Loading core/api/current.txt +1 −1 Original line number Diff line number Diff line Loading @@ -32392,7 +32392,7 @@ package android.os { method public void addData(@NonNull String, @Nullable byte[], int); method public void addFile(@NonNull String, @NonNull java.io.File, int) throws java.io.IOException; method public void addText(@NonNull String, @NonNull String); method @Nullable @RequiresPermission(allOf={android.Manifest.permission.READ_LOGS, android.Manifest.permission.PACKAGE_USAGE_STATS}) public android.os.DropBoxManager.Entry getNextEntry(String, long); method @Nullable @RequiresPermission(allOf={"android.permission.READ_DROPBOX_DATA", android.Manifest.permission.PACKAGE_USAGE_STATS}) public android.os.DropBoxManager.Entry getNextEntry(String, long); method public boolean isTagEnabled(String); field public static final String ACTION_DROPBOX_ENTRY_ADDED = "android.intent.action.DROPBOX_ENTRY_ADDED"; field public static final String EXTRA_DROPPED_COUNT = "android.os.extra.DROPPED_COUNT"; core/java/android/os/DropBoxManager.java +11 −5 Original line number Diff line number Diff line Loading @@ -17,7 +17,7 @@ package android.os; import static android.Manifest.permission.PACKAGE_USAGE_STATS; import static android.Manifest.permission.READ_LOGS; import static android.Manifest.permission.READ_DROPBOX_DATA; import android.annotation.BytesLong; import android.annotation.CurrentTimeMillisLong; Loading Loading @@ -81,9 +81,11 @@ public class DropBoxManager { /** * Broadcast Action: This is broadcast when a new entry is added in the dropbox. * You must hold the {@link android.Manifest.permission#READ_LOGS} permission * in order to receive this broadcast. This broadcast can be rate limited for low priority * entries * For Android V+ (including V), you must hold the * {@link android.Manifest.permission#READ_DROPBOX_DATA} permission in order * to receive this broadcast. For Android version earlier than * Android V, you must hold {@link android.Manifest.permission#READ_LOGS}. * This broadcast can be rate limited for low priority entries * * <p class="note">This is a protected intent that can only be sent * by the system. Loading Loading @@ -382,12 +384,16 @@ public class DropBoxManager { /** * Gets the next entry from the drop box <em>after</em> the specified time. * You must always call {@link Entry#close()} on the return value! * {@link android.Manifest.permission#READ_DROPBOX_DATA} permission is * required for Android V or later. * {@link android.Manifest.permission#READ_LOGS} permission is * required for Android earlier than V. * * @param tag of entry to look for, null for all tags * @param msec time of the last entry seen * @return the next entry, or null if there are no more entries */ @RequiresPermission(allOf = { READ_LOGS, PACKAGE_USAGE_STATS }) @RequiresPermission(allOf = { READ_DROPBOX_DATA, PACKAGE_USAGE_STATS }) public @Nullable Entry getNextEntry(String tag, long msec) { try { return mService.getNextEntryWithAttribution(tag, msec, mContext.getOpPackageName(), Loading core/res/AndroidManifest.xml +6 −0 Original line number Diff line number Diff line Loading @@ -4565,6 +4565,12 @@ <permission android:name="android.permission.SET_DEBUG_APP" android:protectionLevel="signature|privileged|development" /> <!-- Allows an application to access the data in Dropbox. <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.READ_DROPBOX_DATA" android:protectionLevel="signature|privileged|development" /> <!