Initial implementation, tracking use of the vibrator, GPS,
and location reports.
Also includes an update to battery stats to also keep track of
vibrator usage (since I had to be in the vibrator code anyway
to instrument it).
The service itself is only half-done. Currently no API to
retrieve the data (which once there will allow us to show you
which apps are currently causing the GPS to run and who has
recently accessed your location), it doesn't persist its data
like it should, and no way to tell it to reject app requests
for various operations.
But hey, it's a start!
Change-Id: I05b8d76cc4a4f7f37bc758c1701f51f9e0550e15
systemReady() was returning before the LocationManagerService was
actually ready. Applications making LocationManager transactions
during their startup could possibly hit a race condition with the
yet-uninitialised LocationManagerService.
To guarantee that LocationManagerService is actually ready before
returning from systemReady(), we simply do the startup work on the
thread that called systemReady(), rather than spin up a secondary
thread to do the work asynchronously.
LocationWorkerHandler still needs a thread to do its work on, so
rather than have it run on the secondary thread that was
previously used for systemReady()'s work, we create a HandlerThread
for it.
Additionally, LocationManagerService.init() really needed to grab
lock for some of the things it was doing. I moved all of the code
that could benefit from mutex protection to a single section of
systemReady() and wrapped it up with a lock while I was at it.
Bug: 7723944
Change-Id: I51d480e2781622c3a14769c3a2019a2407dcfd8a
This is a more complete solution for this issue that disables
location providers when expiring their last request *and* adjusts
update intervals when expiring any request. This should help
further limit battery drain when a high-frequency-update app
exits, as it allows the system to throttle the update interval
back down to something appropriate for the remaining listeners.
Bug: 7611837
Change-Id: I88b419c92940b7e536d48b26e5fc0f72f3c9e73d
Location providers were not being notified of the change in status
when the last UpdateRecord was removed due to numUpdates exhaustion
or request expiry. Oops! Enjoy some free battery life!
Bug: 7611837
Change-Id: Id48151eb7de40164258cde7da220a4d6bb34b89a
Change-Id: Ibf93833697c865904f29821e5778853127e5fb00
Signed-off-by: You Kim <you.kim72@gmail.com>
Conflicts:
services/java/com/android/server/LocationManagerService.java
...android.os.Parcel.nativeAppendFrom(Native Method)
The failing stack trace is:
11-20 20:29:04.365 19154 19170 E AndroidRuntime: java.lang.IllegalArgumentException
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.nativeAppendFrom(Native Method)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.appendFrom(Parcel.java:428)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1613)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.location.Location.writeToParcel(Location.java:903)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeParcelable(Parcel.java:1254)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeValue(Parcel.java:1173)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeMapInternal(Parcel.java:591)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1619)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.location.Location.writeToParcel(Location.java:903)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeParcelable(Parcel.java:1254)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeValue(Parcel.java:1173)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeMapInternal(Parcel.java:591)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1619)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.content.Intent.writeToParcel(Intent.java:6660)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.app.ApplicationThreadProxy.scheduleReceiver(ApplicationThreadNative.java:763)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at com.android.server.am.BroadcastQueue.processCurBroadcastLocked(BroadcastQueue.java:230)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at com.android.server.am.BroadcastQueue.processNextBroadcast(BroadcastQueue.java:777)
This is odd because where we do Bundle.writeToParcel(), we are just writing the Parcel
we have with its current length. There is no way this should be able to fail like this...
unless the Bundle is changed while we are running?
Hm.
It looks like the location manager is holding on to Location objects which have a
Bundle of extras. It is that Bundle of extras that the crash is happening on.
And the bundle extras can be changed as it operates. And there are places where
the raw Location object is returned from the location manager, which means the
caller can be olding on to a Location object whose extras can be changed at any
time by other threads in the location manager.
So that seem suspicious.
This change should take care of all these places in the location manager, by
making sure to copy the location object before it goes out of the location
manager.
In addition, add some code to the activity manager to not bring down the entire
system if there is a problem trying to send one of these broadcasts. There is
no need, we can just skip the broadcast as bad.
Change-Id: I3043c1e06f9d2931a367f831b6a970d71b0d0621
LocationManagerService was serially stuffing the same Location into
multiple Intents, which it would immediately hand off to
ActivityManagerService, running as a different thread in the same
process. LocationManager would continue to work with that Location
while ActivityManagerService worked with a Parceled version of it.
