Sessions can now zero-copy data directly into pre-allocated ASEC
containers. Then at commit time, we compute the total size of the
final app, including any inherited APKs and unpacked libraries, and
resize the container in one step.
This supports both brand new ASEC installs and inheriting from
existing ASEC installs. To keep things simple, it currently requires
copying any inherited ASEC contents, but this could be optimized in
the future.
Expose new vold resize command, and allow read-write mounting of ASEC
containers. Move native library extraction into the installer flow,
since it needs to happen before ASEC is sealed. Move multiArch flag
into NativeLibraryHelper, instead of making everyone pass it
around. Migrate size calculation to shared location.
Separate "other" package name in public API, provide a path to a
storage device when relevant, and add more docs.
Bug: 16514385
Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456
Switch to using IntentSender for results to give installers easier
lifecycle management. Move param and info objects to inner classes.
Bug: 17008440
Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43
If an app is installed with an ABI override (adb install -r --abi)
we should remember this so that we don't revert to the scan derived
ABI on the next reboot.
bug: 16476618
Change-Id: I6085bc0099eb613dd9d3b07113c7c13859780697
To resume install sessions across device boots, persist session
details and read at boot. Drop sessions older than 3 days, since
they're probably buggy installers.
Add session callback lifecycle around open/close to give home apps
details about active installs. Also give them a well-known intent
to show session details.
Extend Session to list staged APKs and open them read-only, giving
installers a mechanism to verify delivered bits, for example using
MessageDigest, before committing.
Switch to generating random session IDs instead of sequential.
Defensively resize app icons if too large. Reject runaway
installers when they have too many active sessions.
Bug: 16514389
Change-Id: I66c2266cb82fc72b1eb980a615566773f4290498
Recently we removed the PackageManager inotify triggers, meaning the
only supported ways of installing apps were:
-- adb install -r Foo.apk
-- adb shell stop && adb sync && adb shell start
Iterating on most system apps (like Settings) can use the first
approach, but it doesn't work for "persistent" processes like
SystemUI. (ActivityManager is very particular about how it deals
with persistent apps, and it always sticks with the first
ApplicationInfo found at boot.)
So to enable rapid iteration on persistent apps, we now offer the
one missing piece of forcing a dexopt with a new pm force-dex-opt
command only available to -eng or -userdebug builds. Typical use
for iterating on persistent apps now looks like this:
$ mmm frameworks/base/packages/SystemUI/ && adb sync &&
adb shell pm force-dex-opt com.android.systemui &&
adb shell kill `pid systemui`
Yay!
Change-Id: I0ae2467f1d7cda56c70ba20953cd25fa8ee766ff
This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.
Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
Also track historical install sessions for debugging purposes. Hide
signature verification API for now. Clear code cache only after
killing the app being upgraded.
Bug: 14975160
Change-Id: I52fc7f11d2506f792236d8a365c8cfed21b46c30
Flesh out documentation and finalize first cut of API. Also surface
installLocation and splitNames through PackageInfo.
Bug: 14975160, 15348430
Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0
Oops, forgot to include message argument to invoke the new-style
callback. Also use more robust way of generating cluster APK
directory names, and add more logging details on rename failure.
Change-Id: Ifa8abdd1db58b73e13b9a8077ec126cf20a0d90e
Flesh out implementation of install session observers. Carve out 20%
of published install progress for final system operations such as
dexopt, etc.
Add dumpsys output for active install sessions. Create explicit
fsync() instead of overriding meaning of flush(). Hack to throw
IOExceptions over Binder calls.
Bug: 14975160, 15348430
Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c
Instead of surfacing all the existing cryptic error codes, we're
going to classify them into broad categories when surfacing through
public API. This change introduces InstallResultCallback and
UninstallResultCallback, and wires them up to existing AIDL
interfaces.
Also start defining general SessionObserver for apps interested
in general progress details, such as Launcher apps. Details about
active sessions are returned through new InstallSessionInfo objects.
Bug: 14975160
Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9
Separate commands to create an install session, stream files into the
staging area, and then commit the install. Streaming can accept data
from stdin across adb, avoiding extra copy from push.
Extend FileBridge to support blocking close(). Always destroy
session regardless of result.
Bug: 14975160
Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466
Introduces new ApplicationInfo fields to surface zero or more split
APKs for an application. Splice these APKs into both the class
loader and resource system. Cleaner building of these paths.
Run dexopt() on all split APKs found after a parse, and populate
into ApplicationInfo.
Change-Id: I4a376bf4492d84ea95aafa866e106ea43a43e492
This allows callers to force an install to a particular
ABI. This is intended only for testing (and CTS) and is
not meant for usage by the installer package.
bug: 14453227
(cherry picked from commit 6431d11cd420536aaa9d93ae510a3151ccc4df1d)
Change-Id: I85d4f8785deea02a6a4d3cb0b05e6ef8bf64826b
Default is still uninstall for all users, but if --user
is passed in it will just uninstall for that user.
