java.lang.SecurityException: Neither user 1209 nor current process
has android.permission.WAKE_LOCK.
Change-Id: I465972ab91b007e04b2ac62550f78583956a4048
When using sendOrderedBroadcast(..) with a BroadcastReceiver the
BroadcastReceiver instance was not released. The reason for this was that
the resultTo field in the BroadcastRecord kept a reference until it was pushed
out of the mBroadcastHistory. This reference in turn kept a reference to the
process side IIntentReceiver (implemented in ReceiverDispatcher$InnerReceiver).
This in turn had a strong reference (through mStrongRef) to the Context.
In order to keep the debug output the resultTo is also kept as a String in the
new resultToString variable.
Change-Id: I4382a22a541c27b3694fb2b78a04ee820b235f8f
Cyclic references can occur between a Service object held by an
application and a ServiceRecord object held by the system server.
A part of the problem is that binders are leaked and since many binders
are implemented by inner classes of services these services are also leaked.
This causes low memory problems. The solution is: When a Service is beeing
destroyed, go through the ServiceRecord's all IntentBindRecord and set its
binder references to null. This allows the binder and the service object to
be garbage collected.
Change-Id: I5a257521964851f34c08ffb3908feaad96b1bafe
ServiceRecord's bindings is a hashmap to keep track of all active
bindings to the service. This is not cleared when the service is
brought down by activity manager. This adds up the references to
IntentBindRecords and its references to ServiceRecord. Fix is to
clear the bindings.
ServiceRecord's restarter is a reference to the service and is not
cleared when the service is brought down by activity manager. This
adds up the references to ServiceRecord. Fix is to set the reference
to null when the service is brought down by activity manager.
Change-Id: Ica448cd5f60192c8adb23209b5d0e2cf0c04e446
3094621: add "wipe sd card" option to factory data reset
3094609: collapse unmount/format into one command
Also since we have decided that it is important to consider
the Crespo storage as internal storage, DevicePolicyManager
gets a new API to be able to wipe it. (No big deal, since
all of the work for this is now done in the implementation
of the new UI.)
Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
This change adds a new window type for secure system overlays
created by the system itself from non-secure system overlays that
might be created by applications that have the system alert permission.
Secure views ignore the presence of secure system overlays.
Bug: 3098519
Change-Id: I8f8398f4fdeb0469e5d71124c21bedf121bd8c07
I can't find the bug number for this, but it is needed for some things
we are doing where the app building an intent may not have access to the
URI in the data field. This is for HC, but doing in GB to avoid introducing
integration issues.
Change-Id: I0cac971854198b18775d2a73deb80f23431bfbe2
When starting a broadcast, the ActivityManagerService posts a delayed
BROADCAST_TIMEOUT_MSG to handle timeouts. If a premature timeout occurs,
we post a new BROADCAST_TIMEOUT_MSG to extend the timeout time for the
current receiver. However, if the current receiver does timeout, the
message is consumed and no replacement is ever posted.
To fix the dropped timeouts, we track whether we have a pending broadcast
timeout message and setup a new one when we begin working on the next receiver.
As a last resort, performNextBroadcast contains code to detect whether
a broadcast appears to be hung (timeout handling failed). If so, it
calls broadcastTimeout to cause it to timeout immediately.
However, performNextBroadcast is holding on to the ActivityManagerService
lock while doing this but broadcastTimout expected to be called
while the lock was not held since after updating the broadcast record state,
it calls appNotResponding.
To fix the unintentended lock reentrance, changed broadcastTimeout to
assume the lock is already held (and the callers ensure this) then
added code to perform the ANR asynchronously.
Renamed a few methods to add "Locked" suffixes where appropriate and added
a few comments for tricky areas uncovered during review.
Change-Id: I3cb5b06d6b6a4a338f32c0998db721f6acf3b082
Don't kill processes for excessive wake lock use, even if they
are in the background, as long as they have running services.
Also fix some problems with this, such as not noting the kill
in battery stats.
And add killing of processes for cpu usage as well, along with
some optimizations to computing CPU usage.
And fix BatteryWaster to be better behaving for testing these
cases.
Add new "monitor" command to am to watch as the activity manager
does stuff (so we can catch things at the point of ANR).
Finally some miscellaneous debug output for the stuff here, as
well as in progress debugging of an ANR.
