Add a separate system service RecoverySystemService to handle recovery
related requests (calling uncrypt to de-encrypt the OTA package on the
/data partition, setting up bootloader control block (aka BCB) and etc).
We used to trigger uncrypt in ShutdownThread before rebooting into
recovery. Now we expose new SystemApi (RecoverySystem.processPackage())
to allow the caller (e.g. GmsCore) to call that upfront before
initiating a reboot. This will reduce the reboot time and get rid of the
progress bar ("processing update package"). However, we need to reserve
the functionality in ShutdownThread to optionally call uncrypt if
finding that's still needed.
In order to support the update-on-boot feature, we also add new
SystemApis scheduleUpdateOnBoot() and cancelScheduledUpdate() into
android.os.RecoverySystem. They allow the caller (e.g. GmsCore) to
schedule / cancel an update by setting up the BCB, which will be read by
the bootloader and the recovery image. With the new SystemApis, an
update package can be processed (uncrypt'd) in the background and
scheduled to be installed at the next boot.
Bug: 26830925
Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560
Add HardwarePropertiesManagerService which call native methods to
get CPU, GPU, battery temperatures, CPU usage info, fan speeds.
Restrict hardware properties retrieval only for device and profile
owners.
Bug: 26945055
Change-Id: I4d6b30b78e575532d5e9cfa59ef6cd81355439d4
The new sdcardfs kernel driver needs to know this mapping for
deriving UID permissions, so push the data through /config when
supported by the kernel. This also has the nice benefit of letting
us push only the deltas of what actually changes, instead of
re-parsing the entire "packages.list" file.
The mappings for newly installed apps are pushed before the app is
allowed to run, removing some latent race conditions. Also cleans
up stale mappings when packages are uninstalled, and whenever the
system server reboots.
Bug: 19160983
Change-Id: Iace92efb69616c96b34c0d9d911e4b54e5fd8a67
This change makes StorageManager.getVolumesList(),
StorageManager.getPrimaryVolume(), and StorageVolume public and adds a
buildAccessIntent() in the latter to automatically generate the
ACTION_OPEN_EXTERNAL_DIRECTORY intent, but it doesn't change the
ACTION_OPEN_EXTERNAL_DIRECTORY implementation yet (i.e., it still takes an URI with the physical path of the directory, instead of a StorageVolume and
a directorny name).
BUG: 26742218
Change-Id: I36c59c42b6579e125ec7f03c3af141260875a491
Use this in the alarm manager to allow user whitelisted apps
to have free access to scheduling alarms.
Coming next: lifting sync/job restrictions.
Change-Id: Ib36bd811f866c7af43845edf051e7972397cea22
You can now associate an arbitrary Bundle of extras with a job,
as long as the job is not persisted.
Also implement deep-copy of Bundle.
Change-Id: I7890d627492b664d9b1f039e8cb82f8868de7be3
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
Clients of the NetworkStatsManager public APIs may get UIDs belonging
to other users, and UIDs which don't actually represent applications.
These APIs allow clients to understand whether a given ID belongs to
the same user as themselves, and whether an ID represents an
application or something else (e.g. a system UID).
Change-Id: Ia56d5891521ce98e5594c41da8f9d756819deb66
Add android.os.UpdateEngine and UpdateEngineCallback classes that
communicate with the update engine via binder APIs for A/B update.
Bug: 26695366
Change-Id: I2471858d28df5443bc0b56d9a20281ccebde4484
Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.
Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30
Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.
This also has the nice property that we only prepare storage when
we know that keys are unlocked.
Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
A variety of related fixes:
- don't force size enable when browsing from device mounted notifications.
- don't show settings menu item as action (put in overflow).
- add sd card icon (not quite yet used, need to suss that out).
Bug:26880985,26883578,26771127
Change-Id: I36f153c42217f8092f157ded2a756c02525593ab
We used to unconditionally remove the block map file on boot. Because
the package might be half-way uncrypt'd in a corrupt state. CL in [1]
changes uncrypt to ensure that block.map only gets created at the end of
a successful uncrypt. So we can change to keep the fully uncrypt'd
package and the block map. This is to reduce the work for GmsCore to
avoid re-downloading everything again.
[1]: commit 25dd0386fe69460cd1d39de116197dd2c7bf9ec2.
Bug: 26883096
Change-Id: I58ca22064141bf5d42fa48146a980712c8ce21d9
