Cross Reference: /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java

History log of /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
88d2a3c0e1b4a8c53a489db5d627beb80b1b9957	23-Nov-2014	Jeff Sharkey <jsharkey@android.com>	Introduce revision codes for split APKs. Apps delivered as multiple split APKs must have identical package names, version code, and signatures. However, developers may want to iterate quickly on a subset of splits without having to increment the version code, which would require delivery of the entire app. This change introduces "revision codes" which can vary between split APKs belonging to the same app. An install is valid as long as the normal version code is identical across all splits. Splits can be added/removed to an app over time, but if a split is present across an upgrade the revision code must not decrease. Since system apps could have been updated with splits, only revert to the built-in APKs if the version code is strictly greater than the data version. Also fix bug to enable inheriting from system apps when adding splits. Bug: 18481866 Change-Id: I34d8e14c141a8eb95c33ffe24b4e52d6af5c8260 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
cbf47916b3e7a971c3a61035eb2633f96fc043cb	12-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Fix lock inversion in PackageInstaller. In a small handful of cases individual sessions call up into the installer while holding their local locks. Defend against this by treating most InternalCallback events as async. For sealed events, perform the upcall outside of the session lock. Bug: 17482676 Change-Id: I265d981c98c8928a0fced09d8b029ca16eb650d9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
e980804df16c968c14a56b8853886bf5f049f46e	12-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Bring install and install-multiple into parity. This ensures that both are using (almost) identical logic when deciding what installs to proceed with. Installs from "pm" for all users now run as OWNER, and rely solely on INSTALL_ALL_USERS to express intent. This keeps install session notifications simple. Since installer UID can vary from installer package name, start persisting the UID. Also parse some missing flags for install sessions. Bug: 17469392 Change-Id: I6d89b1a787aa2024cc4bebf6b9c29317c358e147 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bc09755e193c2802d2d88871ac3d1f182b260c30	09-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Missing manifest error should be NO_CERTIFICATES. When META-INF/MANIFEST.MF is missing, treat as NO_CERTIFICATES instead of CERTIFICATE_ENCODING. Also remove redundant layer of debugging details when wrapping exceptions. Bug: 15667982 Change-Id: I6e8216d5bf6e42da1feb70c89f991001380305be /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
77d218e1869e69c8d436b09cd11dcfe45e50b2cf	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Delayed ASEC allocation, refine progress handling. For restore use-case, session creation needs to complete quickly, so delay ASEC allocation until session is opened. When preflighting size checks, only consider external when we have a known size for the container. Also relax size checks when using MODE_INHERIT_EXISTING on external, since we don't know how much of existing app will be copied over. Consider session as "active" while commit is ongoing, until we're either finished or pending user interaction. Always publish first client needle movement away from 0. Use 25% of internal progress to reflect ASEC allocation. Avoid CloseGuard messages about leaking PFDs. Bug: 17405741, 17402982 Change-Id: I6247a1d335d26621549c701c4c4575a8d16ef8c2 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bc7bce38b2e4733a14f6296c75f983bd50f996d1	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Separate active state from open/close. Also change name to setStagingProgress() to make it clearer that system may adjust the range. Start throwing from openSession() in preparation for ASEC allocation moving. Bug: 17405741 Change-Id: Id7da51a32d5d89cb512ddafbd7ceaafbcd41cac6 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
ec9bad2015c6d3bc91bab66f0824043c1e24d013	05-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Allow badging updates to install sessions. For the system restore use-case, an installer may need to enqueue their sessions quickly before badging details, like icons, have been downloaded. This change relaxes to allow an installer to update their session badging after the session has been created. Notify observers when badging changes. Rename callback registration methods to match style guide. Relax constraint that observers are home app. Fix bug around internal progress reporting. Bug: 17376797, 17389236, 17334199 Change-Id: I5fb88508baea2f08e89a1504fcf5ef972afad4a7 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178	21-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Installing splits into ASECs! Sessions can now zero-copy data directly into pre-allocated ASEC containers. Then at commit time, we compute the total size of the final app, including any inherited APKs and unpacked libraries, and resize the container in one step. This supports both