This introduces four generic thread that services can
use in the system process:
- Background: part of the framework for all processes, for
work that is purely background (no timing constraint).
- UI: for time-critical display of UI.
- Foreground: normal foreground work.
- IO: performing IO operations.
I went through and moved services into these threads in the
places I felt relatively comfortable about understanding what
they are doing. There are still a bunch more we need to look
at -- lots of networking stuff left, 3 or so different native
daemon connectors which I didn't know how much would block,
audio stuff, etc.
Also updated Watchdog to be aware of and check these new
threads, with a new API for other threads to also participate
in this checking.
Change-Id: Ie2f11061cebde5f018d7383b3a910fbbd11d5e11
Fixed b/8276827
Vendor might want to provide their own implementation of "network
location", "fused location" and "geocoder" service. Location manager now
allows those service to be replaced by packages that have the same
signature as one of the packages in config_locationProviderPackageNames.
Such behavior might not be desirable on some devices. This change
make this behavior configurable by 3 boolean flags.
Details:
- Added three boolean flags in core/res/res/values/config.xml to enable
or disable NLP/FLP/Geocoder overlay
- Added 3 package name for the stock NLP/FLP/Geocoder. They are needed
only when overlay is disabled because LocationManagerService need to
know which package is preferred when searching for
NLP/FLP/Geocoder service.
- Made ServiceWatcher able to handle non-overlayable services.
- Fixed an NPE isue in ServiceWatcher. mPm.queryIntentServicesAsUser
might return null.
- Fixed an bug: justCheckThisPackage in bindBestPackageLocked is always
ignored.
Change-Id: Id221961ac7c3aa8ad44b894f9523f04f770ae237
can get location updates too frequently by repeatedly calling getLastKnownLocation
or by registering/unregistering location updates frequently.
Change-Id: Ibd9ce28b0401372b995a0dbfb2f0a984dd11c0b1
This commit splits LocationManagerService.isAllowedBySettingsLocked()
into isAllowedByUserSettingsRogkei(), which takes a UID argument, and
isAllowedByCurrentUserSettingsLocked(), which does not. This removes
the need to generate synthetic UIDs with arbitrary application IDs
and makes more explicit when LocationManagerService is acting on
behalf of a caller and when it is acting on behalf of the device's
current active user.
Change-Id: I2cb8fb52687d2629848e5a4b66a4bda8f0f66fe1
Instead of hardcoding true/false in the code:
setprop log.LocationManagerService DEBUG
works just fine. Or the reboot-proof version in userdebug/eng builds:
cat > /data/local.prop <<eof
log.tag.LocationManagerService=DEBUG
eof
Change-Id: If4efad1c3adc401c0cb5d1a3cc449b53224ead08
This changelist revises LocationManager's previous multiuser system.
Location provider services that are not multiuser-aware continue to
run as before: ServiceWatcher binds to location provider services as
the current active user. When the device switches from one user to
another, ServiceWatcher unbinds from the old user's location provider
service and binds to the new user's instance.
Now, location provider services that are multiuser-aware or
user-agnostic can declare "serviceIsMultiuser" metadata in their
AndroidManifest.xml to prevent ServiceWatcher from performing this
switching. These services will run as singleton services and will be
expected to handle user switches on their own.
With this feature in, I was able to switch FusedLocationProvider to
run in multiuser mode, sharing the system_server process instead of
running in its own process. The NetworkLocationProvider is unchanged,
still running in singleuser mode, cheerfully oblivious to the
possibility that there might be any user on the device besides the
one it services.
Bug: 8028045
Change-Id: I1a5bd032918419bab6edb46c62ff8c6811170654
Also add new ops for calendar and wi-fi scans, finish
implementing rejection of content provider calls, fix
issues with rejecting location calls, fix bug in the
new pm call to retrieve apps with permissions.
Change-Id: I29d9f8600bfbbf6561abf6d491907e2bbf6af417
LocationManagerService now annotates incoming Location objects that
have come from mock location providers. The new isFromMockProvider()
method can be called on any Location to determine whether the
provider that supplied the Location was a mock location provider.
Bug: 6813235
Change-Id: Ib5140e93ea427f2e0b0036151047f87a02b4d23a
Implemented reading and writing state to retain information
across boots, API to retrieve state from it, improved location
manager interaction to monitor both coarse and fine access
and only note operations when location data is being delivered
back to app (not when it is just registering to get the data at
some time in the future).
Also implement tracking of read/write ops on contacts and the
call log. This involved tweaking the content provider protocol
to pass over the name of the calling package, and some
infrastructure in the ContentProvider transport to note incoming
calls with the app ops service. The contacts provider and call
log provider turn this on for themselves.
This also implements some of the mechanics of being able to ignore
incoming provider calls... all that is left are some new APIs for
the real content provider implementation to be involved with
providing the correct behavior for query() (return an empty
cursor with the right columns) and insert() (need to figure out
what URI to return).
