Before, it was like getting a used pan with food stuck on it. We run
a clean ship here. You want a Parcel? You get a fresh Parcel. When
we recycle a Parcel, we do a real clean-up job. Air freshener. All
bits brushed over. These Parcel objects are clean as heck now!
(specifically cleans mClassCookies)
Bug: 208279300
Test: build
Merged-In: I250872f5c6796bb64e2dc68008154c0e90feb218
Change-Id: I250872f5c6796bb64e2dc68008154c0e90feb218
(cherry picked from commit 46770fa49c)
Unfortunately we can't rule out the existence of devices where the user
storage wasn't properly prepared, due to StorageManagerService
previously ignoring errors from mVold.prepareUserStorage, combined with
OEMs potentially creating files in per-user directories too early. And
forcing these broken devices to be factory reset upon taking an OTA is
not currently considered to be acceptable.
One option is to only check for prepareUserStorage errors on devices
that launched with T or later. However, this is a serious issue and it
would be strongly preferable to do more than that.
Therefore, this CL makes it so that errors are checked for all new
users, rather than all new devices. A field ignorePrepareStorageErrors
is added to the user record; it is only ever set to true implicitly,
when reading a user record from disk that lacks this field. This field
is used by StorageManagerService to decide whether to check for errors.
Bug: 164488924
Bug: 224585613
Test: Intentionally made a device affected by this issue by reverting
the CLs that introduced the error checks, and changing vold to
inject an error into prepareUserStorage. Then, flashed a build
with this CL without wiping userdata. The device still boots, as
expected, and the log shows that the error was intentionally
ignored. Tested that if a second user is added, the error is
*not* ignored and the second user's storage is destroyed before it
can be used. Finally, wiped the device and verified that it won't
boot up anymore, as expected since error checking is enabled for
the system user in that case.
Change-Id: I9bdd1a4bf5b14542adb901f264a91d489115c89b
(cherry picked from commit 60d8318c47)
Merged-In: I9bdd1a4bf5b14542adb901f264a91d489115c89b
Repeated locale has not been accepted and IllegalArgumentException
is thrown. Instead of throwing exception, dropping repeated locale
instead.
Bug: 152410253
Test: atest LocaleListTest
Change-Id: I80f243678ac3024eaeb0349f770cff897df7f332
To make sure we kill all untracked children, too.
Bug: 156741968
Bug: 157598956
Test: manual inspection, PoC no longer works.
Change-Id: I5d8efeb05ddec08a7fc7c00eabca6590c4cfdd8c
This change introduces a means of introducing an artificial long task to
the package handler to help reproduce timing issues related to it.
Bug: 141413692
Test: atest PackageManagerTest
Change-Id: I61ddee1fe8b94f5803d981a77babb4bb19e31662
The intro text says PowerManager is discouraged, and almost
all the available wakelock options have long been deprecated.
Given that, I think it makes sense to remove most of that
intro and just point devs to FLAG_KEEP_SCREEN_ON instead.
Staged to:
go/dac-stage/reference/android/os/PowerManager
Test: make ds-docs
Bug: 145699347
Change-Id: I517366903f3d9743166d7edaddc08471af0803d9
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Merged-In: I53946ed4e31de0ffe9c84875c391a7dec6f5375a
Change-Id: Idaae690f79a5c680ad0059a52be62160d9dfb5e7
Instead of storing each Locale within a Configuration object's locale
list by its language, country, variant, and script to proto, store the
entire locale list by its language tags representation which accurately
describes each locale.
Bug: 140197723
Test: atest ConfigurationTest
Test: atest UsageStatsDatabaseTest
Test: manually with bad data
Change-Id: Id0e63ae4a7be578d1e93838b371320f86a787e0e
Bug: 138422309
This reverts commit 390d9e6a18.
Reason for revert: crashes documented in b/138422309
Change-Id: I235f727d0fe87c09f6f05dddcae7759bab64dfd8
Previously, the Cleaner we create to close the ashmem file descriptor
used a thunk that held a strong reference to the FileDescriptor we
wanted to clean up, which prevented the Cleaner from ever running.
