Add documentation that the IntervalStats object passed into the read
methods in UsageStatsDatabase should ideally be used only as a temporary
reading object unless the caller specifically has other use-cases. Also
updated all the internal calls to match this behavior.
Bug: n/a
Test: atest UsageStatsDatabaseTest
Change-Id: Id3aa2575fa29bf5adc6a52ee8e75690aecf50b8e
Ensure all types of exceptions are caught and logged/handled within
UsageStats.
Also update how read failures for pending events files are handled -
since the entire System DE directory is deleted on a successful user
unlock, read all the pending events that you can and skip over
potentially corrupted files.
Bug: 145574371
Test: atest UsageStatsDatabaseTest
Test: atest android.app.usage.cts.UsageStatsTest
Change-Id: I2e22fb01f9b97961b2160aeebaf7791d6673f8b9
We want to eventually migrate some of these APIs to be @SystemApi for mainline modules.
The #dumpDebug name is more appropriate than #writeToProto.
Bug: 142279786
Test: Manual
Change-Id: I60793e91cedf6b720d4ecef6a8484f4fed4ff30f
Add a per-user job to prune any usage stats data which belongs to a
recently removed package. This job will be scheduled when a package is
removed and it will be executed when the device is considered to be
idle. The jobs are persisted by job scheduler and they are also removed
when a user is removed since all usage stats data is deleted on user
removal.
When executed, the job reads all of the stats on disk and removes those
that belong to removed packages (packages which don't have a token
mapping). If no data is ommitted on read, a write is not performed. If
the user is in a locked state when the job is executed, the job will
keep getting rescheduled until a sucessful pruning of the data.
Additionally, add logic to prune any obsolete usage stats data on a
database upgrade, pruning all data belonging to packages which have
been uninstalled. This ensures that all data in UsageStats in R belongs
to packages that are currently installed or to packages whose
DONT_DELETE_DATA flag was set when uninstalling.
Also remove the clean-up mappings step on boot. That was added as a
safety measure to ensure the mappings file is always updated. However,
with the logic to prune on upgrade and on package uninstalls, that step
is now unnecessary.
This CL also refactors how the UserUsageStatsService is fetched and
initialized within UsageStatsService. This is to ensure there is no lock
contention when the user service is initialized and it also makes way
for other refactorings in the future related to the user service
initialization.
Bug: 143889121
Test: atest UsageStatsDatabaseTest
Test: atest android.app.usage.cts.UsageStatsTest
Change-Id: If475fc018a930d0956b85a64b4e34e2c75b2476f
UsageStatsDatabase#init was being called twice every time - once when
the usage stats service was initialized and once when the user was
unlocked. However, this was unnecessary and doing duplicate work since
on user unlock, when the service is initialized, the database is also
initialized.
Bug: n/a
Test: atest UsageStatsTest
Change-Id: Ic74ba3ff8a0b68c97340ffe25b19065e1a046731
UsageStatsProtoV2 was not correctly assigning the begin and end
timestamps when reading data from disk. Correctly update the timestamps
when all data has been read from disk.
Bug: 143558600
Bug: 143472799
Test: atest android.app.usage.cts.UsageStatsTest#testPackageUsageStatsIntervals
Test: atest UsageStatsRestoreHostSideTest
Change-Id: Ib436e661744ea82429ee3fb679a16a6e26697050
Add new attribute capability to ProcessRecord, it represents what this
process is allowed to do. Capability is a separate dimension for
process state (ProcState).
In OomAdjuster.java, capabilities can be passed from client to service.
Add PROCESS_CAPABILITY_FOREGROUND_LOCATION to represent the capability
that can access location while-in-use.
For permission such as foreground location access, AppOpsService
checks for FOREGROUND_LOCATION capability, also checks if the process
is in one of the foreground process states, if both conditions meet,
the locaton operation is allowed.
Remove PROCESS_STATE_FOREGROUND_SERVICE_LOCATION.
Bug: 136274596
Test: atest CtsAppTestCases:ActivityManagerProcessStateTest
atest CtsAppTestCases:ActivityManagerApi29Test
atest frameworks/base/services/tests/mockingservicestests/src/com/android/server/appop/AppOpsServiceTest.java
Change-Id: Ie1c8e670fb0789208b753eb49b7e2fce6a2f211f
All tests under the packages android.app.usage and
com.android.server.usage (except StorageStatsServiceTest) will now run
in presubmit.
Also added UsageStatsTest CTS to postsubmit.
Bug: 143221092
Test: services/usage/java/com/android/server/usage/ atest
Change-Id: Ibac2b7d5a4f47f354e9190ff6df3aa16002f92f9
UsageStatsManagerInternal is also no longer an API surface for
registration of app idle state change listeners. AppStandbyInternal has
become a proper LocalService and interested clients can just use that
directly.
