| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
bug:21511988
Change-Id: I9d1d7adf34b68074e65510f53b6e642cf784cf6b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:
1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.
2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.
3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.
Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since package and primary storage movement can take quite awhile,
we want to have SystemUI surface progress and allow the Settings
app to be torn down while the movement proceeds in the background.
Movement requests now return a unique ID that identifies an ongoing
operation, and interested parties can observe ongoing progress and
final status. Internally, progress and status are overloaded so
the values 0-100 are progress, and any values outside that range
are terminal status.
Add explicit constants for special-cased volume UUIDs, and change
the APIs to accept VolumeInfo to reduce confusion. Internally the
UUID value "null" means internal storage, and "primary_physical"
means the current primary physical volume. These values are used
for both package and primary storage movement destinations.
Persist the current primary storage location in MountService
metadata, since it can be moved over time.
Surface disk scanned events with separate volume count so we can
determine when it's partitioned successfully. Also send broadcast
to support TvSettings launching into adoption flow.
Bug: 19993667
Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10
|
| |
|
|
|
|
|
|
| |
Since packages can be moved to other volumes, all relevant commands
to installd now require an explicit volume UUID parameter.
Bug: 20275577
Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e
|
| |
|
|
|
|
|
|
|
| |
The READ_PHONE_STATE permission protects PII information and
is in the Phone group. This change is adding the corrseponding
app op for gating access to the API guarded by READ_POHNE state
which will be used instead as an access control for legacy apps.
Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add API to determine the possible candidate volumes that a package
can be moved to. For example, it currently knows that we need to
move ASEC-based apps through internal storage before migrating them
to a private volume.
Comparator for consistent VolumeInfo ordering when displayed in UI.
Fix native library symlink to be volume UUID aware.
Bug: 19993667
Change-Id: I68d5fac5f0f776ac1c7dd15e7a984bfe2704f3f7
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add private PackageManager APIs for setting/getting the default
Browser App package name
- serialize / deserialize the default Browser App package name per User
Also relax the Hosts name validation for the AppLinls feature. Now we
just care if the IntentFilter is having an HTTP or HTTPS scheme.
Change-Id: I4436f66ac6beff57e14f7f3a2a00b0b582c03be9
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| | |
Bug: 19369537
Change-Id: I78e319667cbfaeb51f471d18c4fefeac01d49d80
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add private API PackageManager.getAllIntentFilters(String)
for getting all IntentFilters from a given package
- update IntentFilterVerificationInfo to use an ArrayList<String>
for domains instead of a String[]
- if you make an App a default domain handler then make the
others as non default
- create an IntentVerificationInfo even if the App IntentFilters
do not need to be verified. This would be done only if the App
has some domain URLs defined and would allow to make it the
default handler for a domain
- a few code optimizations here and there
Change-Id: I4535372a0bb1a2c8e662e1485be8ca700003e9b3
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PackageManager now offers to load/unload packages when expanded
volumes are mounted/unmounted. Expanded storage volumes are still
treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view,
but this change starts treating the INSTALL_EXTERNAL flag as
exclusively meaning ASEC containers.
Start tracking the UUID of the volume where a package is installed,
giving us a quick way to find relevant packages. When resolving an
install location, look across all expanded volumes and pick the one
with the largest free space. When upgrading an existing package,
continue preferring the existing volume. PackageInstaller now knows
how to stage on these volumes.
Add new movePackage() variant that accepts a target volume UUID
as destination, it will eventually move data too. Expose this
move command through "pm" command for testing.
Automount expanded volumes when they appear.
Bug: 19993667
Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The purpose of this feature is to prompt the Disambiguation dialog
to Users as less as possible.
- add the new "autoVerify" property to the IntentFilter class
- add new APIs to PackageManager:
verifyIntentFilter(int, int, List<String>),
getIntentVerificationStatus(String, int),
updateIntentVerificationStatus(String, int, int),
getIntentFilterVerifications(String)
for supporting IntentFilter verification
- add support for multi-user
- update PackageManager for IntentFilter verification:
basically when we are installing a new package, ask for verification
of all domains from the IntentFilters that have the "autoVerify" to true.
This means that the PackageManager will send a well defined protected
broadcast (with a new INTENT_FILTER_NEEDS_VERIFICATION action) to
an IntentFilter verifier to do the real job of verification.