-- Allows an application to set the maximum number of (not needed) application processes that can be running. <p>Not for use by third-party applications. --> Loading services/core/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -182,6 +182,7 @@ java_library_static { "android.hidl.manager-V1.2-java", "cbor-java", "display_flags_lib", "dropbox_flags_lib", "icu4j_calendar_astronomer", "android.security.aaid_aidl-java", "netd-client", Loading services/core/java/com/android/server/DropBoxManagerService.java +37 −5 Original line number Diff line number Diff line Loading @@ -16,10 +16,14 @@ package com.android.server; import android.Manifest; import android.annotation.Nullable; import android.app.ActivityManager; import android.app.AppOpsManager; import android.app.BroadcastOptions; import android.app.compat.CompatChanges; import android.compat.annotation.ChangeId; import android.compat.annotation.EnabledAfter; import android.content.BroadcastReceiver; import android.content.ContentResolver; import android.content.Context; Loading @@ -30,6 +34,7 @@ import android.content.res.Resources; import android.database.ContentObserver; import android.net.Uri; import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.BundleMerger; import android.os.Debug; Loading Loading @@ -66,6 +71,7 @@ import com.android.internal.util.DumpUtils; import com.android.internal.util.FrameworkStatsLog; import com.android.internal.util.ObjectUtils; import com.android.server.DropBoxManagerInternal.EntrySource; import com.android.server.feature.flags.Flags; import libcore.io.IoUtils; Loading @@ -89,6 +95,13 @@ import java.util.zip.GZIPOutputStream; * Clients use {@link DropBoxManager} to access this service. */ public final class DropBoxManagerService extends SystemService { /** * For Android U and earlier versions, apps can continue to use the READ_LOGS permission, * but for all subsequent versions, the READ_DROPBOX_DATA permission must be used. */ @ChangeId @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.UPSIDE_DOWN_CAKE) private static final long ENFORCE_READ_DROPBOX_DATA = 296060945L; private static final String TAG = "DropBoxManagerService"; private static final int DEFAULT_AGE_SECONDS = 3 * 86400; private static final int DEFAULT_MAX_FILES = 1000; Loading @@ -109,7 +122,6 @@ public final class DropBoxManagerService extends SystemService { // Tags that we should drop by default. private static final List<String> DISABLED_BY_DEFAULT_TAGS = List.of("data_app_wtf", "system_app_wtf", "system_server_wtf"); // TODO: This implementation currently uses one file per entry, which is // inefficient for smallish entries -- consider using a single queue file // per tag (or even globally) instead. Loading Loading @@ -291,9 +303,22 @@ public final class DropBoxManagerService extends SystemService { if (!DropBoxManagerService.this.mBooted) { intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); } if (Flags.enableReadDropboxPermission()) { BroadcastOptions unbundledOptions = (options == null) ? BroadcastOptions.makeBasic() : BroadcastOptions.fromBundle(options); unbundledOptions.setRequireCompatChange(ENFORCE_READ_DROPBOX_DATA, true); getContext().sendBroadcastAsUser(intent, UserHandle.ALL, Manifest.permission.READ_DROPBOX_DATA, unbundledOptions.toBundle()); unbundledOptions.setRequireCompatChange(ENFORCE_READ_DROPBOX_DATA, false); getContext().sendBroadcastAsUser(intent, UserHandle.ALL, Manifest.permission.READ_LOGS, unbundledOptions.toBundle()); } else { getContext().sendBroadcastAsUser(intent, UserHandle.ALL, android.Manifest.permission.READ_LOGS, options); } } private Intent createIntent(String tag, long time) { final Intent dropboxIntent = new Intent(DropBoxManager.ACTION_DROPBOX_ENTRY_ADDED); Loading Loading @@ -572,9 +597,16 @@ public final class DropBoxManagerService extends SystemService { return true; } String permission = Manifest.permission.READ_LOGS; if (Flags.enableReadDropboxPermission() && CompatChanges.isChangeEnabled(ENFORCE_READ_DROPBOX_DATA, callingUid)) { permission = Manifest.permission.READ_DROPBOX_DATA; } // Callers always need this permission getContext().enforceCallingOrSelfPermission( android.Manifest.permission.READ_LOGS, TAG); getContext().enforceCallingOrSelfPermission(permission, TAG); // Callers also need the ability to read usage statistics switch (getContext().getSystemService(AppOpsManager.class).noteOp( Loading Loading
