Apps making calls into the system server may end up persisting
internal state or making security decisions based on the perceived
success or failure of a call, or the default values returned.
The reality is that if the system process just died, init will be
along shortly to kill all running apps, so we should have no problem
rethrowing the RemoteException as a RuntimeException.
Bug: 27364859
Change-Id: Ife0bcb079636c88d54c44d17eb580409fd79028b
Similar to first patch, but now using new "rethrowFromSystemServer()"
method which internally translates DeadObjectException into
DeadSystemException. New logic over in Log.printlns() now
suppresses the DeadSystemException stack traces, since they're
misleading and just added pressure to the precious log buffer space.
Add some extra RuntimeInit checks to suppress logging-about-logging
when the system server is dead.
Bug: 27364859
Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123
If unknown temperature type is passed to getDeviceTemperatures, returns
empty array.
Bug: 27365463
Change-Id: I223b5e4e0642aee7b32e44fea84e8dc465b7e90b
Refactor some static fields into a holder. This allows to statically
initialize the class in the boot image. It also has some minimal
positive impact on the class size, a net benefit when tracing is
not used.
Bug: 27248115
Change-Id: I0cdfb6acf916ad8d9a7d82bba32929dba15d4200
Apps making calls into the system server may end up persisting
internal state or making security decisions based on the perceived
success or failure of a call, or the default values returned.
The reality is that if the system process just died, init will be
along shortly to kill all running apps, so we should have no problem
rethrowing the RemoteException as a RuntimeException.
Bug: 27364859
Change-Id: If632cc36f68cd399a34de513b2d979abaa36fcaa
Do not use profile guided compilation if the apk is loaded by another
app. The decision if an apk was used or not by another app is done
by looking into the foreign profile directory. Apks which where
loaded in others apps will have a file marker in the profile directory.
The marker is named after the canonical location of the apk file where
'/' is replaced by '@'.
Also, refactor the profile paths to the Environment.
Bug: 27334750
Bug: 26080105
Change-Id: Ic2ac5a7a231670ecb4462166c34fdd5b4c631178
Once the ephemeral user stops, the user's deletion is scheduled.
It takes a while before the user actually disappears and it is not
desirable for the user to be re-entered in the meantime.
Mark the user as disabled on stop and check this flag
in the activity manager to prevent the user from being switched
to again. Also hide the user from user-switching UI.
BUG: 26795729
BUG: 26780152
Change-Id: I83a61674958954b5a210114b88ffa5ae55922c1f
- Add a Clocks interface to wrap SystemClock.uptimeMillis and
SystemClock.elapsedRealtime.
- Make the inner classes static so they can be created independently,
which meant passing explicit pointers to the BatteryStatsImpl and
the Uid objects in a lot of places.
- Make several fields protected so they can be accessed by the tests (they are
still @hidden)
- Add a test suite for the battery stats.
- Add the tests
Change-Id: I4e45afedc64f7050985c28a7eb4f5c1ddbaa63fa
It is no longer true that we always forward the intent to personal side
after the introcution of work dialer.
Change-Id: I07b247c15d366278a07afab76b23c9d8847b01ef
Add a separate system service RecoverySystemService to handle recovery
related requests (calling uncrypt to de-encrypt the OTA package on the
/data partition, setting up bootloader control block (aka BCB) and etc).
We used to trigger uncrypt in ShutdownThread before rebooting into
recovery. Now we expose new SystemApi (RecoverySystem.processPackage())
to allow the caller (e.g. GmsCore) to call that upfront before
initiating a reboot. This will reduce the reboot time and get rid of the
progress bar ("processing update package"). However, we need to reserve
the functionality in ShutdownThread to optionally call uncrypt if
finding that's still needed.
In order to support the update-on-boot feature, we also add new
SystemApis scheduleUpdateOnBoot() and cancelScheduledUpdate() into
android.os.RecoverySystem. They allow the caller (e.g. GmsCore) to
schedule / cancel an update by setting up the BCB, which will be read by
the bootloader and the recovery image. With the new SystemApis, an
update package can be processed (uncrypt'd) in the background and
scheduled to be installed at the next boot.
Bug: 26830925
Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560
Add HardwarePropertiesManagerService which call native methods to
get CPU, GPU, battery temperatures, CPU usage info, fan speeds.
Restrict hardware properties retrieval only for device and profile
owners.
Bug: 26945055
Change-Id: I4d6b30b78e575532d5e9cfa59ef6cd81355439d4
dumpsys meminfo --unreachable will search the native heap for
allocations that are unreachable.
Bug: 27208635
Change-Id: I40ab1c261cb222ca71d04ab8408f355bcb18ed94
(cherry picked from commit 84b1e3554b)
The new sdcardfs kernel driver needs to know this mapping for
deriving UID permissions, so push the data through /config when
supported by the kernel. This also has the nice benefit of letting
us push only the deltas of what actually changes, instead of
re-parsing the entire "packages.list" file.
The mappings for newly installed apps are pushed before the app is
allowed to run, removing some latent race conditions. Also cleans
up stale mappings when packages are uninstalled, and whenever the
system server reboots.
Bug: 19160983
Change-Id: Iace92efb69616c96b34c0d9d911e4b54e5fd8a67
This change makes StorageManager.getVolumesList(),
StorageManager.getPrimaryVolume(), and StorageVolume public and adds a
buildAccessIntent() in the latter to automatically generate the
ACTION_OPEN_EXTERNAL_DIRECTORY intent, but it doesn't change the
ACTION_OPEN_EXTERNAL_DIRECTORY implementation yet (i.e., it still takes an URI with the physical path of the directory, instead of a StorageVolume and
a directorny name).
BUG: 26742218
Change-Id: I36c59c42b6579e125ec7f03c3af141260875a491
For this, the DPM calls a new function
UserManagerInternal.createUserEvenWhenDisallowed() instead of
UserManager.createUser(). This calls
UserManagerService.createUserInternalUnchecked().
Also, only the system user is allowed to call this method, otherwise
a security exception is thrown.
Bug: 26952210
Bug: 26786199
Change-Id: I69c16354898d68592d13f5f53b840551f7ad4779
Clients of the NetworkStatsManager public APIs may get UIDs belonging
to other users, and UIDs which don't actually represent applications.
These APIs allow clients to understand whether a given ID belongs to
the same user as themselves, and whether an ID represents an
application or something else (e.g. a system UID).
Change-Id: Ia56d5891521ce98e5594c41da8f9d756819deb66
Add android.os.UpdateEngine and UpdateEngineCallback classes that
communicate with the update engine via binder APIs for A/B update.
Bug: 26695366
Change-Id: I2471858d28df5443bc0b56d9a20281ccebde4484
Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.
Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30
Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.
This also has the nice property that we only prepare storage when
we know that keys are unlocked.
Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