We are passing in the broadcast Intent all the necessary data for
doing the verification. The PackageManager will receive as response
the result code of the domain verifications and, if needed, the list
of domains that have failed the verification.
- add a new INTENT_FILTER_VERIFICATION_AGENT permission that needs to
be set by an intent filter verifier to be considered as a trustable
party by the PackageManager.
- add also a new BIND_INTENT_FILTER_VERIFIER permission for securing
the binding between the PackageManager and a service doing the
intent filter verifications.
- add ResolveInfo filterNeedsVerification which is a boolean
to knows if the IntentFilter is of a type that needs a verification
(action VIEW, category BROWABLE, HTTP/HTTPS data URI)
- add new "domain-preferred-apps" / "d" dump command for listing the
prefered Apps for all domains
- add new "intent-filter-verifiers" / "ivf" command for listing the
IntentFilterVerifier used
- introduce the IntentVerificationService which is a basic service
for verifying IntentFilters. This service will send HTTPS requests
to the domain declared in the IntentFilter(s) for doing the
verification. This service has a low priority level so that it
can be replaced by a more sophisticated one if needed. This service
is updating the PackageManager intent verification states thru
the updateIntentVerificationStatus(...) API.
- update MockPackageManager
Change-Id: I0bfed193d0bf1f7c7ac79f6c1b160b7ab93b5fb5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before all permissions were granted at install time at once, so the user
was persented with an all or nothing choice. In the new runtime permissions
model all dangarous permissions (nomal are always granted and signature
one are granted if signatures match) are not granted at install time and
the app can request them as necessary at runtime.
Before, all granted permission to an app were identical for all users as
granting is performed at install time. However, the new runtime model
allows the same app running under two different users to have different
runtime permission grants. This change refactors the permissions book
keeping in the package manager to enable per user permission tracking.
The change also adds the app facing APIs for requesting runtime permissions.
Change-Id: Icbf2fc2ced15c42ca206c335996206bd1a4a4be5
|
| |
|
|
|
|
| |
"Delegating" was misspelled in various ways.
Change-Id: I7b441f1c33b7d876b8f82829fddc1eb017cce2d0
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added an overload of getSystemService() that takes a class instead of a
service name to eliminate the extra cast and provide more type safety.
Cleaned up docs.
Removed the default constructor of BatteryManager which should not have
existed.
Change-Id: I9da46b20641fc83ecd3342560e5b94cb721f289c
|
| |\
| |
| |
| |
| |
| |
| | |
process." into lmp-mr1-dev
* commit '42fec57f3addfb1958f814b5d6772ff81341ba20':
Fix issue with call backs from media process.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All but a few lines of this is for issue #16013164, which allowed
apps to do some operations as the media uid by having it call
back to them to open a file. The problem here is with the tempory
identity stuff in the activity manager, allowing us to make the open
call as the original caller... ideally we should figure out a way
to just get rid of all of that, but the solution here is actually
easier (even though it doesn't look it) -- we now hand a token over
to the openFile() call that it can use when doing permission checks
to say "yes I would like the check to be against whoever is responsible
for the open". This allows us to do the uid remapping for only this
one specific set of permission checks, and nothing else.
Also fix issue #17487348: Isolated services can access system services
they shouldn't be able to. Don't send any system service IBinder objects
down for the first initialization of an isolated process.
Change-Id: I3c70e16e0899d7eef0bae458e83958b41ed2b75e
|
| |\ \
| |/
| |
| |
| |
| |
| | |
starting" when not upgrading." into lmp-mr1-dev
* commit '73577862ffe6332f326628febfa1fbb9e693bb40':
Change boot screen title to "Android is starting" when not upgrading.
|
| | |
| |
| |
| |
| | |
Bug: 17565501
Change-Id: Id5741e6e7a40750feee1cd7306e79f7baeec67de
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Activity in ActivityUnitTestCase." into lmp-sprout-dev
* commit '6c99561384dafaa080b804078e55c6167efe0e11':
Log exception when creating Activity in ActivityUnitTestCase.
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | | |
ActivityUnitTestCase." into lmp-sprout-dev
* commit '49e2371a271e33bbe8177c3f87d5f3b8ef7f59c5':
Log exception when creating Activity in ActivityUnitTestCase.
|
| | | |\
| | | |
| | | |
| | | | |
lmp-sprout-dev
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the creation of an Activity fails, it is impossible to determine what
went wrong. We should log the exception immediately before failing on assert.
