java.lang.SecurityException: Operation not allowed
There was a situation I wasn't taking into account -- components
declared by the system has a special ability to run in the processes
of other uids. This means that if that code loaded into another
process tries to do anything needing an app op verification, it will
fail, because it will say it is calling as the system package name but
it is not actually coming from the system uid.
To fix this, we add a new Context.getOpPackageName() to go along-side
getBasePackageName(). This is a special call for use by all app ops
verification, which will be initialized with either the base package
name, the actual package name, or now the default package name of the
process if we are creating a context for system code being loaded into
a non-system process.
I had to update all of the code doing app ops checks to switch to this
method to get the calling package name.
Also improve the security exception throw to have a more descriptive
error message.
Change-Id: Ic04f77b3938585b02fccabbc12d2f0dc62b9ef25
netd now tracks statistics for tethered interfaces across tethering
sessions, so switch to asking for all tethering stats. (Currently
we're double-counting all tethering data, ever since it started
tracking across sessions.)
Also catch OOME to handle corrupt stats files, which we then dump to
DropBox and then start over.
Bug: 5868832, 9796109
Change-Id: I2eb2a1bf01b993dd198597d770fe0e022466c6b9
Fix a race when quitting the looper's message queue that could
cause the mPtr field to be zeroed out and the native object to
be destroyed while still in use.
This happened due to an optimization that was intended to release
the native looper's file descriptor as soon as the last message
was processed rather than waiting for the finalizer to run.
Bug: 9726217
Change-Id: I695a9a657acfdb3ce65a5737ff20cd11113d15fa
Able to config network specific MTU size. Normally, the default size of MTU is 1500.
US - ATT 1410, TMUS 1440, SPRINT 1422
KR - SKT 1440, KT 1450, LGU+ 1428
JP - KDDI 1420, SoftBank 1340
CA - RGS 1430, FIDO 1430, MTS 1430, BELL 1358, SaskTel 1358
AU - TEL 1400
Bug: 10195070
Change-Id: Ie18650b37a3d44af944f2dae4aa97c04fb12cd5e
- Under a normal situation, if an exception happens in managed, the stack trace
will be printed to logcat.
- Hitherto, the Binder#execTransact call silently caught exceptions and passed
them to the remote side with Parcel#writeException
- Although this behavior might be acceptable when there is a remote side,
for FLAG_ONEWAY calls the exception effectively disappeared.
- From the user point of view, it looked like code execution "halted" when an
exception was thrown.
This tries to make the binder exception handling behavior more like normal,
by printing the exception to the log, to give a better indication of what
happened.
Change-Id: I1f37f0468f61e766a71db60d2fda2104936ab096
Using a contract class requires that a provider implement it exactly
with little help. This change introduces a DocumentsProvider abstract
class that provides a client-side implementation of the contract that
greatly reduces developer burden, and improves correctness.
This also moves to first-class DocumentRoot objects, and moves calls
with complex side effects to be ContentProvider.call() invocations,
offering more granular permission control over Uri operations that
shouldn't be available through Uri grants.
This new design also relaxes the requirement that root information be
burned into every Uri. Migrate ExternalDocumentsProvider and
DocumentsUI to adopt new API.
Bug: 10497206
Change-Id: I6f2b3f519bfd62a9d693223ea5628a971ce2e743
1. Added support for selecting a printer from the all printers activity
that is not in the initial printer selection drop down. The user
initially sees a sub set of the printers in the drop down and the
last option is to see all printers in a separate activity. Some
of the printers in the all printers activity are not shown in the
initial drop down.
2. Refactored printer discovery by adding (private for now) printer
discovery app facing APIs. These APIs are needed to support multiple
printer selection activities (print dialog and all printers activities)
and also the settings for showing all printers for a service.
