Update storage related docs on Context to be consistent, and to call
out relevant Environment methods. Start calling it "shared" storage,
and only mention external for historical reasons. Mention that there
isn't much benefit to using emulated storage over private data
directories to help guide developers to safer locations.
Point out which paths can change over time, so developers know to
only persist relative paths.
Update Environment docs to reflect how they behave for the new
class of adopted storage devices.
Bug: 24251945
Change-Id: Ie5ab337649b4740dfd7594997bbb19c4969cfd2f
(cherry picked from commit 59d28dc820)
To help MediaProvider uniquely identify storage devices, pass through
the UUID of the underlying private storage volume.
Bug: 23329611
Change-Id: I22ee7ea98fcb208d7797310acb3396a3f074f09b
We now have a new whitelist you can put apps in, which
opts them out of the old battery saver mode and new app idle,
but doesn't keep them from going in to doze. This is for a few
special cases that we had previously whitelisted for battery saver,
and inherited to the new modes... ultimately we should figure out
how to get these apps out of the whitelist completely, but this
will help for now.
Apps in this new whitelist are not shown in the UI, because they
are still significantly restricted by not being able to operate
normally in doze. This also means they are still visible in the
list of all apps for the user to be able to put them on/off the
complete whitelist if that is what they really want.
In the course of doing this, I needed to clean up code in the
network policy manager to better separate management of the
two firewall rules that now have different whitelists applied
to them. This also hopefully just generally simplifies and cleans
up that code. Hopefully!
Change-Id: I92e15f2f85899571dd8b049b5e3eb1354f55f353
Certain operations (like ConfirmCredential) can be invoked
in the context of a profile, in which case the calling code
needs to know under what profile the credential is registered.
Expose a centralized location for this information for Settings
and GateKeeper to consume.
Bug: 22257554
Change-Id: Iffe4f6a254f52d1269b9287edabcf6efa515d9d2
With this change:
1. NOT_RESTRICTED should be removed from NetworkRequests that bring up
special restricted carrier networks (e.g. IMS, FOTA).
2. NetworkRequests without NOT_RESTRICTED require CONNECTIVITY_INTERNAL
permission to register
3. Binding sockets to networks without NOT_RESTRICTED requires
CONNECTIVITY_INTERNAL permission
Bug:21637535
Change-Id: I5991d39facaa6b690e969fe15dcbeec52e918321
These are important values to help diagnose modem related wakeup issues.
Bug:22803686
Bug:22857991
Change-Id: Ie0164ebd194567bc10d1165d671a583674a39829
Currently any calls into vibrate just end up in an infinite loop
until the program's stack overflows.
Bug: 22835503
Change-Id: I640c3990b597ac69d83b3656e00daad088002982
...of address space causing package manager to fail
Make sure to flush binder commands when done with an async task.
Change-Id: I9f171add7051587ab854226b97a12c7e1844ad5d
...space causing package manager to fail
Lower the maximum IPC size we use in various places, to keep it
under the threshold of becoming dangerous. Now everything tries
to keep not much more than 64k.
Change-Id: I814013097966a7843179e5d581bfdb254c5ae318
Long ago, we mounted secondary physical cards as readable by all
users on the device, which enabled the use-case of loading media on
a card and viewing it from all users.
More recently, we started giving write access to these secondary
physical cards, but this created a one-directional channel for
communication across user boundaries; something that CDD disallows.
This change is designed to give us the best of both worlds: the
package-specific directories are writable for the user that mounted
the card, but access to those "Android" directories are blocked for
all other users. Other users remain able to read content elsewhere
on the card.
Bug: 22787184
Change-Id: Ied8c98995fec1b7b50ff7d930550feabb4398582
Surface more details and commands for storage volumes to support
CTS testing. Fix user reconciliation bug that skipped user setup on
empty volumes.
Bug: 22658804, 22633097
Change-Id: I4221312d1cce24d1f5a2c108095cf3cf471598ed
- New screen on app op to record the last time each app has
caused the screen to be turned on.
- New battery stats event that tells us the reason the screen
has been asked to turn on.
- Propagate out power manager API to specify the reason a caller
is asking to have the screen turned on.
Note that currently the window flag to turn the screen on bypasses
much of this because it is being handled in the window manager by
just directly telling the power manager to turn the screen on. To
make this better we need a new API where it can specify who it is
calling the API for.
Change-Id: I667e56cb1f80508d054da004db667efbcc22e971
We now place whoever is receiving the MMS on the temporary
whitelist while doing so, so they can get network access to
download it.
