Instead of hardcoding true/false in the code:
setprop log.LocationManagerService DEBUG
works just fine. Or the reboot-proof version in userdebug/eng builds:
cat > /data/local.prop <<eof
log.tag.LocationManagerService=DEBUG
eof
Change-Id: If4efad1c3adc401c0cb5d1a3cc449b53224ead08
Also add new ops for calendar and wi-fi scans, finish
implementing rejection of content provider calls, fix
issues with rejecting location calls, fix bug in the
new pm call to retrieve apps with permissions.
Change-Id: I29d9f8600bfbbf6561abf6d491907e2bbf6af417
LocationManagerService now annotates incoming Location objects that
have come from mock location providers. The new isFromMockProvider()
method can be called on any Location to determine whether the
provider that supplied the Location was a mock location provider.
Bug: 6813235
Change-Id: Ib5140e93ea427f2e0b0036151047f87a02b4d23a
Implemented reading and writing state to retain information
across boots, API to retrieve state from it, improved location
manager interaction to monitor both coarse and fine access
and only note operations when location data is being delivered
back to app (not when it is just registering to get the data at
some time in the future).
Also implement tracking of read/write ops on contacts and the
call log. This involved tweaking the content provider protocol
to pass over the name of the calling package, and some
infrastructure in the ContentProvider transport to note incoming
calls with the app ops service. The contacts provider and call
log provider turn this on for themselves.
This also implements some of the mechanics of being able to ignore
incoming provider calls... all that is left are some new APIs for
the real content provider implementation to be involved with
providing the correct behavior for query() (return an empty
cursor with the right columns) and insert() (need to figure out
what URI to return).
Change-Id: I36ebbcd63dee58264a480f3d3786891ca7cbdb4c
Use this to track the package name of applications
accessing GPS.
And now the app ops service can enforce that callers
must provide valid package names.
Change-Id: I842a0abe236ea85f77926d708547f0f95c24bd49
Initial implementation, tracking use of the vibrator, GPS,
and location reports.
Also includes an update to battery stats to also keep track of
vibrator usage (since I had to be in the vibrator code anyway
to instrument it).
The service itself is only half-done. Currently no API to
retrieve the data (which once there will allow us to show you
which apps are currently causing the GPS to run and who has
recently accessed your location), it doesn't persist its data
like it should, and no way to tell it to reject app requests
for various operations.
But hey, it's a start!
Change-Id: I05b8d76cc4a4f7f37bc758c1701f51f9e0550e15
systemReady() was returning before the LocationManagerService was
actually ready. Applications making LocationManager transactions
during their startup could possibly hit a race condition with the
yet-uninitialised LocationManagerService.
To guarantee that LocationManagerService is actually ready before
returning from systemReady(), we simply do the startup work on the
thread that called systemReady(), rather than spin up a secondary
thread to do the work asynchronously.
LocationWorkerHandler still needs a thread to do its work on, so
rather than have it run on the secondary thread that was
previously used for systemReady()'s work, we create a HandlerThread
for it.
Additionally, LocationManagerService.init() really needed to grab
lock for some of the things it was doing. I moved all of the code
that could benefit from mutex protection to a single section of
systemReady() and wrapped it up with a lock while I was at it.
Bug: 7723944
Change-Id: I51d480e2781622c3a14769c3a2019a2407dcfd8a
This is a more complete solution for this issue that disables
location providers when expiring their last request *and* adjusts
update intervals when expiring any request. This should help
further limit battery drain when a high-frequency-update app
exits, as it allows the system to throttle the update interval
back down to something appropriate for the remaining listeners.
Bug: 7611837
Change-Id: I88b419c92940b7e536d48b26e5fc0f72f3c9e73d
Location providers were not being notified of the change in status
when the last UpdateRecord was removed due to numUpdates exhaustion
or request expiry. Oops! Enjoy some free battery life!
Bug: 7611837
Change-Id: Id48151eb7de40164258cde7da220a4d6bb34b89a
Change-Id: Ibf93833697c865904f29821e5778853127e5fb00
Signed-off-by: You Kim <you.kim72@gmail.com>
Conflicts:
services/java/com/android/server/LocationManagerService.java
...android.os.Parcel.nativeAppendFrom(Native Method)
The failing stack trace is:
11-20 20:29:04.365 19154 19170 E AndroidRuntime: java.lang.IllegalArgumentException
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.nativeAppendFrom(Native Method)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.appendFrom(Parcel.java:428)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1613)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.location.Location.writeToParcel(Location.java:903)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeParcelable(Parcel.java:1254)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeValue(Parcel.java:1173)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeMapInternal(Parcel.java:591)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1619)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.location.Location.writeToParcel(Location.java:903)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeParcelable(Parcel.java:1254)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeValue(Parcel.java:1173)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeMapInternal(Parcel.java:591)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Bundle.writeToParcel(Bundle.java:1619)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.os.Parcel.writeBundle(Parcel.java:605)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.content.Intent.writeToParcel(Intent.java:6660)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at android.app.ApplicationThreadProxy.scheduleReceiver(ApplicationThreadNative.java:763)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at com.android.server.am.BroadcastQueue.processCurBroadcastLocked(BroadcastQueue.java:230)
11-20 20:29:04.365 19154 19170 E AndroidRuntime: at com.android.server.am.BroadcastQueue.processNextBroadcast(BroadcastQueue.java:777)
This is odd because where we do Bundle.writeToParcel(), we are just writing the Parcel
we have with its current length. There is no way this should be able to fail like this...