Now multiple apps can request observing for printers and there is
a centralized mediator that ensures the same printer discovery
session is used. The mediator dispatches printer discovery specific
requests to print services. It also aggregates discovered printers
and delivers them to the interested apps. The mediator minimizes
printer discovery session creation and starting and stopping discovery
by sharing the same discovery session and discovery window with
multiple apps. Lastly, the mediator takes care of print services
enabled during discovery by bringing them up to the current
discovery state (create discovery session and start discovery if
needed). The mediator also reports disappearing of the printers
of a service removed during discovery and notifies a newly
registered observers for the currnet printers if the observers are
added during an active printer discovery session.
3. Fixed bugs in the print UI and implemented some UX tweaks.
Change-Id: I4d0b0c5a6c6f1809b2ba5dbc8e9d63ab3d48f1ef
When reading from the end of a pipe or socket, there is no way to
tell if the other end has finished successfully, encountered an error,
or outright crashed. To solve this, we create a second socketpair()
as a communication channel between the two ends of a pipe or
socket pair, sending a status code with details about why the
ParcelFileDescriptor was closed.
The writer end of a pipe or socket can closeWithError() to send a
message to the reader end. When the reader encounters EOF, they
call checkError() to detect if any error occured. This also detects
the case where the remote process died without sending a success
message.
This design is also extended to support regular files on disk, using
the communication channel above to detect various remote close events
or crashes, and delivering that event to a supplied OnCloseListener.
Replaces JNI with best-practice Libcore.os calls, and deprecates
some flags to match Context.
Bug: 10330121
Change-Id: I8cfa1e4fb6f57397667c7f785106193e0faccad3
Provide developer APIs to discover application-specific paths on
secondary external storage devices. Covers files, cache, and OBB
directories. Apps will not have write access outside their package-
specific directories on secondary devices, so only primary storage is
exposed through Environment.
Creation of .nomedia files will be handled by FUSE daemon in future
change.
Change-Id: Ifcce6201a686d80269d7285adb597c008cf8fa7c
Bug #10228005
From the ThreadPoolExecutor documentation:
- If fewer than corePoolSize threads are running, the Executor
always prefers adding a new thread rather than queuing.
- If corePoolSize or more threads are running, the Executor
always prefers queuing a request rather than adding a new thread.
- If a request cannot be queued, a new thread is created unless
this would exceed maximumPoolSize, in which case, the task will
be rejected.
Before this change AsyncTask could create up to 128 threads because
of the limited queue of 10 items (the capacity of a blocking queue
is fixed.)
This change increases the size of the queue to 128 items and reduces
the maximum number of threads to the number of CPU cores * 2 + 1.
Apps can still submit the same number of tasks.
Change-Id: I015d77b53b6a9fda39c618830b34d45a10de5571
The FUSE daemon is using packages.list to map from package name to
appId after it drops permissions, so create a new "package_info" GID
to grant read access.
Also switches FileUtils to use Libcore.os.
Change-Id: I9451ca4e90e8a985526805c6df0888a244a1db36
Also fix a bug where, when parceling the stats, we were
computing the final duration values too late. We need to
do that before we write the long table.
Change-Id: Idb6c1ed95417448c56973fe5866bfb3570e525f4
Available for retrieval via future APIs if desired. Dumped by dumpsys.
Not added to batterystats or ACTION_BATTERY_CHANGED intents at this point.
Also fixes a formatting problem in the existing dumpsys output for voltage.
Change-Id: I5320b19035914256fb872c13095c09c648dd522a
ProcessStats is now called ProcessCpuTracker.
ProcessTracker is now ProcessStatsService, and its inner State
class is broken out into a separate top-level ProcessStats class.
This ProcessStats is moved to the framework, so we will be able
to use it elsewhere.
Change-Id: I6a127bcb835b6b474b72647c0b99b82c2137e5c5
The bindService() and startService() calls have always had
undefined behavior when used with an implicit Intent and there
are multiple matching services. Because of this, it is not
safe for applications to use such Intents when interacting with
services, yet the platform would merrily go about doing... something.
