On restore now, the backup manager gets the signature blocks corresponding to
the restore set from the transport. It then validates those signatures against
the on-device app signatures, and refuses to restore data to an app whose
on-device sig block does not match the backup image's.
Also actually implement 'bmgr transport N' so that we can select the local
transport easily during runtime.
- Fix a bug where targetSdkVersion could not be set if minSdkVersion. Stupid, stupid.
Also make sure to fail if minSdkVersion is for a code name. Really stupid.
- Change the API for resize compatibility mode to be a bit in the flags field, instead
of a separate boolean.
- Implement delayed dexopting, to avoid the looong full dexopt during boot. This is
only enabled for "eng" builds. When in this mode, the activity manager will make
sure that a dexopt has been done before loading an .apk into a process, and will
try to avoid displaying ANRs if they are due to the dexopt causing some operation
to take longer than it normally would (though I make no guarantees about this
totally working).
- Add API to Context to get the ApplicationInfo for its package, for easy access to
things like targetSdkVersion.
* changes:
Update RandomBlock to use RandomAccessFile. This helps prevent certain unusual conditions from corrupting the entropy file. (for example, if Android should happen to crash while a write is in progress)
Under a pseudo-app for the Package Manager, we store the app signatures for all
participating applications installed on the device. At restore time we will
restore this first, then ensure that the current on-device signature chain is
compatible with the one in the backup set. If there's a mismatch, this may be a
spoof attempt and we will refuse to restore that app's data.
The restore side of this is not implemented, but the Package Manager agent is
here as well as the backup side theoretically pushing the data now.
This introduces a new Uri form of Intent with an "intent:" scheme, and a
corresponding update to the parser to handle these, so that the browser
can use this generic facility for starting activities based on the links
that are clicked and allow for web pages to link to arbitrary intents.
There is also a new "package" field on Intent which allows you to limit
the components it finds to a given package. This replaces the new method
that was added to PackageManger for doing this when resolving activities,
and implements it for all Intent queries against the package manager.
We now only increment the launch count when we are launching from one package
to another. Also the individual components in a package now have a count
of the number of times they have been entered, which likewise is only updated
when going to one component from another.
This requires a new data format (all old data is wiped) and new checkin
dump format (tools must be updated to read it).
Create a new public IntentSender class that can be used by PackageManager instead.
This new class uses IIntentSender internally and can only be created by PendingIntent for now.
Provide a new getIntentSender api in PendingIntent to create an instance of this class.
Move IIntentSender and IIntentReceiver from android.app to android.content
Change imports of IIntentSender and IIntentReceiver to reflect the new package name
The PackageManager api has been named as freeStorageWithIntent and will be renamed as freeStorage
once the older api(which has been deprecated) will be removed shortly.
We weren't bumping the oom_adj of processes receiving a registered broadcast. Previously
this wasn't a problem, because those processes are allowed to have their oom_adj
managed by whatever else is in them and if the registered receiver goes away no problem.
But now this is also controlling the scheduling class, so we need to bump them up.
This is probably good anyway, since the developer has the same assurance of their process
not being killing in the middle of registered receivers like it had always been for
manifest receivers.
Also fixed a small issue where we were not recomputing the oom_adh after finished with
a broadcast.
We no longer instantiate the transport just for the duration of handling a
backup or restore operation. Instead, we hold the object forever (replacing it
if instructed to do so). This makes it easier for transports to watch system
state and help set backup timing policy.
Also fixes up the IBackupTransport documentation a bit.
The 'list sets' and 'restore token#' commands from bmgr now do what they are
supposed to. At this point we see the restore target's data being cleared
properly and its agent being launched and invoked for restore.
This also includes some changes to the window manager permission checks. Almost all of these
are to make it most testable (through an exception on a permission failure), though there is
one permission check that needed to be added: updateOrientationFromAppTokens().
There was old code that would kill the system process in some cases when there
was a bad activity token. This is really no longer used, except in a few
places where it allows apps to kill the system. So just get rid of it and
make the world a better place.
When an application requests a backup via dataChanged(), we now journal that
fact on disk. The journal persists and is only removed following a successful
backup pass. When the backup manager is started at boot time, it looks for any
existing journal files and schedules a backup for the apps listed in them, on
the expectation that the device shut down or crashed before a backup could be
performed.
* adding compatibility menu
* backup gravity
* set expanable=true if the screen size is hvga * density.
* added "supports any density" mode. I'll add sdk check later.
* disallow to catch orientation change event if the app is not expandable. This
was causing layout problem under non-expandable mode. I discussed this with Mike C
and we agreed to do this approach for now. We'll revisit if this causes problem to
a lot of applications.
Adds most of the code for a background-thread restore process, structured much
like the backup thread. Broke some common functionality out into a helper
function for doing a synchronous wait for a requested agent to attach.
Added a method to IBackupTransport whereby the transport will be asked for
an opinion on whether this is a good time for a backup to happen. It will
reply with the results of its policymaking around backoff intervals, time-of-day
selection, etc.
We now supply an array of RestoreSet objects instead of wacky Bundle
shenanigans. Also, pushed beginRestoreSession() out to the BackupManager
concrete interface class so that SetupWizard can use it.
(beginRestoreSession() is @hide, non-privileged apps cannot use it. It's
also guarded by android.permission.BACKUP enforcement.)
Restore is a fairly complicated, somewhat stateful process, so we introduce
a new interface to encapsulate the various bits and pieces into a nicely
separable component. In particular, this will make it much cleaner to
open and interrogate an expensive-to-construct transport and then reuse it
for the actual restore process itself.
Instead of just passing a package name to performBackup, pass the whole
PackageInfo struct, explicitly including the list of signatures for the package.
No need to make each transport look this up individually when it's a necessary
part of the backup payload for each app.
The handwritten binder transaction passing wasn't propagating the agent-destroy
transaction to the client side. Oops.
Also, remove obsolete run-one-agent code from the backup manager service.
* Put in some permission enforcement around agent connection notification
and full-backup scheduling.
* Full backup now applies to any package, not just backup participants who
have declared their own android:backupAgent
* The process of running the backup operation on the set of apps who have
been queued for it is now done in a separate thread, with a notification
mechanism from the main Backup Manager service to pass along new-agent
binding knowledge. There's no longer one do-backup message on the primary
Handler per target application.
* The new backup thread sets up the desired transport now and passes
along the newly backed-up data to it for each backup target. Two
transports have been defined so far, GoogleTransport and AdbTransport;
both are stubs at present.
Note that at present the backup data output file seems to be properly
created, but after doBackup() is called on the test app's agent it's
still zero size.
* changes:
Grant permissions to older package when deleting an updated system application. When a system app gets updated, the permissions are granted to the new pkg. Similary when this updated pkg(from data partition) gets removed, the older pkg from system partition is restored. but the permissions are'nt being granted explicitly and so the restore fails. This fix addresses specific bugs related to uninstall of updated system apps. These code paths will be revisited later but this fix is needed for OTA's that might fall back to older versions of system apps.
