This change include a minor refactoring of PackageItemInfo and related
classes to eliminate code duplication and to avoid redundant work
searching for an ApplicationInfo instance we already have.
Bug: b/2537578
Change-Id: Id0794c3f055ea58b943028f7a84abc7dec9d0aac
Addresses:
Issue #2550648: PackageManagerService setComponentEnabledSetting unconditionally
writes Settings xml
Issue #2549084: Make PackageManager.addPermission have async version
Also make the writing of settings when changing the preferred activities to use
the same async mechanism, and fiddle with thread priorities in the background
thread to go up to foreground priority when holding the lock to write settings
and a few other places. (At some point we should really clean this up to never
acquire the main lock while in the background.)
Change-Id: Ib2b7632543f6fb3f92a225518579f3b2d15e1413
Need to be sure to compute gids when SD card is mounted, since we
need the package info for that. Note that this is not re-granting
permissions (and in the future we could optimize this to just pass
through the mounted apps).
Change-Id: I51e1c23d17a6429642132902ef75c65a307fc33a
This is needed when restoring applications installed on sdcard
via Market after a data wipe. The stale containers need to be cleaned up before
reinstalling again.
Add a test case for installing when a stale container exists.
Change-Id: I20c30b3003e85fb31531dd3cf9cb59962fe8fe5f
Use new method in UsbStorageActivity.
Fix moving dex files.
moveDex should be suffixed with LI since it uses Installer
Change-Id: Id5ef0254578e84b9aae2c2ac44f722eb5a0fda1c
It turns out the whole loadedPermissions thing was pointless at this
point, and causing the problem: we would write out the granted
permissions, then at boot load them into loaded permissions, and
never actually put them in granted.
Just remove loadedPermissions. The grantedPermissions (that is
the permissions the user has approved be granted to the app) are
all we care about.
Change-Id: I54d9dc418d6277ae0b35b8c1fc4b9c11f34f86f0
PackageManager invokes this call back when its done handling
the media status update.
Add new uid check for updateExternalMediaStatus
Change killPids method in ActivityManager.
Remove mountsd command in Pm.java We cannot arbitrarily enable/disable
packages in PackageManager now.
Change-Id: I28dcba4afd2b4486f68abdaa1628a31b66544c91
No steps to repro, but makes the code more robust by using the standard
JournaledFile class and doing sanity checks on the input it reads.
This required moving the JournaledFile class in to the framework (and
we really should get rid of either it or AtomicFile, but they have
different recovery semantics so that is tough). Also went through and
cleaned up the file management in various places.
Change-Id: Ieb7268d8435e77dff66b6e67bb63b62e5dea572e
Apps on the system partition are now allowed to change their certs, as
long as they are not using a shared user id.
Change-Id: I02ff7ac874dc649b7f8cbb705ae8d7ed31e1d125
Add a new install location unspecified for backward compatibility.
There is not much difference between policies auto and unspecified.
But we dont have to make any code changes in PackageParser based
on our preference for install location.
Add tests
Change-Id: I563238133261d911d08fbc66344687b7dfc870b1
This allows us to keep the assigned permissions when apps are temporarily
removed due to the SD card being unmounted, and also if you use the
facility to uninstall an app but keep its data.
Also fixes issue #2515189: Potential permission spoofing attack in
Android (external bug 7166)
Change-Id: I2a120ec938552028c989f9e0e890c32773957738
Add new remote method to check for insufficient error conditions.
Some fixes in MountService when updating media status on PackageManagerService
Fix size calculation condition in installd.
Add new error code if media is unavailable.
New tests for testing error codes.
Some additional debugging statements in MountService.
Change-Id: Ibfe90d5ed6c71d57f9c1c67806f38b5ae9ecdfbf
Fixes issue #2507124:
cts.PackageManagerRequiringPermissionsTest:testClearPackagePreferredActivities
is failing with NPE
Also introduce some compatibility code to simple ignore calls to set
preferred packages from old applications, and changes some package manager
logs to Slog.
Change-Id: Id3f98ac8e106da526ba4c12879a9ddaabf28f462
I can't believe I let this slip through. And in the SDK no less. :(
The APIs for setting preferred activities will now throw a security
exception when used. This may break some apps, we'll see how it
goes. If it is too bad we can just make these log and not throw
anything, but I would much prefer they throw an exception.
Change-Id: I3aed434750eef8b202aa9d5bd774a0121be521c6
to internal flash only even before we copy.
