The servcies shared lib contains components apps can invoke such
as services to bind to, activities to start, UI choosers, etc.
This lib is built from AOSP code but an OEM may chage its
package name. For example, Google renames the package names for
GMS apps from android.foo.bar to com.google.android.foo.bar.
While we have more than one shared lib that are a part of the
platform (currently shared and services libs) the serivces lib
is the only one clients need to start components in, thus need
to know its package name. This change adds an API to query the
package name of the services shared lib. The API is hidden as
currently the only clients are a part of the system.
Change-Id: Ied48fa4819024522791764b22b3336d4f4b42cc3
Databases and SharedPreferences often involve multiple files under
the hood, so developers wanting to migrate them between different
storage contexts should ask us to make sure all relevant files are
migrated correctly.
This makes a best-effort attempt to recover from battery pulls
during migration, while still trying to alert developers to
conflicting files.
Bug: 26668510, 25860525
Change-Id: I9ffa3e8cb6191dfd4237b9466a081d6d77df3ba0
- Deprecated most android.test.* APIs
- Kept ProviderTestCase2 and LoaderTestCase since we don't have a
replacement yet
- Deprecated android.test.suitebuilder
- Added Javadoc to all deprecated APIs with links to corresponding
Android Testing Support Library APIs
- Removed all trailing whitespace
Bug: 22314304
Change-Id: I1b1f0dd5132364110f1dfd4e3eb2dd044700d859
Finish moving all UID/GID callers to single AIDL method that requires
callers to provide flags.
Triage AppWidgets and PrintServices, which currently can only live on
internal storage; we should revisit that later.
Fix two bugs where we'd drop pending install sessions and persisted
Uri grants for apps installed on external storage.
Bug: 26471205
Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd
This gives callers the ability to request details for missing
packages. Also add annotations for userId and appId variables and
start tagging their usage.
Change-Id: I63d5d7f870ac4b7ebae501e0ba4f40e08b14f3f6
When hidden PackageManager methods take a userId argument, they
should be named explicitly with the "AsUser" suffix. This fixes
several lagging examples so that we can pave the way to safely
start passing flags to new methods without scary overloading.
Also fix spacing issues in various logging statements.
Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
When an APK is being installed, the full path to the file is
occasionally passed between processes. To detect changes to the file
during these handovers, the digest of the AndroidManifest.xml entry
could be passed around as well.
This security feature is no longer used and is no longer needed. APKs
should be installed using the modern Package Installer API
(android.content.pm.PackageInstaller).
Bug: 24542768
Change-Id: I2762634c85448e7adcd47ffc9a5294c021e127bd
Adds APIs in DevicePolicyManager and PackageManager for allowing
a device admin to suspend a package. PackageManagerService sets
or unsets a new PackageUserState 'suspended' setting. Terminal
command to suspend/unsuspend has been added via
PackageManagerShellCommand (as root).
Next steps:
* use the new 'suspended' setting for denying access to start app
(probably in ActivityStackSupervisor)
* broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up
* remove app from recents (go further and kill it if it is running)
* erase existing notifications for this app
Bug: 22776576
Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
You can now control the range of target SDKs that receivers
will be need to have in order to receive your broadcast.
Use this for CONNECTIVITY_ACTION to not allow N+ applications
to receive these broadcasts through their manifest.
Also tweak the broadcast debug output code to now include the
disposition of each receiver in the list. This is becoming
important as skipping receivers is becoming a more common
thing to have happen.
Change-Id: I251daf68575c07cbb447536286ab4e68b7015148
Rename APIs to reflect that they're storage-related. Also move
credential-storage APIs to be system API.
Return a null Context when device-encrypted storage isn't
supported. This is the easiest way to keep legacy apps working when
upgrading from M to N.
Reduce strictness of path checking so we don't crash when working
with special packages like "android".
