Adds support for always-on VPN profiles, also called "lockdown." When
enabled, LockdownVpnTracker manages the netd firewall to prevent
unencrypted traffic from leaving the device. It creates narrow rules
to only allow traffic to the selected VPN server. When an egress
network becomes available, LockdownVpnTracker will try bringing up
the VPN connection, and will reconnect if disconnected.
ConnectivityService augments any NetworkInfo based on the lockdown
VPN status to help apps wait until the VPN is connected.
This feature requires that VPN profiles use an IP address for both
VPN server and DNS. It also blocks non-default APN access when
enabled. Waits for USER_PRESENT after boot to check KeyStore status.
Bug: 5756357
Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
All variations of getRelativeTimeSpanString() now properly handle dates
that are in the future. Prior, the version used by
getRelativeDateTimeString() would occasionally show the time instead of
a date when the future date was the same weekday as the current weekday.
This resulted in the time output being duplicated, eg.: "11:23, 11:23"
Change-Id: If20972a6942cce792fa233437f94dedfb71379f3
Signed-off-by: Steve Pomeroy <steve@staticfree.info>
There are potentially very many Handlers owned by services
that should not be blocked by barriers introduced by UI traversals
occurring on the same thread (if that ever happens).
Add some convenience constructors to make it easy to switch
these Handlers over to being async.
Bug: 7057752
Change-Id: I64d9bffe81e7c52ada4cfad4e89d4340153f4688
Should not happen (except for early dogfooders with a specific build),
but handle gracefully as we do elsewhere in dream manager.
To test:
adb shell sqlite3 \
/data/data/com.android.providers.settings/databases/settings.db \
"delete from secure where name = 'screensaver_components'"
Pre-fix workaround:
adb shell sqlite3 \
/data/data/com.android.providers.settings/databases/settings.db \
"insert into secure(name, value) values ('screensaver_components', \
'com.google.android.deskclock/com.android.deskclock.Screensaver')"
Change-Id: I2cf39608c8dd5011f6a00deece95eb6554da5173
UserManagerService is now closely tied to PackageManagerService,
sharing the same locks. There is no longer direct access of
Installer by UserManagerService, instead the package manager is
back to solely owning it.
Creating a new user now correctly only installs system apps for
that user.
Fixed some misc bugs, where we were getting nulls when
querying content providers and instrumentation in uninstalled
users, incorrect locking, etc.
Change-Id: Ife69b6e373d0cf7c5cfc03fc588e36b43ad5d8b0
Throw a more descriptive exception when an app has not set a
multi-choice mode listener and an item becomes checked.
Change-Id: Ib682fd7a467a3751bb81dacbd22676aaa4407d36
This add a new per-user state for an app, indicating whether
it is installed for that user.
All system apps are always installed for all users (we still
use disable to "uninstall" them).
Now when you call into the package manager to install an app,
it will only install the app for that user unless you supply
a flag saying to install for all users. Only being installed
for the user is just the normal install state, but all other
users have marked in their state for that app that it is not
installed.
When you call the package manager APIs for information about
apps, uninstalled apps are treated as really being not visible
(somewhat more-so than disabled apps), unless you use the
GET_UNINSTALLED_PACKAGES flag.
If another user calls to install an app that is already installed,
just not for them, then the normal install process takes place
but in addition that user's installed state is toggled on.
The package manager will not send PACKAGE_ADDED, PACKAGE_REMOVED,
PACKAGE_REPLACED etc broadcasts to users who don't have a package
installed or not being involved in a change in the install state.
There are a few things that are not quite right with this -- for
example if you go through a full install (with a new apk) of an
app for one user who doesn't have it already installed, you will
still get the PACKAGED_REPLACED messages even though this is
technically the first install for your user. I'm not sure how
much of an issue this is.
When you call the existing API to uninstall an app, this toggles
the installed state of the app for that user to be off. Only if
that is the last user user that has the app uinstalled will it
actually be removed from the device. Again there is a new flag
you can pass in to force the app to be uninstalled for all users.
Also fixed issues with cleaning external storage of apps, which
was not dealing with multiple users. We now keep track of cleaning
each user for each package.
Change-Id: I00e66452b149defc08c5e0183fa673f532465ed5
We were doing line breaks after punctuation as long as they weren't
surrounded by digits. This is a misinterpretation of the Unicode line
breaking algorithm. Punctuation (class IS) is not hugely different than
the default classes (NU and AL) - there are breaks after punctuation
that are allowed (for example, followed by an open parenthesis), but
we're not implementing the algorithm with anything near that level of
fidelity.
The long term fix is to really implement the algorithm. In the shorter
term, the easiest thing to do is to remove the special case altogether.
Change-Id: Ic4dc3216c2a4191fbb7cfa06e9dc038d1a56398c
Generate the racoon and mtpd daemon arguments in system_server,
instead of accepting them from Settings.
Bug: 5756357
Change-Id: I42c1a644f6add477fe4222342640d7db15982cb8
Created base tracker that handles common bookkeeping, and move VPN
to become a tracker. VPN status is now reflected in NetworkInfo, and
is mapped to LegacyVpnInfo.
Legacy VPN now "babysits" any init services it starts, watching for
when they stop unexpectedly.
Bug: 5756357
Change-Id: Iba7ec79da69469f6bd9a970cc39cf6b885b4c9c4
Create a new verifier API to extend the timeout for a giving package,
including the resulting action (allow or deny) upon the timeout occuring.
Bug: 6901038
Change-Id: I351f7944327f863aff1d7dd1227be74652fa1511
When dispatching input events to the main thread, the event is
handled directly rather than queued. If we have a timeout waiting for
the event to happen, it has to be registered before we call the
dispatcher, otherwise we'll wait for the timeout even though the event
has already been handled.
Bug: 6734044
Change-Id: I6826163dbc6133b385cf1076bb077fb4e82870a1
data/android directory doesn't exist sometimes, and hence cache
directory creation fails. Don't crash the process due to that.
Change-Id: I22d7ed5df9c70f021a87029e89a13a11b4b0303b
When RecoverySystem boots into recovery (to install an update or wipe
data and/or cache), pass the --locale argument with the currently
selected locale.
Change-Id: Ib280330932a402be2011207bff8f05caa9b999cd
Make better use of Display object by saving it in DisplayContent.
Only use layerStack when referring to Surfaces. Get displayId from
default Display or default DisplayContent. Remove warnings.
Fixes bug 7038151.
Change-Id: Ie493f0f5e755dc9b91ee969ff561c2a098283ead
