This does some cleanup of the initial boot, especially when
booting in "no core apps" mode for encryption/decryption.
Change-Id: Ifb3949f580e52f54559e603c4b0b104f6bac2f6c
Also fix a little problem where the USER_STARTED broadcasts
were not being sent as ordered broadcasts(!).
Change-Id: I3aa3e0a9b3900967cdd2d115ee103371b0a50c41
Currently, installd doesn't correctly evict VFS cache entries for
FUSE emulated external storage. This means zygote processes have an
inconsistent view of the FUSE daemon when the system rapidly
recycles user IDs.
To work around this, only consider recycling a user ID after its
VFS cache entries have expired. The emulated storage FUSE daemon
currently uses a 'entry_valid' timeout of 10 seconds.
Bug: 7407902
Change-Id: Id80cbdd2215d8456467fb31e4c209ca12a505e16
System apps were getting the wrong path because app-lib directory was
defined after the scanning of packages.
Bug: 7425516
Change-Id: I7a7a6b2a74f846c84516440ee950099bdc564d0b
Bug: 7226656
In the case of packages with sharedUserId, the packages were inserted
into mPackages a little later. We were reading the package restrictions
before this happened and so the apps were being removed from the restricted
list, effectively setting installed=true.
Moved the block that reads the restrictions to after the processing of
mPendingPackages.
Also, don't setInstalled for all users in the pending packages processing.
Change-Id: I382787e45fecdb871d80ffb4d854782d8e32e4a7
Use a version number to update the name to Owner, from Primary.
For new installations, use the correct localized string.
Bug: 7417150
Fix a typo in the permission description.
Bug: 7333304
Change-Id: I123741e581c6a02d4597b3cd81f2ca48a8587e2a
It appears that changing an application's signature during boot can pass
an outInfo of null to this function.
Bug: 7402550
Change-Id: I839fea6c8ee728a352c6b906f0fa6671c85f8694
During package scan, only the primary user data directories were
checked. If the secondary user didn't have an application directory, it
would happily ignore it. The app would then crash upon startup.
Bug: 7391882
Change-Id: I1fa92aa27386104d4ac6bc5dc92bfbf2e7dfac9f
Make USER_REMOVED an ordered broadcast and send it before the user's
state is completely removed from the system. This gives services the
opportunity to clean up their state, while still having access to the
user's directory and UserInfo object (such as serial number).
Tell SyncManager to skip over dying/partially created users.
Improve UserManager tests, waiting for users to be removed fully.
Bug: 7382252
Change-Id: I93cfb39c9efe6f15087bf83c569a2d154ef27168
Try to get installd to free up cache before giving up when there is too
little space free.
Bug: 7232123
Change-Id: Ie3c8ca8dfc190abbb9a29a7baee31f32e9de7d69
Amazingly, some apps still don't use the nativeLibraryPath. So add a lib
symlink for non-primary users to fix that.
Also, there was an error when the symlink existed that it would give up.
This shouldn't really happen, but in that case, just remove it and
create a new one to be safe.
Also, move the downgrade code to the appropriate place. This downgrade
case triggered the above symlink existing bug.
Bug: 7318366
Bug: 7371571
Change-Id: Ia175b36d98f00bdc2f2433b909aafd524eb34d15
This allows services watching for USER_REMOVED to fetch the serialNumber of a dying user.
Also fix an AIOOBE when building the userId array, typically on cleanup.
Bug: 7368826
Change-Id: I24e52278af8353b5744372127da4bf4fafc89baa
Mark user 0 as initialized, otherwise it will show up as
uninitialized when viewed from secondary user if never switched to user 0.
Bug: 7301595
Also clean up any users that were in the process of being removed, if device
crashes at a bad time.
Change-Id: Ic16a6c9ccb6a64b7463725f6cc279335a821fcd5
Return ApplicationInfo with requested userId instead of trying to
infer it from calling UID.
Bug: 7334712
Change-Id: I9ce0061e2d020b0d74c7c9cd22d89c5ff2466a6c
ADB installs appear as UserHandle.USER_ALL, and can only be performed by
UserHandle.USER_OWNER, so use the package verifier for UserHandle.USER_OWNER.
This returns a valid userId to call PackageManagerService.getPackageUid.
Bug: 7293091
Change-Id: I7a5497cfe5fa2e7aa804345cf9f507ec26a0db21
A couple problems:
- We need to clear app preferences later, now that we have encrypted apps.
- The multi-user implementation of this would allow different preferred
apps from different users to potentially interefere with each other.
They are not completely separate data structures.
Change-Id: Id4f1ebb6414fdf30ff1049adaa1efe83dabac01a
Bug: 7280093
User serial number was not being bumped up from 0 on a freshly wiped device
due to the userlist not existing. This was resulting in the first 2 users
getting the same serial number, messing up C2DM message delivery. This issue
doesn't show up if you boot the device before adding a user, so it wasn't
discovered earlier.
Change-Id: I8a5d99b9ad2ccfb66a16cacac9548ba53f0be387
With this fix, when all users cancel installing an app they were warned about,
then the "Installing..." screen disappears, as desired.
