Allows an activity to always be focusable regardless of if it is in a
stack whose activities are normally not focusable. For example, activities
in pinned stack aren't focusable. This flag allows them to be focusable.
Also, changed ActivityInfo.#{resizeable, supportsPip} to use flags.
Bug: 26273032
Bug: 26034613
Change-Id: I8c63e6d3256757e2e6931e08b8a65269f5169d35
Many places across the platform query package details without
gracefully handling packages or components that go missing for
various reasons. This can cause annoying user data loss, such as
resetting back to built-in apps or dropping of accounts, etc.
This change verifies that system callers have thought about these
edge cases by logging if they use default matching behaviors without
explicitly marking themselves as being "triaged." (The logging is
currently disabled by default.)
Also creates explicit definitions of supported flags for various
incoming PackageManager calls, and defines a clear distinction
between flag types:
-- GET-style flags are used to request additional data that may have
been elided to save wire space.
-- MATCH-style flags are used to include components or packages that
would have otherwise been omitted from a result set by current system
state.
There are a handful of existing GET flags that better fit under the
MATCH definition, so this change clones them to new constants and
marks the old ones as deprecated.
Fixes bug in JobSchedulerService to consider jobs from apps on
external storage. Revert some dialer behavior back to being
untriaged.
Change-Id: I9b6ab0968241e3479bddbd78de0c51e3b9917318
When a user is started, but a persisted job component doesn't appear
in the normal resolution list, we avoid enqueuing the job. Later
when the user is unlocked, we take another pass over the pending
jobs to see if they became available.
Load keyboard layouts from XML metadata regardless of crypto status,
since we don't need to spin up any remote code.
Add MATCH_SYSTEM_ONLY to make system logic easier to write when
looking for trusted components.
Sprinkle more annotations on ArrayUtils methods.
Bug: 26279465
Change-Id: Iec28e0bb46862b07d740b12a79f6360de68dab0f
Create distinct flags for encryption aware, unaware, and both, and
name them like the other MATCH_ flags.
Start adding logic to help triage all system internal callers to
verify that they've done their homework and thought about how to
handle apps while locked. Call sites in the system should either
ask for explicit matching behavior, or explicitly use the DEFAULT
match flag to indicate that they've been triaged to use the
default state-based matching.
Bug: 26250295
Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107
- Implement a "VR mode" that may be enabled by a focused Activity.
- Add a system service that tracks the current VR mode state and notifies
other core framework services of mode changes.
- Extend NotificationListenerService to allow the bind/unbind lifecycle
of specified listeners to be triggered by system events.
Bug: 22855417
Bug: 25479708
Change-Id: I1ac8692bbb5521bb6c7cfb9d2b56b98b720f8568
Rename DropPermissionHolder to DropPermissions and move
all server-side implementation details into a separate class.
Rename DragEvent.getDropPermissionHolder to
requestDropPermissions and make it take the permissions
implicitly.
Change-Id: Ia83f7cb8af07ce13ba9536d24b0f9d63331d8736
Refactors to getResourcesInternal() and calls that from both methods.
Adds documentation on Context.getResources() and getAssets() that the
instances returned should be consistent with each other.
Bug: 26228895
Change-Id: I41b09f1e9a3a0315bcdf1c08a7b431a9a697bb6f
Adds APIs in DevicePolicyManager and PackageManager for allowing
a device admin to suspend a package. PackageManagerService sets
or unsets a new PackageUserState 'suspended' setting. Terminal
command to suspend/unsuspend has been added via
PackageManagerShellCommand (as root).
Next steps:
* use the new 'suspended' setting for denying access to start app
(probably in ActivityStackSupervisor)
* broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up
* remove app from recents (go further and kill it if it is running)
* erase existing notifications for this app
Bug: 22776576
Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
This API is intended for side-by-side mode, so that when a new activity
is launched, it will show up on the other side instead of covering the
launching activity.
Bug: 26141281
Change-Id: I97d7f2f48d42a31cfb1a86821474582b9c5d9e45
Indicating that a device supports picture-in-picture
multi-window mode.
Also allow activities to be in Pip mode if force resizeable
is enabled.
Bug: 25580820
Bug: 26187878
Change-Id: If80edfee39ece5a51d21040e4d3a8a9135aa1783
When set, signals that the application is required for the system user and
should not be uninstalled.
Bug: 25616324
Change-Id: Idbbd1618e09c40bdb83fa26c0a3d9662dd73bea4
Provide the ephemeral installer with some additional pieces of information:
1) instead of de-referencing the URL a second time, give the installer the
exact package name
2) instead of relying on ephemeral apps to define verified links, give the
installer a pending intent to launch when the ephemeral is installed
3) give the installer a pending intent to launch if the installer fails,
for whatever reason, to install the ephemeral app
Bug: 25119046
Change-Id: I45f50481caee09d5d09451e4b2492e64b0faae82
Previously the value was conflicting with a private flag
PARTIALLY_ENCRYPTION_AWARE, which has been added before.
Change-Id: I661d8b5f59a39b18288eae47b7522f87b120c57b
This also adds a new API to Resources, to get the resolved locale
from the Resources.
Bug: 25800576
Change-Id: I431f1c1b4b6775fcbc097936d0d607400db47f7d
You can now control the range of target SDKs that receivers
will be need to have in order to receive your broadcast.
Use this for CONNECTIVITY_ACTION to not allow N+ applications
to receive these broadcasts through their manifest.
Also tweak the broadcast debug output code to now include the
disposition of each receiver in the list. This is becoming
important as skipping receivers is becoming a more common
thing to have happen.
