Merge commit '54f156c7c47bd5b5f2c9675f56bddaaa43ad162e'
* commit '54f156c7c47bd5b5f2c9675f56bddaaa43ad162e':
Pass the originating app's versionCode along with a restore set
This change amends the doRestore() / onRestore() interface to backup agents to
provide the integer android:versionCode of the app that stored the backup set.
This should help agents figure out how to handle whatever historical data set
they're handed at restore time.
Merge commit '3a31a93b8a195ae2d0180e6dfbf292da2e581f50'
* commit '3a31a93b8a195ae2d0180e6dfbf292da2e581f50':
Add some global metadata to the restore set
In addition to the signatures of each participating application, we now also
store the versionCode of each backed-up package, plus the OS version running on
the device that contributed the backup set. We also refuse to process a backup
from a later OS revision to an earlier one, or from a later app version to an
earlier.
LocalTransport has been modified as well to be more resilient to changes in the
system's use of metadata pseudopackages.
* changes:
Helper API cleanup. Allows multiple helpers to function, because they'll always go in the same order, and this lets us not have to write headers to keep them paired.
Merge commit '07a5f126df2cf0dbeb7096535ae634ea8eaeb306'
* commit '07a5f126df2cf0dbeb7096535ae634ea8eaeb306':
At boot time, add additional per-device information to the
* changes:
At boot time, add additional per-device information to the kernel randomness pool. This helps increase the quality / uniqueness of the random numbers, and is especially important during the device's first boot, when insufficient randomness is available.
* changes:
Fix issue with shared user permissions. just look in the requested permissions of packages within shared user setting rather than the granted permissions
kernel randomness pool. This helps increase the
quality / uniqueness of the random numbers, and is especially
important during the device's first boot, when insufficient
randomness is available.
We now record the version number of the app (drawn from its manifest versionCode
attribute) along with its signatures. At restore time, we compare the version
associated with the restore set with the version present on the device. If the
restore set is from a newer version of the app than is present on device, we do
not perform the restore operation.
Also fix the pending-backup iteration in 'dumpsys backup'.
Adds support for system properties:
ro.error.receiver.system.apps - default error report receiver for system apps
ro.error.receiver.default - fallback error report receiver
Merge commit 'fd5f087536dcb04ac9c46f2b19f87a37455390b0'
* commit 'fd5f087536dcb04ac9c46f2b19f87a37455390b0':
Make signature checks on restore work with unsigned apps
On restore now, the backup manager gets the signature blocks corresponding to
the restore set from the transport. It then validates those signatures against
the on-device app signatures, and refuses to restore data to an app whose
on-device sig block does not match the backup image's.
Also actually implement 'bmgr transport N' so that we can select the local
transport easily during runtime.
- Fix a bug where targetSdkVersion could not be set if minSdkVersion. Stupid, stupid.
Also make sure to fail if minSdkVersion is for a code name. Really stupid.
- Change the API for resize compatibility mode to be a bit in the flags field, instead
of a separate boolean.
- Implement delayed dexopting, to avoid the looong full dexopt during boot. This is
only enabled for "eng" builds. When in this mode, the activity manager will make
sure that a dexopt has been done before loading an .apk into a process, and will
try to avoid displaying ANRs if they are due to the dexopt causing some operation
to take longer than it normally would (though I make no guarantees about this
totally working).
- Add API to Context to get the ApplicationInfo for its package, for easy access to
things like targetSdkVersion.
Merge commit '167dbe0bf1f8d807d1ced400f146b7780eb6c721'
* commit '167dbe0bf1f8d807d1ced400f146b7780eb6c721':
Update RandomBlock to use RandomAccessFile. This helps
* changes:
Update RandomBlock to use RandomAccessFile. This helps prevent certain unusual conditions from corrupting the entropy file. (for example, if Android should happen to crash while a write is in progress)
Merge commit '07eac016446c63711bebe6e553e98c02d1fe55a5'
* commit '07eac016446c63711bebe6e553e98c02d1fe55a5':
Store the app signatures as part of the backup set
Under a pseudo-app for the Package Manager, we store the app signatures for all
participating applications installed on the device. At restore time we will
restore this first, then ensure that the current on-device signature chain is
compatible with the one in the backup set. If there's a mismatch, this may be a
spoof attempt and we will refuse to restore that app's data.
The restore side of this is not implemented, but the Package Manager agent is
here as well as the backup side theoretically pushing the data now.
Merge commit '5ad76ef5ee1b437b4c07ed0be78ec7cc16c81dfe'
* commit '5ad76ef5ee1b437b4c07ed0be78ec7cc16c81dfe':
load entropy data at boot. Periodically write entropy data to disk.
Merge commit 'c14b9ccdf13163cae5ce5d21bcf377010b37594b'
* commit 'c14b9ccdf13163cae5ce5d21bcf377010b37594b':
Extend Intent/Uri conversion for use by Browser
Merge commit '3c2f8e6651178742bc685e7bd62fa8a6ca409a74'
* commit '3c2f8e6651178742bc685e7bd62fa8a6ca409a74':
Replace the stub GoogleTransport with callout to the
This introduces a new Uri form of Intent with an "intent:" scheme, and a
corresponding update to the parser to handle these, so that the browser
can use this generic facility for starting activities based on the links
that are clicked and allow for web pages to link to arbitrary intents.
There is also a new "package" field on Intent which allows you to limit
the components it finds to a given package. This replaces the new method
that was added to PackageManger for doing this when resolving activities,
and implements it for all Intent queries against the package manager.
We now only increment the launch count when we are launching from one package
to another. Also the individual components in a package now have a count
of the number of times they have been entered, which likewise is only updated
when going to one component from another.
This requires a new data format (all old data is wiped) and new checkin
dump format (tools must be updated to read it).
