If the user has supplied a backup password in Settings, that password
is validated during the full backup process and is used as an encryption
key for encoding the backed-up data itself. This is the fundamental
mechanism whereby users can secure their data even against malicious
parties getting physical unlocked access to their device.
Technically the user-supplied password is not used as the encryption
key for the backed-up data itself. What is actually done is that a
random key is generated to use as the raw encryption key. THAT key,
in turn, is encrypted with the user-supplied password (after random
salting and key expansion with PBKDF2). The encrypted master key
and a checksum are stored in the backup header. At restore time,
the user supplies their password, which allows the system to decrypt
the master key, which in turn allows the decryption of the backup
data itself.
The checksum is part of the archive in order to permit validation
of the user-supplied password. The checksum is the result of running
the user-supplied password through PBKDF2 with a randomly selected
salt. At restore time, the proposed password is run through PBKDF2
with the salt described by the archive header. If the result does
not match the archive's stated checksum, then the user has supplied
the wrong decryption password.
Also, suppress backup consideration for a few packages whose
data is either nonexistent or inapplicable across devices or
factory reset operations.
Bug 4901637
Change-Id: Id0cc9d0fdfc046602b129f273d48e23b7a14df36
View.setSystemUiVisibility() now properly accepts a
bitfield, including:
* SYSTEM_UI_FLAG_LOW_PROFILE: "lights out mode"
(previously known, erroneously, as STATUS_BAR_HIDDEN)
* SYSTEM_UI_FLAG_HIDE_NAVIGATION: for when you need every
single pixel on a device that also has a navigation bar
These flags are painstakingly aggregated across the entire
view hierarchy and carefully delivered to the status bar
service, which in turn gently passes them along to the bar
implementation.
To really get access to the whole screen, you need to use
HIDE_NAVIGATION in conjunction with FLAG_FULLSCREEN and
FLAG_LAYOUT_IN_SCREEN. See development/samples/Overscan for
an example of how to do this.
Change-Id: I5fbfe009d9ceebbbf71db73f14a7008ea7c1d4da
Well, actually they do go out, but they won't try to start anybody now
until after boot.
bug:5088272
Change-Id: Iaaf7a1e4b300e0afc3901ecfd225a77084bd0954
Since "restrict background" depends on active networks, separate its
definition from setBackgroundDataSetting().
Bug: 4979025
Change-Id: I12bfe3a2e606375b39c67706270caa7a1bb0214e
We should use all-makefiles-under instead.
all-subdir-makefiles can be used only before any "include" statement.
Before this change, both subdirs were actually not included.
Change-Id: I6bf35d07f294a5012c9322096f999ac26e37432f
This fixes an issue where an ANR can occur in a newly focused
application through no fault of its own, simply because
the previous app took a little while to transfer focus to
the new app.
Bug: 4584620
Change-Id: If3227eb68d92a09a108e9de7f0afcbd9a5dbdead
The kernel sends an interface down event for usb0 when RNDIS is enabled.
Ignore this and only remove USB interfaces when we receive the
interface removed event.
Change-Id: I1458f259b96c9fab4d3a69a5692e630123fad136
Signed-off-by: Mike Lockwood <lockwood@android.com>
Teach NetworkPolicy limits to "snooze" when requested by user, and
notify with both dialog and notification. Register for network alerts
through NMS to trigger updates immediately instead of waiting for
next stats update.
Enforce that all NetworkPolicy are unique on a template basis, and
move SCREEN_ON/OFF broadcasts to background thread. Launch SystemUI
and Settings directly instead of using actions, and include full
NetworkTemplate in extras.
Tests to verify notification and snooze behavior.
Bug: 5057979, 5023579, 4723336, 5045721
Change-Id: I03724beff94a7c0547cb5220431ba8d4cd44d077
since USB tethering already has a notification.
Bug: 4988511
Change-Id: I928cb1e1d191c77340f7f05edfa80a74cdabe6ed
Signed-off-by: Mike Lockwood <lockwood@android.com>
...apk reinstall; affects user privacy
Disconnecting a ServiceConnection after an app is torn down could
impact the bookkeeping of the same service if it has been started
for the app.
Also address issue #5073927: GSF process can't be killed
A new flag allows the systems location manager service to tell
the activity manager to not pull bound services up forever into
the visible adj level.
Change-Id: I2557eca0e4bd48f3b10007c40ec878e769fd96a8
If a pre processing effect is detroyed while enabled and capture is active,
there was a possibility that the effect engine is released by the framework
while still processed by the audio HAL.
The fix consists in not releasing the engine in EffectModule::removeHandle()
but just flag the effect as being detroyed to avoid further calls to functions
on the engine effect interface.
The effect interface is then removed from the audio HAL safely in
EffectChain::removeEffect_l() while holding the EffectChain mutex.
Change-Id: I71fab30d9145062af8644f545a1f1d4d3e7e7f02
1. Events not generated by the user can change the interrogation allowing window
unpredicatably. For example when a ListView lays out its children it fires an
accessibility events and changes the currently active window while the user
interaction may be happening in another window say a dialog. Now the interrogation
allowing window is changed when a new window is shown or the user has touch
explored it.
bug:5074116
Change-Id: I8dde12bbec807d32445a781eedced9b95312b3e2
A later CL will introduce an API for querying whether a given package
runs in a persistent process; UIs such as Settings will be able to use
that to determine whether to disable the 'force stop' action.
Change-Id: Iab47c2300fdce285da7d83e02263c9a5f69edd70
