You can now declare shared libraries in apks that are
on the system image. This is like the existing mechanism
of using raw jar files as shared libraries, but since they
are contained in an apk the library can actually be updated
from the Play Store. And this even (mostly) works.
There are some deliberate limitations on this feature. A
new shared library *must* be declared by an apk on the system
image. Installing an update to a system image apk does not
allow you to add new shared libraries; they must be defined
by everything on the base system image. This allows us to
get rid of a lot of ugly edge cases (shared libraries that were
there disappearing after an update is uninstalled for example)
and give some brakes on apps that happen to be pre-installed
on devices from being able to throw in new shared libraries
after the fact.
In working on this, I ran into a recently introduced bug where
uninstalling updated to system apps would fail. This was done
to allow for the new restricted users that don't have all
system apps, but conflicts with the existing semantics for
uninstalling system apps. To fix this I added a new uninstall
flag that lets you switch on the new mode if desired.
Also to implement the desired logic for limitations on declaring
new shared libraries in app updates, I needed to slightly tweak
the initial boot to keep the Package object for hidden system
packages associated with their PackageSetting, so we can look at
it to determine which shared libraries are allowed. I think
this is probably more right than it was before -- we already
need to parse the package anyway, so we have it, and when you
install an update to a system app we are in this same state
until you reboot anyway.
And having this fixed also allowed me to fix another bug where
we wouldn't grant a new permission to an updated app if its
system image version is updated to request the permission but
its version is still older than whatever is currently installed
as an update. So that's good.
Also add new sample code showing the implementation of an apk
shared library and a client app using it.
Change-Id: I8ccca8f3c3bffd036c5968e22bd7f8a73e69be22
Natural languages differ so much and in such odd ways that you can't
use getQuantityString as an "if" statement. It's really just for grammaticality.
This is explained well in
http://developer.android.com/guide/topics/resources/string-resource.html#Plurals
but we need to make more of an effort to motivate people to read that, and to
at least get the most important point across if they don't read it.
Change-Id: I549b9f3563462c45f2dea34c558185e0714127cd
API and preliminary implementation for sharing primary user accounts with a secondary user.
AbstractAccountAuthenticator has new methods to retrieve and apply a bundle of credentials
to clone an account from the primary to a restricted secondary user. The AccountManagerService
initiates the account clone when it starts up the user and detects that the user has
a shared account registered that hasn't been converted to a real account.
AccountManager also has new hidden APIs to add/remove/get shared accounts. There might be
further improvements to this API to make shared accounts hidden/visible to select apps.
AccountManagerService has a new table to store the shared account information.
Added ability in PackageManager to install and uninstall packages for a secondary user. This
is required when the primary user selects a few apps to share with a restricted user.
Remove shared accounts from secondary users when primary user removes the account.
Change-Id: I9378ed0d8c1cc66baf150a4bec0ede56f6f8b06b
Keyguard currently relies on being in the system process to grab the
given user's widgets. When we split keyguard into a new process,
it will need to have access to user-specific info to instantiate a
specific user's widgets. In order to accomplish this, we add an
explicit userid to each binder call as well as new permission
check to allow keyguard access.
This also fixes a potential race condition of having an incorrect user id
due to an async call to change the user. Every binder call now has a specific
user id. The user id is either the calling process user's id or an explicit
one passed by applications like keyguard. It is created once when an
AppWidgetManager is instantiated and remains for the lifetime of the object.
Fixed bug where widgets sometimes didn't show up for secondary users.
Moved permission check in AppWidgetService into getImplForUser()
Refactored to use userid from context associated AppWidgetManager instance.
Clean up AppWidgetHost to use userId from Context.
Remove redundant userId check in checkPermission since it's handled by
ActivityManager.handleIncomingUser()
Removed redundant userid check.
Upload after rebase...
Change-Id: Iae3e20f2b342c323bb58768b3d22051510f8268b
It is beneficial that there is a mechanism on the platform
to notify applications whether it is safe to perform somehow
expensive operations while the user is not using the device.
Thus, user experience will not be degraded. An example is
discarding of unused blocks on a mounted file system instead
of doing this on every write operation.
bug:8056794
Change-Id: I708bad9d3ce6c8f1d5a1c05c0abf46f81a3d464b
Reworking the locking in resources so that we never hold the
state lock while calling in to potential long running operations.
This means the mTmpValue can no longer be final (since we need
to use it while the lock isn't held), so a new field needs to
be added as the lock and everything that touches mTmpValue must
deal with it being null, restoring the value in there when
possible, etc.
Change-Id: Ie5ffd0f66e5f2d0e869a62d72e7a55b1c74fe872
Restrictions saved as key/value pairs, mostly booleans right now
but might be expanded to other types later.
Save and restore restrictions in the user manager service.
Enforce some of the restrictions at the framework level. Some
are enforced (also) at the app level, such as in Settings.
Change-Id: Id11ffe129cb6a177e094edf79635727388c26f40
