This partially reverts the previous commit [1], which allowed special
components to be granted some pre-configured default permissions.
With this CL, we no longer grant Contacts permissions to pre-installed
IMEs. Rationals are:
1. Even without this CL, not the all pre-installed IMEs are granted
Contacts permission by default, because it was done during the boot
time where InputMethodManagerService is not yet completely
initialized. The current behavior is confusing not only for users
but also for developers.
2. In almost all the cases, IMEs are supposed to be able to work
without Contacts permission. Hence it is not too late to ask users
to grant the permission to the IME after the initial setup is
completed.
3. It is difficult to add new features such as File-Based Encryption
(FBE) with keeping the current implementation, because currently we
dynamically call mSettings.setCurrentUserId(userId) just to
enumerate what IMEs will be enabled for a given user. Adding
another condition (whether the user has already unlocked the device
or not) would make things more complicated.
Note that LatinIME has already support the case where Contacts
permission is not granted by default. It does not ask users for
anything until Setup-Wizard is completed, and requests Contacts
permission only when the user taps a message in the suggestion strip
that suggests users to use contacts name for typing suggestions.
[1] If8b8cadbd1980ffe7a6fc15bbb5f54a425f6e8f9
adc1cf4604
Bug: 24756974
Bug: 26743676
Change-Id: Ief2a40b5971b3eb97d765f934d20ce7f2ef25665
An app can now declare that it really needs to be backed up
whenever possible even if it is currently engaged in foreground-
equivalent work. Only applies to full-data backup clients: key/value
backups are not intrusive on normal lifecycle so they can already
happen in such circumstances.
Bug 26790411
Change-Id: Ia0ebcc7a53da888ae9ae4d63cd4bcab6e3a2e866
Backup requires both CE and DE storage to be available, so delay
spinning up the backup system until the user is unlocked, since
that's when CE storage becomes available. Note that devices without
FBE immediately transition USER_SYSTEM into the unlocked state,
since their CE is always available.
Offer to backup and restore files under both CE and DE. Since DE
is effectively the same as CE, most logic is simply duplicated for
now, but it could be simplified in the future. Since system apps
can force their default storage location to DE, we always build
explicit CE and DE paths.
Add getDataDir() to give clean access to the top-level private data
directory, but disclaim that apps shouldn't create files there.
Bug: 26279618
Change-Id: Ic34a4b330223725db93b1d0f5c9dffc88002c61f
This change makes StorageManager.getVolumesList(),
StorageManager.getPrimaryVolume(), and StorageVolume public and adds a
buildAccessIntent() in the latter to automatically generate the
ACTION_OPEN_EXTERNAL_DIRECTORY intent, but it doesn't change the
ACTION_OPEN_EXTERNAL_DIRECTORY implementation yet (i.e., it still takes an URI with the physical path of the directory, instead of a StorageVolume and
a directorny name).
BUG: 26742218
Change-Id: I36c59c42b6579e125ec7f03c3af141260875a491
Refactor setPackageSuspended into setPackagesSuspended. The rationale
is that the consumers of this API are likely to want to remove
multiple packages at once. Rather than calling the API N times, call
it just once.
The good part is that we already have the broadcast intent for
suspended packages take an array so only one broadcast. Less stress
on the system.
Another good part is that (right now) we only have one consumer of
this API and it will be easy to make changes once this CL goes in.
As a shell command, for consistency only allowed one package at
a time.
Bug: 22776761
Change-Id: Ic8b8cf64d0a288ea3a282bb7b72f9d663b3b0049
Instead of always rebuilding the full ApplicationInfo for a
package when callers are only interested in the suspended status
add a new fast API in Packagemanager (which only checks the
suspended user setting for the requested package and returns
a boolean) and change the appropriate caller code too.
Bug: 26794775
Bug: 22776761
Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a
We were previously only doing it for SCREEN_ORIENTATION_UNSPECIFIED,
but there are other orientation settings that aren't fixed that we
need to handle.
Change-Id: If21fcd8312b6267407d94b6646158ac6eae44b44
We're starting to see more instances of device features that will
increment separately from the SDK API level, such as camera HAL,
GPU capabilities, Bluetooth, and other hardware standards.
This change adds the ability for device features to specify a
version, which is defined to be backwards compatible. That is, apps
requesting an older version of a feature must continue working on
devices with a newer version of that same feature.
When a version is undefined, we assume the default version "0".
Bug: 27162500
Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
Allow launcher to see and attempt to launch non-crypto
aware application when profile is locked.
Hide unlock notification until parent user is unlocked.
Have unlock notitication use confirm credentials to unlock
the profile.
Updated notification strings as per suggestions in mocks
to make it clearer between users and profiles.
Bug: 27038260
Change-Id: If2d2c8148670d814544f4edd44193d15da32a289
We feel this experience is better than the 2-finger gesture.