Bug: 140833849
Test: boot & run normally
Test: verify system package backup
Change-Id: Ie63f438f129cd8f41169778a3045d131ca7322fb
Fix the bug that during android P to Q upgrade, DEVICE_SHUTDOWN
event mistakenly gets a newer timestamp than DEVICE_STARTUP event.
Bug: 139656029
Test: flash the device with android P, then upgrade to android Q,
then "adb shell dumpsys usagestats", observe DEVICE_SHUTDOWN
is before DEVICE_STARTUP.
Change-Id: I5429fe7648529be8379270adefd26bd98a31357c
Since UsageStatsProto is not being used anymore other than for
backup/restore, there is no string cache (string pool) maintained in
memory. Because of this, there are a bunch of warnings being logged
every time usage stats data is backed up. Remove these logs since they
are simply noise now.
Bug: 143184490
Test: atest UsageStatsDatabase (no warnings seen during backup test)
Change-Id: Ibb0a053e51124087f44231f5fddf3d41f7e345d2
UsageStats has moved away from XML and is now using protos. This removes
dead XML write functions which should ideally never be triggered. A
warning will be logged when reading XML data and a WTF when some
codepath attempts to write data in XML.
Certain tests are now marked as ignored since the XML write functions are
removed. It was decided to not move those functions into the test context
since the read/write code is so intertwined within the database logic.
Bug: 143187610
Test: atest UsageStatsDatabaseTest
Change-Id: If622b646e0edfe389e49aec9b51accdb9fbf1f45
* changes:
Do not retain UsageStats for uninstalled packages.
Catch exceptions in UsageStatsService on bad data.
Obfuscate usage stats data stored on disk.
When packages are removed, remove their associated token mappings in the
packages token data stored in UsageStats. When data is being persisted
to disk, the data for removed packages will not be written to disk.
Additionally, when any of the query APIs are called, data that is read
from disk for which a mapping does not exist will not be returned.
The data deletion uses a lazy techinque to avoid heavy costs of reading
and writing all of the usage stats data on every package removal.
Bug: 135484470
Test: atest IntervalStatsTests
Test: atest UsageStatsDatabaseTest
Change-Id: Ie32d65b47f86071c6a814a8b21e4be060519e598
The periodic parole window is the 10 minute window that occurs every
24 hours to let RARE apps run. Now that we have the quota system in
place, there's no need to have the periodic parole window. Alarms and
jobs will still be allowed to run when charging. Network will continue
to be restricted for RARE apps even when charging. JobScheduler requests
an exception for RARE jobs in quota, so they will still be able to run.
Bug: 136184981
Test: atest AppStandbyControllerTests
Test: atest CtsAlarmManagerTestCases
Test: atest NetworkPolicyManagerServiceTest
Test: atest com.android.cts.net.HostsideRestrictBackgroundNetworkTests
Test: atest com.android.server.AlarmManagerServiceTest
Test: atest com.android.server.AppStateTrackerTest
Test: atest com.android.server.job.controllers.QuotaControllerTest
Test: atest com.android.server.net.ConnOnActivityStartTest
Change-Id: Ide382ad7fb9c7441f0a5232833ad39bf8c3a1e94
Instead of throwing exceptions from UsageStatsService and potentially
crashing the system server, catch exception on reading/writing bad data
and log the exception.
Also ensure proper handling of deobfuscating bad data.
Bug: 140459061
Bug: 135484470
Test: atest IntervalStatsTests
Test: atest UsageStatsDatabaseTest
Change-Id: I17d6ad5e377a2636ff42c9b422fe6ddf1201fc08
All of the usage stats data stored on disk will now be obfuscated. There
will be a package to tokens mappings file stored on disk which has a
hierarchy of mappings for each string in each package's usage stats
data. A UsageStatsProtoV2 was added to keep the logic clean and separate
from the original usage stats proto parser.
Initial observations show a memory gain of over 60% w.r.t. the usage
stats data size on disk. There is also no performance hit because of this
change - in fact, even with the obfuscation overhead, reads are now over
65% faster and writes are up to 50% faster.
Bug: 135484470
Test: atest UsageStatsTest
Test: atest UsageStatsDatabaseTest
Test: atest UsageStatsDatabasePerfTest
Change-Id: I55ce729033d8b6e4051271802d57c72684053c32
Allow the active supervision component to access app usage limit APIs.
This includes #registerAppUsageLimitObserver
and #unregisterAppUsageLimitObserver.
Bug: 138681869
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest#testIsActiveSupervisor
Test: atest AppTimeLimitControllerTests
Test: atest android.app.usage.cts.UsageStatsTest
Change-Id: I3daafc14ccdbf27558c1325b965f2bc6d2dab2f6
Due to the recent migration to CE, some async calls were being triggered
after the user was removed. Most places were already handled by a
previous CL - this is just another minor fix.
