| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix up protected apps filter.
Move filtering to correct place (when querying providers,
ResolveInfo.activityInfo is null), and port over commit
4dad4a4e84ec385a80ebfae91c4dcd03ec30c9d0 from cm-11.0.
Protected Apps: do not filter components from the same UID
pm: Use ArraySet instead of HashSet
packagemanager: Use ArrayMap/ArraySet as per AOSP
* To reduce memory consumption
Change-Id: Ic690387cd21fdfa09ef5fb19bd3de9305050cf6e
|
| |
|
|
|
|
| |
bug:22700053
Change-Id: I8540eb8577fbec84e1a67e31e1c31ba654c828a4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now place whoever is receiving the MMS on the temporary
whitelist while doing so, so they can get network access to
download it.
There was also an issue that needed to be fixed where we
were no longer updating the list of allowed uids while
dozing based on their proc states... we now do that.
Also did a bit of optimization of the temp white list update
path do the network policy manager, instead of going through
a broadcast we now directly call in to the network policy
manager. This also allows us to have a synchronous version
of updating the list, so we can know the app has network access
before we tell it to do anything.
Finally added battery stats events for things going on and off
the whitelist so we can diagnose the behavior there.
Change-Id: Ic7fe010af680034d9f8cb014bb135b2addef7455
|
| |
|
|
|
|
|
|
|
| |
Added Context.sendBroadcastMultiplePermissions(Intent intent, String[]
receiverPermissions) method, which allows an array of required permissions
to be enforced.
Bug: 21852542
Change-Id: I27c9130e8f004b428452501ebc8a36aabde1f343
|
| |
|
|
|
|
| |
This reverts commit b4e7283c9afd9fb15ebd63f6ce9b75c9c1af658b.
Change-Id: Ie8390964bda5bdfa869cee8f46584043d8e7c664
|
| |
|
|
|
|
|
|
| |
Added Context.sendBroadcast(Intent intent, String[] receiverPermissions)
method, which allows an array of required permissions to be enforced.
Bug: 21852542
Change-Id: I3b8ff258fa9f3249c344bb8093b820b24eef00c0
|
| |
|
|
|
|
| |
bug:22177216
Change-Id: I32227f55097fae997f33743fd1eee06cb18f47f1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issue #21814207: AlarmManager.setAndAllowWhileIdle should also allow wake locks.
Introduce a whole new infrastructure for providing options when
sending broadcasts, much like ActivityOptions. There is a single
option right now, asking the activity manager to apply a tempory
whitelist to each receiver of the broadcast.
Issue #21814212: Need to allow configuration of alarm manager parameters
The various alarm manager timing configurations are not modifiable
through settings, much like DeviceIdleController. Also did a few
tweaks in the existing DeviceIdleController impl.
Change-Id: Ifd01013185acc4de668617b1e46e78e30ebed041
|
| |
|
|
| |
Change-Id: I1ce450a59fb326c14848f46732d877dea33f33c7
|
| |
|
|
|
|
| |
bug:21511988
Change-Id: I9d1d7adf34b68074e65510f53b6e642cf784cf6b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:
1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.
2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.
3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.
Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since package and primary storage movement can take quite awhile,
we want to have SystemUI surface progress and allow the Settings
app to be torn down while the movement proceeds in the background.
Movement requests now return a unique ID that identifies an ongoing
operation, and interested parties can observe ongoing progress and
final status. Internally, progress and status are overloaded so
the values 0-100 are progress, and any values outside that range
are terminal status.
Add explicit constants for special-cased volume UUIDs, and change
the APIs to accept VolumeInfo to reduce confusion. Internally the
UUID value "null" means internal storage, and "primary_physical"
means the current primary physical volume. These values are used
for both package and primary storage movement destinations.
Persist the current primary storage location in MountService
metadata, since it can be moved over time.
Surface disk scanned events with separate volume count so we can
determine when it's partitioned successfully. Also send broadcast
to support TvSettings launching into adoption flow.
Bug: 19993667
Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10
|
| |
|
|
|
|
|
|
| |
Since packages can be moved to other volumes, all relevant commands
to installd now require an explicit volume UUID parameter.
Bug: 20275577
Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e
|
| |
|
|
|
|
|
|
|
| |
The READ_PHONE_STATE permission protects PII information and
is in the Phone group. This change is adding the corrseponding
app op for gating access to the API guarded by READ_POHNE state
which will be used instead as an access control for legacy apps.
Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add API to determine the possible candidate volumes that a package
can be moved to. For example, it currently knows that we need to
move ASEC-based apps through internal storage before migrating them
to a private volume.
Comparator for consistent VolumeInfo ordering when displayed in UI.
Fix native library symlink to be volume UUID aware.
Bug: 19993667
Change-Id: I68d5fac5f0f776ac1c7dd15e7a984bfe2704f3f7
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add private PackageManager APIs for setting/getting the default
Browser App package name
- serialize / deserialize the default Browser App package name per User
Also relax the Hosts name validation for the AppLinls feature. Now we
just care if the IntentFilter is having an HTTP or HTTPS scheme.
