We couldn't put forward-locked apps in ASEC containers before since we
didn't have any permissioned filesystems. This adds the ability for
forward-locked applications to be in ASEC containers.
This means that forward locked applications will be able to be on the SD
card now.
This change also removes the old type of forward-locking that placed
parts of apps in /data/app-private. Now all forward-locked applications
will be in ASEC containers.
Change-Id: I17ae0b0d65a4a965ef33c0ac2c47e990e55707ad
Since we control system services, we can ensure they are using little
data when data usage is globally restricted. Continue restricting
AID_MEDIA and AID_DRM, since they respond to app requests.
Bug: 6377903, 5772564
Change-Id: I196bf334f903397ea6a67e6802240ee792e47b54
Bug #6365056
WebView enqueues a functor in the hardware renderer to handle
animations and this functor is called at a later time by the
hardware renderer. However, the functor was not removed from
the queue when WebView was removed from the window. This could
cause the hardware renderer to attempt to execute an invalid
functor and lead to a crash.
Change-Id: I9d38e80f3fdc5e29d4d0cdfa1e893c251a954508
The C++ API for scheduling groups is going away, so use the C API.
Renumber THREAD_GROUP_* constants to have the same values as SP_*.
They are @hide so this should be OK.
The old THREAD_GROUP_FG_BOOST constant is removed, and replaced by a
(private) THREAD_GROUP_FOREGROUND constant that is just a placeholder
to correspond to SP_FOREGROUND. It is not usable at this level.
Improved performance of android_os_Process_setProcessGroup:
avoid unnecessary syscall to getpriority for each tid.
Fixed error handling in android_os_Process_setThreadGroup.
It raises an exception if set_sched_policy() returns an error.
Add comments and fix typos in existing comments.
Change-Id: Ib922e92c945985c695ef0addbd2b83b8e82865f8
Added two public methods to Debug. These methods return a String
indicating the caller (getCaller()) or callers (getCallers(int depth))
of the calling method. The String indicates the class, method and line
number of the caller(s). Similar to using Throwable.fillInStackTrace()
but much more concise.
Change-Id: I53d0085aa50e4501d28e8eb3ad5b91ef700ac218
Added a getVibrator() method to InputDevice which returns a Vibrator
associated with that input device. Its uses the same API as the
system vibrator which makes it easy for applications to be modified
to use one or the other.
Bug: 6334179
Change-Id: Ifc7f13dbcb778670f3f1c07ccc562334e6109d2e
Moved the core logic of Vibrator into SystemVibrator, potentially
allowing for the creation of other Vibrator subclasses.
Fixed several places where we were creating new Vibrator
instances unnecessarily instead of getting it from the Context.
It is safe to make Vibrator abstract because its constructor
was hidden from the SDK so it was not possible to subclass it.
Bug: 6334179
Change-Id: I18ece6544c26a7efb2d5099f8346a10aef8a5e18
When sending SEND or SEND_MULTIPLE intents, copy any EXTRA_STREAM
Uris to ClipData and set GRANT_READ_URI_PERMISSION flag.
Bug: 6216357
Change-Id: I3c9b0d1d4b7e0c4655b47c4192150b0c3641e0e8
To support multi-user, store network policy per-appId and expand to
apply rules to all UserInfo on device.
Bug: 6140462
Change-Id: Ic0866b4d41c8c60cc1c0a597f0de927b92b65b1e
Packages can be enabled/disabled per user.
This requires maintaining stopped/launched states and
enabled / disabled components and packages per user.
Refactored pm.Settings and PackageSettingsBase to keep
track of states per user.
Migrated the stopped-packages.xml to users/<u>/package-restrictions.xml
Changed intent resolution to handle individual user restrictions.
Bunch of IPackageManager calls now have a userId argument.
Make AppWidgetService handle removals of packages.
Added some tests for pm.Settings and PackageManager.
Change-Id: Ia83b529e1df88dbcb3bd55ebfc952a6e9b20e861
The VPN user ID is defined in android_filesystem_config.h as 1016. Add
it to android.os.Process so it can be referred to in Java code.
Change-Id: If3da3765747afda4e5e0761e289c45eebc7cddd5
StrictMode posts a message to estimate how long the main thread was
blocked during a violation. Currently, any pending messages are
counted against the violation. To avoid this, switch to using
postAtFrontOfQueue().
Bug: 6119289
Change-Id: I94530632ca678b78b75a698cf9193641b102be9a
Instead of using parcelForJavaObject(), pass down the mNativeObj
pointer explicitly. Benchmarks show that writeInt() is roughly 3x
faster with this approach.
