Settings were restore in alphabetical order and capturing dependency
among them required keys to be chosen in such a way that after sorting
they apprear in dependency order. Now settings are exported and restored
in the order they are declared in the arrays of settings to backup.
Hence, the order in this array will capture the dependency order.
bug:5343351
Change-Id: I93a40bcdd194943cd6f85aa18f1557d546e38274
A core app is one that has coreApp="true" in its manifest tag.
The system can successfully boot (though a little painfully) with
only framework-res.apk, SettingsProvider.apk, SystemUI.apk,
DefaultContainerService.apk, and Launcher2.apk set as core apps.
Currently this boot mode is always turned off.
Change-Id: Ieaa4a8031c2c391a12996aa8d8b1d65fc2b09d6b
This reverts an earlier change that reset the system sound defaults even
for upgrades.
Bug: 5114198
Change-Id: Ide0afbd26080ba87d177cedfa9b1d50352857a00
Combined volume panel only in tablets. On phones show active volume.
Added dummy assets for ring+notification icon.
Deprecated the NOTIFICATION_USES_RING_VOLUME. Now they are always
tied together. Audio manager changes still required to ensure that.
Initialize all feedback sounds to true.
Change-Id: I3ad7890c9be9334eedb5f3b709a4b6995fe24638
If the user has supplied a backup password in Settings, that password
is validated during the full backup process and is used as an encryption
key for encoding the backed-up data itself. This is the fundamental
mechanism whereby users can secure their data even against malicious
parties getting physical unlocked access to their device.
Technically the user-supplied password is not used as the encryption
key for the backed-up data itself. What is actually done is that a
random key is generated to use as the raw encryption key. THAT key,
in turn, is encrypted with the user-supplied password (after random
salting and key expansion with PBKDF2). The encrypted master key
and a checksum are stored in the backup header. At restore time,
the user supplies their password, which allows the system to decrypt
the master key, which in turn allows the decryption of the backup
data itself.
The checksum is part of the archive in order to permit validation
of the user-supplied password. The checksum is the result of running
the user-supplied password through PBKDF2 with a randomly selected
salt. At restore time, the proposed password is run through PBKDF2
with the salt described by the archive header. If the result does
not match the archive's stated checksum, then the user has supplied
the wrong decryption password.
Also, suppress backup consideration for a few packages whose
data is either nonexistent or inapplicable across devices or
factory reset operations.
Bug 4901637
Change-Id: Id0cc9d0fdfc046602b129f273d48e23b7a14df36
1. Update the database creation/upgrade code to take care of the new setting
to enable touch exploration.
2. Made the tocuh exploration settings persistent to the cloud.
Change-Id: Ie24e9184b4a21869432d11d207cb6464fadbac3b
Implemented different silent mode behaviors for tablets and phones.
The behavior inherited from Honeycomb was for tablets only and
was muting music in silent mode.
Change-Id: Ib053e7b70ca02190debc87648ab8a163f9d39577
New methods for full backup/restore have been added to BackupAgent
(still hidden): onFullBackup() and onRestoreFile(). The former is the
entry point for a full app backup to adb/socket/etc: the app then writes
all of its files, entire, to the output. During restore, the latter
new callback is invoked, once for each file being restored.
The full backup/restore interface does not use the previously-defined
BackupDataInput / BackupDataOutput classes, because those classes
provide an API designed for incremental key/value data structuring.
Instead, a new FullBackupDataOutput class has been introduced, through
which we restrict apps' abilities to write data during a full backup
operation to *only* writing entire on-disk files via a new BackupAgent
method called fullBackupFile().
"FullBackupAgent" exists now solely as a concrete shell class that
can be instantiated in the case of apps that do not have their own
BackupAgent implementations.
Along with the API change, responsibility for backing up the .apk
file and OBB container has been moved into the framework rather than
have the application side of the transaction do it.
Change-Id: I12849b06b1a6e4c44d080587c1e9828a52b70dae
Usage: adb restore [tarfilename]
Restores app data [and installs the apps if necessary from the backup
file] captured in a previous invocation of 'adb backup'. The user
must explicitly acknowledge the action on-device before it is allowed
to proceed; this prevents any "invisible" pushes of content from the
host to the device.