Change-Id: I4436f66ac6beff57e14f7f3a2a00b0b582c03be9
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| | |
Bug: 19369537
Change-Id: I78e319667cbfaeb51f471d18c4fefeac01d49d80
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add private API PackageManager.getAllIntentFilters(String)
for getting all IntentFilters from a given package
- update IntentFilterVerificationInfo to use an ArrayList<String>
for domains instead of a String[]
- if you make an App a default domain handler then make the
others as non default
- create an IntentVerificationInfo even if the App IntentFilters
do not need to be verified. This would be done only if the App
has some domain URLs defined and would allow to make it the
default handler for a domain
- a few code optimizations here and there
Change-Id: I4535372a0bb1a2c8e662e1485be8ca700003e9b3
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PackageManager now offers to load/unload packages when expanded
volumes are mounted/unmounted. Expanded storage volumes are still
treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view,
but this change starts treating the INSTALL_EXTERNAL flag as
exclusively meaning ASEC containers.
Start tracking the UUID of the volume where a package is installed,
giving us a quick way to find relevant packages. When resolving an
install location, look across all expanded volumes and pick the one
with the largest free space. When upgrading an existing package,
continue preferring the existing volume. PackageInstaller now knows
how to stage on these volumes.
Add new movePackage() variant that accepts a target volume UUID
as destination, it will eventually move data too. Expose this
move command through "pm" command for testing.
Automount expanded volumes when they appear.
Bug: 19993667
Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The purpose of this feature is to prompt the Disambiguation dialog
to Users as less as possible.
- add the new "autoVerify" property to the IntentFilter class
- add new APIs to PackageManager:
verifyIntentFilter(int, int, List<String>),
getIntentVerificationStatus(String, int),
updateIntentVerificationStatus(String, int, int),
getIntentFilterVerifications(String)
for supporting IntentFilter verification
- add support for multi-user
- update PackageManager for IntentFilter verification:
basically when we are installing a new package, ask for verification
of all domains from the IntentFilters that have the "autoVerify" to true.
This means that the PackageManager will send a well defined protected
broadcast (with a new INTENT_FILTER_NEEDS_VERIFICATION action) to
an IntentFilter verifier to do the real job of verification.
We are passing in the broadcast Intent all the necessary data for
doing the verification. The PackageManager will receive as response
the result code of the domain verifications and, if needed, the list
of domains that have failed the verification.
- add a new INTENT_FILTER_VERIFICATION_AGENT permission that needs to
be set by an intent filter verifier to be considered as a trustable
party by the PackageManager.
- add also a new BIND_INTENT_FILTER_VERIFIER permission for securing
the binding between the PackageManager and a service doing the
intent filter verifications.
- add ResolveInfo filterNeedsVerification which is a boolean
to knows if the IntentFilter is of a type that needs a verification
(action VIEW, category BROWABLE, HTTP/HTTPS data URI)
- add new "domain-preferred-apps" / "d" dump command for listing the
prefered Apps for all domains
- add new "intent-filter-verifiers" / "ivf" command for listing the
IntentFilterVerifier used
- introduce the IntentVerificationService which is a basic service
for verifying IntentFilters. This service will send HTTPS requests
to the domain declared in the IntentFilter(s) for doing the
verification. This service has a low priority level so that it
can be replaced by a more sophisticated one if needed. This service
is updating the PackageManager intent verification states thru
the updateIntentVerificationStatus(...) API.
- update MockPackageManager
Change-Id: I0bfed193d0bf1f7c7ac79f6c1b160b7ab93b5fb5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before all permissions were granted at install time at once, so the user
was persented with an all or nothing choice. In the new runtime permissions
model all dangarous permissions (nomal are always granted and signature
one are granted if signatures match) are not granted at install time and
the app can request them as necessary at runtime.
Before, all granted permission to an app were identical for all users as
granting is performed at install time. However, the new runtime model
allows the same app running under two different users to have different
runtime permission grants. This change refactors the permissions book
keeping in the package manager to enable per user permission tracking.
The change also adds the app facing APIs for requesting runtime permissions.
Change-Id: Icbf2fc2ced15c42ca206c335996206bd1a4a4be5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added an overload of getSystemService() that takes a class instead of a
service name to eliminate the extra cast and provide more type safety.
Cleaned up docs.
Removed the default constructor of BatteryManager which should not have
existed.
Change-Id: I9da46b20641fc83ecd3342560e5b94cb721f289c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All but a few lines of this is for issue #16013164, which allowed
apps to do some operations as the media uid by having it call
back to them to open a file. The problem here is with the tempory
identity stuff in the activity manager, allowing us to make the open
call as the original caller... ideally we should figure out a way
to just get rid of all of that, but the solution here is actually
easier (even though it doesn't look it) -- we now hand a token over
to the openFile() call that it can use when doing permission checks
to say "yes I would like the check to be against whoever is responsible
for the open". This allows us to do the uid remapping for only this
one specific set of permission checks, and nothing else.
Also fix issue #17487348: Isolated services can access system services
they shouldn't be able to. Don't send any system service IBinder objects
down for the first initialization of an isolated process.