brand new ASEC installs and inheriting from existing ASEC installs. To keep things simple, it currently requires copying any inherited ASEC contents, but this could be optimized in the future. Expose new vold resize command, and allow read-write mounting of ASEC containers. Move native library extraction into the installer flow, since it needs to happen before ASEC is sealed. Move multiArch flag into NativeLibraryHelper, instead of making everyone pass it around. Migrate size calculation to shared location. Separate "other" package name in public API, provide a path to a storage device when relevant, and add more docs. Bug: 16514385 Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bb7b7bea19223c1eba74f525c7fe87ca3911813b	20-Aug-2014	Jeff Sharkey <jsharkey@android.com>	More progress towards split APKs in ASECs. Teach DefaultContainerService to install split APKs, which will be needed when moving to/from ASECs. Also support forward locking for testing purposes, even though its deprecated. Move native library unpacking code to NativeLibraryHelper location where it can be shared by both DCS and PMS. Also update footprint calculation logic to mirror the later unpack codepaths. Immediately persist sealed sessions. When resolving install locations, prefer location of any existing install of that package. Lightweight parse requesting certificates now always verifies that all contents are signed correctly. Bug: 16514385 Change-Id: Ida1c4eb0f95b065104dd971e19126d4085ebf1f0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
742e790294b3441b79f715fe447069b63c6065db	17-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Progress towards staging ASECs. Move location selection logic into shared PackageHelper location, and share it between DCS and PackageInstaller. Fix bugs related to installed footprint calculation; always count unpacked native libs. Have PMS do its own threshold checking, since it's fine to stat devices. PMS only ever deleted staging ASECs, so move that logic into installer and nuke unclaimed staging ASECs. Allocate legacy ASEC names using PackageInstaller to make sure they don't conflict with sessions. Start wiring up session to allocate ASEC and pass through staged container for installation. Fix bug to actually delete invalid cluster-style installs. Bug: 16514385 Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
a0907436c01fd8c545a6b5c7b28bc3bc9db59270	15-Aug-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller API refactoring. Switch to using IntentSender for results to give installers easier lifecycle management. Move param and info objects to inner classes. Bug: 17008440 Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
f06009542390472872da986486d385001e91a2a7	08-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm uninstalls. Prompt user for confirmation when caller doesn't have DELETE_PACKAGES permission. Also extend uninstall events to return failure codes. Bug: 16515814 Change-Id: I15b52190ff02dbeaaf038b92364264f64c57ba89 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
7328a1b39b3dae1c0cd390c0a3695c6a46b8e9d8	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm permissions on install sessions. When an app without INSTALL permission attempts to commit a session, we involve user to confirm permissions. We currently point at the base APK, which defines all permissions for an app, handling the case where a session may only be adding splits. Add failure codes to represent rejection. Fix bug by ignoring stages during initial boot scan. Bug: 16515814 Change-Id: I702bb72445216817bcc62b79c83980c1c2bb0120 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
fbd0e9fa37fc17ccd25e4c1f16195bbd27de3c4c	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Surface user action events when un/installing. This will be used shortly to connect up with permissions confirmation UI. Bug: 16515814 Change-Id: If28cecc28549900d960ac107a1fba0b10ce5bd7b /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
1cb2d0d4bba387665128c62c342e59103ea4be26	31-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Persist install sessions, more lifecycle. To resume install sessions across device boots, persist session details and read at boot. Drop sessions older than 3 days, since they're probably buggy installers. Add session callback lifecycle around open/close to give home apps details about active installs. Also give them a well-known intent to show session details. Extend Session to list staged APKs and open them read-only, giving installers a mechanism to verify delivered bits, for example using MessageDigest, before committing. Switch to generating random session IDs instead of sequential. Defensively resize app icons if too large. Reject runaway installers when they have too many active sessions. Bug: 16514389 Change-Id: I66c2266cb82fc72b1eb980a615566773f4290498 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
16c8e3f49497b6046972ae650772f65768366be8	25-Jul-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller changes based on feedback. Mostly cosmetic changes from API council feedback. Bug: 16543552 Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
