Fixes issue #2507124:
cts.PackageManagerRequiringPermissionsTest:testClearPackagePreferredActivities
is failing with NPE
Also introduce some compatibility code to simple ignore calls to set
preferred packages from old applications, and changes some package manager
logs to Slog.
Change-Id: Id3f98ac8e106da526ba4c12879a9ddaabf28f462
I can't believe I let this slip through. And in the SDK no less. :(
The APIs for setting preferred activities will now throw a security
exception when used. This may break some apps, we'll see how it
goes. If it is too bad we can just make these log and not throw
anything, but I would much prefer they throw an exception.
Change-Id: I3aed434750eef8b202aa9d5bd774a0121be521c6
to internal flash only even before we copy.
Return error codes when install flag options mismatch.
Some conditions for existings apps
- install flags override existing location
- explicity manifest option install location overrides previous location
- if upgraded package's install location is unspecified or auto, fall
back to recommended install policy which considers user setting as well.
Check for sdcard status before finding available size on sdcard
Add light weight parsing for manifest attributes including package name and
install location only
Change-Id: I5143dda87c88c595f564b317326c926d0ec3ceb8
Clean up stale containers when enabling/disabling packages on sdcard.
Check the path of packages which are being enabled.
Make sure gc's are done prior to destroying containers when moving applicati
as well as enabling/disabling packages for sdcard mount status changes.
Some miscellaneous issues
Remove hack to avoid renaming containers.
Fix test with forward locked apps
Remove adding container id to asec list when renaming
Some cosmetic changes to DefaultContainerService
Also add ability for admins to hide themselves when not in use,
a facility for admins to not allow other admins to reset
their password, and debug dumping.
Dont invoke getInstallLocation for forward locked apps.
If INSTALL_ON_SDCARD is selected as default, forward locked
apps are not being installed because of conflicting flags.
This is the framework part, moving classes around so the framework
no longer needs to link to android-common. Makes some APIs public,
others that didn't need to be public are private in the framework,
some small things are copied.
MountService updates state on PackageManager and then tries to
kill processes holding file references to media about to be unmounted by
invoking api on ACtivityManager. This is retried upto 4 times to make sure all
processes holding file references are killed before unmounting the media
at specified path.
Also changed PackageManger api to return boolean value to indicate if
MountService is likely to receive broadcasts related to apps on sd.
change hard coded path in installd
fix tests
Work around for renaming containers.
Do forced unmount when destroying containers.
Force a gc in default container service to release handle to parsed package
and thus avoid getting killed by vold
Some cosmetic changes to PackageManager api.
Unit tests for renaming container for MountService
Remove internal size limit on app to be installed.
2185256: After open &close of device keyboard shortcut does not added to Home desktop.
ActivityThread was losing the last saved state when restarting or launching into
a paused state.
2366174: defaults not cleared when they should be
PackageManagerService now removes any preferred activity records for a package
when it is uninstalled.
2154556: Battery stats can have an unbounded number of wake locks
We now start combining wake locks into one shared record when we hit a
maximum limit (currently 20).
2442519: Foreground services can have no notification by providing a bogus one.
If the notification manager rejects our notification, the service is forced to
no longer be in the foreground.
2442383: Finalization issues in com.android.server.am.PendingIntentRecord.java
Cleaned up finalization to call super class and avoid the big activity manager
lock (we still need to use the locks inside of the message system, but these
are much less likely to be a problem).
2284190: Cannot call a phone number using adb
We weren't getting the calling uid/pid in startActivity() if the caller did not
supply an application record.
I am getting tired of writing package monitor code, realized this is missing in
a number of places, and at this point it has gotten complicated enough that I
don't think anyone actually does it 100% right so:
Introducing PackageMonitor.
Yes there are no Java docs. I am still playing around with just what this
thing is to figure out what makes sense and how people will use it. It is
being used to fix this bug for monitoring voice recognizers (integrating the
code from the settings provider for setting an initial value), to replace
the existing code for monitoring input methods (and fix the bug where we
wouldn't remove an input method from the enabled list when it got
uninstalled), to now monitor live wallpaper package changes (now allowing
us to avoid reverting back to the default live wallpaper when the current
one is updated!), and to monitor device admin changes.
Also includes a fix so you can't uninstall an .apk that is currently enabled
as a device admin.
Also includes a fix where the default time zone was not initialized early
enough which should fix issue #2455507 (Observed Google services frame work crash).
In addition, this finally introduces a mechanism to determine if the
"force stop" button should be enabled, with convenience in PackageMonitor
for system services to handle it. All services have been updated to support
this. There is also new infrastructure for reporting battery usage as an
applicatin error report.
