Modify the package parsing code to understand optional permissions
(android:required="false"). This is essentially a rollback of
e824120016 with some minor changes.
Expose the requestPermission API to third party apps. This allows
an app to request an Intent which, when passed to
startActivityForResult, will prompt the user to approve permissions
for an app.
In the event we decide to not launch with this feature, this change
can be rolled back.
Change-Id: Ie3626deae9b16e510323f94a2c80377f7c84b26f
Add the buildPermissionRequestIntent API to PackageManager. This allows
an app to request an Intent which, when passed to
startActivityForResult, will prompt the user to approve permissions
for an app.
Currently, the API is @hide. It will be unhidden in a future change.
Change-Id: I4ec677002afa799a6eb5c2657c28452c91012436
The original documentation for this class indicated a leading slash was possible
but the code did not support it. Since then, the docs were changed to reflect
what the code does.
The purpose of this change is to allow the use of uri.getPath() as an argument.
With this change, the following can be done
matcher.addURI(ContactsContract.AUTHORITY,
ContactsContract.CONTENT_FILTER_URI.getPath(), CONTACTS_FILTER)
instead of
matcher.addURI(ContactsContract.AUTHORITY,
"contacts/filter", CONTACTS_FILTER)
Change-Id: I76a9e3133365be9fe7a8de86eae57f9eea1cd2a3
This patch set allows the PMS to parse the
mac_permissions.xml file which contains the
seinfo values. Each package that is installed
on the device will be assigned an seinfo value
based on policy. This seinfo value will help label
the app process and data directory. Modifications
include adjustments to ApplicationInfo.java
to store the seinfo tag per package as well as
adjustments to installd to communicate the seinfo
tag to libselinux.
Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
If the caller supplied an empty selection string (instead
of null) we would crash due to creating a bad SQLite statement.
Change-Id: I462803b80c81815ed9a3a320c23060daa28e8114
8323587: Add feature for supporting app widgets
8323342: Add feature for replacing the home screen
8323590: Add feature for supporting input methods
The app widget service looks for the app widget feature
and refuses to work if it doesn't exist. I didn't do
this for the input method service because some devices
will probably want to still make use of that mechanism
without supporting third party input methods.
Change-Id: Ie3b089105e104f4d767cdb03cdbe4fdb1c17382e
Adds the ability for apps to export some restrictions. The restrictions
are presented in Settings based on the restriction type. The user's
selections are stored by UserManagerService and provided to the
target user's application as a list of RestrictionEntry objects which
contain the key, value(s).
Also introduce a manifest entry for system apps to request that the
app be automatically installed in all users, so that they cannot be
deselected by the owner user.
Shared account filtering for non-whitelisted apps.
Change-Id: I15b741e3c0f3448883cb364c130783f1f6ea7ce6
If AsyncTaskLoader starts a background update due to a
content change, and that update is cancelled, we drop the
data when it finally arrives and forget that the content changed.
If we later come back to the loader, we then end up showing
stale data because we don't know that we still need to update
due to the old content change.
This change adds a couple new APIs to Loader to deal with the
time between when you ask for whether there is a content change
and finally either commit the data or cancel the update.
AsyncTaskLoader is changed to make use of this so that it doesn't
lose changes.
Change-Id: I3866236b1c22bb9138f2d9f6032b126aeaee2e6e
You can now declare shared libraries in apks that are
on the system image. This is like the existing mechanism
of using raw jar files as shared libraries, but since they
are contained in an apk the library can actually be updated
from the Play Store. And this even (mostly) works.
There are some deliberate limitations on this feature. A
new shared library *must* be declared by an apk on the system
image. Installing an update to a system image apk does not
allow you to add new shared libraries; they must be defined
by everything on the base system image. This allows us to
get rid of a lot of ugly edge cases (shared libraries that were
there disappearing after an update is uninstalled for example)
and give some brakes on apps that happen to be pre-installed
on devices from being able to throw in new shared libraries
after the fact.
In working on this, I ran into a recently introduced bug where
uninstalling updated to system apps would fail. This was done
to allow for the new restricted users that don't have all
system apps, but conflicts with the existing semantics for
uninstalling system apps. To fix this I added a new uninstall
flag that lets you switch on the new mode if desired.
Also to implement the desired logic for limitations on declaring
new shared libraries in app updates, I needed to slightly tweak
the initial boot to keep the Package object for hidden system
packages associated with their PackageSetting, so we can look at
it to determine which shared libraries are allowed. I think
this is probably more right than it was before -- we already
need to parse the package anyway, so we have it, and when you
install an update to a system app we are in this same state
until you reboot anyway.
And having this fixed also allowed me to fix another bug where
we wouldn't grant a new permission to an updated app if its
system image version is updated to request the permission but
its version is still older than whatever is currently installed
as an update. So that's good.
Also add new sample code showing the implementation of an apk
shared library and a client app using it.
Change-Id: I8ccca8f3c3bffd036c5968e22bd7f8a73e69be22
Natural languages differ so much and in such odd ways that you can't
use getQuantityString as an "if" statement. It's really just for grammaticality.
This is explained well in
http://developer.android.com/guide/topics/resources/string-resource.html#Plurals
but we need to make more of an effort to motivate people to read that, and to
at least get the most important point across if they don't read it.
Change-Id: I549b9f3563462c45f2dea34c558185e0714127cd
API and preliminary implementation for sharing primary user accounts with a secondary user.
AbstractAccountAuthenticator has new methods to retrieve and apply a bundle of credentials
to clone an account from the primary to a restricted secondary user. The AccountManagerService
initiates the account clone when it starts up the user and detects that the user has
a shared account registered that hasn't been converted to a real account.
AccountManager also has new hidden APIs to add/remove/get shared accounts. There might be
further improvements to this API to make shared accounts hidden/visible to select apps.
AccountManagerService has a new table to store the shared account information.
Added ability in PackageManager to install and uninstall packages for a secondary user. This
is required when the primary user selects a few apps to share with a restricted user.
Remove shared accounts from secondary users when primary user removes the account.
Change-Id: I9378ed0d8c1cc66baf150a4bec0ede56f6f8b06b
Keyguard currently relies on being in the system process to grab the
given user's widgets. When we split keyguard into a new process,
it will need to have access to user-specific info to instantiate a
specific user's widgets. In order to accomplish this, we add an
explicit userid to each binder call as well as new permission
check to allow keyguard access.
This also fixes a potential race condition of having an incorrect user id
due to an async call to change the user. Every binder call now has a specific
user id. The user id is either the calling process user's id or an explicit
one passed by applications like keyguard. It is created once when an
AppWidgetManager is instantiated and remains for the lifetime of the object.
Fixed bug where widgets sometimes didn't show up for secondary users.
Moved permission check in AppWidgetService into getImplForUser()
Refactored to use userid from context associated AppWidgetManager instance.
Clean up AppWidgetHost to use userId from Context.
Remove redundant userId check in checkPermission since it's handled by
ActivityManager.handleIncomingUser()
Removed redundant userid check.
Upload after rebase...
Change-Id: Iae3e20f2b342c323bb58768b3d22051510f8268b
It is beneficial that there is a mechanism on the platform
to notify applications whether it is safe to perform somehow
expensive operations while the user is not using the device.
Thus, user experience will not be degraded. An example is
discarding of unused blocks on a mounted file system instead
of doing this on every write operation.
bug:8056794
Change-Id: I708bad9d3ce6c8f1d5a1c05c0abf46f81a3d464b