Change-Id: Ie6cbe87ff342b8d60989f5e1a6ffa3efc058c585
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
framework to allow Mockito tests to run successfully on ART." into lmp-dev
* commit '59f7c4c749fb69c9f83a3d28784147a941fecc58':
Fix test framework to allow Mockito tests to run successfully on ART.
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | | |
to run successfully on ART." into lmp-dev
* commit 'f35c305f45db60394c3c7fec2e41b38963da70ca':
Fix test framework to allow Mockito tests to run successfully on ART.
|
| | | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, Mockito tests don't run on ART (KitKat & L) due to an extra
NoClassDefFoundError exception being thrown while trying to resolve
internal test runner classes. These exceptions are benign, Mockito's
internal test runners all inherit from org.junit.runner.Runner, which is
not included in the setup, but none of them are actually used in tests.
The same apks succeed on Dalvik, and logcat shows the same exceptions
going by, minus the NCDFE's.
Section 5.3 of the VM spec says the virtual machine has to wrap a
ClassNotFoundException in NoClassDefFoundError if the first exception
arises from verification or resolution but not initialization of that
particular class.
Bug: 17042833
Change-Id: I3af20f6884d9fa3afc3fbf9fcb238be10267827a
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
and unbadge permissions." into lmp-mr1-dev
* commit '00fcb749cbd26c83d1a29a974bd92967b41c5882':
Introduce new API to get an unbadged icon and unbadge permissions.
|
| | |/
| |
| |
| |
| | |
Bug: 17125560
Change-Id: I61b884186c96cc54dcaf1d3c7ee8f47610fd1d21
|
| |\ \
| |/
|/|
| | |
Change-Id: I2588c65b7a9fa43f968151a206924a804f0595a7
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The motivation is an API change: FloatMath is going to be
deprecated and/or removed. Performance is not the goal of
this change.
That said...
Math is faster than FloatMath with AOT compilation.
While making the change, occurances of:
{Float}Math.sqrt(x * x + y * y) and
{Float}Math.sqrt({Float}Math.pow(x, 2) + {Float}Math.pow(y, 2))
have been replaced with:
{(float)} Math.hypot(x, y)
Right now there is no runtime intrinsic for hypot so is not faster
in all cases for AOT compilation:
Math.sqrt(x * x + y * y) is faster than Math.hypot(x, y) with
AOT, but all other combinations of FloatMath, use of pow() etc.
are slower than hypot().
hypot() has the advantage of being self documenting and
could be optimized in future. None of the behavior differences
around NaN and rounding appear to be important for the cases
looked at: they all assume results and arguments are in range
and usually the results are cast to float.
Different implementations measured on hammerhead / L:
AOT compiled:
[FloatMath.hypot(x, y)]
benchmark=Hypot_FloatMathHypot} 633.85 ns; σ=0.32 ns @ 3 trials
[FloatMath.sqrt(x*x + y*y)]
benchmark=Hypot_FloatMathSqrtMult} 684.17 ns; σ=4.83 ns @ 3 trials
[FloatMath.sqrt(FloatMath.pow(x, 2) + FloatMath.pow(y, 2))]
benchmark=Hypot_FloatMathSqrtPow} 1270.65 ns; σ=12.20 ns @ 6 trials
[(float) Math.hypot(x, y)]
benchmark=Hypot_MathHypot} 96.80 ns; σ=0.05 ns @ 3 trials
[(float) Math.sqrt(x*x + y*y)]
benchmark=Hypot_MathSqrtMult} 23.97 ns; σ=0.01 ns @ 3 trials
[(float) Math.sqrt(Math.pow(x, 2) + Math.pow(y, 2))]
benchmark=Hypot_MathSqrtPow} 156.19 ns; σ=0.12 ns @ 3 trials
Interpreter:
benchmark=Hypot_FloatMathHypot} 1180.54 ns; σ=5.13 ns @ 3 trials
benchmark=Hypot_FloatMathSqrtMult} 1121.05 ns; σ=3.80 ns @ 3 trials
benchmark=Hypot_FloatMathSqrtPow} 3327.14 ns; σ=7.33 ns @ 3 trials
benchmark=Hypot_MathHypot} 856.57 ns; σ=1.41 ns @ 3 trials
benchmark=Hypot_MathSqrtMult} 1028.92 ns; σ=9.11 ns @ 3 trials
benchmark=Hypot_MathSqrtPow} 2539.47 ns; σ=24.44 ns @ 3 trials
Bug: https://code.google.com/p/android/issues/detail?id=36199
Change-Id: I06c91f682095e627cb547d60d936ef87941be692
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
TouchUtil's drag method tries to sync after sending
each event which is not necessary. Sync are slow so
removing them greatly improves test running time.
