorization instance.
Finally, it updates the unit tests for TrustManagerService and
BiometricService to inject a mock KeyStoreAuthorization.

Bug: 326508120
Test: atest TrustManagerServiceTest
Test: atest FrameworksServicesTests:{BiometricServiceTest,AuthSessionTest}
Test: atest CtsBiometricsTestCases:BiometricSimpleTests
Flag: N/A.  Refactoring with no behavior change intended.
Change-Id: I68504f447b1b880c08a60cf027b13f77a6567ec9

Add hidden apis for settings to store profiles directly into the
VpnBlobStore.

Bug: 307903113
Test: m
Change-Id: I148ceedcb2ae235d89a3dd5ffba4a8ef26b5d104

Test: atest FrameworksVpnTests
Change-Id: I677c046fba993c97296dd2876d928d7d5d2b213c

This is the first of several cls to start the migration of options in
TEST_MAPPING files to being specified in Android.bp files.

The overall goal is to get local (atest) runs closer to CI runs of the
tests.

These all have FrameworksServicesTests as the base test and all
TEST_MAPPING files to refer to these new test modules reside under this
(servictests) directory.

Step 1) Introduce new modules and list them in TEST_MAPPING postsubmit
Step 2) Wait a week for SLO checker to accept the new modules.
Step 3) Replace current presubmit TEST_MAPPING entries with the module
names.
This second CL will be part of the same topic, which will also run in
presubmit ...

Later steps will ensure that if new options are added to these
TEST_MAPPING files, they will get converted too, but nothing is
preventing that yet.

This was hand-crafted cl, not using the migration script yet.
I am starting with one directory that has several TEST_MAPPING files
below and converting them all, thus 10 new modules instead of 1 or 2.

Migration Plan Doc: https://docs.google.com/document/d/1x3w-BvKO3E-GbY8YOSBuzJC6-pkLkuhfjSyZ1hJQBYM/edit?tab=t.0#heading=h.17wg41voij6q

For these tests, the out dir increases by 1.7 Gig (total for all them).

From: ~/aosp-main-with-phones/frameworks/base/services/tests/servicestests
Ran atest and verified the test that ran matched the new filters.
Test: atest --test-mapping src/com/android/server/contentcapture:postsubmit
Test: atest --test-mapping src/com/android/server/contentprotection:postsubmit
Test: atest --test-mapping src/com/android/server/location/contexthub:postsubmit
Test: atest --test-mapping src/com/android/server/om:postsubmit
Test: atest --test-mapping src/com/android/server/os:postsubmit
Test: atest --test-mapping src/com/android/server/pm:postsubmit
    # 4 postsubmit tests fail, but there were already failing
Test: atest --test-mapping src/com/android/server/recoverysystem:postsubmit

Change-Id: I6e793d8c8fb1efb3b990466ea409a3cf1bf53434

So that they can be promoted to an error by default.

Bug: 253827323
Test: m RUN_ERROR_PRONE=true javac-check
Change-Id: Id386aecfaed2c96809a8a4cbfdb104e5fe87a084

ULocale.addLikelySubtags is allowed to canonicalize subtags according to
step 1 in the spec http://www.unicode.org/reports/tr35/#Likely_Subtags
- "Replace any deprecated subtags with their canonical values using the
  <alias> data in supplemental metadata. Use the first value in the
  replacement list, if it exists."
- In this case, ULocale.addLikelySubtag("sr-Latn-CS") returns
  "sr-Latn-RS". Thus, the algorithm of LocaleUtils.calculateMatchingSubScore
  needs to be updated to do what it tries to do.

In addition, update DateIntervalFormatTest due to
  ICU 74 de locale data change

Bug: 327164201
Test: atest FrameworksCoreTests:android.text.format
Test: atest FrameworksServicesTests:com.android.server.inputmethod
Test: atest CtsInputMethodTestCases
Change-Id: I5902000994c8af8bdb7e26c99ae33b85cd5ccca4

Sometimes, we deliberately send a process-state TOP change before the
normal oom adjuster update gets triggered for resuming activities. In
this case, there may be a duplicate notification for the same
process-state change with a newer procStateSeq. We need to ensure we
always process these notifications and notify activity manager on
completion.

These are redundant notifications but should be rare and cheap enough to
always process - even if they do not end up changing any of the firewall
state.

Also modifying the log in ActivityManager to report a wtf whenever the
wait timeouts to help emphasize this discrepancy.

Test: atest FrameworksServicesTests:NetworkPolicyManagerServiceTest

Fixes: 327303931
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:28afbd2a2183162a38d261c79abdfb50be65e896)
Merged-In: I4884072bd6d7820acee67851d7504886564e2348
Change-Id: I4884072bd6d7820acee67851d7504886564e2348

PackageWatchdog will apply high user impact actions only in case of
network failure.

RescueParty updated the list of rescue levels and their corresponding
impact.