Return error codes when install flag options mismatch.
Some conditions for existings apps
- install flags override existing location
- explicity manifest option install location overrides previous location
- if upgraded package's install location is unspecified or auto, fall
back to recommended install policy which considers user setting as well.
Check for sdcard status before finding available size on sdcard
Add light weight parsing for manifest attributes including package name and
install location only
Change-Id: I5143dda87c88c595f564b317326c926d0ec3ceb8
Clean up stale containers when enabling/disabling packages on sdcard.
Check the path of packages which are being enabled.
Make sure gc's are done prior to destroying containers when moving applicati
as well as enabling/disabling packages for sdcard mount status changes.
Some miscellaneous issues
Remove hack to avoid renaming containers.
Fix test with forward locked apps
Remove adding container id to asec list when renaming
Some cosmetic changes to DefaultContainerService
Also add ability for admins to hide themselves when not in use,
a facility for admins to not allow other admins to reset
their password, and debug dumping.
Dont invoke getInstallLocation for forward locked apps.
If INSTALL_ON_SDCARD is selected as default, forward locked
apps are not being installed because of conflicting flags.
This is the framework part, moving classes around so the framework
no longer needs to link to android-common. Makes some APIs public,
others that didn't need to be public are private in the framework,
some small things are copied.
MountService updates state on PackageManager and then tries to
kill processes holding file references to media about to be unmounted by
invoking api on ACtivityManager. This is retried upto 4 times to make sure all
processes holding file references are killed before unmounting the media
at specified path.
Also changed PackageManger api to return boolean value to indicate if
MountService is likely to receive broadcasts related to apps on sd.
change hard coded path in installd
fix tests
Work around for renaming containers.
Do forced unmount when destroying containers.
Force a gc in default container service to release handle to parsed package
and thus avoid getting killed by vold
Some cosmetic changes to PackageManager api.
Unit tests for renaming container for MountService
Remove internal size limit on app to be installed.
2185256: After open &close of device keyboard shortcut does not added to Home desktop.
ActivityThread was losing the last saved state when restarting or launching into
a paused state.
2366174: defaults not cleared when they should be
PackageManagerService now removes any preferred activity records for a package
when it is uninstalled.
2154556: Battery stats can have an unbounded number of wake locks
We now start combining wake locks into one shared record when we hit a
maximum limit (currently 20).
2442519: Foreground services can have no notification by providing a bogus one.
If the notification manager rejects our notification, the service is forced to
no longer be in the foreground.
2442383: Finalization issues in com.android.server.am.PendingIntentRecord.java
Cleaned up finalization to call super class and avoid the big activity manager
lock (we still need to use the locks inside of the message system, but these
are much less likely to be a problem).
2284190: Cannot call a phone number using adb
We weren't getting the calling uid/pid in startActivity() if the caller did not
supply an application record.
I am getting tired of writing package monitor code, realized this is missing in
a number of places, and at this point it has gotten complicated enough that I
don't think anyone actually does it 100% right so:
Introducing PackageMonitor.
Yes there are no Java docs. I am still playing around with just what this
thing is to figure out what makes sense and how people will use it. It is
being used to fix this bug for monitoring voice recognizers (integrating the
code from the settings provider for setting an initial value), to replace
the existing code for monitoring input methods (and fix the bug where we
wouldn't remove an input method from the enabled list when it got
uninstalled), to now monitor live wallpaper package changes (now allowing
us to avoid reverting back to the default live wallpaper when the current
one is updated!), and to monitor device admin changes.
Also includes a fix so you can't uninstall an .apk that is currently enabled
as a device admin.
Also includes a fix where the default time zone was not initialized early
enough which should fix issue #2455507 (Observed Google services frame work crash).
In addition, this finally introduces a mechanism to determine if the
"force stop" button should be enabled, with convenience in PackageMonitor
for system services to handle it. All services have been updated to support
this. There is also new infrastructure for reporting battery usage as an
applicatin error report.
Don't go looking at attributes of a package struct without first verifying
that the struct pointer is non-null: in the failed-install case, of course
there will be no package info.
Change-Id: I3b2cafca2f1e3891a6592825ce5bcc977e7f3483
When an application being installed defines a backupAgent in its manifest, we
now automatically perform a restore of the latest-known-good data for that app.
