Issue #7211769: Crash dialog from background user has non-working "report"
The report button now launches the issue reporter for the correct user.
Also for crashes on background users, either disable the report button,
or simply don't show the dialog depending on the build config.
Issue #7244492: Bugreport button in Quick Settings doesn't actually do anything
Now they do.
Issue #7226656: second user seeing primary user's apps
I haven't had any success at reproducing this. I have tried to tighten up
the path where we create the user to ensure nothing could cause the
user's applications to be accessed before the user it fully created and thus
make them installed... but I can't convince myself that is the actual problem.
Also tightened up the user switch code to use forground broadcasts for all
of the updates about the switch (since this is really a foreground operation),
added a facility to have BOOT_COMPELTED broadcasts not get launched for
secondary users and use that on a few key system receivers, fixed some debug
output.
Change-Id: Iadf8f8e4878a86def2e495e9d0dc40c4fb347021
Migrate networking, storage, battery, DropBox, and PackageManager
related Secure settings to Global table.
Bug: 7232014, 7231331, 7231198
Change-Id: I772c2a9586a2f708c9db95622477f235064b8f4d
Fixed one setting that was migrated but not marked deprecated.
Removed a hidden setting that is no longer used by the new
power manager service.
Bug: 7231172
Change-Id: I332f020f876a18d519a1a20598a172f1c98036f7
When PackageManagerService deals with external storage, always bind
to DefaultContainerService as USER_OWNER. This avoids binding to a
stopped user, which would fail.
Bug: 7203111
Change-Id: I8e303c7558e8b5cbe4fea0acc9a472b598df0caa
Issue #7209355: Intent on the secondary user results in an intent picker
in the Primary user.
Issue #7214271: Crash in system UI
Also fix a bug where I recently broke the removeTask() operation in the
activity manager where it would remove the wrong task.
Change-Id: I448c73a0e83a78d9d8d96b4629658c169888d275
Since SettingsProvider can call back into PMS, query the default
enforcement state before acquiring mPackages lock.
Bug: 7182437
Change-Id: Ie218aedfc7a943e5b221814af3e0356c7199b0e4
Create a setting "verifier_verify_adb_installs" to allow developers to control
package verification on ADB installs only. If package verification is enabled,
the setting will:
0, Do not perform package verification on apps installed through ADB/ADT/USB
and perform package verification on all other installs.
1, Use package verification on all installs. (Default)
Bug: 7183252
Change-Id: I9d3eb8abb5ba5e93f8634d3135794e92ff6273b6
Keep track of user creation and last logged-in time.
adb shell dumpsys users
User switcher shouldn't show users about to be removed.
No need to check for singleton for activities.
Bug: 7194894
Change-Id: Ic9a59ea5bd544920479e191d1a1e8a77f8b6ddcf
New APIs let you indicate what user(s) to monitor, and tell you
what user is changing when receiving a callback.
Fix package manager to only deliver package brpadcasts to the
running users. (This isn't really a change in behavior, since
the activity manager would not deliver to stopped users anyway).
Make sure all broadcasts that package monitor receives also include
user information for it to use.
Update wallpaper service to (hopefully) now Really Correctly
monitor package changes per user.
Change-Id: Idd952dd274abcaeab452277d9160d1ae62919aa0
Bug: 7136483
Store device policy information for each user and apply them when user switches.
Global proxy can only be controlled by owner.
Camera restriction applies to all users, if any one has an admin that disables it.
Storage encryption can only be controlled by owner, although other users can query the state.
Wipe data will only remove the user if non-zero, wipe the device, if zero.
Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
The current MTP kernel driver at /dev/mtp_usb is exclusive, meaning
only one process can have it open. In addition, each MTP session
with a desktop requires unique object IDs, which doesn't hold true
across users on the device.
To solve these two issues, when switching users we cycle the USB host
stack to disconnect both local and remote MTP connections, giving the
new user's media process a chance to claim /dev/mtp_usb, and causing
the desktop to initiate a new MTP session.
This change also allows BroadcastReceivers to registerReceiver()
allow retrieval of a current sticky broadcast. Adds a system property
to override maximum users. Removes MOUNTED broadcasts for secondary
users. Allows INTERACT_ACROSS_USERS to getCurrentUser().
Bug: 6925114
Change-Id: I02b4a1b535af95fb2142655887b6d15a8068d18a
Add a USER_INFO_CHANGED intent for lockscreen and quicksettings to use
to monitor changes to the user name or icon.
Bug: 7164040
Change-Id: Id6fb8b6d38ce04ccd02bbadcf0c10699783d6c03
For forward-locked apps, we need to be able to read the optimized dex
file from a common place. Make it owned by the shared app GID as well.
Bug: 7178231
Change-Id: Ib36d79e8df69d58e8e1e0f167659df995dc84b84
So that we don't abuse the setUserIcon() for reading. So the new method won't try
to create the file, only return it if it exists.