Bug: 22358539, 26104027
Change-Id: I38c24fc003488186210a6ae3b64270f86e1efe56
There are far too many Context APIs with special directory paths
to replicate device-encryption versions of them all. Instead, add
methods to clone a Context that explicitly stores its data in either
credential- or device-encrypted storage.
Methods to test the behavior of a given Context.
Bug: 22358539
Change-Id: I6a6290a9b282605ce9a1f82742fc2c4c50536754
Add APIs for an ephemeral app to set a cookie which is a small
peice of data cached longer than the app itself. This is useful
for avoiding the user to login every time they use the ephemeral
app. The cookie is stored after an ephemeral app is uninstalled.
Normal apps or ephemeral apps upgraded to full apps can also use
these APIs with the difference that once they are uninstalled
the cookie is deleted.
The cookie size defaults to 16KB and is configurable by a global
settings which can be adjusted via gservices. Also eviction policy
is time based with a default of one month and is configurable by
a global setting which can be adjusted via gservices. If the cert
of the app cahnges (when ephemeral is installed, uninstalled and
installed again) the cooke is wiped to prevent data leaks.
This cahange also adds an API for apps to know whether they run in
an ephemeral mode since it this mode some APIs will not be available.
Another API exposed by this change is private for the system and
exposes all ephemeral apps - installed and uninstalled. Only the
system can call this API. When an ephemeral app is uninstalled the
system stores its name, icon, and permissions. When the app is
reinstalled or a full version is installed the permissions are
propagated.
Change-Id: Id4a73a7750bfbabda0bfcb9bf9018d2062e94367
Needed for apps that want to migrate SharedPreferences from CE to DE
storage. Note that a device will only ever enter a CE mode with a
factory reset, so apps should only be using these APIs when they
want to migrate files to a consistent location on non-FBE devices
for simplicity.
Bug: 25503089
Change-Id: Ic846215da1617d116a048e036415ac7ad523b770
Needed to support storage of SharedPreferences on both credential-
encrypted and device-encrypted storage paths.
Bug: 22358539
Change-Id: I576b696951b2a9de817d5be63d31b06f7e166a19
With some core classes moved to separate core-oj jar
we need to use the new jar.
(cherry-picked from f898cda2f499b14f92bc7fb75f44110cdec7654f)
Change-Id: Ica148f11bcc77f57d22944ff78c501611a293167
Define two explicit directories where device-encrypted and
credential-encrypted data will be stored. Third-party apps only
need access to the device-encrypted directory, so that's the only
API exposed for now.
General cleanup in how ApplicationInfo details are derived.
Bug: 22358539
Change-Id: If0a0108721a4aa1c3052b4912e08604bbf24e1ae
Add methods installPackageAsUser and installExistingPackageAsUser
and deletePackageAsUser and getPackageInfoAsUser.
BUG:23516394
Change-Id: I15e30d2ec45ab18c7f8c0ac02cfc617c50fedb44
This reverts commit 3b0fc3cf24e1fecdbc11808483c2109415ebfdd2.
It breaks the build. I had missed other places that extend PackageManager.
Change-Id: Iff012ed4ec8d2d32821586eca85fce55ae67f5b5
Add methods installPackageAsUser and installExistingPackageAsUser
and deletePackageAsUser and getPackageInfoAsUser.
Change-Id: I9a3ff96f968b4f8d21a57cc7760679628d35c1a9
BUG:23516394
We now place whoever is receiving the MMS on the temporary
whitelist while doing so, so they can get network access to
download it.
There was also an issue that needed to be fixed where we
were no longer updating the list of allowed uids while
dozing based on their proc states... we now do that.
Also did a bit of optimization of the temp white list update
path do the network policy manager, instead of going through
a broadcast we now directly call in to the network policy
manager. This also allows us to have a synchronous version
of updating the list, so we can know the app has network access
before we tell it to do anything.
Finally added battery stats events for things going on and off
the whitelist so we can diagnose the behavior there.