There was also an issue that needed to be fixed where we
were no longer updating the list of allowed uids while
dozing based on their proc states... we now do that.
Also did a bit of optimization of the temp white list update
path do the network policy manager, instead of going through
a broadcast we now directly call in to the network policy
manager. This also allows us to have a synchronous version
of updating the list, so we can know the app has network access
before we tell it to do anything.
Finally added battery stats events for things going on and off
the whitelist so we can diagnose the behavior there.
Change-Id: Ic7fe010af680034d9f8cb014bb135b2addef7455
Give more details about why we failed to create storage paths, and
search for underlying volumes using canonical paths.
Bug: 22135060
Change-Id: I75d3584403ece310438b05f5b9fe72d94c9096c6
For modern apps targeting M SDK and up the external storage state
is deterined by granted permissions. For apps targeting older SDK
the storage access is determined by app ops correspning to the
storage permissions as the latter are always granted.
When app ops change we do not remount as we kill the app process
in both cases enabling and disabling an app op since legacy code
is not prepared for dynamic behavior where an operation that failed
may next succeed. Hence, we remount when we start the app.
For modern apps we don't kill the app process on a permission
grant, therefore we synchronously remount the app storage.
bug:22104923
Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a
We can now stream the AssistStructure across processes, avoiding
IPC size limitations for large structures. There is also a new
API that gets called on the VoiceInteractionSession if there is
a failure retrieving the assist data.
Also fix issue #22351981: Runtime restart due to ANR in system server,
getting rid of a deadlock.
And also tweak object lifecycles to try to avoid keeping around
in an app the previous AssistStructure after we request a new one.
Change-Id: Ifb136a0d31a14e56a8db6b90768d9fc65557a17f
It ends up that MediaProvider is persisting MTP storage IDs in its
database, so we need to make sure we generate stable IDs over time,
otherwise we can end up looking into a black hole.
Bug: 22256092
Change-Id: I6a75c239aac1b71fd5f6df0df69b24971079a086
Users can try migrating primary storage while the current location
is missing/unmounted. Fail gracefully instead of runtime restarting.
Bug: 21927076
Change-Id: I40645f8ccea05154e7cbacd188f6cba5f4dbbdc4
Many things can happen while a private volume is ejected, so we need
to reconcile newly mounted volumes against known state.
First, user IDs can be recycled, so we store the serial number in the
extended attributes of the /data/user/[id] directory inode. Since a
serial number is always unique, we can quickly determine if a user
directory "10" really belongs to the current user "10". When we
detect a mismatched serial number, we destroy all data belonging to
that user. Gracefully handles upgrade case and assumes current serial
number is valid when none is defined.
Second, we destroy apps that we find no record of, either due to
uninstallation while the volume was unmounted, or reinstallation on
another volume.
When mounting a volume, ensure that data directories exist for all
current users. Similarly, create data directories on all mounted
volumes when creating a user. When forgetting a volume, gracefully
uninstall any apps that had been installed on that volume.
Bug: 20674082, 20275572
Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9
Request benchmarking of devices once per week during normal fstrim
maintenance window. Tunable parameter gives us the ability to change
frequency through global setting.
Track individual benchmark and trim results for each volume, and
use scrubbed volume identifier (based on adoptiong age) when logging
stats to drop box. Track last benchmark and trim time for each
volume separately.
Bug: 21831325
Change-Id: I53b3ed788f7820c2e5bceb2840339f5b4aada3f0
Issue #22209630: Only allow whitelisted apps to put apps on the temp whitelist
We now check whether the calling app is a system uid or in the whitelist
and, if not, throw an exception.
Issue #22225665: Alarm still goes off in idle mode (doze)
Fix a bug where we were not clearing the calling identity when coming
through the dump command to the service, and as a result when we would
eventually call out to the alarm manager it wouldn't do what we want.
This was only broken when being controlled by the shell.
Also adjust the network policy manager service's handling of device
idle transitions to only toggle the device idle state, which gets rid
of the long delay we have coming out of idle mode. And add in a bit
of logging around going in/out of idle mode to try to understand where
things may be slow in the future.
Change-Id: I4a41f790e9b0bb31330314b94111557d479f2ba5
For now we are just recording the power usage and not using it
to calculate battery power usage or app blame. If it looks like
it is accurate, we'll adopt the values from the kernel instead of
estimating ourselves.
Bug:21498425
Change-Id: I6617e3c0ff279a65f4ff84472082f36fe4beb336