Don't go looking at attributes of a package struct without first verifying
that the struct pointer is non-null: in the failed-install case, of course
there will be no package info.
Change-Id: I3b2cafca2f1e3891a6592825ce5bcc977e7f3483
When an application being installed defines a backupAgent in its manifest, we
now automatically perform a restore of the latest-known-good data for that app.
This is defined as "data backed up by this app from this handset, if available;
otherwise data for this app as it existed when the device was initially
provisioned." If neither option exists for the app, no restore action is
taken.
The CL involves major changes in the Backup and Package Managers...
* The Package Manager's act of installing an application has now been split
into two separate phases, with a data-restore phase optionally occurring
between these two PM actions. First, the details of the install are performed
as usual. Instead of immediately notifying install observers and issuing the
install-related broadcasts, the in-process install state is snapshotted and
the backup manager notified that a restore operation should be attempted. It
does this by calling a new API on IBackupManager, passing a token by which it
identifies its in-progress install state.
The backup manager then downloads [if possible] the data for the newly-installed
application and invokes the app's backupAgent to do the restore. After this
step, regardless of failure, it then calls back into the Package Manager to
indicate that the restore phase has been completed, supplying the token that
was passed in the original notification from the Package Manager.
The Package Manager then runs the final post-install actions: notifying install
observers and sending out all the appropriate broadcasts. It's only at this
point that the app becomes visible to the Launcher and the rest of the OS.
... and a few other bits and pieces...
* The ApplicationInfo.backupAgentName field has been exposed to the SDK. This
can be reverted if there's a reason to do so, but it wasn't clear that this
info needs to be hidden from 3rd party apps.
* Debug logging of restore set IDs and operation timeout tokens [used during
any asynchronous Backup Manager operation] are now consistently in hex for
readability.
* We now properly reset our binder identity before calling into the transport
during restore-set operations. This fixes a permissions failure when a
single-app restore was attempted.
* The 'BackupTest' test app is no longer lumped onto the system partition
by default.
Change-Id: If3addefb846791f327e2a221de97c8d5d20ee7b3
Changes include
Add new remote call in default container service to determine
install location.
Rename INSTALL_ON_SDCARD
Remove recommentAppInstall method
Add some additional flags used in remote stubs.
Move check for protected apps prior to copy.
Unit tests
DefaultContainerService first parses the file uri(if content uri is specified
it returns a default install internal only value) and returns
a recommended location. Based on which the temporary id is determined
either a file name or a container id and the file is copied there.
This is then later renamed during install.
Todo's light weight parsing of package when determining location since we
just need the install location attribute only when finding out
recomended location. This will also enable to move the check for
updated system apps(cannot be on sdcard) prior to copying.
This will allow Market and others to find out what the "real" name
of a package is, when it is currently running under the old name of
a previously installed version.
We now have the new package retain the name of the old package. This makes
sure that all existing references to it (shortcuts, widgets, etc) will still
work.
This does mean that your package can run under either the old or new name,
depending on whether the user got it with an update. Buyer beware!
I have tried testing all of the paths of updating, installing another
update in /data, uninstalling the update, updating system with an even
newer update, etc. I think they all work. No promises though.
This file contains uid + debugFlag + dataPath information for
each non-system installed package. It is meant to be used later
from native code and thus needs to be considerably simpler to
parser than packages.xml.
The file should only be readable by non-system userIds, and its
format is essentially line-based with each line like:
<pkgName> <uid> <debugFlag> <dataDir>
With:
<pkgName> as the package name
<uid> as the application-specific user id
<debugFlag> either 0 or 1. 1 if the package is debuggable
<dataDir> path to the package's data directory
We need the debug flag to allow 'run-as' to only allow
commands to be executed on debuggable packages, even on
production devices.
This implements the spec for external storage organization, and
properly reflects how the media scanner organizes the files it finds.
Also includes package manager support for removing app private
files from external storage when the application is uninstalled.
For the new APIs and paths, the main place to look is Environment
and Context.
- Move android.storage.* -> android.os.storage.* and refactor users
- Refactor generic shares back to explicit ums enable/disable/isEnabled
- Remove media insert/removed event callbacks (not ready for Froyo)
- Remove 'label' from volume state change callbacks
- Add public API functions for enabling/disabling USB mass storage (permissions enforced
in MountSevice)
- Remove some stray un-needed import lines
- Move android.os.IMountService / android.os.IMountServiceListener -> android.os.storage
- Improve code comments
Updated:
MountService: Add dup state check and move debugging behind a conditional
UsbStorageActivity: Fix review comments + a TODO
StorageNotification: Add @Override tags
StorageManager: Don't use a static Listener list
MountService: Reduce bloat and fix == where I meant .equals()
PackageManagerTests: Update for new API
Signed-off-by: San Mehat <san@google.com>
This adds three new features:
- <original-package android:name="com.foo" /> manifest tag.
