With the addition of APK Signature Scheme v3, the platform now can
support key rotation by using the proof-of-rotation provided by the
new scheme. Create a new API which allows checking of the entire
provided history of an APK's signing certificates, not just the
current signer. This should allow for changes of APK signing
certificates without fear of losing access to resources that would
have been provided under the old signing certificate.
Change getPackageInfo(GET_SIGNATURES) to return the oldest signing
certificate in the chain so that apps which do programmatic checks,
but are not updated to use the new API, still get the same information
they would have gotten had there been no rotation.
Bug: 64686581
Test: Builds, boots.
Change-Id: I8982fd4cce60f5d85a6180d157a6e2a661b1a6d7
This makes the runtime handling of the org.apache.http.legacy library
conditional based on a build flag REMOVE_OAHL_FROM_BCP.
When REMOVE_OAHL_FROM_BCP=true:
* The framework-oahl-backward-compatibility is added to the
bootclasspath instead of org.apache.http.legacy.
* Any APK that targets pre-P has org.apache.http.legacy added to their
library list.
Otherwise:
* The org.apache.http.legacy library is added to the bootclasspath.
* Any APK that explicitly specifies that it depends on the
org.apache.http.legacy library has the library removed as the classes
are available at runtime.
Tested both cases by building with or without the build flag, flashing,
setting up, adding an account, adding a trusted place. Adding an account
failed when REMOVE_OAHL_FROM_BCP=true.
adb install -r -g out/target/product/marlin/testcases/FrameworksCoreTests/FrameworksCoreTests.apk
adb shell am instrument -w -e class android.content.pm.PackageBackwardCompatibilityTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Bug: 18027885
Bug: 72375096
Test: as above
Change-Id: Ie88fb79da76d3cbbd27eaf820c872191ecba2b17
* changes:
libandroidfw: Improve performance of AssetManager2
libandroidfw: Add ApplyStyle and SetConfiguration benchmark
Make idiomatic use of ApkAssets and AssetManager
Replace AssetManager with AssetManager2 implementation
APK Signature Scheme v3 enables APK signing key rotation by allowing
an APK to embed a proof-of-rotation structure linking past signing
certificates to the current one. This information needs to be exposed
to the system before it can be used to make authorization decisions.
Bug: 64686581
Test: Builds and boots.
Change-Id: I49961f92fcec141d73b36197147d5d8fa64c149e
'adb shell pm install' creates the PackageLite structure without
validating or renaming the input files to '.apk'.
Be more permissive in DexMetadataHeler when computing the size of the
package to allow for this scenario.
Test: atest
core/tests/coretests/src/android/content/pm/dex/DexMetadataHelperTest.java
Bug: 72267410
Change-Id: Ica446b0822be71826d02d01ada015a43d8133c68
This reverts commit ab223112d1.
Reason for revert: Android P will only show a warning dialog for
deprecated apks.
Test: -
Change-Id: Iff792b9d371cffbb0ba0d2ba53a4758a9779b1c7
Now that we have data plan information from the carrier, we can start
using it to influence when we schedule jobs. As a first pass
algorithm:
-- If the network is congested, and a job is less than 50% through
its runnable window, then we'll defer it for awhile.
-- If the network has a surplus of data, we'll consider using some
of it to improve the user experience by running prefetching jobs.
Provider APIs for carrier apps to override their connections to be
temporarily marked as either "unmetered" or "congested", along with
automatic timeouts if desired.
Flag for developers to indicate which jobs will have a material
positive impact on end users. (We don't want to promote jobs that
are simply doing logs upload; for example.) Glue code to quickly
return targetSdk of a specific package.
More tweaking to the exact algorithms will come in future CLs.
Test: bit FrameworksServicesTests:com.android.server.job.
Bug: 64133169
Change-Id: Iabb9f90a7a65958ad648b091edec378fc3bf785a
This CL adds system APIs in android.os.SystemUpdateManager. The APIs allow
system updater apps (RECOVERY permission required) to publish the pending
system update information, and allow other apps to query the info
accordingly (requiring RECOVERY or READ_SYSTEM_UPDATE_INFO permission).
Design doc in go/pi-ota-platform-api.