For system apps if --user is supplied it will uninstall
rather than revert to the current system version.
Change-Id: If1be0f78f01391f7ac6b53150dfeeccd0c002899
Rename the related user concept as profiles.
When returning profiles of a user include the
user as a profile of itself.
Change-Id: Id5d4f29017b7ca6844632ce643f10331ad733e1d
...and now fail conservatively when two apps both attempt to define
the same permission. Apps signed with the same certificate are
permitted to redefine permissions.
We also finally have a (hidden) interface class for observing package
installation so that we can now rev the interface without breaking
existing callers.
Bug 13551375
Change-Id: Ifa4e59154dcccbb286ee46a35a6f25e4ad0f0f01
...and now fail conservatively when two apps both attempt to define
the same permission.
We also finally have a (hidden) interface class for observing package
installation so that we can now rev the interface without breaking
existing callers.
Bug 13551375
Change-Id: I3a286d024a30e812ee4b098f345401df3c00e178
Collect related initialized users and start
them on boot and user switch.
Update list users command to show whether a
user is running or not.
Change-Id: Ib3d5debcb01ec55a07d93450b988b0180fc63263
Introduces a new "blocked" state for each package. This is used to temporarily
disable an app via Settings->Restrictions.
PIN creation and challenge activities for use by Settings and other apps. PIN
is stored by the User Manager and it manages the interval for retry attempts
across reboots.
Change-Id: I4915329d1f72399bbcaf93a9ca9c0d2e69d098dd
Adds a platform API, and pm command. Fixes some issues with
dumping per-package data in package manager, makes battery
stats able to dump per-package state.
Change-Id: I76ee6d059f0ba17f7a7061886792b1b716d46d2d
The Activity Manager was not properly informing the observer that
the operation had concluded (unsuccessfully).
Bug 8222595
Change-Id: I8234e32d8edf4112c8c7a5e20e341d0b41e23014
API and preliminary implementation for sharing primary user accounts with a secondary user.
AbstractAccountAuthenticator has new methods to retrieve and apply a bundle of credentials
to clone an account from the primary to a restricted secondary user. The AccountManagerService
initiates the account clone when it starts up the user and detects that the user has
a shared account registered that hasn't been converted to a real account.
AccountManager also has new hidden APIs to add/remove/get shared accounts. There might be
further improvements to this API to make shared accounts hidden/visible to select apps.
AccountManagerService has a new table to store the shared account information.
Added ability in PackageManager to install and uninstall packages for a secondary user. This
is required when the primary user selects a few apps to share with a restricted user.
Remove shared accounts from secondary users when primary user removes the account.
Change-Id: I9378ed0d8c1cc66baf150a4bec0ede56f6f8b06b
Reworking the locking in resources so that we never hold the
state lock while calling in to potential long running operations.
This means the mTmpValue can no longer be final (since we need
to use it while the lock isn't held), so a new field needs to
be added as the lock and everything that touches mTmpValue must
deal with it being null, restoring the value in there when
possible, etc.
Change-Id: Ie5ffd0f66e5f2d0e869a62d72e7a55b1c74fe872
The disabled state allows you to make an app disabled
except for whatever parts of the system still want to
provide access to them and automatically enable them
if the user want to use it.
Currently the input method manager service is the only
part of the system that supports this, so you can put
an IME in this state and it will generally look disabled
but still be available in the IME list and once selected
switched to the enabled state.
Change-Id: I77f01c70610d82ce9070d4aabbadec8ae2cff2a3
Take advantage of this to return better information about
packages filtered by permissions -- include the permissions
they have in the requested array.
Also fix issue #8026793 (Contact picture shows default pic
while searching for a contact in qsb) by using the base
package name of the Context when reporting the app name
of an operation. Otherwise you could make a resource-only
context for another application and do calls through that
and get reported as the wrong app.
Change-Id: I5e0488bf773acea5a3d22f245641828e1a106fb8
Keep track of user creation and last logged-in time.
adb shell dumpsys users
User switcher shouldn't show users about to be removed.
No need to check for singleton for activities.
Bug: 7194894
Change-Id: Ic9a59ea5bd544920479e191d1a1e8a77f8b6ddcf
- New (hidden) isUserRunning() API.
- Maintain LRU list of visited users.
- New FLAG_IS_DATA_ONLY for ApplicationInfo.
- Clean up pending intent records when force-stopping a user (or package).
(Also fixes bug #6880627: PendingIntent.getService() returns stale
intent of force stopped app)
- Fix force-stopping when installing an app to do the force-stop across
all users for that app.
