When an upgraded system-bundled app is reverted to the factory
version, we now maintain restricted profiles' access policies
w.r.t. that app.
Bug 8905395
Change-Id: I3f230ac3f70a77fb14c0180b44c9b42fc49250a2
We now keep track of all the threads that are stopped, and
print stacks for all of them. Also more threads are now adding
themselves to the watchdog.
Unfortunately the stack we get from threads is far less useful
than the stacks from the ANR report, because these don't include
any information about the lock the thread is blocked on and what
thread is holding that lock. For example, here is a test of the
log output from causing a hang in the system process:
W/Watchdog( 5205): *** WATCHDOG KILLING SYSTEM PROCESS: com.android.server.am.ActivityManagerService, main thread
W/Watchdog( 5205): foreground thread stack trace:
W/Watchdog( 5205): at com.android.server.am.ActivityManagerService.monitor(ActivityManagerService.java:14333)
W/Watchdog( 5205): at com.android.server.Watchdog$HandlerChecker.run(Watchdog.java:142)
W/Watchdog( 5205): at android.os.Handler.handleCallback(Handler.java:730)
W/Watchdog( 5205): at android.os.Handler.dispatchMessage(Handler.java:92)
W/Watchdog( 5205): at android.os.Looper.loop(Looper.java:137)
W/Watchdog( 5205): at android.os.HandlerThread.run(HandlerThread.java:61)
W/Watchdog( 5205): main thread stack trace:
W/Watchdog( 5205): at com.android.server.am.ActivityManagerService.broadcastIntent(ActivityManagerService.java:12252)
W/Watchdog( 5205): at android.app.ContextImpl.sendBroadcastAsUser(ContextImpl.java:1158)
W/Watchdog( 5205): at com.android.server.DropBoxManagerService$3.handleMessage(DropBoxManagerService.java:161)
W/Watchdog( 5205): at android.os.Handler.dispatchMessage(Handler.java:99)
W/Watchdog( 5205): at android.os.Looper.loop(Looper.java:137)
W/Watchdog( 5205): at com.android.server.ServerThread.initAndLoop(SystemServer.java:1050)
W/Watchdog( 5205): at com.android.server.SystemServer.init2(SystemServer.java:1125)
W/Watchdog( 5205): at com.android.server.SystemServer.init1(Native Method)
W/Watchdog( 5205): at com.android.server.SystemServer.main(SystemServer.java:1116)
W/Watchdog( 5205): at java.lang.reflect.Method.invokeNative(Native Method)
W/Watchdog( 5205): at java.lang.reflect.Method.invoke(Method.java:525)
W/Watchdog( 5205): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:774)
W/Watchdog( 5205): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:590)
W/Watchdog( 5205): at dalvik.system.NativeStart.main(Native Method)
I/Process ( 5205): Sending signal. PID: 5205 SIG: 9
Change-Id: I8ff9892d8d072d8dc599a73de4bdb75e3b1a6e97
Loading the avatar icons and drawing them into the sized bitmap
turns out to be quite expensive and the cost increases with number
of users. Caching them shaves off several hundred milliseconds from
Keyguard inflation time during user switching on the lockscreen.
For instance, 15ms vs. 750ms with 3 avatars on a certain 7" tablet.
Bug: 7986933
Change-Id: I3e2065bfa25aa263133ba204ca364c3b04d7c0ff
Also be sure to drop any pending package-changed broadcasts
that are targeted to a now-removed user.
Bug 8594153
Change-Id: Ib14874b4a67b968bbf6ca12ee095c85383aff324
...app storage size for apps w/ .so files
The lib directories are tagged with the apk install number,
so must be explicitly passed down to installd.
Change-Id: Ic37b03726f9a7405eb05956703f8198223b22595
I.e. don't bother trying to send a BOOT_COMPLETED broadcast to the
newly-installed/enabled system app when its host user isn't live.
Also use the static isSystemApp()-type helpers instead of duplicating
those tests locally.
Bug 8594153
Change-Id: I4bd0b86351d67f72c44eae8d1afce6a98f034d31
Specifically, send it a BOOT_COMPLETED broadcast just as it would have
received during device (or user) startup.
Bug 8594153
Change-Id: I847c16df56d038a25758e594f951bc15348edc19
Use a Bundle for persisting and passing to the application, but use a
list to return data back from an application that's exposing restrictions.
Changed the xml reading/writing code to store the value type in the Bundle
so that it can be reproduced when reading. Earlier we were assuming only
String and String[].
Bug: 8633967
Change-Id: I523d5553728edcf28a1e9d432f490b4956f34215
When an application's user data is cleared, the keystore entries need to
be cleared as well. Previously we were only clearing entries when the
application was uninstalled for all users. Now we cover the case of
multiuser as well.
Bug: 8566369
Change-Id: I201c92d0893f0d18e87970dcd59ef6cd904584dc
Created constants in current.txt and UserManager.java, modified restrictions access in UserManagerService.java.
Change-Id: If8d778d84af81dcbf5784f6e0afd9ef966cc8ecf
If someone explicitly installs an update to a system-bundled package,
we infer that this means they actually want to use the new code.
Bug 7467302
Change-Id: If2dc6f764bafbb3a5c94cbdd32273c030fd784b9
Some permissions are associated with gids, so we need to
kill any running processes if their permission is revoked.
We will do this for any permission being revoked, since
the association between gids and permissions can change
over time.
Change-Id: Ieb7408e032539c4f21eb089d65a7a7e6c289f010
/data/system is no longer the right location for mac_permissions.xml.
Remove it.
Change-Id: Iabefb734b40d6785013bd6f6427931939fd0648b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/data/security is now the preferred location for updated policy files.
Add it for mac_permissions.xml.
Separate change will remove the old /data/system location.
Change-Id: I2774661e84c858c9b698ec60e224bbbcdac732f3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