Added ActivityInfo.RESIZE_MODE_FORCE_RESIZEABLE resizeMode
to indicate we are force resizing an app.
Bug: 27132829
Bug: 26847884
Change-Id: I65db2de0d9f3f171cc3bb136cc1282b3ef3549b0
Adds a bindService variant to run the ServiceConnection callbacks
on a dedicated Handler.
Changes KeyguardService binding to use the foreground thread
instead of the main thread and changes state to the
KeyguardScrim on the UI thread.
Bug: 26954967
Change-Id: I9d7bd85382816cd0e23772b14ff6518266a9d232
The servcies shared lib contains components apps can invoke such
as services to bind to, activities to start, UI choosers, etc.
This lib is built from AOSP code but an OEM may chage its
package name. For example, Google renames the package names for
GMS apps from android.foo.bar to com.google.android.foo.bar.
While we have more than one shared lib that are a part of the
platform (currently shared and services libs) the serivces lib
is the only one clients need to start components in, thus need
to know its package name. This change adds an API to query the
package name of the services shared lib. The API is hidden as
currently the only clients are a part of the system.
Change-Id: Ied48fa4819024522791764b22b3336d4f4b42cc3
Bug: 26874366
On Multiarch apps, it might be necessary to prioritize 32bit Abi ahead
of 64bit ones. The use32bitAbi flag enables this.
This CL also reverts the public api changes in I2c1fd1d036efe72b28b5fe996416df69a583959f and Ie3ecea6d84e2cb1522e736a21c3a3a24ac62eb27. Previously
the same functionality was provided using a raw abi string that
utilized cpuabioverride flag.
Change-Id: Idce3cbfedd11ef9079ce8a2901e69d30b1cf9ef4
This change introduces the ability to have multiple packages per
APK. The feature is currently restricted to privileged apps and
updates to such apps.
In essence the manifest can have multiple child package declarations.
A child package can declare everything an Android package can except
some tags or attributes that are not applicable and instead inherited
from the parent when needed. For example, the target SDK of the parent
applies to all children.
A child package can be updated only through the parent package.
A package with multiple child packages is installed, uninstalled
atomically - no partial installs where some child packages are not
installed.
The remaining work is to ensure broadcasts are also sent for child
packages. This will come in a subsequent change.
Sample app:ag/848432
Design doc: https://docs.google.com/document/d/18nFWtJuZchLxrHf5SBbJW03-Ky9Rh_G0-OVB14b6u78
Change-Id: I6fd021d981bf5786290e0c53502724a14c97358c
When a system app requests "forceDeviceEncrypted" they expect their
default app storage to point at a consistent location regardless of
device FBE support. So when booting upgraded non-FBE devices, we
may need to migrate any data from CE to DE. Note that on non-FBE
devices these are just semantic locations with identical protection.
This migration *only* works for non-FBE devices; changing
forceDeviceEncrypted flags on an FBE device always requires a full
data wipe.
Bug: 26668510
Change-Id: Ic5dfeaaf2db26c385901a638ca8ec35eb3c52859
Whitelist two more legacy intent actions, and don't enforce the
StrictMode checks when resolving intents that might be coming from
legacy apps. Newer apps would have already been yelled at directly
before getting to the resolver.
Bug: 26976516, 26977622
Change-Id: Ibf72a361ed68c52cfaac16c32ab40e79005a42e7
- Remove the LocaleList#getPrimary() API. It had become confusing
after locale negotiation was completely implemented. For example,
it could create the confusion that calling getPrimary() on the
default locale list would provide the default locale, etc.
- Use the adjusted locale list from LocaleList.getAdjustedDefault()
in Paints created with no locale list provided.
- Change LocaleList#get() to treat out of bound indexes from both
negative indexes and too large indexes the same way.
Bug: 26984092
Bug: 26193251
Bug: 26834387
Change-Id: I75f77aea6b75e38793ed8477e5e5a4420d5e6d85
ServiceInfo.FLAG_EXTERNAL_SERVICE is set when the service is
exported with the new public manifest attribute "android:externalService"
Context.BIND_EXTERNAL_SERVICE is used by clients when they
are binding such service.
Bug: 22084679
Bug: 21643067
Change-Id: Ifd708f90b47a1571cd54c5ec9fc217f0567d5ff4
Add an OTA Dexopt service. Refactor package manager service and
package dex optimizer to reuse some code. Add knowledge about
OTA flag to installer.
Bug: 25612095
Change-Id: I7dd6bb468fea44b9d3acf0ac7d7404fb02d0f30a
Javadoc updated and logging added for
min period and min flex enforcements
in JobScheduler and SyncManager.
Bug: 26874152
Change-Id: Ifdd248b776a1bd04df21b7b9f0ac96bdef0f8bb6