Bug: 67437079
Test: Use test apps to call the new APIs to query and set the update info
respectively.
Change-Id: Id54b4a48d02922d2abd906dd7e2ec80a656fc9b1
Move away from using deprecated addAssetPath methods
and cache the instances of ApkAssets created.
Test: CTS passes
Change-Id: I9e7048bcffd6471ed6a42e5175cc678dc4ac3b96
Add support in the package installer to install dex metadata files
alongside the application apks (base or splits).
During installation or update the dex metadata files will need to have a
matching apk file. The matching is done by checking the file extension
(e.g. base.apk -> base.dm, split_a.apk -> split.dm).
On disk, the metadata files are placed next to the apks.
The .dm files will be used during install-time optimizations and passed
verbatim to dex2oat.
Test: adb shell am instrument -w \
1) adb shell am instrument -w \
-e class android.content.pm.DexMetadataHelperTest
com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
2) adb install-multiple CtsClassloaderSplitApp.apk
CtsClassloaderSplitApp.dm CtsClassloaderSplitAppFeatureA.apk
CtsClassloaderSplitAppFeatureA.dm CtsClassloaderSplitAppFeatureB.apk
3) gts-tradefed -m GtsAndroidRuntimeManagerHostTestCases
Bug: 30934496
Change-Id: I86f0a8307705ff3d6a5a85c2fcaae085dd62d4af
Logs are temporary and only used to try to catch problems with
the recent package manager refactoring. They will be reverted.
This reverts commit cdc2e6734e.
Bug: 63539144
Test: Manual. Builds, runs and shows debug output
Change-Id: I987e35a86253de04f809797d835bbf6a01dd8d03
The final, major refactoring for this release. Replace
scanPackageInternal() with addForInit(). This new method delegates
all modifications of the package setting object to the existing
scanPackageOnly() method.
There is one block of code where we modify the ApplicationInfo
object in the PackageParser.Package. It could be argued [and I would
agree] that the ApplicationInfo doesn't belong in the Pacakge
object at all. But, regardless, updating this info is being done
in addForInit(). It would be ideal if we could push this down to
scanPackageOnly(). Unfortunately, we expect the ApplicationInfo
to be updated correctly prior to scanPackageOnly().
Bug: 63539144
Test: Manual.
Test: w/ base image
Test: 1] upgrade OTA
Test: 2] clean flash
Test: w/ image containing additional applications
Test: 1] add a system application
Test: 2] add a system application w/ version installed on /data. version on /data has greater version code
Test: 3] add a system application w/ version installed on /data. version on /data has lower version code
Test: 4] add a system application w/ version installed on /data. version on /data has signature mis-match
Test: 5] remove a system application
Test: 6] remove a system application w/ upgrade installed on /data
Test: 7] update a system application
Test: 8] update a system application w/ upgrade installed on /data. version on /data has greater version code
Test: 9] update a system application w/ upgrade installed on /data. version on /data has lower version code
Change-Id: I00a6f1cd056d9e5ee81154a522b7d50ea9174273
This is the final change needed to remove the PARSE_IS_EPHEMERAL
flag and do instant app validation at install time instead of at
parse time.
Fixes: 68860689
Test: manual - Installed valid and invalid instant apps
Change-Id: I4d2de8e09d53e2fc3397e60700e7fa4d31b7bb29
EuiccCardManager is in the same path with EuiccManager.
EuiccCardController is in the same path with EuiccController.
Use getAllProfiles() as an example interface.
The implementation of EuiccCard and its content will be added in a
follow up CL.
The new API is marked as @hide and TODO for @SystemApi.
Bug: 38206971
Test: test on phone
Change-Id: I153937c0f79bdd1a00b06b234a6e254a3f43072c
Merged-In: I153937c0f79bdd1a00b06b234a6e254a3f43072c
EuiccCardManager is in the same path with EuiccManager.
EuiccCardController is in the same path with EuiccController.
Use getAllProfiles() as an example interface.
The implementation of EuiccCard and its content will be added in a
follow up CL.
The new API is marked as @hide and TODO for @SystemApi.
Bug: 38206971
Test: test on phone
Change-Id: I153937c0f79bdd1a00b06b234a6e254a3f43072c
