When hidden PackageManager methods take a userId argument, they
should be named explicitly with the "AsUser" suffix. This fixes
several lagging examples so that we can pave the way to safely
start passing flags to new methods without scary overloading.
Also fix spacing issues in various logging statements.
Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
Verifiers or installers may not be encryption-aware, or the user may
have disabled them, so we probe pretty deeply during system boot to
resolve them. Use the new MATCH_SYSTEM_ONLY flag to limit results to
packages on the system image.
When there are multiple matches, pick the one with highest priority
instead of crashing the system.
Switch to updated MATCH_ constants in more places.
Bug: 26250295
Change-Id: Ia7a3b1fb74da6c3b9d2c2edbf1deaa9fb52fc40a
Caching against resource ID leads to incorrect cache hits, since multiple
files (ex. within drawable-mdpi, drawable-ldpi) may map to the same ID.
Also adds nullability annotations.
Bug: 26400880
Change-Id: I4d83caf3c44dc9b546511753e9e72171e8850eb2
Moving forward, all client file access really needs to be going
through explicit APIs like openFileDescriptor(), since that allows
the provider to better protect its underlying files.
This change also changes several classes to use the AutoClosable
pattern, which enables try-with-resources usage. Older release()
methods are deprecated in favor of close().
Uniformly apply CloseGuard across several classes, using
AtomicBoolean to avoid double-freeing, and fix several resource
leaks and bugs related to MediaScanner allocation. Switch
MediaScanner and friends to use public API instead of raw AIDL calls.
Bug: 22958127
Change-Id: Id722379f72c9e4b80d8b72550d7ce90e5e2bc786
Intercept calls to start activities from the recents
stack and show the Work Challenge if needed. This requires
passing the taskId to ConfirmDeviceCredential so it can
launch the recents task itself when the credentials are
confirmed.
Change-Id: I013b134f3f31a35b551ad683c68cc89b8af44499
In practice, a lot of apps provide English resources as their default
resources, so assume that English is always supported.
With this change, users can safely set secondary locales after
English in their preferred locale lists. Such settings would help
the apps (and parts of the system that are aware of multiple locales)
consider the user's familiarity with the secondary locale or the
user's preference for glyphs forms in the secondary locale. This
change makes sure that no app unintentionally switches to such
secondary locales.
Note that this doesn't break from the tradition of previous releases.
Traditionally, if the user had set the system locale to English, they
would get the default resources when the app didn't explicitly
provide English resources. This will continue to be the case where
the user's locale list has English in it before another supported
language. (English will be the first locale in most cases.)
Bug: 26192817
Change-Id: I2c1a003760299157786c1b3f9fb116ce18db3b8c
Allows an activity to always be focusable regardless of if it is in a
stack whose activities are normally not focusable. For example, activities
in pinned stack aren't focusable. This flag allows them to be focusable.
Also, changed ActivityInfo.#{resizeable, supportsPip} to use flags.
Bug: 26273032
Bug: 26034613
Change-Id: I8c63e6d3256757e2e6931e08b8a65269f5169d35
Also:
1. Add AssetManager method for finding non-system locales: This is
used in per-app locale negotiation. (Normally,
AssetManager#getLocales() returns both system and non-system
locales.)
2. Match pseudolocales correctly in locale negotiation.
Bug: 25800576
Bug: 26236938
Change-Id: I116caf3a91c290deb4ad68b291c65b7035b18dd4
When an APK is being installed, the full path to the file is
occasionally passed between processes. To detect changes to the file
during these handovers, the digest of the AndroidManifest.xml entry
could be passed around as well.
This security feature is no longer used and is no longer needed. APKs
should be installed using the modern Package Installer API
(android.content.pm.PackageInstaller).
Bug: 24542768
Change-Id: I2762634c85448e7adcd47ffc9a5294c021e127bd
Many places across the platform query package details without
gracefully handling packages or components that go missing for
various reasons. This can cause annoying user data loss, such as
resetting back to built-in apps or dropping of accounts, etc.
This change verifies that system callers have thought about these
edge cases by logging if they use default matching behaviors without
explicitly marking themselves as being "triaged." (The logging is
currently disabled by default.)
Also creates explicit definitions of supported flags for various
incoming PackageManager calls, and defines a clear distinction
between flag types:
-- GET-style flags are used to request additional data that may have
been elided to save wire space.
-- MATCH-style flags are used to include components or packages that
would have otherwise been omitted from a result set by current system
state.
There are a handful of existing GET flags that better fit under the
MATCH definition, so this change clones them to new constants and
marks the old ones as deprecated.
Fixes bug in JobSchedulerService to consider jobs from apps on
external storage. Revert some dialer behavior back to being
untriaged.
