Removing entries from a Bundle may change its has-FDs state, so now
induce a recheck after removals. In support of that, make the
recheck set the known state in all cases, not just in the has-FDs
case; and note that filterValues() inherently produces a result that
is known to have no FDs.
Bug 26676151
Change-Id: Ida07b77ad2046aeafb98e0b164cd571ce45d064f
Remove some Context methods that leaked through. Add lint rule to
recommend using List<? extends Parcelable> instead of Parcelable[].
Bug: 27932224, 27930145, 27932911
Change-Id: Ia302de46cdb0c5101fa175a09316df91aeefcf0d
Use Slog.wtf instead of Log.wtf, so that it is
asynchronously reported.
Mark incoming application restrictions as defusable
since they are being unparceled.
Bug: 27811728
Change-Id: I166de69a74417e439ec5ef9159fbbfbfe711dde6
- Only allow entire directory access on non-primary volumes.
- Do not display primary storage label on scoped access.
BUG: 27743842
BUG: 27676858
Change-Id: I9884fb1e2df3534fceebc5d5bef44adfb758724c
The purpose of the new StorageVolume API is to grant access to
volumes that aren't typically "visible" to a developer, so include
them in the returned results.
Also return the real mounted state instead of augmenting based on
the caller's storage permissions. Clean up API naming slightly and
return as List.
Bug: 27615770
Change-Id: Ida921a4b91e5af81e418e76f672d9108f45a9781
Now that CE data isn't available until after a user is unlocked, we
need to delay the PRE_BOOT_COMPLETED broadcasts. This is done by
adding a new RUNNING_UNLOCKING user state to the UserController
lifecycle.
We now track the last fingerprint a user was logged in under, and we
dispatch PRE_BOOT receivers when that fingerprint changes. To work
around battery pull issues, we only persist the updated fingerprint
once all PRE_BOOT receivers have finished. This is less granular
than the original solution, but it's still correct. We only consider
a user as "logged in" once it transitions into the RUNNING_UNLOCKED
state.
When starting a process, track if the user was "unlocked" when
started, so that we only spin up unaware providers in processes
started before user unlock.
Add generic IProgressListener to communicate PRE_BOOT progress and
strings up to lock screen. For now, LockSettingsService just blocks
until finished, but it could display these strings in the future.
Bug: 27220885
Change-Id: I349439776b885acd32f6a578d8951ffd95640be2
Netd provides 2 bandwidth control rules to restrict which uids can use
metered networks:
- bw_penalty_box is a blacklist-based firewall chain used to determine
which uids do not have access to metered interfaces.
- bw_happy_box is whitelist-based firewall chain used to determine which
uids have access to metered interfaces.
Currently, both NetworkManagerService (NMS) and
NetworkPolicyManagerService (NPMS) uses just the bw_penalty_box rule,
which makes turning Data Saver mode on / off too slow (since NPMS needs
to build the bw_penalty_box on demand); this CL adds support for both
rules on NMS, although NPMS doesn't take advantage of it yet (it will be
refactored in a separate CL).
BUG: 27127112
BUG: 26685616
Change-Id: Ib954574f7c86269fc9b4cf8ce4ba72ba5878c23d
It calls update engine to reset an already applied payload.
Also change all the RemoteExceptions in UpdateEngine class to be
rethrown as RuntimeExceptions according to API guidelines [FW9].
Bug: 27123767
Change-Id: I936331019cdb00f4f225f5605e51cc94bb491e24
The previous default location of "/sdcard" became painful to use
starting in M, because it required a runtime permission. So now we
default to storing trace files in app-specific directories on shared
storage, which apps always have write access to with no additional
permissions.
Update docs to be consistent between all overloads.
Bug: 22807654
Change-Id: If4feca7c8778dfdf4ccce8cfb68418dc416260b5
There are some scenarios where an app needs access to the whole SD Card,
not subdirectories. For example, user might have a SDCard with
directories like vacation_pictures (instead of Pictures/vacation);
another example is a file management app.
BUG: 27676858
Change-Id: I20ef713de7e4dfa7e2d7d07bab11898af186d673
Add a (configurable) delay between when we start a maintenance
window until the minimum time we will end it.
Also switch to using the alarm manager callback API. (Yay!)
Also fix a little printing problem in the alarm manager dump
so we put the package name and not some class hash in the
summary string of an alarm entry.
Change-Id: I4281e5c80bc8b26ebc1fb6f603ec33ec0e379daa
Also hide a few APIs as requested by council. Add a method to
easily determine if a given File would already be encrypted at rest
by the OS.
Bug: 27531029
Change-Id: Icad5f1cd56411ad3ac707db85fd7449acdcc4b94
Mostly consists of removing the word "encryption" from most APIs,
since we can't actually make promises about the data being encrypted.
Bug: 27531029
Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
If we have an existing file in the destination directory, which has the
same name with the source file, adding suffix number is
DocumentsProvider's responsibility.
Because MTP does not provide a way to check existance of files with
given name, the logic is implemented as try-and error strategy. The CL
lets If we MtpDocumentsProvider assume we have a file that shares the
same name with the source file if it failed to invoke
MtpDevice#sendObjectInfo. In this case MtpDocumentsProvider retry to
invoke sendObjectInfo with new name with suffix number.
BUG=26991190
Change-Id: I223ac5031f079bc91eb27709b0356f621a1ed55b
It's easy for apps to throw custom Parcelables into Bundles, but
if the system tries peeking inside one of these Bundles, it triggers
a BadParcelableException. If that Bundle was passed away from the
Binder thread that delivered it into the system, we end up with a
nasty runtime restart.
This change mitigates this trouble by "defusing" any Bundles parsed by
the system server. That is, if it encounters BadParcelableException
while unpacking a Bundle, it logs and delivers an empty Bundle as
the result.
Simultaneously, to help catch the system process sticking its
fingers into Bundles that are destined for other processes, a Bundle
now tracks if it's "defusable." For example, any Intents delivered
through ActivityThread are marked as being defusable, since they've
arrived at their final destination. Any other Bundles are considered
to be "in transit" and we log if the system tries unparceling them.
Merges several Parcel boolean fields into a flags int. Add better
docs to several classes.
Bug: 27581063
Change-Id: I28cf3e7439503b5dc9a429bafae5eb48f21f0d93
1. Instead of getting application info in runtime, just retrieve the
one in the context to avoid cross user operation.
2. Functions in PackageManager that retrieve badged icon now return
badged icon if the targer user is managed profile instead of checking
whether target user is a managed profile of the user in mContext.
3. Relax the restriction of getUserInfo, if the caller is asking a user
in the same profile group or having the manage user permission, we let
it go.
Bug: 26469166
Change-Id: Ia1ffc5743f7d94bd489cdb7571eaed51499ebdd9
We added a third parameter to RecoverySystem.installPackage() to let the
caller to indicate the package has been processed (uncrypt'd). We need
to ensure the caller's claim is true by checking the existence of the
block map. Otherwise the device will fail for sure when booting into
recovery.
Bug: 27620932
Change-Id: I6325455253480055f14eb0cf020689ac37328602
Often during development I get runtime exceptions from system
server but I only see client side stacktrace on logcat, which is
pretty much inconvenient.
Change-Id: I9c60fd92f6008d2c3a7eaf848b89ce3f1dffbe8a
