- New (hidden) isUserRunning() API.
- Maintain LRU list of visited users.
- New FLAG_IS_DATA_ONLY for ApplicationInfo.
- Clean up pending intent records when force-stopping a user (or package).
(Also fixes bug #6880627: PendingIntent.getService() returns stale
intent of force stopped app)
- Fix force-stopping when installing an app to do the force-stop across
all users for that app.
- When selecting which processes to kill during a force stop, do this
based on the actual packages loaded in the process, not just process
name matching.
- You can now use --user option in am when starting activities, services,
and instrumentation.
- The am --user option accepts "current" and "all" as arguments.
- The pm uninstall command now uninstalls for all users, so it matches
the semantics of the install command.
- PhoneWindowManager now explicitly says to start home in the current
user.
- Activity manager call to retrieve the MIME type from a content provider
now takes a user argument, so it will direct this to the proper user.
- The package manager uninstall paths are now implemented around
PackageSetting, not PackageParser.Package. This allows them to work
even if the application's apk has been removed (in which case it only
exists as a PackageSetting, not the PackageParser.Package parsed from
the apk).
Change-Id: I3522f6fcf32603090bd6e01cc90ce70b6c5aae40
broadcast asks to run as user -1 but is calling from user 0; this requires
Also improve part of issue #7087789: Local denial of service via
low-permissioned apps
No longer allow closeSystemDialogs() from background processes.
Change-Id: I752d5a1d51be0b69fde6999d6659835e5bde3efe
New API to register as an explicit user, which allows you to
also select ALL to see broadcasts for all users.
New BroadcastReceiver API to find out which user the broadcast
was sent to.
Use this in app widget service to handle per-user package broadcasts
and boot completed broadcasts correctly.
Change-Id: Ibbe28993bd4aa93900c79e412026c27863019eb8
Launching providers is removed from mLaunchingProviders when the client
process dies and works as long as the client process had requested just
one provider and not otherwise. Fix is to make sure mLaunchingProviders
is updated to remove all providers launched by the client process.
Change-Id: Ib4b8b44b6a102762a6558f65fb2e6dbf11d725ea
Replaced all remaining places that used it with explicit user
specification.
While doing this, I ran into stuff that was creating PendingIntent
objects (that now need to specify the explicit user they are for),
which are also posting notifications... but have no way to specify
the user for the notification.
So the notification manager in the system process now also gets a
formal concept of a user associated with the notification, which
is passed in to all the necessary aidl calls. I also removed the
old deprecated aidl interface for posting/cancelling notifications,
since we now always need a user supplied.
There is more work that needs to be done here, though. For example
I think we need to be able to specify USER_ALL for a notification that
should be shown to all users (such as low storage or low battery).
Along with that, the PendingIntent creation needs to be tweaked to
be able to handle USER_CURRENT by evaluating the user at the point the
pending intent is sent.
That's for another change, however.
Change-Id: I468e14dce8def0e13e0870571e7c31ed32b6310c
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
System services holding this permission have external storage bound
one level higher, giving them access to all users' files.
Bug: 7003520
Change-Id: Ib2bcb8455740c713ebd01f71c9a2b89b4e642832
Let apps bindService() across user boundaries if they hold the
INTERACT_ACROSS_USERS_FULL permission.
Bug: 7012034
Change-Id: I2047d8318e1de47bfae7470d1dbc6fe5cfe44fdc
The activity manager now keeps track of which users are running.
Initially, only user 0 is running.
When you switch to another user, that user is started so it is
running. It is only at this point that BOOT_COMPLETED is sent
for that user and it is allowed to execute anything.
You can stop any user except user 0, which brings it back to the
same state as when you first boot the device. This is also used
to be able to more cleaning delete a user, by first stopping it
before removing its data.
There is a new broadcast ACTION_USER_STOPPED sent when a user is
stopped; system services need to handle this like they currently
handle ACTION_PACKAGE_RESTARTED when individual packages are
restarted.
