Apps without sdcard_r or sdcard_rw are still able to write to
their package-specific directory, but someone needs to first make
that directory on their behalf. This change will delegate the
mkdirs() call through to vold when an app fails to create directly.
MountService validates that the path belongs to the calling user, and
that it's actually on external storage, before passing to vold.
Update Environment to make app-vs-vold paths clearer.
Bug: 10577808
Change-Id: I43b4a77fd6d2b9af2a0d899790da8d9d89386776
Provide developer APIs to discover application-specific paths on
secondary external storage devices. Covers files, cache, and OBB
directories. Apps will not have write access outside their package-
specific directories on secondary devices, so only primary storage is
exposed through Environment.
Creation of .nomedia files will be handled by FUSE daemon in future
change.
Change-Id: Ifcce6201a686d80269d7285adb597c008cf8fa7c
When building commands to send across NativeDaemonConnector, scrub
sensitive arguments to prevent them from being logged.
Bug: 8609800
Change-Id: I84b16791749264a010f7e59f9918f68d71bac6b9
When an SD card is removed without the user unmounting, the intent
ACTION_MEDIA_BAD_REMOVAL is fired but is missing the preceeding
ACTION_MEDIA_UNMOUNTED which is needed to keep UI consistency.
Now when bad media removal is detected an ACTION_MEDIA_UNMOUNTED
intent is sent before the ACTION_MEDIA_BAD_REMOVAL.
Change-Id: I133300f42bafab141351e796d7cfc13c15d133e0
Adds an optimization for checking whether a looper is stuck,
with a new Looper method to see if its thread is currently
idle. This will allow us to put a large number of loopers
in the monitor efficiently, since we generally won't have to
do a context switch on each of them (since most looper threads
spend most of their time idle waiting for work).
Also change things so the system process's main thread
is actually running on the main thread. Because Jeff
asked for this, and who am I to argue? :)
Change-Id: I12999e6f9c4b056c22dd652cb78c2453c391061f
This introduces four generic thread that services can
use in the system process:
- Background: part of the framework for all processes, for
work that is purely background (no timing constraint).
- UI: for time-critical display of UI.
- Foreground: normal foreground work.
- IO: performing IO operations.
I went through and moved services into these threads in the
places I felt relatively comfortable about understanding what
they are doing. There are still a bunch more we need to look
at -- lots of networking stuff left, 3 or so different native
daemon connectors which I didn't know how much would block,
audio stuff, etc.
Also updated Watchdog to be aware of and check these new
threads, with a new API for other threads to also participate
in this checking.
Change-Id: Ie2f11061cebde5f018d7383b3a910fbbd11d5e11
This change is removing the check for debuggable build to
log fstrim events. While this was done everywhere else, one
place was overlooked.
bug:8688454
Change-Id: I354e1deebfd801f971dd91b9e7972c6ebfd093f3
Added the precondition that the device should be charging to the
existing ones of the device not being used for awhile and the
battery level being high enough. Note that even if the device is
charging, we have to check the battery level since the user can
unplug it at any time.
bug:8688454
Change-Id: I709b1620571301743dc3504a6a625e2018951bfa
Since using the discard option for mounting an Ext4 file system
could lead to unpredictable slowdowns of I/O we will explicitly
control when to perform fstrim, i.e. discard unused blocks of the
mounted volume. We are using the idle maintenance intents sent by
the system which specify a window that one can use to perform
expensive maintenance tasks while the user does not use the device.
This change is adding a broadcast receiver for the idle maintenance
start intent to the mount services which then notifies vold when to
start fstrim.
Since fstrim will be run on a daily basis we do not expect fstrim
to be too long, so it is not interruptible. We will implement
interruption only in case we see issues.
bug:8056794
Change-Id: I1438479d2956b61b82d3a130854376f7a144aaf3
Also fix a little problem where the USER_STARTED broadcasts
were not being sent as ordered broadcasts(!).
Change-Id: I3aa3e0a9b3900967cdd2d115ee103371b0a50c41
Rely on behavior of already-released CountDownLatch instead of
clearing the reference.
Bug: 7290521
Change-Id: I787e673b97d18be412d5b37e279fbf1275b49151
Since emulated external storage paths differ based on execution
context, carefully fix up paths for various use-cases:
1. When sending paths to DefaultContainerService, always scope
OBB paths as belonging to USER_OWNER.
2. When sending paths to vold, always build emulated storage paths
visible to root.
3. Always use the original untouched path when talking with apps.
Mount OBB containers using shared app GID, so that an app can read
the mount point across users.
Handle legacy paths like "/sdcard" by resolving the canonical path
before sending to MountService. Move tests to servicestests, and
add tests for new path generation logic.
Bug: 7212801
Change-Id: I078c52879cd08d9c8a52cc8c83ac7ced1e8035e7
Keep track of user creation and last logged-in time.
adb shell dumpsys users
User switcher shouldn't show users about to be removed.
No need to check for singleton for activities.
Bug: 7194894
Change-Id: Ic9a59ea5bd544920479e191d1a1e8a77f8b6ddcf
The current MTP kernel driver at /dev/mtp_usb is exclusive, meaning
only one process can have it open. In addition, each MTP session
with a desktop requires unique object IDs, which doesn't hold true
across users on the device.
To solve these two issues, when switching users we cycle the USB host
stack to disconnect both local and remote MTP connections, giving the
new user's media process a chance to claim /dev/mtp_usb, and causing
the desktop to initiate a new MTP session.
