API and preliminary implementation for sharing primary user accounts with a secondary user.
AbstractAccountAuthenticator has new methods to retrieve and apply a bundle of credentials
to clone an account from the primary to a restricted secondary user. The AccountManagerService
initiates the account clone when it starts up the user and detects that the user has
a shared account registered that hasn't been converted to a real account.
AccountManager also has new hidden APIs to add/remove/get shared accounts. There might be
further improvements to this API to make shared accounts hidden/visible to select apps.
AccountManagerService has a new table to store the shared account information.
Added ability in PackageManager to install and uninstall packages for a secondary user. This
is required when the primary user selects a few apps to share with a restricted user.
Remove shared accounts from secondary users when primary user removes the account.
Change-Id: I9378ed0d8c1cc66baf150a4bec0ede56f6f8b06b
This helps reduce the pressure on framework.jar, and makes it clear
that it should only be used by the system_server.
Bug: 7333397
Change-Id: I0858904239535380fbf30562b793e277d8c3f054
Bug: 7473142
Provide hidden methods in AccountManager for querying accounts and
authenticating for a specific user. Lockscreen is running in the
system process. Allow only system process to access accounts across
users.
Also make sure to launch the lock settings screen on the just reset
user using startActivityAsUser()
Change-Id: Ifefc0039ba2b51396b8bd0268f36d5271a3d8676
Instead of explicitly scanning OWNER accounts, move to using the
"user starting" call path for consistency.
Bug: 7358086
Change-Id: Ied3289a074aafa48259d828db1d68804912589b3
Allow accounts to be loaded when a user is stopped, but always
validate accounts against a freshly queried PMS cache when the user
actually starts.
Bug: 7276595
Change-Id: I0382064c73123c243bc6f6e5da8fc3d0a8b73442
RegisteredServicesCache is used to track account authenticators and
sync adapters, which can vary based on user. This change requires
that callers now provide a userId when making cache requests. It
continues persisting into a single file for now, which is keyed based
on UID.
It now watches for package broadcasts from all users, and scans
packages on-demand. It changes cache callers to provide a relevant
userId, and evicts cache entries when users are stopped.
Changes SyncManager to only work with accounts from running users,
only kicking off pending syncs once a user is started.
Bug: 7276595, 7316150
Change-Id: I79466a84aa69aa37e4bd9691c5d6221d3662ff29
Also fix a bunch of system services that should be doing this. And
while doing that, found I needed to fix PendingIntent to evaluate
USER_CURRENT at the point of sending, not creation.
Note that this may end up with us having some notification shown to
non-primary users that lead to settings UI that should only be for
the primary user (such as the vpn notification). I'm not sure what
to do about this, maybe we need a different UI to come up there or
something, but showing the actual notification for those users at
least seems less broken than not telling them at all.
Change-Id: Iffc51e2d7c847e3d05064d292ab93937646a1ab7
Activities which help select an account gather the list of accounts only during create and dont update it agian. When a user moves out of the account selection activity by clicking home page, deletes an accout in the background and comes back to the earlier accout selection activity, the deleted account still exists as an option. This cl fixes this by updating the account list on resume.
Bug: 7135608
Change-Id: Idc9a2fa6451b032310c0ad66f6db0e2f0967feeb
Environment.getUserSystemDirectory(int userId)
Use it all relevant places that was hardcoding it.
Also, wipe out the user's system directory when user is removed, otherwise old state
might be transferred to a new user.
Change-Id: I788ce9c4cf9624229e65efa7047bc0c019ccef0a
Replaced all remaining places that used it with explicit user
specification.
While doing this, I ran into stuff that was creating PendingIntent
objects (that now need to specify the explicit user they are for),
which are also posting notifications... but have no way to specify
the user for the notification.
So the notification manager in the system process now also gets a
formal concept of a user associated with the notification, which
is passed in to all the necessary aidl calls. I also removed the
old deprecated aidl interface for posting/cancelling notifications,
since we now always need a user supplied.
There is more work that needs to be done here, though. For example
I think we need to be able to specify USER_ALL for a notification that
should be shown to all users (such as low storage or low battery).
Along with that, the PendingIntent creation needs to be tweaked to
be able to handle USER_CURRENT by evaluating the user at the point the
pending intent is sent.
That's for another change, however.
Change-Id: I468e14dce8def0e13e0870571e7c31ed32b6310c
Use AtomicFile for usermanager files.
Added a MANAGE_USERS permission that apps (signature permission) can use
to create/query/modify/remove users.
Change-Id: I5cf232232d0539e7508df8ec9b216e29c2351cd9
Moved a bunch of methods from PackageManager to UserManager.