Bug: 17323559
Change-Id: Ia4ed02b2af44da0d821d93d28f963005d9d7ea79
|
| | |
| |
| |
| |
| |
| |
| | |
Clean up unused methods.
Bug: 17389110
Change-Id: I8a80fe3e14219f06572de05c390cdda0efcbf5db
|
| | |
| |
| |
| |
| |
| | |
bug:17390424
Change-Id: I498d2541289915cb7db16e5c3249ccc7a7dc5ee6
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem:
1. ProviderTestCase2 passes a null as a ProviderInfo to the ContentProvider
2. mAuthority and mAuthorities will be null during the test
3. ContentProvider.matchesOurAuthorities will throw an NPE.
Fix:
Supply a ProviderInfo with authority.
Example bug:
b/17379295
Change-Id: Ia533313c0994727ef81f337a4e31a57ae7ec3c15
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Hide KeySet API. Change getKeySetByAlias to not require aliases from the calling
package. Make KeySet parcelable. Add hashCode method.
Bug: 16895228
Bug: 17009318
Change-Id: I75951947dfc7a3cca9f8873bda72576d11abaaf0
|
| | |
| |
| |
| |
| | |
Bug: 16646591
Change-Id: Iaf6837fe4390ac1018c49df366ea434776ed7244
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The goal of this change is to enable support for appwidget from
user profiles to the user main profile. A user profile is a user
which is associated as a child of the main user profile. For example,
a user may have a personal (parent) and corporate (child) profile.
The device policy should be able to control whether adding a widget
from a child profile and given packages is allowed. This change
assumes that all packages from managed profiles are white listed.
Another change will add the device policy changes.
Change-Id: I267260b55d74c48b112a29979a9f59eef7a8194e
|
| | |
| |
| |
| |
| |
| |
| | |
Mostly cosmetic changes from API council feedback.
Bug: 16543552
Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.
Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This provides a directory where apps can cache compiled or optimized
code generated at runtime. The platform will delete all files in
this location on both app and platform upgrade.
Bug: 16187224
Change-Id: I641b21d841c436247f35ff235317e3a4ba520441
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Flesh out documentation and finalize first cut of API. Also surface
installLocation and splitNames through PackageInfo.
Bug: 14975160, 15348430
Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an app-private filesystem space exactly like the one
reported by Context.getFilesDir(), with one exception: files
placed here are never backed up by the full-backup infrastructure.
If an app attempts to back up any of its contents via the normal
API it's immediately ignored with a logged warning.
The restriction is also enforced on the restore side, because
apps using support libraries might wind up creating full backup
archives containing no_backup subdirs on pre-L devices (via
adb backup, Helium, &c.). We check for this before passing the
restore data to the app, and drop it if we detect the situation
so that the app never sees the bits.
Bug 16240573
Change-Id: I11216a391f1d32117ec7ce15aafc9cd93d0337de
|
| |/ /
| |
| |
| |
| |
| |
| | |
Previously submitted but reverted due to doc-compilation bug.
Bug: 6967056
Change-Id: I9bd7ef299a4c92c4b327f5b5d7e951f0753b4c8a
|
| | |
| |
| |
| | |
This reverts commit 9a643fe02bc960e266484547dda5572b094a4c72.
|
| | |
| |
| |
| |
| | |
Bug: 6967056
Change-Id: I47a01bd5dc25591cc70f58f38920ad0a021094ae
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
So, corporate apps in disambiguation dialogs are badged.
And updating the way we show the icon of the personal space to this new design.
BUG: 14377051
Change-Id: Idc707773a64a8feb2d9d4df88c425d5100542636
|
| | |
| |
| |
| |
| | |
Bug: 15466880
Change-Id: Ib5a030e78559307627fe0d2e80ce6f1a7825109d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In an intent disambiguation dialog from a managed profile,
when the intent can be forwarded to the personal space:
show the icon of the parent next to "Personal apps".
And put it at the bottom of the dialog.
Change-Id: I523222aac5dde9653e784eb26cf23cdaf018b86c
|
