Actually, this implementation is more what we want for ephemeral
apps. I am realizing the two are not really the same thing. :(
For this implementation, we now keep track of how long a uid has
been in the background, and after a certain amount of time
(currently 1 minute) we mark it as "idle". Any packages associated
with that uid are then no longer allowed to run in the background.
This means, until the app next goes in the foreground:
- No manifest broadcast receivers in the app will execute.
- No services can be started (binding services is still okay,
as this is outside dependencies on the app that should still
be represented).
- All alarms for the app are cancelled and no more can be set.
- All jobs for the app are cancelled and no more can be scheduled.
- All syncs for the app are cancelled and no more can be requested.
Change-Id: If53714ca4beed35faf2e89f916ce9eaaabd9290d
This will allow AMS to call into DPMS within the AMS lock instead,
which will help I1537bd57b34696768ee81a979d53bb396efbc12a.
- AM.clearApplicationUserData() will not be allowed for any DA
apps.
Bug 25567963
Change-Id: I9f0d071c815a011be4f4c85c502c39d0fe0fe5e8
Added mUsersLock - short-term lock for internal state, when interaction and
synchronization with PM is not required. Modifications to mUsers and
mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and
mUsersLock. While reads can use mUsersLock.
Testing revealed that the following methods in UMS often cause contention:
- exists
- getUserInfo
- getProfileParent
They all now use a short-term lock mUsersLock for reads.
Bug: 24979571
Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
The Alarm Manager now supports a set() variant that takes a listener
callback to invoke at alarm trigger time rather than a PendingIntent.
This is much lower overhead and has guaranteed low delivery latency
from the trigger time. The tradeoff is that the app must be running
*continuously* from the time the alarm is set to the time it is
delivered. If the app exits for any reason before the alarm fires,
the listener becomes invalid and the alarm will be dropped. This is
more or less equivalent to setting an alarm with a broadcast
PendingIntent that matches only a runtime-registered receiver.
The app's alarm listener can be any object that implements the new
AlarmManager.OnAlarmListener interface and implements its onAlarm()
method. There is no data delivered at alarm trigger time: whatever
state needs to be associated with the specific alarm instance should
simply be packaged inside the OnAlarmListener instance.
An alarm using OnAlarmListener can request that the onAlarm() method
be called on an arbitrary handler. If the program passes 'null' for
this parameter when setting the alarm, the callback occurs on the
application's main Looper thread.
Bug 20157436
Change-Id: I2eb030a24efdd466a2eee1666c5231201b43684b
- Now DPMS remembers user restrictions set by DO / PO in their ActiveAdmin.
- User restrictions set by DO/PO will no longer be saved by UserManger. Instead,
when needed, UMS will consult DPMS to build "effective" user restrictions.
- UM.getUserRestrictions() will now always return "effective" user restrictions.
- DPMS migrates existing user restrictions per the eng spec.
- Also now UM.setUserRestrictions() will crash. UMS.setUserRestrictions() has
been removed.
This was needed because UM.setUserRestrctions(UM.getUserRestrictions()) will no
longer be a valid use like it used to be.
- Also introduced a fined-grained lock for user restrictions in UM to avoid
deadlock between DPMS and also for better performance.
Bug 23902097
Change-Id: If0e1e49344e2f3e9226532d00777976d1eaa7df3
BUG: 24900376
We've seen an issue where periodic run times can be massively
inflated after loading from disk.
As a safeguard, cap the period's loaded runtime to be [p, 2p]
from the time of loading.
Change-Id: Ie4464490c8d6702fee8efe9190c3da5dc5f013f6
* commit '3d3f766c8b37dcf495235ca4a500494498712eed':
Support DHCP replies with multiple default gateways.
Accept DHCP responses from non-67 server source ports
Improve logging of DHCP parse errors using exceptions.
- Start persisting restrictions set by DO/PO.
- Also dump user restrictions on dumpsys
- More changes will follow, including migration.
- Now System settings are mockable.
Bug 23902097
Bug 23902477
Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
Also removed a failing unit test and the related code which is
now deprecated.
Bug: 19913735
Bug: 24064753
Change-Id: I9b11130b52caeb0ad890cc6adaaf7fb2fc7b5db6
- DpmMockContext.addUser() allows to create more users. This will set up
UserManager properly and create a data directory.
- Updated DevicePolicyManagerTest so it can now easily emulate calls from
different secondary users.
Change-Id: Ic9d3e8d0d1e7f41e184c82e6dc323c244535b8d8
It was because UserManager.get() returns a static cached instance but
we should always be using the mock instance that's created for each test.
