This change is to prevent misuse of window context from app
and leads to performance drop on system by limit the numer of window
context an app can use. Code snippet below is a sample to cause
this issue:
```
Rect getBounds() {
Context windowContext = context.createWindowContext(...);
return windowContext.getSystemService(WindowManager.class)
.getCuttentWindowMetrics().getBounds()
}
```
This method could be invoked dozens of times and produce dozens of window
tokens. It would slow down the speed of window traversalling. These
token won't be removed until system server has been GC'd.
Test: atest WindowContextTests WindowContextPolicyTests
fixes: 152934797
Bug: 153369119
Change-Id: I927e85a45c05c4d90b51a624ea408ff3a3ffce93
An earlier CL with benchmarks has shown that sending strings as UTF-8
is 50% faster for US-ASCII strings, and still 68% faster for complex
strings referencing higher Unicode planes. (So an improvement in
both cases!)
Since code across the OS still makes heavy assumptions about Parcel
strings typically being UTF-16, we need to carefully migrate
Parcelables by hand, which is what this CLs begins doing.
This is a purely mechanical refactoring with no functional changes.
Bug: 154436100
Test: manual
Exempt-From-Owner-Approval: trivial refactoring
Change-Id: Ia9e581efd7c40269342b7528ca07363deb843c0f
Recently while investigating some Binder limits, I discovered that
we're still sending Strings across Binder as UTF-16, which is very
wasteful for two reasons:
1. The majority of data flowing through APIs like PackageManager is
already limited to US-ASCII, and by sending UTF-16 we're wasting
half of our transactions on null-byte overhead.
2. Internally ART is already "compressing" simple strings by storing
them as US-ASCII instead of UTF-16, meaning every time we want to
write a simple string to Binder, we're forced to first inflate it
to UTF-16.
This change first updates Parcel.cpp to accept char* UTF-8 strings,
similar to how it accepts char16_t* for UTF-16. It then offers
both UTF-8 and UTF-16 variants to Parcel.java via JNI. We also
update the String8 handling to behave identical to String16.
This change adds benchmarking to show that these new methods are
about 50% faster for US-ASCII strings, and about 68% faster for
complex strings that reference higher Unicode planes. (So an
improvement in both cases!)
Bug: 154436100
Test: atest FrameworksCoreTests:ParcelTest
Test: make core-libart conscrypt okhttp bouncycastle vogar caliper && vogar --mode app_process --benchmark frameworks/base/core/tests/benchmarks/src/android/os/ParcelStringBenchmark.java
Change-Id: I22a11d3497486d922ec8e14c85df66ca096b8f2a
As-is: Only one requiredSystemProperty is allowed
To-be: It supports several requiredSystemProperty
Here is format for multiple fields.
android:requiredSystemPropertyName="rw.num,rw.char"
android:requiredSystemPropertyValue="1,a"
Test: m
Test: Make two overlay with different condition
Check if it works properly depending on condition
If there is no overlay package matching the condition, both aren't
applied
Bug: 137628879
Merged-In: I4c8c4a1304dc52d6568767d90e3dcbf6acef024a
(cherry picked from commit 5e6a87013f)
Change-Id: If3765218c96f8922c155e18e99b0f4bb6a032ff1
Below are some test runs that show 100 iterations of getInstalledPackages ran
at activity startup of touchlatency app to demonstrate the perf cost.
R Baseline:
https://screenshot.googleplex.com/PnVi5APraJohttps://pprof.corp.google.com/?id=dc105ca9592f8367c381e2dcf7f1847d
R Optimized:
https://pprof.corp.google.com/?id=2d1d9fadc20bcc61d41bd52116bd94e3https://screenshot.googleplex.com/OAwJnvwPqPH
Savings: 8% of system_server binder response time when the call is executed.
In terms total binder transaction time. Savings are 2% of the total
binder call time.