unless the Bundle is changed while we are running?
Hm.
It looks like the location manager is holding on to Location objects which have a
Bundle of extras. It is that Bundle of extras that the crash is happening on.
And the bundle extras can be changed as it operates. And there are places where
the raw Location object is returned from the location manager, which means the
caller can be olding on to a Location object whose extras can be changed at any
time by other threads in the location manager.
So that seem suspicious.
This change should take care of all these places in the location manager, by
making sure to copy the location object before it goes out of the location
manager.
In addition, add some code to the activity manager to not bring down the entire
system if there is a problem trying to send one of these broadcasts. There is
no need, we can just skip the broadcast as bad.
Change-Id: I3043c1e06f9d2931a367f831b6a970d71b0d0621
LocationManagerService was serially stuffing the same Location into
multiple Intents, which it would immediately hand off to
ActivityManagerService, running as a different thread in the same
process. LocationManager would continue to work with that Location
while ActivityManagerService worked with a Parceled version of it.
However, Location.mExtras is also a Bundle, and both
ActivityManagerService and LocationManagerService ended up working
with references to the same Bundle. ActivityManagerService needs
it in Parceled form (ie mParceledData != null), but
LocationManagerService was triggering Bundle.unparcel() when
referencing the data contained within.
As a result, LocationManagerService was able to trigger NPE (or
worse) in ActivityManagerService by manipulating the mExtras
member of a Location that was in the process of being reported to
listeners.
To resolve this issue, I copy-construct a new Location to report to
each listener. This should prevent ActivityManagerService and
LocationManagerService from referencing the same Bundle data, as
Location's copy constructor also copyconstructs the mExtras member,
rather than simply share references.
Bug: 7518371
Change-Id: I1a92615cba361831494447d5de085a8d910b6b2c
Geofences are broken in multiuser, and need to be fixed before
reenabling the feature for secondary users.
Change-Id: Ief3008a294deed47760ee25efcf1cdef5371b038
Decrement the number of updates after a location fix has been sent to a
a listener. This is necessary for respecting calls such as
requestSingleUpdate().
Bug: 7460868
Change-Id: Iea207ab494b93b936ca434d59652bb2cb6404cef
Frameworks' FusedLocationProvider runs as a specific user so that it
can join a specific process. The solution that works for NLP, run one
copy per user as that user, does not work for FLP.
To make FLP play nicely with multiuser, I've allowed SYSTEM_UID to
operate in the background and included a hardcoded exception to
prevent ServiceWatcher from trying to launch one FLP per user.
Bug: 7279799
Change-Id: I573ea5226d8d00777421b39c5c3fb0899bf09b4d
This commit is the result of a comprehensive permissions review for
MR1 release. It addresses a number of deviations from spec and from
MR0's behavior, bringing MR1 into sync with both.
It also cleans up the concept of "location resolution permission",
representing it internally as an enumerated access level to reduce
reliance on cumbersome string manipulation. There's a function to
convert the enum int into a permission string where needed, too.
Additionally, this confines caller-identity-sensitive calls to the
hopefully-obviously-named "getCallerAllowedResolutionLevel()". This
should make it much easier to prove correctness with respect to
accidentally calling functions that depend upon the caller's identity
after identity has already been shed by Binder.clearCallingIdentity().
Change-Id: I446169aee8fb2fde26ac6d04b479b40253782acb
If a provider is unknown, return null in
LocationManagerService.getProviderProperties() instead of throwing a
security exception, so that LocationManager.getProvider() returns null
in this case, as specified by the javadoc.
Bug: 7359960
Change-Id: I1b8b74745f66717a3439a1d353a46a23272cc313
During testing it's possible to mock a location provider, but the fused
location provider wasn't being inserted into the "mRealProviders" map so
when the fused location provider was unmocked, it would disappear
permanently from the list until the next reboot.
Bug: 6949478
Change-Id: I4993aa7fbbd21cea16bdbf2722d637c909b1cd73
LocationManagerService now keeps track of the current user ID and
denies location requests made by all but the foreground user.
