Added a new InputManager service for interacting with input
devices and configuring them. This will be the focus of
an upcoming refactoring.
Added an API for registering keyboard layouts with the system
based on the use of a broadcast receiver. Applications can
register their own keyboard layouts simply by declaring a
broadcast receiver in their manifests.
Added the skeleton of a package that will ultimately contain
the keyboard layouts and other input device related resources
that are part of the base system.
Bug: 6110399
Change-Id: Ie01b0ef4adbd5198f6f012e73964bdef3c51805c
Promote navigation helpers from the support library to the core
platform.
The support library's meta-data element has been replaced with a
first-class parentActivityName attribute. This attribute is valid
on both activity and activity-alias elements. An activity-alias
will inherit the target activity's parentActivityName if one is
not explicitly specified.
Automatic Up navigation for Activities
Add the public method onNavigateUp() to Activity. The default
implementation will use the metadata supplied in the manifest about an
activity's hierarchical parent (parentActivityName) to do the right
thing.
If any activities in the parent chain require special Intent
arguments, the Activity subclass should override onNavigateUp() to
properly implement Up navigation for the app, supplying such arguments
as needed.
If automatic Up navigation within the same task can't find an activity
matching the supplied intent in the current task stack, it will act as
an in-app "home" and return to the root activity (presumably the app's
front page) in that task. (From this state, pressing "back" with
default behavior will return to the launcher.)
Change-Id: If163e27e59587f7af36975a09c986cb117ec3bc6
- introduce "supportsRtl" as a new application attribute in the AndroidManifest
- "supportsRtl" default value is FALSE (no RTL support)
- adapt the View layoutDirection and textDirection logic to take care of "supportsRtl" value
Change-Id: I5e4f9f576e14f35dedc6b0c29a7142c397f598e0
Broadcast intents that get sent out when users are added/removed/switched.
More work on generating user-specific information in package manager queries.
APIs to update user name and query a user by id.
Removed Package.mSetStopped and mSetEnabled, since they're not user specific.
User removal:
- Cleanup ActivityManager, PackageManager, WallpaperManager, AppWidgetService
and AccountManager.
- Shutdown processes belonging to the user.
Don't show vibrate option in long-press power if there's no vibrator.
Lock the screen when switching users, to force unlocking.
Change-Id: Ib23a721cb75285eef5fd6ba8c7272462764038fa
When sending SEND or SEND_MULTIPLE intents, copy any EXTRA_STREAM
Uris to ClipData and set GRANT_READ_URI_PERMISSION flag.
Bug: 6216357
Change-Id: I3c9b0d1d4b7e0c4655b47c4192150b0c3641e0e8
Using enableWriteAheadLogging() to enable WAL is inefficient because
we previously disabled WAL mode when the database was opened.
Switching from WAL to PERSIST then back to WAL is inefficient
and could slow down application launch time. It would be better
to leave the database in WAL mode when we open it to begin with.
To do that, we need to know ahead of time whether we will want to
have WAL enabled for the newly opened database.
Using this flag also reduces the chance that we will encounter
an error enabling WAL mode due to there being other open connections
to the database.
Bug: 6124556
Change-Id: I38ec7a528baeda9f1ef77e25e88b3ca4b6296200
Packages can be enabled/disabled per user.
This requires maintaining stopped/launched states and
enabled / disabled components and packages per user.
Refactored pm.Settings and PackageSettingsBase to keep
track of states per user.
Migrated the stopped-packages.xml to users/<u>/package-restrictions.xml
Changed intent resolution to handle individual user restrictions.
Bunch of IPackageManager calls now have a userId argument.
Make AppWidgetService handle removals of packages.
Added some tests for pm.Settings and PackageManager.
Change-Id: Ia83b529e1df88dbcb3bd55ebfc952a6e9b20e861
Store enforcement state of specific permissions, allowing them to be
selectively enforced. Currently supports READ_EXTERNAL_STORAGE, which
by default isn't enforced, but enforcement can be enabled at runtime.
