History log of /frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
9820aee6b17cd829f9a920e19265cb505bcc8ddc 02-Sep-2015 Svetoslav <svetoslavganov@google.com> Don't drop runtime permissions on older system app update.

We have a device with an installed version of an app that is not
preinstalled and has some runtime permissions granted. Now we get
OTA with an older version of the app which does not request these
runtime permissions. We first scan system packages and then installed
apps. During the scan we encounter the newly appeared system package
and determine it is older than the one we have installed and disable
it.

However, before we disable the package we update the permissions
for this package but since the one on the system partition (the one
we found so far) doesn't request some of the runtime permissions
granted to the installed version of the app, they get dropped on the
floor. This grant attempt is not necessary as the permission the
installed package has depends entirely on the permissions it requests.
In this process we may look at the requested permissions on the
disabled system package but in general the updated package cannot
have a permission that it does not request regardless whether the
disabled system app requests it or on.

bug:23718806

Change-Id: I187bc11750eb270c3233c314992186f5d58d9d82
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6606acd610145d0b7c7416e520bebd5fe9c3107a 02-Sep-2015 Christopher Tate <ctate@google.com> Apply default link-handling policy at OTA from pre-M

Not just at first (wiped) boot.

Bug 23744303

Change-Id: I9ab42f7b081e92231d89b3c97935135c3dd901d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e81e75071530c522e02475000432c5b31b34969 28-Aug-2015 Jeff Sharkey <jsharkey@android.com> Give shell permission to move apps.

Also clear identity when measuring ASEC sizes to relax a second
permission requirement.

Bug: 23600574
Change-Id: Ib3a104426758e0e8f35dff0e504fe874bed7311f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b9880c44f8626151aaa4479d7b22124b87d2ecc2 28-Aug-2015 Christopher Tate <ctate@google.com> Show the ResolverActivity in dock mode

If there are multiple dock apps present the end result should be
the disambiguation UI, not a fast-forward to the 'normal' home
app.

Bug 23501598

Change-Id: Iebc106b136cb1e446d1e93935738335504f5b812
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d34ecae444867b78be06bb5a6b0fb2a66c2e30aa 25-Aug-2015 Nicolas Prevot <nprevot@google.com> Don't set a null filter to a cross-profile ResolveInfo.

ResolverActivity expects the filter not to be null.

BUG:23395395
Change-Id: Ie7081daba1ad138b1a3903ef9dd1b649806c8d0e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7e7d79ef2f4aa6a8da86af459d419bd24c47b440 14-Aug-2015 Chris Tate <ctate@android.com> Merge "Make "Ask every time" actually work that way" into mnc-dev
56f0ff3c48c88b969d9bf5e62eb1ee590e03e461 14-Aug-2015 Christopher Tate <ctate@google.com> Make "Ask every time" actually work that way

..in link-opening behavior. If a candidate is marked as "ask
every time," then the user is guaranteed to get a disambiguation
prompt including that candidate even when some other candidate
app is in the "always prefer this over a browser" state.

Bug 23147746

Change-Id: I904d8697a992b3f16f32b1c1b49c2bf9424c7137
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f5b0a27350df984fb4a98b9658e89390ed60573 14-Aug-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22940169: "pm grant" can no longer grant permissions...

...with protection flag PROTECTION_FLAG_DEVELOPMENT

Bring back the old grant/revoke code for development permissions.

Also some more dumpsys output to help debugging.

And new dumpsys command for checking a permission.

Change-Id: I6e27e62a9ca5ec1ecc0f102714a448ea02f0f41c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8b3e6b0df102901f938cd0687f9994a3ff767fcf 12-Aug-2015 Todd Kennedy <toddke@google.com> Promote system app permissions

When upgrading from a pre-M version of Android, install permissions for
exisiting system are promoted to runtime permissions. This only happens
for apps that existed prior to the OTA. Other system apps targeting M
are not automatically granted any permissions.

Bug: 22970710
Change-Id: I964ee3f93c66ea43fbb1be6b5ac6b09ddea3c385
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
288e82f8f67db894c43bf4ea659ca832f979c65a 07-Aug-2015 Nicolas Prévot <nprevot@google.com> Merge "Keep intent verification status of system apps when uninstalling them." into mnc-dev
b5ab2ffc213dbc976544ef6e0922d72d4fa241ff 07-Aug-2015 Nicolas Prevot <nprevot@google.com> Keep intent verification status of system apps when uninstalling them.

When creating a work profile, system apps are uninstalled and then
sometimes reinstalled.
In the process, they lose their intent verification status.

BUG:22943461
Change-Id:I5b008c6de2125f190063b08908076a649067c60d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
38d30dc547825bdde2756f588692063a28749e8d 07-Aug-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Immediately kill a shared user process on a permission revocation." into mnc-dev
aa41add33b8d7d318387cc74c34e3d347d245211 07-Aug-2015 Svetoslav <svetoslavganov@google.com> Immediately kill a shared user process on a permission revocation.

1. When a permission is revoked we kill the app immediately but do
not do an immediate kill for shared uid processes. This fixes it.

2. Remove system APIs that are used only by the package installer.

bug:22984670

Change-Id: I3d4ae52ea8679f894aa7c5972941263903479183
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
16ed6a45aed0e5d7332647559c3c76b977b705b4 05-Aug-2015 Jeff Davidson <jpd@google.com> Correctly propagate permissions when uninstalling updates.

In ag/733689, which was intended to fix this bug, the following lines
were removed:

// Propagate the permissions state as we do want to drop on the floor
// runtime permissions. The update permissions method below will take
// care of removing obsolete permissions and grant install permissions.
ps.getPermissionsState().copyFrom(disabledPs.getPermissionsState());

The intent with these lines seemed to be that we needed to copy
permissions from the application on /data, which is being uninstalled,
over to the copy on /system, which was disabled but is being
reenabled. However, it wasn't functional, because it incorrectly
copied from the copy on /system, not the copy on /data.

Restore this code, copying from newPs (the copy on /data) rather than
disbledPs (the copy on /system), and clarify the comment because we do
*not* want to drop runtime permissions on the floor.

Bug: 22665508
Change-Id: I6bae37e70b6df1043c9a2b49255b985707ba151a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0d6168835a6114a9e346278e4613e9175a907fd3 05-Aug-2015 Jeff Sharkey <jsharkey@google.com> Merge "Fix moving of apps into legacy ASEC." into mnc-dev
94dacb12185c6208d100ada88ed305376d9ab2ee 03-Aug-2015 Jeff Sharkey <jsharkey@android.com> Fix moving of apps into legacy ASEC.

Derive the correct current volume UUID for comparison, and only
check for cluster style installs when moving from internal storage.

Bug: 22616484
Change-Id: Idb6be2aa4aaa9b9f47ebbeeebd65c15a60d5d164
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
28ec27cbfa157c242fd9330a10c7c2b8ea838694 04-Aug-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22912704: "android.process.acore has stopped" dialog keeps popping up

Slice 'em up!

Change-Id: Ibba3af7ec5b7f92e6d5e55a57aa838a7f7f936e1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c1836bb0f1bf3e5ef0911719525da0bab3e53507 31-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Change MNC codename to just M." into mnc-dev
d692fcf115e57fef8a15c214fb2fcde78a48b45c 31-Jul-2015 Benjamin Franz <bfranz@google.com> Merge "Add missing return statement" into mnc-dev
9dacbf6fd4b602f3abe9b1a347690d474c54f9a7 30-Jul-2015 Benjamin Franz <bfranz@google.com> Add missing return statement

Bug: 22844272
Change-Id: I4b37b28adb1d1b6d0d1235dd68fbfad6c3121c54
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e3de6cacaffcfeda4d6353be61e2f1f9ed80705 30-Jul-2015 Dianne Hackborn <hackbod@google.com> Change MNC codename to just M.

Change-Id: I4281d200ff6560791c47cf9073ceea1cb509361e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9352af2a9ef95e3f577a04474625249d3da62a04 29-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Remove dependencies on the package installer's package name" into mnc-dev
6b96de8dae8be99f75c86c795672905e10fca153 29-Jul-2015 Sailesh Nepal <sail@google.com> Merge "Default permissions for sim call manager" into mnc-dev
a7a65ee4c5fb879fee258c63b92e49ab4571bbdb 29-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Allow non system to set perm policy flags - needed by the installer" into mnc-dev
525bc7a5a68cf2bf5159780ebb66ca4a3bf600ee 29-Jul-2015 Svet Ganov <svetoslavganov@google.com> Allow non system to set perm policy flags - needed by the installer

My previous change overtightened which permission flags can be changed
by a non-system caller. This took away the capability of the package
installer to set policy flags which it needs to implement the auto
grant/deny behavior.

bug:22776149

Change-Id: Ic2a82bedc413fc91360c3bcec355fac456f0fccf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f480f2899cf4667170d93f6d7637e735b82d5bae 29-Jul-2015 Svet Ganov <svetoslavganov@google.com> Do not reset runtime permissions on upgrade

bug:22772831

Change-Id: Ic7113f48bf4fe2fe2f50bf94c4b6dbb2130b6621
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f1b7f20bb839c96e8254ccb65398135f10fd45d9 29-Jul-2015 Svet Ganov <svetoslavganov@google.com> Remove dependencies on the package installer's package name

bug:22700053

Change-Id: I8540eb8577fbec84e1a67e31e1c31ba654c828a4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cf85562bc9a0f01db51b4088e72f05a8089fc7f1 29-Jul-2015 Sailesh Nepal <sail@google.com> Default permissions for sim call manager

This CL adds the following permissions by default to the
SIM call manager:
- microphone
- phone

BUG: 22790160
Change-Id: Icaf1db6c6943b3ddbd16a946a81d1bfb734d761f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6b0c8315e4c0db24522675c05ecd6a0b9bfb6d9e 28-Jul-2015 Todd Kennedy <toddke@google.com> Partially revert package freezing

On the Nexus Player, upgrading the launcher would cause multiple, simultaneous
processes to be running. In order to prevent this regression, revert the portion
of ag/682591 dealing with package upgrades.

Bug: 21123444
Change-Id: I7a4cf98c7e28fc9893b1c0358d3a98702d94c039
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ce09a024f8478a21b1f4b8e8ddaf247b0fc9f616 24-Jul-2015 Fyodor Kupolov <fkupolov@google.com> Check for ACCESS_COARSE_LOCATION/ACCESS_FINE_LOCATION

Call to checkPermission(ACCESS_COARSE_LOCATION) should return
PERMISSION_GRANTED, when package only has ACCESS_FINE_LOCATION permission

Bug: 21852542
Change-Id: I53fe2945784213693f59e7bfccc524276ea8c189
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
28762e61e2e45a7e30af02c6fa840a065a645b68 24-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Keep default permission grants uninstalling a sys package upgrade" into mnc-dev
315c4ac1b66922ef96c4c32d3c5344edd94513e1 24-Jul-2015 Svet Ganov <svetoslavganov@google.com> Keep default permission grants uninstalling a sys package upgrade

bug:22665508

Change-Id: I1cb1e53a8643ddad77f0be9e40d5b504501e06de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9c8b8ab941e3ca7bdf2cccad6836760d7723518e 23-Jul-2015 Svet Ganov <svetoslavganov@google.com> Reset permissions and app links when clearing app preferences - framework

bug:22359132

Change-Id: I198c0b1cd6c3dcb91fe560874a8502eb6b5f65b3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f6e9a3ede53ae487838c19714ad62f25a4a6ca4c 22-Jul-2015 Jeff Sharkey <jsharkey@google.com> Merge "More info to support CTS, fix reconcile bug." into mnc-dev
85ced632680642fce680d141ddd10299ff849233 22-Jul-2015 Jeff Sharkey <jsharkey@android.com> More info to support CTS, fix reconcile bug.

Surface more details and commands for storage volumes to support
CTS testing. Fix user reconciliation bug that skipped user setup on
empty volumes.

Bug: 22658804, 22633097
Change-Id: I4221312d1cce24d1f5a2c108095cf3cf471598ed
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cfbfafe1b9ca2fd135a4fb6b528b3829830803bf 22-Jul-2015 Dianne Hackborn <hackbod@google.com> Work on issue #22303510: Additional permissions aren't properly...

...disabled after toggling them off

Keep track of whether a permission that has been declared by an app
was able to actually be installed in the system, along with an API
to find this information so that system UI can tell whether that
permission is of interest.

Also clean up some of the permission debug output.

Change-Id: If4541bedb857789b255bb18f03cad155dcda0b95
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
35ba2cdbf8654d708e57d209131dd498705d0e18 20-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Inherit ABI when moving existing install." into mnc-dev
40cda8ef7c2e91fe1557a8cc35e01b91acf1def8 20-Jul-2015 Jeff Sharkey <jsharkey@android.com> Inherit ABI when moving existing install.

Previously installed apps are moved between volumes as an complete
package, including any previously unpacked native libraries. This
means we need to inherit any previously derived ABI when moving.

Bug: 22093837
Change-Id: I7656e338affa44e7f997fe4aa95bb297c0acc165
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
259453024c015da9d70d1ffadba09604aa1c786e 18-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Persist version data on a per-volume basis." into mnc-dev
f80b52b08aff0fe4c5a5fdc710aa5976c7b25699 17-Jul-2015 Jeff Sharkey <jsharkey@android.com> Persist version data on a per-volume basis.

Now that we support multiple adopted external storage devices, we
need to keep track of version data for each volume. This means we
now correctly handle certificate upgrade edge cases, permission
regranting, and clearing of code caches on a per-volume basis.

Bug: 22298966
Change-Id: Ifb9940c197f6c058a3ecca728257f853ce0fd7f4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5c269121d8ea0bf3f530f2314695e189ffdb3165 18-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Work on issue #22556778: Starting under voice control not allowed" into mnc-dev
f38c4ee9030b68c2f2b00d376c7d4a05a58a818a 17-Jul-2015 Dianne Hackborn <hackbod@google.com> Work on issue #22556778: Starting under voice control not allowed

The ResolverActivity is voice capable. In fact, it is capable
of EVERYTHING.

Change-Id: I37c4476d546f61fee3540b747aff77e88b702d48
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5fe22e4fcbc543aa588d739b2453b3fa72d31859 17-Jul-2015 Todd Kennedy <toddke@google.com> Merge "clear calling identity to dexopt" into mnc-dev
2a89545739b4efef4bd6535206ad0f5a813df39f 17-Jul-2015 Todd Kennedy <toddke@google.com> clear calling identity to dexopt

Bug: 22067670
Change-Id: I3596f26a079660f6898401ed679463193b00c799
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d4b566bf56333de708908ce4accb5fb067be64f0 17-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Add APIs for verifier to grant at install and revoke permissions" into mnc-dev
a4911ed97102b638a373adcdae7e4c9b3c64cc30 16-Jul-2015 Todd Kennedy <toddke@google.com> Merge "Verfiy global apps with device owner" into mnc-dev
633f19983182fbcf9479f6d5dd9f5e29e37f4cd0 16-Jul-2015 Todd Kennedy <toddke@google.com> Verfiy global apps with device owner

Applications installed for a specific user must be verfied as that user. However,
apps that are installed globally [i.e. UserHandle.ALL] should not be verified by
every user on the device. Instead, they should be verified by the device owner.

Bug: 21901423
Change-Id: I5fd3f690d08e7e911a3c86f09bbfcd4eb635b418
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbdf7c45380f7701e029a279932d2c97bf55fdc9 15-Jul-2015 Nicolas Prevot <nprevot@google.com> Don't send app links to the parent if status = never (part 2)

To qualify for cross-profile app linking, an intent should resolve
with a better status than "NEVER". Moved this check from canForwardTo
into the source method, getCrossProfileDomainPreferredLpr, to stop
bad resolutions leaking out.

BUG:22287521
Change-Id: I195979d78a783864d841a81f358780912bbf168e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7121e18595d4c559044e26bfe6035406a862f466 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> Add APIs for verifier to grant at install and revoke permissions

bug:22231699

Change-Id: Ie0c758bf73699f50bf99ff5aa0bf98dcc9004e37
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ac15b1b0c05c79f5939aa6f88e973d4d479946cb 16-Jul-2015 Christopher Tate <ctate@google.com> Intent filters need CATEGORY_BROWSABLE to be app-linking eligible

Bug 22504009

Change-Id: I565b2ba4d1e5deeee8ede3363819deec206dbf58
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
06476508c4aae6b9bb5affdc7470abf159ef9eda 16-Jul-2015 Christopher Tate <ctate@google.com> Merge "Resolve based on the correct user's default browser" into mnc-dev
7991f7813edb9ab7b79c4f5cf5ea7d51e83d334d 15-Jul-2015 Christopher Tate <ctate@google.com> Resolve based on the correct user's default browser

Bug 22509659

Change-Id: Iac75e7b40609bf2c81d266e0568fbfbeb71bb3aa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
50a8bf4da0fe1685bfe6a0ecd9a9677e363e2ee1 15-Jul-2015 Svet Ganov <svetoslavganov@google.com> Grant default permissions to the setup app robustly.

There is a zoo of components that handle the home intent and
have different priority. There is no reliable way to distinguish
the setup app from the other apps that handle home as some of
them have lower priority than the setup app and some higher.
This change adds a dedicated category to recognize the default
setup app.

Uncommented the code that grants accounts permissions as the
get_accounts permission is now a runtime permission and can be
granted.

bug:22471024
bug:22501463

Change-Id: I41726751fa2567cbcd7d09c7acfa7615b8aba577
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8017c647e665a6b6240501dc43628143ebe4e333 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> Fix build

Change-Id: I2c97e405eaec7ee1569fcddc872ff2a98c829efe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8cee6587e0efb2d8e63f1505b057a1e328525017 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Teach storage appops." into mnc-dev
6ee871e59812fea4525c50231f677c4bd10c74b8 10-Jul-2015 Svet Ganov <svetoslavganov@google.com> Teach storage appops.

For modern apps targeting M SDK and up the external storage state
is deterined by granted permissions. For apps targeting older SDK
the storage access is determined by app ops correspning to the
storage permissions as the latter are always granted.

When app ops change we do not remount as we kill the app process
in both cases enabling and disabling an app op since legacy code
is not prepared for dynamic behavior where an operation that failed
may next succeed. Hence, we remount when we start the app.

For modern apps we don't kill the app process on a permission
grant, therefore we synchronously remount the app storage.

bug:22104923

Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d13cb798506a1e04d716c6eac41492c5ae95ccc8 14-Jul-2015 Christopher Tate <ctate@google.com> Default browser should not supersede intent filter priorities

Bug 22304850

Change-Id: Ie4deffea2621fdc03a9bfe35690ecd109eed1a04
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
288ecf98f14c9eff639b0a3de074d5b4a06eccec 14-Jul-2015 Christopher Tate <ctate@google.com> Merge "Prioritize most-recently-enabled link-handling app" into mnc-dev
8b24a1d30fa5d2b80b2b6a37454dcc1e67d0e79d 14-Jul-2015 Svetoslav <svetoslavganov@google.com> Fix two grant default permissions edge cases.

1. When querying for components to which to grant default
permissions we are now getting disabled components as
well as we want such packages to get default pemrissions
on upgrade as disabled components may get reenabled.

2. When resolving activities to whose packages to grant default
permissions we skip the corss-profile and skip-profile filters
as they are set by device policy which should not affect
implicitly default permission grants. Policy has explicit
APIs for permission management.

bug:22405963

Change-Id: Idf56d35e567a6fd6e097cd45988d1561422ee6fc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f0d6cb38c47ee37583034dc3a68238ed13c91742 11-Jul-2015 Christopher Tate <ctate@google.com> Prioritize most-recently-enabled link-handling app

In the case when multiple apps handle a given web-link action,
all of which have been marked as "launch the app instead of a
browser" and so are otherwise ambiguous, always prefer the app
that was most recently placed into the always-handle-links state.

Bug 22051035

Change-Id: I3f43c19b0d7b74e9843445e41971bb5433affb1c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1578357df737296aa151c6934fe7dd749a43ae15 13-Jul-2015 Amith Yamasani <yamasani@google.com> Merge "Check user state after clearing identity." into mnc-dev
0ec43f89d2fc7064e7b42b40b318bef15fb040b5 13-Jul-2015 Esteban Talavera <etalavera@google.com> Merge "Use correct user when filtering app link candidates" into mnc-dev
2292160320f29144f8f8f38bd6936e9f1efb4ae5 13-Jul-2015 Esteban Talavera <etalavera@google.com> Merge "Don't send app links to parent profile if status == never" into mnc-dev
2d42d5f41eefc5550b6750cb86a5324c8f28959f 11-Jul-2015 Amith Yamasani <yamasani@google.com> Check user state after clearing identity.

This is to fix the case where the caller has GRANT_REVOKE_PERMISSIONS
but does not have MANAGE_USERS permission.

Related to a recent fix for
Bug: 22356546

Change-Id: Id51157abad14a0bdba3a16d7cd168f61ba25e890
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
292eb65f1ee0747e60899c1b1d0b6cb16c9cd37a 11-Jul-2015 Amith Yamasani <yamasani@google.com> Merge "Fix new user creation regression due to vold remount calls" into mnc-dev
1af7588da2e1f1621727a0d135cfc85f135ac4f8 10-Jul-2015 Esteban Talavera <etalavera@google.com> Use correct user when filtering app link candidates

Bug: 22288835
Change-Id: I29b3ac04e66b5e93f5cf29fd618b98d1c8106f58
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
171fe6ac0aa5b0d2dd64ac1cdda25cdcb5f183f3 10-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Add an API for apps to query if a permisison is denied by policy." into mnc-dev
d80cf9109aa6b560e473f0197034085ed9062eaa 10-Jul-2015 Todd Kennedy <toddke@google.com> Merge "Allow codepath changes for new OTA packages" into mnc-dev
bb054c9dcc68d24e1d2ded709b721948b939018c 09-Jul-2015 Amith Yamasani <yamasani@google.com> Fix new user creation regression due to vold remount calls

When creating a new user, there's no need to call into vold when
setting up default system permissions for storage. This was otherwise
adding 2 seconds to the user creation time, causing a frozen screen
before showing "Switching to user ...".

Fix is to call the permission setup code synchronously and not
call into vold if the user hasn't been initialized yet.

Bug: 22356546
Change-Id: I4c8632813e8c0f2ac90da386691af439521bb25a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3ec12db0f5155be41d60694f0ac3c9284ff29002 09-Jul-2015 Esteban Talavera <etalavera@google.com> Don't send app links to parent profile if status == never

Bug: 22287521
Change-Id: Ic84e57eab74c0e0b89f1b6a3baa54784157fa96b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
056d6b0069561af5dc16b1c38fc8d18bd876b54b 09-Jul-2015 Todd Kennedy <toddke@google.com> Allow codepath changes for new OTA packages

When an OTA contains a new package, the system performs some gymnastics
to ensure that we use the most up-to-date version of the package in
either the system image or user directory. But, during boot, we enforce
a package's codepath will never change. This prevents a user-installed
package from ever overriding the system provide package [regardless of
version]. In this one, specific instance, we allow a package's codepath
to change.

Bug: 22179337
Change-Id: I2c29a87801fb5960ffbd2268231446895ad1868f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ad3b2975574f916c14382628d50c710a78064746 08-Jul-2015 Svet Ganov <svetoslavganov@google.com> Add an API for apps to query if a permisison is denied by policy.

bug:22177216

Change-Id: I32227f55097fae997f33743fd1eee06cb18f47f1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
01e186437f7c41b5cf8a97becb22d2f369c374da 08-Jul-2015 Christopher Tate <ctate@google.com> Add a mechanism for products to specify default active app linkages

We now have a new tag type in the existing SystemConfig XML files:

<app-link package="..." />

Packages mentioned here are treated as though the user had instructed
the system to always open the app rather than a browser when touching
an HTTP/HTTPs URL that is handled by the app. This default state can
of course still be turned down by the user if they choose.