Change-Id: Ib32f55ca50fb7486b4be4eb5e695f8f60c882cd1
The main problem here was in the error recovery when we are waiting
for a process to start but it has failed for some reason. The code
was just setting mPendingBroadcast to null, but this would cause
an eventual ANR because the state was not set back to IDLE so we
would continue waiting for the broadcast without trying to restart
its process.
Now we set it to idle. We also need to reset the "nextReceiver"
index, so there is a new mPendingBroadcastRecvIndex variable holding
what it should be set back to.
While digging into this, I found a number of other lesser problems:
- There is a race when booting the system where we set mSystemReady
to true before restarting the upgrade processes. This could allow
a broadcast to happen between those two and its process to immediately
be removed. To fix this, there is a new mProcessesReady that is set
once we are truly ready to start launching processes.
- There were various places where we were calling sendBroadcastLocked()
without the flag to send only to receivers... if this is called before
mProcessesReady is set, then we would end up sticking any process for
the broadcast on the holding list to not get launched until later
(and hang up all broadcasts as they want for it). Now we always make
sure to set this appropriately.
- sendBroadcastInPackage() was not doing all of the validation that
sendBroadcast() does.
And of course a bunch of new debugging logs that were done in the
course of tracking this down.
Change-Id: I6134bbd94fdb73db8b693507b29499eae012d543
- New API for iterating over history that will allow a better implementation
in the future.
- Now do writes asynchronously.
Also improve the documentation for Activity.onRetainNonInstanceState().
Change-Id: Idf67f2796a8868eb62f288bcbb2bad29876c8554
This fixes a problem where applications could ask the location
manager to do very heavy-weight things (like... say... update
location every minute), which would get accounted against the
system instead of the application because ultimately it is the
system making the heavy calls (wake locks, etc).
To solve this, we introduce a new class WorkSource representing
the source of some work. Wake locks and Wifi locks allow you
to set the source to use (but only if you are system code and thus
can get the permission to do so), which is what will be reported
to the battery stats until the actual caller.
For the initial implementation, the location manager keeps track
of all clients requesting periodic updates, and tells its providers
about them as a WorkSource param when setting their min update time.
The network location provider uses this to set the source on the
wake and wifi locks it acquires, when doing work because of the
update period.
This should also be used elsewhere, such as in the GPS provider,
but this is a good start.
Change-Id: I2b6ffafad9e90ecf15d7c502e2db675fd52ae3cf
We weren't logging strictmode violation in the system_server process
in non-user builds (only system apps), even though the rest of the
strictmode logging supports it.
Also add a missing lock in ActivityManagerService.
Change-Id: If2af96a7e4fdde604a647b836097f0029ef1334b
The activity manager looks for cases where one app launches immediately
after another. If this happens, a brief toast is shown telling the user
when app is actually running and what was originally starting.
Change-Id: If94cf5bd393dd0bc0f09789dae044fde1386c481
For the duration of the wake lock, 50% of all CPU usage is now
accounted against the app(s) holding partial wake locks, evenly
distributed between them. This is only while the device is on
battery and screen off.
Change-Id: I3e5c978b792b6ef17bf8540705bfe8343dadd464
- Collect data at better times.
- Collect per-thread CPU usage as soon as possible after the ANR, and print
in log.
- Based on new per-thread CPU usage, limit the number of processes we
collect stacks from to not include inactive not interesting procs.
- Improve the way ProcessStats compute and reports its data.
Change-Id: I12b17fb47d593d175be69bb792c1f57179bf4fdf
There was a flaw in the service management, when the same activity
is doing a bindService() for the same service IBinder. In this case
the activity would correctly keep a list of all generated connections,
however some other data structures would assume there is only one
connection per IBinder, and thus only remember the last.
When that last connection was unbound, the service would be destroyed
since it thought there were no more connections. Then when the
activity was finished, it would try to destroy the service again and
end up with an ANR because the service was already gone and would
not respond.
Change-Id: I59bde38bc24e78147b90b0a7cd525c2a1d20489f
It would grant the permission to the temporary ActivityRecord,
not the real one, so it never got cleaned up.
Also allow granting of permissions to services because... well,
it would be really really useful. And it introduces some
refactoring that we'll need to support cut/paste.
Change-Id: If521f509042e7baad7f5dc9bec84b6ba0d90ba09
- Now track wake locks in battery history.
- Now track sensors in battery history.
- Some filtering of sensory data.