Bug: 7255231
Change-Id: I2475fa790a5d09abbf94411c696682502fb1e8df
Includes telephony, WindowManager, PackageManager, and debugging
settings. Update API to point towards moved values.
Bug: 7231764, 7231252, 7231156
Change-Id: I5828747205708872f19f83a5bc821ed0a801cb79
Issue #7211769: Crash dialog from background user has non-working "report"
The report button now launches the issue reporter for the correct user.
Also for crashes on background users, either disable the report button,
or simply don't show the dialog depending on the build config.
Issue #7244492: Bugreport button in Quick Settings doesn't actually do anything
Now they do.
Issue #7226656: second user seeing primary user's apps
I haven't had any success at reproducing this. I have tried to tighten up
the path where we create the user to ensure nothing could cause the
user's applications to be accessed before the user it fully created and thus
make them installed... but I can't convince myself that is the actual problem.
Also tightened up the user switch code to use forground broadcasts for all
of the updates about the switch (since this is really a foreground operation),
added a facility to have BOOT_COMPELTED broadcasts not get launched for
secondary users and use that on a few key system receivers, fixed some debug
output.
Change-Id: Iadf8f8e4878a86def2e495e9d0dc40c4fb347021
Migrate networking, storage, battery, DropBox, and PackageManager
related Secure settings to Global table.
Bug: 7232014, 7231331, 7231198
Change-Id: I772c2a9586a2f708c9db95622477f235064b8f4d
Fixed one setting that was migrated but not marked deprecated.
Removed a hidden setting that is no longer used by the new
power manager service.
Bug: 7231172
Change-Id: I332f020f876a18d519a1a20598a172f1c98036f7
When PackageManagerService deals with external storage, always bind
to DefaultContainerService as USER_OWNER. This avoids binding to a
stopped user, which would fail.
Bug: 7203111
Change-Id: I8e303c7558e8b5cbe4fea0acc9a472b598df0caa
Issue #7209355: Intent on the secondary user results in an intent picker
in the Primary user.
Issue #7214271: Crash in system UI
Also fix a bug where I recently broke the removeTask() operation in the
activity manager where it would remove the wrong task.
Change-Id: I448c73a0e83a78d9d8d96b4629658c169888d275
Since SettingsProvider can call back into PMS, query the default
enforcement state before acquiring mPackages lock.
Bug: 7182437
Change-Id: Ie218aedfc7a943e5b221814af3e0356c7199b0e4
Create a setting "verifier_verify_adb_installs" to allow developers to control
package verification on ADB installs only. If package verification is enabled,
the setting will:
0, Do not perform package verification on apps installed through ADB/ADT/USB
and perform package verification on all other installs.
1, Use package verification on all installs. (Default)
Bug: 7183252
Change-Id: I9d3eb8abb5ba5e93f8634d3135794e92ff6273b6
Keep track of user creation and last logged-in time.
adb shell dumpsys users
User switcher shouldn't show users about to be removed.
No need to check for singleton for activities.
Bug: 7194894
Change-Id: Ic9a59ea5bd544920479e191d1a1e8a77f8b6ddcf
New APIs let you indicate what user(s) to monitor, and tell you
what user is changing when receiving a callback.
Fix package manager to only deliver package brpadcasts to the
running users. (This isn't really a change in behavior, since
the activity manager would not deliver to stopped users anyway).
Make sure all broadcasts that package monitor receives also include
user information for it to use.
Update wallpaper service to (hopefully) now Really Correctly
monitor package changes per user.
Change-Id: Idd952dd274abcaeab452277d9160d1ae62919aa0
Bug: 7136483
Store device policy information for each user and apply them when user switches.
Global proxy can only be controlled by owner.
Camera restriction applies to all users, if any one has an admin that disables it.
Storage encryption can only be controlled by owner, although other users can query the state.
Wipe data will only remove the user if non-zero, wipe the device, if zero.
Change-Id: I359be46c1bc3828fd13d4be3228f11495081c8f2
The current MTP kernel driver at /dev/mtp_usb is exclusive, meaning
only one process can have it open. In addition, each MTP session
with a desktop requires unique object IDs, which doesn't hold true
across users on the device.
To solve these two issues, when switching users we cycle the USB host
stack to disconnect both local and remote MTP connections, giving the
new user's media process a chance to claim /dev/mtp_usb, and causing
the desktop to initiate a new MTP session.
This change also allows BroadcastReceivers to registerReceiver()
allow retrieval of a current sticky broadcast. Adds a system property
to override maximum users. Removes MOUNTED broadcasts for secondary
users. Allows INTERACT_ACROSS_USERS to getCurrentUser().
Bug: 6925114
Change-Id: I02b4a1b535af95fb2142655887b6d15a8068d18a
Add a USER_INFO_CHANGED intent for lockscreen and quicksettings to use
to monitor changes to the user name or icon.
Bug: 7164040
Change-Id: Id6fb8b6d38ce04ccd02bbadcf0c10699783d6c03
