The UserSystemPackageInstaller (USPI) uninstalls system
packages that are not needed, depending on the user type.
When that determination changes (or the feature is disabled)
it can also re-install those packages.
This cl specifies when it is appropriate for USPI to actually
perform the (un)installation.
1.
Introduces uninstallReason: records the reason why a package
was uninstalled from a given user. Right now, the only values
are UNKNOWN and USER_TYPE. The latter indicates that the USPI
system uninstalled the package. If the USPI whitelist changes
(or the USPI feature is disabled), uninstalled packages will
only be installed by USPI if the uninstallReason was USER_TYPE.
Any further uninstalls (e.g. by ManagedProvisioning) will reset
the uninstallReason to UNKNOWN, so USPI will no longer install
such packages in the future.
This prevents USPI from reinstalling system packages that other
mechanisms (such as ManagedProvisioning) uninstalled.
2.
USPI will uninstall a system package if it is blacklisted, but
only if that system package is new, i.e in two circumstances:
a. on first boot
b. on an OTA where the package was not present prior to the OTA
Bug: 143200798
Test: atest UserSystemPackageInstallerTest
Test: Confirmed (un)installations during manually simulated OTAs
Change-Id: Ia0714d1faa8f7c79082f2cc93a92ae36b9a4c918
Merged-In: Ia0714d1faa8f7c79082f2cc93a92ae36b9a4c918
Before, the documentation said that the passed context is an application context, which is incorrect to get the density, window metrics, and window manager. We should use visual context to get these instead.
Bug: 151474461
Test: StrictModeTest#testIncorrectContextUse_GetViewConfiguration
Change-Id: Iea28d727cafbb3ec8536742c6a0e594f73fe5a51
With an ArrayList, a hand-written counted loop is faster than the
enhanced for loop and stream.
Bug: 152227957
Test: Run atest under both pm folder
Change-Id: I714eec2add030d794d0449ae8d07b572e5904880
The call to unstableRemoveIf should be synchronized on the
ResourcesManager instance since the collection belongs to the instance.
Also remove dead code from the loader refactor to prevent apps from
creating AssetManagers that return InputStreams instead of
AssetInputStreams.
Bug: 145510133
Test: boots
Change-Id: I50bcfc8e882f3d8a7827688e32f68790dd226801
In some paths, the "isolatedSplits" attribute was read directly from
the XML file. In others, it was read using a TypedArray [ie. it used
the application's resource table].
It's possible we should never allow some manifest values to be set
via resource table. This change does not attempt to resolve that.
Instead, it merely ensures consistency to how manifest values are
retrieved.
Bug: 150184652
Test: atest PackageParserTest
Change-Id: Ib7c6a5ae081959e2d3aba4abdf60dd52db05991a
The package installer v2 APIs were marked as @SystemApi merely as
a convenience for development. These APIs may change in the next
version of Android and their usage must be strictly controlled.
Bug: 151716357
Test: Manual. Use old Shell and see that incremental installation fails with a SecurityException
Test: Manual. Request INSTALLER_V2 permission for shell and see that incremental installation succeeds
Change-Id: I9612dc145eadda20083bcc43e7a35ef3cd90aa40
Reset the INTERACT_ACROSS_PROFILES app-op for all apps on the device
when creating a new work profile. This ensures that user grants for
previous work profiles (perhaps with a different admin) are not saved
and also not restored with backup-and-restore.
Also, clear the shared preference storing which oem-whitelisted apps the
user has granted. This ensures that the user sees them all again
during work profile provisioning.
Fixes: 151145623
Test: atest com.android.managedprovisioning.task.CreateManagedProfileTaskRoboTest
Change-Id: I5f5c5aea1c36bd17a74c02e1b6fa9b4047f15003
Also make use of PackageManager.getUnsuspendablePackages() which
already takes care of launcher and dialer packages and some
other critical apps, like package verifier, package
[un-]installer, etc.
For newly installed packages it PackageManager.getUnsuspendableApps()
seems to be sufficient since that app won't be critical for the
functioning of the device.
