* changes:
Remove obsolete FOTA_UPDATE permission (which should never have been made public, and wouldn't be used by any third party applications, and no longer does anything regardless).
made public, and wouldn't be used by any third party applications,
and no longer does anything regardless).
Also remove the WRITE_GSERVICES permission from the SettingsProvider
package's manifest (the declaration there was redundant with the one
in the core manifest, where all the other settings-related permissions
live -- no other core package includes its own permission definitions).
This also includes some changes to the window manager permission checks. Almost all of these
are to make it most testable (through an exception on a permission failure), though there is
one permission check that needed to be added: updateOrientationFromAppTokens().
It now reconstructs the backup data stream as it was originally structured, no
longer assuming that its backed-up records can simply be concatenated into the
destination stream.
Fixes http://b/issue?id=1905863
This is needed to address two security issues with global search:
http://b/issue?id=1871088 (Apps can read content providers through GlobalSearch)
http://b/issue?id=1819627 (Apps can use GlobalSearch to launch arbirtrary intents)
This also fixes http://b/issue?id=1693153 (SearchManager.OnDismissListener
never gets called)
To fix the security issues, GlobalSearch also needs to require
a non-app permission to access its content provider and launch intents.
+ Move mServerName from SingleServerProfile and VpnProfile.
+ Add mSavedUsername to VpnProfile.
+ Keep empty SingleServerProfile to not break the classes that use it.
+ Remove use of SingleServerProfile from VpnService.java.
Merge commit '110b50ca5158f75abdead740f0956600da2f212d' into donut
* commit '110b50ca5158f75abdead740f0956600da2f212d':
AI 149839: make the home page's announcement block expandable...
As of this change, LocalTransport is successfully propagating data changes from
the backup data format into a repository stored in /cache/backup/[packagename].
Each backup key gets a separate file there for ease of manipulation and testing.
The general semantics of BackupDataReader have been tweaked, too; it now just
returns simple "we're done with the data" when it hits the end, even if no
footer has been found, because on the writing side the footer isn't being
written. Also, reading an entity now merely requires a "big enough" buffer, not
an exactly-sized one.
This is all a work in progress, but this is at least working now for purposes of
this local transport.
Still to do: proper change vs deletion detection, as well as expanding the data
format itself to include necessary metadata etc.
There was old code that would kill the system process in some cases when there
was a bad activity token. This is really no longer used, except in a few
places where it allows apps to kill the system. So just get rid of it and
make the world a better place.
primarily, this is to handle various lengths of text due to translations,
but also allows us to be more flexible WRT the content for the top section.
Automated import of CL 149839
When an application requests a backup via dataChanged(), we now journal that
fact on disk. The journal persists and is only removed following a successful
backup pass. When the backup manager is started at boot time, it looks for any
existing journal files and schedules a backup for the apps listed in them, on
the expectation that the device shut down or crashed before a backup could be
performed.