Additionally, location settings are now user-specific, rather than
global to the device. Location provider services now run as specific
users, and when the device's foreground user changes, we rebind to
appropriately-owned providers.
Bug: 6926385
Bug: 7247203
Change-Id: I346074959e96e52bcc77eeb188dffe322b690879
Use LocationManager.getLastPosition() in GeofenceManager instead of
keeping track of it manually. Keeping track of it in GeofenceManager
doesn't handle the case where we install a fence, and cross it just
after that based on the last position before we installed the fence.
Also shuffle around some code in LocationManagerService to remember the
last position even if there are no UpdateRecords. This is useful in the
GeofenceManager for example.
Bug: 7047435
Change-Id: Ia8acc32e357ecc2e1bd689432a5beb1ea7dcd1c7
Add a case for isAllowedProviderSafe() to handle providers that are not
GPS/Passive/Network/Fused. For example, this is useful for mock
providers.
Bug: 7047435
Change-Id: If4799aa90a5338889c47582d45cbfc25772c9c53
This allows primary/secondary users to have different "Google
Location Services" preferences. It also reenables LocationBlacklist,
which is fixed elsewhere.
Bug: 7213502
Bug: 7248239
Change-Id: I94837682f95920c225c00b7da2de6dd1418a673e
There is now only a single config value pointing
at a list of packages to get certs from. The old
system was a bit confusing.
The fused location provider also now builds
against SDK 17, and the meta data service version
tag was renamed from the overly generic "version"
to "serviceVersion".
Bug: 7242814
Change-Id: I00d27c9cbd5cc31a37bb4a98160435d15a72e19e
In MR0, we did not allow applications to query enabled status of
location providers they did not have permission to use. Some
applications counted on this behavior, using the thrown
SecurityException to determine whether or not they have permission
to use the specified provider.
Reverting to this behavior fixes the regressions seen in those
applications.
Bug: 7251459
Change-Id: I8b0cfd5862c80f0c831a4ab544c3fa7408bc84a0
getAllProviders() should return all locators, including those not
allowed or not enabled (according to the existing javadoc, at least).
The checkPermission() call prevented this behavior by throwing a
security exception. We restore the previous behavior by removing the
call.
Bug: 6950369
Change-Id: I0c6bc676d4c4db482bb68f1ab7fa5c93675118b4
Oops, looks like we were spinning up a secondary thread to run some
tasks that will just happen on the main thread regardless. Removed
the secondary thread and fixed up initialisation order regarding
mHandler and things that post to it. Also reordered GPS and
PASSIVE provider initialisation order since GPS depends on PASSIVE.
This should be both safer and easier to read.
Bug: 7248029
Change-Id: I8630caf0a7bd1b2c401603075676f13dda5be4fa
This takes the easy way around notifying the correct users
about GPS state transitions by notifying ALL the users(!).
I've also laid groundwork for proper multiuser support in
LocationManager and did a tiny bit of cleanup in
GpsNetInitiatedHandler while I was looking at notifications.
Bug: 7213552
Change-Id: I2d6dc65c459e55d110ac0f5f79ae7a87ad638ede
Preferring the GPS location provider over NLP should produce better
average and worst-case results than NLP, which is very accurate in
certain conditions and completely useless in others.
Bug: 7182301
Change-Id: If7d50f0d3ac663cbfd84b7033adc204c11bcaca4
This restores MR0's behavior in this regard - apps calling
LocationManager.getProviders() or LocationManager.getBestProvider()
will no longer receive a SecurityException if they do not have
any location permissions. Instead, as was the behavior in MR0, they
only receive providers that their permissions grant them access to,
including an empty list if they have no permission whatsoever.
Bug: 7207864
Change-Id: I027df425e258d436c4821c34a25bc46a2a292824
FusionEngine now attaches a secondary location that has never seen
GPS data to its result. LocationFudger uses the GPS-less location so
that COARSE apps never see data from the GPS provider.
When the previous location is updated, the previous GPS-less location
is carried over if the location update was GPS-only.
Additionally, apps without FINE permission are not notified when GPS
location changes, and any attempt to use GPS_PROVIDER without FINE
permission is met by a stern SecurityException.
Bug: 7153659
Change-Id: I12f26725782892038ce1133561e1908d91378a4a
This replaces the ACCURACY_METERS constant and all derived values with
a secure setting. This value defaults to 2km and has a hardcoded floor
of 500m.
Bug: 6982024
Change-Id: Ibf97ab57145abf28c4a9747444f40250adddf23c
Bug 7051185
- Register a ContentObserver to track settings changes rather than
opening up a Cursor with a ContentQueryMap.
- Move updateProvidersLocked into init to assure that the
ContentObserver does not miss any changes.
- Move blacklist and fudger creation before loadProvidersLocked to
improve code readability.
Change-Id: I4d3e19fa33401c384bc2b00658d4336ea119e0e5
