This change introduces the ability to have multiple packages per
APK. The feature is currently restricted to privileged apps and
updates to such apps.
In essence the manifest can have multiple child package declarations.
A child package can declare everything an Android package can except
some tags or attributes that are not applicable and instead inherited
from the parent when needed. For example, the target SDK of the parent
applies to all children.
A child package can be updated only through the parent package.
A package with multiple child packages is installed, uninstalled
atomically - no partial installs where some child packages are not
installed.
The remaining work is to ensure broadcasts are also sent for child
packages. This will come in a subsequent change.
Sample app:ag/848432
Design doc: https://docs.google.com/document/d/18nFWtJuZchLxrHf5SBbJW03-Ky9Rh_G0-OVB14b6u78
Change-Id: I6fd021d981bf5786290e0c53502724a14c97358c
EditText tried to draw outside of the padding boundaries because of a
cursor positioning issue in RTL. This CL removes that fix and instead
clamps the cursor position if cursor is outside of the clipped view
boundary.
Bug: 23397961
Change-Id: Id5f1fbe2a0f571100c89b21758fbb81b14d5da57
Currently TextView state is saved whenever selection is set even if
freezesText is false. This causes inconsistencies with the described
behavior for the attribute. This CL updates the behavior as:
- Always save the text for EditText
- Always save the selection if there are any.
- Do not save the text for TextView if freezesText is false.
- During onRestoreInstanceState if selection is out of the text
boundaries, do not restore the selection.
Bug: 22076905
Change-Id: I5e05d343e752a7d106c8881993e4d95ae21a38ce
(cherry picked from commit 8535836673)
Prior to this commit in this case of activity pause, with finishing=true
the activity manager will notify us of app visibility and we will begin
an exit animation. When this exit animation finishes, we will destroy
the application surface (unless its eligible for saving). However there
are two cases where this breaks down:
1. The exit animation finishes before the activity thread handles
the stop transition. Many activities stop rendering on Pause
but many do not and it is totally legal to do so. Sometimes this
results in non fatal dequeue buffer errors and sometimes results in
fatal errors with Pixel Buffers, etc...
2. We may resume the activity shortly after asking the window manager
to pause it. If the window wasn't eligible for animation, we will
immediately destroy it after being told of the visibility change
following PAUSE_FINISHING. It's possible for this to complete
before we process the resume. On the other hand the client
happilly processes the resume and transitions back from PAUSE
and then crashes once it attempts to use it's surface.
In this commit we have the activity manager notify the window manager
when an application has actually finished (or we have timed out
waiting). For windows which have not been explicitly removed by the
client, we defer destruction until we have received both this signal
and the animation has completed.
Bug: 26793431
Change-Id: Ib6ee8fbdd1f03450fbbfd62468a19e97774befab
Bug 26963113
When a Fade transition is interrupted and reversed, the
View started the animation from the beginning. This change
captures the previous transitionAlpha and starts the animation
from the previous alpha state.
Change-Id: I801fe9ade6af4cf8446838e231bdc71841668a18
(cherry picked from commit 3cf9fa3db0)
We confirmed with the graphics and JIT teams that no sensitive
user data is written to these caches, so they're safe to point at DE
storage.
Since we don't have control over what is written by the app, we need
to keep the cache environment variable pointing at CE storage.
Fix ensurePrivateDirExists() to always return a path, instead of
returning null which can cause scary bugs.
Change packages.list to no longer canonicalize data paths, since
these fail when CE storage is still locked.
Bug: 27069522
Change-Id: Ifff64a036fa4aa1e61aa0dd98486bc711fbf8f4a
Save arbitrarily nested fragments across config changes as
nonconfiguration objects. This permits the use of retain-instance
child fragments as arbitrary opaque dependencies within other
fragments.
Change-Id: Ia6640b76cfcf7ec28ba252628957a0c14863e957
(cherry picked from commit 7466be6626)
Offer commitNow and commitNowAllowingStateLoss methods on Fragment for
use by encapsulated components using fragments as implementation
details. This can help prevent unexpected ordering side effects at the
app level when a call to a library method wants to commit and
immediately initialize a fragment as an implementation detail.
Note that this change still does not permit reentrant FragmentManager
operations. It is still an error to add/remove/change fragments in the
same FragmentManager while a fragment transaction is being executed.
Have the commonly used ViewPager adapters use commitNow instead of
executePendingTransactions.
Change-Id: Ia37a871234a287423063f0c2c3e4c93d69116cad
(cherry picked from commit f6b30662f8)
Have the new showContextMenuForChild(View, float, float) call through
to the old showContextMenuForChild(View) before recursing up to its
parent. This ensures that existing apps with custom views that
override the old method still get called as expected if they implement
custom behavior.
Unlike some other similar circumstances we aren't implementing this to
be bidirectional as the new behavior doesn't need to be triggered by
invoking the old. If the older method is invoked explicitly we will
still show old-style dialog context menus instead of the newer popup
style since we won't have a good place to visually anchor a popup.
Bug 26919262
Change-Id: Ie09f922d322b5a24789c7867820c4bc43824c385
(cherry picked from commit 759a4c5400)
Add android.os.UpdateEngine and UpdateEngineCallback classes that
communicate with the update engine via binder APIs for A/B update.
Bug: 26695366
Change-Id: I2471858d28df5443bc0b56d9a20281ccebde4484
Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.
Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30
When a system app requests "forceDeviceEncrypted" they expect their
default app storage to point at a consistent location regardless of
device FBE support. So when booting upgraded non-FBE devices, we
may need to migrate any data from CE to DE. Note that on non-FBE
devices these are just semantic locations with identical protection.
This migration *only* works for non-FBE devices; changing
forceDeviceEncrypted flags on an FBE device always requires a full
data wipe.
Bug: 26668510
Change-Id: Ic5dfeaaf2db26c385901a638ca8ec35eb3c52859
Whitelist two more legacy intent actions, and don't enforce the
StrictMode checks when resolving intents that might be coming from
legacy apps. Newer apps would have already been yelled at directly
before getting to the resolver.
Bug: 26976516, 26977622
Change-Id: Ibf72a361ed68c52cfaac16c32ab40e79005a42e7
Don't mix up with usage stats. Keep a separate db and history
based on elapsed time and screen on time.
Unit tests for AppIdleHistory class.
Bug: 26989006
Change-Id: If343785b46da1db67f7c1c1263854c2732a232c6
Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.
This also has the nice property that we only prepare storage when
we know that keys are unlocked.
Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