Bug 21595872

Change-Id: I2824064a891bba3867ee86f81d609d22e83aef7a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6638c182635c6af036980ebdacc9c88411dcf583 09-Jul-2015 Svetoslav <svetoslavganov@google.com> Merge "Fix reset permissions on clear data and package uninstall." into mnc-dev
4a5f4a2bc7a379a5b4174f78fefeefe745e6cd37 08-Jul-2015 Svetoslav <svetoslavganov@google.com> Fix reset permissions on clear data and package uninstall.

If the user clears data for an app we reset the permission but
only the changes made by the user. We do not modify syste or
policy flags and also ensure the permission that were granted
by default are granted after the data wipe. This is the same
as starting with a clean slate.

If the package whose data is cleared is a part of a shared user
we resent to initial state only the permissions that the cleared
package contributed. Hence, if another package also declared the
permission as used we do not clear the permission state as it is
still in use.

When a package is deleted for a user but still present for another
user we reset its permissions to their inital state follwoing
above described strategy.

Lastly when a preinstalled package wtih an upgrade is diabled
(triggers upgrade uninstall) and this package is a part of a
shared user, we do not drop permission state (grants and flags)
for permissions used by the shadowed system package. This ensures
that we do not drop runtime permission state (such state is
default grants and user changes).i

bug:22248525

Change-Id: I3a3007476d2cb9f4ff824e1e137a6e1a4d04408b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6b53c162102e2a4b3d745fcceb1224cc94860b64 09-Jul-2015 Amith Yamasani <yamasani@google.com> Qualify the uid with the userId when granting permissions

Calls to remountUid() for secondary users was not using the
correct uid. This would prevent providing the required
storage permissions to default apps.

Discovered when investigating bug: 22356546

Change-Id: I98c8f6da724e46331c1c90b95969ca0871ef4fe9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a90c8def2c6762bc6e5396b78c43e65e4b05079d 08-Jul-2015 Dianne Hackborn <hackbod@google.com> Add new "preinstalled" permission flag.

This allows you to specify that a permission can be granted to
any pre-installed system app (not just privileged ones).

And as long as I am doing this, clean up the old "system" permission
flag, renaming it to "privileged" which is what it really is today,
deprecating the old names. And switch the platform's permission
declarations to use the new name.

Change-Id: Iabf484746af232144786851ec7fe90e3de9dddb2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3e07ee078de8e364d6be0b18b2b514e40decdb3c 08-Jul-2015 Svetoslav <svetoslavganov@google.com> Merge "Grant installer and verifier install permissions robustly" into mnc-dev
15bb16fb48f523b6b0d8c03cfe5988096341e29d 08-Jul-2015 Christopher Tate <ctate@google.com> Merge "App linking: permit overlapping link handling" into mnc-dev
050aee236509512f7098941946f12e1fbf2ab8ae 02-Jul-2015 Christopher Tate <ctate@google.com> App linking: permit overlapping link handling

Allow multiple apps to be enabled as link handlers even their set of
accepted domains overlaps. Also, allow app linking to be turned on
even for unverified apps if the user wishes.

Bug 21817604

Change-Id: I8bc7f1764318e5d4bb6ce93c66483fe07e922b1d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3e7d977ff7c743713f0ad6336a039d7760ba47d1 07-Jul-2015 Svetoslav <svetoslavganov@google.com> Grant installer and verifier install permissions robustly

bug:22248271

Change-Id: I3a47ae9a112ba7d88b421fcb5f9651d1168ba7a5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6b7bb60457501ff4110933c3e9b66446eb4f7b19 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> Split app move into separate copy/delete steps.

App movement now has three distinct stages: copying, scanning, and
cleanup. Previously, a battery pull late in the move process would
end up with packages.xml pointing at the old location which had been
torn down. Now, we update packages.xml to point at the new location
as the "source of truth" before we start deleting the old location.

Bug: 21831336
Change-Id: I6f57f37a8cb335127db9ebb7c6b6cfe5755ada99
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7fd3c296f1991e321e4c69a5e7f918cc3d252625 06-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Permission to view shared storage for all users." into mnc-dev
38cae6c8bcb86236b21d69f852473351c0c1d82a 06-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Reconcile private volumes when mounted." into mnc-dev
32e80d7588720bdc9f8a3e961ac4566d7c80b2b9 06-Jul-2015 Jeff Sharkey <jsharkey@android.com> Permission to view shared storage for all users.

Typical apps are restricted so they can only view shared storage
belonging to the user they're running as. However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.

Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps. Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.

Bug: 19995822
Change-Id: I504c2a179ba74f142ed0d32da5baa69f4212cd82
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dcd96ead8457466fb3dfb5978eb1e7e5b560ba91 06-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Maybe fix issue #22283836 -- package manager NPE." into mnc-dev
167d588b8b312882262fad4c7a2ae496b270caba 06-Jul-2015 Dianne Hackborn <hackbod@google.com> Maybe fix issue #22283836 -- package manager NPE.

Change-Id: I0383b9a4f1e0b872b3b427e6ad42fd8aa309b7ab
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6dce4964b4d1a13d276d95730b8fb09d6a5a8d04 04-Jul-2015 Jeff Sharkey <jsharkey@android.com> Reconcile private volumes when mounted.

Many things can happen while a private volume is ejected, so we need
to reconcile newly mounted volumes against known state.

First, user IDs can be recycled, so we store the serial number in the
extended attributes of the /data/user/[id] directory inode. Since a
serial number is always unique, we can quickly determine if a user
directory "10" really belongs to the current user "10". When we
detect a mismatched serial number, we destroy all data belonging to
that user. Gracefully handles upgrade case and assumes current serial
number is valid when none is defined.

Second, we destroy apps that we find no record of, either due to
uninstallation while the volume was unmounted, or reinstallation on
another volume.

When mounting a volume, ensure that data directories exist for all
current users. Similarly, create data directories on all mounted
volumes when creating a user. When forgetting a volume, gracefully
uninstall any apps that had been installed on that volume.

Bug: 20674082, 20275572
Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
68ffcf883c15b97d28e36c684d0db3da084727fc 02-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Teach receivers, activities, providers, and services app ops." into mnc-dev
99b6043dad9d215cf15810b885b6b8c215dd5b5a 27-Jun-2015 Svet Ganov <svetoslavganov@google.com> Teach receivers, activities, providers, and services app ops.

Perform app op check in addition to the permisison check for all four
paltform components - activities, content providers, broadcast receivers,
services - if they are guarded by a permssion that has an associated app
op. This ensures that legacy apps will behave correctly if the permission
of the caller has been revoked, i.e. the app op for that permission was
disabled.

bug:22199666

Change-Id: Ia22d1c38d58b3cd6aabdc655cb7c7bddd85da7a2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
76664d9dcfbbe04c50a00ea1e268e80b9a9f6087 02-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Work on issue #21589105: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW..." into mnc-dev
61d7acae0cafc265e94a35ad3ba1677f60346de9 01-Jul-2015 Christopher Tate <ctate@google.com> Merge "Clear default browser setting when a new browser app is installed" into mnc-dev
7841eb899561af3b122a5143cdcfe64c0766a5f5 01-Jul-2015 Christopher Tate <ctate@google.com> Clear default browser setting when a new browser app is installed

Even if you have explicitly named a default browser app, when you
add a new browser app to the system it now assumes that perhaps you
might want that to be the new default, so it puts you into the
explicit ambiguity state.

Also fix a bug in the factory-default-browser handling; it was not
examining the set of available browsers.

Bug 22120412

Change-Id: I183ed87a51be1e4aa65457f05b98e406bb7b495d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
de15edaa9bf486a4050bb067317d313fd807bb10 01-Jul-2015 Dianne Hackborn <hackbod@google.com> Work on issue #21589105: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW...

...to an explicit toggle to enable in Settings

Add a new permission flag, saying the permission can be automatically
granted to pre-api-23 apps. Apply this to SYSTEM_ALERT_WINDOW.

Change-Id: I24a0ceabe7e9f5e458a864d30eda2696ad14a699
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2956363244ecb61f48729d93b510ffadac591cae 01-Jul-2015 Svetoslav <svetoslavganov@google.com> Merge "Grant permissions to headless system calendar/contacts sync adapters." into mnc-dev
ca58d80f413417aa98eb424c76dd8fe97af12763 01-Jul-2015 Svet Ganov <svetoslavganov@google.com> Clear binder identity when grantint permisisons to carrier apps

bug:22204562

Change-Id: I79dc2e102d227c991adc849e1cbda8572ee14905
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0010b70beae6fafd3faf06e1b02291f59f9f85db 01-Jul-2015 Svetoslav <svetoslavganov@google.com> Grant permissions to headless system calendar/contacts sync adapters.

bug:21861781

Change-Id: I5f9905a23ba1b23e387adf2cea842172d34207b0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
06324ed4c6017d5343b9e0bba13472e32a2815f5 30-Jun-2015 Svet Ganov <svetoslavganov@google.com> Do not hold a lock when calling API to grant default permissions

bug:22186491

Change-Id: Id0a468423048938a91598629c4921090ec082853
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
03b5f128dbc375c1a28468773f39e85a5f70fc9a 30-Jun-2015 Svetoslav <svetoslavganov@google.com> Merge "Grant default permissons to the default SMS, Phone, Browser app." into mnc-dev
cdfd230a392d0f0557a3a5bada221b7a05113392 26-Jun-2015 Svetoslav <svetoslavganov@google.com> Grant default permissons to the default SMS, Phone, Browser app.

The default SMS, Phone, Browser are selected in the UI and we
grant default permissions to these. We do this regardless if
they are on the system image as the user has made an explicit
choice in the UI and the permission we grant are considered
essential for such type of a core app to operate properly.

bug:22104986

Change-Id: Ide8caeb524b43dde11a20460666cf34c4d35f84b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6fd49936ae6b145cb2a9fe8b9ff75dcd79632daa 29-Jun-2015 Nicolas Prevot <nprevot@google.com> Merge "Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING" into mnc-dev
b035c6d9a6827510e6ee3f855827cf6e428adb22 27-Jun-2015 Christopher Tate <ctate@google.com> Merge "Properly scope the "only http/https schemes" intent filter semantics" into mnc-dev
2134744efd305a875b7baa5073358387c479e3e4 27-Jun-2015 Christopher Tate <ctate@google.com> Properly scope the "only http/https schemes" intent filter semantics

That restriction applies only to default-app linkage verification, and
not to any general questions of "is this app effectively a web browser?"

Bug 21688029

Change-Id: I9f6a7bc6dcac5e12ee07f8da6465ad51c1aeddfb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
143e118fa90bbeb8cf558ec0d303639d15ee7db7 27-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Make grant default permission more robust." into mnc-dev
ba3ba81eb8756641ae0079ae9da2779cc22aeb89 26-Jun-2015 Svet Ganov <svetoslavganov@google.com> Make grant default permission more robust.

Change-Id: If492ee3305774419671bbdb72b438c8e540005e9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c3b7a6de6593c8a1c01ce48e04dda7e11471288 26-Jun-2015 Christopher Tate <ctate@google.com> Merge "Use a framework resource to name a factory-default browser app" into mnc-dev
db3fe819902f2bea08746c3e3ea55a9a55e3bac5 25-Jun-2015 Christopher Tate <ctate@google.com> Use a framework resource to name a factory-default browser app

If there is no resource-named default but there is a single factory-
installed browser app, that app is made the titular default.

This also introduces a permission guard on attempts to set the
default browser or the app-link state. These operations are now
contingent on the existing SET_PREFERRED_APPLICATIONS permission.

Bug 21778406

Change-Id: Id099bb9c4141f28917546492657cd2fba472e6b6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ca8e6da41c6e63e3ed17eb461171f1ef2e1d29c6 25-Jun-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22023824: Download folder is not created in internal storage

The media provider and some other things need to be given storage access.

Also, seems like we should give storage access to the camera app as well.

And add a dump dump command that will dump data about a particular
permission name.

Change-Id: Idaaa9bba2ff4dc95290cf6d17e5df933df91e909
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9527b223a9d4a4d149bb005afc77148dbeeff785 25-Jun-2015 Jeff Sharkey <jsharkey@android.com> Let's reinvent storage, yet again!

Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app. This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.

The only thing left that can change dynamically is the filesystem
itself, so let's do that. This means changing the FUSE daemon to
present itself as three different views:

/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access

There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.

During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions. When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.

Bug: 21858077
Change-Id: I62fb25d126dd815aea699b33d580e3afb90f8fd2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f0029c1ddb2875583e62c6a3f96d288e21f2efe2 25-Jun-2015 Nicolas Prevot <nprevot@google.com> Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING

Also improve the javadoc.

BUG:21701782
Change-Id: I88a75ccfa71b0d5df2f4779987cf0fff56001fd3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
413020a6ca6e7d4eb7e61e3fe7d7a4c570a605db 24-Jun-2015 Christopher Tate <ctate@google.com> Require that verified intent filters only have http/https <data> decls

It is malformed to write a single intent filter like this:

<intent-filter android:autoVerify="true">
<data android:host="foo.example"
android:path="/"
android:scheme="http" />
<data android:host="*"
android:path="/custom"
android:scheme="fooexamplecustomscheme" />
</intent-filter>

In practice this app is accidentally defining a filter that will match
"http://*". This is now detected, and will never be auto-verified for
any of the mentioned domains.

Verified intent filters must *only* handle the http & https schemes.

Bug 21920537

Change-Id: I933cddbea23185d242565cac940e1e7a7e4e289b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c60408264c7fe19d2f1f3550556f7e6bc1ca716d 23-Jun-2015 Todd Kennedy <toddke@google.com> Merge "Skip upgrade keys for adopted storage" into mnc-dev
e6953913536155a5d1f78d184e67a74f9acbe1c1 23-Jun-2015 oleksii stepanian <aste@google.com> Merge "Send installerUid for verification when using PackageInstaller." into mnc-dev
8d9ad19341e19256651ef86274a4382f2c09b279 23-Jun-2015 Jeff Davidson <jpd@google.com> Merge "Default permissions for carrier apps." into mnc-dev
0bf8f7cc3982164a9e11ea4a25ed930e466f1dd8 22-Jun-2015 Amith Yamasani <yamasani@google.com> Runtime permissions cannot be set on legacy apps by device policy

Clarify docs that runtime permissions can be granted or revoked by
a profile owner/device owner only for MNC apps and not legacy apps.

Check the targetSdkVersion and return false if legacy app.

Remove all policy flags from permissions when cleaning up
a device or profile owner.

Bug: 21835304
Bug: 21889278
Change-Id: I4271394737990983449048d112a1830f9d0f2d78
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c293d3ad1a4fbbf616d4dfb041eb9cbf45262b45 22-Jun-2015 Todd Kennedy <toddke@google.com> Skip upgrade keys for adopted storage

Define a new scan flag to control whether or not we're performing
an initial scan for packages. On internal storage, an intial
scan occurs during every boot. For adopted storage, an intial scan
occurs immediately after the adopted volume is mounted or whenever
an application is moved.

Bug: 21815906
Change-Id: Ieda9668230597346bce9ee25ecfa204f931bcef6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2a880312086147577e1e814bda6985fa97fb343b 23-Jun-2015 Jeff Davidson <jpd@google.com> Default permissions for carrier apps.

Grant permissions in the PHONE and LOCATION buckets to default carrier
apps as defined by the telephony stack. Provide a system API to grant
default permissions for carrier apps, as the set of apps may change
when a new SIM is inserted.

Since the phone process is separate from the system process, we need
to allow for binder calls to these APIs.

Also fix a log tag that is too long (android.util.Log drops messages
silently if the tag is > 23 characters).

Bug: 21696731
Change-Id: I98ca0c49c69f621f835ba57c1fd0505f2cec0d0d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3f4c7e3f7ed4f2a3077993ebf545c2790ace246c 23-Jun-2015 oleksii stepanian <aste@google.com> Send installerUid for verification when using PackageInstaller.

PackageManagerService when used by PackageInstaller
(installStage) does not send calling installer process id.
As a result Play Store application always triggers verification
of packages that are installed.
This causes unnecessary work on the UI thread for each new
install/update.

Bug: 22014920
Change-Id: I8cc9ba7b6fcbe26ee709a5dda284e6cdd11071f1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6d2268a57603e1c60329b93fb853ac2c134cb932 23-Jun-2015 Christopher Tate <ctate@google.com> Merge "Back up / restore default app and intent filter verification state" into mnc-dev
6038d15cbc7f4648ceaadf5f15d1928c4899f98e 17-Jun-2015 Christopher Tate <ctate@google.com> Back up / restore default app and intent filter verification state

For apps not present on device, the state inherited from the ancestral
device is applied when the app is ultimately installed.

Bug 20144515

Change-Id: Ie05b4f1751357fc62f14e259da174b8cf465e913
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3ab6f9e691fac6eeea1af8fb35bd4c41cdd692ca 23-Jun-2015 Nicolas Prevot <nprevot@google.com> Merge "Allow cross-profile app linking from work to personal." into mnc-dev
9edbda18df025527e18614cf0c45d538a27af30f 17-Jun-2015 Nicolas Prevot <nprevot@google.com> Allow cross-profile app linking from work to personal.

If the profile owner sets ALLOW_PARENT_APP_LINKING:

ACTION_VIEW, scheme http/https intents sent from the work profile
can be resolved by personal apps if they specify a host.

BUG:21701782
Change-Id: I372e2405345539eac9d6b4fb08def6bf84da14a6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2bd8e97f996bba0b52ed213f4feb4f367fe019c2 22-Jun-2015 oleksii stepanian <aste@google.com> Merge "Fix race condition in PackageManager." into mnc-dev
0f800f7c163383ce3a49cc99bc2d8097f8961bde 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> Ensure default permissions not dropped on data wipe

bug:21954760

Change-Id: I15de766012e66e171d2089af574687ad513a5d57
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f9f75771cc28035525520128e8a74c898c43e12a 20-Jun-2015 Svetoslav <svetoslavganov@google.com> Grant default permissions if perms reset on upgrade.

Change-Id: I371e8eb42dc8e8953a184d29cc2a3bd2c361097e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
161bd9aae46088cb62e78af428ef9f2b1172c0dc 20-Jun-2015 oleksii stepanian <aste@google.com> Fix race condition in PackageManager.

When Google Play installs 2 apps concurrently (e.g.
personal and work profile) PackageManager can hit a
race condition when connection to media container has
not yet been established but the MCS_BOUND event is
triggered from MCS_UNBIND.

Detailed step by step scenario:
1. package1 comes in
2. INIT_COPY (initiate bind, add pending install)
3. onServiceConnected triggers (MSC_BOUND)
4. MSC_BOUND, process pending package and schedule MSC_UNBIND
5. MSC_UNBIND is triggered once the package is verified
6. service is diconnected
7. package2 comes in
8. INIT_COPY (initiate bind, add pending install)
9. MSC_UNBIND scheduled at step 4
10. MSC_UNBIND sees that there is a pending package,
schedules MSC_BIND
11. MSC_BIND arrives before service is connected and we fail.

Solution: do not fail if we wait for connection.

Bug: 21849046
Change-Id: I39928e1efc81ba64e45c622cc08cb786801d6569
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1e575a0f32a00fc6a2f9a71fe1d1eb4426c71787 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Only grant runtime permissions to special components." into mnc-dev
adc1cf46045ae756d3a9ccbccf6b0f894e4c1edd 16-Jun-2015 Svet Ganov <svetoslavganov@google.com> Only grant runtime permissions to special components.

Now runtime permissions are granted only to components that are
part of the system or perform special system operations. For
exmple, the shell UID gets its runtime permissions granted by
default and the default phone app gets the phone permissions
granted by default.

bug:21764803

Change-Id: If8b8cadbd1980ffe7a6fc15bbb5f54a425f6e8f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8e33f63040db4f8326c1bf678645a42ab79c32f3 19-Jun-2015 Tony Mak <tonymak@google.com> Clear granted permission when app is uninstalled by one of the multiple users

Bug: 21838358

Change-Id: Iccd46382c9468d0503da0bb49a49040ae712e2cc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a408061cc7b5efaf090ce9efd5fd0ba1d95e9c11 19-Jun-2015 Sudheer Shanka <sudheersai@google.com> Merge "Use the intent filter icon in ResolveInfo for managed profile." into mnc-dev
3233a0a65c8bd2acce4b8fdfe6ce8e6c20b9a24d 19-Jun-2015 Christopher Tate <ctate@google.com> Merge "Don't always dump domain/preferred state" into mnc-dev
9c896ab226c53020b8495e9d2d6f520a0eb887cb 19-Jun-2015 Christopher Tate <ctate@google.com> Don't always dump domain/preferred state

Change-Id: Ie0431b6c3cb1a9f372a142637359c42b182d4b1b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e5bce22dc098d5da9ff573f4aac812272de3c0af 19-Jun-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Defer writes to runtime-permissions.xml" into mnc-dev
c8a49a2b95d6ed182cbc966676d17f98e1ccd816 19-Jun-2015 Jeff Sharkey <jsharkey@android.com> Merge "Write packages.list when granting permissions." into mnc-dev
b43ec54c23cdb1af88812c5221b62b6218a35b09 19-Jun-2015 Jeff Sharkey <jsharkey@android.com> Write packages.list when granting permissions.

Some permissions have the side effect of adding GIDs right now,
so we need to flush out packages.list.

Bug: 21874693
Change-Id: Ia4398c9f84cf7f151248f821b3fa2c12bdf91b80
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a750a63d639f6936af456df904fa6b9ba941885e 17-Jun-2015 Dianne Hackborn <hackbod@google.com> Fix issue #21814207 and issue #21814212 (alarm manager)

Issue #21814207: AlarmManager.setAndAllowWhileIdle should also allow wake locks.

Introduce a whole new infrastructure for providing options when
sending broadcasts, much like ActivityOptions. There is a single
option right now, asking the activity manager to apply a tempory
whitelist to each receiver of the broadcast.

Issue #21814212: Need to allow configuration of alarm manager parameters

The various alarm manager timing configurations are not modifiable
through settings, much like DeviceIdleController. Also did a few
tweaks in the existing DeviceIdleController impl.

Change-Id: Ifd01013185acc4de668617b1e46e78e30ebed041
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2f902959245f1cae57827025b8711a059faaf782 16-Jun-2015 dcashman <dcashman@google.com> Merge "Make keysetmgrservice gurantees explicit." into mnc-dev
3c13a2a5bc452777a785c1de74fff56a7cde9cdb 16-Jun-2015 Fyodor Kupolov <fkupolov@google.com> Defer writes to runtime-permissions.xml

In grantPermissionsLPw, use async version of writeRuntimePermissionsForUserLPr
to defer writes to runtime-permissions.xml.

Change-Id: I9dcae74199d26b6a988e35dff97b038d435e1e16
Bug: 21849928
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
87f794f0bf8b53d6c983968f398c4bde4cb6a014 03-Jun-2015 dcashman <dcashman@google.com> Make keysetmgrservice gurantees explicit.

Add exceptions/checks for keysetmgrservice interractions which *should* never
happen, but would result in NPE or invalid metadata. Also handle mismatches
between package and keyset metadata in packages.xml.

Bug: 20128916
Change-Id: Ia0f63f78d232d9d8d9fbe4cd8e6cc3406e5192a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
72c10a25f0b91bac8d50ec512d37d516ece7c9d5 13-Jun-2015 Christopher Tate <ctate@google.com> Clean up app-link verification policy

If an app claims to be the official auto-verified app for any domain
and thus the automatic handler for ACTION_VIEW / {http,https}://...
intents naming that domain, then we require that it verify as the
official app for *all* domains it purports to handle, even if the
other domains are not flagged for verify.