This is defined as "data backed up by this app from this handset, if available;
otherwise data for this app as it existed when the device was initially
provisioned." If neither option exists for the app, no restore action is
taken.
The CL involves major changes in the Backup and Package Managers...
* The Package Manager's act of installing an application has now been split
into two separate phases, with a data-restore phase optionally occurring
between these two PM actions. First, the details of the install are performed
as usual. Instead of immediately notifying install observers and issuing the
install-related broadcasts, the in-process install state is snapshotted and
the backup manager notified that a restore operation should be attempted. It
does this by calling a new API on IBackupManager, passing a token by which it
identifies its in-progress install state.
The backup manager then downloads [if possible] the data for the newly-installed
application and invokes the app's backupAgent to do the restore. After this
step, regardless of failure, it then calls back into the Package Manager to
indicate that the restore phase has been completed, supplying the token that
was passed in the original notification from the Package Manager.
The Package Manager then runs the final post-install actions: notifying install
observers and sending out all the appropriate broadcasts. It's only at this
point that the app becomes visible to the Launcher and the rest of the OS.
... and a few other bits and pieces...
* The ApplicationInfo.backupAgentName field has been exposed to the SDK. This
can be reverted if there's a reason to do so, but it wasn't clear that this
info needs to be hidden from 3rd party apps.
* Debug logging of restore set IDs and operation timeout tokens [used during
any asynchronous Backup Manager operation] are now consistently in hex for
readability.
* We now properly reset our binder identity before calling into the transport
during restore-set operations. This fixes a permissions failure when a
single-app restore was attempted.
* The 'BackupTest' test app is no longer lumped onto the system partition
by default.
Change-Id: If3addefb846791f327e2a221de97c8d5d20ee7b3
Changes include
Add new remote call in default container service to determine
install location.
Rename INSTALL_ON_SDCARD
Remove recommentAppInstall method
Add some additional flags used in remote stubs.
Move check for protected apps prior to copy.
Unit tests
DefaultContainerService first parses the file uri(if content uri is specified
it returns a default install internal only value) and returns
a recommended location. Based on which the temporary id is determined
either a file name or a container id and the file is copied there.
This is then later renamed during install.
Todo's light weight parsing of package when determining location since we
just need the install location attribute only when finding out
recomended location. This will also enable to move the check for
updated system apps(cannot be on sdcard) prior to copying.
This will allow Market and others to find out what the "real" name
of a package is, when it is currently running under the old name of
a previously installed version.
We now have the new package retain the name of the old package. This makes
sure that all existing references to it (shortcuts, widgets, etc) will still
work.
This does mean that your package can run under either the old or new name,
depending on whether the user got it with an update. Buyer beware!
I have tried testing all of the paths of updating, installing another
update in /data, uninstalling the update, updating system with an even
newer update, etc. I think they all work. No promises though.
This file contains uid + debugFlag + dataPath information for
each non-system installed package. It is meant to be used later
from native code and thus needs to be considerably simpler to
parser than packages.xml.
The file should only be readable by non-system userIds, and its
format is essentially line-based with each line like:
<pkgName> <uid> <debugFlag> <dataDir>
With:
<pkgName> as the package name
<uid> as the application-specific user id
<debugFlag> either 0 or 1. 1 if the package is debuggable
<dataDir> path to the package's data directory
We need the debug flag to allow 'run-as' to only allow
commands to be executed on debuggable packages, even on
production devices.
This implements the spec for external storage organization, and
properly reflects how the media scanner organizes the files it finds.
Also includes package manager support for removing app private
files from external storage when the application is uninstalled.
For the new APIs and paths, the main place to look is Environment
and Context.
- Move android.storage.* -> android.os.storage.* and refactor users
- Refactor generic shares back to explicit ums enable/disable/isEnabled
- Remove media insert/removed event callbacks (not ready for Froyo)
- Remove 'label' from volume state change callbacks
- Add public API functions for enabling/disabling USB mass storage (permissions enforced
in MountSevice)
- Remove some stray un-needed import lines
- Move android.os.IMountService / android.os.IMountServiceListener -> android.os.storage
- Improve code comments
Updated:
MountService: Add dup state check and move debugging behind a conditional
UsbStorageActivity: Fix review comments + a TODO
StorageNotification: Add @Override tags
StorageManager: Don't use a static Listener list
MountService: Reduce bloat and fix == where I meant .equals()
PackageManagerTests: Update for new API
Signed-off-by: San Mehat <san@google.com>