Change-Id: Ic7fe010af680034d9f8cb014bb135b2addef7455
Added Context.sendBroadcastMultiplePermissions(Intent intent, String[]
receiverPermissions) method, which allows an array of required permissions
to be enforced.
Bug: 21852542
Change-Id: I27c9130e8f004b428452501ebc8a36aabde1f343
Added Context.sendBroadcast(Intent intent, String[] receiverPermissions)
method, which allows an array of required permissions to be enforced.
Bug: 21852542
Change-Id: I3b8ff258fa9f3249c344bb8093b820b24eef00c0
- Get rid of obsolete annotations in MediaInserterTest.
- Drop support for @BrokenTest and @SideEffect. Nobody uses
SideEffect and none of the tests that use this test runner
(vm-tests-tf, essentially) use @BrokenTest.
Change-Id: Id73c4d4eda8031689f9263c85b563c29e635d446
Issue #21814207: AlarmManager.setAndAllowWhileIdle should also allow wake locks.
Introduce a whole new infrastructure for providing options when
sending broadcasts, much like ActivityOptions. There is a single
option right now, asking the activity manager to apply a tempory
whitelist to each receiver of the broadcast.
Issue #21814212: Need to allow configuration of alarm manager parameters
The various alarm manager timing configurations are not modifiable
through settings, much like DeviceIdleController. Also did a few
tweaks in the existing DeviceIdleController impl.
Change-Id: Ifd01013185acc4de668617b1e46e78e30ebed041
We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:
1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.
2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.
3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.
Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
Since package and primary storage movement can take quite awhile,
we want to have SystemUI surface progress and allow the Settings
app to be torn down while the movement proceeds in the background.
Movement requests now return a unique ID that identifies an ongoing
operation, and interested parties can observe ongoing progress and
final status. Internally, progress and status are overloaded so
the values 0-100 are progress, and any values outside that range
are terminal status.
Add explicit constants for special-cased volume UUIDs, and change
the APIs to accept VolumeInfo to reduce confusion. Internally the
UUID value "null" means internal storage, and "primary_physical"
means the current primary physical volume. These values are used
for both package and primary storage movement destinations.
Persist the current primary storage location in MountService
metadata, since it can be moved over time.
Surface disk scanned events with separate volume count so we can
determine when it's partitioned successfully. Also send broadcast
to support TvSettings launching into adoption flow.
Bug: 19993667
Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10
Since packages can be moved to other volumes, all relevant commands
to installd now require an explicit volume UUID parameter.
Bug: 20275577
Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e
The READ_PHONE_STATE permission protects PII information and
is in the Phone group. This change is adding the corrseponding
app op for gating access to the API guarded by READ_POHNE state
which will be used instead as an access control for legacy apps.
Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba
Add API to determine the possible candidate volumes that a package
can be moved to. For example, it currently knows that we need to
move ASEC-based apps through internal storage before migrating them
to a private volume.
Comparator for consistent VolumeInfo ordering when displayed in UI.
Fix native library symlink to be volume UUID aware.
Bug: 19993667
Change-Id: I68d5fac5f0f776ac1c7dd15e7a984bfe2704f3f7
- add private PackageManager APIs for setting/getting the default
Browser App package name
- serialize / deserialize the default Browser App package name per User
Also relax the Hosts name validation for the AppLinls feature. Now we
just care if the IntentFilter is having an HTTP or HTTPS scheme.
Change-Id: I4436f66ac6beff57e14f7f3a2a00b0b582c03be9
- add private API PackageManager.getAllIntentFilters(String)
for getting all IntentFilters from a given package
- update IntentFilterVerificationInfo to use an ArrayList<String>
for domains instead of a String[]
- if you make an App a default domain handler then make the
others as non default
- create an IntentVerificationInfo even if the App IntentFilters
do not need to be verified. This would be done only if the App
has some domain URLs defined and would allow to make it the
default handler for a domain
- a few code optimizations here and there
Change-Id: I4535372a0bb1a2c8e662e1485be8ca700003e9b3