Bug 21335460

Change-Id: I3fdd8620defa31aea36ce738fa63ac94fc53c5f7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f63655e49fcccd922e8d5f61c67f58bd4a361211 15-Jun-2015 Christopher Tate <ctate@google.com> Merge "Use HTTPS when fetching app link verification resources" into mnc-dev
a5c852e03abb9372a6928271a930d7d79e4ec45e 14-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Clear runtime permissions on package data reset." into mnc-dev
2a30be19006ede27ee524da89b6c4a1b551b1d76 14-Jun-2015 Svet Ganov <svetoslavganov@google.com> Clear runtime permissions on package data reset.

bug:21817488

Change-Id: I7c51fee5206e3bcb79951f237a71862f0752a709
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3c458636494f28685146060e1252f52fe43ed38a 12-Jun-2015 Christopher Tate <ctate@google.com> Use HTTPS when fetching app link verification resources

Bug 20016932

Change-Id: I30b4e052795551f3048b3adf29cd89ec0501fce8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
465ef5c43940e31ff4479175e51793c63a0e05ab 12-Jun-2015 dcashman <dcashman@google.com> Don't use upgrade-key-sets check when scanning during boot.

Apps may specify upgrade-key-sets which are different than their current signing
keys to prevent a future upgrade with the current set of keys. Every package is
re-scanned on boot, however, so the existing application would violate its own
recorded upgrade-key-sets. Change the key verification check to ignore
upgrade-key-sets on boot. Also default to the same-sig checks if the
upgrade-key-set meta-data has been corrupted.

Bug: 21785716
Change-Id: I5c0c1e2017ec780a745a74488620bfe95b052269
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
75a0ee081fa31b75649e164a8bf79a23a3ebd060 11-Jun-2015 Svetoslav <svetoslavganov@google.com> Merge "Add system API to watch for permission changes" into mnc-dev
f7c06eb03ab4479b9d0656a23a4733d17e995183 11-Jun-2015 Svetoslav <svetoslavganov@google.com> Add system API to watch for permission changes

Change-Id: I1ce450a59fb326c14848f46732d877dea33f33c7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7cbe9f03a968ef42840d234ea325b69f4b1f1417 10-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Merge "Fix abi-detection for 32-bit system apps" into mnc-dev
44a2d978d13e2370bdb057c08faede145f937c70 10-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Fix abi-detection for 32-bit system apps

Some system apps are still special and use symlinks
to /system/lib. For these apps we try to detect abi
based on directory structure if detecting abi the
regular way was failed.

Bug: 21668152
Bug: 21711506
Change-Id: Ic048e5f4c24d06ca2cb917d7a061a41bde597e9f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab4bb9d1fec685dab0fce9232c9a3477fab356b3 06-Jun-2015 Dianne Hackborn <hackbod@google.com> Fix issue #21571700: Need to be smarter about how foreground...

...services get out of app idle

Introduce a new process state to even better distinguish foreground
services from other states. Rework the INTERACTION reporting to
usage stats to do it less when the screen is off -- require that
an app sit in the foreground service or top activity state for
at least 30 minutes before we consider it an interaction.

Also eradicate a bunch of logging in package manager.

Change-Id: I94249e67f9a9c62e9a92ae104710e6747b16327e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b5766468538de200d26012d96019db26bccac5d4 08-Jun-2015 dcashman <dcashman@google.com> Merge "Add SYSTEM_DIR check to upgrade-key-set verification." into mnc-dev
f61ae2de25a2dd09024bf5a8462b4408203c928b 08-Jun-2015 dcashman <dcashman@google.com> Add SYSTEM_DIR check to upgrade-key-set verification.

Bug: 21697139
Change-Id: I7e6ce3d7f231e0ca5da1f501c80342a04f6c2a1e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
25bb4553f379c70244f52d4864eab18530aa0a2e 08-Jun-2015 Dimitry Ivanov <dimitry@google.com> Merge "Revert "Print exception stacktrace on failed scanPackageLI"" into mnc-dev
47fc7fe7f6bd5a44c20c4b03d3195f601bcc3735 08-Jun-2015 Dimitry Ivanov <dimitry@google.com> Revert "Print exception stacktrace on failed scanPackageLI"

This reverts commit 95b7d50ce1a1ae879bbb1b8b8262172744c28d0e.

Bug: 8076853
Change-Id: Ia19e6638a97b7b49561932752a204990e3a486d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a25a3d6187d7c60991212361e6cf28439cfd1a08 01-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Fix abi detection for system apks

Prebuilts open their libraries directly from apk.
Because of that abi detection is no longer as
special as it was before.

Bug: 20810492
Bug: 8076853
Change-Id: Icbd39d6062f3c1fcad2038e712b98fbdd9aa2196
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd1fc1465bb16eca10cc29fe887c63b0cff178e9 11-May-2015 Narayan Kamath <narayan@google.com> Don't compile all splits when installing one.

This patch consists of two broad changes :
- don't "force" dex2oat when installing a new app. this should never
be necessary because we will always compare checksums.

- when staging a new install, we "inherit" (hard link) all compiled
oat files from the previous install. this will ensure that we compile
only those files that have changed, and not all of them

bug: 20889739
Change-Id: I3e14335f3bcfe76d1d24d233f53a728a6d90e8a1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20770ddbd4d6f2af0093f36462a8f44a678b084b 30-May-2015 Svetoslav <svetoslavganov@google.com> Add API to hint whether to show on-board UI before a permission request.

bug:21511988

Change-Id: I9d1d7adf34b68074e65510f53b6e642cf784cf6b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
95b7d50ce1a1ae879bbb1b8b8262172744c28d0e 02-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Print exception stacktrace on failed scanPackageLI

The current message does not provide enough
information to figure out what is going on.

Bug: http://b/8076853
Change-Id: I741781ce6829eac44e4edddd0a545f3be743ceeb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
623b58b2cfcb778f52d2393bc4093ee721c3f16c 28-May-2015 Narayan Kamath <narayan@google.com> Avoid inspecting packages twice to deduce ABIs for moves / installs.

In the case of moves, we can use the existing ABIs from settings because
a move will not result in an ABI change. For new installs, we can just
use the ABI we deduced for compiling (dex2oat) the package.

bug: 21144503
Change-Id: I35e2e8abd47f547b6252271fc6b41d30719c4298
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9ded760f6378b79ae5f91fe694744981a4154d0b 19-May-2015 Sudheer Shanka <sudheersai@google.com> Use the intent filter icon in ResolveInfo for managed profile.

Bug: 20753645
Change-Id: Ifed4b498524272517c9f3338ba88fcbcd3b22075
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd251fa382e887f59c278d4d7cd0a858812c6114 21-May-2015 Narayan Kamath <narayan@google.com> Fix application moves.

We don't dex2oat during application moves, so we must scan
the package again scanPackageDirtyLI to deduce its ABI.

This is unnecessary (since a move cannot change ABIs), but we
need some additional refactoring to avoid a second scan.

bug: 21337469

Change-Id: I3e9dfd5db1c928847f9d527dc15d29a05ff40e7d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c52ae28006605fb2da38b305b60b9bb419aa2f80 20-May-2015 Narayan Kamath <narayan@google.com> Throw a checked exception on inconsistent installs.

Allows us to proceed without crashing the system process. Also,
complete an incomplete error message. Follow up comments from
change b904863476991d8540d37d5.

bug: 21144503

Change-Id: Idb6a33f93b70b4e5e2bca95d2d3af0e2adaeedf3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6503e69d1dfe425f292c6e982bb87cf12b1f4397 20-May-2015 Svetoslav <svetoslavganov@google.com> Prevent modification of system fixed permissions

Change-Id: I061b993df305f27e52f08dad54f1bdbf162de4d9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6d9a53abbc94788dc02f7ebde30744753e0a5a3d 20-May-2015 Svetoslav <svetoslavganov@google.com> Merge "Handle downgrading a runtime permission to an install one" into mnc-dev
a1d0f3031f3aff9c17c0bd6e1bdfd788a2b79ab9 20-May-2015 Svetoslav <svetoslavganov@google.com> Handle downgrading a runtime permission to an install one

bug:21300531

Change-Id: I5c020c0faae3e727bbe898441c58116e2ab892b8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b3793d7201c2555cc1f6b01dbed47429b7d31be4 20-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 12" into mnc-dev
f2fec45280682b0b2531781d8f9bd34f64fe164d 19-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 12

- again tune Intent resolution candidates filtering: first add always list
if not empty, other wise add undefined and browsers. If the list is still
empty at the end, then add all the initial candidates.

See bug #19628271

Change-Id: I21f5313daf7bec1049c1e7c08275c825855d2935
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b904863476991d8540d37d542c0a49b78deab680 18-May-2015 Narayan Kamath <narayan@google.com> Scan package to derive ABIs before optimizing.

This requires a minor refactor to extract the ABI detection logic
out of scanPackageDirtyLI.

Note that there's a minor regression here : we ignore the
cpuAbiOverride from the package settings when calculating the
CPU ABI. This is OK (and possibly better behaviour) because this
is only a debug only option (for adb install) AND because the instructions
require users to specify the abi override on every adb install
invocation. Furthermore, the behaviour when an ADB installed app
(with an override) is auto-updated is more consistent.

bug: 21144503
Change-Id: I74e7c493468ee0088eb615c9a7fe30b4d7cf27de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a91a6f68f4c2564f763d28a3cfcd9d8b7a3f5db9 16-May-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Hold wakelock while dexopting" into mnc-dev
e650fd95a9d87f74fb420687b7062c9d428ef3f1 15-May-2015 Svet Ganov <svetoslavganov@google.com> Merge "Fix grant/revoke to act on owner by default and log invalid user id." into mnc-dev
4ccca50d7e501154127ac360e0fcbae850b1bbc8 15-May-2015 Svet Ganov <svetoslavganov@google.com> Fix grant/revoke to act on owner by default and log invalid user id.

bug:21163229

Change-Id: I66d0cc130b37b5752ed06afc73259ed41bfb7830
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4 08-May-2015 Wojciech Staszkiewicz <staszkiewicz@google.com> Pass charset to XmlPullParser.setInput instead of null

Passing null to XmlPullParser.setInput forces it to do additional
work, which can be easily avoided if we know the charset beforehand.

bug: b/20849543

Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
857c3019bac34bbabaa8d5ebb4ab0047ca07cfc5 14-May-2015 Svetoslav <svetoslavganov@google.com> Merge "Do not allow opting out from the new permission model." into mnc-dev
d9653703987f0ba194df6383d766173f65bf758e 14-May-2015 Svetoslav <svetoslavganov@google.com> Do not allow opting out from the new permission model.

bug:20525775

Change-Id: I84cd4587db5adb96f6f29148adb242905f53f2dc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aef477a65e9baaf1feb2c60350f1faf0132d8e92 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 11" into mnc-dev
b371c7b6e234bda71a0266e67722c859227f643c 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 11

- tune Intent resolution candidates filtering: add also the undefinedList
into the results at first so that when you install an App which is not
verified (after installing a verified App) you will still have the
Disambiguation Dialog prompted to the User.

See bug #19628271

Change-Id: I611fff4c1c7f60db22312d7948c8d5120719fbd0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fe112e7b388fe582a4e57c26fdf651511b0bbb5a 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 10" into mnc-dev
649efc68cb3cd9648db6801989108c79f99dc1f2 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 10

- tune Intent resolution candidates filtering: remove the undefinedList
from the results and then add it again it there is no more candidates.

See bug #19628271

Change-Id: I9ab077f6a431367be8bab30c134d34e1e7ac51ed
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b3f22b48bbd4e4816212e596e3cb612457d48fe5 12-May-2015 Svet Ganov <svetoslavganov@google.com> Runtime permissions for system components not revokable - framework

Change-Id: I5b1d7bb1618ffa8d1231618ece47d0905c82f7bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e2f43948d1de58e49192b97306e8a4e1c99412f4 12-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add user selectable Default Browser feature - part 6" into mnc-dev
3453e081e0a94bbb0b8c1d58ce4ccdbf2e53639e 12-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add user selectable Default Browser feature - part 6

- if a default Browser is not defined and if a Browser App
is selected into the disambiguation dialog, then make it as
the default Browser
- clear default Browser saved data (package name) when
the default Browser App is removed

See bug #20144393

Change-Id: Ia8621d7a61ec2cb60deded9d70f75f1e1d88d123
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8c7f700a59ad26e75c9791335d78f14322cad49a 07-May-2015 Svet Ganov <svetoslavganov@google.com> Add permission meta-state flags to support grant/revoke permission policy.

We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:

1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.

2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.

3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.

Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a627c094e67f640dfe3b2ac0b633edcf51270cf4 06-May-2015 Fyodor Kupolov <fkupolov@google.com> Hold wakelock while dexopting

Bug: 19521294
Change-Id: Ieed9b98ecb4a3332ce652d76c2bac8c312917ca1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aef021042e1bc6851a9d66f40f00cea021d357c7 07-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 8" into mnc-dev
1f09b8c0c2a08fa5169a36031efcb3f34ec5f163 07-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 8

- fix clearing of Intent Verification Status: now do it at the correct
time when the PackageSettings info is still there
- reduce writing of Settings

See bug #19628909

Change-Id: I9113333c330964249342108fa1ca7b8ec89c3322
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4a64b19f239b6bff82a032329ce5781681843044 05-May-2015 Svet Ganov <svetoslavganov@google.com> Merge "Permission UI - legacy apps support" into mnc-dev
019d2304998f3ed77c0a608df6cf4bea1138f8dc 04-May-2015 Svet Ganov <svetoslavganov@google.com> Permission UI - legacy apps support

Change-Id: Id3f98c138422d33868363d587dd196898b42a0d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
44b60be189183138437a3faf9a73388af0efcf44 05-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add user selectable Default Browser feature - part 5" into mnc-dev
7d1a9d056261fdf304215c9b53b7cc4f4422e1db 05-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add user selectable Default Browser feature - part 5

- check and clear default Browser if its package is no more available

See bug #20144393

Change-Id: I60a1b8f11058f3a4f9dc80440027ab72fe7cce2e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8ef631de47d4e52cafe5f9182633892b480dfcdb 04-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add user selectable Default Browser feature - part 4" into mnc-dev
4c92949993e77e1727f5d967b070074dd8f67a5c 02-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add user selectable Default Browser feature - part 4

- when selecting a default Browser App, make the others Browser Apps
not capable to open URLs automatically

See bug #20144393

Change-Id: I6ffaafbfb1a2571c0eba90af5c1648150b020559
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
83bb765b046a3c6d90abbd65545d4532f647ae14 01-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 7" into mnc-dev
1de3f0dcafb0c5ceb3d9bec96a5c630bb8d4a515 30-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 7

- update packages priming so that it effectively save its data
- use ArraySet instead of ArrayList for list of domains (a set
is preferable as we dont want duplicates)

See bug #19628909

Change-Id: I52085f4bc28dcbc7fbc02ba0898abcd4ae9cf1e2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a320505f3a39e21f29065f0f2a01089363825318 01-May-2015 Jeff Sharkey <jsharkey@android.com> Merge "Move both app code and data together." into mnc-dev
bd0e9e4958acdc6ab5f607bc252fddba877d20f9 01-May-2015 Jeff Sharkey <jsharkey@android.com> Move both app code and data together.

Refactor app movement code into the normal install flow as a new
flavor of InstallArgs. It copies both app code and data during the
copy step, and just updates paths during the rename step.

Measure free space before kicking off a move. Spawn a thread to
derive a hacky progress estimate based on free disk space counting
down.

Remove checkFreeStorage() and getLegacyNativeLibraryPath() which
nobody was calling. Fix deadlocks around package broadcasts, and fix
wrong lock ordering when loading packages.

Bug: 19993667, 20275578, 20370140
Change-Id: I7bbf14c924a724d6ebb8a41a02434750fa3302bc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dc4ad271f931eca48ab8ef22ef76db740d179d99 30-Apr-2015 Benjamin Franz <bfranz@google.com> Merge "Add package name extra to PackageInstaller callback" into mnc-dev
e31b820dad4c5f2b19ee10479a675a139ad3c61e 30-Apr-2015 Jeff Sharkey <jsharkey@android.com> New "frozen" state during app move/upgrade.

This replaces mOperationPending, which was in an odd place. It adds
a new PackageSetting.frozen flag that is a last-ditch effort to
prevent ActivityManager from starting an app while it's being moved
or upgraded.

Also provides clearer guarding around all upgrades by freezing,
killing, upgrading, then unfreezing.

Bug: 20275579
Change-Id: I28bb0359a6f4e05080fb336b18dd2a249509d989
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
50a05454795c93ac483f5cb6819e74cb17be1b5b 29-Apr-2015 Jeff Sharkey <jsharkey@android.com> Returning to wizard, split move events.

Finish wiring up notifications to jump back into in-progress wizard
flow, using moveId as identifier.

Split move events back into separate creation and progress events,
and pass details as bundle to pass extra stuff like UUID. Null
package still means moving primary storage.

Add explicit "volume forgotten" event for PackageManager to clean
up internal state with.

Plumb through internal path reported by vold, and bring back FUSE
bypass rewriting optimization.

Bug: 19993667
Change-Id: I0f43edbba36c58c5cd33550022c54c4eb9f01a48
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2e3e943ccd419dd10d3e4df5ae7640e8b020cc76 17-Apr-2015 Benjamin Franz <bfranz@google.com> Add package name extra to PackageInstaller callback

If an app invokes app install via PackageInstaller APIs without knowing
the package name, the callback contains no information about the name
of the installed package. Add EXTRA_PACKAGE_NAME to this callback.

Also allow PackageInstaller to distinguish between a newly installed and
an updated package.

Bug: 19764848
Bug: 20150135
Change-Id: I062440a08df9a723e9445ea10bc6f6800c5b99a8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c4a44e577c7b8316172d1bf5357d006776ae75e 23-Apr-2015 Nicolas Prevot <nprevot@google.com> Do not return cross-profile intent results to a non-enabled user.

In PackageManagerService.queryIntentActivities, do not return
ResolveInfos targeting a user which is not enabled.

BUG:19578138
Change-Id: Id4e730ca8671c26f8cf077bc9c66b3dbd37be482
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b36586a7c9b7718f33961406537e27bbd9b16211 27-Apr-2015 Jeff Sharkey <jsharkey@android.com> Split some VolumeInfo state into VolumeRecord.

VolumeRecord is a historical record of a volume that we've seen in
the past. It's now surfaced outside the framework for SystemUI to
drive the notifications that bug users to reinsert missing private
volumes.

Show progress notifications for both storage and package movement
operations. Notify when an empty disk is inserted (no usable volumes)
which launches into the normal format flow.

Add API to forget volumes.

Bug: 20275424, 20275424
Change-Id: I75602c17fdcd4d1f1f62324e1a08c4a33093eefa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f7e39fc9d278642a29df48daf44dceff11acd17 11-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Use Default Browser App for IntentResolution when needed

- add MATCH_ALL as a new flag for telling that all results need to
be returned (even if there is some sort of filtering done).
- take into account the default Browser App for Intent resolution
- also, dont do any domain verification priming for non system app

See bug #20144393

Change-Id: Iddd1f2029e3bbf3b99ebc5f416dc7f17e5bad10c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
275e3e43f2fba72fa99001cafa2a70e5478fc545 25-Apr-2015 Jeff Sharkey <jsharkey@android.com> Migrate primary external storage.

Wire up through MountService to call down into vold. Watch for
unsolicited events that report progress, including special value "82"
that signals that copy has finished. We use this value to persist
the volumeUuid in case of unexpected reboot, since it indicates the
new volume is ready.

Wire progress updates through existing callback pipeline.

Update the volume mounting code to match against the persisted UUID
when selecting the primary external storage.

Bug: 19993667
Change-Id: Id46957610fb43517bbfbc368f29b7d430664590d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
620b32b316fd4f1bab4eef55ec8802d14a55e7dd 24-Apr-2015 Jeff Sharkey <jsharkey@android.com> Package and storage movement callbacks.

Since package and primary storage movement can take quite awhile,
we want to have SystemUI surface progress and allow the Settings
app to be torn down while the movement proceeds in the background.

Movement requests now return a unique ID that identifies an ongoing
operation, and interested parties can observe ongoing progress and
final status. Internally, progress and status are overloaded so
the values 0-100 are progress, and any values outside that range
are terminal status.

Add explicit constants for special-cased volume UUIDs, and change
the APIs to accept VolumeInfo to reduce confusion. Internally the
UUID value "null" means internal storage, and "primary_physical"
means the current primary physical volume. These values are used
for both package and primary storage movement destinations.

Persist the current primary storage location in MountService
metadata, since it can be moved over time.

Surface disk scanned events with separate volume count so we can
determine when it's partitioned successfully. Also send broadcast
to support TvSettings launching into adoption flow.

Bug: 19993667
Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
94056d1cb8183bde3e942336735b289b9654deb1 23-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Do not create oat directory for an app in ASEC container

Currently installation fails, if an app is located on SD card (inside ASEC).
If an app is located inside ASEC, dexopt output should go to
/data/dalvik-cache. dexopt also needs to be performed at a later stage,
because the name of the oat file contains the absolute path to the dex file.

Bug: 20452651
Change-Id: I4432ca7a0b0e88b705705acf42e5cae78cadf729
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
529f91fc8e7e884ef19bef8eb3e4e3a1d69336f4 19-Apr-2015 Jeff Sharkey <jsharkey@android.com> Always send volume UUID with installd commands.

Since packages can be moved to other volumes, all relevant commands
to installd now require an explicit volume UUID parameter.

Bug: 20275577
Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7e92ef3a1146102806fa0543ef12e09231c55639 18-Apr-2015 Jeff Sharkey <jsharkey@android.com> Volumes know parent disks; unsupported disks.

This is cleaner and more direct than the reverse of having the disk
publish child volume membership. Rename state constants to match
public API. Add state representing bad removal. Make it clear that
volume flags are related to mounting.

Send new unsupported disk event when we finish scanning an entire
disk and have no meaningful volumes.

Splice disk labels into description when known. Only adoptable
slots are directly visible to apps.

Bug: 19993667
Change-Id: I12fda95be0d82781f70c3d85c039749052dc936b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e2d45be4dae116307f8edd85eaa61134221cb8f9 16-Apr-2015 Jeff Sharkey <jsharkey@android.com> Candidate volumes for packages, fix symlink.

Add API to determine the possible candidate volumes that a package
can be moved to. For example, it currently knows that we need to
move ASEC-based apps through internal storage before migrating them
to a private volume.

Comparator for consistent VolumeInfo ordering when displayed in UI.

Fix native library symlink to be volume UUID aware.

Bug: 19993667
Change-Id: I68d5fac5f0f776ac1c7dd15e7a984bfe2704f3f7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
afd1fc3ccc7c5627c0a10d4b61fb4e87b0e18cd9 13-Apr-2015 Svetoslav <svetoslavganov@google.com> Improve permission group handling.

1. Don't ignore permissions in an unknown group.

2. Ignore permission groups for legacy apps as the meaning
of a permission group is redefined.

Change-Id: Ifd0e0928cfd8540f3abc39a8834e84c3f18149be
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
98680e969b384e2765a311fe14a070fb39f587ee 13-Apr-2015 Sudheer Shanka <sudheersai@google.com> Merge "Clear defaults of an application installed in multiple users."
d957f80ced65b4151c4fe1fcd9815cc2dcc00c99 04-Mar-2015 Sudheer Shanka <sudheersai@google.com> Clear defaults of an application installed in multiple users.