However, Location.mExtras is also a Bundle, and both
ActivityManagerService and LocationManagerService ended up working
with references to the same Bundle. ActivityManagerService needs
it in Parceled form (ie mParceledData != null), but
LocationManagerService was triggering Bundle.unparcel() when
referencing the data contained within.
As a result, LocationManagerService was able to trigger NPE (or
worse) in ActivityManagerService by manipulating the mExtras
member of a Location that was in the process of being reported to
listeners.
To resolve this issue, I copy-construct a new Location to report to
each listener. This should prevent ActivityManagerService and
LocationManagerService from referencing the same Bundle data, as
Location's copy constructor also copyconstructs the mExtras member,
rather than simply share references.
Bug: 7518371
Change-Id: I1a92615cba361831494447d5de085a8d910b6b2c
Geofences are broken in multiuser, and need to be fixed before
reenabling the feature for secondary users.
Change-Id: Ief3008a294deed47760ee25efcf1cdef5371b038
Decrement the number of updates after a location fix has been sent to a
a listener. This is necessary for respecting calls such as
requestSingleUpdate().
Bug: 7460868
Change-Id: Iea207ab494b93b936ca434d59652bb2cb6404cef
Frameworks' FusedLocationProvider runs as a specific user so that it
can join a specific process. The solution that works for NLP, run one
copy per user as that user, does not work for FLP.
To make FLP play nicely with multiuser, I've allowed SYSTEM_UID to
operate in the background and included a hardcoded exception to
prevent ServiceWatcher from trying to launch one FLP per user.
Bug: 7279799
Change-Id: I573ea5226d8d00777421b39c5c3fb0899bf09b4d
This commit is the result of a comprehensive permissions review for
MR1 release. It addresses a number of deviations from spec and from
MR0's behavior, bringing MR1 into sync with both.
It also cleans up the concept of "location resolution permission",
representing it internally as an enumerated access level to reduce
reliance on cumbersome string manipulation. There's a function to
convert the enum int into a permission string where needed, too.
Additionally, this confines caller-identity-sensitive calls to the
hopefully-obviously-named "getCallerAllowedResolutionLevel()". This
should make it much easier to prove correctness with respect to
accidentally calling functions that depend upon the caller's identity
after identity has already been shed by Binder.clearCallingIdentity().
Change-Id: I446169aee8fb2fde26ac6d04b479b40253782acb
If a provider is unknown, return null in
LocationManagerService.getProviderProperties() instead of throwing a
security exception, so that LocationManager.getProvider() returns null
in this case, as specified by the javadoc.
Bug: 7359960
Change-Id: I1b8b74745f66717a3439a1d353a46a23272cc313
During testing it's possible to mock a location provider, but the fused
location provider wasn't being inserted into the "mRealProviders" map so
when the fused location provider was unmocked, it would disappear
permanently from the list until the next reboot.
Bug: 6949478
Change-Id: I4993aa7fbbd21cea16bdbf2722d637c909b1cd73
LocationManagerService now keeps track of the current user ID and
denies location requests made by all but the foreground user.
Additionally, location settings are now user-specific, rather than
global to the device. Location provider services now run as specific
users, and when the device's foreground user changes, we rebind to
appropriately-owned providers.
Bug: 6926385
Bug: 7247203
Change-Id: I346074959e96e52bcc77eeb188dffe322b690879
Use LocationManager.getLastPosition() in GeofenceManager instead of
keeping track of it manually. Keeping track of it in GeofenceManager
doesn't handle the case where we install a fence, and cross it just
after that based on the last position before we installed the fence.
Also shuffle around some code in LocationManagerService to remember the
last position even if there are no UpdateRecords. This is useful in the
GeofenceManager for example.
Bug: 7047435
Change-Id: Ia8acc32e357ecc2e1bd689432a5beb1ea7dcd1c7
Add a case for isAllowedProviderSafe() to handle providers that are not
GPS/Passive/Network/Fused. For example, this is useful for mock
providers.
Bug: 7047435
Change-Id: If4799aa90a5338889c47582d45cbfc25772c9c53
This allows primary/secondary users to have different "Google
Location Services" preferences. It also reenables LocationBlacklist,
which is fixed elsewhere.
Bug: 7213502
Bug: 7248239
Change-Id: I94837682f95920c225c00b7da2de6dd1418a673e
There is now only a single config value pointing
at a list of packages to get certs from. The old
system was a bit confusing.
The fused location provider also now builds
against SDK 17, and the meta data service version
tag was renamed from the overly generic "version"
to "serviceVersion".
