Add Closeable to ParcelFileDescriptor, and always close any incoming
PFDs when dumping.
Bug: 6106309
Change-Id: I25b465692d5e1da0a5980a307cb48a058bc2bca7
When tearing down any leaked BroadcastReceiver or ServiceConnection
Context registrations, report through StrictMode.
Bug: 6084353
Change-Id: I5e78039299e2c9c1440cd1fd09317da78ffee82a
An "UpdateLock" works similarly to a wake lock in API: the caller is
providing a hint to the OS that now is not a good time to interrupt
the user/device in order to do intrusive work like applying OTAs.
This is particularly important for headless or kiosk-like products
where ordinarily the update process will be automatically scheduled
and proceed without user or administrator intervention.
UpdateLocks require that the caller hold the new signatureOrSystem
permission android.permission.UPDATE_LOCK. acquire() and release()
will throw security exceptions if this is not the case.
The "is now convenient?" state is expressed to interested parties
by way of a sticky broadcast sent only to registered listeners. The
broadcast is protected; only the system can send it, so listeners
can trust it to be accurate. The broadcast intent also includes a
timestamp (System.currentTimeMillis()) to help inform listeners that
wish to implement scheduling policies based on when the device became
idle.
The API change here is a tiny one: a dump(PrintWriter) method has been
added to the TokenWatcher class to facilitate getting information out
of it for dumpsys purposes. UpdateLock itself is still @hide.
Bug 5543442
Change-Id: I3709c831fc1883d7cb753cd2d3ee8e10a61e7e48
Use PowerHAL to set system awake/suspend state.
Change-Id: If58a6f548564ea141b68f304455997d9ff04eace
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Instead of acquiring and releasing a barrier using an up/down
counter, we post a message to the queue that represents the
barrier. This is a more natural representation of the barrier
and better matches what we want to do with it: stall messages
behind the barrier in the queue while allowing messages earlier
in the queue to run as usual.
Refactored the MessageQueue a little bit to simplify the quit
logic and to better encapsulate the invariant that all
messages within the queue must have a valid target. Messages
without targets are used to represent barriers.
Bug: 5721047
Change-Id: Id297d9995474b5e3f17d24e302c58168e0a00394
Add classes to handling binder marshalling to and from the native
common_time interfaces (config and clock)
Change-Id: I04fc429d9af27736c4f7f9b5468011ffdd4d7eaa
Signed-off-by: John Grossman <johngro@google.com>
The synchronization barrier enables selectively blocking
execution of synchronous messages until the barrier is released.
Asynchronous messages may continue running in the meantime.
The barrier is intended to be used to implement more sophisticated
scheduling policies related to view hierarchy traversals. While
traversals are pending, most messages posted to the message queue
must be held up. This is to satisfy the invariant that traversals
will occur before subsequently posted messages are handled.
The exception to this rule are "asynchronous" messages that represent
external events or interrupts that come from other components such
as VSYNC pulses, input events or sensor events. Because these messages
are typically delivered at arbitrary times, they are independent of
traversals or other typical synchronization boundaries.
Messages can now be flagged as asynchronous to indicate that they
are weakly ordered.
Bug: 5721047
Change-Id: I1446dcfbc896f33b48355adc28967ace8c8c9b9b
- Allow each user to have their own wallpaper (live or static).
- Migrate old wallpaper on upgrade.
- Update SystemBackupAgent to backup/restore from primary user's
new wallpaper directory.
Reduce dependency on Binder.getOrigCallingUser() by passing the
userId for bindService.
Change-Id: I19c8c3296d3d2efa7f28f951d4b84407489e2166
Using the same convention in system_init.cpp, you can disable these
services by setting system properties:
system_init.startaudioservice=0
system_init.startmountservice=0
Signed-off-by: Mike Lockwood <lockwood@android.com>
Services now must explicitly opt in to being accessed by isolated
processes. Currently only the activity manager and surface flinger
allow this. Activity manager is needed so that we can actually
bring up the process; SurfaceFlinger is needed to be able to get the
display information for creating the Configuration. The SurfaceFlinger
should be safe because the app doesn't have access to the window
manager so can't actually get a surface to do anything with.
The activity manager now protects most of its entry points against
isolated processes.
Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
This reserves a range of uids (for each user) in which these processes
run. These uids are not associated with an application, so they
effectively run with no permissions. When a Service requests to
run in such a process through android:isolatedProcess="true", each
time it is brought up a new isolated process is started with its
own unique uid.
What we have so far gives us the basic infrastructure; more work
remains to further lock down what these uids have access to.
Change-Id: Ibfd27c75619cba61f528f46ede9113f98dc5f45b
Switching activity stacks
Cache ContentProvider per user
Long-press power to switch users (on phone)
Added ServiceMap for separating services by user
Launch PendingIntents on the correct user's uid
Fix task switching from Recents list
AppWidgetService is mostly working.
Commands added to pm and am to allow creating and switching profiles.
Change-Id: I15810e8cfbe50a04bd3323a7ef5a8ff4230870ed
Changes Binder.execTransact() to clear any partial reply before
writing the exception. Specifically, this fixes case where an
onTransact() could leave a writeNoException() floating in the reply.
Bug: 5686023
Change-Id: Ibc944464a010f5ec2fd8ef3cc84ac23d8260a491
The access control changes allow us to just use Nfc.apk with
the regular platform certificate, instead of the custom signed
NfcGoogle.apk. So we can compeltely get rid of vendor/google/apps/NfcGoogle
and just build it out of packages/apps/Nfc now.
The package name is also reverted from com.android.nfc3 to com.android.nfc
The NFC uid needs to get bumped (25 to 27) to allow the cert change.
Bug: 5608249
Change-Id: I09a81a896ff3cceb5a8de331d3399921b870932a
Bug: 5578022
Previously, Binder transactions failed silently, which caused
problems because apps would carry on assuming that the operation
had succeeded. Often, the apps would crash soon due to a violated
invariant, but sometimes they managed to do some damage first...
Change-Id: Ia9cc98b3b761a8160e7c4e87507860b5912c0451
Setting persist.sys.strictmode.disable to 'true' will disable strict
mode on eng/userdebug builds where it is turned on by default.
Explicitly enabling it in the Settings UI will override this, so
it's still possible to toggle it there even when this property
has been set on the device.
Change-Id: Ifd971f948fb2f803d509c2a06112c4bb932a5b1f
This is the process that you had previously been interacting with
in the UI before the current one. Treating it specially should
allow us to improve the scenario of switching back and forth
between two apps.
Also add API constent for ICS MR1.
Change-Id: Ib3fe4df36b270be11dfd6b7e8d107c9994058a4d
On user-debug and eng builds, you can set the
"db.log.slow_query_threshold" system property to queries that
take longer than the specified number of milliseconds.
Set it to 0 to log all queries.
This property has been around for a while but it was implemented
poorly. In particular, it *changed* the behavior of the query
by calling getCount() while holding the Db connection.
In normal operation, the query will not actually run until later.
By putting the timing logic into fillWindow() instead, we ensure
that we only measure queries that actually ran. We also capture
cases where the cursor window gets filled multiple times.
Bug: 5520301
Change-Id: I174f5e1ea15831a1d22a36e9a804d7755f230b38
- Fix ordering problem in sync manager that would cause its wake
locks to slightly appear in the system process when they should
be fully accounted against the app.
- Allow the system process to have more wake lock names in its
battery stats.
- In the bug report output, print totals of the wake locks for each
process, to make it easier to parse what is being printed for things
like the system process with a huge number of individual wake locks.
Change-Id: I3cf39330f22f3c51c11e65e4124150d73a7da2dd
This supersedes any backup-password that the user might supply. Per
design, the device encryption password is also always used to encrypt
the backup archive.
The CL introduces two new strings, used for prompting the user for
their device encryption password rather than their settings-defined
"backup password" when confirming a full backup or restore operation.
Bug 5382487
Change-Id: I278737927a4ecbb765bfb5ecfd28a4cb8dae52ef
This supersedes any backup-password that the user might supply. Per
design, the device encryption password is also always used to encrypt
the backup archive.
The CL introduces two new strings, used for prompting the user for
their device encryption password rather than their settings-defined
"backup password" when confirming a full backup or restore operation.
Bug 5382487
Change-Id: I0b03881b45437c944eaf636b6209278e1bba7a9f