Fix launching of activities from recents to correct user.
Guest creation APIs
Change-Id: I0733405e6eb2829675665e225c759d6baa2b708f
- Expose the existing Context.sendBroadcast() as
Context.sendBroadcastAsUser().
- Add new android:singleUser attribute for services.
- Add new INTERACT_ACROSS_USERS_FULL permission for full
system-level access to cross-user interface (allows
sendBroadcastAsUser() to send to any receiver).
- Add new INTERACT_ACROSS_USERS_FULL permission for
more restricted cross-user interaction: this is required
for android:singleUser, and allows you to use
sendBroadcastAsUser() but only to send to your own
receivers.
Change-Id: I0de88f6718e9505f4de72e3f45d29c0f503b76e9
Since applications can have Account providers, they need to be delayed
until after PackageManagerService says everything is mounted.
Otherwise the accounts associated with that provider will be removed
immediately when startup happens.
Bug: 6820670
Change-Id: Iba81765260421649f706624d0605a40ebc1347b1
The fix was to call ListView.setItemChecked()
instead of ListView.setSelection() for setting radio button status.
Also refactored the code a bit so it's less verbose.
Bug 6588533
Change-Id: I8add072a0277183baec7c0d5634a28f2d3a28c5e
This makes it possible to retrieve the account list in the order of creation,
if we want to display them in the account settings screen in that order.
Bug: 6579937
Change-Id: I2025aaa8b770fbb78be978dfde64ef95823fd5aa
- Added radio buttons to indicate the selected item
- "Add account" is one of the list options instead of a button
- Removed icons
- Added "Cancel" and "OK" buttons
- Use dialog theme
- Omit description text by default
Bug 6505441
Change-Id: I672a11481ee99e183142142bddf8f97b7b149d37
and have the GrantCredentialsPermissionActivity call that instead of a
static so that it can be made to run in a different process than the
AccountManagerService. Protect this call by checking that the caller
has the same UID as the system process.
Bug: 6545417
Change-Id: I295e65cad68883349a47e7927c171af45c89b229
This cl ensures that we immediately route the user to the add account
activity if they don't have an account and their is only one relevant
account type. Also reordered the setContent logic to reduce flicker.
Note that as of this CL there is still some flicker remaining when
launching G+ without an account. But it appears to be fixed in other
apps.
Bug: 6455975
Change-Id: I91e33b4fb9618a31765b4a8651334b1c52640828
Some developers accidentally create a blank accounts.db and this
was causing accounts to vanish. This safeguards the case where both
old and new files exist.
Bug: 6168813
Change-Id: I79cf211acc5422ff1c17fe0c9af80c49227b60ac
Get the full list of accounts from AccountManagerService in one shot
instead of getting them per user.
Bug: 6263091
Change-Id: I488f24749a96281ef1e2a620820399c97f471024
Broadcast intents that get sent out when users are added/removed/switched.
More work on generating user-specific information in package manager queries.
APIs to update user name and query a user by id.
Removed Package.mSetStopped and mSetEnabled, since they're not user specific.
User removal:
- Cleanup ActivityManager, PackageManager, WallpaperManager, AppWidgetService
and AccountManager.
- Shutdown processes belonging to the user.
Don't show vibrate option in long-press power if there's no vibrator.
Lock the screen when switching users, to force unlocking.
Change-Id: Ib23a721cb75285eef5fd6ba8c7272462764038fa
* Because the user directory probably won't exist, the renameTo
in previous code fails silently
Bug: 6188815
Change-Id: I6afd1bad9bbd1a36de7e93d9e02ed7172b1ed370
AccountManagerService
- Maintain multiple account lists, one per user
- Keep multiple databases of accounts
- Account db moved to /data/system/users/<userid>/
SyncManager
- SyncStorageEngine keeps track of multiple users' accounts.
- SyncQueue maintained as a single instance, queueing requests from
multiple users.
- Changed some methods to take userId arguments
- Removed some deadc0de
- Store the userId in the SyncOperation, so we know which provider
instance to bind to when queued operations are processed.
ContentService
- Pass along the userid to sync manager calls.
ActivityManagerService:
- Fixed a bug in cancelIntentSender
- Don't bring other user's task forward when resetting tasks.
Updated tests
Change-Id: If317340ef68e902787aa3f5ceb4cf96f14aea695
skipped if the user cancels out of adding an account the flow itself should
be canceled rather than showing the accounts list display.
Bug: 5599693
Change-Id: I5075e86656e237dddcb5e1d76e432e1cf525ab79
