In P we moved destroying per-user shared storage into installd,
where it can iterate quickly over large sets of files. This change
now moves cleaning/destroying of per-app shared storage data down into
installd, letting us greatly simplify the logic in PMS to no longer
require spinning up DefaultContainerService. This also fixes an
obscure bug where DCS (which always runs as USER_SYSTEM) wasn't able
to clear shared storage for secondary users.
This also gives us the ability to target specific storage devices
by UUID, such as when the user has migrated their primary shared
storage to an adopted device.
We no longer distinguish between keeping or deleting OBB files
during various operations, since upcoming changes in the Q release
will mean OBB files are no longer shared between users, and they'll
now live inside a sandbox that will be fully cleared when the user
clears data. (Going forward, apps should be using splits instead
of OBBs, so they're effectively deprecated.)
Uses newer "const" feature of AIDL to ensure constant values remain
consistent between native and Java code.
Bug: 111854851, 111838160
Test: atest android.appsecurity.cts.StorageHostTest#testCache
Change-Id: Ib90be155718a768da76110fbfcf010a471b37378
See build/soong/README.md for more information.
Test: m libframeworks_coretests_jni
Test: m FrameworkCoreTests_install
Test: m libshim_jni
Test: m CtsShimPrivUpgrade
Test: m libfilterfw
Test: m PMTest_Java_dual
Test: m libdefcontainer_jni
Test: m libperftestscore_jni
Test: m libpmtest32 libpmtest64
Test: m libprintspooler_jni
Test: m libsmartcamera_jni
Test: m idmap
Test: m libdrmframework_jni
Test: m libdvr_loader com.google.vr.platform com.google.vr.platform.xml
Test: m libfilterpack_imageproc libfilterpack_base
Test: m libwebviewchromium_loader
Test: m shared_mem_test
Test: m test-touchlag
Change-Id: I868561dd237fa28647896d59049ab9260373ada1
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: Ibcffec873a693d1c792ca210fb597d2bf37e9068
Merged-In: I4233b9091d9066c4fa69f3d24aaf367ea500f760
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: I4233b9091d9066c4fa69f3d24aaf367ea500f760
DCS had been relying on the WRITE_MEDIA_STORAGE permission to access
OBBs on external storage, but that permission has been locked down,
and we need to use the real WRITE_EXTERNAL_STORAGE permission now.
Rework the OBB error reporting flow to bubble exact error codes up
from internals, so that we can return expected CTS error codes.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 73424392
Change-Id: Iecbc4132745d56ebf081868ad2f9c3efe1e3735f
There are several places across the OS where Java code is simply
copying data between two points, which requires bringing that data
out into userspace before going back into the kernel. (That's pretty
lame.) The patches for the recent Meltdown/Spectre security issues
have made this overhead even worse, so it's finally time to move this
copying directly into the kernel.
This change adds a couple new FileUtils.copy() methods which inspect
the given streams/FDs, and attempt to do as much optimization as
possible before falling back to a slower userspace-based copy.
Benchmarks are showing typical improvements of 44% for 32KB files,
50% for 32MB files, and 35% for 32MB pipes.
Plenty of tests are included, and there's a simple kill-switch that
can be used to enable/disable the feature if it starts causing any
trouble. (A future CL will enable the optimizations.)
Test: bit FrameworksCoreTests:android.os.FileUtilsTest
Test: vogar --mode app_process --benchmark frameworks/base/core/tests/benchmarks/src/android/os/FileUtilsBenchmark.java
Bug: 71932978
Change-Id: I52518d529da5d961610998b9f61399064d8025cd
It turns the version code into almost a 64-bit integer, with the
new major part being the upper 32 bits.
The only tricky part about this is the backup manager, since it
stored 32-bit version codes in its backup data sets. This is dealt
with by, when the major version code is not 0, writing MIN_INT as
the version code and following that by the full long version code,
which we can detect when reading. Note that this makes backup sets
containing apps with major version codes incompatible with older
versions of the platform.
Bug: 64459786
Test: Added in Change-Id: Iab8a682b62103babd6c16a56b8dc1e97d7078658
Change-Id: Ibfffe235bbfcf358b3741abd3f7197fdb063d3f3
New quota APIs are much faster than trying to measure manually, and
removing this last user of calculateDirectorySize() means we can
remove it once and for all.
(cherry picked from commit c8b29ac6f0)
Bug: 36056324
Test: builds, boots
Merged-In: Ibdf1ee4e8885680e106df6a9269b6309ddc61af8
Change-Id: Ibdf1ee4e8885680e106df6a9269b6309ddc61af8
Awhile back we explicitly blocked any new ASEC installs, with the
expectation that we'd eventually remove the logic entirely. We've
had them disabled for about a week now without incident, so let's
rip out the remaining code.
Test: bit FrameworksCoreTests:android.content.pm.PackageHelperTests
Test: bit FrameworksCoreTests:android.content.pm.PackageManagerTests
Bug: 32913676
Change-Id: I1ecc35487420731f5c4bdf03bca5751548ce51b3
libnativehelper exports headers under nativehelper. These were
available before incorrectly as global headers in order to give
access to jni.h.
Test: modules using frameworks/base find headers
Bug: 63762847
Change-Id: I0f9f231acdebe460f279135462f43d3e32eff64d
New quota APIs are much faster than trying to measure manually, and
removing this last user of calculateDirectorySize() means we can
remove it once and for all.
Bug: 36056324
Test: builds, boots
Change-Id: Ibdf1ee4e8885680e106df6a9269b6309ddc61af8
We're not actually clearing any files, only deciding how much free
space is available, so we're fine assuming the remote caller has the
permission.
Test: builds, boots
Bug: 37169076
Change-Id: I6cd42f77c43e9d2de40e2b8b937c7f2145f1b869
It's confusing, but f_bsize is not the value you're looking for; the
real block size is f_frsize. Fix all those bugs.
Also, the vast majority of clients are interested in the usable
disk space, not including reserved space.
Test: builds, boots
Bug: 36840579
Change-Id: Ib1470389afd49c14cab62282ec1e978ebb2c4791
Mostly consists of removing the word "encryption" from most APIs,
since we can't actually make promises about the data being encrypted.
Bug: 27531029
Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
Add granular StorageManager APIs for key creation/destruction and
unlocking/locking. Start passing through an opaque token as part
of the unlock command, but leave it empty for now. We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.
Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE. Wire
a command to "sm", but persisting will come later.
Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model. Small tweaks to handle non-encryptionAware voice interaction
services. Switch PackageManager to consult StorageManager about the
unlocked state of a user.
Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
Typical apps are restricted so they can only view shared storage
belonging to the user they're running as. However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.
Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps. Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.
Bug: 19995822
Change-Id: I504c2a179ba74f142ed0d32da5baa69f4212cd82
