Starting in Android 12, unlocking the device with a class 1
("convenience") biometric, class 2 ("weak") biometric, or a trust agent
unexpectedly doesn't allow the use of UnlockedDeviceRequired keys.  The
cause of this bug is that the cryptographic protection that Keystore now
applies to UnlockedDeviceRequired keys incorrectly assumes that the
device can only be unlocked using LSKF or via a biometric that
participates in Keystore (has a SID and uses HardwareAuthTokens).
Actually, Keyguard also allows the device to be unlocked using weaker
biometrics that do not particiate in Keystore, if they are enrolled.
Similarly, there are also cases where a trust agent can actively unlock
the device, e.g. unlocking a phone using a paired watch.

In combination with the Keystore changes in
I1b0d9ec4f9e31dc91642e865045766bd17e34cad, this CL fixes the bug by
making Keystore retain the UnlockedDeviceRequired super keys in memory
if a weak unlock method is enabled at device lock time.  This does mean
that UnlockedDeviceRequired is enforced only logically when a weak
unlock method is enabled, but this is the best we can do in this case.

Note: a future CL will take into account the progressive expiration of
unlock methods while the device is locked and upgrade the security of
UnlockedDeviceRequired accordingly.  The present CL focuses just on
choosing the correct protection at lock time, fixing a user-visible bug.

Test: Ran the following automated tests with and without the
      fix_unlocked_device_required_keys_v2 flag enabled:
          atest com.android.server.locksettings \
          && atest TrustManagerServiceTest \
          && atest TrustTests \
          && atest -p --include-subdirs system/security/keystore2 \
          && atest CtsKeystoreTestCases

Test: Manually tested each combination of biometric setup: none,
      fingerprint, face, and fingerprint+face.  Locked the device, then
      verified via logcat that Keystore protected the
      UnlockedDeviceRequired keys in the expected way, then verified
      that UnlockedDeviceRequired keys cannot be used (even in the case
      where the super keys were not protected).  Unlocked device using
      weakest method available, then verified that
      UnlockedDeviceRequired keys can be used.  To check whether
      UnlockedDeviceRequired keys can be used or not, used the CTS
      method mentioned in the Test of https://r.android.com/2878769.

      Also, enabled Extend Unlock with a bluetooth device, and verified
      that it's not counted as an unlock method.

      Also, verified that if Lockdown mode is triggered, the
      UnlockedDeviceRequired keys are fully protected.

Bug: 296464083
Change-Id: I34dc49f1338e94755e96c1cf84de0638dc70d311

* changes:
  Pass in a new instance supplier for creating RingBuffer.
  Update RingBuffer to take Supplier<T> for creating new instances.

Bug: 289097671
Test: atest android.media.misc.cts.ResourceManagerTest
      atest android.media.misc.cts.ResourceManagerMultiTest
Merged-In: I750ef5a7585b7bba94f0dfb7bb8e70ec12bf70f5
Change-Id: I750ef5a7585b7bba94f0dfb7bb8e70ec12bf70f5

Merge "Merge "Making adapter child views in RemoteCollectionItemsAdapter size-aware" into android14-tests-dev am: 83b74c07" into main

Merge "Making adapter child views in RemoteCollectionItemsAdapter size-aware" into android14-tests-dev am: 83b74c07

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2912083



Change-Id: I93142f62b45124a1d25ea839b90927796c67c797
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

Merge "Making adapter child views in RemoteCollectionItemsAdapter size-aware" into android14-tests-dev

This helps fix issues with improper layouts of
adapter child views in case
RemoteCollecionItemsAdapter is used.

Test: Manual
Bug: 245950570
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dc464d6e522eebec5221a934ec3ff5f52a4fb90e)
Merged-In: I0eedf4574975bfae88801e0153816135fc1c8181
Change-Id: I0eedf4574975bfae88801e0153816135fc1c8181

This adds profcollect trigger for dex2oat invocations. This helps
improving profile coverage for dex2oat.

Bug: 319377405
Test: manual
Change-Id: I6fa6f2b0538a87d4fbab7f220052e5be621159bb

To make the embedded window of SplashScreenView non-focusable, needs
to add the window flag separately from SurfaceControlViewHost#setView

Bug: 319369153
Test: verify the embedded window of splash screen won't grant focus
Change-Id: Ic9b48dcc4de25e681405b3dd78468597a8a7c627

Change-Id: Ib79857aa0c6bdf76d0ab65cd66e044aac4e4084e

UserDataPreparerTest#testPrepareUserData_forNewUser_destroysOnFailure
and
UserDataPreparerTest#testPrepareUserData_forExistingUser_doesNotDestroyOnFailure
fail on eng builds because they exercise a code path in UserDataPreparer
that uses Log.wtf, and on eng builds Log.wtf causes the process to
abort.  Fix this by changing the message to ERROR level instead.