Change-Id: I7a81d3f1b29d14d37e71f531744ce39f21d827ac
- New public APIs to find out when a user goes to the foreground,
background, and is first initializing.
- New activity manager callback to be involved in the user switch
process, allowing other services to let it know when it is safe
to stop freezing the screen.
- Wallpaper service now implements this to handle its user switch,
telling the activity manager when it is done. (Currently this is
only handling the old wallpaper going away, we need a little more
work to correctly wait for the new wallpaper to get added.)
- Lock screen now implements the callback to do its user switch. It
also now locks itself when this happens, instead of relying on
some other entity making sure it is locked.
- Pre-boot broadcasts now go to all users.
- WallpaperManager now has an API to find out if a named wallpaper is
in use by any users.
Change-Id: I27877aef1d82126c0a1428c3d1861619ee5f8653
Send package name, version code and the uid of the application requesting the
install to package verifiers.
Bug: 7164155
Change-Id: I2464dc5d4551f60b4f38f7982495a8920c83e1cd
When verification and encryption is used, the temporary file was deleted
prematurely.
Also, on next boot-up, scan the directory we use for temporary files to
clean them up if the user rebooted in the middle of installation.
Bug: 7132197
Change-Id: Ic9e8aab9a664ca00d9ac16f72e53fc43d78d21bc
For some reason .getParent() appears to be returning null for a data
directory. We don't need to use the parent; we can just use the path.
Bug: 7151733
Change-Id: I5e17cc14fe53669882329d67d8a7b4ec35b81104
Fixes a race condition where the system server might
try to access /data/user/0 before it was created. In so
doing, the system server could end up creating a directory
in that location with the wrong permissions and everything
would promptly crash.
Bug: 7151686
Change-Id: I349c12fd2b9685d2e7f6305e74f6bf7d5816b752
When building external storage paths, always include user in path
to enable cross-user paths and aid debugging.
Each Zygote process continues to only have access to the appropriate
user-specific emulated storage through bind mounts. A second set of
mounts continue supporting legacy /sdcard-style paths. For example,
a process running as owner has these mount points:
/storage/emulated_legacy
/storage/emulated_legacy/Android/obb
/storage/emulated/0
/storage/emulated/obb
Since Environment is created before Zygote forks, we need to update
its internal paths after each process launches.
Bug: 7131382
Change-Id: I6f8c6971f2a8edfb415c14cb4ed05ff97e587a21
Use a shared app gid for each app across different users which allows
forward-locked applications to share the same APK file.
Change-Id: Ifecf51ee7865547117746f83e9733083d3dd5111
By default only 1 user is allowed. Some devices permit more than 1.
Set the real user limit in a device overlay for config.xml
Change-Id: I2e0bffa13393b954fcd20e55b92f20de980c58c0
unlinklib is no longer necessary since libraries are now either stored
in an ASEC container or in /data/app-lib
Replace lib directory with a symlink to the /data/app-lib directory even
if it's a dangling link. That way developers don't name something "lib"
in their directory which gets blown away during an update.
Change-Id: I142cf13dba9c13aafbaf0ff8d5e9872cbf1cc910
Now we default to the current user instead of user 0 for most commands
(except where we can do the command for all users).
Many more commands take a user argument: force-stop, kill, profile,
dumpheap.
Improved help text.
Change-Id: I719a13b4d31b668f57ca21e51d7043ac3e0d4e1b
Instead of unpacking libraries into /data/data/<appname>/lib, unpack
them into /data/app-lib so that multi-user applications can use the same
libraries.
Change-Id: I636dafb5a9eea8cf5a41f1360698e7695455f385
Commit 5e03e2ca7d25b899b129baad2dd5eca6bf99d88a moved from
PacakgeParser.Package to PackageSetting which revealed that we weren't
updating the pkgFlags when replacing an existing application.
Add flags to PackageSetting so that deletion of the package later succeeds.
Change-Id: I2e0d4e07da31f48b68601f3f3240966b6e17dbdf
When accessing a content provider, there is a check for whether
the provider can run in the caller's process; if so, even if the
provider is currently published, we return to the caller that it
can run locally.
This check was broken -- it had an old condition that allowed
content providers owned by the system UID to run in any other UID's
process. This is wrong, since by definition the other
UIDs would not be able to access the data under the original UID.
We ran into this because the activity picker is part of the
android platform manifest, so runs as the system process. However
it needs to run as the user who invoked it, so when coming from the
non-primary user we spin up a "system" process running as a uid of
that user. Now when that process tries to access the settings
provider, the broken check would think that a new instance of the
settings provider should be created in the caller's process.
Change-Id: I7bf495ed8370cb271bdaec073d5b7dda9e38c546
installd was not creating a compatibility symlink when
installing a forward locked application. Fix.
Bug: 7121527
Change-Id: Ied507ab2b759d8658af563e6ac8f0dbb0d286cce
