This fixes a bug in parsing the package name from a file name. The suffix
was not taken into account, resulting in all restrictions files being
removed on switching to a user.
Bug: 10947554
Change-Id: I62725bbbdc0e15609872de3896130d4acbc35386
Since the Restrictions feature was removed, some cleanup code was
added to unblock apps. But the cleanup is causing some runtime exceptions
due to happening too early in the boot up sequence. Moved the cleanup
to after boot_completed broadcast is received.
Bug: 10212758
Change-Id: Id42eff16b54c24ea48cf8b3a81f77ea801264edd
Since this is an operation that could take a few seconds to run and needs to be
completed even if Settings dies, best to do it in the user manager.
Refactored PIN challenge/setup UI with a field to verify existing pin
when changing to a new one.
Change-Id: I0b7df5b2ccb7f343aa9282a9245d3bc2b577a794
Introduces a new "blocked" state for each package. This is used to temporarily
disable an app via Settings->Restrictions.
PIN creation and challenge activities for use by Settings and other apps. PIN
is stored by the User Manager and it manages the interval for retry attempts
across reboots.
Change-Id: I4915329d1f72399bbcaf93a9ca9c0d2e69d098dd
Loading the avatar icons and drawing them into the sized bitmap
turns out to be quite expensive and the cost increases with number
of users. Caching them shaves off several hundred milliseconds from
Keyguard inflation time during user switching on the lockscreen.
For instance, 15ms vs. 750ms with 3 avatars on a certain 7" tablet.
Bug: 7986933
Change-Id: I3e2065bfa25aa263133ba204ca364c3b04d7c0ff
Use a Bundle for persisting and passing to the application, but use a
list to return data back from an application that's exposing restrictions.
Changed the xml reading/writing code to store the value type in the Bundle
so that it can be reproduced when reading. Earlier we were assuming only
String and String[].
Bug: 8633967
Change-Id: I523d5553728edcf28a1e9d432f490b4956f34215
Created constants in current.txt and UserManager.java, modified restrictions access in UserManagerService.java.
Change-Id: If8d778d84af81dcbf5784f6e0afd9ef966cc8ecf
More getters and setters, better naming.
New extra defined for returning a custom intent that handles showing the
restrictions UI.
Change-Id: I2ee0cdb4edd99e71a9004ff5e929dbe243b45557
Created constants for these in UserManager and current.txt. Also created
an accessor for individual user restrictions that takes the restriction key
(removing individual methods for particular restrictions).
Change-Id: Ibb5517cbcdffadd3925f52cbe67d7d525813faa9
A Device Owner cannot be uninstalled and is available to all users. It must
be registered before the device_provisioned flag is set.
Device admins can be disabled until used, but visible to device policy
manager, so that users wont be bothered with update requests.
Opened up a few related APIs for use by a system-installed Device Owner.
Change-Id: I847b5fe68c0f724863f778a67602b5bddc79d8e5
Adds the ability for apps to export some restrictions. The restrictions
are presented in Settings based on the restriction type. The user's
selections are stored by UserManagerService and provided to the
target user's application as a list of RestrictionEntry objects which
contain the key, value(s).
Also introduce a manifest entry for system apps to request that the
app be automatically installed in all users, so that they cannot be
deselected by the owner user.
Shared account filtering for non-whitelisted apps.
Change-Id: I15b741e3c0f3448883cb364c130783f1f6ea7ce6
API and preliminary implementation for sharing primary user accounts with a secondary user.
AbstractAccountAuthenticator has new methods to retrieve and apply a bundle of credentials
to clone an account from the primary to a restricted secondary user. The AccountManagerService
initiates the account clone when it starts up the user and detects that the user has
a shared account registered that hasn't been converted to a real account.
AccountManager also has new hidden APIs to add/remove/get shared accounts. There might be
further improvements to this API to make shared accounts hidden/visible to select apps.
AccountManagerService has a new table to store the shared account information.
Added ability in PackageManager to install and uninstall packages for a secondary user. This
is required when the primary user selects a few apps to share with a restricted user.
Remove shared accounts from secondary users when primary user removes the account.
Change-Id: I9378ed0d8c1cc66baf150a4bec0ede56f6f8b06b
Restrictions saved as key/value pairs, mostly booleans right now
but might be expanded to other types later.
Save and restore restrictions in the user manager service.
Enforce some of the restrictions at the framework level. Some
are enforced (also) at the app level, such as in Settings.
