When creating or renaming files on external storage, sanitize the
requested display names to be valid FAT filenames. This also fixes
a handful of directory traversal bugs.
Also relax logic around generating display names to allow any
extension which maps to the requested MIME type. Tests to verify.
Bug: 18512473, 18504132
Change-Id: I89e632019ee145f53d9d9d2050932f8939a756af
Define and print a compact version of network statistics when dump
is requested with the "--checkin" flag. Defaults to last 24 hours,
but included data can be tweaked with various flags.
Groups together detailed network identities into larger umbrella
terms like "mobile" and "wifi."
Bug: 18415963
Change-Id: I70cf9c828ea5c6e5bb6884837d3608f66fbad2e6
There was a window of time in Lollipop where we persisted certificates
after they had passed through a decode/encode cycle. The well-written
OpenSSL library was liberal when decoding (allowing slightly malformed
certs to be parsed), but then strict when encoding, giving us
different bytes for effectively the same certificate.
A related libcore change (0c990ab4a90b8a5492a67b2b728ac9a4a1ccfa1b)
now returns the original bytes verbatim, fixing both pre-Lollipop
installs and installs after that change.
This change recovers any apps that had been installed during the
window of time described above by doing a one-time check to see if
the certs are effectively equal.
Bug: 18228011
Change-Id: Ib82bd6db718d0490d7a26c9c1014b7c8457a7f2d
Mostly just getting them running again, still a few failures related
to native library symlinks that need more investigation.
Bug: 18048725
Change-Id: I4642adab9fb2b9ec1488b700edcee48c09e36005
This is necessary/desired for two reasons:
1. UX around network scoring shipped with L despite lacking underlying
platform support. We do not want network scoring applications to
trigger this UX on L devices, and therefore we must break the contract
of what defines a network scorer so that apps build against the new
contract don't trigger the old UX.
2. As a start towards generalizing the term "score" for a potentially
broader role in the future, though that role is very much undefined.
Bug: 18160480
Change-Id: If228977513e32e45bc44dbeda24aa18436fdfca6
If the kernel sends notification of an optimistic address then
treat is a useable address (isGlobalPreferred()).
Note that addresses flagged as IFA_F_OPTIMISTIC are
simultaneously flagged as IFA_F_TENTATIVE (when the tentative
state has cleared either DAD has succeeded or failed, and both
flags are cleared regardless).
Additionally: do not consider RFC 4193 ULA addresses sufficient
for "global preffered". They are, by definition, of global scope
but not sufficient for global reachability.
Bug: 17769720
Change-Id: I759623b28fd52758f2d4d76d167f3cafd9319d6a
This simplifies callers.
Also remove all "implementations" of addStackedLink and
removeStackedLink except the one in LinkProperties, because they
are unused.
Bug: 12111730
Change-Id: Ie294b855facba4b1436299dcb3211b72d9ba448e
Specifically:
[1] provide a hasIPv4(), and
[2] a hasIPv6()
each of which requires an IP address, a default route, and
address-family-specific DNS servers to evaluate to true.
Additionally:
[3] redefine isProvisioned() to return the logical OR
of [1] and [2] above.
Any external caller can still use any of the has*() methods to
construct its own, different definition of "provisioned".
Bug: 17769720
Change-Id: Ia692fb8508484ff403d3920c94d0e1db4563f807
For now, only animators use it but we can consider migrating
drawable cache to it as well.
Bug: 17456416
Change-Id: I571b96856805edb171f0fc52e6bff5a365f46b70
Internal logic relies on Arrays.copyOf(), so always give ourselves
valid arrays, using shared empty objects to save overhead.
Bug: 17502649
Change-Id: I5dbb00545bdfe45bbd48144ab505ea08cc92cbcd
Sessions can now zero-copy data directly into pre-allocated ASEC
containers. Then at commit time, we compute the total size of the
final app, including any inherited APKs and unpacked libraries, and
resize the container in one step.
This supports both brand new ASEC installs and inheriting from
existing ASEC installs. To keep things simple, it currently requires
copying any inherited ASEC contents, but this could be optimized in
the future.
Expose new vold resize command, and allow read-write mounting of ASEC
containers. Move native library extraction into the installer flow,
since it needs to happen before ASEC is sealed. Move multiArch flag
into NativeLibraryHelper, instead of making everyone pass it
around. Migrate size calculation to shared location.
Separate "other" package name in public API, provide a path to a
storage device when relevant, and add more docs.
Bug: 16514385
Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456
This addresses a TODO and also makes it possible to create
routes to destinations that are not valid LinkAddresses, such as
multicast addresses.
