change hint of static wifi dns pie

See merge request !92

[PIE] Fix bad icons of permission groups

See merge request !91

BUG: 156260178
Test: builds
Change-Id: I32f3b7ece78ec8cc97c52a0484151a6a777aa9da
Merged-In: I32f3b7ece78ec8cc97c52a0484151a6a777aa9da
(cherry picked from commit 9af8c636)

Change-Id: Ic183158c0d9e835317dbd0ab8d4b0395a96c403c

Merge tag 'android-security-9.0.0_r65' of https://android.googlesource.com/platform/frameworks/base into staging/lineage-16.0_merge_android-security-9.0.0_r65

Android security 9.0.0 release 65

* tag 'android-security-9.0.0_r65' of https://android.googlesource.com/platform/frameworks/base:
  RESTRICT AUTOMERGE Ensure caller identity is restored in CP quick-path.
  Remove updateIntentVerificationStatusAsUser from ResolverActivity
  Revoke the uri permission when the file is deleted
  [RESTRICT AUTOMERGE] Add import of MAX_APP_TRANSITION_DURATION
  [RESTRICT AUTOMERGE] Restrict app transition maximum duration

Change-Id: Ieecd268f45205f6c1e91e8eca03b53a84044676d

NvCPL works in conjunction with the PowerHAL in order to adjust various
performance knobs based on the app or device specific profiles.

Change-Id: I4953cbb96d729dbe0cee6d7071b5933586770330

This implements and API for apps to interface with NvCPL and by
extension the PowerHAL.

Reverse engineered from the Shield Experience 8.2.0 update then cleaned
up to match Android standards.

Change-Id: I774ac62c8867151f21712cfeee25f96a591415ad

Android security 9.0.0 release 64

* tag 'android-security-9.0.0_r64':
  Ignore GrantCredentials call with unexpected calling uid.
  Protect GrantCredentialsPermissionActivity against overlay.
  [DO NOT MERGE] Make GlobalScreenshot PendingIntents immutable
  Check that Account Parcel has name and type.
  Revoke permission on non-runtime -> runtime upgrade
  Ensure permissions are revoked on state changes
  RESTRICT AUTOMERGE Fix CDM package check
  remove sensitive pii from safetynet logging
  DO NOT MERGE Check fingerprint client against top activity in auth callback
  Fix the issue provider can be wrong when requesting slice permission

Change-Id: I5686e8a3ed26d5abdec952748e1eb1a33ba8d0c8

* Since we are shipping userdebug builds by default
  it'd be nice to keep signature and version downgrade
  checks intact.
* Fixes : https://gitlab.com/LineageOS/issues/android/-/issues/2192

Change-Id: Ib46ccb50ac091469caf99a73a5a08942cbc457f6

Change-Id: I38bbfaf026634b297ed41c4aef850fe2593aac8e

WifiConfiguration contains sensitive location
information, so this extra is no longer included
in the CONFIGURED_NETWORKS_CHANGED_ACTION
broadcast. Update docs to reflect this change.

Bug: 158874479
Test: compiles
Change-Id: I72ba9f75a89519ef136cc2766a8551b606b218c7

Ensure caller identity is restored in CP quick-path.

Bug: 172935267
Test: PoC in bug
Change-Id: I469bde7d0a0f89c94f1234cf40983395048962e2
(cherry picked from commit c99b04eb)

DO NOT CHERRY PICK ANYWHERE: Security issue

This API is meant to grant an app complete verification over the
domains it has declared, meaning it will always resolve the domains it
declares for web links.

This can allow an app to take over links that are unowned. Any time a
user selects "Always" when resolving an Intent in the diambiguation
dialog, this API would be called, and all subsequent resolutions of any
domain declared by the app selected would be automatically directed to
that app, with no prompt to the user.

From a quick search, it's possible that all usages of this API are
actually unintended and should be removed. Should be considered for
deprecation in the future.

Bug: 163358811

Test: none, this is not generally testable, see linked bug for context

Merged-In: Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6
Change-Id: Iff7f788a83af68c7fbb1c6b9a8be7b47136be2b6
(cherry picked from commit 2b1ed5b7)

When the file is deleted, renamed or moved, revoke all uri
permissions with the file

Bug: 157474195
Test: manual test with DocumentsUI
Test: atest DocumentsTest#testAfterMoveDocumentInStorage_revokeUriPermission
Change-Id: I4ffb183630aadb2d87b0965e8cecf88af15f4534
Merged-In: I4ffb183630aadb2d87b0965e8cecf88af15f4534
(cherry picked from commit 9efd606f)
(cherry picked from commit c5c373c2)

The commit at ag/10876662 did not contain a required import. This change
fixes the build.

Bug: 145728687
Test: `mma` in frameworks/base/services/core/java/com/android/server/wm/

Change-Id: Ic37e2dc8498b0f6f5308653f4f9935038a486001
(cherry picked from commit 4236b3e8)

As WindowState#startAnimation for restricting window animation duration
(currently is 10 secs),

For security reason, we also need to restrict app transition animation
duration as 3 secs to prevent malicious app may set a long duration or
infinity repeat counts through ActivityOption#makeCustomAnimation or
Activity#overridePendingTransition with custom animation set.