Change-Id: I9b6ab0968241e3479bddbd78de0c51e3b9917318
When a user is started, but a persisted job component doesn't appear
in the normal resolution list, we avoid enqueuing the job. Later
when the user is unlocked, we take another pass over the pending
jobs to see if they became available.
Load keyboard layouts from XML metadata regardless of crypto status,
since we don't need to spin up any remote code.
Add MATCH_SYSTEM_ONLY to make system logic easier to write when
looking for trusted components.
Sprinkle more annotations on ArrayUtils methods.
Bug: 26279465
Change-Id: Iec28e0bb46862b07d740b12a79f6360de68dab0f
Create distinct flags for encryption aware, unaware, and both, and
name them like the other MATCH_ flags.
Start adding logic to help triage all system internal callers to
verify that they've done their homework and thought about how to
handle apps while locked. Call sites in the system should either
ask for explicit matching behavior, or explicitly use the DEFAULT
match flag to indicate that they've been triaged to use the
default state-based matching.
Bug: 26250295
Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107
- Implement a "VR mode" that may be enabled by a focused Activity.
- Add a system service that tracks the current VR mode state and notifies
other core framework services of mode changes.
- Extend NotificationListenerService to allow the bind/unbind lifecycle
of specified listeners to be triggered by system events.
Bug: 22855417
Bug: 25479708
Change-Id: I1ac8692bbb5521bb6c7cfb9d2b56b98b720f8568
Rename DropPermissionHolder to DropPermissions and move
all server-side implementation details into a separate class.
Rename DragEvent.getDropPermissionHolder to
requestDropPermissions and make it take the permissions
implicitly.
Change-Id: Ia83f7cb8af07ce13ba9536d24b0f9d63331d8736
Refactors to getResourcesInternal() and calls that from both methods.
Adds documentation on Context.getResources() and getAssets() that the
instances returned should be consistent with each other.
Bug: 26228895
Change-Id: I41b09f1e9a3a0315bcdf1c08a7b431a9a697bb6f
Adds APIs in DevicePolicyManager and PackageManager for allowing
a device admin to suspend a package. PackageManagerService sets
or unsets a new PackageUserState 'suspended' setting. Terminal
command to suspend/unsuspend has been added via
PackageManagerShellCommand (as root).
Next steps:
* use the new 'suspended' setting for denying access to start app
(probably in ActivityStackSupervisor)
* broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up
* remove app from recents (go further and kill it if it is running)
* erase existing notifications for this app
Bug: 22776576
Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
This API is intended for side-by-side mode, so that when a new activity
is launched, it will show up on the other side instead of covering the
launching activity.
Bug: 26141281
Change-Id: I97d7f2f48d42a31cfb1a86821474582b9c5d9e45
Indicating that a device supports picture-in-picture
multi-window mode.
Also allow activities to be in Pip mode if force resizeable
is enabled.
Bug: 25580820
Bug: 26187878
Change-Id: If80edfee39ece5a51d21040e4d3a8a9135aa1783
When set, signals that the application is required for the system user and
should not be uninstalled.
Bug: 25616324
Change-Id: Idbbd1618e09c40bdb83fa26c0a3d9662dd73bea4
Provide the ephemeral installer with some additional pieces of information:
1) instead of de-referencing the URL a second time, give the installer the
exact package name
2) instead of relying on ephemeral apps to define verified links, give the
installer a pending intent to launch when the ephemeral is installed
3) give the installer a pending intent to launch if the installer fails,
for whatever reason, to install the ephemeral app
Bug: 25119046
Change-Id: I45f50481caee09d5d09451e4b2492e64b0faae82
Previously the value was conflicting with a private flag
PARTIALLY_ENCRYPTION_AWARE, which has been added before.
Change-Id: I661d8b5f59a39b18288eae47b7522f87b120c57b
This also adds a new API to Resources, to get the resolved locale
from the Resources.
Bug: 25800576
Change-Id: I431f1c1b4b6775fcbc097936d0d607400db47f7d
You can now control the range of target SDKs that receivers
will be need to have in order to receive your broadcast.
Use this for CONNECTIVITY_ACTION to not allow N+ applications
to receive these broadcasts through their manifest.
Also tweak the broadcast debug output code to now include the
disposition of each receiver in the list. This is becoming
important as skipping receivers is becoming a more common
thing to have happen.
Change-Id: I251daf68575c07cbb447536286ab4e68b7015148
Rename APIs to reflect that they're storage-related. Also move
credential-storage APIs to be system API.
Return a null Context when device-encrypted storage isn't
supported. This is the easiest way to keep legacy apps working when
upgrading from M to N.
Reduce strictness of path checking so we don't crash when working
with special packages like "android".
Bug: 22358539, 26104027
Change-Id: I38c24fc003488186210a6ae3b64270f86e1efe56