Change-Id: I36ebbcd63dee58264a480f3d3786891ca7cbdb4c
Use this to track the package name of applications
accessing GPS.
And now the app ops service can enforce that callers
must provide valid package names.
Change-Id: I842a0abe236ea85f77926d708547f0f95c24bd49
Initial implementation, tracking use of the vibrator, GPS,
and location reports.
Also includes an update to battery stats to also keep track of
vibrator usage (since I had to be in the vibrator code anyway
to instrument it).
The service itself is only half-done. Currently no API to
retrieve the data (which once there will allow us to show you
which apps are currently causing the GPS to run and who has
recently accessed your location), it doesn't persist its data
like it should, and no way to tell it to reject app requests
for various operations.
But hey, it's a start!
Change-Id: I05b8d76cc4a4f7f37bc758c1701f51f9e0550e15
systemReady() was returning before the LocationManagerService was
actually ready. Applications making LocationManager transactions
during their startup could possibly hit a race condition with the
yet-uninitialised LocationManagerService.
To guarantee that LocationManagerService is actually ready before
returning from systemReady(), we simply do the startup work on the
thread that called systemReady(), rather than spin up a secondary
thread to do the work asynchronously.
LocationWorkerHandler still needs a thread to do its work on, so
rather than have it run on the secondary thread that was
previously used for systemReady()'s work, we create a HandlerThread
for it.
Additionally, LocationManagerService.init() really needed to grab
lock for some of the things it was doing. I moved all of the code
that could benefit from mutex protection to a single section of
systemReady() and wrapped it up with a lock while I was at it.
Bug: 7723944
Change-Id: I51d480e2781622c3a14769c3a2019a2407dcfd8a
This is a more complete solution for this issue that disables
location providers when expiring their last request *and* adjusts
update intervals when expiring any request. This should help
further limit battery drain when a high-frequency-update app
exits, as it allows the system to throttle the update interval
back down to something appropriate for the remaining listeners.
Bug: 7611837
Change-Id: I88b419c92940b7e536d48b26e5fc0f72f3c9e73d
Location providers were not being notified of the change in status
when the last UpdateRecord was removed due to numUpdates exhaustion
or request expiry. Oops! Enjoy some free battery life!
Bug: 7611837
Change-Id: Id48151eb7de40164258cde7da220a4d6bb34b89a
Change-Id: Ibf93833697c865904f29821e5778853127e5fb00
Signed-off-by: You Kim <you.kim72@gmail.com>
Conflicts:
services/java/com/android/server/LocationManagerService.java
...android.os.Parcel.nativeAppendFrom(Native Method)
The failing stack trace is:
11-20 20:29:04.365 19154 19170 E AndroidRuntime: java.lang.IllegalArgumentException
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.nativeAppendFrom(Native Method)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.appendFrom(Parcel.java:428)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1613)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.location.Location.writeToParcel(Location.java:903)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeParcelable(Parcel.java:1254)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeValue(Parcel.java:1173)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeMapInternal(Parcel.java:591)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1619)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.location.Location.writeToParcel(Location.java:903)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeParcelable(Parcel.java:1254)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeValue(Parcel.java:1173)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeMapInternal(Parcel.java:591)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1619)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.content.Intent.writeToParcel(Intent.java:6660)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.app.ApplicationThreadProxy.scheduleReceiver(ApplicationThreadNative.java:763)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at com.android.server.am.BroadcastQueue.processCurBroadcastLocked(BroadcastQueue.java:230)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at com.android.server.am.BroadcastQueue.processNextBroadcast(BroadcastQueue.java:777)
This is odd because where we do Bundle.writeToParcel(), we are just writing the Parcel
we have with its current length. There is no way this should be able to fail like this...
unless the Bundle is changed while we are running?
Hm.
It looks like the location manager is holding on to Location objects which have a
Bundle of extras. It is that Bundle of extras that the crash is happening on.
And the bundle extras can be changed as it operates. And there are places where
the raw Location object is returned from the location manager, which means the
caller can be olding on to a Location object whose extras can be changed at any
time by other threads in the location manager.
So that seem suspicious.
This change should take care of all these places in the location manager, by
making sure to copy the location object before it goes out of the location
manager.
In addition, add some code to the activity manager to not bring down the entire
system if there is a problem trying to send one of these broadcasts. There is
no need, we can just skip the broadcast as bad.
Change-Id: I3043c1e06f9d2931a367f831b6a970d71b0d0621
LocationManagerService was serially stuffing the same Location into
multiple Intents, which it would immediately hand off to
ActivityManagerService, running as a different thread in the same
process. LocationManager would continue to work with that Location
while ActivityManagerService worked with a Parceled version of it.
However, Location.mExtras is also a Bundle, and both
ActivityManagerService and LocationManagerService ended up working
with references to the same Bundle. ActivityManagerService needs
it in Parceled form (ie mParceledData != null), but
LocationManagerService was triggering Bundle.unparcel() when
referencing the data contained within.
