When the caller hasn't specific encryption-related matching flags,
we should match both aware and unaware components.
Bug: 26508249
Change-Id: I2c35f6e00e451ba3f5fa0810223b7a3d80dee233
When starting encryption-aware apps while the device is locked, we
can only spin up ContentProviders that have been marked as
encryption-aware. Once the user is unlocked, we need to go back and
install non-encryption-aware providers in already running apps.
Fix bugs in getPackageInfo() where only one of the various MATCH_
flags was being consulted (!). Move matching logic to single unified
location in PackageUserState so we have consistent behavior.
Fix another class of bugs where Safe Mode wasn't correctly filtering
package details (!). These bugs are fixed by splicing in the new
MATCH_SYSTEM_ONLY flag as part of state-based flag mutation that was
added for encryption.
Bug: 25944787
Change-Id: I39c8da74b1f9ba944cc817176983f50ba322329c
In order to support backup/restore on devices without native FBE
support, we always need to make the DE storage area available. Add
docs clarifying the lifecycle.
Bug: 26279618
Change-Id: I789915f295b10aca6bf80ca58406aea212835ffd
Also define InstallFlags and DeleteFlags, and point installPackage()
users towards new PackageInstaller APIs. Remove old movePackage()
API that is no longer used.
Change-Id: I661a65149e4778a7591dbd912b72b4dd81b266da
Finish moving all UID/GID callers to single AIDL method that requires
callers to provide flags.
Triage AppWidgets and PrintServices, which currently can only live on
internal storage; we should revisit that later.
Fix two bugs where we'd drop pending install sessions and persisted
Uri grants for apps installed on external storage.
Bug: 26471205
Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd
Catch a bunch of simple cases where the PackageManager flags are
obvious. Add the ability to use the MATCH_SYSTEM_ONLY flag on
PackageInfo and ApplicationInfo queries.
Re-examine recent tasks after a user is unlocked, since some of the
activities may now be available and runnable.
Bug: 26471205, 26253870
Change-Id: I989d9f8409070e5cae13202b47e2c7de85bf4a5b
If they don't have code, give the developer a somewhat helpful error
message instead of later falling into a weird classpath failure.
Change-Id: Iebda10173ff99943cbbd71127ae24aa455b709f4
This gives callers the ability to request details for missing
packages. Also add annotations for userId and appId variables and
start tagging their usage.
Change-Id: I63d5d7f870ac4b7ebae501e0ba4f40e08b14f3f6
Since this technically wasn't an API change, there isn't a good
reason to protect with target API. So change the behavior based on
the caller for now.
Bug: 26438049
Change-Id: I65aa1fc9af1f935544f8e191444440af4f98f26f
When hidden PackageManager methods take a userId argument, they
should be named explicitly with the "AsUser" suffix. This fixes
several lagging examples so that we can pave the way to safely
start passing flags to new methods without scary overloading.
Also fix spacing issues in various logging statements.
Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
Verifiers or installers may not be encryption-aware, or the user may
have disabled them, so we probe pretty deeply during system boot to
resolve them. Use the new MATCH_SYSTEM_ONLY flag to limit results to
packages on the system image.
When there are multiple matches, pick the one with highest priority
instead of crashing the system.
Switch to updated MATCH_ constants in more places.
Bug: 26250295
Change-Id: Ia7a3b1fb74da6c3b9d2c2edbf1deaa9fb52fc40a
Caching against resource ID leads to incorrect cache hits, since multiple
files (ex. within drawable-mdpi, drawable-ldpi) may map to the same ID.
Also adds nullability annotations.
Bug: 26400880
Change-Id: I4d83caf3c44dc9b546511753e9e72171e8850eb2
Moving forward, all client file access really needs to be going
through explicit APIs like openFileDescriptor(), since that allows
the provider to better protect its underlying files.
This change also changes several classes to use the AutoClosable
pattern, which enables try-with-resources usage. Older release()
methods are deprecated in favor of close().
Uniformly apply CloseGuard across several classes, using
AtomicBoolean to avoid double-freeing, and fix several resource
leaks and bugs related to MediaScanner allocation. Switch
MediaScanner and friends to use public API instead of raw AIDL calls.