9a445771f57dd15b06db0dbefd66c368d84eec2d	16-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Install sessions only inherit APK files. Also track historical install sessions for debugging purposes. Hide signature verification API for now. Clear code cache only after killing the app being upgraded. Bug: 14975160 Change-Id: I52fc7f11d2506f792236d8a365c8cfed21b46c30 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
69ea974f1712c83a9ad194187237edf1169f9064	15-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Merge "Public API for PackageInstaller!" into lmp-dev
6c833e07a05c48ca60ee4d72421bf8b1e78dc710	15-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Public API for PackageInstaller! Flesh out documentation and finalize first cut of API. Also surface installLocation and splitNames through PackageInfo. Bug: 14975160, 15348430 Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
ad11eb52fe62b6696df2194cb9e176f7d799e844	14-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Pass install result message; path selection. Oops, forgot to include message argument to invoke the new-style callback. Also use more robust way of generating cluster APK directory names, and add more logging details on rename failure. Change-Id: Ifa8abdd1db58b73e13b9a8077ec126cf20a0d90e /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
a10311434778ea1be1621c2251c0c8c2966f337b	13-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Package installation listener events. Flesh out implementation of install session observers. Carve out 20% of published install progress for final system operations such as dexopt, etc. Add dumpsys output for active install sessions. Create explicit fsync() instead of overriding meaning of flush(). Hack to throw IOExceptions over Binder calls. Bug: 14975160, 15348430 Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
e0b0bef75b66f0a87039c8f58c17b1596a2baebe	13-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Surface detailed error messages from PMS. We now both log detailed error messages and relay them back to any observer. Start refactoring PMS to throw when errors are encountered internally to make it easier to reason about flow control; already uncovered a few instances of errors being silently ignored! Change-Id: Ia335c5e31bd10243d52fd735c513ca828e83dca0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bb580670350b76fa2fcc5ee873f99b7970759cbf	10-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Progress toward installer public API: callbacks. Instead of surfacing all the existing cryptic error codes, we're going to classify them into broad categories when surfacing through public API. This change introduces InstallResultCallback and UninstallResultCallback, and wires them up to existing AIDL interfaces. Also start defining general SessionObserver for apps interested in general progress details, such as Launcher apps. Details about active sessions are returned through new InstallSessionInfo objects. Bug: 14975160 Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
ec55ef0934b8e0d1bb705434947de817f7be57f1	08-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Extend pm to support sessions and split APKs. Separate commands to create an install session, stream files into the staging area, and then commit the install. Streaming can accept data from stdin across adb, avoiding extra copy from push. Extend FileBridge to support blocking close(). Always destroy session regardless of result. Bug: 14975160 Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
d746057f2414cba2bdc69257cc5be8cb681bb592	07-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Change new file installs to be cluster-based! Now that all the other pieces are in place, we're ready to start installing new file-based packages as a cluster (the new unified directory-based layout). This greatly simplifies the renaming process. Also add helper methods to ApplicationInfo to give a much clearer mapping between it and internal field names, since we can't change the public API. Add recursive restorecon(). Bug: 14975160 Change-Id: I72a63c5ddbc594c2fec4a91dd59f73ef253fbfd7 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
73767b9d607d99b3a027619b5c6b7f1a09b7673d	05-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Extract native code from split APKs. In the new split APK world, multiple APKs work together to define a single package. This means that native code may be split among those APKs. To handle this, extend NativeLibraryHelper to examine all APKs in a package ordered by splitName. A package has valid native code as long as one matching ABI is found inside. The "best" ABI found across all APKs is picked for the entire package. No attempt is made to ensure that every native library defined is available for the picked ABI; that's the responsibility of the installer. Re-introduce PackageLite to represent a lightweight parsing of an entire package, which may be a single monolithic APK or a cluster of one or more APKs. Remove native code extraction from InstallerSession, since it'll be handled inside PMS for this release. Bug: 14975160 Change-Id: I4f4db0f82e88a46101c7777499ebc0a11fd911f9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