Change-Id: I89adbd7cbaf4a0bb72ea201385f93477f40a4119
Store the userId in the PendingIntentRecord.Key, so that it doesn't match
an identical pending intent from another user.
Change-Id: Icfc39e0f717c902dc3a60bdf5283a3402bbd2eaa
We also now send the correct broadcasts to each user.
You no longer need to be running the shell as root
to be able to create/remove users.
Also added some more man page material to the pm command, and
got rid of a bunch of showUsage() calls that now make error
messages completely buried because of how large the usage info
has become.
And the package manager now shows the user each historical broadcast
was sent to.
Change-Id: Iab42498e1352a0c023069139c80fc04d2d69ab4b
This add a new per-user state for an app, indicating whether
it is installed for that user.
All system apps are always installed for all users (we still
use disable to "uninstall" them).
Now when you call into the package manager to install an app,
it will only install the app for that user unless you supply
a flag saying to install for all users. Only being installed
for the user is just the normal install state, but all other
users have marked in their state for that app that it is not
installed.
When you call the package manager APIs for information about
apps, uninstalled apps are treated as really being not visible
(somewhat more-so than disabled apps), unless you use the
GET_UNINSTALLED_PACKAGES flag.
If another user calls to install an app that is already installed,
just not for them, then the normal install process takes place
but in addition that user's installed state is toggled on.
The package manager will not send PACKAGE_ADDED, PACKAGE_REMOVED,
PACKAGE_REPLACED etc broadcasts to users who don't have a package
installed or not being involved in a change in the install state.
There are a few things that are not quite right with this -- for
example if you go through a full install (with a new apk) of an
app for one user who doesn't have it already installed, you will
still get the PACKAGED_REPLACED messages even though this is
technically the first install for your user. I'm not sure how
much of an issue this is.
When you call the existing API to uninstall an app, this toggles
the installed state of the app for that user to be off. Only if
that is the last user user that has the app uinstalled will it
actually be removed from the device. Again there is a new flag
you can pass in to force the app to be uninstalled for all users.
Also fixed issues with cleaning external storage of apps, which
was not dealing with multiple users. We now keep track of cleaning
each user for each package.
Change-Id: I00e66452b149defc08c5e0183fa673f532465ed5
Remove single-user bind mounts, since they need to remain as raw
mounts to correctly propagate when remounted. This means we're back
to using sdcard_r GID to enforce READ_EXTERNAL_STORAGE.
Bug: 6925012
Change-Id: I41b5d7ddc985a5df2e288632a0a80d4724089e00
Introduce API to get per-user storage information, keep track
of services associated with users, and various small cleanup.
Change-Id: I5d4e784e7ff3cccfed627d66a090d2f464202634
Restore the security contexts of anr directory
when initially created.
Change-Id: Ia731414ccbcdc7369d24be6db0003c53abcf6ef4
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Use AtomicFile for usermanager files.
Added a MANAGE_USERS permission that apps (signature permission) can use
to create/query/modify/remove users.
Change-Id: I5cf232232d0539e7508df8ec9b216e29c2351cd9
Emulated external storage always has multi-user support using paths
like "/data/media/<user_id>". Creates and destroys these paths along
with user data. Uses new ensure_dir() to create directories while
always ensuring permissions.
Add external storage mount mode to zygote, supporting both single-
and multi-user devices. For example, devices with physical SD cards
are treated as single-user. Begin migrating to mount mode instead
of relying on sdcard_r GID to enforce READ_EXTERNAL_STORAGE.
Bug: 6925012
Change-Id: I9b872ded992cd078e2c013567d59f9f0032ec02b
Get rid of duplication between find/retrieve service funcs; when
a service in a persistent process crashes, restart it immediately
since the persistent process is going to be immediately restarted
anyway; when a new process is attaching, immediately restart any
services associated with it that are waiting to restart, since
it is weird to not let them run if the process comes back for some
other reason.
Change-Id: Id087fe04ebf2b6a4bd00732796c8326364765ea7
A long time ago, we had a concept of an "empty" process -- this was
a process that didn't have any interesting components in it, which
would be placed below everything else in the LRU list.