Bug: 16875580
Change-Id: Id4c77b00dc3064bf27d78cdcbbe035e645748cfe
Anything which tests public API functionality will be moved to a
compatibility test suite.
The only remaining test is NetworkScorerAppManagerTest, which contains
unit tests for an internal helper class that is not (and should not
be) exposed via @SystemApi or otherwise.
Bug: 16355542
Change-Id: I478da97d3a4d09407992af37e45466dc484fa8cf
Separate definition of public keys and keysets in the manifest to better
represent their relationship. The 'key-set' tags should have nested additional
'public-key' tags that indicate which of the defined 'public-key' tags are
associated with them. The first use of a given 'public-key' name should define
its value; subsequent uses may refer to it only by name. 'key-set' and
'public-key' names may not intersect.
Also, change 'keys' tag to 'key-sets' to avoid issues with previous keysets
implementation.
Bug: 6967056
Change-Id: I7534e4a42326e97b67b55509187c0d3c21a2bb32
Introduces the upgrade-keyset tag to AndroidManifest.xml. This specifies a
KeySet by which an apk must be signed in order to update the app. Multiple
upgrade KeySets may be specified, in which case one of them must be used to
sign the updating apk. If no upgrade-keyset is specified, the current logic
involving signatures is used.
Current Key Rotation Design Decisions:
-Apps using a shared user id may not rotate keys.
-All acceptable upgrade keysets must be specified, including the key signing
the app. This enables key rotation in one update, but also 'locks' an app if
an incorrect upgrade keyset is specified.
-Minimal changes to existing KeySet code.
Bug: 6967056
Change-Id: Ib9bb693d4e9ea1aec375291ecdc182554890d29c
A candidate scorer may have an activity registered to listen for the
ACTION_CUSTOM_ENABLE intent action. If so, when the user attempts to
select this scorer as the active one, this custom activity will be
launched and will be responsible for requesting that the framework
activate the scorer. This is to enable more complex opt-in flows prior
to becoming the active scorer.
Scorers which do not specify this activity will default to using the
framework switcher (currently ActiveNetworkScorerDialog, though this
may change).
Note that all switches must still go through the framework switcher;
the opt-in activity simply allows scorers to first show another screen
and perform the framework switch on their own terms.
Bug: 15775314
Change-Id: I3847e5d3161a8fcc9622abc03218795697c32778
Allows scorer apps to set a custom name for the scoring functionality,
even if the app has other non-scoring responsibilities, in which case
the application's label would be too generic.
Bug: 15775300
Change-Id: I61a7d1966742d463508e6801b7845ced8392db84
In IPv4, a link is provisioned when DHCP succeeds. In IPv6, a
there is no such signal, because addresses and DNS servers can
be notified by the kernel at different times.
Add an isProvisioned method that returns true if we believe that
enough information has configured to use a network. For IPv6,
this requires an IP address, default route, and DNS server. For
IPv4, this requires only an IPv4 address, because we support
static configuration that doesn't have a default route or DNS
server.
To do this we use the existing hasIPv4Address method, rename the
all-but unused hasIPv6Address method to hasGlobalIPv6Address
(which is what we want anyway) and add new hasIPv[46]DefaultRoute
and hasIPv[46]DnsServer methods.
Bug: 9180552
Change-Id: Ib2f5ff8af920f7b6f1edf0e2afaaa0edce9bc72d
1. Realize that mDestination can never be null and update the
code accordingly.
2. Simplify isDefaultRoute.
3. Provide two new hidden utility methods, isIPv4Default() and
isIPv6Default(), that can be used by LinkProperties to
to determine if the system has connectivity.
4. Update tests.
Bug: 9180552
Change-Id: I85028d50556c888261d250925962bdedfe08e0c6
Require that method callers always provide relevant paths, instead of
relying on constructor. Move DisplayMetrics to be an overall parser
parameter, and move PARSE_TRUSTED_OVERLAY to flags.
Parse split APKs and apply deterministic ordering based on split
names. Assert consistent package name and version code across all
split APKs in a package, and enforce unique split names and required
base APK.
Collect certificates for split APKs, enforcing they're all signed
consistently. Better flow control and resource cleanup when
collecting certs. Refactor validation code so it's easier to reason
about. Cleaner maintenance of read buffer when draining stream
contents.
Change-Id: I8bc8c62095fbb933227b9e76ad8771f4b1246fe8
1. Allow IpPrefixes to be created from strings. In order to do
this, factor out the code from LinkAddress which already does
this to a small utility class in NetworkUtils.
2. Truncate prefixes on creation, fixing a TODO.
3. Add a toString method.
4. Write a unit test.
While I'm at it, make RouteInfoTest pass again, and convert it
to use IpPrefix instead of LinkAddress.