Change-Id: I24ca235c334c44be716070aa8066ec8a429eadb7
Add Closeable to ParcelFileDescriptor, and always close any incoming
PFDs when dumping.
Bug: 6106309
Change-Id: I25b465692d5e1da0a5980a307cb48a058bc2bca7
When tearing down any leaked BroadcastReceiver or ServiceConnection
Context registrations, report through StrictMode.
Bug: 6084353
Change-Id: I5e78039299e2c9c1440cd1fd09317da78ffee82a
An "UpdateLock" works similarly to a wake lock in API: the caller is
providing a hint to the OS that now is not a good time to interrupt
the user/device in order to do intrusive work like applying OTAs.
This is particularly important for headless or kiosk-like products
where ordinarily the update process will be automatically scheduled
and proceed without user or administrator intervention.
UpdateLocks require that the caller hold the new signatureOrSystem
permission android.permission.UPDATE_LOCK. acquire() and release()
will throw security exceptions if this is not the case.
The "is now convenient?" state is expressed to interested parties
by way of a sticky broadcast sent only to registered listeners. The
broadcast is protected; only the system can send it, so listeners
can trust it to be accurate. The broadcast intent also includes a
timestamp (System.currentTimeMillis()) to help inform listeners that
wish to implement scheduling policies based on when the device became
idle.
The API change here is a tiny one: a dump(PrintWriter) method has been
added to the TokenWatcher class to facilitate getting information out
of it for dumpsys purposes. UpdateLock itself is still @hide.
Bug 5543442
Change-Id: I3709c831fc1883d7cb753cd2d3ee8e10a61e7e48
Use PowerHAL to set system awake/suspend state.
Change-Id: If58a6f548564ea141b68f304455997d9ff04eace
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Instead of acquiring and releasing a barrier using an up/down
counter, we post a message to the queue that represents the
barrier. This is a more natural representation of the barrier
and better matches what we want to do with it: stall messages
behind the barrier in the queue while allowing messages earlier
in the queue to run as usual.
Refactored the MessageQueue a little bit to simplify the quit
logic and to better encapsulate the invariant that all
messages within the queue must have a valid target. Messages
without targets are used to represent barriers.
Bug: 5721047
Change-Id: Id297d9995474b5e3f17d24e302c58168e0a00394
Add classes to handling binder marshalling to and from the native
common_time interfaces (config and clock)
Change-Id: I04fc429d9af27736c4f7f9b5468011ffdd4d7eaa
Signed-off-by: John Grossman <johngro@google.com>
The synchronization barrier enables selectively blocking
execution of synchronous messages until the barrier is released.
Asynchronous messages may continue running in the meantime.
The barrier is intended to be used to implement more sophisticated
scheduling policies related to view hierarchy traversals. While
traversals are pending, most messages posted to the message queue
must be held up. This is to satisfy the invariant that traversals
will occur before subsequently posted messages are handled.
The exception to this rule are "asynchronous" messages that represent
external events or interrupts that come from other components such
as VSYNC pulses, input events or sensor events. Because these messages
are typically delivered at arbitrary times, they are independent of
traversals or other typical synchronization boundaries.
Messages can now be flagged as asynchronous to indicate that they
are weakly ordered.
Bug: 5721047
Change-Id: I1446dcfbc896f33b48355adc28967ace8c8c9b9b
- Allow each user to have their own wallpaper (live or static).
- Migrate old wallpaper on upgrade.
- Update SystemBackupAgent to backup/restore from primary user's
new wallpaper directory.
Reduce dependency on Binder.getOrigCallingUser() by passing the
userId for bindService.
Change-Id: I19c8c3296d3d2efa7f28f951d4b84407489e2166
Using the same convention in system_init.cpp, you can disable these
services by setting system properties:
system_init.startaudioservice=0
system_init.startmountservice=0
Signed-off-by: Mike Lockwood <lockwood@android.com>
Services now must explicitly opt in to being accessed by isolated
processes. Currently only the activity manager and surface flinger
allow this. Activity manager is needed so that we can actually
bring up the process; SurfaceFlinger is needed to be able to get the
display information for creating the Configuration. The SurfaceFlinger
should be safe because the app doesn't have access to the window
manager so can't actually get a surface to do anything with.
The activity manager now protects most of its entry points against
isolated processes.
Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
This reserves a range of uids (for each user) in which these processes
run. These uids are not associated with an application, so they
effectively run with no permissions. When a Service requests to
run in such a process through android:isolatedProcess="true", each
time it is brought up a new isolated process is started with its
own unique uid.
What we have so far gives us the basic infrastructure; more work
remains to further lock down what these uids have access to.
Change-Id: Ibfd27c75619cba61f528f46ede9113f98dc5f45b