Bug 24378326
Change-Id: Id4663e7676d2d0130622055a97fbde0884714349
- Extracting into a factory allows us to use mocks in other classes.
(Such as Owners.)
- Also removed broken test ApplicationRestrictionsTest. Instead added a new
simplified test to DevicePolicyManagerTest.
- Also stop caching rarely used instances in DPMS.
Bug 24061108
Bug 24275172
Change-Id: Ice9e57204b18e7b5f6b115126dab2209041439c2
- Now all services that DPMS uses are injectable.
- Introduce some wrappers to make static methods and final class mockable.
(e.g. for Binder.getCallingUid())
- In unit tests we replace those with Mockito mocks, except we use a partial
mock for PackageManager, because we use way too many methods of this and
most of them are okay to use directly.
- To install a partial mock to PackageManager, I needed to make
ApplicationPackageManager @hide public non-final.
- For a starter, added tests for DPM.setAmin().
Bug 24061108
Change-Id: I2afd51d8bc0038992d5f9be38c686260be775b75
For each runtime permission we have an app op to toggle the
permission for legacy apps as they cannot handle permission
revocations. We were lacking an app op for get_accounts
which prevented the user from controlling access to accounts
regardelss that they change the state of the permission
toggle in the UI. Even worse the permission UI is written
with the assumption that every runtime permission has an
app op and as a result revoking the contacts group (if the
app requests the get_accounts permission) is reset back to
allowed in the UI.
bug:23854618
Change-Id: I12b83dfd22974d130e5b8e7a195421120813e2db
* commit 'fd18370675f8794807747a18276dd7385e25f06e':
Require the new PACKET_KEEPALIVE_OFFLOAD permission.
Add an error code for generic hardware error.
Fix bugs and crashes in PacketKeepalive API.
Add tests for the PacketKeepalive API.
Add a PACKET_KEEPALIVE_OFFLOAD permission.
Use a CountDownLatch instead of sleep() in NetworkFactory tests.
Get rid of shortSleep() in ConnectivityServiceTest.
Make ConnectivityServiceTest a bit more readable.
For each runtime permission we have an app op to toggle the
permission for legacy apps as they cannot handle permission
revocations. We were lacking an app op for get_accounts
which prevented the user from controlling access to accounts
regardelss that they change the state of the permission
toggle in the UI. Even worse the permission UI is written
with the assumption that every runtime permission has an
app op and as a result revoking the contacts group (if the
app requests the get_accounts permission) is reset back to
allowed in the UI.
bug:23854618
Change-Id: I9e3f9bfeb320bed561d718db99ee285915d5701b
- setDeviceOwner() now takes a user ID. (We can infer it from Binder, but
we still need it for the dpm command.)
- Change broadcast target UID for DO to the DO user
- Start the DO user on boot complete.
TODO Investigate whether this is actually the good timing.
TODO Prevent the DO user from being killed
Bug 23827706
Change-Id: I227dbd444f1f4e94d98c317489d151554fe79d91
This currently fails in many different ways, but it tells us what
to fix.
Bug: 22606153
Bug: 23884210
Change-Id: If2e5ee0a8d7b26cad67d3d566ed5b1383e0db096
1. Make TestNetworkCallback a bit smarter and rename it to
SingleUseNetworkCallback. This allows us to get rid of all the
calls to TestNetworkCallback#getConditionVariable.
2. Delete the commented out code that used to test a
ConnectivityService model that has not been used since KK.
3. Remove unused imports, etc.
Bug: 22606153
Change-Id: I81a2d0b970d19e5f4515490d8c2f88d416445fa1
These would cause us to crash with a NegativeArraySizeException
when trying to create the clientMac array. Instead, if the length
is > 16 (invalid, because the field is only 16 bytes long), fudge
it to 6 (Ethernet / wifi). This is a bit less liberal than the
legacy client, which doesn't check the length at all.
Bug: 23725795
Change-Id: I83f47bfc400ffa8ce85dd9d1b8eb96be5afe51a5
I need to make some changes to get the tests pass. First a11y service
will now disable when no service is specified, I need to re-enable
a11y after services are enabled. Second the old event used in tests
seems to be filtered out by the service, I need to pick a new event.
Also the timeout waiting for mock service to start is extended, I hit
the old timeout quite often with N9.
Bug: 19913735
Change-Id: I8fe1b7b5d93b6a52df0a8940a08761ea5fbf5084