Bug: 19120156
Change-Id: I6c85b62d121df84e5f86dd359e8555376fea9701
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6036cd51265d31c08eefe0470a9f37e7f757aae8 11-Apr-2015 Jeff Sharkey <jsharkey@android.com> Merge "Support moving apps to expanded storage."
30ca50a3ddf35e6426e7b561b95e0864885de6d5 11-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add Default Browser App support and relax Hosts validation for AppLinks"
6227172310663e1267b1fabd68be890a1cb7e145 11-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add Default Browser App support and relax Hosts validation for AppLinks

- add private PackageManager APIs for setting/getting the default
Browser App package name
- serialize / deserialize the default Browser App package name per User

Also relax the Hosts name validation for the AppLinls feature. Now we
just care if the IntentFilter is having an HTTP or HTTPS scheme.

Change-Id: I4436f66ac6beff57e14f7f3a2a00b0b582c03be9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
caa41648f4e3cecc1996447396aabc4e394b8fd0 10-Apr-2015 Svetoslav <svetoslavganov@google.com> Merge "Allow only system signed apps to grant permissions at install"
805b63e253c139625f5a86d72ef7b31d6ec9f8e9 10-Apr-2015 Svetoslav <svetoslavganov@google.com> Allow only system signed apps to grant permissions at install

bug:20099946

Change-Id: Ifcc5c6638b4174ffb3ba452ae68a5a53b2d1ff0a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b9f3674c11ed9c89b80a69f728cbc5f540b2ecde 09-Apr-2015 Jeff Sharkey <jsharkey@android.com> Support moving apps to expanded storage.

Start deriving the data path for apps based on the volume UUID where
the app lives. This path is used for all higher-level APIs, giving
us a clean place to switch app storage.

When parsing a package, keep track of the volume UUID where it lives
and update PackageSetting once installed. For now continue treating
moves as installs, but we'll eventually clean this up to avoid the
additional dexopt pass. Wire up move to use the new installd command
to move private data between devices.

Cache LoadedApk only for the current user, since otherwise the data
dir points at the wrong path.

Bug: 19993667
Change-Id: I53336e3b147d5fd3130e6800869af172b628da37
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5f76360ff99b44d611a40bc1b04bacb2a49b47fa 10-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 5"
e48c137acdddd477d671417eb93ec120a1931cbb 10-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 5

- optimize IntentFilter verification: dont do stuff we dont want
if we dont need to do them.

- improve IntentFilter candidates filtering and also improve
at the same time fix for bug #20128771: we can return the candidates
list rigth the way if the Intent is not related to a Web data URI and
include the "undefined verification state" ones if the first filtering
pass does not leave any.

Change-Id: I19f5c060f58b93530e37b4425d19ed23d2a0f4c0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7c6a34e64a52b71a6ea00efd2127a4814b5c72a6 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Fix bug #20128771 All apps disappeared from app drawer after AAZ08 OTA"
53f35f4a20f69a61b83b88b666e85277d07e9de0 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Fix bug #20128771 All apps disappeared from app drawer after AAZ08 OTA

- relax a bit Intent resolution. We should still include Apps that
do not support Web domains :-) so in that context add in the result
list the Apps that are with a status INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED

Change-Id: Ibad7b7f577552ac75bba256bb387a75b83524958
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c9d83fc2e0f2e6f24b9f7957cc9650b3e866cf1d 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 4"
a1b19b7b66b06647501bc80d3002701fd9e59b7a 09-Apr-2015 Richard Uhler <ruhler@google.com> am 00ff42a0: am 7f757130: am f324d245: Merge "Reuse dexopt method for both dex2oat and patchoat."

* commit '00ff42a0ca9d17c4b7ee89d900cf86c9a25c00eb':
Reuse dexopt method for both dex2oat and patchoat.
7f7571308d5dc973e9b1e352d56643a74e99e588 09-Apr-2015 Richard Uhler <ruhler@google.com> am f324d245: Merge "Reuse dexopt method for both dex2oat and patchoat."

* commit 'f324d245fdd07ac14ab312d1a5fa04a4e8dfcceb':
Reuse dexopt method for both dex2oat and patchoat.
f324d245fdd07ac14ab312d1a5fa04a4e8dfcceb 09-Apr-2015 Richard Uhler <ruhler@google.com> Merge "Reuse dexopt method for both dex2oat and patchoat."
7d014cec63939f7aca2a8014f45cd4c9a3e1aa0c 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 4

- add domain verification priming at boot when the PackageManagerService
singleton is created. This will mainly set the domain verification status
to INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS for all Apps that
have an IntentFilter with action VIEW and data scheme HTTP or HTTPS.

- also optimize Intent resolution by taking into account Browser Apps

Change-Id: Id8e66c9759a99e79b07051595ca89a168dc5ae0e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0788595e0c9bc5e8c1907c63db595010006ef5b4 07-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 3

- add private API PackageManager.getAllIntentFilters(String)
for getting all IntentFilters from a given package
- update IntentFilterVerificationInfo to use an ArrayList<String>
for domains instead of a String[]
- if you make an App a default domain handler then make the
others as non default
- create an IntentVerificationInfo even if the App IntentFilters
do not need to be verified. This would be done only if the App
has some domain URLs defined and would allow to make it the
default handler for a domain
- a few code optimizations here and there

Change-Id: I4535372a0bb1a2c8e662e1485be8ca700003e9b3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
75bff7cca024d64b090f2104ed9a3be600c27fc5 07-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Unnecessary dexopt in installPackageLI

When a new package is created, installNewPackageLI does not need to call
dexopt, since it has already been made.

Bug: 19550105
Bug: 20087446
Change-Id: If6b05bea590eea5f95efebb22a67ccd8cdf632c2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8aa61000021ed32480599c7dea875f0b27ba44f0 07-Apr-2015 Svetoslav <svetoslavganov@google.com> Merge "Enable runtime permissions"
77e46d214db035f150e8522fad03edec913939e8 07-Apr-2015 Fyodor Kupolov <fkupolov@google.com> am 6a17f601: Merge "Unnecessary dexopt in installPackageLI"

* commit '6a17f60166082227a5a644f9114db46a0ade73f0':
Unnecessary dexopt in installPackageLI
b2b9ab8354da1485178cd8d8e9d89ac915b3f269 06-Apr-2015 Jeff Sharkey <jsharkey@android.com> Installing packages to expanded storage.

PackageManager now offers to load/unload packages when expanded
volumes are mounted/unmounted. Expanded storage volumes are still
treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view,
but this change starts treating the INSTALL_EXTERNAL flag as
exclusively meaning ASEC containers.

Start tracking the UUID of the volume where a package is installed,
giving us a quick way to find relevant packages. When resolving an
install location, look across all expanded volumes and pick the one
with the largest free space. When upgrading an existing package,
continue preferring the existing volume. PackageInstaller now knows
how to stage on these volumes.

Add new movePackage() variant that accepts a target volume UUID
as destination, it will eventually move data too. Expose this
move command through "pm" command for testing.

Automount expanded volumes when they appear.

Bug: 19993667
Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
36b26adde8091bcf8e1d5aff6ae393278fef12c8 07-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Unnecessary dexopt in installPackageLI

When a new package is created, installNewPackageLI does not need to call
dexopt, since it has already been made.

Bug: 19550105
Bug: 20087446
Change-Id: If6b05bea590eea5f95efebb22a67ccd8cdf632c2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e012a235569fe307d165dfd0784ae847d0b13739 02-Apr-2015 Christopher Tate <ctate@google.com> Back up / restore preferred app configuration

Bug 19848104

Change-Id: I84cdfcc44b48a9732984955d7eedf745b5586bdd
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
429270c3ed1da02914efb476be977dc3829d4c30 07-Apr-2015 Svetoslav <svetoslavganov@google.com> Enable runtime permissions

Change-Id: I092a24e472f841ff6094ac4135dfd19381de61ff
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7151a9a887051542c6da9f380376f3b306184e5c 05-Apr-2015 Jeff Sharkey <jsharkey@android.com> Storage methods using IDs, update listeners.

Add StorageManager methods that work with Disk and Volume IDs instead
of paths which can change over time. For example, a freshly formatted
volume has a different UUID and mount point, even though it's the same
volume.

Update StorageEventListener to be all one-way calls to avoid blocking
while dispatching events. Add new listener method for Volume-level
state changes. The existing state method will remain focused on the
per-user state reflected by StorageVolume. Switch listeners over to
using the more robust RemoteCallbackList pattern under the hood.

Change external ASEC scanning logic in PackageManagerService to be
driven by listener events, instead of explicit MountService calls.

Bug: 19993667
Change-Id: I57c505de260ff1762a78d70d15f1892f40229210
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7b08b35bde3df58816b171b88712bcc6d21dcbe8 26-Mar-2015 Richard Uhler <ruhler@google.com> Reuse dexopt method for both dex2oat and patchoat.

Change-Id: Ib9a6373f98474f1242367b5285086251a9d580e5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
96bba82ac4295f68ef956ecae7ee169eb3c271d1 03-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add private flag PRIVATE_FLAG_HAS_DOMAIN_URLS to ApplicationInfo"
d3d8a32217d5a2d895917cfe7e1645935d228494 02-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add private flag PRIVATE_FLAG_HAS_DOMAIN_URLS to ApplicationInfo

This is for supporting Settings UX and Domain URLs

- the new PRIVATE_FLAG_HAS_DOMAIN_URLS flag will be set by
generateApplicationInfo() when the Activity is said to have some
IntentFilter with a VIEW action and a http / https data URI

- code cleaning for args passing
- also add a new constant for the MetricsLogger

Change-Id: I5c9762fc2c4a9b46c0e255b9a23bffd70fae40c7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c38a54b1f076b86453041755e15504fd0b4d48af 03-Apr-2015 Fyodor Kupolov <fkupolov@google.com> am 30c688da: am 031898df: am 3d8b7f4d: Merge "Support for storing OAT files in app directory"

* commit '30c688da8bd2b3320446a06424e1cc57b693522a':
Support for storing OAT files in app directory
3425dae8dc63372e8944dce43f7ed2d567512248 03-Apr-2015 dcashman <dcashman@google.com> Merge "Refactor KeySet code."
d2cf3aec6087ba53dcbb55eb38c8e7f385ac4cbd 03-Apr-2015 Svetoslav <svetoslavganov@google.com> Do not clear a shared user's permissions on an app install.

When regranting permissions for an app during an install if
that app is in a shared user we should not clear the permissions
as the permissions for the shared user are additive and go away
when apps requesting them are uninstalled.

bug:20050689

Change-Id: I82aa70669fc25a45e7020a1545b093db5525f5cf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
031898dfd2dd734724d61e447a8ed61cc7f07d5c 03-Apr-2015 Fyodor Kupolov <fkupolov@google.com> am 3d8b7f4d: Merge "Support for storing OAT files in app directory"

* commit '3d8b7f4d50c2f7c64ec4e5874fd95cf837ddc12e':
Support for storing OAT files in app directory
8c04facdf5e76fb34c55cfe3dc9a0216322b91b8 23-Mar-2015 dcashman <dcashman@google.com> Refactor KeySet code.

Eliminate dependency in packagesetting keyset metadata on other packages by
introducing reference counts for KeySets and public keys. This also allows
keysets to retain their id across reboots by eliminating the need to remove
all keyset data after scanning all packages on boot, which also should
drastically reduce the number of calls to ArraySet.removeAll().

Bug: 19617481

Change-Id: I6cc65f30e431b8e4ebe49047a9219a0d983f2774
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b94c1657eb0140f7b91f5372a9f76de5a3d87e36 03-Mar-2015 Fyodor Kupolov <fkupolov@google.com> Support for storing OAT files in app directory

In installPackageLI, dexopt is now performed on a staging directory of the app
(dexopt phase 1). For each codepath:
- /oat/<isa> directory is created
- dexopt output goes to the newly created directory. Optimized files have
.odex extension.

Bug: 19550105
Change-Id: Iec59790d97837b78af82b079fd1970de3388c91d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c1b47125da018b44240739db75f8898e064a948 20-Nov-2014 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification

The purpose of this feature is to prompt the Disambiguation dialog
to Users as less as possible.

- add the new "autoVerify" property to the IntentFilter class
- add new APIs to PackageManager:
verifyIntentFilter(int, int, List<String>),
getIntentVerificationStatus(String, int),
updateIntentVerificationStatus(String, int, int),
getIntentFilterVerifications(String)
for supporting IntentFilter verification
- add support for multi-user
- update PackageManager for IntentFilter verification:
basically when we are installing a new package, ask for verification
of all domains from the IntentFilters that have the "autoVerify" to true.
This means that the PackageManager will send a well defined protected
broadcast (with a new INTENT_FILTER_NEEDS_VERIFICATION action) to
an IntentFilter verifier to do the real job of verification.
We are passing in the broadcast Intent all the necessary data for
doing the verification. The PackageManager will receive as response
the result code of the domain verifications and, if needed, the list
of domains that have failed the verification.
- add a new INTENT_FILTER_VERIFICATION_AGENT permission that needs to
be set by an intent filter verifier to be considered as a trustable
party by the PackageManager.
- add also a new BIND_INTENT_FILTER_VERIFIER permission for securing
the binding between the PackageManager and a service doing the
intent filter verifications.
- add ResolveInfo filterNeedsVerification which is a boolean
to knows if the IntentFilter is of a type that needs a verification
(action VIEW, category BROWABLE, HTTP/HTTPS data URI)
- add new "domain-preferred-apps" / "d" dump command for listing the
prefered Apps for all domains
- add new "intent-filter-verifiers" / "ivf" command for listing the
IntentFilterVerifier used
- introduce the IntentVerificationService which is a basic service
for verifying IntentFilters. This service will send HTTPS requests
to the domain declared in the IntentFilter(s) for doing the
verification. This service has a low priority level so that it
can be replaced by a more sophisticated one if needed. This service
is updating the PackageManager intent verification states thru
the updateIntentVerificationStatus(...) API.
- update MockPackageManager

Change-Id: I0bfed193d0bf1f7c7ac79f6c1b160b7ab93b5fb5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
12a692a5e8244cad6ae634cc0821e4e3590cfef6 29-Mar-2015 Svet Ganov <svetoslavganov@google.com> Fix runtime permissinos toggling and relax XML parsing.

1. Fixed the case where runtime permissons can be toggled by a
developer via a system property.

2. Relaxed the runtime permission XML parsing to be more fault
toelrant and consistent wiht the reset of the package manager
parse code.

3. Fixed a deadlock due to calling in to the activity manager
with the package manager lock held to kill an app.

Change-Id: I11dfb57ad4d8119baea79227dc2a3fe5e2208515
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7119be2531c1763749c2b5ed9d427ed506fe9aff 27-Mar-2015 Svetoslav <svetoslavganov@google.com> Merge "Handle dynamic enable/disable of runtime permissions support."
cf959f6e722ddd20033b7c98b3e04c7143f6438e 27-Mar-2015 Svetoslav <svetoslavganov@google.com> Handle dynamic enable/disable of runtime permissions support.

This change adds support for the case where we change the state
of runtime permissions support via the system property. This
was not working properly before because we did not handle system
app permissions properly.:

Change-Id: I66c5e6c823b8521999972b0432b1daaba38c9709
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
60b3be3ab5fba871311628dec0538214b4965027 27-Mar-2015 Christopher Tate <ctate@google.com> am 9c36cf41: am 9837c51a: am 63862a20: am 7b73a788: am dbe0dd16: When scanning unbundled apps, only install the expected APK tree

* commit '9c36cf4195158b94600a5e1125835627629087e8':
When scanning unbundled apps, only install the expected APK tree
9837c51acc274531a4109b9973a7d7927787da6c 27-Mar-2015 Christopher Tate <ctate@google.com> am 63862a20: am 7b73a788: am dbe0dd16: When scanning unbundled apps, only install the expected APK tree

* commit '63862a2052d41db4543a6a15713f5146b76d65cc':
When scanning unbundled apps, only install the expected APK tree
b4a16b16e75eaf32a8acb7ed2a6d94fbc0c18f98 27-Mar-2015 Svetoslav <svetoslavganov@google.com> Fix a typo

Change-Id: I74da330f7319bd2f571d1c328365e3d5e482dc78
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbe0dd160e93feef1335830a36e86ae83b19b793 26-Mar-2015 Christopher Tate <ctate@google.com> When scanning unbundled apps, only install the expected APK tree

We now make sure, when scanning post-factory app installs, that we do not
accidentally activate a "leaked" or otherwise superfluous APK tree that the
scan algorithm happens to encounter before the one that we expect a priori
based on the persisted package-installation state. When we find such an
extraneous installation we ignore it in favor of the expected one, similarly
to the policy used when collecting system-bundled packages that have been
updated.

Even if we find an unexpected APK for the package, if the expected one
turns out to be absent we fall back to the existing "we thought this app
was present and now it isn't" logic.

Bug 19602471

Change-Id: I141a93661946176c05d8cf52a123bdf75c8eef74
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5752bdc8fd39d4f0a508f9088c538e30e73044a 26-Mar-2015 Svet Ganov <svetoslavganov@google.com> Properly handle system app permissions - for real.

System apps targeting SDK greater than Lollipop MR1 get runtime
permissions by default but if the user takes them away we should
not regrant them. To do that we keep track for each package which
user ids were handled in the last permissions update. If a new
user id has appeared we grant runtime permissions for this user
to the sys package. When we start clean (i.e. first boot) the
sys packages were updated for no user so we grant the runtime
perms for the owner. When reading a package from packages.xml
we set the updated user ids to all users ids on the device as
the state in the xml reflects the latest state before a shutdown,
i.e. the last state when permissions were updated.

Change-Id: I93135baa57950405a357b139c59f432cf02f0bc6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
78027f3b72ad0cad4c39c3947985526ac31a6d3e 25-Mar-2015 Svet Ganov <svetoslavganov@google.com> Properly handle system app permissions.

System apps targeting SDK grater than Lollipop MR1 get runtime
permissions and when a new user is added we update the permissions
for all packages to ensure that the new user gets the runtime
permissions.

Change-Id: Ic7dc5b5a94b034e00d715a60b12f613803524c3b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3695b8a1488a6cc331feba1c2ab359888656bf7c 25-Mar-2015 Svet Ganov <svetoslavganov@google.com> First implementation of the grant/revoke UI

Change-Id: Icdb7c822881552b30850697dba709671bf27baa5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9041df7f6948f5314b576c437f08247967ac2c2f 24-Mar-2015 Svetoslav <svetoslavganov@google.com> Remove obsolete comments

Change-Id: Ieabe9e8e86cfe226751a0402e4c7d55f2a18c8b1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
00f3904629ef89192e061c1995801ef322fc0bcf 24-Mar-2015 Jeff Sharkey <jsharkey@android.com> Introduce per-user GIDs for storage.

This will eventually allow us to have a single unified filesystem
instead of requiring zygote to use bind mounts.

Change-Id: I29b819ab51498b4bab874e0367b1ab4165f84025
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
95c1adea0c5fe10ceba217a327163757f4589d3d 19-Mar-2015 Svet Ganov <svetoslavganov@google.com> Add install option to grant all runtime permissions.

Change-Id: I72ba67a72025646a3d53611621b0353d3a86677c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c6d1c345f41cf817bf2c07c97b97107d94296064 26-Feb-2015 Svetoslav <svetoslavganov@google.com> Runtime permissions: per user permission tracking.

Before all permissions were granted at install time at once, so the user
was persented with an all or nothing choice. In the new runtime permissions
model all dangarous permissions (nomal are always granted and signature
one are granted if signatures match) are not granted at install time and
the app can request them as necessary at runtime.

Before, all granted permission to an app were identical for all users as
granting is performed at install time. However, the new runtime model
allows the same app running under two different users to have different
runtime permission grants. This change refactors the permissions book
keeping in the package manager to enable per user permission tracking.

The change also adds the app facing APIs for requesting runtime permissions.

Change-Id: Icbf2fc2ced15c42ca206c335996206bd1a4a4be5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8458e531bfc681ebb0de98476d782ca4d052a145 16-Mar-2015 Nicolas Prevot <nprevot@google.com> Merge "Remove the owner userid of cross-profile intent filters."
7487657ee9f3f91a1fb4e52ce2a03b56496ac1f4 24-Feb-2015 Fyodor Kupolov <fkupolov@google.com> Extracted a separate class to run dexopt on packages

performDexOptLibsLI and related methods were extracted to PackageDexOptimizer
class. Minor refactoring of PackageManagerService.

This is a non-functional change. It should simplify further work to allow
storing OAT files inside package dir.

(cherry picked from commit eeea67b8c3678d882d3774edc41242c63daa60fa)

Change-Id: I3494a2da70605362bb6fb4625ffbee1cbe1cd457
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4282924ed33102605d6c295f164ffb3249ced7b4 06-Mar-2015 Alan Treadway <alantreadway@google.com> Fix for managed-profile users needing to "install" packages twice.

Fix ensures that the users requesting package installation have the
package marked as installed and enabled for them. This appears to be
the intent of the existing code, but without this change in certain
cases the user has to effectively request "installation" twice.

Bug: 17445378
Change-Id: Ic17399e493125e631b381b89615336be17c9d1ee
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
174a44888ec56f688426c80d50b9e0021f47c16f 10-Mar-2015 Andreas Gampe <agampe@google.com> am 7f383873: Merge "Frameworks/base: Pass APK debugability to installd"

* commit '7f383873566024c7121cadae3bbdd2a7c47150bc':
Frameworks/base: Pass APK debugability to installd
735600c1e654ef3d4fe1201aa31d1f4eb33c18e3 05-Mar-2015 Andreas Gampe <agampe@google.com> Frameworks/base: Pass APK debugability to installd

Change-Id: Id17ec72babe2ee88713a0d274eff86508de30666
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4b8d5821512c6a4fdaf442f6d48e1dc412539136 05-Mar-2015 Nicolas Prevot <nprevot@google.com> Remove the owner userid of cross-profile intent filters.

The owner user id was used to identify in which user an app had set
a cross-profile intent filter. But it's not really necessary.

BUG:19505190

Change-Id: Iacc49d31c95e34efee1895e5fbe7224277dbc493
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eeea67b8c3678d882d3774edc41242c63daa60fa 24-Feb-2015 Fyodor Kupolov <fkupolov@google.com> Extracted a separate class to run dexopt on packages

performDexOptLibsLI and related methods were extracted to PackageDexOptimizer
class. Minor refactoring of PackageManagerService.

This is a non-functional change. It should simplify further work to allow
storing OAT files inside package dir.

Change-Id: I3494a2da70605362bb6fb4625ffbee1cbe1cd457
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
05ecfd308d983755bc7cab39ba99a37c321f176b 11-Feb-2015 Alex Klyubin <klyubin@google.com> am 33d3c53d: resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp

* commit '33d3c53da021f0d044028860ace0f4ad817273f5':
Move hidden ApplicationInfo flags into a separate field.
33d3c53da021f0d044028860ace0f4ad817273f5 11-Feb-2015 Alex Klyubin <klyubin@google.com> resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp

Change-Id: Ic20b6c8851458483dd73a144bd5ae6e8d141e62a
b9f8a5204a1b0b3919fa921e858d04124c582828 03-Feb-2015 Alex Klyubin <klyubin@google.com> Move hidden ApplicationInfo flags into a separate field.

The public API field android.content.pm.ApplicationInfo.flags can
support only 32 flags. This limit has been reached. As a short term
workaround to enable new public flags to be added, this CL moves flags
which are not public API into a separate new field privateFlags and
renames the affected flags constants accordingly (e.g., FLAG_PRIVILEGED
is now PRIVATE_FLAG_PRIVILEGED).

The new privateFlags field is not public API and should not be used
for flags that are public API.