Bug: 7242814
Change-Id: I00d27c9cbd5cc31a37bb4a98160435d15a72e19e
In MR0, we did not allow applications to query enabled status of
location providers they did not have permission to use. Some
applications counted on this behavior, using the thrown
SecurityException to determine whether or not they have permission
to use the specified provider.
Reverting to this behavior fixes the regressions seen in those
applications.
Bug: 7251459
Change-Id: I8b0cfd5862c80f0c831a4ab544c3fa7408bc84a0
getAllProviders() should return all locators, including those not
allowed or not enabled (according to the existing javadoc, at least).
The checkPermission() call prevented this behavior by throwing a
security exception. We restore the previous behavior by removing the
call.
Bug: 6950369
Change-Id: I0c6bc676d4c4db482bb68f1ab7fa5c93675118b4
Oops, looks like we were spinning up a secondary thread to run some
tasks that will just happen on the main thread regardless. Removed
the secondary thread and fixed up initialisation order regarding
mHandler and things that post to it. Also reordered GPS and
PASSIVE provider initialisation order since GPS depends on PASSIVE.
This should be both safer and easier to read.
Bug: 7248029
Change-Id: I8630caf0a7bd1b2c401603075676f13dda5be4fa
This takes the easy way around notifying the correct users
about GPS state transitions by notifying ALL the users(!).
I've also laid groundwork for proper multiuser support in
LocationManager and did a tiny bit of cleanup in
GpsNetInitiatedHandler while I was looking at notifications.
Bug: 7213552
Change-Id: I2d6dc65c459e55d110ac0f5f79ae7a87ad638ede
Preferring the GPS location provider over NLP should produce better
average and worst-case results than NLP, which is very accurate in
certain conditions and completely useless in others.
Bug: 7182301
Change-Id: If7d50f0d3ac663cbfd84b7033adc204c11bcaca4
This restores MR0's behavior in this regard - apps calling
LocationManager.getProviders() or LocationManager.getBestProvider()
will no longer receive a SecurityException if they do not have
any location permissions. Instead, as was the behavior in MR0, they
only receive providers that their permissions grant them access to,
including an empty list if they have no permission whatsoever.
Bug: 7207864
Change-Id: I027df425e258d436c4821c34a25bc46a2a292824
FusionEngine now attaches a secondary location that has never seen
GPS data to its result. LocationFudger uses the GPS-less location so
that COARSE apps never see data from the GPS provider.
When the previous location is updated, the previous GPS-less location
is carried over if the location update was GPS-only.
Additionally, apps without FINE permission are not notified when GPS
location changes, and any attempt to use GPS_PROVIDER without FINE
permission is met by a stern SecurityException.
Bug: 7153659
Change-Id: I12f26725782892038ce1133561e1908d91378a4a
This replaces the ACCURACY_METERS constant and all derived values with
a secure setting. This value defaults to 2km and has a hardcoded floor
of 500m.
Bug: 6982024
Change-Id: Ibf97ab57145abf28c4a9747444f40250adddf23c
Bug 7051185
- Register a ContentObserver to track settings changes rather than
opening up a Cursor with a ContentQueryMap.
- Move updateProvidersLocked into init to assure that the
ContentObserver does not miss any changes.
- Move blacklist and fudger creation before loadProvidersLocked to
improve code readability.
Change-Id: I4d3e19fa33401c384bc2b00658d4336ea119e0e5
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
This intent filter isn't used anymore, since GpsLocationProvider handles
the CONNECTIVITY_ACTION broadcasts now..
Change-Id: I593a9916aa6f8086b4d684cc3e25286c1cb137cc
Need to clear the callers identity before calling into geofence manager
because it in turn calls fused location API's.
Change-Id: I7993b0b8b2a947ff93c37a7c9d29ca0e7c95f9a8
I had to re-do this change for MR1 because LocationManagerService changed
so much. Here is the original change description:
Add package-name-prefix blacklist for location updates.
The Settings.Secure value locationPackagePrefixBlacklist and
locationPackagePrefixWhitelist contains comma seperated package-name
prefixes.
Location & geo-fence updates are silently dropped if the receiving
package name has a prefix on the blacklist. Status updates are
not affected. All other API's work as before.
A content observer is used so run-time updates to the blacklist
apply immediately. There is both a blacklist and a whitelist.
The blacklist applies first, and then exemptions are allowed
from the whitelist. In other words, if your package name prefix
matches both the black AND white list, then it is allowed.
Bug: 6986553
Change-Id: I1e151e08bd7143e47db005bc3fe9795076398df7
