Also moved restricted profile create/setup logic from Settings to
UMS.createRestrictedProfile.
Bug: 24212155
Bug: 24303609
Change-Id: I0346a3368de53f4bb4b6e054349f19adac959d7f
Also moved restricted profile create/setup logic from Settings to
UMS.createRestrictedProfile.
Bug: 24212155
Bug: 24303609
Change-Id: I5f0d48bcbd3c0b51927926b874fd057c15ac5219
Currently the pm install commands will not take virtual user id like
-2. Adding this feature will make it easier to install packages in a
multi-user environment.
Bug: 19913735
Change-Id: I68b13cf8f2290158f0f4ec5c0966853719c2e80f
..in link-opening behavior. If a candidate is marked as "ask
every time," then the user is guaranteed to get a disambiguation
prompt including that candidate even when some other candidate
app is in the "always prefer this over a browser" state.
Bug 23147746
Change-Id: I904d8697a992b3f16f32b1c1b49c2bf9424c7137
Set an app's state:
pm set-app-link [--user USER_ID] PACKAGE {always|ask|never|undefined}
Read an app's current state:
pm get-app-link [--user USER_ID] PACKAGE
The latter prints to stdout one of the strings usable as an argument to
set-app-link. If an error is encountered, the string printed to
stderr begins with "Error: ".
Bug 19628527
Change-Id: I68b6dc24445917807345a8cf5baa2078490740af
The media provider and some other things need to be given storage access.
Also, seems like we should give storage access to the camera app as well.
And add a dump dump command that will dump data about a particular
permission name.
Change-Id: Idaaa9bba2ff4dc95290cf6d17e5df933df91e909
Issue #21814207: AlarmManager.setAndAllowWhileIdle should also allow wake locks.
Introduce a whole new infrastructure for providing options when
sending broadcasts, much like ActivityOptions. There is a single
option right now, asking the activity manager to apply a tempory
whitelist to each receiver of the broadcast.
Issue #21814212: Need to allow configuration of alarm manager parameters
The various alarm manager timing configurations are not modifiable
through settings, much like DeviceIdleController. Also did a few
tweaks in the existing DeviceIdleController impl.
Change-Id: Ifd01013185acc4de668617b1e46e78e30ebed041
Remote callers can now provide the "--install-location" value from
the APK to help select a location, or they can explicitly force a
volume by UUID.
Bug: 21676789
Change-Id: Iefc92d770a851fc33e37edbf259fdb8df2b14ae5
We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:
1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.
2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.
3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.
Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
Wire up through MountService to call down into vold. Watch for
unsolicited events that report progress, including special value "82"
that signals that copy has finished. We use this value to persist
the volumeUuid in case of unexpected reboot, since it indicates the
new volume is ready.
Wire progress updates through existing callback pipeline.
Update the volume mounting code to match against the persisted UUID
when selecting the primary external storage.
Bug: 19993667
Change-Id: Id46957610fb43517bbfbc368f29b7d430664590d
Since package and primary storage movement can take quite awhile,
we want to have SystemUI surface progress and allow the Settings
app to be torn down while the movement proceeds in the background.
Movement requests now return a unique ID that identifies an ongoing
operation, and interested parties can observe ongoing progress and
final status. Internally, progress and status are overloaded so
the values 0-100 are progress, and any values outside that range
are terminal status.
Add explicit constants for special-cased volume UUIDs, and change
the APIs to accept VolumeInfo to reduce confusion. Internally the
UUID value "null" means internal storage, and "primary_physical"
means the current primary physical volume. These values are used
for both package and primary storage movement destinations.
Persist the current primary storage location in MountService
metadata, since it can be moved over time.
Surface disk scanned events with separate volume count so we can
determine when it's partitioned successfully. Also send broadcast
to support TvSettings launching into adoption flow.
Bug: 19993667
Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10
Since packages can be moved to other volumes, all relevant commands
to installd now require an explicit volume UUID parameter.
Bug: 20275577
Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e
Allow the device owner to silently install and remove packages using the
PackageInstaller APIs. Show notifications to the user after the
installation / deletion was successful.
Bug: 19422461
Change-Id: I0506e18c510efd9d04c4aea9b60a37456e689615
PackageManager now offers to load/unload packages when expanded
volumes are mounted/unmounted. Expanded storage volumes are still
treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view,
but this change starts treating the INSTALL_EXTERNAL flag as
exclusively meaning ASEC containers.
Start tracking the UUID of the volume where a package is installed,
giving us a quick way to find relevant packages. When resolving an
install location, look across all expanded volumes and pick the one
with the largest free space. When upgrading an existing package,
continue preferring the existing volume. PackageInstaller now knows
how to stage on these volumes.
Add new movePackage() variant that accepts a target volume UUID
as destination, it will eventually move data too. Expose this
move command through "pm" command for testing.
Automount expanded volumes when they appear.
Bug: 19993667
Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
Before all permissions were granted at install time at once, so the user
was persented with an all or nothing choice. In the new runtime permissions
model all dangarous permissions (nomal are always granted and signature
one are granted if signatures match) are not granted at install time and
the app can request them as necessary at runtime.