Exempt-From-Owner-Approval: CP to correct branch for R
Bug: 153656459
Test: atest FrameworksServicesTests:PackageParserTest
Test: atest FrameworksServicesTests:PackageParserLegacyCoreTest
Test: atest FrameworksServicesTests:ScanTests
Test: atest FrameworksServicesTests:ParallelPackageParserTest
Merged-In: I2de9cf1f754a505239d4416e1fc70bf77932c5db
Change-Id: I2de9cf1f754a505239d4416e1fc70bf77932c5db
(cherry picked from commit 7cb9e5f671)
For incremental installations only, we skip the verification
request broadcast and instead always send a verified broadcast
with the root hash.
Bug: 151240337
Test: Manual. Install APK normally and see the verifier request broadcast is sent
Test: Manual. Install APK incrementally and see verifier request broadcast is not sent, and verified broadcast is sent with root hash
Change-Id: I2599472818b63ea172d2d412741e5540c8a52176
The <extension-sdk> manifest tag was added in ag/1004614 to
allow apps to specify the minimum versions they need of
extension SDKs.
This adds the min extension versions to ParsingPackage.
This will be needed to allow us to perform checks that rollbacks do
not violate the min extension versions of installed apps (see
go/sdk-extensions-and-rollback).
Bug: 152737927
Test: atest PackageParserLegacyCoreTest#testUsesSdk
Change-Id: I2e080e46aaea6de489766dac0d323d7d2c7302ca
This exposes errors directly, which mirrors what PackageParser
used to do. Just a leftover TODO from the refactor.
Bug: 153472626
Test: manual install broken APK and check the error is logged
Change-Id: I06804ad7396196e28ce2177a671d4eef3958e1d6
If an application targets R+, prevent the application from being
installed if the app has a compressed resources.arsc or if the
resources.arsc is not aligned on a 4-byte boundary. Resources tables
that cannot be memory mapped have to be read into a buffer in RAM
and exert unnecessary memory pressure on the system.
Bug: 132742131
Test: manual (adding CTS tests)
Change-Id: Ieef764c87643863de24531fac12cc520fe6d90d0
We've heard reports that some ContentProviders are sensitive to their
notifications being delayed, so this change adds a NOTIFY_NO_DELAY
flag that they can use to bypass any background delays.
Bug: 149370968
Test: none
Change-Id: I0465c8dee92cd5708c04035bc0396ce2d1083f67
This change ensures that only the system (appId < 10000) may see apps
with receivers of protected broadcasts.
Test: atest AppsFilterTest
Fixes: 142386375
Change-Id: Ia421d2aa22d37eafbb6c1cd217ab2cb1626480b0
Add a whitelist check to limit staged installers beside system and a pm
shell command to bypass the next staged installer check.
Bug: 148664742
Test: atest StagedInstallerTest StagedRollbackTest
Change-Id: Ie9297ad8c1b74c2e63a08c71f2279658661f9a32
Now it's unified with callback FS connector - we are passing the
callback pointer directly to dataloader. This restricts access only
to methods we want and only by someone we want.
Bug: b/153468113
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest
Change-Id: Ib557ebbe7c6c5ce92140eb20534a3626b3ac96d3
Most apps that declare the INTERACT_ACROSS_PROFILES permission do
not have it granted, but get the app-op instead. We do not
normally want platform-signed apps that are actually given the
permission to appear in the user-configurable section in Settings,
so we remove them from the return value of
canUserAttemptToConfigureInteractAcrossProfiles in this CL.
Note that OEM can choose to allow some platform-signed apps to be
user-configurable by including them in their OEM whitelist file.
This CL respects that and allows these apps to be configured by the user,
despite being granted the permission. If the user rejects the app-op,
PermissionChecker correctly returns false.
Bug: 149742043
Test: atest CrossProfileAppsServiceImplRoboTest
Change-Id: I693338507eec9cdc0ba10a3584e994a58d2d113c
There are prebuilts in the tree and perhaps APKs in general
which don't conform to the manifest checks added in R, so the code
that parses the APK to verify v1 vs v2 needs to actually query
PlatformCompat to do the proper targetSdkVersion check and allow
the APK through if it's not updated yet.
