Once the ephemeral user stops, the user's deletion is scheduled.
It takes a while before the user actually disappears and it is not
desirable for the user to be re-entered in the meantime.
Mark the user as disabled on stop and check this flag
in the activity manager to prevent the user from being switched
to again. Also hide the user from user-switching UI.
BUG: 26795729
BUG: 26780152
Change-Id: I83a61674958954b5a210114b88ffa5ae55922c1f
am: 62b9ff4994
* commit '62b9ff49947ccfca7d9f2ffe0e34006821080819':
Add unit tests for BatteryStatsImpl.
Turn down the logging a little bit.
Turn down the logging a little bit.
- Add a Clocks interface to wrap SystemClock.uptimeMillis and
SystemClock.elapsedRealtime.
- Make the inner classes static so they can be created independently,
which meant passing explicit pointers to the BatteryStatsImpl and
the Uid objects in a lot of places.
- Make several fields protected so they can be accessed by the tests (they are
still @hidden)
- Add a test suite for the battery stats.
- Add the tests
Change-Id: I4e45afedc64f7050985c28a7eb4f5c1ddbaa63fa
It is no longer true that we always forward the intent to personal side
after the introcution of work dialer.
Change-Id: I07b247c15d366278a07afab76b23c9d8847b01ef
Add a separate system service RecoverySystemService to handle recovery
related requests (calling uncrypt to de-encrypt the OTA package on the
/data partition, setting up bootloader control block (aka BCB) and etc).
We used to trigger uncrypt in ShutdownThread before rebooting into
recovery. Now we expose new SystemApi (RecoverySystem.processPackage())
to allow the caller (e.g. GmsCore) to call that upfront before
initiating a reboot. This will reduce the reboot time and get rid of the
progress bar ("processing update package"). However, we need to reserve
the functionality in ShutdownThread to optionally call uncrypt if
finding that's still needed.
In order to support the update-on-boot feature, we also add new
SystemApis scheduleUpdateOnBoot() and cancelScheduledUpdate() into
android.os.RecoverySystem. They allow the caller (e.g. GmsCore) to
schedule / cancel an update by setting up the BCB, which will be read by
the bootloader and the recovery image. With the new SystemApis, an
update package can be processed (uncrypt'd) in the background and
scheduled to be installed at the next boot.
Bug: 26830925
Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560
Add HardwarePropertiesManagerService which call native methods to
get CPU, GPU, battery temperatures, CPU usage info, fan speeds.
Restrict hardware properties retrieval only for device and profile
owners.
Bug: 26945055
Change-Id: I4d6b30b78e575532d5e9cfa59ef6cd81355439d4
The new sdcardfs kernel driver needs to know this mapping for
deriving UID permissions, so push the data through /config when
supported by the kernel. This also has the nice benefit of letting
us push only the deltas of what actually changes, instead of
re-parsing the entire "packages.list" file.
The mappings for newly installed apps are pushed before the app is
allowed to run, removing some latent race conditions. Also cleans
up stale mappings when packages are uninstalled, and whenever the
system server reboots.
Bug: 19160983
Change-Id: Iace92efb69616c96b34c0d9d911e4b54e5fd8a67
This change makes StorageManager.getVolumesList(),
StorageManager.getPrimaryVolume(), and StorageVolume public and adds a
buildAccessIntent() in the latter to automatically generate the
ACTION_OPEN_EXTERNAL_DIRECTORY intent, but it doesn't change the
ACTION_OPEN_EXTERNAL_DIRECTORY implementation yet (i.e., it still takes an URI with the physical path of the directory, instead of a StorageVolume and
a directorny name).
BUG: 26742218
Change-Id: I36c59c42b6579e125ec7f03c3af141260875a491
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
Clients of the NetworkStatsManager public APIs may get UIDs belonging
to other users, and UIDs which don't actually represent applications.
These APIs allow clients to understand whether a given ID belongs to
the same user as themselves, and whether an ID represents an
application or something else (e.g. a system UID).
Change-Id: Ia56d5891521ce98e5594c41da8f9d756819deb66
Add android.os.UpdateEngine and UpdateEngineCallback classes that
communicate with the update engine via binder APIs for A/B update.
Bug: 26695366
Change-Id: I2471858d28df5443bc0b56d9a20281ccebde4484
Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.
Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30
Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.
This also has the nice property that we only prepare storage when
we know that keys are unlocked.
Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
A variety of related fixes:
- don't force size enable when browsing from device mounted notifications.
- don't show settings menu item as action (put in overflow).
- add sd card icon (not quite yet used, need to suss that out).
Bug:26880985,26883578,26771127
Change-Id: I36f153c42217f8092f157ded2a756c02525593ab
We used to unconditionally remove the block map file on boot. Because
the package might be half-way uncrypt'd in a corrupt state. CL in [1]
changes uncrypt to ensure that block.map only gets created at the end of
a successful uncrypt. So we can change to keep the fully uncrypt'd
package and the block map. This is to reduce the work for GmsCore to
avoid re-downloading everything again.
[1]: commit 25dd0386fe69460cd1d39de116197dd2c7bf9ec2.
Bug: 26883096
Change-Id: I58ca22064141bf5d42fa48146a980712c8ce21d9
Self closing tags are not legal in HTML and javadoc was updated to better
enforce valid javadoc comments.
https://bugs.openjdk.java.net/browse/JDK-8020619
Change-Id: Ia7644b79be559a2e88fc9850eab570bd926f9a4b
Add DIRECTORY_HOME to android.os.Environment...use that for dir name,
so we don't use a localized name when creating directory.
Mark all of the DIRECTORY_* fields final.
Bug: 26814341
Change-Id: I5a11bcb180674c619de2f5ce9ed598521e60cc25