This allows an .apk to specify another package it originally came from,
propagating all state and data from the old to new package.
- <adopt-permissions android:name="com.foo" /> manifest tag.
In some more complicated cases, a new .apk may be a combination
of multiple older .apks that each declared their own permissions.
This allows you to propagate the permissions from these other
.apks into the new one.
- A new system/etc/updatecmds directory.
You can place files here which describe data files to move from
one package to another. (See below for details.)
Also in this change: we now clean up the data directories of
.apks that disappear from the system image, and some improvements
to logging and reporting error messages.
A typical file in the updatecmds directory looks like this:
-------
com.google.android.gsf:com.google.android.providers.talk
databases/talk.db
com.google.android.gsf:com.google.android.googleapps
databases/gls.db
-------
This says that for com.google.android.sfs, there are two packages to
move files from:
From com.google.android.providers.talk, the file databases/talk.db.
From com.google.android.googleapps, the file databases/gls.db
As part of moving the file, its owner will be changed from the old
package to whoever is the owner of the new package's data directory.
If those two files had existed, after booting you would now have the
files:
/data/data/com.google.android.gsf/databases/talk.db
/data/data/com.google.android.gsf/databases/gls.db
Note that all three of these facilities assume that the older .apk
is completely removed from the newer system. The WILL NOT work
correctly if the older .apk still remains.
Add new broadcasts ACTION_MEDIA_RESOURCES_AVAILABLE and
ACTION_MEDIA_RESOURCES_UNAVAILABLE that get broadcast by
PackageManagerService when sdcard gets mounted/unmounted
by MountService so that packages on sdcard get recognized by
various system services as being installed/available or
removed/unavailable by the system.
The broadcasts are sent before the actual package cleanup which includes
mounting/unmounting the packages and we force a gc right after so
that any lingering file references to resources on sdcard get
released.
The method packageManagerService.getNextCodePath(String oldCodePath,
String prefix, String suffix) threw StringIndexOutOfBoundsException if
oldCodePath does not contain prefix, and prefix is longer than
oldCodePath, or if the preix and suffix overlap.
Fixes http://b/issue?id=2404232
Change-Id: Ib8abb16f8bfd08f607476d9289f46d170c43a076
Add new remote interface to do temporary copies. The new
remote stub handling is done on mHandler thread and doesn't need locking
for now.
Add new InstallArgs class and subclasses to isolate cases for installation.
Move resource deletion for failed installs/upgrades to later on in installation
cycle.
Fix code path for forward locked apps when using scanPackageLI
TODO's
Fix installation paths to completely use InstallArgs based design later on.
Get rid of using flags in various install/uninstall code paths.
Ideally InstallArgs should be created using these flags and used in the
rest of the code.
Function renames.
Revisit mount api's.
Native-debuggable packages contain a lib/<abi>/gdbserver executable.
This patch ensures that the package manager will copy it to the
proper location (/data/data/<appname>/lib) at installation time.
Note that such packages are marked with a new ApplicationInfo flag
named FLAG_NATIVE_DEBUGGABLE, to be used later by the Activity
Manager.
Persist flags in PackageSetting. Flags are relevant to ApplicationInfo.FLAG_SYSTEM, Application.FLAG_ON_SDCARD, ApplicationInfo.FLAG_FORWARD_LOCK.
New pm command to simulate mount/unmount in Pm. This will be removed
when MountService/vold event generation gets fixed.
Calls from MountService into PackageManager when media gets mounted/unmounted.
Scan the packages and grant permissions when the sdcard gets mounted.
This api might change again.
to install an app on sdcard, just resources.
Add new install path for /asec in installd.
ignore . when checking for apk path since the sdcard packages id'ed
by package name.
Add new -s option to adb shell pm
Refactor fwd locked from scanMode to ApplicationInfo.
Add new flag for sd install
Add new parse flags for fwd locking and installing on sdcard
New mock api's in PackageManagerService to invoke MountService api's. These
will be refactored again and so have been wrapped internally.
Some error codes in PackageManager
Changes in PackageManagerService to use mPath and mScanPath during installation
and switch to using PackageParser.Package.applicationInfo attributes for
source and public resource directories.
Some known issues that will be addressed later
using system_uid for now. needs some tinkering with uid and packagesetting creation to use the actual app uid
error handling from vold not very robust. ignoring lot of things for now
sending a delayed destroy to delete packages. will revisit later
revisit temp file creation later. just copy for now
We can now locate event log tag definitions in individual packages
(and java constants for the tag numbers get auto-generated), so move
all the tags used by the system server into the package.