The flags that are moved out of ApplicationInfo.flags are:
* FLAG_HIDDEN,
* FLAG_CANT_SAVE_STATE,
* FLAG_FORWARD_LOCK, and
* FLAG_PRIVILEGED.

NOTE: This changes the format of packages.xml. Prior to this CL flags
were stored in the "flags" attribute. With this CL, the public flags
are stored in a new "publicFlags" attribute and private flags are
stored in a new "privateFlags" attribute. The old "flags" attribute
is interpreted by using the old values of hidden/private flags.

Change-Id: Ie23eb8ddd5129de3c6e008c5261b639e22182ee5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7d4a9c139c742adc702b6695ac6d7c9ce40b9ca7 09-Feb-2015 Rubin Xu <rubinxu@google.com> am df890b4d: am 082f0bf3: am df608e39: am 3d521c0a: Merge "Perform post installation operations directly if backup manager is disabled" into lmp-mr1-dev

* commit 'df890b4df04f77baaa0051b6cc0d92c82acf3aa9':
Perform post installation operations directly if backup manager is disabled
df890b4df04f77baaa0051b6cc0d92c82acf3aa9 09-Feb-2015 Rubin Xu <rubinxu@google.com> am 082f0bf3: am df608e39: am 3d521c0a: Merge "Perform post installation operations directly if backup manager is disabled" into lmp-mr1-dev

* commit '082f0bf3bd0f266f776f4b28c3fb8dc917cd0d63':
Perform post installation operations directly if backup manager is disabled
99abeed2bb74a15d2336ad3b75dfeb30e64d135d 09-Feb-2015 Rubin Xu <rubinxu@google.com> Perform post installation operations directly if backup manager is disabled

bug: 19312753

Change-Id: I4acdd1e3af6a6be0c51affc42de167993c736b2f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e8f037ded946f3aeaa0480c2d1eeb77d6688d0b 28-Jan-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Added primaryUserOnly attribute for activities"
715437763c56a8a23d9ce711b011bdddc90e7b61 28-Jan-2015 Christopher Tate <ctate@google.com> am 0c607b97: am f37b20e1: Merge "Fix \'always\' preferred app assignment" into lmp-mr1-dev
automerge: ff1876d

* commit 'ff1876d1fb8dfcaba61d3fc7de296d663a4e160e':
Fix 'always' preferred app assignment
ff1876d1fb8dfcaba61d3fc7de296d663a4e160e 28-Jan-2015 Christopher Tate <ctate@google.com> am 0c607b97: am f37b20e1: Merge "Fix \'always\' preferred app assignment" into lmp-mr1-dev

* commit '0c607b97f068ca486036a501052572e9207c0926':
Fix 'always' preferred app assignment
57792912ee8f536f90c466db701d71a9e38c54d4 27-Jan-2015 Christopher Tate <ctate@google.com> Fix 'always' preferred app assignment

In the case when some possible resolutions of a given intent are at
different priorities (typically when they're intended as fallbacks when
no "normal" handler for the intent exists) the check for "is this the
same set of possible handlers that we saw last time?" was broken. We
now ignore resolver priority entirely in that check: match set comparison
should be orthogonal to prioritization within the set, and indeed the
priority is dealt with separately in any event.

Bug 19011225

Change-Id: I3c1658442cc88b1f4a5c5f2fe9f64472799e156c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
703d1c43a25fe6e80c5fea46cc0ff14f0e1fbc00 27-Jan-2015 Fyodor Kupolov <fkupolov@google.com> Added primaryUserOnly attribute for activities

In addition to receivers, primaryUserOnly is now supported for activities.

In queryIntentActivities method, activities with primaryUserOnly flag set will
be filtered out, when current user is not the owner.

Change-Id: I0b7168b8c96749cd6d23b8c95d5624589f5f2d86
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
75d0ea8785163d5b0fddaec339f68bacdf52df82 16-Dec-2014 Fyodor Kupolov <fkupolov@google.com> Use scheduled writes to package-restrictions and user xml

When user is initialized, PackageManager.setEnabledSetting is called
multiple times. Each call triggers a write to user's
package-restrictions.xml file.

Using scheduleWritePackageRestrictionsLocked should help to reduce the
number of writes during initialization time and reduce creation/switching
time for a new user.

Change-Id: I5bd8609e3a79bdc3f198a169ede8005dc0186612
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b97633c14da555d89dac7eadbf6e351d82281614 09-Dec-2014 Jeff Sharkey <jsharkey@android.com> am 5d662a82: am 2f4ced30: Merge "Consistent result when signatures don\'t match." into lmp-mr1-dev

* commit '5d662a828935399e11723d0a5e7ff31c433e8b39':
Consistent result when signatures don't match.
10bef1d2f444b8ca23ee317d3bcfb586860af18b 09-Dec-2014 Jeff Sharkey <jsharkey@android.com> Consistent result when signatures don't match.

INSTALL_FAILED_UPDATE_INCOMPATIBLE is a better description of the
real underlying cause when signatures don't match.

Bug: 18413784
Change-Id: Ib81591df7d0d79f6725a4fa7300ae4e20958f004
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
11bee890a24b05d099be87b02ea667441e573898 04-Dec-2014 Dianne Hackborn <hackbod@google.com> am 4c4e4686: am 281f36f5: Merge "Fix issue #18607384: Run fstrim after every system update" into lmp-mr1-dev

* commit '4c4e4686d5de3f22cf4d832c63716d9054b9ad54':
Fix issue #18607384: Run fstrim after every system update
8b22252a6cd4e9c8ea9bccaf55fce1940bb63eaa 03-Dec-2014 Dianne Hackborn <hackbod@google.com> Fix issue #18607384: Run fstrim after every system update

Change-Id: I06f4c0b9e6834a8c8bd85710dfd9fa16471b6ad2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
53651b9982f53236b767d766e85ec0ce3acc6f0f 01-Dec-2014 Narayan Kamath <narayan@google.com> am ff45e7df: am 1d184ace: resolved conflicts for merge of 7377998d to lmp-mr1-dev

* commit 'ff45e7df8aae0f55ce719de92102c7d522b62048':
Be increasingly aggressive about fstrim if it isn't being run
48e17629b0b6c89cb77342c0364a1cf3a0b2a0fb 25-Nov-2014 Akira Numata <akira.numata@sonymobile.com> APK still has privileged flag after being moved from "/system/priv-app"

When an app is moved from "/system/priv-app" to another location
during OTA update, the privileged flag should be removed.

(cherry picked from commit 76bf60ead8132b86436ebbba40eaa8f2c8bbe812)

Change-Id: I39feeac7ece89c28045d196ae69fc974b1c6510b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1446c6c6f67d285bd47b878de6326b8e82fafb2b 27-Nov-2014 Jeff Sharkey <jsharkey@android.com> am d76737a7: am b802cd67: Merge "APK still has privileged flag after being moved from "/system/priv-app""

* commit 'd76737a7325bdcd5010f26fd1626628f07070bb9':
APK still has privileged flag after being moved from "/system/priv-app"
1d184acefa7105592134edebf7de4d77843d5791 27-Nov-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of 7377998d to lmp-mr1-dev

Change-Id: I21870e241de7d992e97d7b91e0058f85b5a25fbe
06e8c58e7cf84b87613f4c8114ec75db58e32d72 26-Nov-2014 Jeff Sharkey <jsharkey@android.com> am cd5d46ff: am 293f0f38: Merge "package_info GID shouldn\'t have write." into lmp-mr1-dev

* commit 'cd5d46ff81ab652dc9dc9c28d607f536187f3bab':
package_info GID shouldn't have write.
7377998dac67ce8d486e11b9bd2f159fe0ca501d 26-Nov-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of a42f7c1d to lmp-sprout-dev

Change-Id: I8e53c9d7e0014b4ffc621c561b737aa2dae5460c
76bf60ead8132b86436ebbba40eaa8f2c8bbe812 25-Nov-2014 Akira Numata <akira.numata@sonymobile.com> APK still has privileged flag after being moved from "/system/priv-app"

When an app is moved from "/system/priv-app" to another location
during OTA update, the privileged flag should be removed.

Change-Id: I7713382db34697f7b68283dbbbd25a1349cbecdb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7265abe77a76f848a316640b5da106e882bdbc8a 21-Nov-2014 Christopher Tate <ctate@google.com> Be increasingly aggressive about fstrim if it isn't being run

The current heuristics depend on devices being alive at midnight+ in
order to run periodic background fstrim operations. This unfortunately
means that people who routinely turn their devices off overnight wind
up with their devices *never* running fstrim, and this causes major
performance and disk-life problems.

We now backstop this very-friendly schedule with an increasingly
aggressive one. If the device goes a defined time without a background
fstrim, we then force the fstrim at the next reboot. Once the
device hits the midnight+ idle fstrim request time, then we already
aggressively attempt to fstrim at the first available moment
thereafter, even if it's days/weeks later without a reboot.

'Available' here means charging + device idle. If the device never
becomes idle then we can't do much without rendering an in-use device
inoperable for some number of minutes -- but we have no evidence of
devices ever failing to run fstrim due to this usage pattern.

A new Settings.Global element (type 'long', called
"fstrim_mandatory_interval") is the source of the backstop time. If
this element is zero or negative, no mandatory boot-time fstrim will
ever be performed. If the element is not supplied on a given device,
the default backstop is 3 days.

Adds a new string to display in the upgrading dialog when doing
the fstrim. Note it is too late for this to be localized, but since
this operation can take a long time it is probably better to have
it show *something* even if not localized, rather than just sit there.

Bug 18486922

Change-Id: I5b265ca0a65570fb8931251aa1ac37b530635a2c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
278dfdf73142e72944478e50a3f02d3b5c6fd370 25-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 117c549b: am 0f667f58: Merge "Ignore spammy package logs when dumping." into lmp-mr1-dev

* commit '117c549b86979d891edfe1d810ac087609928386':
Ignore spammy package logs when dumping.
c02f304c3a1dc45a7e44b9f91b38c62353850d30 25-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 58b699c3: am 636baa0d: Merge "Introduce revision codes for split APKs." into lmp-mr1-dev

* commit '58b699c366dea7abc26f34c1e5f1cc6031c04e23':
Introduce revision codes for split APKs.
9fafd0c7111f0d0df431f6c0a4f4f5afcdea7b81 25-Nov-2014 Dianne Hackborn <hackbod@google.com> am 608439df: am 5bbb1af7: Merge "Work on issue #18486438: Reduce size of bugreport output" into lmp-mr1-dev

* commit '608439df383b40dc0f808e4992b369debaff29cd':
Work on issue #18486438: Reduce size of bugreport output
aebb65cb687216b9912cf98d24858ffcb3e6f50b 25-Nov-2014 Jeff Sharkey <jsharkey@android.com> package_info GID shouldn't have write.

Fix permissions on packages.list and package-usage.list to only
allow read access from the package_info GID.

Bug: 18473765
Change-Id: I9b9ef13f4a00a8355619bbcdacc836f9abfa0376
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
962bd4a69175077a95bc04bcdcc80ee6cb1034f8 24-Nov-2014 Jeff Sharkey <jsharkey@android.com> Ignore spammy package logs when dumping.

Bug: 18390552
Change-Id: Ie333f57d46d6ab3f4b9daa17f98b1e94a236e959
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
88d2a3c0e1b4a8c53a489db5d627beb80b1b9957 23-Nov-2014 Jeff Sharkey <jsharkey@android.com> Introduce revision codes for split APKs.

Apps delivered as multiple split APKs must have identical package
names, version code, and signatures. However, developers may want
to iterate quickly on a subset of splits without having to increment
the version code, which would require delivery of the entire app.

This change introduces "revision codes" which can vary between
split APKs belonging to the same app. An install is valid as long
as the normal version code is identical across all splits. Splits
can be added/removed to an app over time, but if a split is present
across an upgrade the revision code must not decrease.

Since system apps could have been updated with splits, only revert
to the built-in APKs if the version code is strictly greater than the
data version. Also fix bug to enable inheriting from system apps
when adding splits.

Bug: 18481866
Change-Id: I34d8e14c141a8eb95c33ffe24b4e52d6af5c8260
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d052a9416ae3f7e42fc1e7de0740021df385ee48 22-Nov-2014 Dianne Hackborn <hackbod@google.com> Work on issue #18486438: Reduce size of bugreport output

Reduce how much stuff ProcessStats spews, and do collapsing of
repeated intent filter targets when dumping IntentResolvers.

Also add to pm's checkout output to include shared user ids,
and fix output formatting in a few places.

Change-Id: Ic9fc6731f0439101ba9343535e66cdbbad47e291
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e5186c12ec1c95b75d0fef1a38f94483e31aae6f 19-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 40602179: Merge "Default icon is shown after uninstalling updated priv-app"

* commit '4060217905d805897141b028126e0aa51136cf7b':
Default icon is shown after uninstalling updated priv-app
e50bc6fd29dd8bb3291517753aadd2ccec94f24b 10-Mar-2014 Akira Numata <akira.numata@sonymobile.com> Default icon is shown after uninstalling updated priv-app

If updated pre-installed app is moved from "/system/app" to
"/system/priv-app" at FOTA, PackageManager does not update its
resource path correctly. This patch fixes it.

Change-Id: Iac793bcb8fd7c5bfbafd1876640b534c6da5dddf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84998e28584e44f69be06fc9fe7e77df182251eb 14-Nov-2014 Jeff Sharkey <jsharkey@android.com> Merge "Reduce spammy PackageManager critical logs." into lmp-mr1-dev
aea5c6e33d120499799474f28b4f1e475d21990b 14-Nov-2014 Jeff Sharkey <jsharkey@android.com> Reduce spammy PackageManager critical logs.

Bug: 18390552
Change-Id: I66e34e6ebf3f644f8585056b9701b7f4582d777e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
135ae6dc3b667595b4bf2c681e1db95dc657b88f 14-Nov-2014 Craig Mautner <cmautner@google.com> am 33d92c56: Use package name as custom resolver process name

* commit '33d92c56781f6058c9e682737a06c41f3a2d2f3a':
Use package name as custom resolver process name
33d92c56781f6058c9e682737a06c41f3a2d2f3a 14-Nov-2014 Craig Mautner <cmautner@google.com> Use package name as custom resolver process name

The process name was being assigned null. This meant that after the
process attached we weren't matching the name in
ActivityStackSupervisor.attachApplicationLocked(). That meant missing
the call to realStartActivityLocked() and then the resolver didn't
start until window manager timed out and resumeTopActivity was
called five seconds later.

Fixes bug 18301267.

Change-Id: If3721caeebb309c6054150b2f707e3d6e38a74d2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
13cf7917af00f66a2fdd0a9dbfebc680a51ced64 13-Nov-2014 Jeff Sharkey <jsharkey@android.com> Make package verifier broadcasts foreground.

We're using ordered broadcasts (sigh!) for package verification, and
we could be stuck behind dozens of other background broadcasts, so
hoist into foreground queue.

Bug: 18356768
Change-Id: Ib4abf771db0147f8fbd7227f32297602816c84ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
521ca5f8fba355f526e82dc3a8fc6520e4379874 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 2e700004: am d68b87cd: Recover apps with malformed certificates.

* commit '2e7000040e3d836bb591e29515974817afc49488':
Recover apps with malformed certificates.
2e7000040e3d836bb591e29515974817afc49488 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> am d68b87cd: Recover apps with malformed certificates.

* commit 'd68b87cdd402d46013170d9316a31c82be4e4816':
Recover apps with malformed certificates.
d68b87cdd402d46013170d9316a31c82be4e4816 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> Recover apps with malformed certificates.

There was a window of time in Lollipop where we persisted certificates
after they had passed through a decode/encode cycle. The well-written
OpenSSL library was liberal when decoding (allowing slightly malformed
certs to be parsed), but then strict when encoding, giving us
different bytes for effectively the same certificate.

A related libcore change (0c990ab4a90b8a5492a67b2b728ac9a4a1ccfa1b)
now returns the original bytes verbatim, fixing both pre-Lollipop
installs and installs after that change.

This change recovers any apps that had been installed during the
window of time described above by doing a one-time check to see if
the certs are effectively equal.

Bug: 18228011
Change-Id: Ib82bd6db718d0490d7a26c9c1014b7c8457a7f2d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ccfe6bd479acc41e018bd38c4021614dc9326fbf 12-Nov-2014 Narayan Kamath <narayan@google.com> Merge "Remove unused local field." into lmp-mr1-dev
fe46f4d90835671c7ddeebb6def1b7198ac41743 10-Nov-2014 Narayan Kamath <narayan@google.com> Remove unused local field.

It's a source of confusion.

bug: 18280671
Change-Id: Ibb387d76e18d71fc9e24afc72d93201a74fc03ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f4d2c8eebd8113482b48e0b8f83deb4b2f1f9b22 07-Nov-2014 Brian Carlstrom <bdc@google.com> Merge "Restore mLazyDexOpt behavior for eng builds" into lmp-mr1-dev
2e594cfe9848b56ad71a6f7bc4de13df7a36511c 29-Oct-2014 Jeff Hao <jeffhao@google.com> Change boot screen title to "Android is starting" when not upgrading.

Bug: 17565501
Bug: 18247218

(cherry picked from commit 9f60c08a446e38f9e2d5271546ef69ca5941eba9)

Change-Id: I1ec32b318b6221277fc3ffbc19966bf3330c2d93
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
939d5c697fdd29ef61a3c02cc60db5da565a31b5 05-Nov-2014 Brian Carlstrom <bdc@google.com> Restore mLazyDexOpt behavior for eng builds

Bug: 17641843
Change-Id: I0869d8718712f22229bb3b9ad95cca2ddd83d3b4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3a1a0bbc3208d8967ed6e462c39d2527028339dc 22-Oct-2014 Nicolas Prevot <nprevot@google.com> Add a cross-profile intent filter only if it wasn't previously added.

BUG: 17996284
Change-Id: I3d087767983928dfb13af9aedb37d29c9940ba36
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9710b04f35efae696c9ee6343671eff3568f5678 30-Oct-2014 Nicolas Prevot <nprevot@google.com> Merge "Schedule to write package restrictions." into lmp-mr1-dev
9f60c08a446e38f9e2d5271546ef69ca5941eba9 29-Oct-2014 Jeff Hao <jeffhao@google.com> Change boot screen title to "Android is starting" when not upgrading.

Bug: 17565501
Change-Id: Id5741e6e7a40750feee1cd7306e79f7baeec67de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e79553355b10815be2cd44f7b84ae39c91a12bb1 28-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Check upgrade certs before permissions." into lmp-mr1-dev
c28bd3532b8effccc3577f844bc9be55fbd265f3 27-Oct-2014 Jeff Sharkey <jsharkey@android.com> Check upgrade certs before permissions.

We're now checking for permission redefinition early during the
install process, which can result in a confusing error message when
the real problem is a mis-signed app. So do a quick signature
sanity check before checking permissions.

Bug: 18095637
Change-Id: I9a9b48da9c5dc7fb9bde6f3f338ea08e53b6b705
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e67b8d28294d9af440d2ea23f1b2c68dfcba8b1b 27-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Reduce PackageManager RAM usage: ArrayMap/Set." into lmp-mr1-dev
ea72c08c148c602d789d0a85bf56a3eb8cadf149 22-Oct-2014 Nicolas Prevot <nprevot@google.com> Schedule to write package restrictions.

In PackageManagerService, for prefered activities,
persistent preferred activities and cross-profile intent filters:
schedule a write to package restrictions instead of writing the file directly.

Also, do not write all settings when writing package restrictions is enough.

BUG: 17996284

Change-Id: Ic732954f8a66d3aa1f0ca85a10fba290b14e68f4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f837a99d48c5bb8ad7fbc133943e5bf622ce065 24-Oct-2014 Jeff Sharkey <jsharkey@android.com> Reduce PackageManager RAM usage: ArrayMap/Set.

Transition PackageManager internals away from heavier HashMap/HashSet
to use drop-in ArrayMap/ArraySet replacements. Saves ~38% RAM and
thousands of objects on a typical device.

Bug: 18115729
Change-Id: Ie107d2fee4b7baa4e3c3923231b4be877d1a5d2f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7eb599b267d00cbde891c0a87924f2f5086f4497 23-Oct-2014 Jeff Hao <jeffhao@google.com> Get UsageStats if no PackageUsage is available for boot dexopt filtering.

Bug: 17191977
Change-Id: I33e18459e49afa42b8e8218574a2434e5205a6da
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbfbb17512fe6a5b3c7198d60b6a149969174a71 30-Sep-2014 Jeff Hao <jeffhao@google.com> Backport of ordering apps for boot dexopt.

This is a squashed commit of the following changes:

1. Order apps by priority when performing boot dexopt.
(cherry picked from commit 65cde7d42d741c7d9aa2714a397b7333f688ab55)

2. Improve priority ordering of apps when performing boot dexopt.
Added core apps and updated system apps.
(cherry picked from commit 272bf3a274daff62995caf05da338c1f2a73dae3)

3. Stop boot dexopt when low on memory.
(cherry picked from commit 1d892dcb6b0ff3a50cc63e387667dc29baf1014f)

Bug: 17641843
Change-Id: Ie32f1c21047d3462aaf728f7633fecf647ba2b47
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1d892dcb6b0ff3a50cc63e387667dc29baf1014f 10-Oct-2014 Jeff Hao <jeffhao@google.com> Stop boot dexopt when low on memory.

Bug: 17641843
Change-Id: Ie1967fc2cd9bdd258bfee442968f98200edaf62e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
272bf3a274daff62995caf05da338c1f2a73dae3 08-Oct-2014 Jeff Hao <jeffhao@google.com> Improve priority ordering of apps when performing boot dexopt.

Added core apps and updated system apps.

Bug: 17641843
Change-Id: Ia00ea3399cf1e1acaef45ff8df8f754442de5185
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2f577e83cbd5b12e47178a90443390210b446102 06-Oct-2014 Dianne Hackborn <hackbod@google.com> am 90d557b7: am 7f7d240b: Merge "Fix issue #17752399: Multiple apps broken by GET_TASKS permission change" into lmp-dev

* commit '90d557b7a68e64e049a44560b76b959ef87f13d7':
Fix issue #17752399: Multiple apps broken by GET_TASKS permission change
7f7d240b13b96b617e298c6178af0425308f5ef9 06-Oct-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #17752399: Multiple apps broken by GET_TASKS permission change" into lmp-dev
ce85d7f44f5c88dcc18a19738bfcd20d9dbb4a78 06-Oct-2014 Jeff Sharkey <jsharkey@android.com> am b03b9759: am 4c880877: Merge "Recover from missing upgrade to system package." into lmp-dev

* commit 'b03b9759d3ec1f3dacde71314795a3451f67fbab':
Recover from missing upgrade to system package.
4c88087776305f54bec0aae59b8e63bc803c1401 06-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Recover from missing upgrade to system package." into lmp-dev
1c133105774835deaa99db78d9668b107246abef 05-Oct-2014 Jeff Sharkey <jsharkey@android.com> Recover from missing upgrade to system package.

When a system app has been upgraded, we mark the built-in version as
disabled, and skip it when parsing built-in apps, since we expect
the userdata version to be scanned a few moments later.

However, in very rare cases we can end up missing the expected
userdata version, and we'd end up dropping the package entirely, even
though we have a built-in version to fall back to. This change
handles that case by rescanning and enabling the built-in version when
the userdata version never materializes.

Also include critical log messages in check-in dumpsys to help track
down how we ended up in this state.

