Now that we don't have UM.setUserRestriction*s*() that could remove
all existing restrictions, there's almost no point handling
DISALLOW_RECORD_AUDIO differently.
Now DISALLOW_RECORD_AUDIO is handled just like other restrictions,
except we don't persist it.
Bug 24954662
Change-Id: I27875b4a74dd95a3ce6bb774081eeaf718eaec15
This policy allows DO to specify a list of apps to cache even without being
installed on any user.
Bug: 23938464
Change-Id: I2eeab7f148409739fc23a5c44e955ad12b63fd04
java.lang.IntegralToString is being removed, replaced
all its usage by com.android.internal.util.HexDump.
Bug: 24932279
(cherry-picked from 15fc0548a536750110e159e06a39ba943eccdd81)
Change-Id: Id6ab88337af12d93cd73c41775b9d5baa1e61d96
- Now when DO/PO sets a user restriction, DPMS pushes it to UMS and
then UMS persists it, in order for UserManager.hasUserRestriction()
to never have to talk with DPMS, which would cause lock inversion.
- Also apply user restrictions when a user start.
- This is an updated version of the abandoned CL -- the difference
is, ActivityManager no longer has to call DPMS.
- Also removed an unnecessary write to userlist.xml in UMS.
upgradeIfNecessaryLP().
Bug 23902097
Bug 25388912
Bug 25354031
Bug 25641040
Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
Actually, this implementation is more what we want for ephemeral
apps. I am realizing the two are not really the same thing. :(
For this implementation, we now keep track of how long a uid has
been in the background, and after a certain amount of time
(currently 1 minute) we mark it as "idle". Any packages associated
with that uid are then no longer allowed to run in the background.
This means, until the app next goes in the foreground:
- No manifest broadcast receivers in the app will execute.
- No services can be started (binding services is still okay,
as this is outside dependencies on the app that should still
be represented).
- All alarms for the app are cancelled and no more can be set.
- All jobs for the app are cancelled and no more can be scheduled.
- All syncs for the app are cancelled and no more can be requested.
Change-Id: If53714ca4beed35faf2e89f916ce9eaaabd9290d
This will allow AMS to call into DPMS within the AMS lock instead,
which will help I1537bd57b34696768ee81a979d53bb396efbc12a.
- AM.clearApplicationUserData() will not be allowed for any DA
apps.
Bug 25567963
Change-Id: I9f0d071c815a011be4f4c85c502c39d0fe0fe5e8
Added mUsersLock - short-term lock for internal state, when interaction and
synchronization with PM is not required. Modifications to mUsers and
mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and
mUsersLock. While reads can use mUsersLock.
Testing revealed that the following methods in UMS often cause contention:
- exists
- getUserInfo
- getProfileParent
They all now use a short-term lock mUsersLock for reads.
Bug: 24979571
Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
The Alarm Manager now supports a set() variant that takes a listener
callback to invoke at alarm trigger time rather than a PendingIntent.
This is much lower overhead and has guaranteed low delivery latency
from the trigger time. The tradeoff is that the app must be running
*continuously* from the time the alarm is set to the time it is
delivered. If the app exits for any reason before the alarm fires,
the listener becomes invalid and the alarm will be dropped. This is
more or less equivalent to setting an alarm with a broadcast
PendingIntent that matches only a runtime-registered receiver.
The app's alarm listener can be any object that implements the new
AlarmManager.OnAlarmListener interface and implements its onAlarm()
method. There is no data delivered at alarm trigger time: whatever
state needs to be associated with the specific alarm instance should
simply be packaged inside the OnAlarmListener instance.
An alarm using OnAlarmListener can request that the onAlarm() method
be called on an arbitrary handler. If the program passes 'null' for
this parameter when setting the alarm, the callback occurs on the
application's main Looper thread.
Bug 20157436
Change-Id: I2eb030a24efdd466a2eee1666c5231201b43684b
- Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin.
- User restrictions set by DO/PO will no longer be saved by UserManger. Instead,
when needed, UMS will consult DPMS to build "effective" user restrictions.
- UM.getUserRestrictions() will now always return "effective" user restrictions.
- DPMS migrates existing user restrictions per the eng spec.
- Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has
been removed.
This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no
longer be a valid use like it used to be.
- Also introduced a fined-grained lock for user restrictions in UM to avoid
deadlock between DPMS and also for better performance.
Bug 23902097
Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
BUG: 24900376
We've seen an issue where periodic run times can be massively
inflated after loading from disk.
As a safeguard, cap the period's loaded runtime to be [p, 2p]
from the time of loading.
Change-Id: Ie4464490c8d6702fee8efe9190c3da5dc5f013f6
(cherry picked from commit fa8e5084eed63ab8d92c71fcff656690a30293c3)
BUG: 24900376
We've seen an issue where periodic run times can be massively
inflated after loading from disk.