Empty processes didn't work out well, because you could get into
bad situations where you have filled your LRU list with things that
have hidden activities, pushing empty processes to the bottom and
being immediately killed as soon as they go into the list. So this
was removed.
This change brings the concept back, but in a slightly different
form, to address a more specific problem: for people who are switching
between N different applications, we would like to try to keep those
activities available in RAM in a consistent manner. Currently the
previous activities would be killed often quickly and suprisingly,
even on devices with lots of RAM. This is for two reasons:
(1) As you sit in one application, other things going on in the
background will go to the top of the LRU list, pushing down the
previous apps you have visited, even though you aren't aware at all
of these other things executing.
(2) There is a hard limit on the number of background processes
(currently 16) after which they are killed regardless of the amount
of available RAM. This is desireable because if there is lots of
RAM we can end up with tons and tons of processes sitting around,
not really serving any purpose, but using up resources.
To improve the situation, we have again a concept of "empty" processes
but now it means one with no activities. Processes that aren't empty
but in the background list are called hidden. We maintain these as
two parallel lists, each getting half of the process limit: so with
a 16 process limit, you can have at most 8 empty and 8 hidden processes.
This allows us to consistently keep up to 8 recent applications around
for fast app switching; we will also keep around 8 other processes to
make it more efficient for background work to execute again if it needs
to.
Change-Id: Iee06e45efc20787da6a1e50020e5421c28204bd7
Moved a bunch of methods from PackageManager to UserManager.
Fix launching of activities from recents to correct user.
Guest creation APIs
Change-Id: I0733405e6eb2829675665e225c759d6baa2b708f
Added a new method to Context: startActivityAsUser() requiring the
INTERACT_ACROSS_USERS_FULL permission.
Show the correct Recents list, based on current user.
Added a getRecentTasksForUser() in ActivityManager. Hidden and requires
the INTERACT_ACROSS_USERS_FULL permission.
Change-Id: If5b56465efdd3ead36601a3b51ed4af157bbf35c
- You can now use android:singleUser with receivers and providers.
- New API to send ordered broadcasts as a user.
- New Process.myUserHandle() API.
For now I am trying out "user handle" as the name for the numbers
representing users.
Change-Id: I754c713ab172494bb4251bc7a37a17324a2e235e
- Expose the existing Context.sendBroadcast() as
Context.sendBroadcastAsUser().
- Add new android:singleUser attribute for services.
- Add new INTERACT_ACROSS_USERS_FULL permission for full
system-level access to cross-user interface (allows
sendBroadcastAsUser() to send to any receiver).
- Add new INTERACT_ACROSS_USERS_FULL permission for
more restricted cross-user interaction: this is required
for android:singleUser, and allows you to use
sendBroadcastAsUser() but only to send to your own
receivers.
Change-Id: I0de88f6718e9505f4de72e3f45d29c0f503b76e9
Use raw arrays instead of ArrayList for data structures.
Temporarily includes a copy of the old intent resolver for
validating the new implementation.
Change-Id: I988925669b6686ac73b779be6cd6fe3a9fd86660
- There was a long-standing bug when using FLAG_ACTIVITY_REORDER_TO_FRONT
where we could find and use an activity that is currently finishing.
- There was a recently introduced bug where activities being destroyed
would not be removed from the history stack at the time they are done
being destroyed, allowing the above bug to be exposed.
- Removing a task would not kill any processes associated with the app
that had a different name from the app itself.
Change-Id: I4401ab6d348a69e1ac4fb8f719d2c69d5a78e567
FLAG_ACTIVITY_CLOSE_SYSTEM_DIALOGS was a mistake.
Instead, and the infrastructure for the status bar to take care
of closing and hiding things itself when you press these buttons,
just like it does for the main Intent of the notification.
Bug: 6717667
Change-Id: I1b22186e0cedc05f46a1a3ec78053a72afaf61b1