Before, all granted permission to an app were identical for all users as
granting is performed at install time. However, the new runtime model
allows the same app running under two different users to have different
runtime permission grants. This change refactors the permissions book
keeping in the package manager to enable per user permission tracking.
The change also adds the app facing APIs for requesting runtime permissions.
Change-Id: Icbf2fc2ced15c42ca206c335996206bd1a4a4be5
Required for GTS tests. Needed to relax the restriction that
only root user can run 'pm create-user' as GTS tests can't
get root permissions.
Bug: 17312478
Change-Id: I1841286ddf51756c73018c087a5f29afeb5b9f15
poll() returns immediately; we want to take() to wait for the result
to actually arrive.
Bug: 17510699
Change-Id: I87669e79e9941480fed33e4cc8a38de793d59e90
This ensures that both are using (almost) identical logic when
deciding what installs to proceed with. Installs from "pm" for all
users now run as OWNER, and rely solely on INSTALL_ALL_USERS to
express intent. This keeps install session notifications simple.
Since installer UID can vary from installer package name, start
persisting the UID. Also parse some missing flags for install
sessions.
Bug: 17469392
Change-Id: I6d89b1a787aa2024cc4bebf6b9c29317c358e147
When a user is removed, enumerate through all installed packages
to see if any of them are not installed for any user. Delete the
package if no user has it "installed".
Added a pm option to install an apk for a specific user.
Fixed a crash in UserManagerService when executing the above
cleanup - dying users generate a null UserInfo.
Bug: 15426024
Change-Id: I571decde1ae1c257d0da6db153b896aad6d6bcb4
Sessions can now zero-copy data directly into pre-allocated ASEC
containers. Then at commit time, we compute the total size of the
final app, including any inherited APKs and unpacked libraries, and
resize the container in one step.
This supports both brand new ASEC installs and inheriting from
existing ASEC installs. To keep things simple, it currently requires
copying any inherited ASEC contents, but this could be optimized in
the future.
Expose new vold resize command, and allow read-write mounting of ASEC
containers. Move native library extraction into the installer flow,
since it needs to happen before ASEC is sealed. Move multiArch flag
into NativeLibraryHelper, instead of making everyone pass it
around. Migrate size calculation to shared location.
Separate "other" package name in public API, provide a path to a
storage device when relevant, and add more docs.
Bug: 16514385
Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456
Switch to using IntentSender for results to give installers easier
lifecycle management. Move param and info objects to inner classes.
Bug: 17008440
Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43
If an app is installed with an ABI override (adb install -r --abi)
we should remember this so that we don't revert to the scan derived
ABI on the next reboot.
bug: 16476618
Change-Id: I6085bc0099eb613dd9d3b07113c7c13859780697
To resume install sessions across device boots, persist session
details and read at boot. Drop sessions older than 3 days, since
they're probably buggy installers.
Add session callback lifecycle around open/close to give home apps
details about active installs. Also give them a well-known intent
to show session details.
Extend Session to list staged APKs and open them read-only, giving
installers a mechanism to verify delivered bits, for example using
MessageDigest, before committing.
Switch to generating random session IDs instead of sequential.
Defensively resize app icons if too large. Reject runaway
installers when they have too many active sessions.
Bug: 16514389
Change-Id: I66c2266cb82fc72b1eb980a615566773f4290498
Recently we removed the PackageManager inotify triggers, meaning the
only supported ways of installing apps were:
-- adb install -r Foo.apk
-- adb shell stop && adb sync && adb shell start
Iterating on most system apps (like Settings) can use the first
approach, but it doesn't work for "persistent" processes like
SystemUI. (ActivityManager is very particular about how it deals
with persistent apps, and it always sticks with the first
ApplicationInfo found at boot.)
So to enable rapid iteration on persistent apps, we now offer the
one missing piece of forcing a dexopt with a new pm force-dex-opt
command only available to -eng or -userdebug builds. Typical use
for iterating on persistent apps now looks like this:
$ mmm frameworks/base/packages/SystemUI/ && adb sync &&
adb shell pm force-dex-opt com.android.systemui &&
adb shell kill `pid systemui`
Yay!
Change-Id: I0ae2467f1d7cda56c70ba20953cd25fa8ee766ff
This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.
Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
Also track historical install sessions for debugging purposes. Hide
signature verification API for now. Clear code cache only after
killing the app being upgraded.
Bug: 14975160
Change-Id: I52fc7f11d2506f792236d8a365c8cfed21b46c30
Flesh out documentation and finalize first cut of API. Also surface
installLocation and splitNames through PackageInfo.
Bug: 14975160, 15348430
Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0
Oops, forgot to include message argument to invoke the new-style
callback. Also use more robust way of generating cluster APK
directory names, and add more logging details on rename failure.
Change-Id: Ifa8abdd1db58b73e13b9a8077ec126cf20a0d90e
Flesh out implementation of install session observers. Carve out 20%
of published install progress for final system operations such as
dexopt, etc.
Add dumpsys output for active install sessions. Create explicit
fsync() instead of overriding meaning of flush(). Hack to throw
IOExceptions over Binder calls.
Bug: 14975160, 15348430
Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c