As a safeguard, cap the period's loaded runtime to be [p, 2p]
from the time of loading.
Change-Id: Ie4464490c8d6702fee8efe9190c3da5dc5f013f6
* commit '3d3f766c8b37dcf495235ca4a500494498712eed':
Support DHCP replies with multiple default gateways.
Accept DHCP responses from non-67 server source ports
Improve logging of DHCP parse errors using exceptions.
- Start persisting restrictions set by DO/PO.
- Also dump user restrictions on dumpsys
- More changes will follow, including migration.
- Now System settings are mockable.
Bug 23902097
Bug 23902477
Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
Also removed a failing unit test and the related code which is
now deprecated.
Bug: 19913735
Bug: 24064753
Change-Id: I9b11130b52caeb0ad890cc6adaaf7fb2fc7b5db6
- DpmMockContext.addUser() allows to create more users. This will set up
UserManager properly and create a data directory.
- Updated DevicePolicyManagerTest so it can now easily emulate calls from
different secondary users.
Change-Id: Ic9d3e8d0d1e7f41e184c82e6dc323c244535b8d8
It was because UserManager.get() returns a static cached instance but
we should always be using the mock instance that's created for each test.
Bug 24378326
Change-Id: Id4663e7676d2d0130622055a97fbde0884714349
- Extracting into a factory allows us to use mocks in other classes.
(Such as Owners.)
- Also removed broken test ApplicationRestrictionsTest. Instead added a new
simplified test to DevicePolicyManagerTest.
- Also stop caching rarely used instances in DPMS.
Bug 24061108
Bug 24275172
Change-Id: Ice9e57204b18e7b5f6b115126dab2209041439c2
- Now all services that DPMS uses are injectable.
- Introduce some wrappers to make static methods and final class mockable.
(e.g. for Binder.getCallingUid())
- In unit tests we replace those with Mockito mocks, except we use a partial
mock for PackageManager, because we use way too many methods of this and
most of them are okay to use directly.
- To install a partial mock to PackageManager, I needed to make
ApplicationPackageManager @hide public non-final.
- For a starter, added tests for DPM.setAmin().
Bug 24061108
Change-Id: I2afd51d8bc0038992d5f9be38c686260be775b75
For each runtime permission we have an app op to toggle the
permission for legacy apps as they cannot handle permission
revocations. We were lacking an app op for get_accounts
which prevented the user from controlling access to accounts
regardelss that they change the state of the permission
toggle in the UI. Even worse the permission UI is written
with the assumption that every runtime permission has an
app op and as a result revoking the contacts group (if the
app requests the get_accounts permission) is reset back to
allowed in the UI.
bug:23854618
Change-Id: I12b83dfd22974d130e5b8e7a195421120813e2db
* commit 'fd18370675f8794807747a18276dd7385e25f06e':
Require the new PACKET_KEEPALIVE_OFFLOAD permission.
Add an error code for generic hardware error.
Fix bugs and crashes in PacketKeepalive API.
Add tests for the PacketKeepalive API.
Add a PACKET_KEEPALIVE_OFFLOAD permission.
Use a CountDownLatch instead of sleep() in NetworkFactory tests.
Get rid of shortSleep() in ConnectivityServiceTest.
Make ConnectivityServiceTest a bit more readable.
For each runtime permission we have an app op to toggle the
permission for legacy apps as they cannot handle permission
revocations. We were lacking an app op for get_accounts
which prevented the user from controlling access to accounts
regardelss that they change the state of the permission
toggle in the UI. Even worse the permission UI is written
with the assumption that every runtime permission has an
app op and as a result revoking the contacts group (if the
app requests the get_accounts permission) is reset back to
allowed in the UI.
bug:23854618
Change-Id: I9e3f9bfeb320bed561d718db99ee285915d5701b
- setDeviceOwner() now takes a user ID. (We can infer it from Binder, but
we still need it for the dpm command.)
- Change broadcast target UID for DO to the DO user
- Start the DO user on boot complete.
TODO Investigate whether this is actually the good timing.
TODO Prevent the DO user from being killed
Bug 23827706
Change-Id: I227dbd444f1f4e94d98c317489d151554fe79d91
This currently fails in many different ways, but it tells us what
to fix.
Bug: 22606153
Bug: 23884210
Change-Id: If2e5ee0a8d7b26cad67d3d566ed5b1383e0db096
1. Make TestNetworkCallback a bit smarter and rename it to
SingleUseNetworkCallback. This allows us to get rid of all the
calls to TestNetworkCallback#getConditionVariable.
2. Delete the commented out code that used to test a
ConnectivityService model that has not been used since KK.
3. Remove unused imports, etc.
Bug: 22606153
Change-Id: I81a2d0b970d19e5f4515490d8c2f88d416445fa1