Bug: 141979865
Test: builds and flashes
Change-Id: I059180cb99d04ac266b3e4745f141c285e189314
With the migration of usage stats data to CE, it's possible for a user
unlock event to be handled after the user has been removed. To prevent
exceptions from being thrown when the user is stopped or removed, when
an exception is thrown, check if the user is unlocked, only then throw
the exception.
Bug: 141307758
Test: atest CtsDevicePolicyManagerTestCases
Change-Id: I70fdb56dd6e87dc911c400554a4b5760785b87a4
The time change event was happening for every user even if they were not
unlocked, causing UsageStatsService to crash. Since the data is now
located in CE, the #checkAndGetTimeLocked function has been moved to
UserUsageStatsService, tying time change events to each user instead of
UsageStatsService. This gives the guarantee that no usage stats data
will be accessed or modified if the user service is not existent while
keeping the same behavior as earlier.
References to #checkAndGetTimeLocked in UsageStatsService have been
updated to call System.currentTimeMillis() directly.
Bug: 140529704
Test: atest UsageStatsTest
Test: atest UsageStatsDatabaseTest
Change-Id: I746790f3918b927ac8ac76ee860c94cac603e5da
Move all of the usage stats data from the regular system storage to
the system CE (credential encrypted) storage.
All events being reported while the user is locked will be stored
in memory and will be processed via the handler after the user is
unlocked. All of these events reported will regularly be persisted to
system DE storage to ensure important events are not lost.
Any query requests will be ignored while the user is locked.
Two new usage events have been added: one to indicate the user has been
unlocked and the other to indicate the user has been stopped.
Also updated documentation for APIs in UsageStatsManager to reflect the
new behavior in R when the user is locked.
Bug: 135484470
Test: atest android.app.usage.UsageStatsTest#testDataIsInCe
Test: atest android.app.usage.cts.UsageStatsTest#testUserUnlockedEventExists
Test: atest android.app.usage.cts.UsageStatsTest
Test: atest UsageStatsDatabaseTest
Change-Id: I18da1a9354b6686472972c5f2304e4c19e28307f
ProtoInputStream.isNextField() skips over the current field to read the
next tag. This side effect means that calling isNextField prevents the
caller from reading the field it was just on. The "is" prefix makes it
easy to assume that the method has no side effects. Renaming to
nextField(long) with a parameter should help make it clear that the call
is as dangerous as calling nextField().
Fixes: 137294060
Test: atest android.app.usage.UsageStatsTest
Test: atest android.app.usage.cts.UsageStatsTest
Test: atest com.android.server.usage.UsageStatsDatabaseTest
Test: atest ProtoInputStreamTests
Change-Id: Ibfb8ef741f27a211f076dc0b715b64acbfc0696a
Similar to how we target DE and CE storage areas, callers need to
specifically ask to work with EXTERNAL storage. This is because
external storage often lives on a separate device from where internal
DE and CE data lives.
As one specific example, if we're moving an app between two
"internal" storage devices, we don't want to clean up the data
for that package on external storage, since it's not being moved.
This change also expands to all mounted external storage devices,
not just the storage backed by the incoming UUID.
Bug: 113277754
Test: atest android.appsecurity.cts.StorageHostTest
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Test: atest --test-mapping frameworks/base/services/core/java/com/android/server/pm/
Change-Id: Ie125303726dd757ee45bd373f53addb35569c2f7
1. checkCarrierPrivilegesForPackages by subId
2. getPackagesWithCarrierPrivileges by subId
3. new hidden API getPackagesWithCarrierPrivilegesForAllPhones which
returns packages for all subs.
Bug: 132078279
Test: Manual
Change-Id: Ic666218f0c290d1b428530982b689af110f74c69
'dumpsys usagestats file [user] [interval] [filename]' added.
When all options are specified, this command dumps all usage stats
information stored in the specified filename.
If the filename is not specified, information of all files for the
specified interval is dumped.
If the interval is not specified, information of all files in all of the
intervals for the specified user is dumped.
If the user is not specified, information for all users is dumped.
Also added 'dumpsys usagestats database-info [user]'. This simply
connects the existing dump in UsageStatsDatabase.
If the user is not specified, information for all users is dumped.
Bug: 131923219
Test: various combinations of the dumpsys command added
Change-Id: Id2c2b20e07f9ab0e1a577e45fba199d565532b7b
If an app is in the NEVER standby bucket, a foreground service start
will bring the app up to the ACTIVE bucket for 30 min (by default).
Foreground service starts in other circumstances will not affect the
standby bucket
Bug: 111578623
Test: atest AppStandbyControllerTests#testInitialForegroundServiceTimeout
Change-Id: Ia9d5fd7a04d2378a5525457d465da7ed463fe8fc