A related change to default enabled inside ParsingPackageImpl to
true was also made, as if any malformed APK was allowed through
without an <application> tag, it would never hit the code
where enabled gets assigned to default true.
Any further errors spit out by this test are critical and need to
updated so that their APKs can be installed on R.
Bug: 153058196
Test: manual verify error behavior with broken APK
Test: atest com.android.server.pm.parsing
Change-Id: I2b117f2098d8bd62b92921178a098e838b55b06d
direcly through aidl.
As part of the effort to simplify the implementation of
LauncherAppsService, We create ShortcutQueryWrapper, a parcelable
object that wraps ShortcutQuery and pass it to LauncherAppsService
directly.
Bug: 148104408
Test: atest ShortcutQueryTest
Merged-In: I2e2ccaf38ef6bd558b4b02e647a7e263c7e612a9
Change-Id: I2e2ccaf38ef6bd558b4b02e647a7e263c7e612a9
(cherry picked from commit d043004cee)
* changes:
Add mPackageParserCallback assignment in TestParams constructor
Revert "Revert "Allow overriding the label and icon of a MainCom..."
Revert^2 "Add test constructor to PackageManagerService"
Package parser throws an exception while it's in the onlyCoreApp
state and parsing an non-core app. Catching the parser exception
during scanning apex packages, if the apex is without coreApp
attribute and device is in minimal boot state.
Also, updates package parser to V2 for the staging manager.
Bug: 151296698
Test: atest ApexManagerTest
Test: atest StagedInstallTest
Change-Id: I098e08d4064812465a29086c3fde1a55348bcae5
This changes removes FrameworkResourceLoaderTest from frameworks/base
before it is moved to CTS.
Bug: 152979463
Test: atest CtsResourcesLoaderTest
Change-Id: I4b899564ab93472cb6d2a5ed0917026753c2827f
Revert submission 10921255-revert-10403399-pkg-override-label-icon-DCRMJNYAKW
Reason for revert: Re-submit broken change with included fix.
Reverted Changes:
Ic5c719cbb:Revert "Allow overriding the label and icon of a M...
Id9d37e661:Revert "Add test constructor to PackageManagerServ...
Bug: 113638339
Change-Id: I4f5247f528f62c175bd34f0e4cb16c9456c8afe4
Revert submission 10403399-pkg-override-label-icon
Reason for revert: Droidcop: Potential culprit for Bug 152987173 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
I4b20ec294:Add test constructor to PackageManagerService
Id48eda556:Allow overriding the label and icon of a MainCompo...
Change-Id: Ic5c719cbbd904f8cc1c5c6a6d826c7b807f03e39
Two package parsing issues have been promoted to failures in R:
a missing <application>/<instrumentation> tag, and an empty
"android:name" attribute. The latter due to a bug in the parsing
code.
These need to be gated by targetSdkVersion so that APKs built for
previous versions can still scan/install properly. This change
introduces support for this through a framework that leverages
@ChangeId to introduce individually toggle-able errors, in
case a developer needs to install an app that isn't completely
migrated for a new SDK version yet.
The ignoreError method was removed from ParseResult as the errors
it was used for were manually compared to PackageParser and it's
likely they can be hard errors without breaking anything.
This also adds tests for general ParseInput/Result behavior.
Exempt-From-Owner-Approval: AppIntegrity already approved in older PS.
Bug: 150776642
Test: atest android.content.pm.parsing.result.ParseInputAndResultTest
Test: atest com.android.server.pm.parsing.PackageParsingDeferErrorTest
Test: atest com.android.server.integrity.AppIntegrityManagerServiceImplTest
Test: atest com.android.server.pm.parsing
Change-Id: Id53a2e65f6e5e4dee9a41cc77007275b3a220ac3