This change also allows BroadcastReceivers to registerReceiver()
allow retrieval of a current sticky broadcast. Adds a system property
to override maximum users. Removes MOUNTED broadcasts for secondary
users. Allows INTERACT_ACROSS_USERS to getCurrentUser().
Bug: 6925114
Change-Id: I02b4a1b535af95fb2142655887b6d15a8068d18a
When building external storage paths, always include user in path
to enable cross-user paths and aid debugging.
Each Zygote process continues to only have access to the appropriate
user-specific emulated storage through bind mounts. A second set of
mounts continue supporting legacy /sdcard-style paths. For example,
a process running as owner has these mount points:
/storage/emulated_legacy
/storage/emulated_legacy/Android/obb
/storage/emulated/0
/storage/emulated/obb
Since Environment is created before Zygote forks, we need to update
its internal paths after each process launches.
Bug: 7131382
Change-Id: I6f8c6971f2a8edfb415c14cb4ed05ff97e587a21
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
- use an ID instead of a String for StorageVolume description
- use this ID for getting the correct localized version of the description string
Change-Id: I30f3080fce2c889be38bfdf9f5121dffcf8a99e8
Move MountService up the list, then pause waiting for MountService to
finish scanning ASECs before the services that require those packages to
be ready.
Additionally, don't automatically mark all ASEC apps as FLAG_EXTERNAL on
reboot. This prevents AppWidgets and other things from being used with
ASECs which are on internal storage.
Bug: 6445613
Change-Id: I3e0b3e244fec966814d7a5ea93de5d337aea79bd
We couldn't put forward-locked apps in ASEC containers before since we
didn't have any permissioned filesystems. This adds the ability for
forward-locked applications to be in ASEC containers.
This means that forward locked applications will be able to be on the SD
card now.
This change also removes the old type of forward-locking that placed
parts of apps in /data/app-private. Now all forward-locked applications
will be in ASEC containers.
Change-Id: I17ae0b0d65a4a965ef33c0ac2c47e990e55707ad
Packages can be enabled/disabled per user.
This requires maintaining stopped/launched states and
enabled / disabled components and packages per user.
Refactored pm.Settings and PackageSettingsBase to keep
track of states per user.
Migrated the stopped-packages.xml to users/<u>/package-restrictions.xml
Changed intent resolution to handle individual user restrictions.
Bunch of IPackageManager calls now have a userId argument.
Make AppWidgetService handle removals of packages.
Added some tests for pm.Settings and PackageManager.
Change-Id: Ia83b529e1df88dbcb3bd55ebfc952a6e9b20e861
Create a LocalLog class for logging within a service for dumping in dumps.
Use it in the NativeDaemonConnector so we can get some insight into what
is happening in these lockups.
bug:5864209
Change-Id: I68ddc58847f3c8de613be9528570f8c3157d8274
This was broken in commit dd519fac9b79f36a27909149a90fce4321ed1c20
(certainly by mistake), in which Integer.parseInt(tokens[1]) was
errornously replaced with event.getCode().
Change-Id: Ic5af5a2ec5f321da21a4a5db25f6908462f6cae8
Uses argument escaping inside NativeDaemonConnector, using varargs
to separate boundaries.
Bug: 5472606
Change-Id: Ie107a90df7e2b3bd3eaaf04c8367248ab40136f4
Perform uniform argument escaping inside NativeDaemonConnector, using
varargs to separate boundaries. Also move to parsed NativeDaemonEvent
instances instead of raw Strings.
Bug: 5472606
Change-Id: I1270733e2b2eeb2f6b810240df82ab24d38ebf40
This supersedes any backup-password that the user might supply. Per
design, the device encryption password is also always used to encrypt
the backup archive.
The CL introduces two new strings, used for prompting the user for
their device encryption password rather than their settings-defined
"backup password" when confirming a full backup or restore operation.
Bug 5382487
Change-Id: I0b03881b45437c944eaf636b6209278e1bba7a9f
External storage volumes that were emulated+encrypted needed to have
their encryption mapping removed so that it doesn't try to encrypt the
volume after formatting them.
This just wires through an argument through vold, and assumes that vold
will do the right thing even if there is no encryption mapping set.
Bug: 5017638
Change-Id: I858fae3d12cb415bc34637f520f71220ad9daaad
- this really just calls cryptfs cryptocomplete
- needed so that UI logic can present a factory reset option if
encryption screwed up
Bug: 3384231
Change-Id: I553de87f0d03a65851030c9c5266e85866d30fa6
cryptfs has long-running operations that cause the Watchdog to fire
reliably when encrypting the filesystem. Disable Watchdog on
MountService for this reason.
Change-Id: Id03f5f60c704dcd74a8696ad9f32b5fba5381731
To catch instances where NativeDaemonConnector hangs while executing
commands, add users to system_server watchdog. Also moved qtaguid
enabler to separate thread to prevent blocking systemReady().
Bug: 5145437
Change-Id: I4c6c1dc09864a1c05f9486a31faa1b366548e911
This is a temporary fix until we get something better. During the
encryption process, vold does not respond to commands because it is
blocked doing the encryption. Because it doesn't respond, this code
times out, sets the state to null, and thows an exception. For now,
just don't throw an exception if the device is encrypting.
Change-Id: I7e821ec2addd60475fb10834df533beccb2650fe