Bug: 17805839
Change-Id: I9971f882f9bb8ab7934c20b04e0b72366c4d04d0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
34f230aa4ad6043d3b0dd0d3942a51624468e81c 05-Oct-2014 Jeff Sharkey <jsharkey@android.com> am c5418198: am 3438bc1b: Merge "Correctly rollback failed system app installs." into lmp-dev

* commit 'c5418198cc270d7e7cf1ed558c683d2794266e97':
Correctly rollback failed system app installs.
3438bc1bfd363e1ee656b33ebc8d0e6744470aec 05-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Correctly rollback failed system app installs." into lmp-dev
9d35c5dc79650c5e3781af15f8df5b0d8d078306 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> am 4453d585: am 900e3b5f: Merge "More durable logging around system app upgrades." into lmp-dev

* commit '4453d5859005d5bd0da1ebc75fb1a9e5ead35021':
More durable logging around system app upgrades.
914bd793b3415a198d0cb4216ff9da0a184ab803 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> Correctly rollback failed system app installs.

Fix bug where we disabled system app, but never turned it back on
when the scanPackageLI() failed.

Bug: 17805839
Change-Id: I73999263aee703af187afd980fa0d0ce8451cf0c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2d7576b082b84068fb9d68419b710b9bec49139b 04-Oct-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17752399: Multiple apps broken by GET_TASKS permission change

Keep around GET_TASKS as a permission available to apps, so apps still
think they have it and don't get all uppity because they don't.

Add a new REAL_GET_TASKS that is the actual permission now.

Plus some temporary compatibility code until everyone can transition
fromn GET_TASKS to REAL_GET_TASKS.

Change-Id: I12c1102eed24844685dcbd2fa3b612811603958f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
900e3b5fc5bb4bf4947f63c0fed0757dfb7effa6 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "More durable logging around system app upgrades." into lmp-dev
3933a5dc8c8c04458c5b8c01919d7449c6d00497 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> More durable logging around system app upgrades.

We've been seeing some really funky behavior when upgrading or
downgrading system apps around OTA time. Put more of these one-time
logs into durable storage to help investigate.

Bug: 17805839
Change-Id: If898d7df229c1f71e598b0d965325c272060e5e7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d8f5edcb81b5d6708e79c1537e63d59f60de484e 03-Oct-2014 Jeff Hao <jeffhao@google.com> Merge "Order apps by priority when performing boot dexopt." into lmp-mr1-dev
65cde7d42d741c7d9aa2714a397b7333f688ab55 30-Sep-2014 Jeff Hao <jeffhao@google.com> Order apps by priority when performing boot dexopt.

Bug: 17641843
Change-Id: I16997b3b5241521e6bd995f2555864b4605edd17
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d594197868c4a51bb8f8bd62479999debc72bf2a 01-Oct-2014 Jing Ji <a5705c@motorola.com> Allow system app to take ownership of built-in permissions

Previous commit bfed9f34c makes the preloaded system app take
precedence over third-party apps when defining permissions, but
it also makes it be able to override android built-in permissions.

Now allow preloaded system app to take the ownership of built-in
permissions instead of overriding it.

Change-Id: I10d588d0284e4316ea4be552fd6191f33e3c725b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a39871ef5e9bf6703f18af0725484b06f5c78216 29-Sep-2014 Brian Carlstrom <bdc@google.com> Use VMRuntime.isBootClassPathOnDisk

Bug: 17679443
Change-Id: If53c236058a7237d735c2344a715cf0a36301f9b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a2b48057e1a15bc9e88a764cad16cda784dc4c04 26-Sep-2014 Kenny Guy <kennyguy@google.com> Merge "Uninstall for all users should check device admins." into lmp-dev
5dde6e334d06e5c2116b2169d7ad67e95238a6f0 25-Sep-2014 Kenny Guy <kennyguy@google.com> Uninstall for all users should check device admins.

Uninstall for all users should check whether package
is admin for any user not just user 0.

Bug: 17657954
Change-Id: Ia116248b5889fc02dd46816a132e03c8e62662c9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
25e1ecaabbde4741663c8e5a777d9df9b939572c 23-Sep-2014 Dianne Hackborn <hackbod@google.com> Maybe fix issue #17614177 APR: system process restarting due to infinite loop

Also try to get rid of a huge wtf we are seeing across a lot of devices
where we incorrectly change real states on a service that is restarting,
and get rid of one of the noisier boot logs in the package manager.

Change-Id: I2510b6fb082eac3f6168cbd57bc3b70ad006114d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eae9216770f96a60dd8642ffd127ed998259cd9f 20-Sep-2014 Christopher Tate <ctate@google.com> Logspam is spam

This turns out to happen a lot in normal usage, but we're logging
copiously about it each time. It's reporting "oh hey we're already
in this state" -- and so the log is not useful anyway.

Logspam is spam.

Bug 15169507

Change-Id: Ie2d01ff1b0b3600dd9c15ccf83d60875558f1dc2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bfed9f34c0cf7cdf7d25e6a7677e03f5a3d87e0e 19-Sep-2014 Jeff Sharkey <jsharkey@android.com> Fix bugs when system apps reclaim permissions.

Recently we started letting system apps always take precedence over
third-party apps when defining permissions. This change fixes that
logic to claim the permission immediately, instead of delaying until
after the next reboot. (Permissions are always reevaluated after
each install.)

We also tighten the constraints slightly to prevent two system
apps from fighting over a permission definition; the first system
app to claim the permission wins.

Bug: 17526617
Change-Id: I49686407f5e99322bc511795c653c5d702becd9d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ace27915d2cc5073bcbe9cc151a5c61683bdcd1a 19-Sep-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17564607: Apps in the managed profile can send any intent...

...to the primary user, even if it was not whitelisted to be forwarded.

The path where getActivityInfo is called for the ResolverActivity
would not correctly apply the requested user ID to the result, so
it wouldn't run under the correct user.

Change-Id: I1da47c54bbed26091832a28236d0b06762c92437
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1a526f582b2c97a93324b68ae11492f2e25ab571 17-Sep-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #16662560: SingleTop activity is getting instantiated multiple time" into lmp-dev
7922882189a5c1cc62de7e91b067f90d9a3e2f2b 16-Sep-2014 Dianne Hackborn <hackbod@google.com> Fix issue #16662560: SingleTop activity is getting instantiated multiple time

Introduce a concept of a "root affinity" to a task -- this is the
affinity of the initial activity in the task. Use this instead of
the current affinity in findTaskLocked(), where we look for an
existing task to use for a NEW_TASK intent.

This changes the semantics of the new "relinquish task identity" mode
so that it doesn't relinquish the root affinity of the task. This
means when we are in the old style application-based recents matching
of findTaskLocked(), we will never count these tasks as the same as
the application's tasks only because they have relinquished their
identity to that application. This is probably okay, it is basically
putting a different line between new document-centric recents and
old application-centric recents when they are mixed together.

Change-Id: I73a22ead9bd08e98bf67ad035a017f828c6a6715
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f1317857cdf815b95822db16621a566fb12baf20 16-Sep-2014 Dianne Hackborn <hackbod@google.com> Quick fix issue #17514851: dumpsys package <package-name> includes...

...irrelevant install state at the end

Quick and dirty impl just doesn't print any of that data when filtering
by package name. In the future that part of the dump should be smarter
to know how to filter by package name. (Probably also moved to a place
earlier in the dump, so the key information -- the overall package
data -- is still at the end.)

Change-Id: I094f7c2f25401438a68a6aa00d10b19c19eb7c7d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
71ac935526d29097891664af40c54c96d6de02e6 12-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Bring install and install-multiple into parity." into lmp-dev
5c0ed94debe51a2954cf9409b5477cfbcc03d7f0 12-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Consistent clean up of failed installs." into lmp-dev
e980804df16c968c14a56b8853886bf5f049f46e 12-Sep-2014 Jeff Sharkey <jsharkey@android.com> Bring install and install-multiple into parity.

This ensures that both are using (almost) identical logic when
deciding what installs to proceed with. Installs from "pm" for all
users now run as OWNER, and rely solely on INSTALL_ALL_USERS to
express intent. This keeps install session notifications simple.

Since installer UID can vary from installer package name, start
persisting the UID. Also parse some missing flags for install
sessions.

Bug: 17469392
Change-Id: I6d89b1a787aa2024cc4bebf6b9c29317c358e147
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f58e532e015ef31d879ee51aeeb251349784717c 11-Sep-2014 Amith Yamasani <yamasani@google.com> Merge "Apply cross-user restrictions to Shell" into lmp-dev
e107c3eb79be40f1071c4370fd9a3f9e4fd6d6de 09-Sep-2014 Adam Connors <adamconnors@google.com> Remove package level intent forwarding.

Clean up unused methods.

Bug: 17389110
Change-Id: I8a80fe3e14219f06572de05c390cdda0efcbf5db
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9b2d26b68347e246e67c588b548e81fca1d29353 11-Sep-2014 Jeff Sharkey <jsharkey@android.com> Consistent clean up of failed installs.

Instead of remembering to add clean-up logic to every install scan
failure case, rely on the fact that we're now throwing for all errors
and use a finally clause to delete data directory when requested.

When clearing data for a package, always try deleting the app data
directories, even if no record of the package exists. This helps
users recover from UID mismatches without resorting to a full data
wipe.

Bug: 17005516
Change-Id: I352863ef4e468c576ecf136549e21cceae2650d5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8cd28b57ed732656d002d97879e15c5695b54fff 09-Jun-2014 Amith Yamasani <yamasani@google.com> Apply cross-user restrictions to Shell

Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.

If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.

Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ad5f44a68c70f783fb4be85f089f63bfdd63ec0c 10-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Missing manifest error should be NO_CERTIFICATES." into lmp-dev
bc09755e193c2802d2d88871ac3d1f182b260c30 09-Sep-2014 Jeff Sharkey <jsharkey@android.com> Missing manifest error should be NO_CERTIFICATES.

When META-INF/MANIFEST.MF is missing, treat as NO_CERTIFICATES
instead of CERTIFICATE_ENCODING. Also remove redundant layer of
debugging details when wrapping exceptions.

Bug: 15667982
Change-Id: I6e8216d5bf6e42da1feb70c89f991001380305be
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c788487ae5b28bb6f84410fcdb101f0bdfcd467e 09-Sep-2014 Alexandra Gherghina <alexgherghina@google.com> Removing the NO_CROSS_PROFILE flag for intent forwarding

Bug: 17435289
Change-Id: Iffbecd3cf9338a8633bfcc5bc47247bfc50e7546
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a0c9962388361522257b4ff2f55ac7cea0d559f3 06-Sep-2014 Christopher Tate <ctate@google.com> Merge "Don't crash in addPackageHoldingPermissions()..." into lmp-dev
30f349d2ef3f2220c1d478b0faff4c38eaadf12c 05-Sep-2014 Christopher Tate <ctate@google.com> Don't crash in addPackageHoldingPermissions()...

...in cases involving uninstalled apps, or apps whose install state
varies across different users.

Bug 17398315

Change-Id: I7297d82f8bf5d49c50a7fd53d795a706bf2d2313
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2de4f9f971b0130449ab90305965963f688d1ed3 05-Sep-2014 dcashman <dcashman@google.com> Fix boolean comparison after sig check.

Bug: 17402843
Change-Id: I0cb5ffba1a93f71a250294a41040011234ce1029
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
43a2d06166f9d5aa46371c6496ec99a9fba8df00 05-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Allow badging updates to install sessions." into lmp-dev
ec9bad2015c6d3bc91bab66f0824043c1e24d013 05-Sep-2014 Jeff Sharkey <jsharkey@android.com> Allow badging updates to install sessions.

For the system restore use-case, an installer may need to enqueue
their sessions quickly before badging details, like icons, have been
downloaded. This change relaxes to allow an installer to update
their session badging after the session has been created. Notify
observers when badging changes.

Rename callback registration methods to match style guide. Relax
constraint that observers are home app. Fix bug around internal
progress reporting.

Bug: 17376797, 17389236, 17334199
Change-Id: I5fb88508baea2f08e89a1504fcf5ef972afad4a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
839849111c21e4936fec473ab08e21a12cd36736 05-Sep-2014 Brian Carlstrom <bdc@google.com> Merge "Fix backwards arguments to performDexOpt" into lmp-dev
d382be9b220d8f68d095cd5df56c0b900af44f9a 05-Sep-2014 Brian Carlstrom <bdc@google.com> Fix backwards arguments to performDexOpt

Bug: 16696554
Change-Id: I302f8edc8243d3537afd564599cc798708124dbe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd12f4c9e4985e75b38a8136cf6fdb0a6ce726d6 05-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Hold package cleaning until system is ready." into lmp-dev
7767df3c9c4cffab623f7e9decc99d86d443794e 05-Sep-2014 Amith Yamasani <yamasani@google.com> Merge "Fix crash if package setting is not populated yet" into lmp-dev
43789f56147f7d028a5ca1da3a3332adf7542b28 04-Sep-2014 Amith Yamasani <yamasani@google.com> Fix crash if package setting is not populated yet

Bug: 17388687
Change-Id: I441ec37396a3b725a79b933a182c63fbe52d5646
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
977c5bec526b9e763a8d40b416b1d5e4ea92274a 04-Sep-2014 dcashman <dcashman@google.com> Merge "Add upgrade KeySets check to permission pruning on install." into lmp-dev
ebb42e18e8a9c31c92ef4bca0b38d2447afc5558 04-Sep-2014 Brian Carlstrom <bdc@google.com> Ensure that BackgroundDexOptService can still perform dexopt

Bug: 16696554
Change-Id: Id5877618ec9620112fa31dd69016c060bb26b2a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
436e264e87dcbcebfd9c123685505ce547744b7f 20-Aug-2014 dcashman <dcashman@google.com> Add upgrade KeySets check to permission pruning on install.

Bug: 16564805
Change-Id: I80393eec3c6e1e861a9ec2ae27fe37027311948d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
230561eef41047f04dac1a10949f4bcb43915017 03-Sep-2014 Brian Carlstrom <bdc@google.com> Restrict lazy dexopt to eng builds only

Bug: 16696554
Change-Id: I56bb63ce534842994a70df6b09843b4e3153c845
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ca27d452c14f8a275cf2b7d0e59080690e0dc5c1 02-Sep-2014 Jeff Sharkey <jsharkey@android.com> Hold package cleaning until system is ready.

Package cleaning is going to check things like external storage
state and spin up external services like DCS, so hold it until after
system ready. (There are a handful of cases where we clean packages
during early boot scan.)

Bug: 17152982
Change-Id: I240b1f16679f421d0b416e576ff87713dc01276a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d67a78db88d11a58691082ced6ab6bbc48976188 30-Aug-2014 Christopher Tate <ctate@google.com> Don't rewrite package restrictions unconditionally in findPreferredActivity()

We've been forcing a rewrite of package restrictions when doing preferred-
activity lookups in most cases, even when the lookup was not actually making
any changes to the bookkeeping. Now we only do so when something has
actually changed. Flash drives everywhere rejoice.

Bug 17334180

Change-Id: Id8f20723002b7bbcc1d82ccde55df6ef727b64ba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
efb1f36f09cdada7c3b2677e6628492d8f256729 30-Aug-2014 dcashman <dcashman@google.com> Merge "Address KeySet API Review" into lmp-dev
dda003ffa84f986bfaba4344124eafa533f5039d 29-Aug-2014 Amith Yamasani <yamasani@google.com> Clean up apks installed for a removed user

When a user is removed, enumerate through all installed packages
to see if any of them are not installed for any user. Delete the
package if no user has it "installed".

Added a pm option to install an apk for a specific user.

Fixed a crash in UserManagerService when executing the above
cleanup - dying users generate a null UserInfo.

Bug: 15426024
Change-Id: I571decde1ae1c257d0da6db153b896aad6d6bcb4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e545035e0ece992941047d7676a53d090c81448d 29-Aug-2014 Alex Light <allight@google.com> Remove obsolete pruneDexCache

Bug: 16875245

(cherry picked from commit 09107db4916913912e61bfe592643b9c4c50b500)

Change-Id: I06e14c405aa4af295795982c1d236be3cb00e893
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c5212217403696f81d2db220a1d9b22872600275 27-Aug-2014 Jeff Sharkey <jsharkey@android.com> Recreate lib symlink after deleting app data.

Bug: 16739202
Change-Id: Ie8dccf67feaf6dfa474d52a3cda0862b952e6762
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c9edafef8b3841e3b0017b8f6ef5f46277e8646 27-Aug-2014 Jeff Sharkey <jsharkey@android.com> Clear pending operation flag when move failed.

Bug: 17298448
Change-Id: I7a4af0f31d3909a9bfb5a2dd7d168015786024e3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
264a5f5b34d8c1169e81da4136e263344115e02d 26-Aug-2014 Jeff Sharkey <jsharkey@android.com> Merge "Treat moving app as installing in new location." into lmp-dev
d68f83cc478a8ec501d0a5a08a2a737355bee89a 26-Aug-2014 Calin Juravle <calin@google.com> Merge "Pass vmSafeMode (manifest attribute) to installd." into lmp-dev
381d94b712605112b35d7f70064b0d18bd877877 24-Aug-2014 Jeff Sharkey <jsharkey@android.com> Treat moving app as installing in new location.

Moving apps to/from SD cards has historically been neglected, meaning
it can easily break. This happened most recently for split APKs,
64-bit native code, and multiArch support.

To make this easier to maintain, treat move as a no-op upgrade,
following the inheriting code path that split APKs depends on.

Also clean up scary places where different flavors of flags were
being combined, and remove unused flags. Fix media broadcasts to be
sent based on existing app storage location.

New API to abandon install session without opening it.

Bug: 17158495
Change-Id: Ia33bf8f6fdaae099124dfe534f0e320b37bc8e16
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178 21-Aug-2014 Jeff Sharkey <jsharkey@android.com> Installing splits into ASECs!

Sessions can now zero-copy data directly into pre-allocated ASEC
containers. Then at commit time, we compute the total size of the
final app, including any inherited APKs and unpacked libraries, and
resize the container in one step.

This supports both brand new ASEC installs and inheriting from
existing ASEC installs. To keep things simple, it currently requires
copying any inherited ASEC contents, but this could be optimized in
the future.

Expose new vold resize command, and allow read-write mounting of ASEC
containers. Move native library extraction into the installer flow,
since it needs to happen before ASEC is sealed. Move multiArch flag
into NativeLibraryHelper, instead of making everyone pass it
around. Migrate size calculation to shared location.

Separate "other" package name in public API, provide a path to a
storage device when relevant, and add more docs.

Bug: 16514385
Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
feb193085adbdc379ee70dbb7dc6ae4c9f2971dd 21-Aug-2014 Calin Juravle <calin@google.com> Pass vmSafeMode (manifest attribute) to installd.

The flag is used to enforce --interpret-only flag when running dex2oat.

Bug: 12457423
Change-Id: Ifdafcc1afa32996577fa44c5682eeb58c79772ac
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bb7b7bea19223c1eba74f525c7fe87ca3911813b 20-Aug-2014 Jeff Sharkey <jsharkey@android.com> More progress towards split APKs in ASECs.

Teach DefaultContainerService to install split APKs, which will be
needed when moving to/from ASECs. Also support forward locking for
testing purposes, even though its deprecated.

Move native library unpacking code to NativeLibraryHelper location
where it can be shared by both DCS and PMS. Also update footprint
calculation logic to mirror the later unpack codepaths.

Immediately persist sealed sessions. When resolving install
locations, prefer location of any existing install of that
package. Lightweight parse requesting certificates now always
verifies that all contents are signed correctly.

Bug: 16514385
Change-Id: Ida1c4eb0f95b065104dd971e19126d4085ebf1f0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
12450c72ebdc695d72b06ddaa8f199d5afe8d525 19-Aug-2014 Esteban Talavera <etalavera@google.com> Merge "Add cross profile intent in order after intent filter resolution" into lmp-dev
54edd1cdc45773dc5c208d9dc4f26b768d200901 18-Aug-2014 Esteban Talavera <etalavera@google.com> Add cross profile intent in order after intent filter resolution

The elements returned by queryIntentActivities must be in order, as specified in the Javadoc. Otherwise the ResolverActivity will incorrectly filter out intents if they follow another intent with lower priority than the ones that will be shown to the user.

Bug: 15906680
Change-Id: I755e05d3017ee124cbae468f51fa86cfdf42b483
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ccc8c29af113b68a337cf4e38fae5d06531b3cf8 19-Aug-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #17114392: android.com.phone crashes - PackageManager code" into lmp-dev
4a88bf99851a3db3b629df23b919f2660c492f18 19-Aug-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17114392: android.com.phone crashes - PackageManager code

Change-Id: Ib02119c6f313384a73fa7cb7b2b62dbd716fa6ca
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f52233df74bb4a3efa1f7b9107353c841eafc933 18-Aug-2014 Nicolas Prevot <nprevot@google.com> Merge "When forwarding intents, ignoring the package set in the intent." into lmp-dev
57137289a2798b8c19f1e9f16bd3f0a71f1b916a 18-Aug-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #17082301: replacePreferredActivity is ignoring userId" into lmp-dev
f2ac2761276e4972f6463d6818c9f5798bdc9a4d 16-Aug-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17082301: replacePreferredActivity is ignoring userId

It was being given the argument and just... ignoring it.

But the bulk of this change is to make replacePreferredActivity
better about replacing -- it now detects if the request will not
make a change and, in that case, just do nothing.

The reason for this?

It turns out that each time you install an app, the telephony
system is calling this function over 20 times to set the default
SMS app. This is almost always doing nothing, but before this
change it means we would re-write packages.xml over 20 times...!

There are definitely more improvements that can be made here (delaying
write of packages.xml to allow them to batch together, reducing
the amount of calls being made), but until then this is a big
improvement.

Change-Id: I02c4235b8ecd5c13ef53e65d13c7dc2223719cec
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
742e790294b3441b79f715fe447069b63c6065db 17-Aug-2014 Jeff Sharkey <jsharkey@android.com> Progress towards staging ASECs.

Move location selection logic into shared PackageHelper location,
and share it between DCS and PackageInstaller. Fix bugs related to
installed footprint calculation; always count unpacked native libs.

Have PMS do its own threshold checking, since it's fine to stat
devices. PMS only ever deleted staging ASECs, so move that logic
into installer and nuke unclaimed staging ASECs. Allocate legacy
ASEC names using PackageInstaller to make sure they don't conflict
with sessions.

Start wiring up session to allocate ASEC and pass through staged
container for installation.

Fix bug to actually delete invalid cluster-style installs.

Bug: 16514385
Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3e3b251f46f6ec46a41d42eb7c36a6268096c70d 16-Aug-2014 Jeff Sharkey <jsharkey@android.com> Merge "PackageInstaller API refactoring." into lmp-dev
a0907436c01fd8c545a6b5c7b28bc3bc9db59270 15-Aug-2014 Jeff Sharkey <jsharkey@android.com> PackageInstaller API refactoring.

Switch to using IntentSender for results to give installers easier
lifecycle management. Move param and info objects to inner classes.

Bug: 17008440
Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
376e4ba96222163be1f1cf409dc697550be4a285 14-Aug-2014 Nicolas Prevot <nprevot@google.com> When forwarding intents, ignoring the package set in the intent.

Apps should not be allowed to target a specific package in the target user.

BUG: 17025506

Change-Id: I81afa2f8d0a1114d91c001e357366792c63b6577
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c6f22499f3046684d7175e10ca42cce1492cd36f 14-Aug-2014 dcashman <dcashman@google.com> Address KeySet API Review

Hide KeySet API. Change getKeySetByAlias to not require aliases from the calling
package. Make KeySet parcelable. Add hashCode method.

Bug: 16895228
Bug: 17009318
Change-Id: I75951947dfc7a3cca9f8873bda72576d11abaaf0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
29564cd24589867f653cd22cabbaac6493cfc530 07-Aug-2014 Narayan Kamath <narayan@google.com> Remove system_server classes from the boot image.