Break the cycle by storing the integer value of the file descriptor
instead.
Bug: http://b/138323667
Test: treehugger
Change-Id: I613a7d035892032f9567d59acb04672957c96011
(cherry picked from commit 6ca916a657)
In Q, these APIs were either:
- removed from the greylist entirely without good reason
- Moved to the restricted greylist without any public alternative
information added
So they are being moved back to the greylist for Q.
Test: Treehugger
Bug: 136102585
Change-Id: I5ac8b8b9b23c3789d80239cf456072cc7dfa1203
This changes RescueParty to call vold over binder directly for
Checkpointing related calls. It turns out that if the system is in a bad
enough state, the other method would not work, as some of the services
required would not be running.
Bug: 135558798
Test: setprop persist.sys.enable_rescue 1
setprop debug.crash_system 1 or setprop debug.crash_sysui 1
vdc checkpoint startCheckpoint 3
stop
start
Device should go through the rescueparty flow, and reboot.
Repeat without checkpoint. Device should prompt reboot.
Change-Id: I8b11d68075cc291e9557d524bc87b54d17b370e4
Previously, there's only one Game Driver existed in the system, so we process
sphal libraries in GPU service to save the launch time for loading Game Driver.
Now we need to support a separate prerelease driver, so we have to move the
processing back to app launch time.
Bug: 134881329
Test: Manual test with prerelease driver and Settings UI.
Change-Id: Ic1bb412a6a026c68f55243c906bd56fe1fee44c3
This patch partially reversts ag/6991475 and ag/7161709. These changes
are no longer needed due to a change in the graphics driver strategy for
Q.
In addition, the preloading of the graphics driver in the USAPs need to
be removed to avoid causing a memory regression on devices with graphics
driver preloading in the Zygote disabled.
Bug: 134526352
Test: Treehugger
Change-Id: I570037866d1ae90794c711622e6045ebbffa5b9c
Merged-In: I570037866d1ae90794c711622e6045ebbffa5b9c
(cherry picked from commit fcd68fd74b)
This prevents any object data from being accidentally overwritten by the
exception, which could cause unexpected malformed objects to be sent
across the transaction.
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
Bug: 34175893
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013
Earlier, this API only used to consider op_legacy_storage
appop to decide whether an app will get legacy storage view
or not but there are few other factors it needs to consider
like whether the app has WRITE_MEDIA_STORAGE permission or
whether app was allowed to be an installer in which case it
will get legacy access.
Bug: 132760141
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I227a171bf40e43e135e1a6dbc819cfad21d91520
It's possible that the Ringtone URIs will be pre-canonicalized, which
don't maintain equality when compared to uncanonicalized URIs. In order
to handle this case, we just need to uncanonicalize both URIs before
comparing.
Fixes: 134394754
Test: manual, verified audio-coupled haptics works again on B1C1
Change-Id: I2e216db1013d5bc0db0a1622e0670853663f0db8
Bug: 133515802
Test: Verified that malloc debug can be enabled on a USAP enabled device.
(cherry picked from commit 86bd25d5ed)
Change-Id: I5f25030ce8e667d175712796c0950f38baa2532d
Merged-In: I5f25030ce8e667d175712796c0950f38baa2532d
An app opting in to "profileable" does not mean we should
allow it to load ANGLE libraries from the debug package.
Bug: 128637647
Test: atest CtsGpuToolsHostTestCases
Change-Id: I5c6ea33a1e1624e006bc4865bc0a06ea92d9d806
This reverts commit 3832aa9906.
Loading layers for apps that have opted for "profileable" breaks
the Android security model. They have only consented to exposing
profiling information, not exposing data under its control. Layers
have access to everything in the API calls.
Bug: 128637647
Test: atest CtsGpuToolsHostTestCases
Change-Id: I5aed181c3cec616c3ce98a1a30287b30f190ba9b