Bug: 6131916
Change-Id: I4bcc215a2eb5e6507d6257b577311cbd13c77acf
New class lets you make an options bundle defining a custom animation,
as an alternative to Activity.overridePendingTransition().
Change-Id: I8e209bf52398a98ab9f1bcafa1ec0a580dae57c0
When enforcing ContentProvider permissions, mention which
<path-permission> caused the denial.
Bug: 6131916
Change-Id: I06ed461d188fc92c7ddc2acc92ec6169a7c9891a
If the remote end of a bulk cursor died, then it was possible
for getColumnNames() to return null, violating the invariant
that it never returns null. As a result, the application could
crash in strange ways due to an NPE.
Since we are often interested in the column names anyhow, prefetch
them when setting up the bulk cursor adaptor. This way, a
remote cursor will never return null even if the remote end died.
It is possible for an application to continue to use a remote cursor
even after the provider has died unless it needs to requery it
for some reason. Of course at that point, bad things will
happen... but usually the app is better prepared for it than
if it just randomly encounters a null array of column names.
This change also optimizes the bulk cursor adaptor to return the
initial cursor window back to the client, potentially saving
an extra RPC. Because the communication protocol between
the CursorToBulkCursorAdaptor and BulkCursorToCursorAdaptor was
getting a little hard to follow, introduced a new type called
BulkCursorDescriptor to hold all of the necessary parameters.
Deleted several unnecessary IBulkCursor methods that are never
actually called remotely.
Bug: 6168809
Change-Id: I9aaf6f067c6434a575e2fdbf678243d5ad10755f
Bug: 6156819 Contacts initial sync test fails
Earlier commit was incorrectly cloning the currentSyncs list, so it
wasn't being updated.
Change-Id: I23cea8a190127746e9a1218e7bfda630599cef17
This will be used to allow new features to be requested... such as,
say, a special kind of animation. Right now there are no options
defined.
Change-Id: I4eb6f27275cdd4bf186f6da316ab93a2372ad4b7
When accessing a ContentProvider that is unprotected by top-level
permissions, and caller doesn't hold a matching <path-permission>
permission, revoke the default top-level access.
This enables an otherwise unprotected provider to enforce permissions
on specific paths.
Bug: 6131916
Change-Id: Icab89f765ccd90b1acea6988b05f00877fe2c11e
Allows applications to propagate multiple URI grants through an
Intent.
Later on, we should probably redefine the share actions to be
based on this ClipData with the old extras-based approach only
there for compatibility. Even if we don't do that, though, this
allows you to do a multi-select share that grants multiple URI
permissions by stuffing the URIs in a ClipData.
Also add some documentation in various places telling people how
they can grant URI permissions.
Change-Id: Id4ba8e72c11caf7e1f1f438cb7af058d1586a37c
AccountManagerService
- Maintain multiple account lists, one per user
- Keep multiple databases of accounts
- Account db moved to /data/system/users/<userid>/
SyncManager
- SyncStorageEngine keeps track of multiple users' accounts.
- SyncQueue maintained as a single instance, queueing requests from
multiple users.
- Changed some methods to take userId arguments
- Removed some deadc0de
- Store the userId in the SyncOperation, so we know which provider
instance to bind to when queued operations are processed.
ContentService
- Pass along the userid to sync manager calls.
ActivityManagerService:
- Fixed a bug in cancelIntentSender
- Don't bring other user's task forward when resetting tasks.
Updated tests
Change-Id: If317340ef68e902787aa3f5ceb4cf96f14aea695
There are now some new trim memory levels that are sent to
non-background applications as RAM becomes low.
There is a new API for an application to retrieve information
about memory trimming and such on demand.
Fixed various checks against the memory trim level to be
robust (not compare against exact values).
Change-Id: Ifd1c6151124350168aef20a94e517166fd2e03eb
An "UpdateLock" works similarly to a wake lock in API: the caller is
providing a hint to the OS that now is not a good time to interrupt
the user/device in order to do intrusive work like applying OTAs.