Test: Test: atest
OrgOwnedProfileOwnerTest#testPersonalAppsSuspensionInstalledApp
Bug: 149394138
Change-Id: Ic3196dbfdd5c506e708563d305a42494391dc878
These intents permit the handler to write camera / video images
directly to a supplied FD or Uri, and can be used to circumvent
EXIF redaction and may leak location info. Therefore, they are
restricted to pre-installed apps only, which can be CTS tested
Test: atest AvailableIntentsTest
Bug: 117223876
Change-Id: If0a77d0b8a6747da30803681cb1b813aee476b2b
* Added a new hidden API canUserAttemptToConfigureInteractAcrossProfiles
to be used in settings.
* Changed canRequestToInteractAcrossProfiles to return true when app is
not whitelisted by the admin or installed in the other profile, this
enables the app to navigate the user to the cross profile settings page
were more information about why they can't grant the permission will be
provided.
Bug: 149742043
Test: atest CrossProfileAppsServiceImplRoboTest
Test: atest CrossProfileAppsPermissionHostSideTest
Test: CrossProfileAppsTest
Change-Id: I9c7734d7ab0c7436d84a27604146ff539e1cb26a
Remove PackageManager#clearMimeGroup method. Add expected best
practices of the MIME group naming to Javadocs.
getMimeGroup/setMimeGroup throw in case of undefined MIME group.
Bug: 151101912
Test: atest CtsDynamicMimeHostTestCases
Change-Id: Ica468c77785cb0f9862b412a0bbc664f23e2f2d4
We have a new ContentProvider.checkUriPermission() method, but we
forgot to add the symmetric ContentResolver.checkUriPermission() to
the public API, and a first-party developer helped identify this
oversight.
Bug: 151165313
Test: atest CtsContentTestCases:android.content.cts.ContentResolverTest
Change-Id: Ic5496b5a6fda14c25cb3752f5af2f71564d003ba
Currently there is a limitation where ResourcesLoaders cannot be used
on Resources object not created through ResourcesManager. This change
creates an update handler for Resources objects that are not registered
with ResourcesManager.
The handler changes the loaders on the asset manager owned by the
Resources instance.
Bug: 151666644
Test: atest ResourceLoaderValuesTest
Change-Id: I5a89f686386bdb088dc964014e7becc0c2b4770f
Querying in the native layer for assets provided through
AssetsProviders does not currently work. This change refactors the
AssetProvider API to return a file descriptor that is read in the
native layer and can bubble up to the java layer.
This change also removes the InputStream API to favor of developers
using memfd_create.
Bug: 142716192
Test: atest ResourceLoaderValuesTest
Change-Id: I1a7eca0994c3b7cc32008d9a72bf91086ff0e816
This API allows a directory to be loaded as if it was a zipped APK.
This is a substitute for the DirectoryAssetProvider API that
currently does not work in the native layer.
Bug: 142716192
Test: atest FrameworksResourceLoaderTests
Change-Id: Ia13e15653e75b421423dd56f9fe89e183ab4cb9a
To add the partner requested ResourcesProvider#loadFromDir APIs, this
change adds format type integer that allows us to reduce the number of
ApkAssets loading overrides.
This change also adds hidden offset and length based ResourcesProvider
APIs that could not make R.
Bug: 142716192
Test: atest FrameworksResourceLoaderTests
Change-Id: I926fde257cae701901dcd4ca408024feae8c90a6
Merged-In: I926fde257cae701901dcd4ca408024feae8c90a6
Following API feedback, make
ApplicationInfo.enableGwpAsan
ProcessInfo.enableGwpAsan
a @IntDef integers instead of @Nullable booleans.
Rename both, and the manifest attribute, to gwpAsanMode.
Turn the manifest attribute into an enum.
Fix manifest documentation to match the implementation.
Bug: 151262688
Test: CtsGwpAsanTestCases
Exempt-From-Owner-Approval: cherrypick
Merged-In: Ie33954700e1526f9764a751e474a3f930a65e957
Change-Id: Ie33954700e1526f9764a751e474a3f930a65e957
(cherry picked from commit 7487f249dd)