57dcf5b177b56195421535938544f32d8b591b42	19-Jun-2014	Jeff Sharkey <jsharkey@android.com>	Slow progress towards APK clusters. Differentiate between "split APKs" and "cluster packages". A cluster package is a directory containing zero or more APKs (base+splits), and a monolithic package is a single APK (base). PackageSetting will use the directory name as its codePath, so track the baseCodePath separately. Clarify documentation in several places. Require that all installers provide file:// URIs through existing hidden APIs; PackageInstaller hasn't been able to read content:// URIs for a long time. Bug: 14975160 Change-Id: I1c6fed1b55205c2474b09871161a98a26669d22e /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
cef0b39b9211882f59b6bfe1148e2cd247056693	12-Jun-2014	Narayan Kamath <narayan@google.com>	Fix native crashes when APKs can't be opened. There was lax / incomplete error checking around the construction of Apk handles. This change changes the ApkHandle API and makes it throw IOException if the zipfile couldn't be opened. Additionally : - Fix a resource leak in DefaultContainerService - Report errors correctly during package moves. bug: 15563874 (cherry picked from commit ec4516470d7ce6e47769591d678c838bd3f6f388) Change-Id: Ia35b464355467d0d36faf34fae85acbbab3f2896 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
275e085d5a42ced54bb79e40ff76c77539e7d82d	18-Jun-2014	Jeff Sharkey <jsharkey@android.com>	Stronger PackageParser contract, more split work. Require that method callers always provide relevant paths, instead of relying on constructor. Move DisplayMetrics to be an overall parser parameter, and move PARSE_TRUSTED_OVERLAY to flags. Parse split APKs and apply deterministic ordering based on split names. Assert consistent package name and version code across all split APKs in a package, and enforce unique split names and required base APK. Collect certificates for split APKs, enforcing they're all signed consistently. Better flow control and resource cleanup when collecting certs. Refactor validation code so it's easier to reason about. Cleaner maintenance of read buffer when draining stream contents. Change-Id: I8bc8c62095fbb933227b9e76ad8771f4b1246fe8 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
c4858a2ba972e86436d629c4d3f18eb49116de14	16-Jun-2014	Jeff Sharkey <jsharkey@android.com>	Switch PackageParser to reference single path. It previously kept mPath separate from mScanPath for some very odd edge cases around moving apps-on-SD. This changes it to always use a single path, refactors moving to keep separate paths. Refactors method names in PackageParser to be clearer about their APK-versus-package relationship. Beginnings of a split package parser. Instead of requiring that callers check error codes when null, switch to always throwing on parse errors, to require that callers deal with the error. Longer term the entire parser should switch to this style, but its too pervasive for a simple refactoring. Change-Id: If071d8e55e46e56cc201fadfb51cb471713ae973 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
78cc340c2de873d6995c283b777476f7237d690f	22-May-2014	Jeff Sharkey <jsharkey@android.com>	Offer to stream and fsync() install sessions. Installers are interested in both streaming APK data and establishing a happens-after relationship to support resuming downloads after a process kill or battery pull. This exposes a generic OutputStream for writing, and hooks up flush() to be a blocking call which returns only when all outstanding write() data has been fsync()'ed to disk. Tests to verify behavior. Bug: 14975160 Change-Id: I38289867c80ac659163bb0c2158ef12d99cc570d /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
3a44f3f1b446315ef894e01d2ab9b5388c2bd8c4	29-Apr-2014	Jeff Sharkey <jsharkey@android.com>	Initial support for split APKs, PackageInstaller. Defines a new PackageInstaller class that will be used for installing and upgrading packages. An application desiring to install an application creates a session, stages one or more package files in that session, and then kicks off the install. Previously, PackageManager would always make its own copy of a package before inspecting it, to ensure the data could be trusted. This new session concept allows the installer to write package data directly to its final resting place on disk, reducing disk I/O and footprint requirements. Writes are directed through an intermediate pipe to ensure we can prevent mutations once an install has been initiated. Also uses fallocate() internally to support optimal ext4 block allocation using extents to reduce fragmentation. Sessions are also the way we support installing multiple "split" APKs in a single atomic operation. For a set of packages to form a valid application, they must have exactly the same package name, version code, and certificates. A session can also be used to add a small handful of splits to an application by inheriting existing packages when not performing a full install. Add PackageParser support for extracting split names and certificates. Bug: 14975160 Change-Id: I23d1bf4fbeb9f99a8c83be0c458900a0f0d1bccc /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java