When a device gets stuck in a crash loop, it's pretty much unusable
and impossible for users to recover from.
To help rescue devices from this state, this change introduces a new
feature that watches for runtime restart loops and persistent app
crash loops, and escalates through a series of increasingly
aggressive rescue operations. Currently these rescue levels walk
through clearing any experiments in SettingsProvider before finally
rebooting and prompting the user to wipe data.
Crash loops are detected based on a number of events in a specific
window of time. App stats can be stored in memory, but boot stats
need to be stored in system properties to be more robust.
Start up RecoveryService much earlier during the boot so we can
reboot into recovery when needed.
Add properties tha push system_server or SystemUI into a crash loops
for testing purposes.
Test: builds, boots, forced crashing walks through modes
Bug: 24872457, 30951331
Change-Id: I6cdd37682973fe18de0f08521e88f70ee7d7728b
Test: Manually tested onDeviceUnlockLockout being called with an actual
TestAgentService implementation.
Notes:
- Active Trust Agents are no longer killed/unbinded from when a temporary
device lockout occurs. Instead, the onDeviceUnlockLockout callback of
the agent is called.
Change-Id: Ifa0984d1d7e5153568334d736e9ebd5a00ef1297
Bug: 34198873
Unlike the existing addItem(Item), this method updates
the MIME type list in the ClipDescription.
Bug: 28750744
Test: cts-tradefed ... -m CtsContentTestCases
--test android.content.cts.ClipboardManagerTest
Change-Id: Ida0477267d1319a31a738dfd704c0af71928dd2f
- System UIDs must be allowed to launch anything and everywhere.
- Display owner must be allowed to launch activities on it.
- Apps that are already on target display must be allowed to launch
there.
- All other apps mustn't be allowed to launch on private displays.
Bug: 34230873
Test: android.server.cts.ActivityManagerDisplayTests
Test: #testPermissionLaunchFromSystem
Test: #testPermissionLaunchFromAppOnSecondary
Test: #testPermissionLaunchFromOwner
Test: #testPermissionLaunchFromDifferentApp
Change-Id: Ic98005649a6368370c512e822cba4e9decc18ae9
There is a new APP_START_MODE_DELAYED_RIGID which means that
things discovering something is not allowed to start should
report a clear error back to the caller. This is how apps
that opt in to bg check should behave, and will now
be used if the app op mode is set to ERRORED.
This (for now?) removes the code that allows services to
be started if the request is coming from a foreground process.
That behavior isn't in the current bg check spec, and
probably not what we want as the standard platform model (since
it makes knowing when a service can start even harder to
determine). It was originally done for the experimental
bg check work in N to see how much we could avoid
breaking existing apps, so not relevant when apps need to
explicitly opt in.
Also report temporary whitelist changes to activity manager for
it to lift background restrictions temporarily for apps. Being
on the whitelist is now part of UidRecord, preventing a uid from
going idle.
Test: Initial CTS test added.
Change-Id: I36fd906fa69de8b7ff360605ae17c088f182e172
- Adds BluetoothDevice as a parameter where required
- Gets rid of device management APIs that can be done via
BluetoothProfiles instead
Test: Manual sanity tests
Bug: b/33554547
Bug: b/30984220
Change-Id: I3485ac5bfe1fcb29c774ad040fdd608e1cacb8df
By default, we don't restart the activity when MCC/MNC changes
even when they are not set in configChanges. If they want to
restart, set mcc or mnc in the new attribute restartOnConfigChanges.
Bug: 34258948
Test: Test in unit test(testGetActivityConfigChanges() in
PackageParserTest.java) and on real device with
changing the SIM card.
Change-Id: Icd6899597c9b8f2e5706e74373a0280d19150092
Preloading EGL in Zygote was originally a memory footprint
optimization, but it turns out to be an important app startup time
optimization as well. Preloading EGL in Zygote is incompatible with
updatable graphics drivers, but we don't want to do it on-demand as
part of drawing the first frame either, since that increases
first-frame latency unacceptably.
This change removes Zygote preload, and instead loads EGL on a
low-priority background thread immediately after choosing which
graphics driver to use. This means it is usually done well before
drawing the first frame, without significantly disrupting other
activity launch work.
Test: observe systrace of Calculator launch on bullhead
Bug: 34404021
Change-Id: I887aa09bd35b088b16f53a89838a0c7c98f15761
Currently the list is small, only whats required to launch a basic
ephemeral app. It will expand in followup CLs.
Note that the goal of this is not to completely shut down all ways that
an ephemeral app could learn the value (or part of) of a setting not in
the set. The goal is to limit the raw access to settings to a small set that
includes settings that ephemeral apps should have access to directly
System APIs that are exposed to ephemeral apps may allow for
ephemeral apps to learn the value of settings not in the directly
exposed set and that is OK and _not_ a security issue.
This contains a hack to support code in system system server that in
the process of a binder transaction reads a setting using a
ContentReceiver with a system package name. This was previously not an
issue but causes an exception to be thrown from getCallingPackage which
reading a setting now calls.
Bug: 33349998
Test: Boots, functions as normal for regular apps.
Test: cts-tradefed run cts -m CtsProviderTestCases -t
android.provider.cts.SettingsTest
Change-Id: Icc839b0d98c725d23cdd395e8cb76a7b293f8767
Added an app op to control which package and uid can install apps on the
device and an intent action to launch the settings fragment.
Test: Will include in follow up CL, tracked in b/33792674
Bug: 31002700
Change-Id: Ic073495759d9867f8001a6c712e402398c53dfc9
Network usage is tracked by the kernel at the UID level, which is
granular enough for normal apps, but large components (such as the
system server) are impossible to debug without adding additional
socket tagging to help identify subsystems within a UID.
To help ensure that system components tag all their network traffic,
this change offers a new StrictMode option to detect and report
untagged sockets.
Test: builds, boots, all common traffic tagged
Bug: 30943431, 30414041
Change-Id: I825c7941076054732264690247de2863342638e2
BACKED_UP and RESTORED are required for dialer voicemail backup/restore
feature for N MR2. As there are no API bump the fields will be hidden
in NMR2. These fields will be made public in O.
ARCHIVED and IS_OMTP_VOICEMAIL is not used for NMR2, but added in
advance to avoid multiple database upgrades.
IS_OMTP_VOICEMAIL will be used in O to dedupe multiple apps implementing
VisualVoicemailService. All voicemail inserted by the service should
set this field to 1. The UI should only display voicemails with this
field set to 1 when the source_package is also the current active
VisualVoicemailService, as other sources represents the same source of
truth(the carrier) but is outdated.
For example, the query should be
WHERE (is_omtp_voicemail == 0) OR
(is_omtp_voicemail == 1 AND source_package = "current.vvm.package")
Test: VoicemailProviderTest
Bug: 34463609
Change-Id: I0f3e58fabff2102adf5bc29d81dac46c7e71d410