This is particularly important for headless or kiosk-like products
where ordinarily the update process will be automatically scheduled
and proceed without user or administrator intervention.
UpdateLocks require that the caller hold the new signatureOrSystem
permission android.permission.UPDATE_LOCK. acquire() and release()
will throw security exceptions if this is not the case.
The "is now convenient?" state is expressed to interested parties
by way of a sticky broadcast sent only to registered listeners. The
broadcast is protected; only the system can send it, so listeners
can trust it to be accurate. The broadcast intent also includes a
timestamp (System.currentTimeMillis()) to help inform listeners that
wish to implement scheduling policies based on when the device became
idle.
The API change here is a tiny one: a dump(PrintWriter) method has been
added to the TokenWatcher class to facilitate getting information out
of it for dumpsys purposes. UpdateLock itself is still @hide.
Bug 5543442
Change-Id: I3709c831fc1883d7cb753cd2d3ee8e10a61e7e48
These are permissions that an application can request, but won't
normally be granted. To have the permission granted, the user
must explicitly do so through a new "adb shell pm grant" command.
I put these permissions in the "development tools" permission
group. Looking at the stuff there, I think all of the permissions
we already had in that group should be turned to development
permissions; I don't think any of them are protecting public APIs,
and they are really not things normal applications should use.
The support this, the protectionLevel of a permission has been
modified to consist of a base protection type with additional
flags. The signatureOrSystem permission has thus been converted
to a signature base type with a new "system" flag; you can use
"system" and/or "dangerous" flags with signature permissions as
desired.
The permissions UI has been updated to understand these new types
of permissions and know when to display them. Along with doing
that, it also now shows you which permissions are new when updating
an existing application.
This also starts laying the ground-work for "optional" permissions
(which development permissions are a certain specialized form of).
Completing that work requires some more features in the package
manager to understand generic optional permissions (having a
facility to not apply them when installing), along with the
appropriate UI for the app and user to manage those permissions.
Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
Some changes in AppWidgetService were interfering with widget permissions.
Added some hidden methods in Context to communicate the requesting user
information instead of using the calling uid.
Bug: 6019296
Change-Id: I5e519fd3fbbfa5b3fcc5c297b729c671dac8e7c7
- Allow each user to have their own wallpaper (live or static).
- Migrate old wallpaper on upgrade.
- Update SystemBackupAgent to backup/restore from primary user's
new wallpaper directory.
Reduce dependency on Binder.getOrigCallingUser() by passing the
userId for bindService.
Change-Id: I19c8c3296d3d2efa7f28f951d4b84407489e2166
SerialManager: provides access to serial ports
SerialPort: for reading and writing data to and from serial ports
IO with both array based and direct ByteBuffers is supported.
Accessing serial ports requires android.permission.SERIAL_PORT permission
Each platform must configure list of supported serial ports in the
config_serialPorts resource overlay
(this is needed to prevent apps from accidentally accessing the bluetooth
or other system UARTs).
In addition, the platform uevent.rc file must set the owner to the
/dev/tty* files to "system" so the framework can access the port.
Signed-off-by: Mike Lockwood <lockwood@android.com>
This reserves a range of uids (for each user) in which these processes
run. These uids are not associated with an application, so they
effectively run with no permissions. When a Service requests to
run in such a process through android:isolatedProcess="true", each
time it is brought up a new isolated process is started with its
own unique uid.
What we have so far gives us the basic infrastructure; more work
remains to further lock down what these uids have access to.
Change-Id: Ibfd27c75619cba61f528f46ede9113f98dc5f45b
Switching activity stacks
Cache ContentProvider per user
Long-press power to switch users (on phone)
Added ServiceMap for separating services by user
Launch PendingIntents on the correct user's uid
Fix task switching from Recents list
AppWidgetService is mostly working.
Commands added to pm and am to allow creating and switching profiles.
Change-Id: I15810e8cfbe50a04bd3323a7ef5a8ff4230870ed