Known issues:
* The settings databases and wallpaper are saved/restored, but lots
of other system state is not yet captured in the full backup. This
means that for practical purposes this is usable for 3rd party
apps at present but not for full-system cloning/imaging.
Change-Id: I0c748b645845e7c9178e30bf142857861a64efd3
This is the basic infrastructure for pulling a full(*) backup of the
device's data over an adb(**) connection to the local device. The
basic process consists of these interacting pieces:
1. The framework's BackupManagerService, which coordinates the
collection of app data and routing to the destination.
2. A new framework-provided BackupAgent implementation called
FullBackupAgent, which is instantiated in the target applications'
processes in turn, and knows how to emit a datastream that contains
all of the app's saved data files.
3. A new shell-level program called "bu" that is used to bridge from
adb to the framework's Backup Manager.
4. adb itself, which now knows how to use 'bu' to kick off a backup
operation and pull the resulting data stream to the desktop host.
5. A system-provided application that verifies with the user that
an attempted backup/restore operation is in fact expected and to
be allowed.
The full agent implementation is not used during normal operation of
the delta-based app-customized remote backup process. Instead it's
used during user-confirmed *full* backup of applications and all their
data to a local destination, e.g. via the adb connection.
The output format is 'tar'. This makes it very easy for the end
user to examine the resulting dataset, e.g. for purpose of extracting
files for debug purposes; as well as making it easy to contemplate
adding things like a direct gzip stage to the data pipeline during
backup/restore. It also makes it convenient to construct and maintain
synthetic backup datasets for testing purposes.
Within the tar format, certain artificial conventions are used.
All files are stored within top-level directories according to
their semantic origin:
apps/pkgname/a/ : Application .apk file itself
apps/pkgname/obb/: The application's associated .obb containers
apps/pkgname/f/ : The subtree rooted at the getFilesDir() location
apps/pkgname/db/ : The subtree rooted at the getDatabasePath() parent
apps/pkgname/sp/ : The subtree rooted at the getSharedPrefsFile() parent
apps/pkgname/r/ : Files stored relative to the root of the app's file tree
apps/pkgname/c/ : Reserved for the app's getCacheDir() tree; not stored.
For each package, the first entry in the tar stream is a file called
"_manifest", nominally rooted at apps/pkgname. This file contains some
metadata about the package whose data is stored in the archive.
The contents of shared storage can optionally be included in the tar
stream. It is placed in the synthetic location:
shared/...
uid/gid are ignored; app uids are assigned at install time, and the
app's data is handled from within its own execution environment, so
will automatically have the app's correct uid.
Forward-locked .apk files are never backed up. System-partition
.apk files are not backed up unless they have been overridden by a
post-factory upgrade, in which case the current .apk *is* backed up --
i.e. the .apk that matches the on-disk data. The manifest preceding
each application's portion of the tar stream provides version numbers
and signature blocks for version checking, as well as an indication
of whether the restore logic should expect to install the .apk before
extracting the data.
System packages can designate their own full backup agents. This is
to manage things like the settings provider which (a) cannot be shut
down on the fly in order to do a clean snapshot of their file trees,
and (b) manage data that is not only irrelevant but actively hostile
to non-identical devices -- CDMA telephony settings would seriously
mess up a GSM device if emplaced there blind, for example.
When a full backup or restore is initiated from adb, the system will
present a confirmation UI that the user must explicitly respond to
within a short [~ 30 seconds] timeout. This is to avoid the
possibility of malicious desktop-side software secretly grabbing a copy
of all the user's data for nefarious purposes.
(*) The backup is not strictly a full mirror. In particular, the
settings database is not cloned; it is handled the same way that
it is in cloud backup/restore. This is because some settings
are actively destructive if cloned onto a different (or
especially a different-model) device: telephony settings and
AndroidID are good examples of this.
(**) On the framework side it doesn't care that it's adb; it just
sends the tar stream to a file descriptor. This can easily be
retargeted around whatever transport we might decide to use
in the future.
