When Binder calls are nested, we can quickly end up with a snowball
of stacktraces that can cause the original transaction to fail. This
CL makes two specific changes to alleviate this pressure:
-- Consider a nested Binder call from PID A -> B -> C. If both B and
C encounter dozens of StrictMode violations, then gatheredViolations
in B will end up with 10 ViolationInfo (5 from B and 5 from C). This
problem only grows with each successive nested call. To solve this,
always limit ourselves to only ever write out 3 ViolationInfo from
any given process.
-- CrashInfo already nicely truncates any large stack traces to 20kB,
but readAndHandleBinderCallViolations() blindly appends the entire
local trace, and never considers truncating again. Similar to the
first problem above, nested calls can quickly cause the stackTrace
value to explode in size. To solve this, we always re-truncate the
stackTrace value after appending our local stack.
Also fix some NPE bugs when missing crashInfo.
Test: builds, boots
Bug: 32575987
Change-Id: Ie8373ca277296f920f2b1c564d419c702a8ee0f2
Only the device owner will be able to set the restriction
and the restriction will prevent usage of Bluetooth on the
entire device - i.e. in all the users.
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.UserRestrictionsTest
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest#testBluetoothRestriction
Bug: 32895300
Change-Id: I2875cf178cb16eca1965d0ba965d1cd3d8db2ad5
UserManager.isUserUnlocked/isUserRunning now returns state from
UMS.mUserStates that is pushed from ActivityManager.
Test: manual
Bug: 33232933
Bug: 28957340
Change-Id: Ic5f56d7d577bc336acd2bf44fab7f74feac4f7b3
Follows the same marshalling scheme as other list types, such
as lists of Strings etc.
Bug: 30792387
Test: ParcelTest
Change-Id: I2003f4fcf4de5a1bee060f3c2723cfb155105b14
Developers regularly put content:// Uris into Intents, but they can
easily forget to add FLAG_GRANT_READ_URI_PERMISSION to actually
extend a permission grant to the receiving app.
Also fix NPE when path is missing.
Test: builds, boots, common actions work without triggering
Bug: 32447617, 31900890
Change-Id: Ic6054b1d73de50967cf7fe66abc293c60a41b97e
The CL adds FuseAppLoop internal class to the framework. It parses FUSE commands
from the proxy in the system service and invokes a callback provided by
application.
Bug: 29970149
Test: None, will be tested with CTS for StorageManager#openProxyFileDescriptor.
Change-Id: I10b2add4c2743fb91eae3cb194f55843a74fb668
Support a system property on debugable builds to
override the max number of managed profiles to
allow easier dogfooding of multiple profiles.
Support 3 different badge colours for managed profiles.
Bug: 30473760
Test: runtest -c com.android.server.pm.UserManagerServiceCreateProfileTest frameworks-services
Test: runtest -c com.android.server.pm.UserManagerServiceUserInfoTest frameworks-services
Test: manual - attempting to create 2 profiles with adb fails, passes once I set the property.
Change-Id: Ie7fb19048a04a01572666f229283152254d0ffc3
We know they will be ASCII, so use String.getBytes(US-ASCII) which is
much faster than creating a new ICU based CharsetEncoder for UTF-8 every time
we write one of these files (there will be a lot of them).
Test: make + manual.
Change-Id: I8eb62862ea1083e194d3f23ac68bb40aaae5efd5
To do this, I had to fix the PROCESS_STATE_NONEXISTENT constant
to be the last value (instead of the special magical -1 value)
so it semantically matches the public importance constants. I
think this is better anyway.
Also this fixes a big problem in the implementation, where we
weren't keeping track of the last proc state per uid...! Duh.
Test: manually ran testUidImportanceListener
Change-Id: Ie3008f824446089840f896885e6033472abb065e
To protect system stability, any Binder calls leaving the
system_server must carefully be performed using FLAG_ONEWAY (or
the 'oneway' verb in AIDL) which prevents the call from blocking
indefinitely on the remote process.
In this CL, the system_server uses the new Binder.setWarnOnBlocking()
method to enable detection by default for all remote Binder
interfaces. It can also use Binder.allowBlocking() to allow
blocking calls on certain remote interfaces that have been
determined to be safe.
This CL adds the 'oneway' verb to several interfaces and methods
where it should have been added, and marks a handful of system
ContentProviders as being safe to call into. Also, we assume that
any services obtained from ServiceManager are part of the core
OS, and are okay to make blocking calls to.
Test: builds, boots, runs with minimal logs triggered
Bug: 32715088
Change-Id: Ide476e120cb40436a94b7faf7615c943d691f4c0
If binder tracing is enabled, we also output the class/method name
to systrace. This is the first step toward a system in which we could
show the full stack trace in systrace.
Test:
adb shell am trace-ipc start
python systrace.py
adb shell am trace-ipc stop
Change-Id: I6d0354c9560c4518c84fb3fdb66219b460e69f67
- (IBinder.FIRST_CALL_TRANSACTION=1) is added to the specified
transaction codes during binder generation. Correct the
IMountService transaction ids taking this into account.
- Update interface descriptors in MountService related native code.
- Add proxy implementations for IMountServiceListener and
IMountShutdownObserver.
Bug: 30977067
Test: Verified that calls from native code to IMountService system
service are working and listeners in native code can get the
callbacks correctly.
Change-Id: I9bef9a8113e92d8b36e963bd961ac858acac3f2a