In KLP I want to cause this case to be invalid, resulting in
an exception thrown back to the app. Unfortunately there are
lots of (scary) things relying on this behavior, so we can't
immediately turn it into an exception, even one qualified by the
caller's target SDK version.
In this change, we start loggin a WTF when such a call happens,
and clean up some stuff in Bluetooth that was doing this behavior.
Change-Id: I62e25d07890588d2362104e20b054aebb6c0e007
The Process natives were getting called were getting called while
handling a jdwp packet before the vm had a chance to register them.
(cherry-pick of 5bce6a308fc8a3c1e449cf905b8b6e8ace4ef3e2.)
Change-Id: Ia2b4f79b11e427283a712b2d0c52948f394640bf
Try to deal with unmarshalling old parcels. Turns out someone
was writing a parcel to disk storing a Bundle. Naughty, naughty.
This helps us not completely keel over.
Change-Id: Id343da2690b7bab89f6c3cb6fad1b92f270dad03
Since this is an operation that could take a few seconds to run and needs to be
completed even if Settings dies, best to do it in the user manager.
Refactored PIN challenge/setup UI with a field to verify existing pin
when changing to a new one.
Change-Id: I0b7df5b2ccb7f343aa9282a9245d3bc2b577a794
These new constants are a better mapping to the kind of
information that procstats is wanting to collect about
processes. In doing this, the process states are tweaked
to have a bit more information that we care about for
procstats.
This changes the format of the data printed by procstats,
so the checkin version is bumped to 2. The structure is
the same, however the codes for process states have all
changed. The new codes are, in order of precedence:
p -- persistent system process.
t -- top activity; actually any visible activity.
f -- important foreground process (ime, wallpaper, etc).
b -- important background process
u -- performing backup operation.
w -- heavy-weight process (currently not used).
s -- background process running a service.
r -- process running a receiver.
h -- process hosting home/launcher app when not on top.
l -- process hosting the last app the user was in.
a -- cached process hosting a previous activity.
c -- cached process hosting a client activity.
e -- cached process that is empty.
In addition, we are now collecting uss along with pss
data for each process, so the pss checkin entries now
have three new values at the end of the min/avg/max uss
values of that process.
With this switch to using process state constants more
fundamentally, I realized that they could actually be
used by the core oom adj code to make it a lot cleaner.
So that change has been made, that code has changed quite
radically, and lost a lot of its secondary states and flags
that it used to use in its computation, now relying on
primarily the oom_adj and proc state values for the process.
This also cleaned up a few problems -- for example for
purposes of determing the memory level of the device, if a
long-running service dropped into the cached oom_adj level,
it would start being counted as a cached process and thus
make us think that the memory state is better than it is.
Now we do this based on the proc state, which always stays
as a service regardless of what is happening like this, giving
as a more consistent view of the memory state of the device.
Making proc state a more fundamentally part of the oom adj
computation means that the values can also be more carefully
tuned in semantic meaning so the value assigned to a process
doesn't tend to change unless the semantics of the process
has really significantly changed.
For example, a process will be assigned the service state
regardless of whether that services is executing operations
in the foreground, running normally, or has been dropped to
the lru list for pruning. The top state is used for everything
related to activities visible to the user: when actually on
top, visible but not on top, currently pausing, etc.
There is a new Context.BIND_SHOWING_UI added for when system
services bind to apps, to explicitly indicate that the app
is showing UI for the system. This gives us a better metric
to determine when it is showing UI, and thus when it needs
to do a memory trim when it is no longer in that state. Without
this, services could get in bad states of continually trimming.
Finally, more HashSet containers have been changed to ArraySet,
reducing the temporary iterators created for iterating over
them.
Change-Id: I1724113f42abe7862e8aecb6faae5a7620245e89
Fix links in @throws clauses, typos, redundant "returns"
and use @code for true + false in returns.
Change-Id: Ic3c4c75d6061732d997a386dc3232475c992c188
