Rework how the shell user is defined so that it is
associated with an actual apk, instead of being a free
roaming uid with special permissions assigned to it.
This allows us to correctly account for its operations
in app ops.
Implement a special case for the root user in app ops --
it is always allowed, always with the package name "root".
Add various code to take care of cleaning up package state
from app ops -- when packages are uninstalled, and during
boot if any packages currently being stored no longer exist.
Also fix a bug in the activity manager to correctly grant
permissions in all cases when onNewIntent() is being called.
Change-Id: Iae9f6d793ee48b93518c984ad957e46ae4582581
Restrictions saved as key/value pairs, mostly booleans right now
but might be expanded to other types later.
Save and restore restrictions in the user manager service.
Enforce some of the restrictions at the framework level. Some
are enforced (also) at the app level, such as in Settings.
Change-Id: Id11ffe129cb6a177e094edf79635727388c26f40
The file that defines default preferred apps is now more
robust. It is no longer a raw dump of the package
manager settings, but instead a more general list of a
target activity and filter. When reading it, the remaining
information (match value, set of potential matches) is
determined dynamically.
Change-Id: I0edc6e0d2ed3dd2a6e2238992f18f7fc1f51d8d4
Also add new ops for calendar and wi-fi scans, finish
implementing rejection of content provider calls, fix
issues with rejecting location calls, fix bug in the
new pm call to retrieve apps with permissions.
Change-Id: I29d9f8600bfbbf6561abf6d491907e2bbf6af417
...of Play Store is included
The issue is that the name of the play store apk on the system
image has changed, and the package manager has a bug when this
happens and it is being hidden by an updated version of the
application that is still a newer version. In this case it
doesn't do the normal scan of the system apk, but just leaves
its old disabled state. However if the code path has changed,
this will trip up other code that thinks the system apk has
disappeared (since when it checks for the existence of the apk
with the stored code path, it doesn't find anything).
The fix here is to add a special case to make sure the code
path is updated even if we are otherwise ignoring the hidden
system image package data.
Change-Id: Ic5118f94c078da7a30b53b9cadf7c9844f7ba866
The disabled state allows you to make an app disabled
except for whatever parts of the system still want to
provide access to them and automatically enable them
if the user want to use it.
Currently the input method manager service is the only
part of the system that supports this, so you can put
an IME in this state and it will generally look disabled
but still be available in the IME list and once selected
switched to the enabled state.
Change-Id: I77f01c70610d82ce9070d4aabbadec8ae2cff2a3
Take advantage of this to return better information about
packages filtered by permissions -- include the permissions
they have in the requested array.
Also fix issue #8026793 (Contact picture shows default pic
while searching for a contact in qsb) by using the base
package name of the Context when reporting the app name
of an operation. Otherwise you could make a resource-only
context for another application and do calls through that
and get reported as the wrong app.
Change-Id: I5e0488bf773acea5a3d22f245641828e1a106fb8
Pass targetSdkVersion to installd so it knows the appropriate
permissions to apply to the app's home directory.
Bug: 7208882
Change-Id: Ia62ed36b32ee5af01077fb10a586024411be8ed4
After DownloadManager has downloaded an application to cache to install
during low memory condition, we try to free cache to fit the new
application. The free cache function deletes older files first, but it
will also delete the downloaded application (since it's in cache) as a
last resort since installd has no context about it.
This just changes the error code returned in this case so that we'll
give something more meaningful to the user. A later fix should actually
make this more sane. For instance: know which file to avoid deleting,
not even trying to delete anything if it won't arrive at the desired
free space.
Bug: 7684538
Change-Id: Ide77320fc51a4f692ef8042cb0eafe17b5cd279d
This does some cleanup of the initial boot, especially when
booting in "no core apps" mode for encryption/decryption.
Change-Id: Ifb3949f580e52f54559e603c4b0b104f6bac2f6c
Also fix a little problem where the USER_STARTED broadcasts
were not being sent as ordered broadcasts(!).
Change-Id: I3aa3e0a9b3900967cdd2d115ee103371b0a50c41
System apps were getting the wrong path because app-lib directory was
defined after the scanning of packages.
Bug: 7425516
Change-Id: I7a7a6b2a74f846c84516440ee950099bdc564d0b
It appears that changing an application's signature during boot can pass
an outInfo of null to this function.
Bug: 7402550
Change-Id: I839fea6c8ee728a352c6b906f0fa6671c85f8694
During package scan, only the primary user data directories were
checked. If the secondary user didn't have an application directory, it
would happily ignore it. The app would then crash upon startup.
