For several releases now we've told developers that sharing raw files
between apps is a recipe for trouble. There are at least three major
problems with sending raw files:
-- Apps sending generic intents can't know who is at the other end,
so they may not have access to shared storage locations. This is
more likely now that runtime permissions require apps to explicitly
ask users for permission.
-- Apps making files in their private storage world-readable has been
deprecated for several releases, and now in N it's fully blocked. If
we let these intents through, the receiving app would fail to open
the file, when the real blame rests on the sending app.
-- Devices with user profiles can't share raw files when using
cross-profile intent filters, since filesystem access is fully
locked down between users.
The time has finally come to communicate clearly that if you're
sharing content between apps, you need to use content:// Uris. We
added the simple FileProvider several years ago to give apps a clean
way to migrate with minimal work on their part.
Bug: 26860922, 9069185
Change-Id: I075f627f6a0d6c7fca2c090ca133b9aae9801c64
Telephony expsoses a getModemActivity() method, which BatteryStats
will poll when a change in network activity occurs (on the modem).
The time spent in various states (tx, idle, rx) are distributed amongst
the apps that did rx/tx traffic during that window.
Bug:23147562
Change-Id: I480a85df95786f87c382b96816fe2ed4bb2d5a42
Adds a new type of wakelock - SUSTAINED_PERFORMANCE_WAKELOCK. This
wakelock can only be acquired when the application is in the foreground.
And it is not effective when the application is no longer in the
foreground.
Acquiring this wakelock enables the Sustained performance mode which
guarantees a certain level of performance.
Bug: 22864186
Change-Id: Id0ececc756fe014779db6efde7aede23ea181dc5
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
It opens a an alert dialog that tells user application X is requesting
access to folder Y on volume Z; if user accepts, it returns the proper
URI, otherwise it returns RESULT_CANCELED.
The requested path must satisfy the following requirements:
1.It's directory (getName()) must be one of the pre-definied folders on
Environment.
2.It's root (getParent()) must be a valid external storage root.
In order to satisfy #2, DocumentsUI calls the ExternalStorageProvider,
through a custom call() implementation.
BUG: 23011462
Change-Id: I8e491e82ae320df88f7b8923286c4c1ad050ae80
The Storage Access Framework currently provides an
API (OPEN_DOCUMENT_TREE) that lets the user pick a directory to be used
by the application. Although this APIs is very powerful (for example, it
allows the user to create sub-directories, delete and share files,
etc...), it's too complex for simpler use cases like a camera
application trying to have access to the standard Pictures directory.
The new API (OPEN_EXTERNAL_DIRECTORY) simplifies this scenario by
letting the application select a standard, pre-defined directory (as
defined by android.os.Environment). The user still needs to grant access
to the requested directory, but the resulting UI will be simpler and
more straightforward.
Usage example:
// ...
int requestCode = 42;
Intent intent = new Intent(Intent.ACTION_OPEN_EXTERNAL_DIRECTORY);
intent.setData(Uri.fromFile(
new File(Environment.getExternalStorageDirectory(),
Environment.DIRECTORY_PICTURES)));
startActivityForResult(intent, requestCode);
// ...
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
if (resultCode != Activity.RESULT_OK) {
return;
}
Uri uri = data.getData();
int modeFlags = data.getFlags()
& (Intent.FLAG_GRANT_READ_URI_PERMISSION
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
getContentResolver().takePersistableUriPermission(uri, modeFlags);
}
BUG: 23011462
Change-Id: Ie832026532f74e681ef220b761667eb66ff3c8b0
Add serive "hardwareproperties" and methods getDeviceTemperatures,
getCpuUsages and getFanSpeeds to retrieve hardware properties:
device temperatures (CPU, GPU and battery), CPU usages and fan speeds.
This is a public API.
Bug: 22407109
Change-Id: If7efcbba7b160256d41704b60d93a7218dcc79d7
New API for an app to request creating a new user with
a given user name and seed account information for the
SetupWizard to use when that user is switched into.
Also adds system APIs to read the seed account data from
UserManager.
Bug: 22776757
Change-Id: I0bc3f11ee19c15e0ee2a908c88d98b13296cc30d
Before this change, scanning a package aggressively tried checking
to ensure that private app data was prepared. However, in an FBE
world we may not have access to that data at scan time. So this
change shifts the preparing of private app data until later: it
prepares DE storage when a user is started, and CE storage when a
user is unlocked. Wire ourselves into the user lifecycle so we can
prepare storage at both user start and unlock.
When DE/CE storage becomes available, this change reconciles any
found packages against known installed apps, and deletes any orphaned
data directories.
We now need to store the last-restorecon hash in an xattr on a
per-user directory basis, since we can't restorecon CE storage until
it's unlocked, or adopted storage until it's mounted. Remove a
bunch of used logic for loading dynamic SELinux policy at runtime;
our policy always comes from the system image.
Bug: 26466827, 26544104
Change-Id: I8d0a4ef862c35f4e4ef5c7f20d3bb8f12ba3fd4b
Changes made in the cl:
1. Let DeviceIdleController take listeners on whether background
maintanence services are active. This currently includes JobScheduler,
SyncManager, DownloadService. Note this is the last known
states reported by these services.
