add automatic installation of play apps into work profile #147
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Requires the corresponding changes to system/core and system/sepolicy.
…SELECTED Treat it same way other storage perms are treated for now.
This is a workaround for a bug that auto-dismisses crash dialog for native crash almost immediately after it is shown. Crash dialogs are shown only for foreground apps by default, there's no need to auto dismiss them.
Crash report dialog is not affected, it uses startActivityAsUser() already.
ANR stack traces file contains stack traces of all app's threads and of all threads of relevant or possibly relevant system processes, such as system_server.
Access to these files is controlled by their SELinux policy. They are labeled as anr_data_file. Enforcing additional read restrictions for ANR stack traces files through Unix permissions prevented LogViewer app from accessing them, since it doesn't run as the highly privileged UID 1000 (android.uid.system) which owns these files.
Adds a "Show details" item to crash and ANR (app not responding) dialogs which opens the LogViewer app.
…ystem_server side Don't require reboot or settings re-set for always on and lockdown to take effect on first vpn connection. The requirement for reboot, re-set at settings has been caused by a permission not granted or declared by VpnDialogs, which caused the unexpected behavior. Prevent this by checking the permission of local process instead.
In the general case, ContentProvider authorities can't be renamed because they aren't required to be based on the package name. Chromium always forms ContentProvider authorities by prefixing them with its package name, and relies on this invariant in code. When its package is renamed by original-package handling code, statements like String authority = context.getPackageName() + CONSTANT become invalid. Add a special-case for Vanadium to fix this.
This resolves the NPE crash when updating an application under the new package name that initially had the original package as package name.
This is needed for properly verifying updates of system packages.
versionCode of many system packages, including privileged ones, is set to the current SDK version and is thus not incremented during non-major OS upgrades. This allowed to downgrade them to the older version that had the same versionCode.
Change-Id: I5ccc4d61e52ac11ef33f44618d0e610089885b87 Squashed with: Author: Daniel Micay <[email protected]> Date: Wed Mar 15 06:32:20 2023 -0400 simplify removal of SUPL IMSI / phone number This is not required for SUPL to work and the comment about Google is unnecessary.
Adds a global data structure that is accessible by privileged installers and allows them to avoid installing the same package at the same time.
Applies to device PIN, SIM PIN and SIM PUK input screens.
This setting disables animations in keyguard PIN input UI.
This allows apps that have minor dependency on GmsCore (such as Pixel Camera) to work without having GmsCore installed.
This reverts commit 4d1d4e1.
This reverts commit e697d10.
This reverts commit 4505ba8.
This reverts commit bdb2449.
…ate init" This reverts commit d56df13.
…ng access Add support for forcing settings to have an explicit immutable value.
When setting up a google-managed work profile, GmsCore tries to install the Android Device Policy app For this to work REQUEST_INSTALL_PACKAGES permission needs to be in it's manifest
…nto work profile Currently when creating a work profile with a DPC app that requires play services, the DPC app expects play services to also exist on the work profile Since play services aren't global on GOS, this patch automatically installs them into the work profile Whether an app requires play services is automatically detected Because this needs to happen before the DPC app is triggered in any way in the work profile, this needs to be part of the profile creation itself.
When a work profile with play services gets created Play Store can't install any apps as the work profile may have a policy active to forbid unknown sources as it is not aware that play store is not a system app and gets blocked by that policy. Here we detect if the play store is genuine and is trying to install an app in a work profile. If that is the case we allow it to proceed, despite not being a
mkg20001
force-pushed
the
gapps-work-profile-new
branch
from
6090d44 to
b7c9a88
Compare
thestinger
force-pushed
the
15-qpr2
branch
5 times, most recently
from
5f3142f to
8edf282
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently when creating a work profile with a DPC app that requires play services, the DPC app expects play services to also exist on the work profile
Since play services aren't global on GOS, this patch automatically installs them into the work profile
Whether an app requires play services is automatically detected
Because this needs to happen before the DPC app is triggered in any way in the work profile, this needs to be part of the profile creation itself.