Bug: 7391882
Change-Id: I1fa92aa27386104d4ac6bc5dc92bfbf2e7dfac9f
Make USER_REMOVED an ordered broadcast and send it before the user's
state is completely removed from the system. This gives services the
opportunity to clean up their state, while still having access to the
user's directory and UserInfo object (such as serial number).
Tell SyncManager to skip over dying/partially created users.
Improve UserManager tests, waiting for users to be removed fully.
Bug: 7382252
Change-Id: I93cfb39c9efe6f15087bf83c569a2d154ef27168
Try to get installd to free up cache before giving up when there is too
little space free.
Bug: 7232123
Change-Id: Ie3c8ca8dfc190abbb9a29a7baee31f32e9de7d69
Amazingly, some apps still don't use the nativeLibraryPath. So add a lib
symlink for non-primary users to fix that.
Also, there was an error when the symlink existed that it would give up.
This shouldn't really happen, but in that case, just remove it and
create a new one to be safe.
Also, move the downgrade code to the appropriate place. This downgrade
case triggered the above symlink existing bug.
Bug: 7318366
Bug: 7371571
Change-Id: Ia175b36d98f00bdc2f2433b909aafd524eb34d15
Return ApplicationInfo with requested userId instead of trying to
infer it from calling UID.
Bug: 7334712
Change-Id: I9ce0061e2d020b0d74c7c9cd22d89c5ff2466a6c
ADB installs appear as UserHandle.USER_ALL, and can only be performed by
UserHandle.USER_OWNER, so use the package verifier for UserHandle.USER_OWNER.
This returns a valid userId to call PackageManagerService.getPackageUid.
Bug: 7293091
Change-Id: I7a5497cfe5fa2e7aa804345cf9f507ec26a0db21
A couple problems:
- We need to clear app preferences later, now that we have encrypted apps.
- The multi-user implementation of this would allow different preferred
apps from different users to potentially interefere with each other.
They are not completely separate data structures.
Change-Id: Id4f1ebb6414fdf30ff1049adaa1efe83dabac01a
With this fix, when all users cancel installing an app they were warned about,
then the "Installing..." screen disappears, as desired.
Bug: 7255231
Change-Id: I2475fa790a5d09abbf94411c696682502fb1e8df
Includes telephony, WindowManager, PackageManager, and debugging
settings. Update API to point towards moved values.
Bug: 7231764, 7231252, 7231156
Change-Id: I5828747205708872f19f83a5bc821ed0a801cb79
Migrate networking, storage, battery, DropBox, and PackageManager
related Secure settings to Global table.
Bug: 7232014, 7231331, 7231198
Change-Id: I772c2a9586a2f708c9db95622477f235064b8f4d
Fixed one setting that was migrated but not marked deprecated.
Removed a hidden setting that is no longer used by the new
power manager service.
Bug: 7231172
Change-Id: I332f020f876a18d519a1a20598a172f1c98036f7
When PackageManagerService deals with external storage, always bind
to DefaultContainerService as USER_OWNER. This avoids binding to a
stopped user, which would fail.
Bug: 7203111
Change-Id: I8e303c7558e8b5cbe4fea0acc9a472b598df0caa
Issue #7209355: Intent on the secondary user results in an intent picker
in the Primary user.
Issue #7214271: Crash in system UI
Also fix a bug where I recently broke the removeTask() operation in the
activity manager where it would remove the wrong task.
Change-Id: I448c73a0e83a78d9d8d96b4629658c169888d275
Since SettingsProvider can call back into PMS, query the default
enforcement state before acquiring mPackages lock.
Bug: 7182437
Change-Id: Ie218aedfc7a943e5b221814af3e0356c7199b0e4
Create a setting "verifier_verify_adb_installs" to allow developers to control
package verification on ADB installs only. If package verification is enabled,
the setting will:
0, Do not perform package verification on apps installed through ADB/ADT/USB
and perform package verification on all other installs.
1, Use package verification on all installs. (Default)
Bug: 7183252
Change-Id: I9d3eb8abb5ba5e93f8634d3135794e92ff6273b6
Keep track of user creation and last logged-in time.
adb shell dumpsys users
User switcher shouldn't show users about to be removed.
No need to check for singleton for activities.
Bug: 7194894
Change-Id: Ic9a59ea5bd544920479e191d1a1e8a77f8b6ddcf
New APIs let you indicate what user(s) to monitor, and tell you
what user is changing when receiving a callback.
Fix package manager to only deliver package brpadcasts to the
running users. (This isn't really a change in behavior, since
the activity manager would not deliver to stopped users anyway).
Make sure all broadcasts that package monitor receives also include
user information for it to use.
Update wallpaper service to (hopefully) now Really Correctly
monitor package changes per user.
Change-Id: Idd952dd274abcaeab452277d9160d1ae62919aa0