- When selecting which processes to kill during a force stop, do this
based on the actual packages loaded in the process, not just process
name matching.
- You can now use --user option in am when starting activities, services,
and instrumentation.
- The am --user option accepts "current" and "all" as arguments.
- The pm uninstall command now uninstalls for all users, so it matches
the semantics of the install command.
- PhoneWindowManager now explicitly says to start home in the current
user.
- Activity manager call to retrieve the MIME type from a content provider
now takes a user argument, so it will direct this to the proper user.
- The package manager uninstall paths are now implemented around
PackageSetting, not PackageParser.Package. This allows them to work
even if the application's apk has been removed (in which case it only
exists as a PackageSetting, not the PackageParser.Package parsed from
the apk).
Change-Id: I3522f6fcf32603090bd6e01cc90ce70b6c5aae40
Replaced all remaining places that used it with explicit user
specification.
While doing this, I ran into stuff that was creating PendingIntent
objects (that now need to specify the explicit user they are for),
which are also posting notifications... but have no way to specify
the user for the notification.
So the notification manager in the system process now also gets a
formal concept of a user associated with the notification, which
is passed in to all the necessary aidl calls. I also removed the
old deprecated aidl interface for posting/cancelling notifications,
since we now always need a user supplied.
There is more work that needs to be done here, though. For example
I think we need to be able to specify USER_ALL for a notification that
should be shown to all users (such as low storage or low battery).
Along with that, the PendingIntent creation needs to be tweaked to
be able to handle USER_CURRENT by evaluating the user at the point the
pending intent is sent.
That's for another change, however.
Change-Id: I468e14dce8def0e13e0870571e7c31ed32b6310c
We also now send the correct broadcasts to each user.
You no longer need to be running the shell as root
to be able to create/remove users.
Also added some more man page material to the pm command, and
got rid of a bunch of showUsage() calls that now make error
messages completely buried because of how large the usage info
has become.
And the package manager now shows the user each historical broadcast
was sent to.
Change-Id: Iab42498e1352a0c023069139c80fc04d2d69ab4b
This add a new per-user state for an app, indicating whether
it is installed for that user.
All system apps are always installed for all users (we still
use disable to "uninstall" them).
Now when you call into the package manager to install an app,
it will only install the app for that user unless you supply
a flag saying to install for all users. Only being installed
for the user is just the normal install state, but all other
users have marked in their state for that app that it is not
installed.
When you call the package manager APIs for information about
apps, uninstalled apps are treated as really being not visible
(somewhat more-so than disabled apps), unless you use the
GET_UNINSTALLED_PACKAGES flag.
If another user calls to install an app that is already installed,
just not for them, then the normal install process takes place
but in addition that user's installed state is toggled on.
The package manager will not send PACKAGE_ADDED, PACKAGE_REMOVED,
PACKAGE_REPLACED etc broadcasts to users who don't have a package
installed or not being involved in a change in the install state.
There are a few things that are not quite right with this -- for
example if you go through a full install (with a new apk) of an
app for one user who doesn't have it already installed, you will
still get the PACKAGED_REPLACED messages even though this is
technically the first install for your user. I'm not sure how
much of an issue this is.
When you call the existing API to uninstall an app, this toggles
the installed state of the app for that user to be off. Only if
that is the last user user that has the app uinstalled will it
actually be removed from the device. Again there is a new flag
you can pass in to force the app to be uninstalled for all users.
Also fixed issues with cleaning external storage of apps, which
was not dealing with multiple users. We now keep track of cleaning
each user for each package.
Change-Id: I00e66452b149defc08c5e0183fa673f532465ed5
This change passes the originating URL and accompanied referrer to
package verifiers, when available.
Bug: 6544677
Change-Id: I9ebc71bc13f549bd88267e444816151a99bda000
Moved a bunch of methods from PackageManager to UserManager.
Fix launching of activities from recents to correct user.
Guest creation APIs
Change-Id: I0733405e6eb2829675665e225c759d6baa2b708f
This change passes the originating URL and accompanied referrer to
package verifiers, when available.
Bug: 6544677
Change-Id: If9ff6663ad7f3426b7aea2aceb1413b689788138
This rewrites installd's code for deleting cache files to be better:
- Isn't really stupid about just deleting directories in the order
they are found on the filesytem; now collects all cache files and
sorts them by mod time to determine which to delete.
- Also deletes cache files in /data/media and for all users.
This also tweaks DeviceStorageMonitor to be a little smarter about
deciding when to flush cache files, having upper and lower limits
that it allows memory to get down to and then flash files to reach
the higher free storage limit. This should reduce the amount that
we perform flushing when starting to reach the storage limit.
Finally add a new pm command to force a cache flush.
Change-Id: I02229038e1ad553d1168393e5cb6d5025933271d