Change-Id: I3c70e16e0899d7eef0bae458e83958b41ed2b75e
|
| |
|
|
|
| |
Bug: 17565501
Change-Id: Id5741e6e7a40750feee1cd7306e79f7baeec67de
|
| |
|
|
|
| |
Bug: 17125560
Change-Id: I61b884186c96cc54dcaf1d3c7ee8f47610fd1d21
|
| |
|
|
|
|
|
| |
Clean up unused methods.
Bug: 17389110
Change-Id: I8a80fe3e14219f06572de05c390cdda0efcbf5db
|
| |
|
|
|
|
| |
bug:17390424
Change-Id: I498d2541289915cb7db16e5c3249ccc7a7dc5ee6
|
| |
|
|
|
|
|
|
|
| |
Hide KeySet API. Change getKeySetByAlias to not require aliases from the calling
package. Make KeySet parcelable. Add hashCode method.
Bug: 16895228
Bug: 17009318
Change-Id: I75951947dfc7a3cca9f8873bda72576d11abaaf0
|
| |
|
|
|
| |
Bug: 16646591
Change-Id: Iaf6837fe4390ac1018c49df366ea434776ed7244
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The goal of this change is to enable support for appwidget from
user profiles to the user main profile. A user profile is a user
which is associated as a child of the main user profile. For example,
a user may have a personal (parent) and corporate (child) profile.
The device policy should be able to control whether adding a widget
from a child profile and given packages is allowed. This change
assumes that all packages from managed profiles are white listed.
Another change will add the device policy changes.
Change-Id: I267260b55d74c48b112a29979a9f59eef7a8194e
|
| |
|
|
|
|
|
| |
Mostly cosmetic changes from API council feedback.
Bug: 16543552
Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59
|
| |
|
|
|
|
|
|
| |
This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.
Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
|
| |
|
|
|
|
|
|
|
| |
This provides a directory where apps can cache compiled or optimized
code generated at runtime. The platform will delete all files in
this location on both app and platform upgrade.
Bug: 16187224
Change-Id: I641b21d841c436247f35ff235317e3a4ba520441
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Flesh out documentation and finalize first cut of API. Also surface
installLocation and splitNames through PackageInfo.
Bug: 14975160, 15348430
Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an app-private filesystem space exactly like the one
reported by Context.getFilesDir(), with one exception: files
placed here are never backed up by the full-backup infrastructure.
If an app attempts to back up any of its contents via the normal
API it's immediately ignored with a logged warning.
The restriction is also enforced on the restore side, because
apps using support libraries might wind up creating full backup
archives containing no_backup subdirs on pre-L devices (via
adb backup, Helium, &c.). We check for this before passing the
restore data to the app, and drop it if we detect the situation
so that the app never sees the bits.
Bug 16240573
Change-Id: I11216a391f1d32117ec7ce15aafc9cd93d0337de
|
| |/
|
|
|
|
|
| |
Previously submitted but reverted due to doc-compilation bug.
Bug: 6967056
Change-Id: I9bd7ef299a4c92c4b327f5b5d7e951f0753b4c8a
|
| |
|
|
| |
This reverts commit 9a643fe02bc960e266484547dda5572b094a4c72.
|
| |
|
|
|
| |
Bug: 6967056
Change-Id: I47a01bd5dc25591cc70f58f38920ad0a021094ae
|
| |
|
|
|
|
|
|
|
| |
So, corporate apps in disambiguation dialogs are badged.
And updating the way we show the icon of the personal space to this new design.
BUG: 14377051
Change-Id: Idc707773a64a8feb2d9d4df88c425d5100542636
|
| |
|
|
|
| |
Bug: 15466880
Change-Id: Ib5a030e78559307627fe0d2e80ce6f1a7825109d
|
| |
|
|
|
|
|
|
|
| |
In an intent disambiguation dialog from a managed profile,
when the intent can be forwarded to the personal space:
show the icon of the parent next to "Personal apps".
And put it at the bottom of the dialog.
Change-Id: I523222aac5dde9653e784eb26cf23cdaf018b86c
|
| |
|
|
|
| |
Bug: 15466742
Change-Id: Id9af588f2f3d51a562ef2a06fe7404c96123cc2e
|
| |
|
|
|
|
|
|
|
|
| |
For these crossProfileIntentFilters, the activities in the current profile cannot
respond to the intent.
Only activities in the target profile can respond to the intent.
BUG: 14936725
Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
|
| |\
| |
| |
| |
| |
| |
| | |
lmp-preview-dev
* commit '9a78d4deb2d00dc67b2c11daf76b389e0712b535':
Per-app media directories on external storage.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change defines per-app directories on external storage that
will be scanned and included in MediaStore. This gives apps a way
to write content to secondary shared storage in a way that can
easily be surfaced to other apps.
Bug: 14382377
Change-Id: I4cb367c870509e76f0c2c598f01e2f699780030a
|
| |/
|
|
|
|
|
|
| |
For example, replace ForwardingIntentFilter by CrossProfileIntentFilter
Bug: 15023443
Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
|
| |
|
|
|
|
| |
Needed for delivering SMS notifications to multiple users.
Change-Id: Ib772292699aba37144621742e6f0ee5c68aadd78
|