We set the system_server classpath in the environment
(like we do with BOOTCLASSPATH). After the zygote forks
the system_server, we dexopt the classpath (if needed)
and then launch the system server with the correct
PathClassLoader. This needed several small / medium
refactorings :

- The logic for connecting to installd is now in a separate
class and belongs in the system_server.
- SystemService / SystemServiceManager have now moved to
classes.jar. They are only used from there, and since they
use Class.forName, we want them to be loaded by the
system_server classloader, and not the bootclassloader.
- BootReceiver now moves to frameworks.jar, because it is
used by ActivityThread and friends.

bug: 16555230

Change-Id: Ic84f0b2baf611eeedff6d123cb7191bb0259e600
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4903f64ba2478849e6c401f42f5a77c1d4f9f7df 11-Aug-2014 Narayan Kamath <narayan@google.com> Persist the cpuAbiOverride setting.

If an app is installed with an ABI override (adb install -r --abi)
we should remember this so that we don't revert to the scan derived
ABI on the next reboot.

bug: 16476618

Change-Id: I6085bc0099eb613dd9d3b07113c7c13859780697
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20200849d1dd6ac5e52b3d18ced2d9becb5ff229 11-Aug-2014 Narayan Kamath <narayan@google.com> Fix a couple of PM warnings.

- "Could not delete native binary" : This one is a bit of
a WTF. git history tells us this code has been around for
a very long time (the warning's new though). It's a no-op
because codePath always contains the *current* codePath and
trying to remove native libs from the current codePath will
do nothing for bundled apps. This code sounds like it wants
to delete dangling native binaries for system apps that were
upgraded during an OTA. This sounds like a wrong place to do
that, though.

- "Unrecognized code path" : This one's harmless and removed
by moving this call closer to where it's used.

bug: 16823001

Change-Id: I9b40ae507b2c80ff3fdd45d5699df62bfc86514f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7c97bbc39f0b748e413de3cd0b0f0c995a2af0ce 12-Aug-2014 Alexandra Gherghina <alexgherghina@google.com> Bugfix: adds extra null check

Bug: 16976436
Change-Id: Id51fd3125b4e68ff7c0ec37ec031fcb8ff882ed4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fb2c4d18613efb8197c6b6abcac262b7220b7231 10-Aug-2014 Jeff Sharkey <jsharkey@android.com> GID-based permissions are defined by "android".

This matches all other permissions defined by framework-res.apk,
instead of leaving it null.

Bug: 16907551
Change-Id: I7e2d671443d987906b2f29aa1579bef6380e8a52
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
05e8f801b54d43ae43f86a310217ec6f931b5738 08-Aug-2014 Narayan Kamath <narayan@google.com> Reduce the frequency of calls to isDexOptNeededInternal.

The package manager maintains a set of dexopted instruction
sets as a fast path to avoid calling expensive code. We were
correctly adding elements to that list while performing dexopt,
but were *not* adding elements to the list when isDexOptNeededInternal
told us things were up to date. As a result, we'd hit the slow path
100% of the time on userdebug builds in the steady state, i.e, when
the system did not dexopt anything since boot.

With this change, we make sure isDexOptNeededInternal is called
precisely once per boot in such case.

This patch also fixes broken logic for apps that have multiple
code paths. We must mark the paths as dexopted only if we've
processed all paths.

bug: 16828525
bug: 16868741
Change-Id: Icb59121fe915d892e677d9b7e9a4efd11555ae27
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8ad7f2051d722b5a92f0ee0ab46622744b4289ef 04-Aug-2014 Calin Juravle <calin@google.com> Use native ISA for dex code (in case there's a NativeBridge)

In the presence of a native bridge it is more efficient to compile the
dex directly to the native ISA than to use the shared library ISA as a
reference.

This can be achieve by configuring the readonly system properties to map
between the .so ISA and the desired dex code .ISA (e.g.
ro.dalvik.vm.isa.ISA1=ISA2).

Bug: 16185267

(cherry picked from commit I50baa7b37e1465b9adf72d6f6b96f526a08d59c7)
(cherry picked from commit I8fe453a800812e382e8f41b5f7922997aa9c18a9)

Change-Id: I6c9684149691285310c961189b58af8c7f47aff4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6c0b9da65e36543bb50833d1b54ca532d0bd3aab 08-Aug-2014 Jeff Sharkey <jsharkey@android.com> Handle null IPackageDeleteObserver.

Bug: 16862614
Change-Id: I0c197a994b89d49123027f24fe46827c2b994ab6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7328a1b39b3dae1c0cd390c0a3695c6a46b8e9d8 07-Aug-2014 Jeff Sharkey <jsharkey@android.com> Logic to confirm permissions on install sessions.

When an app without INSTALL permission attempts to commit a session,
we involve user to confirm permissions. We currently point at the
base APK, which defines all permissions for an app, handling the case
where a session may only be adding splits.

Add failure codes to represent rejection. Fix bug by ignoring stages
during initial boot scan.

Bug: 16515814
Change-Id: I702bb72445216817bcc62b79c83980c1c2bb0120
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a25dc2bbe70b7449dc57e9619778ba592c198003 05-Aug-2014 Alex Light <allight@google.com> resolved conflicts for merge of 37651b60 to lmp-dev-plus-aosp

Change-Id: I1fe0e64d2069b7424014bd3ff0bf6f80b439220d
(cherry picked from commit 1faf2d0d25550dc759481fd523456711808e8251)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fbd0e9fa37fc17ccd25e4c1f16195bbd27de3c4c 07-Aug-2014 Jeff Sharkey <jsharkey@android.com> Surface user action events when un/installing.

This will be used shortly to connect up with permissions
confirmation UI.

Bug: 16515814
Change-Id: If28cecc28549900d960ac107a1fba0b10ce5bd7b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e41ce995a0c2c6b167ed64b51e34865c5d58ea4d 29-Jul-2014 Alexandra Gherghina <alexgherghina@google.com> Add hidden API for removing cross-profile package filters

Bug: 16646591
Change-Id: Iaf6837fe4390ac1018c49df366ea434776ed7244
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f17e498fea935a389d88193dde2d236ea674d10b 06-Aug-2014 Amith Yamasani <yamasani@google.com> Merge "Allow phone UID to export singleton providers" into lmp-dev
41c1ded7f042a4cf303479550b38fa66d7a18906 05-Aug-2014 Amith Yamasani <yamasani@google.com> Allow phone UID to export singleton providers

Also add a user variant of replacePreferredActivity for use
by SmsApplication.

Map user restrictions for SMS/MMS to AppOps perms.

Bug: 16681533
Change-Id: I3dfed5fc754e33bb51c6f571851653a7c2770e46
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
73140e4df9ed9cfcc897f5cd0742b81d9839d4d4 31-Jul-2014 Christopher Tate <ctate@google.com> Attempt install-time restore even for no-agent apps

Packages without their own backup agents can still have restorable
data to be delivered. Correct the logic for attempting a restore
at install time so that it no longer requires an app-defined backup
agent.

Bug 16688665

Change-Id: I7dcf7ef85ad6b5b393a2c97ce62f1b2eec9d3520
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
43327a61eb57839429fbb064f4166a858788779c 28-Jul-2014 Narayan Kamath <narayan@google.com> Fix regression in renderscript detection.

We must persist the selected (32 bit) ABI for legacy
renderscript apps so that we can launch them correctly.

bug: 16569287

Change-Id: I944acd0cf56ddb1f27337e01bca1b24cd369eb8f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3f7777fa4f1d392e18bad39edcd4539880c52ff9 24-Jul-2014 Nicolas Prevot <nprevot@google.com> Storing the app who sets a CrossProfileIntentFilter.

When we add a CrossProfileIntentFilter, we store the package and userId of the calling app
inside the CrossProfileIntentFilter.
When an app calls clearCrossProfileIntentFilters, we only remove the filters that the calling app
has set itself.

BUG: 16537557

Change-Id: I6e7bc859383ea66553d9f4230365df8ba27525f3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20e0c50f601e5930a246d4556118423a49c12ca1 25-Jul-2014 Jeff Sharkey <jsharkey@android.com> Offer force-dex-opt when running as root.

Recently we removed the PackageManager inotify triggers, meaning the
only supported ways of installing apps were:

-- adb install -r Foo.apk
-- adb shell stop && adb sync && adb shell start

Iterating on most system apps (like Settings) can use the first
approach, but it doesn't work for "persistent" processes like
SystemUI. (ActivityManager is very particular about how it deals
with persistent apps, and it always sticks with the first
ApplicationInfo found at boot.)

So to enable rapid iteration on persistent apps, we now offer the
one missing piece of forcing a dexopt with a new pm force-dex-opt
command only available to -eng or -userdebug builds. Typical use
for iterating on persistent apps now looks like this:

$ mmm frameworks/base/packages/SystemUI/ && adb sync &&
adb shell pm force-dex-opt com.android.systemui &&
adb shell kill `pid systemui`

Yay!

Change-Id: I0ae2467f1d7cda56c70ba20953cd25fa8ee766ff
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
16c8e3f49497b6046972ae650772f65768366be8 25-Jul-2014 Jeff Sharkey <jsharkey@android.com> PackageInstaller changes based on feedback.

Mostly cosmetic changes from API council feedback.

Bug: 16543552
Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
340ca8b7e81afe891b2d76a08e406eafc63c4fc8 23-Jul-2014 Narayan Kamath <narayan@google.com> Handle apps that share a UID with the system_server correctly.

The system process does not explicitly declare any ABI, or
package any native code that it depends on but its ABI is
dictated by the zygote configuration. We need to account for
it correctly to have apps that share a UID with it work
correctly.

bug: 16317188

Change-Id: I84713c64409d7fdcc314114231e87a9263d5c5e7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
045e648980e66a19f7021116020e733814ac8019 23-Jul-2014 Narayan Kamath <narayan@google.com> Handle renderscript apps in the system partition correctly.

Get rid of various pointless calls to setBundledAppAbisAndRoots.
This method should only need to be called during scanPackageLI.

There's no other good reason to call it.

bug: 16484595
Change-Id: I2830b140058f0fffdbedb51d673e514852854626
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84e71d1d61c53cd947becc7879e05947be681103 23-Jul-2014 Jeff Sharkey <jsharkey@android.com> Remove APK observers.

Most app installations have migrated to the new cluster-style layout
where each app is placed in a unique directory. There are now two
general issues with these observers:

We can't know when a push/sync has finished delivering all splits
for an app. Also, inotify isn't recursive, so we'd have to manage
watches for each app directory.

Change-Id: I3770fa9059ddf80f933a3804714f2e52591fce49
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
33f5ddd1bea21296938f2cba196f95d223aa247c 22-Jul-2014 Dianne Hackborn <hackbod@google.com> Add permissions associated with app ops.

Change-Id: I575ad7a3ceea59486ca601f69760b14f6269511d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e5bcff624fb58b6f95be8ddff7f5b6b3bf5d19c7 20-Jul-2014 Amith Yamasani <yamasani@google.com> Rename setApplicationBlocked to setApplicationHidden

This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.

Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
603862517569cbebed9a7bd231c3fb80292d4bcd 21-Jul-2014 Jeff Sharkey <jsharkey@android.com> Detect bundled app ABI for cluster-style layout.

Now that build system switched to cluster-style layout for bundled
apps, we need to detect primary/secondary ABI based on that layout.

Bug: 16456263
Change-Id: If6daf60ee1815bb6fde560a0c373b4f2bc8bd3a8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1e9189a276e967a7a74ff44a44cf627764396954 17-Jul-2014 Jeff Sharkey <jsharkey@android.com> Support cluster-style installs for bundled apps.

Bug: 16319961
Change-Id: I499b904dfd56f236a1b574c29a44272ed814be0f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9a445771f57dd15b06db0dbefd66c368d84eec2d 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Install sessions only inherit APK files.

Also track historical install sessions for debugging purposes. Hide
signature verification API for now. Clear code cache only after
killing the app being upgraded.

Bug: 14975160
Change-Id: I52fc7f11d2506f792236d8a365c8cfed21b46c30
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2053168eb4506e2f8795afdbe9731c6451e1589c 14-Jul-2014 Narayan Kamath <narayan@google.com> Dexopt for Context.createPackageContext when code is included.

The package manager now keeps track of per ISA dex-opt state.

There are two important things to keep in mind here :

- dexopt can potentially be very slow. In cases where the target
package hasn't been dexopted yet, this can take multiple seconds
and may cause an ANR in the caller if the context is being
created from the main thread.
- We will need to remove the constraint that dexopt can only be
requested by the system (or root). Apps will implicitly be
requesting dexopt by asking for package contexts with code included.
It's important to note that unlike dalvik, the dexopt stage in ART
isn't optional. ART cannot load classes directly from dex files.

bug: 15313272
Change-Id: I0bd6c323a9c1f62f1c08f6292b7f0f7f08942726
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d8723bd3d68fc62134729a767ffead821add128e 16-Jul-2014 Narayan Kamath <narayan@google.com> Merge "Adjust nativeLibraryDir for package contexts of multiArch installs." into lmp-dev
7dba6eb3ac4fd6c8195cb0d0425866de50a9e114 16-Jul-2014 Narayan Kamath <narayan@google.com> Adjust nativeLibraryDir for package contexts of multiArch installs.

When we're creating a package context for a multi-arch app,
adjust the native library directory to match the bitness of
the process creating the context.

This change also removes apkRoot (which wasn't really being used)
and replaces it with a fully constructed secondary library path.
The secondary library path is a transitional measure until we
can reorganize the system image so that we can use nativeLibraryRoot
for system paths as well (nativeLibraryRootRequiresIsa will then
be true for all packages except for legacy installs).

bug: 16013931

Change-Id: I5ae090334b377b9e087aecf40075fab81b20b132
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5fcaa0c6705ae42be8ff507b362fb8e2393a606a 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Clearing "cache" shouldn't include "code cache."" into lmp-dev
78f3cf971b33aa5788f59234fbf3b93b0d0197ec 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Clearing "cache" shouldn't include "code cache."

Bug: 16187224
Change-Id: I075b651d1ff89d4f0232497d28a6b11270cba4d9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ed745d359ada6986ac15d8718452e5c55f40170 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Add code cache directory for apps.

This provides a directory where apps can cache compiled or optimized
code generated at runtime. The platform will delete all files in
this location on both app and platform upgrade.

Bug: 16187224
Change-Id: I641b21d841c436247f35ff235317e3a4ba520441
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
78a130144bdd047665f00782c481d31edb3e5fb7 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Mark resource-only splits as hasCode=false.

PackageManagerService now skips dexopt for split APKs that don't
declare they have code. Also surface more detailed error messages
in logs.

Bug: 14975160
Change-Id: Ie6078dba724815020cee59b7fc52317e88ca097a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
da96e137bcc8191c584ada7b5de31eaae92f244f 15-Jul-2014 Jeff Sharkey <jsharkey@android.com> Parse more split APK manifest details.

Allow split APKs to define activities, services, receivers,
providers, and metadata. However, support for many manifest items
are explicitly omitted.

Only dexopt split APKs that include code.

Bug: 14975160
Change-Id: I2fbf99e2a62328aa2185e5924755af33060282fc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d0a2de06a7fb4daaf91a75e9e04a2cb54ebc6fba 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Add code cache directory for apps." into lmp-dev
61e9bf246f3eacf1b11305eb86a8cb2a217adc5c 16-Jul-2014 Narayan Kamath <narayan@google.com> Fix install --abi for apps with no native code.

We will need to record the overriden ABI in the package
settings (and applicationInfo) so that we launch the app
with it.

Change-Id: Ib71aae69d006a4b0e85e7101c0e0cebf1a950997
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
377ea31c43afe02d452fe462b2b09f23e58d6347 15-Jul-2014 Narayan Kamath <narayan@google.com> Don't throw errors on sharedUid adjustment.

Given that this is "best effort" anyway, stop short of
aborting installs when ABIs can't be adjusted. Otherwise
it will be impossible to test or upgrade an APP that has
a shared UID and changes ABIs. All apps that use a given
sharedUid are expected to use the same instruction set.

Change-Id: Ia9ffd1eb2df7c6ec9a39b23fc40e58794c013749
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f5f1828d968e427b95fe219af022434f1cdfaeb4 15-Jul-2014 Narayan Kamath <narayan@google.com> Fix multiArch installs where only some archs are available.

In this case, NO_MATCHING_ABIS shouldn't result in a failure
when we're trying to match against one of SUPPORTED_32_BIT_ABIS
or SUPPORTED_64_BIT_ABIS.

There shouldn't be a general requirement that packages must
contain both 32 and 64 bit libs because it might legitimately
exclude one or the other for reasons such as compatibility
etc.

bug: 16299358

Change-Id: I5f66b0a54b63b93b36371b584e9cf6bed07c507a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f92ffa9278db42655b4d422d887eed0a199886b 14-Jul-2014 dcashman <dcashman@google.com> Merge "Initial KeySet API." into lmp-dev
9d2f441f9bb2c8dcac1150e2cba1d15a86a4efb1 09-Jun-2014 dcashman <dcashman@google.com> Initial KeySet API.

Previously submitted but reverted due to doc-compilation bug.

Bug: 6967056
Change-Id: I9bd7ef299a4c92c4b327f5b5d7e951f0753b4c8a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ad11eb52fe62b6696df2194cb9e176f7d799e844 14-Jul-2014 Jeff Sharkey <jsharkey@android.com> Pass install result message; path selection.

Oops, forgot to include message argument to invoke the new-style
callback. Also use more robust way of generating cluster APK
directory names, and add more logging details on rename failure.

Change-Id: Ifa8abdd1db58b73e13b9a8077ec126cf20a0d90e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a10311434778ea1be1621c2251c0c8c2966f337b 13-Jul-2014 Jeff Sharkey <jsharkey@android.com> Package installation listener events.

Flesh out implementation of install session observers. Carve out 20%
of published install progress for final system operations such as
dexopt, etc.

Add dumpsys output for active install sessions. Create explicit
fsync() instead of overriding meaning of flush(). Hack to throw
IOExceptions over Binder calls.

Bug: 14975160, 15348430
Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e0b0bef75b66f0a87039c8f58c17b1596a2baebe 13-Jul-2014 Jeff Sharkey <jsharkey@android.com> Surface detailed error messages from PMS.

We now both log detailed error messages and relay them back to any
observer. Start refactoring PMS to throw when errors are encountered
internally to make it easier to reason about flow control; already
uncovered a few instances of errors being silently ignored!

Change-Id: Ia335c5e31bd10243d52fd735c513ca828e83dca0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5de7377feca5242fe7127e2d4dc7792d4886d365 12-Jul-2014 dcashman <dcashman@google.com> Revert "Initial KeySet API."

This reverts commit 9a643fe02bc960e266484547dda5572b094a4c72.
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
405912bce074e9e59a246e2357a108e50dffabf8 09-Jun-2014 dcashman <dcashman@google.com> Initial KeySet API.

Bug: 6967056
Change-Id: I47a01bd5dc25591cc70f58f38920ad0a021094ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d79fdf1c62671abac376c71aca8fa19484a1ecf2 21-Jun-2014 dcashman <dcashman@google.com> Remove KeySetManagerService lock.

The KeySetManagerService is a part of the PackageManagerService, which is
responsible for maintaining the association between packages, keysets and
public keys. This information is a critical component of the
PackageManagerService data, and should require the holding of the
PackageManagerService's lock. Remove the existing KeySetManagerService lock
and require the mPackages lock to be held instead.

Bug: 6967056
Change-Id: I803f8388e42469d30562b40212cf497320851268
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bb580670350b76fa2fcc5ee873f99b7970759cbf 10-Jul-2014 Jeff Sharkey <jsharkey@android.com> Progress toward installer public API: callbacks.

Instead of surfacing all the existing cryptic error codes, we're
going to classify them into broad categories when surfacing through
public API. This change introduces InstallResultCallback and
UninstallResultCallback, and wires them up to existing AIDL
interfaces.

Also start defining general SessionObserver for apps interested
in general progress details, such as Launcher apps. Details about
active sessions are returned through new InstallSessionInfo objects.

Bug: 14975160
Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
398b6c26c3c46724e4c44b81d9a2541720f8750b 11-Jul-2014 Narayan Kamath <narayan@google.com> Fix an abi <-> instructionSet mixup.

We should be calling is64BitInstructionSet and
not is64BitAbi.

Change-Id: I5b099af19f1d7409f65f63493d3f13a830f4fb5d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd12a35dfc5fa30d8221ed6214f8df1f04e569ef 11-Jul-2014 Narayan Kamath <narayan@google.com> Fix broken dexopt logic.

The logic was incorrect in the presence of multiple paths
(cluster installs) or multiple instruction sets (multi arch)
because of an early return in the case of sucessful dexopt.

- Rewrite this logic to make it (hopefully) clearer.
- Fix a related bug in getAppDexInstructionSets.
- Add instruction set to the dexopt logs.

bug: 16013931
Change-Id: I18c9755583f0a6f8be70469ec2062269564f0f41
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8219a25e31b52c701e45ebae82219c64ea18134b 11-Jul-2014 Kenny Guy <kennyguy@google.com> Merge "Enforce block uninstall in PackageManager"
ad8dff5b1343fa8246674c240d9dd95346f6f802 11-Jul-2014 Narayan Kamath <narayan@google.com> Use the correct ABI list while copying native libs.

copyNativeBinariesIfNeededLI returns an index into the list
it was handed, so using Build.SUPPORTED_ABIS here is incorrect.

bug: 16013931

Change-Id: I35e0dad4b5e0c1dc1199f381d8b99cd228719092
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84f1294a958b42000755dc6570e3eda72ab42140 11-Jul-2014 Jeff Sharkey <jsharkey@android.com> Always derive native library paths at runtime.

Over time, we've unpacked native libraries at various places with
respect to their source APK. Persisting this path in PackageSettings
has caused more pain recently with the switch to supporting multiArch
and cluster installs.

This change switches us to always derive the native library paths at
runtime based on the type of install. This also ensures that
transitioning between a bundled system app and an upgraded system
app will always build the right path.

We still persist the last generated path into PackageSettings to make
cleanup at uninstall time easier.

Bug: 16208505, 16206748, 16212206
Change-Id: Ieb82a424ca4a92b5674983453c50ba4b695abfb0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
989eb371bf8f572fed1e65c6d8aeeb2548be89a7 17-Jun-2014 dcashman <dcashman@google.com> Change key-set/public-key manifest relationship.

Separate definition of public keys and keysets in the manifest to better
represent their relationship. The 'key-set' tags should have nested additional
'public-key' tags that indicate which of the defined 'public-key' tags are
associated with them. The first use of a given 'public-key' name should define
its value; subsequent uses may refer to it only by name. 'key-set' and
'public-key' names may not intersect.

Also, change 'keys' tag to 'key-sets' to avoid issues with previous keysets
implementation.

Bug: 6967056
Change-Id: I7534e4a42326e97b67b55509187c0d3c21a2bb32
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1b88da54a684cf12f36b74bbc7c9548f35180fbe 10-Jul-2014 Kenny Guy <kennyguy@google.com> Enforce block uninstall in PackageManager

Bug: 14127299
Change-Id: I144233b97e5774f6a5d1d2b49f3f0f8a360557ac
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aef5fcdcb5ff13cbdc64f18b315750b8a9a7fe3e 10-Jul-2014 Narayan Kamath <narayan@google.com> Don't assume all system apps are bundled.

Calling setBundledAppAbisAndRoots will end up
setting a path that points to /system/ if it's called
on a system app that was subsequently updated.

bug: 16208505

Change-Id: I0bf85e0341029b3d4d209a402d30c2ce357daaf2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ff110bd61a69f7ed8602ae14b27f7befec76b2e7 04-Jul-2014 Narayan Kamath <narayan@google.com> Multi-arch application installs.