As a result, LocationManagerService was able to trigger NPE (or
worse) in ActivityManagerService by manipulating the mExtras
member of a Location that was in the process of being reported to
listeners.
To resolve this issue, I copy-construct a new Location to report to
each listener. This should prevent ActivityManagerService and
LocationManagerService from referencing the same Bundle data, as
Location's copy constructor also copyconstructs the mExtras member,
rather than simply share references.
Bug: 7518371
Change-Id: I1a92615cba361831494447d5de085a8d910b6b2c
Geofences are broken in multiuser, and need to be fixed before
reenabling the feature for secondary users.
Change-Id: Ief3008a294deed47760ee25efcf1cdef5371b038
Decrement the number of updates after a location fix has been sent to a
a listener. This is necessary for respecting calls such as
requestSingleUpdate().
Bug: 7460868
Change-Id: Iea207ab494b93b936ca434d59652bb2cb6404cef
Frameworks' FusedLocationProvider runs as a specific user so that it
can join a specific process. The solution that works for NLP, run one
copy per user as that user, does not work for FLP.
To make FLP play nicely with multiuser, I've allowed SYSTEM_UID to
operate in the background and included a hardcoded exception to
prevent ServiceWatcher from trying to launch one FLP per user.
Bug: 7279799
Change-Id: I573ea5226d8d00777421b39c5c3fb0899bf09b4d
This commit is the result of a comprehensive permissions review for
MR1 release. It addresses a number of deviations from spec and from
MR0's behavior, bringing MR1 into sync with both.
It also cleans up the concept of "location resolution permission",
representing it internally as an enumerated access level to reduce
reliance on cumbersome string manipulation. There's a function to
convert the enum int into a permission string where needed, too.
Additionally, this confines caller-identity-sensitive calls to the
hopefully-obviously-named "getCallerAllowedResolutionLevel()". This
should make it much easier to prove correctness with respect to
accidentally calling functions that depend upon the caller's identity
after identity has already been shed by Binder.clearCallingIdentity().
Change-Id: I446169aee8fb2fde26ac6d04b479b40253782acb
If a provider is unknown, return null in
LocationManagerService.getProviderProperties() instead of throwing a
security exception, so that LocationManager.getProvider() returns null
in this case, as specified by the javadoc.
Bug: 7359960
Change-Id: I1b8b74745f66717a3439a1d353a46a23272cc313
During testing it's possible to mock a location provider, but the fused
location provider wasn't being inserted into the "mRealProviders" map so
when the fused location provider was unmocked, it would disappear
permanently from the list until the next reboot.
Bug: 6949478
Change-Id: I4993aa7fbbd21cea16bdbf2722d637c909b1cd73
LocationManagerService now keeps track of the current user ID and
denies location requests made by all but the foreground user.
Additionally, location settings are now user-specific, rather than
global to the device. Location provider services now run as specific
users, and when the device's foreground user changes, we rebind to
appropriately-owned providers.
Bug: 6926385
Bug: 7247203
Change-Id: I346074959e96e52bcc77eeb188dffe322b690879
Use LocationManager.getLastPosition() in GeofenceManager instead of
keeping track of it manually. Keeping track of it in GeofenceManager
doesn't handle the case where we install a fence, and cross it just
after that based on the last position before we installed the fence.
Also shuffle around some code in LocationManagerService to remember the
last position even if there are no UpdateRecords. This is useful in the
GeofenceManager for example.
Bug: 7047435
Change-Id: Ia8acc32e357ecc2e1bd689432a5beb1ea7dcd1c7
Add a case for isAllowedProviderSafe() to handle providers that are not
GPS/Passive/Network/Fused. For example, this is useful for mock
providers.
Bug: 7047435
Change-Id: If4799aa90a5338889c47582d45cbfc25772c9c53
This allows primary/secondary users to have different "Google
Location Services" preferences. It also reenables LocationBlacklist,
which is fixed elsewhere.
Bug: 7213502
Bug: 7248239
Change-Id: I94837682f95920c225c00b7da2de6dd1418a673e
There is now only a single config value pointing
at a list of packages to get certs from. The old
system was a bit confusing.
The fused location provider also now builds
against SDK 17, and the meta data service version
tag was renamed from the overly generic "version"
to "serviceVersion".
Bug: 7242814
Change-Id: I00d27c9cbd5cc31a37bb4a98160435d15a72e19e
In MR0, we did not allow applications to query enabled status of
location providers they did not have permission to use. Some
applications counted on this behavior, using the thrown
SecurityException to determine whether or not they have permission
to use the specified provider.
Reverting to this behavior fixes the regressions seen in those
applications.
Bug: 7251459
Change-Id: I8b0cfd5862c80f0c831a4ab544c3fa7408bc84a0