core/api/current.txt +1 −1 Original line number Diff line number Diff line Loading @@ -32392,7 +32392,7 @@ package android.os { method public void addData(@NonNull String, @Nullable byte[], int); method public void addFile(@NonNull String, @NonNull java.io.File, int) throws java.io.IOException; method public void addText(@NonNull String, @NonNull String); method @Nullable @RequiresPermission(allOf={android.Manifest.permission.READ_LOGS, android.Manifest.permission.PACKAGE_USAGE_STATS}) public android.os.DropBoxManager.Entry getNextEntry(String, long); method @Nullable @RequiresPermission(allOf={"android.permission.READ_DROPBOX_DATA", android.Manifest.permission.PACKAGE_USAGE_STATS}) public android.os.DropBoxManager.Entry getNextEntry(String, long); method public boolean isTagEnabled(String); field public static final String ACTION_DROPBOX_ENTRY_ADDED = "android.intent.action.DROPBOX_ENTRY_ADDED"; field public static final String EXTRA_DROPPED_COUNT = "android.os.extra.DROPPED_COUNT";
core/java/android/os/DropBoxManager.java +11 −5 Original line number Diff line number Diff line Loading @@ -17,7 +17,7 @@ package android.os; import static android.Manifest.permission.PACKAGE_USAGE_STATS; import static android.Manifest.permission.READ_LOGS; import static android.Manifest.permission.READ_DROPBOX_DATA; import android.annotation.BytesLong; import android.annotation.CurrentTimeMillisLong; Loading Loading @@ -81,9 +81,11 @@ public class DropBoxManager { /** * Broadcast Action: This is broadcast when a new entry is added in the dropbox. * You must hold the {@link android.Manifest.permission#READ_LOGS} permission * in order to receive this broadcast. This broadcast can be rate limited for low priority * entries * For Android V+ (including V), you must hold the * {@link android.Manifest.permission#READ_DROPBOX_DATA} permission in order * to receive this broadcast. For Android version earlier than * Android V, you must hold {@link android.Manifest.permission#READ_LOGS}. * This broadcast can be rate limited for low priority entries * * <p class="note">This is a protected intent that can only be sent * by the system. Loading Loading @@ -382,12 +384,16 @@ public class DropBoxManager { /** * Gets the next entry from the drop box <em>after</em> the specified time. * You must always call {@link Entry#close()} on the return value! * {@link android.Manifest.permission#READ_DROPBOX_DATA} permission is * required for Android V or later. * {@link android.Manifest.permission#READ_LOGS} permission is * required for Android earlier than V. * * @param tag of entry to look for, null for all tags * @param msec time of the last entry seen * @return the next entry, or null if there are no more entries */ @RequiresPermission(allOf = { READ_LOGS, PACKAGE_USAGE_STATS }) @RequiresPermission(allOf = { READ_DROPBOX_DATA, PACKAGE_USAGE_STATS }) public @Nullable Entry getNextEntry(String tag, long msec) { try { return mService.getNextEntryWithAttribution(tag, msec, mContext.getOpPackageName(), Loading
core/res/AndroidManifest.xml +6 −0 Original line number Diff line number Diff line Loading @@ -4565,6 +4565,12 @@ <permission android:name="android.permission.SET_DEBUG_APP" android:protectionLevel="signature|privileged|development" /> <!-- Allows an application to access the data in Dropbox. <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.READ_DROPBOX_DATA" android:protectionLevel="signature|privileged|development" /> <!-- Allows an application to set the maximum number of (not needed) application processes that can be running. <p>Not for use by third-party applications. --> Loading
services/core/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -182,6 +182,7 @@ java_library_static { "android.hidl.manager-V1.2-java", "cbor-java", "display_flags_lib", "dropbox_flags_lib", "icu4j_calendar_astronomer", "android.security.aaid_aidl-java", "netd-client", Loading