KNOWN ISSUES:
* the security UI is desperately ugly; no proper designs have yet
been done for it
* restore is not yet implemented
* shared storage backup is not yet implemented
* symlinks aren't yet handled, though some infrastructure for
dealing with them has been put in place.
Change-Id: Ia8347611e23b398af36ea22c36dff0a276b1ce91
The onUpgrade path was upgrading the database version to 65, but the
current version was marked as 64. That led to the database being
upgraded to 65 and then wiped because it didn't match 64.
This was introduced in HC change 54d068ec6af0ee6d261a135400efe6816c6f5ffe
Bug: 4319406
Change-Id: Ib6efcf34e820948d23d3a2b8ef3afc9012a93c22
bug:3505060
Since we want to have some settings that are used very frequently
by many applications (long-press timeout is one example) these should
be managed efficiently to reduce lookups from different processes
because in the case of a cache miss a disk I/O is performed. Now
the system manages such core settings and propagates them to the
application processes.
Change-Id: Ie793211baf8770f2181ac8ba9d7c2609dfaa32a7
Modified default volume control logic in AudioService:
1 IN_CALL volume if in video/audio chat
2 NOTIFICATION if notification is playing or was playing less than 5s ago.
3 MUSIC
Modified silent mode:
- now also affect MUSIC stream type
- entering silent mode when VOL- hard key is pressed once while selected
stream volume is already at 0 (except for VOICE_CALL stream).
- exiting silent mode when pressing VOL+ hard key while in silent mode
Play sound FX (audible selections, keyboard clicks) at a fixed volume.
Modified audio framework:
- isStreamActive() method now implemented in AudioPolicyManagerBase (previously AudioFlinger)
- iStreamActive() now specifies a time window during which the stream is considered
active after it actually stopped.
Change-Id: I7e5a0724099450b9fc90825224180ac97322785f
Enable retrieving the default download manager settings from
a resource, when the SettingsProvider database is created
The default setting for these values is -1, which will cause
DownloadManger to not enforce a limit.
Bug: 3341145
Change-Id: I25294d0f75fb0bdf20d4bef54457056c25c31add
Bug: 3365600
This doesn't affect upgrades, only new installs.
Don't backup/restore NOTIFICATIONS_USE_RING_VOLUME anymore as it doesn't
work well across device types and can wedge the device into a state
where you can never hear notification sounds.
Change-Id: I703e1db539eb4ac45b273f46ada0b4bbf3b981bb
bug:3341772
1. Now a key in the binding is represented as a long with 32 MSB for modifiers and 32 LSB for keyCode.
bug: 3340732
1. Added check in the WebView key handling code to diable the accessibility injector/injected script in
case accessibility is been disabled after loading the content.
Change-Id: Ic3746dff16ec77ba682a5b139cec0e6afd8fc839
why is settingsprovider doing getReadbleDatabase() in onCreate() method?
it shoul do getWritableDatabse() so that sqlite's WAL
feature can be enabled on it.
Change-Id: I60e46ce240a6474bbb50ab26fb1d979242b0c9ad
1. Added a mechanism to select the cursor ring content if accessibility is
enabled - This is achieved by sending an event to the WebCore thread
(if accessibility is enabled) to select the content of the cursor when
the latter moves. Added code in WebViewCore to select the given node
and notify the UI thread for the selection markup which is delivered
of the accessibility injector which manages sending accessibility
events. This is relevant for adding accessibility to WebView if
JavaScript is not enabled. (If JS is enabled we inject a screenreader
written in JS).
2. Fixed the event delegation to the accessibility injector since it
should be able to consume key events of interest and perform some
action which leads to sending appropriate accessibility event.
In the previous implementation it was possible that the injector
consumes the event but the latter was bubbled up.
3. Added function to scroll the selection into view while moving it
around based on user commands.
Note: This is a part of two project commmit.
Change-Id: Ibb81d0468726efbe3bf6e3add1b19c69e3206638
Also modified the shortcut key handling so that it drops chorded
Search+X keys when even if no shortcut was found. Without this
change, pressing an unhandled shortcut causes the Search widget to
pop up and the character to be typed.
Bug: 3022227
Change-Id: Ic0921428bd1270604ca28caf1f8493727127f4ed