Change-Id: I5f68f8af8f4aedb25afaee00e05369f01e82a70b
It previously kept mPath separate from mScanPath for some very odd
edge cases around moving apps-on-SD. This changes it to always use
a single path, refactors moving to keep separate paths.
Refactors method names in PackageParser to be clearer about their
APK-versus-package relationship.
Beginnings of a split package parser. Instead of requiring that
callers check error codes when null, switch to always throwing on
parse errors, to require that callers deal with the error. Longer
term the entire parser should switch to this style, but its too
pervasive for a simple refactoring.
Change-Id: If071d8e55e46e56cc201fadfb51cb471713ae973
If these constants are zero (or, rather, if they're not all
different), the test will fail with more cryptic error messages
whose cause is not obvious. Clearly check for that here.
Bug: 15602893
Change-Id: I7ca4a9c5e3d592fd93fbfa1b50666a1861a0031d
This change uses IpPrefix only in the public API and continues
to use LinkAddress for everything else. It does not change the
callers to use the new APIs, with the exception of changing
all current uses of getDestination to getDestinationLinkAddress
to make room for the new getDestination method that returns an
IpPrefix.
Based on Sreeram's earlier change:
https://googleplex-android-review.git.corp.google.com/#/c/477874/
but a bit simplified and with a bit more documentation.
Bug: 15142362
Bug: 13885501
Change-Id: Ib4cd96b22cbff4ea31bb26a7853989f50da8de4e
(cherry picked from commit 7d3b4b9a3d4de9673119632da0ebd583e50126f7)
1. Rename getNetworkPrefixLength to getPrefixLength. Update all
callers in frameworks/base and add a shim method and a TODO
for the rest.
2. @hide isSameAddressAs. It doesn't add much, and it's just
one-liner that callers can implement if they want.
3. Fix the alignment of the initial paragraph (<ul> should have
been </ul>).
4. Remove the documentation that talks about creating
LinkAddresses, since there's no public API for creating them.
With these changes I think LinkAddress is fine as a public API.
Bug: 15142362
Change-Id: Iaf3b1db577745bb68a9e1dd7f96d666dd3f3ec7c
(cherry picked from commit 9ab53650cfcd91a2a151b44b3fd1381841f76269)
1. Rename getNetworkPrefixLength to getPrefixLength. Update all
callers in frameworks/base and add a shim method and a TODO
for the rest.
2. @hide isSameAddressAs. It doesn't add much, and it's just
one-liner that callers can implement if they want.
3. Fix the alignment of the initial paragraph (<ul> should have
been </ul>).
4. Remove the documentation that talks about creating
LinkAddresses, since there's no public API for creating them.
With these changes I think LinkAddress is fine as a public API.
Bug: 15142362
Change-Id: Iaf3b1db577745bb68a9e1dd7f96d666dd3f3ec7c
This change uses IpPrefix only in the public API and continues
to use LinkAddress for everything else. It does not change the
callers to use the new APIs, with the exception of changing
all current uses of getDestination to getDestinationLinkAddress
to make room for the new getDestination method that returns an
IpPrefix.
Based on Sreeram's earlier change:
https://googleplex-android-review.git.corp.google.com/#/c/477874/
but a bit simplified and with a bit more documentation.
Bug: 15142362
Bug: 13885501
Change-Id: Ib4cd96b22cbff4ea31bb26a7853989f50da8de4e
Adds methods for dealing specifically with long data types. Used by
PackageKeySetData as part of the KeySet work. Add appropriate test methods
to MoreAsserts as well.
Bug: 6967056
Change-Id: I1e263301b353e0cd1b45126be6ef5ec310f311a8
Installers are interested in both streaming APK data and establishing
a happens-after relationship to support resuming downloads after a
process kill or battery pull.
This exposes a generic OutputStream for writing, and hooks up flush()
to be a blocking call which returns only when all outstanding write()
data has been fsync()'ed to disk.
Tests to verify behavior.
Bug: 14975160
Change-Id: I38289867c80ac659163bb0c2158ef12d99cc570d
A network subsystem (e.g. Wi-Fi) will be responsible for implementing
INetworkScoreCache. NetworkScoreService will load caches for each
configured network subsystem. When it receives a call to update
scores, it will separate the networks by type and call updateScores on
the appropriate INetworkScoreCache.
Each subsystem will also be responsible for requesting scores for new
networks by calling NetworkScoreManager#requestScores.
Bug: 14408144
Bug: 14137255
Change-Id: I76e5e5205bc359c39d6b9c1782126fb7f465cd96