Bug: 316035110
Test: atest UserDataPreparerTest
Change-Id: I4dce4db37bf650b7f97e46638c03a429a135a3b6

* changes:
  Add recovery permission to Settings app
  Add 16k option key in settings

Dump audio effect hal to get thread traces incase
of watchdog.

Bug: 319759668
Test: compile and induce a watchdog and check generated dumps

Change-Id: Ie38876aedea597e6ff3fac3d861f3ab43c7c37a6

During development the Wi-Fi service might not work, let's handle this
case so the Setting app doesn't crash when opening the about phone
page

Logic borrowed from the Bluetooth controller

Change-Id: Id8f6ba5d7cbac5780363612b50848ecfea10bc04

This CL integrates the IpSecPacketLossDetector into VCN
route selection. With this change, when a data stall is
reported, the network candidate will be penalized and
then deprioritized during network selection. A network
candidate will stop being penalized until it hitting a timeout
or passing the validation.

Bug: 282996138
Test: atest FrameworksVcnTests(new tests), CtsVcnTestCases
Change-Id: Ifabd6fdea1d5a4fea40cf929dbab7c26d37274ac

Bug: 307556883
Test: n/a
Change-Id: I5001247c342f23b07e1355db7e50ad90cce66b07

syntax from go/android-codereviews#include-an-owners-file-from-a-sub-directory-within-the-same-git-project

Change-Id: Ia02a5efdda1c2dea65753a63cbd2e78e56bac6eb

When building SDKs that include some, but not all @FlaggedApis, a few
Javadoc @see/@link references will point to objects that are
inaccessible, which will trigger Lint 101 errors.

The correct fix is to update the Javadoc. However, to unblock the SDK
build for now, temporarily hide Lint 101 errors.

Bug: 319541666
Test: m sdk dist
Change-Id: Icbd1d99d5fcd6cee37bf588ef45443e7e946f742

After checking, the modules under these directories can not be built
because the upper-level directories lack Android.mk.
Even if these Android.mk are included, they cannot be tested correctly
with atest.

Bug: 319568429
Test: N/A
Change-Id: I797d2327e340fcd38cde03dd0f520ec756be5fc3

After checking, the modules under these directories can not be built
because the upper-level directories lack Android.mk.
In addition, the format of the Android.mk in these directories is also
incorrect, and if it is included, it will cause the build to break.

Bug: 319565408
Test: N/A
Change-Id: I1a7b2fc2ad78bcbcd6cd3f65c0a5043656711dae

The two major roles of the full api surface stubs (i.e.
android_*_stubs_current) are:
- Appended to classpath when a module sets sdk_version
- Input to generating hiddenapi flags and determine the accessibility of
  the api at runtime

With Trunk Stable, all flagged apis that are not enabled should not be
accessible at runtime. In other words, the currently existing full api
surface stubs that include both non flagged and flagged apis should not
be used to generate the hiddenapi flags.

To resolve this problem, this change introduces full api surface stubs
of the "exportable" stubs (i.e. non flagged apis + flagged apis enabled
by release configuration).

The new modules are named similarly to the currently existing full api
surface stubs, but appends the "_exportable" prefix to differentiate
with the currently existing modules. These modules are solely used for
hiddenapi flags generation, and the currently existing modules continue
to serve the first aforementioned role.

The new modules will toggle between the from-text stubs module and the
from-source stubs module when the exportable stubs can be generated from
the from-text stubs generating `java_api_library` module. For now, these
modules are always built from source.

Test: m android_stubs_current_exportable
Bug: 317426356
Change-Id: I1f6f738ae9c5ebf151a1554aa1e357ef0092c89c

This CL creates an abstract class NetworkMetricMonitor and a
subclass IpSecPacketLossDetector. IpSecPacketLossDetector
is responsible for continuously monitoring IPsec packet loss
and reporting to the caller when the data loss rate surpass
a threshold. This detector allows the VCN to switch from
the underlying network that has bad quality.

This CL also defines new carrier configs that specify the
data loss threshold and detecting frequency

Bug: 282996138
Test: atest FrameworksVcnTests(new tests), CtsVcnTestCases
Change-Id: I5f4b8e1821bdbb37f0a6de6e1584f8e3c87273f3