- Fixes to some data that wasn't cleared when resetting battery stats.
- Print amount discharged since last charge.
And the big part -- keep track of wake locks held per process,
and kill processes that hold wake locks too much while they are in
the background. This includes information in the battery stats
about the process being killed, which will be available to the
developer if the app is reported.
Change-Id: I97202e94d00aafe0526ba2db74a03212e7539c54
The guard is compiled out by default because it adds overhead to
android.os.Process.setPriority().
Change-Id: Ibb2a648c6349b381abb7ae62a358888b04fba871
This was originally written as an in-case-we-need-it facility, but was
never actually used in production. It also soaked up a surprising amount
of cpu on occasion, as well as doing sketchy things like demoting the
system_server's primary looper thread to the background cgroup at times.
Change-Id: I9a81a8d1e9caea9e0a1277d97785fe96add438d7
Introdude a new ActivityStack class that holds all of the
state and management of a stack of activities. Paves the way
for having multiple activity stacks, though at this point
there should be no change in functionality and the activity
manager is still assuming there is only one stack.
Change-Id: Iea4859a24c9269061043755ec58a615028d4183b
Implement notification manager handling of bad notifications, to
call a new activity manager to have the owner's process crashed
(if there is one).
Change-Id: Ib15e8d0c598756f3b39c99cc2045c18e054daf6b
- Move PackageInfo out of ActivityThread, renaming to LoadedApk.
- Rename some of the other PacakgeInfo inner classes to better
represent what they are.
- Rename HistoryRecord to ActivityRecord.
- Introduce AppGlobals, to eventually let ActivityThread become
package scoped.
Change-Id: Ib714c54ceb3cdbb525dce3db9505f31042e88cf0
An Activity can declare itself to be "immersive" either by
setting android:immersive="true" in AndroidManifest or by
calling setImmersive(true).
Immersive activities "should" not be interrupted, for
example by Notifications with an associated
fullScreenIntent. (In the future we may even prevent any
non-system application from successfully calling
startActivity() if the foreground activity is immersive.)
Notifications with FLAG_HIGH_PRIORITY set will be shown to
the user in some less-obtrusive way if the frontmost
activity is immersive.
Change-Id: I8d0c25cc4e22371c27cbf2bb6372d2c95d57b2d7
Modify OOM adj classes a bit, to take into account the new
heavy weight app type, and give "foreground services" their
own category to have a bettery chance to manager them when
things go wrong.
Also add some new code to battery stats to keep a history
of changes to the battery level.
Change-Id: I29f5ab6938777e1a7eafd7d8c38b5e564cc9f96a
This is a new public API for developers to opt-in to strict rules
about what they're allowed to do on certain threads. (this is the
public face of the @hide dalvik.system.BlockGuard, added recently...)
In practice this will be used for developers to opt-in to declaring
that they don't want to be allowed to do various operations (such as
disk I/O or network operations) on their main UI threads. (these
operations are often accidental, or even when they are fast come with
a good chance of being slow or very slow in some cases....)
Implementation wise, this is just a thread-local integer that has a
bitmask of the things that aren't allowed, and more bits for saying
what the violation penalty is. The penalties, of which multiple can
be chosen, include:
* logging
* dropbox uploading for analysis/reporting
* annoying dialog
* full-on crashing
These are all only very roughly implemented at this point, but all
parts now minimally work end-to-end now, so this is a good checkpoint
commit before this gets too large.
Future CLs will polish all the above 4 penalties, including
checksumming of stacktraces and minimizing penalties for duplicate
violations.
Change-Id: Icbe61a2e950119519e7364030b10c3c28d243abe
Merge commit 'ac24d23cd4a96f38b4e9cb0318a7c298794b9b6a' into kraken
* commit 'ac24d23cd4a96f38b4e9cb0318a7c298794b9b6a':
Don't bring up Launcher until after boot complete
The preboot upgrade handling was bringing up the acore process with a default
application object, then the normal "start the HOME app" code was bringing up
Launcher2 [hosted in acore] in anticipation of boot completion... but then it
saw that the host process was alive and continued with Launcher2's init.
Launcher2 depends on a custom application object, however, so it crashed
immediately.
This change ensures that the HOME app is not actually initted at that level
until after boot has completed, at which point its proper application class
can be instantiated.
Fixes bug #2732250
Change-Id: I1a15384e2c0d50e14300df0c0db236bd7b1a187c