Bug: 145728687
Test: manual as issue provided test app
Change-Id: I39051d6e4d2b681ce2becbafe14aab3f3d8ebf6b
(cherry picked from commit ee11625b)

Android Security 9.0.0 Release 63 (6893678)

* tag 'android-security-9.0.0_r63':
  Fix storing the wrong value of mLockdown in setting
  Make WallpaperMS bind wallpaper component PendingIntent immutable.

Change-Id: I8ac10ede71fd4707458ddad4cf7dd44efb062b13

Change-Id: I9bc6478375e69e6cc3ffec676c8690b3ea6c8d2b

Activity can be used only in two cases.
1) Calling uid matches uid grantee.
2) Calling uid is is system. This flow is used by getToken methods with
notifyAuthFailure=true.

Test: Existing CTS tests
Bug: 158480899
Merged-In: I1421c333b6cebb4f7cddcdd8766298f6872e933b
Change-Id: I18af48cf3cb4ad23a3e5b02a8ea1416aa5570dba
(cherry picked from commit ece586e3)

Bug: 169763814
Test: manual
Merged-In: I15dd22791fcc61ef02b06ad51d9e4409d11c0181
Change-Id: I0d8f901d100a5e2a022c96fa6c2be75a11c58059
(cherry picked from commit deddb784)

Mutable pending intents are a security risk. This change adds the
IMMUTABLE flag to all PendingIntents created in GlobalScreenshot.

Bug: 162738636
Test: manual
Change-Id: I1044b6aaf2b1650ff91d9a72181684d2aaea9a62
(cherry picked from commit ed450d77)

Bug: 129287265
Test: manual
Change-Id: I8431eb27cc4c6dfd3048b28ff635474f14433308
(cherry picked from commit 32e85796)
(cherry picked from commit 0992000a)

Not only on normal -> runtime.

Test: atest android.appsecurity.cts.PermissionsHostTest#testNoPermissionEscalationAfterReboot
Bug: 154505240, 168319670
Change-Id: If3b420067b4d7111dcf67ae6f98e42176158b679
Merged-In: If3b420067b4d7111dcf67ae6f98e42176158b679
(cherry picked from commit 60c41ae4)

If a permission owner changes, or a permission level is upgraded, revoke
the permission from all packages

Test: Manual
Bug: 154505240
Merged-In: I0dec9eb7c2fecd3147e33e04d3f79f6dffcf7721
Change-Id: I0dec9eb7c2fecd3147e33e04d3f79f6dffcf7721
(cherry picked from commit a28931a0)
(cherry picked from commit a162e959)

Fix CDM package check

CDM was using a pckage check that returns a value intead of throwing,
resulting in failing to throw on querying other package's associations

Test: ensure attached bug no longer reproduces
Bug: 167244818
Change-Id: I21319b6f5495dcae681541c76b847aad0c00b8ab
(cherry picked from commit feb4dd91)

Bug: 159145361
Test: manual
Change-Id: I8f1be55971672c7e8f5aa8848f65b1b9d9f40fb5
Merged-In: I8f1be55971672c7e8f5aa8848f65b1b9d9f40fb5
(cherry picked from commit 3b6905bf)
(cherry picked from commit 6d9794aa)

Due to a race condition with activity task stack broadcasts, it's
currently possible for fingerprint authentication to succeed for a
non-top activity. This means, for example, that a malicious overlay
could be drawn in order to mislead the user about what they are
authenticating for.

This commit addresses the issue by adding a check to the fingerprint
authentication client interface that ensures the authenticating
activity is on top at the time of authentication. Otherwise, the
pending authentication will fail, as if an incorrect biometric
been presented.

Test: Follow steps from b/159249069:
1. Install com.pro100svitlo.fingerprintauthdemo from the Play store.
2. Install the PoC attack app from b/159249069.
3. Start the PoC attack app and press the "Launch PoC attack" button.
4. Use fingerprint to authenticate while the overlay is showing.

Before: Authentication succeeds, and a new activity is launched.
After: Authentication fails, and no new activity is launched.

Bug: 159249069
Change-Id: If5cdf8ffaf3aa7d8a1ac81272e3bfb2cc7cdddf1
Merged-In: Iee6af379515385777984da55048c1efd9339ed88
Merged-In: I9b242a9fee0acbfb430875061e2d809c00fe4b97
Merged-In: I1241a12eafa0bdbac59a8ddd4cf6a0637d467b19
Merged-In: Ie5a0f8c3e9b92d348a78678a6ed192d440c45ffc
Merged-In: I289d67e5c7055ed60f7a96725c523d07cd047b23
(cherry picked from commit d4774f91)

SlicePermissionActivity reads provider_pkg from intent, which can be
modified at will. As a result user might see incorrect package name in
the dialog granting slice permission.

Bug: 159145361
Test: manual
Merged-In: I8b66c02786df4096dad74b7e76255d5ddd1d609d
Change-Id: I8b66c02786df4096dad74b7e76255d5ddd1d609d
(cherry picked from commit 0ad32a2d)
(cherry picked from commit 4cab9c38)