Change-Id: Id11ffe129cb6a177e094edf79635727388c26f40
Currently, installd doesn't correctly evict VFS cache entries for
FUSE emulated external storage. This means zygote processes have an
inconsistent view of the FUSE daemon when the system rapidly
recycles user IDs.
To work around this, only consider recycling a user ID after its
VFS cache entries have expired. The emulated storage FUSE daemon
currently uses a 'entry_valid' timeout of 10 seconds.
Bug: 7407902
Change-Id: Id80cbdd2215d8456467fb31e4c209ca12a505e16
Use a version number to update the name to Owner, from Primary.
For new installations, use the correct localized string.
Bug: 7417150
Fix a typo in the permission description.
Bug: 7333304
Change-Id: I123741e581c6a02d4597b3cd81f2ca48a8587e2a
Make USER_REMOVED an ordered broadcast and send it before the user's
state is completely removed from the system. This gives services the
opportunity to clean up their state, while still having access to the
user's directory and UserInfo object (such as serial number).
Tell SyncManager to skip over dying/partially created users.
Improve UserManager tests, waiting for users to be removed fully.
Bug: 7382252
Change-Id: I93cfb39c9efe6f15087bf83c569a2d154ef27168
This allows services watching for USER_REMOVED to fetch the serialNumber of a dying user.
Also fix an AIOOBE when building the userId array, typically on cleanup.
Bug: 7368826
Change-Id: I24e52278af8353b5744372127da4bf4fafc89baa
Mark user 0 as initialized, otherwise it will show up as
uninitialized when viewed from secondary user if never switched to user 0.
Bug: 7301595
Also clean up any users that were in the process of being removed, if device
crashes at a bad time.
Change-Id: Ic16a6c9ccb6a64b7463725f6cc279335a821fcd5
Bug: 7280093
User serial number was not being bumped up from 0 on a freshly wiped device
due to the userlist not existing. This was resulting in the first 2 users
getting the same serial number, messing up C2DM message delivery. This issue
doesn't show up if you boot the device before adding a user, so it wasn't
discovered earlier.
Change-Id: I8a5d99b9ad2ccfb66a16cacac9548ba53f0be387
Issue #7211769: Crash dialog from background user has non-working "report"
The report button now launches the issue reporter for the correct user.
Also for crashes on background users, either disable the report button,
or simply don't show the dialog depending on the build config.
Issue #7244492: Bugreport button in Quick Settings doesn't actually do anything
Now they do.
Issue #7226656: second user seeing primary user's apps
I haven't had any success at reproducing this. I have tried to tighten up
the path where we create the user to ensure nothing could cause the
user's applications to be accessed before the user it fully created and thus
make them installed... but I can't convince myself that is the actual problem.
Also tightened up the user switch code to use forground broadcasts for all
of the updates about the switch (since this is really a foreground operation),
added a facility to have BOOT_COMPELTED broadcasts not get launched for
secondary users and use that on a few key system receivers, fixed some debug
output.
Change-Id: Iadf8f8e4878a86def2e495e9d0dc40c4fb347021
Keep track of user creation and last logged-in time.
adb shell dumpsys users
User switcher shouldn't show users about to be removed.
No need to check for singleton for activities.
Bug: 7194894
Change-Id: Ic9a59ea5bd544920479e191d1a1e8a77f8b6ddcf
The current MTP kernel driver at /dev/mtp_usb is exclusive, meaning
only one process can have it open. In addition, each MTP session
with a desktop requires unique object IDs, which doesn't hold true
across users on the device.
To solve these two issues, when switching users we cycle the USB host
stack to disconnect both local and remote MTP connections, giving the
new user's media process a chance to claim /dev/mtp_usb, and causing
the desktop to initiate a new MTP session.
This change also allows BroadcastReceivers to registerReceiver()
allow retrieval of a current sticky broadcast. Adds a system property
to override maximum users. Removes MOUNTED broadcasts for secondary
users. Allows INTERACT_ACROSS_USERS to getCurrentUser().
Bug: 6925114
Change-Id: I02b4a1b535af95fb2142655887b6d15a8068d18a
Add a USER_INFO_CHANGED intent for lockscreen and quicksettings to use
to monitor changes to the user name or icon.
Bug: 7164040
Change-Id: Id6fb8b6d38ce04ccd02bbadcf0c10699783d6c03
So that we don't abuse the setUserIcon() for reading. So the new method won't try
to create the file, only return it if it exists.
Change-Id: I7a81d3f1b29d14d37e71f531744ce39f21d827ac
- New public APIs to find out when a user goes to the foreground,
background, and is first initializing.
