Once the ephemeral user stops, the user's deletion is scheduled.
It takes a while before the user actually disappears and it is not
desirable for the user to be re-entered in the meantime.
Mark the user as disabled on stop and check this flag
in the activity manager to prevent the user from being switched
to again. Also hide the user from user-switching UI.
BUG: 26795729
BUG: 26780152
Change-Id: I83a61674958954b5a210114b88ffa5ae55922c1f
am: 1ba39aa54e
* commit '1ba39aa54e49882df0116b7538f73a6a688cb830':
Add unit tests for BatteryStatsImpl.
Turn down the logging a little bit.
Turn down the logging a little bit.
am: 62b9ff4994
* commit '62b9ff49947ccfca7d9f2ffe0e34006821080819':
Add unit tests for BatteryStatsImpl.
Turn down the logging a little bit.
Turn down the logging a little bit.
- Add a Clocks interface to wrap SystemClock.uptimeMillis and
SystemClock.elapsedRealtime.
- Make the inner classes static so they can be created independently,
which meant passing explicit pointers to the BatteryStatsImpl and
the Uid objects in a lot of places.
- Make several fields protected so they can be accessed by the tests (they are
still @hidden)
- Add a test suite for the battery stats.
- Add the tests
Change-Id: I4e45afedc64f7050985c28a7eb4f5c1ddbaa63fa
It is no longer true that we always forward the intent to personal side
after the introcution of work dialer.
Change-Id: I07b247c15d366278a07afab76b23c9d8847b01ef
Add a separate system service RecoverySystemService to handle recovery
related requests (calling uncrypt to de-encrypt the OTA package on the
/data partition, setting up bootloader control block (aka BCB) and etc).
We used to trigger uncrypt in ShutdownThread before rebooting into
recovery. Now we expose new SystemApi (RecoverySystem.processPackage())
to allow the caller (e.g. GmsCore) to call that upfront before
initiating a reboot. This will reduce the reboot time and get rid of the
progress bar ("processing update package"). However, we need to reserve
the functionality in ShutdownThread to optionally call uncrypt if
finding that's still needed.
In order to support the update-on-boot feature, we also add new
SystemApis scheduleUpdateOnBoot() and cancelScheduledUpdate() into
android.os.RecoverySystem. They allow the caller (e.g. GmsCore) to
schedule / cancel an update by setting up the BCB, which will be read by
the bootloader and the recovery image. With the new SystemApis, an
update package can be processed (uncrypt'd) in the background and
scheduled to be installed at the next boot.
Bug: 26830925
Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560
Add HardwarePropertiesManagerService which call native methods to
get CPU, GPU, battery temperatures, CPU usage info, fan speeds.
Restrict hardware properties retrieval only for device and profile
owners.
Bug: 26945055
Change-Id: I4d6b30b78e575532d5e9cfa59ef6cd81355439d4
The new sdcardfs kernel driver needs to know this mapping for
deriving UID permissions, so push the data through /config when
supported by the kernel. This also has the nice benefit of letting
us push only the deltas of what actually changes, instead of
re-parsing the entire "packages.list" file.
The mappings for newly installed apps are pushed before the app is
allowed to run, removing some latent race conditions. Also cleans
up stale mappings when packages are uninstalled, and whenever the
system server reboots.
Bug: 19160983
Change-Id: Iace92efb69616c96b34c0d9d911e4b54e5fd8a67
This change makes StorageManager.getVolumesList(),
StorageManager.getPrimaryVolume(), and StorageVolume public and adds a
buildAccessIntent() in the latter to automatically generate the
ACTION_OPEN_EXTERNAL_DIRECTORY intent, but it doesn't change the
ACTION_OPEN_EXTERNAL_DIRECTORY implementation yet (i.e., it still takes an URI with the physical path of the directory, instead of a StorageVolume and
a directorny name).
BUG: 26742218
Change-Id: I36c59c42b6579e125ec7f03c3af141260875a491
Use this in the alarm manager to allow user whitelisted apps
to have free access to scheduling alarms.
Coming next: lifting sync/job restrictions.
Change-Id: Ib36bd811f866c7af43845edf051e7972397cea22
You can now associate an arbitrary Bundle of extras with a job,
as long as the job is not persisted.
Also implement deep-copy of Bundle.
Change-Id: I7890d627492b664d9b1f039e8cb82f8868de7be3
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
Clients of the NetworkStatsManager public APIs may get UIDs belonging
to other users, and UIDs which don't actually represent applications.
These APIs allow clients to understand whether a given ID belongs to
the same user as themselves, and whether an ID represents an
application or something else (e.g. a system UID).
Change-Id: Ia56d5891521ce98e5594c41da8f9d756819deb66
Add android.os.UpdateEngine and UpdateEngineCallback classes that
communicate with the update engine via binder APIs for A/B update.
Bug: 26695366
Change-Id: I2471858d28df5443bc0b56d9a20281ccebde4484
Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.
Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30