Test: unit and manual tests
Bug: 310236690
Change-Id: Iff34f6051b801a0d45149c317a7c9f344a2bd984

Bug: 253827323
Test: m RUN_ERROR_PRONE=true javac-check
Change-Id: I15e6cf4d1bbdc55db10971b6bf28063a445ddf33

Scope of isAttemptingFactoryReset method was updated to include both the
reboots that were triggered by RescueParty.
As it would be made an API, refactoring it to isRecoveryTriggeredReboot
which seems a better name with expanded scope.

Bug: b/289203818
Test: m
Change-Id: Ic4bc1765e2f08ad35ff23f0f6ea6dae0e4195e79

Same three owners were being repeated at multiple places, having them at
central owner place and including that everywhere.

Bug: 289203818
Test: NA
Change-Id: Ic63f939e196fe5974eb5e4c31d7b2991eafac6cd

Replace the usage to include necessary lib only to address
comment from aosp/2981832.

Test: atest FrameworksVpnTests
Change-Id: Id130c6739a683fc0c9e01e4e42d9215b660dba95

Test: atest PackageManagerServiceHostTests
Test: extract the PackageManagerServiceServerTests.apk, check libs
Bug: 328033038
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:590c3cf45dc326a78ec0efe5b4285f949bf978ed)
Merged-In: I2b7582b30102c03de8173a17ca5b0851c4fb73c5
Change-Id: I2b7582b30102c03de8173a17ca5b0851c4fb73c5

3d122842
Reason for revert: b/327713895 was a false alarm.

Change-Id: Id3e6e02b24e6157191601397ff86a695f41daa39

3740d891

Bug: 327713895
Change-Id: I8b0bc7d1df6ae3f50009884f0fbaa68483ccf32b

Test: manual
Bug: 291137901
Change-Id: I333008d36ff556923888a2c96e11fd2dd84cc8e4

This is a cleanup commit to address unused variables found
by ERROR_PRONE.

Test: atest FrameworksVpnTests
Change-Id: I40241276a2700a38e769737e0ea8aace4cc3cae9

The tests are in the platform now so the SDK check is no longer
needed. Also update test runner since the tests do not need to
use DevSdkIgnoreRunner so update it to AndroidJUnit4 instead.

Test: atest FrameworksVpnTests
Change-Id: Ibbd475820d87fd189f76b0134c688d52a0139451

Bug: 327285718
Test: atest services/tests/mockingservicestests/src/com/android/server/am/BroadcastQueueTest.java
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ed480b67b34feda9c9b01f03054f89e3e984b031)
Merged-In: Iffb55f30816bd5e13f6992c434dc2cba7699b6a1
Change-Id: Iffb55f30816bd5e13f6992c434dc2cba7699b6a1

Check light sensor is null for biometric logging

Bug: 327330325
Test: ALSProbeTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:54534f9c7e2830ce98602ab50811d9aa38d3617d)
Merged-In: I7604f1dd8b1314822b141e18b1c2d6fb717db4ae
Change-Id: I7604f1dd8b1314822b141e18b1c2d6fb717db4ae

The tests were failing the first time on postsubmit because of test from
some other file. All the tests would pass on retry. Creating a new
target for rollback observer because we want them to run reliably.

Test: manual
Bug: 291137901
Change-Id: I7c4730391235bbbc07a98f17518d54037ff905e4

Address lint warning in aosp/2985391.

Test: atest FrameworksVpnTests
Change-Id: I44794e92a87372b83a63c36b57eb99909f570444

As VpnProfile, VpnManager and Ik2v2VpnProfile are platform codes,
their unit tests should be better to be placed together with
their source code.

Move the unit test from module to platform for better test
configuration.

Test: atest FrameworksNetTests FrameworksVpnTests
Change-Id: Idb5033e23306b714a29d953866ca5a5771fb78a7

LockdownVpnTrackerTest was put inside FrameworksServiceTest
because there is no better place to put the test. This VPN
related test should be better to be placed together with
other VPN related tests.

Also update the TEST_MAPPING to run the test accurately.

Test: atest FrameworksVpnTests
Change-Id: I2d90e401e3d0a6eea4a047a0079b28bba7aa15ed

In some cases, where a uid undergoes quick consecutive state changes and
the handler message has not completed execution, we can return early if
we know a following handler message to evaluate the same rules is
pending.

We peek at UidStateCallbackInfos to infer this state as these are
populated directly in the UidObserver callbacks before posting to the
handler.

The code avoids removing messages from the Handler as
- it is a linear operation that may be slower.
- the check on UidStateCallback happens later and returns from redundant
handler message-processing without incurring much additional work.

Also taking out some code out of the mUidRulesFirstLock lock.

Test: atest CtsHostsideNetworkTests
Test: FrameworksServicesTests:NetworkPolicyManagerServiceTest

Bug: 327058756
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a0703d6dd4e906b9a38a1a4b497ff0c628d1411d)
Merged-In: I764f714d3ce09699a0ab82b77c8b6a577cd9f9ab
Change-Id: I764f714d3ce09699a0ab82b77c8b6a577cd9f9ab