This change cleans the server certificates:
1. Use the end-entity certificate as found in the chain received from the server as the end-entity cert for the newly built chain.
2. Look at the last cert in the newly built chain, specifically it's "issuer" field. If there's a cert in the chain as received with this as the "subject", and this cert hasn't yet been moved into the newly built chain, move it there (as the new last cert). Repeat this step 2 until you can't continue (because there's no matching previously unused cert left).
3. If the last certificate in the new chain has expired (and it's not the end-entity cert), remember this fact, and remove it (so that we can try if we can validating the chain for a different root). If in this case it turns out that we still can't validate the chain, it's probably the cert expiry error that should be displayed.
This CL also cleans the redundant error detection code and reduces the error messages to two types, which are the only two make differences to the user:
a. SSL_IDMISMATCH for name mismatch,
b. SSL_UNTRUSTED for other reasons.
The MMS code has been moved into the mms-common library.
Move SqliteWrapper (and make it hidden) into the database
directory because Telephony.java depends on it. Create a mmscommon
library similar to androidcommon for a number of files used both
by the telephony layer, by mms, and by myfaves.
Change-Id: I2e23e87c4961b87c42a4c8a63f812fa9e0e44dec
Still TODO: patch into forthcoming callbacks from
MountService so the USB storage activity always shows the
correct state of the device. (Right now it only refreshes
its display onResume.)
Bug: 2299129
The service renders a list of urls at the given dimension and invokes the
callback interface for each result. A ParcelFileDescriptor is used to transfer
the large image data to the client. The client must close the file descriptor
is order free the underlying resources.
A more robust api will use UrlRendererRequest and UrlRendererResponse objects
to transfer data.
Merge commit '6f3e1e27a697d3e64bf73792c1007135319ff0d5'
* commit '6f3e1e27a697d3e64bf73792c1007135319ff0d5':
initialize sync adapters that get installed while the system is running
Bug #2399147
This new API will be used by scrollable containers to tell children that they
are/are not displayed. This will allow lists to hide their filter popup window
for instance.
This adds a new (hidden) startMethodTracingDdms call. It's like the
normal method tracing calls, but you don't specify an output file.
Instead, when tracing stops, the data is sent directly to DDMS.
This also adds handlers for the MPSS/MPSE requests that DDMS sends.
- You can now show a dynamic message to the user when asking to
have your DeviceAdmin added.
- A DeviceAdmin can now provide a warning message that is displayed
before a user disables it.
- Better ordering (and text) of the policy warnings.
- New API to set the maximum failed password attempts before the device
wipes itself.
- We now store the number of failed unlock attempts in persistent
storage.
- New managed dialog APIs that will be used by the settings app.
Also a little bit of cleanup as I was working on this - removed the
long unused MailboxNotAvailableException, fixed a java doc in Messenger.
QSB can use this instead of POST to send the location
data. After QSB makes the switch, we should also
remove the POST_DATA intent which is hidden.
Add loadUrl(String url, HashMap extraHeaders) to
WebView so that the caller can send the extra http
headers.
Remove "inline:" as no one is using it and it is a
hidden feature.
Part 1 of 3-project checkin.
When the same page is loaded, updateRestoreState
will be false when we finish the first layout. As
we are still in the same page, we don't want to
update the current zoom/scroll. But in some cases,
like a site switch from mobile to full site and
keeps the same url, we do want to update the zoom
range as the viewport spec changed. Otherwise, user
can't zoom in the full site as the WebView thought
it is still a mobile non-scalable page.
SearchManager now manages the SearchDialog, in-process.
Nuked SearchDialogWrapper
SearchManagerService now just holds the Searchables information.
Hitting Search when in the local Search dialog will launch the QSB.
Add new remote interface to do temporary copies. The new
remote stub handling is done on mHandler thread and doesn't need locking
for now.
Add new InstallArgs class and subclasses to isolate cases for installation.
Move resource deletion for failed installs/upgrades to later on in installation
cycle.
Fix code path for forward locked apps when using scanPackageLI
TODO's
Fix installation paths to completely use InstallArgs based design later on.
Get rid of using flags in various install/uninstall code paths.
Ideally InstallArgs should be created using these flags and used in the
rest of the code.
Function renames.
Revisit mount api's.
Introduces new download status codes (STATUS_DEVICE_NOT_FOUND_ERROR and
STATUS_INSUFFICIENT_SPACE_ERROR) to allow apps to show more accurate and
informative error messages upon failed downloads.
There is now a description attribute associated with all components,
that can supply user-visible information about what the component does.
We use this to show such information about device admins, and wallpapers
are also updated to be able to show this in addition to the existing
description in their meta-data.
This also defines security control for admins, requiring that they
declare the policies they will touch, and enforcing that they do
so to be able to use various APIs.