2. In JobScheduler, make the idle threshold and alarm window configurable.
So in the car case, we don't need to wait 71 mins after screen off
to kick off any jobs that require device idle.
-------------------------------------------------------------------
* We are not going to suppress JobScheduler, DownloadService, SyncManager
entirely while user is driving. Because apps may not be working properly if
these services are suspended.
* The jobs that we don't allow to run while driving are the
jobs submitted to JobScheduler that require device idle.
And this is already taken care of, because
screen is ON and JobScheduler will not consider the device to be idle
while driving (unless user turns off the head unit).
* We will need to give the JobScheduler a chance to run the device idle
jobs when car is turned off. This is the scope of GarageMode. If
DownloadService and SyncManager want to run, we will allow them to run
too.
* The headunit is treated as wall power device, so it's always charging.
The charging state will not toggle.
Change-Id: I55b92cf92efd61c48dd6c9b8197c2b68078a4439
Remove PersistableBundle.aidl from the Java framework, since it
has been moved to the native libbinder.
BUG: 26292234
Change-Id: Ia3dc49a3ad92f4c579e6dff0606c1db8fb3be76b
TEST: aosp_arm builds successfully.
Parse "SwapPss:" lines from /proc/pid/smaps if it exist, and store them
in a seperate stat entry.
Report SwapPss if made available by kernel, otherwise we fall back to
legacy Swap.
Fix getTotalSwappablePss documentation.
Change-Id: I361928c0f44c7dc9b959b91c127c916215063866
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Finish moving all UID/GID callers to single AIDL method that requires
callers to provide flags.
Triage AppWidgets and PrintServices, which currently can only live on
internal storage; we should revisit that later.
Fix two bugs where we'd drop pending install sessions and persisted
Uri grants for apps installed on external storage.
Bug: 26471205
Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd
Catch a bunch of simple cases where the PackageManager flags are
obvious. Add the ability to use the MATCH_SYSTEM_ONLY flag on
PackageInfo and ApplicationInfo queries.
Re-examine recent tasks after a user is unlocked, since some of the
activities may now be available and runnable.
Bug: 26471205, 26253870
Change-Id: I989d9f8409070e5cae13202b47e2c7de85bf4a5b
This gives callers the ability to request details for missing
packages. Also add annotations for userId and appId variables and
start tagging their usage.
Change-Id: I63d5d7f870ac4b7ebae501e0ba4f40e08b14f3f6
The exception is already caught by the try-catch block.
Change-Id: I0c10fe51d12a10cbc02a25c719d03a4ba6497767
Signed-off-by: Umair Khan <omerjerk@gmail.com>
am: e0e81bf407
* commit 'e0e81bf407508ec096c752948f8794af5fd480ca':
Special case system_server to not create the JIT code cache.
Don't use IntegralToString
Track libcore commit 85d69e16fe1e59e50c1ad228e754abf325088362.
Track API changes to java.lang.ref.Reference.
Remove merge markers from preloaded-classes
Move StrictJarFile from libcore to framework
Switch RecoverySystem impl to use sun.security.pkcs
API update for OpenJdk based libcore
Use libcore/known_oj_tags for the javadoc stage.
Stop preloading fortress classes
Use HexDump instead of java.lang.IntegralToString
Add core-oj to the list of core library jars.
The user restriction DISALLOW_MODIFY_ACCOUNTS and the policy
DPM.setAccountManagementDisabled can now be circumvented by a device
or profile owner. This allows the device or profile owner to add
accounts without briefly having to remove the policy.
Bug: 22030831
Change-Id: I2b59c4b3ad354287d7a00f21b2afef072d12517d
Due to org.apache.harmony.security package removal,
RecoverySystem#verifyPackage was rewritten to use
sun.security.pkcs package for verifining package
signature.
(cherry picked from commit 9ad08ec5be)
Change-Id: I04848ad8f045f87224f9d30ff8dd745aac6d08fd
The CL lets MountService to observe device FD, and request unmount to
vold when the device FD was closed, or remote application providing
appfuse is crashed.
BUG=25756420
Change-Id: I7990694d32affa7f89e3f40badb25098d74d744d
There is a race when starting a non-encryption-aware launcher before
we've gone through the user lifecycle to enter the "running unlocked"
state. This can cause the launcher to choke when it's denied access
to widgets that are still considered locked.
For now, relax the notion of a user being unlocked to reflect the
on-disk state, instead of looking at the user lifecycle.
Also add logging of encryption commands.
Bug: 26267450
Change-Id: Ie330d07418cf10413e0b4380f6d6781684f01952
Only create UserState objects when a user has been unlocked, meaning
we can connect to the spooler. Ignore package events that occur
while a user is locked, since we'll kick off updateIfNeededLocked()
when that user is eventually unlocked.
In all other cases, throw if someone tries obtaining UserState for
a still-locked user. This should help catch any edge cases in the
system, and communicate clearly through public APIs that printing
isn't available until the user is unlocked.
Bug: 26246836
Change-Id: If15744621890baee206d355484fe20933afc65d8