services/core/java/com/android/server/DropBoxManagerService.java +37 −5 Original line number Diff line number Diff line Loading @@ -16,10 +16,14 @@ package com.android.server; import android.Manifest; import android.annotation.Nullable; import android.app.ActivityManager; import android.app.AppOpsManager; import android.app.BroadcastOptions; import android.app.compat.CompatChanges; import android.compat.annotation.ChangeId; import android.compat.annotation.EnabledAfter; import android.content.BroadcastReceiver; import android.content.ContentResolver; import android.content.Context; Loading @@ -30,6 +34,7 @@ import android.content.res.Resources; import android.database.ContentObserver; import android.net.Uri; import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.BundleMerger; import android.os.Debug; Loading Loading @@ -66,6 +71,7 @@ import com.android.internal.util.DumpUtils; import com.android.internal.util.FrameworkStatsLog; import com.android.internal.util.ObjectUtils; import com.android.server.DropBoxManagerInternal.EntrySource; import com.android.server.feature.flags.Flags; import libcore.io.IoUtils; Loading @@ -89,6 +95,13 @@ import java.util.zip.GZIPOutputStream; * Clients use {@link DropBoxManager} to access this service. */ public final class DropBoxManagerService extends SystemService { /** * For Android U and earlier versions, apps can continue to use the READ_LOGS permission, * but for all subsequent versions, the READ_DROPBOX_DATA permission must be used. */ @ChangeId @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.UPSIDE_DOWN_CAKE) private static final long ENFORCE_READ_DROPBOX_DATA = 296060945L; private static final String TAG = "DropBoxManagerService"; private static final int DEFAULT_AGE_SECONDS = 3 * 86400; private static final int DEFAULT_MAX_FILES = 1000; Loading @@ -109,7 +122,6 @@ public final class DropBoxManagerService extends SystemService { // Tags that we should drop by default. private static final List<String> DISABLED_BY_DEFAULT_TAGS = List.of("data_app_wtf", "system_app_wtf", "system_server_wtf"); // TODO: This implementation currently uses one file per entry, which is // inefficient for smallish entries -- consider using a single queue file // per tag (or even globally) instead. Loading Loading @@ -291,9 +303,22 @@ public final class DropBoxManagerService extends SystemService { if (!DropBoxManagerService.this.mBooted) { intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); } if (Flags.enableReadDropboxPermission()) { BroadcastOptions unbundledOptions = (options == null) ? BroadcastOptions.makeBasic() : BroadcastOptions.fromBundle(options); unbundledOptions.setRequireCompatChange(ENFORCE_READ_DROPBOX_DATA, true); getContext().sendBroadcastAsUser(intent, UserHandle.ALL, Manifest.permission.READ_DROPBOX_DATA, unbundledOptions.toBundle()); unbundledOptions.setRequireCompatChange(ENFORCE_READ_DROPBOX_DATA, false); getContext().sendBroadcastAsUser(intent, UserHandle.ALL, Manifest.permission.READ_LOGS, unbundledOptions.toBundle()); } else { getContext().sendBroadcastAsUser(intent, UserHandle.ALL, android.Manifest.permission.READ_LOGS, options); } } private Intent createIntent(String tag, long time) { final Intent dropboxIntent = new Intent(DropBoxManager.ACTION_DROPBOX_ENTRY_ADDED); Loading Loading @@ -572,9 +597,16 @@ public final class DropBoxManagerService extends SystemService { return true; } String permission = Manifest.permission.READ_LOGS; if (Flags.enableReadDropboxPermission() && CompatChanges.isChangeEnabled(ENFORCE_READ_DROPBOX_DATA, callingUid)) { permission = Manifest.permission.READ_DROPBOX_DATA; } // Callers always need this permission getContext().enforceCallingOrSelfPermission( android.Manifest.permission.READ_LOGS, TAG); getContext().enforceCallingOrSelfPermission(permission, TAG); // Callers also need the ability to read usage statistics switch (getContext().getSystemService(AppOpsManager.class).noteOp( Loading