- New activity manager callback to be involved in the user switch
process, allowing other services to let it know when it is safe
to stop freezing the screen.
- Wallpaper service now implements this to handle its user switch,
telling the activity manager when it is done. (Currently this is
only handling the old wallpaper going away, we need a little more
work to correctly wait for the new wallpaper to get added.)
- Lock screen now implements the callback to do its user switch. It
also now locks itself when this happens, instead of relying on
some other entity making sure it is locked.
- Pre-boot broadcasts now go to all users.
- WallpaperManager now has an API to find out if a named wallpaper is
in use by any users.
Change-Id: I27877aef1d82126c0a1428c3d1861619ee5f8653
By default only 1 user is allowed. Some devices permit more than 1.
Set the real user limit in a device overlay for config.xml
Change-Id: I2e0bffa13393b954fcd20e55b92f20de980c58c0
Now we default to the current user instead of user 0 for most commands
(except where we can do the command for all users).
Many more commands take a user argument: force-stop, kill, profile,
dumpheap.
Improved help text.
Change-Id: I719a13b4d31b668f57ca21e51d7043ac3e0d4e1b
Environment.getUserSystemDirectory(int userId)
Use it all relevant places that was hardcoding it.
Also, wipe out the user's system directory when user is removed, otherwise old state
might be transferred to a new user.
Change-Id: I788ce9c4cf9624229e65efa7047bc0c019ccef0a
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
The activity manager now keeps track of which users are running.
Initially, only user 0 is running.
When you switch to another user, that user is started so it is
running. It is only at this point that BOOT_COMPLETED is sent
for that user and it is allowed to execute anything.
You can stop any user except user 0, which brings it back to the
same state as when you first boot the device. This is also used
to be able to more cleaning delete a user, by first stopping it
before removing its data.
There is a new broadcast ACTION_USER_STOPPED sent when a user is
stopped; system services need to handle this like they currently
handle ACTION_PACKAGE_RESTARTED when individual packages are
restarted.
Change-Id: I89adbd7cbaf4a0bb72ea201385f93477f40a4119
UserManagerService is now closely tied to PackageManagerService,
sharing the same locks. There is no longer direct access of
Installer by UserManagerService, instead the package manager is
back to solely owning it.
Creating a new user now correctly only installs system apps for
that user.
Fixed some misc bugs, where we were getting nulls when
querying content providers and instrumentation in uninstalled
users, incorrect locking, etc.
Change-Id: Ife69b6e373d0cf7c5cfc03fc588e36b43ad5d8b0
This add a new per-user state for an app, indicating whether
it is installed for that user.
All system apps are always installed for all users (we still
use disable to "uninstall" them).
Now when you call into the package manager to install an app,
it will only install the app for that user unless you supply
a flag saying to install for all users. Only being installed
for the user is just the normal install state, but all other
users have marked in their state for that app that it is not
installed.
When you call the package manager APIs for information about
apps, uninstalled apps are treated as really being not visible
(somewhat more-so than disabled apps), unless you use the
GET_UNINSTALLED_PACKAGES flag.
If another user calls to install an app that is already installed,
just not for them, then the normal install process takes place
but in addition that user's installed state is toggled on.
The package manager will not send PACKAGE_ADDED, PACKAGE_REMOVED,
PACKAGE_REPLACED etc broadcasts to users who don't have a package
installed or not being involved in a change in the install state.
There are a few things that are not quite right with this -- for
example if you go through a full install (with a new apk) of an
app for one user who doesn't have it already installed, you will
still get the PACKAGED_REPLACED messages even though this is
technically the first install for your user. I'm not sure how
much of an issue this is.
When you call the existing API to uninstall an app, this toggles
the installed state of the app for that user to be off. Only if
that is the last user user that has the app uinstalled will it
actually be removed from the device. Again there is a new flag
you can pass in to force the app to be uninstalled for all users.
Also fixed issues with cleaning external storage of apps, which
was not dealing with multiple users. We now keep track of cleaning
each user for each package.
Change-Id: I00e66452b149defc08c5e0183fa673f532465ed5
So each user can have their own set of intent resolution preferences.
ResolverActivity now launches the activity on the correct user, and
persists the preference for the correct user.
Bug: 6961905
Change-Id: I6d3a8a9af89bc649277d4fc8d0f367ee123f8392
Use AtomicFile for usermanager files.
Added a MANAGE_USERS permission that apps (signature permission) can use
to create/query/modify/remove users.
Change-Id: I5cf232232d0539e7508df8ec9b216e29c2351cd9