Change-Id: I251daf68575c07cbb447536286ab4e68b7015148
Rename APIs to reflect that they're storage-related. Also move
credential-storage APIs to be system API.
Return a null Context when device-encrypted storage isn't
supported. This is the easiest way to keep legacy apps working when
upgrading from M to N.
Reduce strictness of path checking so we don't crash when working
with special packages like "android".
Bug: 22358539, 26104027
Change-Id: I38c24fc003488186210a6ae3b64270f86e1efe56
Right now this is just for the BOOT_COMPLETED broadcast to allow
all apps to receive it.
Also clean up the dumpsys of the broadcast queue to not have
every little detail of ResolveInfo+ActivityInfo+ApplicationInfo,
which is just not useful and makes reading the broadcast queue
debug output a lot harder because of so much noise there is.
And rename the package shell query-intent-* commands to a
shorter query-* form.
Change-Id: I0d01565babb87e68b840c9756a2ea730d699efc7
There are far too many Context APIs with special directory paths
to replicate device-encryption versions of them all. Instead, add
methods to clone a Context that explicitly stores its data in either
credential- or device-encrypted storage.
Methods to test the behavior of a given Context.
Bug: 22358539
Change-Id: I6a6290a9b282605ce9a1f82742fc2c4c50536754
Wraps the entire getDrawable() method in a try/catch block. Clears the
stack trace from the re-thrown exception, since we only need the trace
from the original exception.
Also clears stack traces from re-thrown RuntimeExceptions in applyTheme
implementations.
Change-Id: I92396abf9e748eef78777174b297a09e118f5e70
Add APIs for an ephemeral app to set a cookie which is a small
peice of data cached longer than the app itself. This is useful
for avoiding the user to login every time they use the ephemeral
app. The cookie is stored after an ephemeral app is uninstalled.
Normal apps or ephemeral apps upgraded to full apps can also use
these APIs with the difference that once they are uninstalled
the cookie is deleted.
The cookie size defaults to 16KB and is configurable by a global
settings which can be adjusted via gservices. Also eviction policy
is time based with a default of one month and is configurable by
a global setting which can be adjusted via gservices. If the cert
of the app cahnges (when ephemeral is installed, uninstalled and
installed again) the cooke is wiped to prevent data leaks.
This cahange also adds an API for apps to know whether they run in
an ephemeral mode since it this mode some APIs will not be available.
Another API exposed by this change is private for the system and
exposes all ephemeral apps - installed and uninstalled. Only the
system can call this API. When an ephemeral app is uninstalled the
system stores its name, icon, and permissions. When the app is
reinstalled or a full version is installed the permissions are
propagated.
Change-Id: Id4a73a7750bfbabda0bfcb9bf9018d2062e94367
Needed for apps that want to migrate SharedPreferences from CE to DE
storage. Note that a device will only ever enter a CE mode with a
factory reset, so apps should only be using these APIs when they
want to migrate files to a consistent location on non-FBE devices
for simplicity.
Bug: 25503089
Change-Id: Ic846215da1617d116a048e036415ac7ad523b770
Quiet mode means the user will be free from visual and audio interruptions
from apps inside the managed profile, including notifications, widgets and
others. This CL adds the underlying state bit to users and exposes various
APIs to control and query the quiet mode state.
Bug: 22541941
Change-Id: If5f8e5a897843050e83b6ec26cb39561098f12b9
The system can now boot in a "locked" state where only encryption
aware (EA) components can be safely started. When in this state,
PackageManager already filters away non-EA components, but system
services like AccountManager and SyncManager need to carefully handle
these temporarily "missing" components.
As a guiding principle, all known Accounts are still present when
the device is locked, but communication with underlying non-EA
authenticators is blocked.
To keep things simple for now, all SyncManager requests are kept
dormant until the user enters the unlocked state.
The core of this logic is that RegisteredServicesCache now works
with all components regardless of EA status, which prevents us from
accidentally thinking a service was removed when the user is locked.
Bug: 25945136
Change-Id: I8714121f6236b00821769023c4df7de1c8a99944
* Add a new --ephemeral argument to 'adb install'
* Add plumbing to internally track ephemeralness
* Create new app directory for ephemeral installs
Bug: 25119046
Change-Id: I1d379f5ccd42e9444c9051eef2d025a37bd824fe
When a user is first started, we assume that they're "locked" meaning
that credential-encrypted data is unavailable. Once credentials have
been supplied, we can transition the user to a fully running state.
To facilitate this lifecycle, UserState now has two separate
RUNNING_LOCKED and RUNNING states. To ensure consistent events are
sent on all devices, we always step through RUNNING_LOCKED before
arriving at RUNNING. This consistency means that apps processing
data based on the new ACTION_LOCKED_BOOT_COMPLETED broadcast and
system services using the new onUnlockUser() event will be less
bug-prone over time.
If the user storage is unlocked (which is the case on the majority
of legacy devices), we immediately transition from the RUNNING_LOCKED
into the RUNNING state.
Add logging for all state transitions.
When we "recover" a user in the process of being shut down, return
to the last known state.
Bug: 25943941
Change-Id: I5fec980f10b0d0fb2c272a662d193dc15136f9b9
Previously, Configuration#setTo() would not copy a null locale, and
Resources#updateConfiguration() could fail if it was updated with a
configuration with a null locale or empty locale list.
Bug: 25874762
Change-Id: I76ef5769a16a5165b91c8e5ec5d926c67ef4f3c5