Bug: 22958127
Change-Id: Id722379f72c9e4b80d8b72550d7ce90e5e2bc786
Intercept calls to start activities from the recents
stack and show the Work Challenge if needed. This requires
passing the taskId to ConfirmDeviceCredential so it can
launch the recents task itself when the credentials are
confirmed.
Change-Id: I013b134f3f31a35b551ad683c68cc89b8af44499
In practice, a lot of apps provide English resources as their default
resources, so assume that English is always supported.
With this change, users can safely set secondary locales after
English in their preferred locale lists. Such settings would help
the apps (and parts of the system that are aware of multiple locales)
consider the user's familiarity with the secondary locale or the
user's preference for glyphs forms in the secondary locale. This
change makes sure that no app unintentionally switches to such
secondary locales.
Note that this doesn't break from the tradition of previous releases.
Traditionally, if the user had set the system locale to English, they
would get the default resources when the app didn't explicitly
provide English resources. This will continue to be the case where
the user's locale list has English in it before another supported
language. (English will be the first locale in most cases.)
Bug: 26192817
Change-Id: I2c1a003760299157786c1b3f9fb116ce18db3b8c
Allows an activity to always be focusable regardless of if it is in a
stack whose activities are normally not focusable. For example, activities
in pinned stack aren't focusable. This flag allows them to be focusable.
Also, changed ActivityInfo.#{resizeable, supportsPip} to use flags.
Bug: 26273032
Bug: 26034613
Change-Id: I8c63e6d3256757e2e6931e08b8a65269f5169d35
Also:
1. Add AssetManager method for finding non-system locales: This is
used in per-app locale negotiation. (Normally,
AssetManager#getLocales() returns both system and non-system
locales.)
2. Match pseudolocales correctly in locale negotiation.
Bug: 25800576
Bug: 26236938
Change-Id: I116caf3a91c290deb4ad68b291c65b7035b18dd4
When an APK is being installed, the full path to the file is
occasionally passed between processes. To detect changes to the file
during these handovers, the digest of the AndroidManifest.xml entry
could be passed around as well.
This security feature is no longer used and is no longer needed. APKs
should be installed using the modern Package Installer API
(android.content.pm.PackageInstaller).
Bug: 24542768
Change-Id: I2762634c85448e7adcd47ffc9a5294c021e127bd
Many places across the platform query package details without
gracefully handling packages or components that go missing for
various reasons. This can cause annoying user data loss, such as
resetting back to built-in apps or dropping of accounts, etc.
This change verifies that system callers have thought about these
edge cases by logging if they use default matching behaviors without
explicitly marking themselves as being "triaged." (The logging is
currently disabled by default.)
Also creates explicit definitions of supported flags for various
incoming PackageManager calls, and defines a clear distinction
between flag types:
-- GET-style flags are used to request additional data that may have
been elided to save wire space.
-- MATCH-style flags are used to include components or packages that
would have otherwise been omitted from a result set by current system
state.
There are a handful of existing GET flags that better fit under the
MATCH definition, so this change clones them to new constants and
marks the old ones as deprecated.
Fixes bug in JobSchedulerService to consider jobs from apps on
external storage. Revert some dialer behavior back to being
untriaged.
Change-Id: I9b6ab0968241e3479bddbd78de0c51e3b9917318
When a user is started, but a persisted job component doesn't appear
in the normal resolution list, we avoid enqueuing the job. Later
when the user is unlocked, we take another pass over the pending
jobs to see if they became available.
Load keyboard layouts from XML metadata regardless of crypto status,
since we don't need to spin up any remote code.
Add MATCH_SYSTEM_ONLY to make system logic easier to write when
looking for trusted components.
Sprinkle more annotations on ArrayUtils methods.
Bug: 26279465
Change-Id: Iec28e0bb46862b07d740b12a79f6360de68dab0f
Create distinct flags for encryption aware, unaware, and both, and
name them like the other MATCH_ flags.
Start adding logic to help triage all system internal callers to
verify that they've done their homework and thought about how to
handle apps while locked. Call sites in the system should either
ask for explicit matching behavior, or explicitly use the DEFAULT
match flag to indicate that they've been triaged to use the
default state-based matching.
Bug: 26250295
Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107