Each application now has two ABIs, the primary
and the secondary. The app is always launched with
the primary, but the secondary might be used by other apps
that load the given applications code. This implies we
must:

- dex2oat the app both ways.
- extract shared libraries for both abis.

The former is relatively straightforward but the latter
requires us to change the layout for shared libs that we
unpack from applications. The bulk of this change deals
with the latter.

This change continues to fill in nativeLibraryPath during
scans for backwards compatibility. This will be removed in
a future patch.

Change-Id: Ia943dd11ef815c5cbfc60f17929eaa2a652a385a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ec55ef0934b8e0d1bb705434947de817f7be57f1 08-Jul-2014 Jeff Sharkey <jsharkey@android.com> Extend pm to support sessions and split APKs.

Separate commands to create an install session, stream files into the
staging area, and then commit the install. Streaming can accept data
from stdin across adb, avoiding extra copy from push.

Extend FileBridge to support blocking close(). Always destroy
session regardless of result.

Bug: 14975160
Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbbf07a5c7f514f2168f236e1df3b2ca70d4ab2f 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Upgraded system apps could be mono or cluster.

Derive old-style paths for monolithic installations, otherwise
assume cluster installation.

Bug: 16163776
Change-Id: I03f1a12f9c07f6177a5c09be2bfe967416c07652
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
284d0906cde8922983f35edaac79900806026d82 09-Jul-2014 Robin Lee <rgl@google.com> am 06505d23: am 1f0180bf: am 74803e55: Merge "Make misc config directory during user creation"

* commit '06505d234ddf66cb71d1f7defd096bdf68bc222d':
Make misc config directory during user creation
06505d234ddf66cb71d1f7defd096bdf68bc222d 09-Jul-2014 Robin Lee <rgl@google.com> am 1f0180bf: am 74803e55: Merge "Make misc config directory during user creation"

* commit '1f0180bfa877373b239a5675f715288db829fa75':
Make misc config directory during user creation
5e6643c1376130e402d30da647fdfebd86b7f2fc 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Clean up IPackageManager install surface area."
513a074de68a4772a9900e90f38e74ff92c15e7c 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Clean up IPackageManager install surface area.

Also more removal of encryption support.

Change-Id: If525dc5a8422134515f225a8ac4731e968069468
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8d479b0c2ddb150182bcf510876a240cb869661b 08-Jul-2014 Jeff Sharkey <jsharkey@android.com> Derive library path for upgraded system apps.

Bug: 16156270
Change-Id: I368433063ff33d15129c8076ddc6f1e2a0963e54
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
65b1a7c0ba4213d625b1cb36d1405cf8767310d4 08-Jul-2014 Jeff Sharkey <jsharkey@android.com> Offer to scan cluster packages at boot.

Bug: 14975160
Change-Id: Ib637f68354b3d4ce4b5b23d875d8e94ccd497fd2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d746057f2414cba2bdc69257cc5be8cb681bb592 07-Jul-2014 Jeff Sharkey <jsharkey@android.com> Change new file installs to be cluster-based!

Now that all the other pieces are in place, we're ready to start
installing new file-based packages as a cluster (the new unified
directory-based layout). This greatly simplifies the renaming
process.

Also add helper methods to ApplicationInfo to give a much clearer
mapping between it and internal field names, since we can't change
the public API.

Add recursive restorecon().

Bug: 14975160
Change-Id: I72a63c5ddbc594c2fec4a91dd59f73ef253fbfd7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ec2023349f19b2fd2461aa3c9b208eb799a662e 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Derive library path for upgraded system apps."
539a7ef5c93b3a4d6ad7db0d278b1aa5814c0393 07-Jul-2014 Alexandra Gherghina <alexgherghina@google.com> Removes cross profile package information when removing an user

This makes sure that if the user id gets reassigned without restarting the phone,
we do not have old information from the preexisting profile.

Also renames method which needs write locks.

Bug: 15928463
Change-Id: I30b0f85cf90d3e0c289a37bcbaec8da63499a170
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b5afefbd0770a9af9e1b8a8b9d01a26e2f0338a7 04-Jul-2014 Nicolas Prevot <nprevot@google.com> Fixing bug when checking that the target user can handle the intent.

BUG: 16079965
Change-Id: Iac61d1c20f5b66b3f3016b82bc4e48d7997ea1a0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
be520fba1e45c77ca20eb66005a0cf19e10939a1 05-Jul-2014 Jeff Sharkey <jsharkey@android.com> Teach DCS about cluster packages.

For the time being, DCS is going to still be doing heavy lifting for
some install tasks, so it need to know how to handle both monolithic
and cluster packages. This change is mostly plumbing work to
eventually handle any various splits APKs that we may encounter.

Bug: 14975160
Change-Id: I39848d5666f9083cb4eca493e5cdaa868f3f99fb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0c54798aac8a86fed24b14a66f09797d58ad0399 06-Jul-2014 Jeff Sharkey <jsharkey@android.com> Start removing ContainerEncryptionParams.

The new PackageInstallerSession APIs will allow installers to deliver
bits directly into system protected storage, so we no longer need
encrypted containers.

Change-Id: I8b598cb149b7dfd1d41e6626c1359610a573edf1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
73767b9d607d99b3a027619b5c6b7f1a09b7673d 05-Jul-2014 Jeff Sharkey <jsharkey@android.com> Extract native code from split APKs.

In the new split APK world, multiple APKs work together to define a
single package. This means that native code may be split among those
APKs. To handle this, extend NativeLibraryHelper to examine all
APKs in a package ordered by splitName.

A package has valid native code as long as one matching ABI is found
inside. The "best" ABI found across all APKs is picked for the
entire package. No attempt is made to ensure that every native
library defined is available for the picked ABI; that's the
responsibility of the installer.

Re-introduce PackageLite to represent a lightweight parsing of an
entire package, which may be a single monolithic APK or a cluster
of one or more APKs.

Remove native code extraction from InstallerSession, since it'll be
handled inside PMS for this release.

Bug: 14975160
Change-Id: I4f4db0f82e88a46101c7777499ebc0a11fd911f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c13053bf1c05b980421611487ce67677c08db299 29-May-2014 Kenny Guy <kennyguy@google.com> Add package state to block uninstall.

Add package state to allow profile or device
owners to block uninstall of packages.
Add API to DevicePolicyManager to set/get the
state.

Bug: 14127299
Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
57dcf5b177b56195421535938544f32d8b591b42 19-Jun-2014 Jeff Sharkey <jsharkey@android.com> Slow progress towards APK clusters.

Differentiate between "split APKs" and "cluster packages". A cluster
package is a directory containing zero or more APKs (base+splits),
and a monolithic package is a single APK (base).

PackageSetting will use the directory name as its codePath, so track
the baseCodePath separately. Clarify documentation in several
places.

Require that all installers provide file:// URIs through existing
hidden APIs; PackageInstaller hasn't been able to read content://
URIs for a long time.

Bug: 14975160
Change-Id: I1c6fed1b55205c2474b09871161a98a26669d22e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ca76cccb61d4d914abbb5079cb65455505494e2f 02-Jul-2014 dcashman <dcashman@google.com> Merge "Initial work for key rotation."
55b1078e2a1b56daa85edfd5000a5844d3c7914b 09-Apr-2014 dcashman <dcashman@google.com> Initial work for key rotation.

Introduces the upgrade-keyset tag to AndroidManifest.xml. This specifies a
KeySet by which an apk must be signed in order to update the app. Multiple
upgrade KeySets may be specified, in which case one of them must be used to
sign the updating apk. If no upgrade-keyset is specified, the current logic
involving signatures is used.

Current Key Rotation Design Decisions:
-Apps using a shared user id may not rotate keys.
-All acceptable upgrade keysets must be specified, including the key signing
the app. This enables key rotation in one update, but also 'locks' an app if
an incorrect upgrade keyset is specified.
-Minimal changes to existing KeySet code.

Bug: 6967056
Change-Id: Ib9bb693d4e9ea1aec375291ecdc182554890d29c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbbc070670c1160b15b92a5928e8b9b5bf008b3f 02-Jul-2014 Narayan Kamath <narayan@google.com> am e2840977: am 6e84f8c1: Merge "Fix native crashes when APKs can\'t be opened."

* commit 'e2840977d37e4d19425d448b54895536e43a2989':
Fix native crashes when APKs can't be opened.
6728239cfe8a71d3294b9368a4af73e427a2341c 30-Jun-2014 Julia Reynolds <juliacr@google.com> Apply ENSURE_VERIFY_APPS restriction to PackageManagerService.

Bug: 15986973
Change-Id: I9e8dae15cb866a3bb16e91fc49086fe1633f0bf8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f29131f7013dc0d6994556b95e74db608c89beb8 02-Jul-2014 Narayan Kamath <narayan@google.com> Merge "Fix native crashes when APKs can't be opened."
cef0b39b9211882f59b6bfe1148e2cd247056693 12-Jun-2014 Narayan Kamath <narayan@google.com> Fix native crashes when APKs can't be opened.

There was lax / incomplete error checking around the
construction of Apk handles. This change changes the ApkHandle
API and makes it throw IOException if the zipfile couldn't
be opened.

Additionally :
- Fix a resource leak in DefaultContainerService
- Report errors correctly during package moves.

bug: 15563874
(cherry picked from commit ec4516470d7ce6e47769591d678c838bd3f6f388)

Change-Id: Ia35b464355467d0d36faf34fae85acbbab3f2896
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7f7b0c759e2970178ef68805b21f06a26e24eb76 23-Jun-2014 Nicolas Prevot <nprevot@google.com> Returning badged icons for components of corporate apps.

So, corporate apps in disambiguation dialogs are badged.
And updating the way we show the icon of the personal space to this new design.

BUG: 14377051

Change-Id: Idc707773a64a8feb2d9d4df88c425d5100542636
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
be7c50e0a14e91330ce13161bc14a33d34ff6aca 30-Jun-2014 Dianne Hackborn <hackbod@google.com> Add network access blocking when in battery save mode.

The network policy manager now monitors battery save mode and,
when in battery save, uses its facility to block access to metered
networks to block access to all networks. That is, it tells the
network management service that all networks have an (infinite)
quota, and puts various app uids to be restricted under quota
interfaces as appropriate.

This new network blocking needs a new facility to be able to white
list apps, such as GmsCore. To do this, I refactored the package
manager's permission configuration stuff into a separate SystemConfig
class that can be used by others, and it now has a new tag to
specify package names that should be white-listed for power save
mode. These are retrieved by the network policy manager and used
to build a whitelist of uids.

The new general config files can now go in system/etc/config,
though currently everything still remains in the permissions dir.

Still left to be done is changing the semantics of what uids are
allowed in this mode, to include all perceptable uids. (So that we
can still do things like background music playback.) This will be
done in a follow-on CL.

Change-Id: I9bb7029f61dae62e6236da5ca60765439f8d76d2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
152d5cd30bdfd88b0903b205d38c6966cbded5a8 24-Jun-2014 Narayan Kamath <narayan@google.com> am 22a32d88: am 2a0f9e6a: Merge "Explicitly list out the list of cache subdirs to prune."

* commit '22a32d883794a7a96ff5ffb4830ea59065b3ebda':
Explicitly list out the list of cache subdirs to prune.
828d11df52680ad75e045f5e4251311605d37af2 25-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Fix uninitialized variable warning

Change-Id: Ib1d4a4e1431388a839f9ef8027b439f57922b025
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fa4533f3a07ebed479d2a0e7af7d6e03d4417d41 24-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Skip forwarding launcher intents

If we forward intents when looking up launcher icons, we end up
having an icon for a disambig activity instead of the apps for that user.

Bug: 15769854
Change-Id: Ia57525466dba57b6669b2b5cedf98f202d08f586
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
67565a09f59db91ee0ebcdcf29b9bae0fb17ec32 24-Jun-2014 Narayan Kamath <narayan@google.com> am 152d5cd3: am 22a32d88: am 2a0f9e6a: Merge "Explicitly list out the list of cache subdirs to prune."

* commit '152d5cd30bdfd88b0903b205d38c6966cbded5a8':
Explicitly list out the list of cache subdirs to prune.
3cd9b0d5ef0b171a79b49f76794e8325198876cf 24-Jun-2014 Nicolas Prevot <nprevot@google.com> Merge "Small fix related to cross-profile intents."
9e36a8cd3e106e5a2bb0d5cce805842b61e05426 23-Jun-2014 Brian Carlstrom <bdc@google.com> am 1b98ccf2: am 0924ef65: Merge "Treat missing package usage data as a separate case"

* commit '1b98ccf275d93197c1aa746d5c492a57cd62be7f':
Treat missing package usage data as a separate case
a29e43a364dc8dbe7e97184b535fe3f5d587d7ed 23-Jun-2014 Nicolas Prevot <nprevot@google.com> Small fix related to cross-profile intents.

Change-Id: Ie489d1f83fd23190ffdc1e1abb4f0cfffebeac8d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aeb0ed74670e0502a04b689fe1b4fe0f537f4a91 23-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Merge "Adds cross-profile intent filters for the Settings app"
78e51f360d9d89f1fe8acf4baa76ef7854d88130 23-Jun-2014 Brian Carlstrom <bdc@google.com> am 9e36a8cd: am 1b98ccf2: am 0924ef65: Merge "Treat missing package usage data as a separate case"

* commit '9e36a8cd3e106e5a2bb0d5cce805842b61e05426':
Treat missing package usage data as a separate case
88cc346d0602e0b173b5076cd0051120682da601 14-May-2014 Nicolas Prevot <nprevot@google.com> Show the icon of the personal space.

In an intent disambiguation dialog from a managed profile,
when the intent can be forwarded to the personal space:
show the icon of the parent next to "Personal apps".
And put it at the bottom of the dialog.

Change-Id: I523222aac5dde9653e784eb26cf23cdaf018b86c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6e2ae2590ded39f04f76d5ddca0f06fe01586e26 12-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Adds cross-profile intent filters for the Settings app

Bug: 15466742
Change-Id: Id9af588f2f3d51a562ef2a06fe7404c96123cc2e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e7cd37e6138c5e769cc6cb398e632bca24d2d1ab 19-Jun-2014 Nicolas Prevot <nprevot@google.com> Merge "Introducing crossProfileIntentFilters that skip the current profile."
63798c596dc757135950313eb4bb44ca58696c68 27-May-2014 Nicolas Prevot <nprevot@google.com> Introducing crossProfileIntentFilters that skip the current profile.

For these crossProfileIntentFilters, the activities in the current profile cannot
respond to the intent.
Only activities in the target profile can respond to the intent.

BUG: 14936725

Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
275e085d5a42ced54bb79e40ff76c77539e7d82d 18-Jun-2014 Jeff Sharkey <jsharkey@android.com> Stronger PackageParser contract, more split work.

Require that method callers always provide relevant paths, instead of
relying on constructor. Move DisplayMetrics to be an overall parser
parameter, and move PARSE_TRUSTED_OVERLAY to flags.

Parse split APKs and apply deterministic ordering based on split
names. Assert consistent package name and version code across all
split APKs in a package, and enforce unique split names and required
base APK.

Collect certificates for split APKs, enforcing they're all signed
consistently. Better flow control and resource cleanup when
collecting certs. Refactor validation code so it's easier to reason
about. Cleaner maintenance of read buffer when draining stream
contents.

Change-Id: I8bc8c62095fbb933227b9e76ad8771f4b1246fe8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0270cfb71df55c1d213340bf9b678a48cc7b8e6e 20-Jun-2014 Jeff Sharkey <jsharkey@android.com> Merge "Explicitly collect manifest digests."
032f2b246bd01653c592f2b148d6a0debfe164b2 20-Jun-2014 Jeff Sharkey <jsharkey@android.com> Explicitly collect manifest digests.

Previously it was a side effect of collectCertificates().

Bug: 15740334
Change-Id: I2e044fdcc1c86ce730b9570bfbecf873366325e1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2c43c339de5aaf4fef58aa9b5ac3af48609263a8 13-Jun-2014 Jeff Brown <jeffbrown@google.com> Resolve boot time dependencies related to the power manager.

This change fixes a bug where native daemons may try to communicate
with the power manager before it was fully initialized due to a race
between publishing the binder service and completing init().

The solution was to simplify the dependencies related to the power
manager. It turns out that most services that were passed in
init are not actually needed until systemReady. What remained
was a dependency on the activity manager to check permissions for
incoming calls. So now we start activity manager first.
However, the activity manager also depends on power manager for
wakelocks. To break the cycle, we now defer initializing the activity
manager's wakelocks until after the power manager has been started.

Cleaned up a bunch of boot-time service dependencies so that we
can have better confidence that they are correctly maintained.

Bug: 13884219
Change-Id: If08e2d7ccd44e7026a72441bb6bd5afd7bb9fffe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8a4c9721a9e09d20c63381c13fa29bd9f7cbc3e3 16-Jun-2014 Jeff Sharkey <jsharkey@android.com> Plumb split APKs into public API.

Introduces new ApplicationInfo fields to surface zero or more split
APKs for an application. Splice these APKs into both the class
loader and resource system. Cleaner building of these paths.

Run dexopt() on all split APKs found after a parse, and populate
into ApplicationInfo.

Change-Id: I4a376bf4492d84ea95aafa866e106ea43a43e492
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
96f4e595ba09bf9a5a5b58882d6e4cebdcf06503 17-Jun-2014 Jeff Sharkey <jsharkey@android.com> Only movedex() when working with apps-on-SD.

Partial revert of earlier change that tried doing movedex() during
a package upgrade. Verified that the normal package upgrade path
already wipes old code as part of InstallArgs.cleanUpResourcesLI().

Change-Id: Icc5ae0d2718a0c494bfe7becf72df50c641efe1b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5406f59abd0cde826e8254fe628bea6d80769c8c 16-Jun-2014 Narayan Kamath <narayan@google.com> am 6a6411e3: am 076dc013: Merge "Move dex file pruning to installd."

* commit '6a6411e3d8c533a40bfe1897e2c26e3d6f3b52e0':
Move dex file pruning to installd.
c4858a2ba972e86436d629c4d3f18eb49116de14 16-Jun-2014 Jeff Sharkey <jsharkey@android.com> Switch PackageParser to reference single path.

It previously kept mPath separate from mScanPath for some very odd
edge cases around moving apps-on-SD. This changes it to always use
a single path, refactors moving to keep separate paths.

Refactors method names in PackageParser to be clearer about their
APK-versus-package relationship.

Beginnings of a split package parser. Instead of requiring that
callers check error codes when null, switch to always throwing on
parse errors, to require that callers deal with the error. Longer
term the entire parser should switch to this style, but its too
pervasive for a simple refactoring.

Change-Id: If071d8e55e46e56cc201fadfb51cb471713ae973
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b87de28f50e9f02a365f35348f8da6cc2629bc1c 13-Jun-2014 Jeff Sharkey <jsharkey@android.com> Build usesLibraryFiles with ArraySet.

Use ArraySet instead of using odd shared variable.

Change-Id: Ide5095069ae8f2dcb4553f37e877fc1fce33ebde
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5d140e4b1b1d43c742a7d67dd5f9d394c846945f 16-Jun-2014 Narayan Kamath <narayan@google.com> am 5406f59a: am 6a6411e3: am 076dc013: Merge "Move dex file pruning to installd."

* commit '5406f59abd0cde826e8254fe628bea6d80769c8c':
Move dex file pruning to installd.
93e9e7208e0de349a9592ac59153d6b06c202fe6 12-Jun-2014 Christopher Tate <ctate@google.com> am ba6e8ae5: Merge "Relax duplicate-permission-definition constraints slightly" into lmp-preview-dev

* commit 'ba6e8ae5d2a364799fd6bc84179e33b6731e574b':
Relax duplicate-permission-definition constraints slightly
f9fcfaae78afb0bc3e6a0716ad1d5fe3561bb81e 12-Jun-2014 Christopher Tate <ctate@google.com> Merge "Relax duplicate-permission-definition constraints slightly" into lmp-preview-dev
104e14531ca2212117540d8b6abc06ab67564ebc 12-Jun-2014 Dianne Hackborn <hackbod@google.com> am f894cad0: Merge "Some tweaks to improve document task creation." into lmp-preview-dev

* commit 'f894cad093c1a3083f4aca099babc4677977a12f':
Some tweaks to improve document task creation.
d38aed81420d7d992f65ef2efb5f69c1900fc61d 11-Jun-2014 Dianne Hackborn <hackbod@google.com> Some tweaks to improve document task creation.

- Mark the chooser activity as never launching in to a new
task, even if the caller asks for it. These are dialogs
so don't make sense as stand-alone tasks. (Maybe later
the policy should be to not launch into a new task in any
case that the activity is a dialog or even transparent at all.)

- Keep track in the task record of whether any activities in
it have been shown to the user, and use this to automatically
remove the task when all activities finish. This leans up
cases where apps are launching stub activities that get turned
in to tasks but are never seen by the user because they
immediately launch another activity in another task and
then finish.

Change-Id: I00b641c80aa96bd5071479f36ee2e4d8e3a81aeb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8f70744221b739f749f4e5fecff53083ef1d075a 05-Jun-2014 Adam Connors <adamconnors@google.com> DO NOT MERGE : Allow system process to call getApplicationBlockedAsUser

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Bug: 14400206
Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890
(cherry picked from commit c11c67b3e117b4fec3245f87b6d510461c1f8323)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b8c0383b0c00ed372ab92d3d0a5095c352d3e642 06-Jun-2014 Christopher Tate <ctate@google.com> Relax duplicate-permission-definition constraints slightly

If the permission being redefined by the install-candidate package is
supplied by the system itself, ignore the redefinition but allow the
install.

Bug 14618942

Change-Id: I3d320e446587e528ae175dcd4782e607729caff7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1a910ef2b40de91e834a5a82d9b75d117a45da04 05-Jun-2014 Adam Connors <adamconnors@google.com> Allow system process to call getApplicationBlockedAsUser

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c32a244e907719e03d0fae42b20401dcd2c595fc 03-Jun-2014 Narayan Kamath <narayan@google.com> am dd2e9d33: am 7cb13f8a: Merge "Scan for renderscript files before deciding ABIs."

* commit 'dd2e9d3386d2d74f99f79bcad951ff5cdefa6fab':
Scan for renderscript files before deciding ABIs.
dd2e9d3386d2d74f99f79bcad951ff5cdefa6fab 03-Jun-2014 Narayan Kamath <narayan@google.com> am 7cb13f8a: Merge "Scan for renderscript files before deciding ABIs."

* commit '7cb13f8a0a40f3d971a953b330f38bfcfb001c5e':
Scan for renderscript files before deciding ABIs.
797b109c60bda8e122075b0c2101d3f2a0b67c07 03-Jun-2014 Narayan Kamath <narayan@google.com> am 7ed98c43: Merge "Add an --abi argument to "pm install""

* commit '7ed98c43f8cbcfbb4862205a72455ab39359a011':
Add an --abi argument to "pm install"
116bdbd823b607d860b039ec334a1f985eed7a7f 29-May-2014 Narayan Kamath <narayan@google.com> Add an --abi argument to "pm install"

This allows callers to force an install to a particular
ABI. This is intended only for testing (and CTS) and is
not meant for usage by the installer package.

bug: 14453227

(cherry picked from commit 6431d11cd420536aaa9d93ae510a3151ccc4df1d)

Change-Id: I85d4f8785deea02a6a4d3cb0b05e6ef8bf64826b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
415f354134254fbc70db48d5798e82fc87751df2 29-May-2014 Christopher Tate <ctate@google.com> am ba922631: Merge "Don\'t crash on boot" into lmp-preview-dev

* commit 'ba9226316df301fb612606f919aa69e109645c82':
Don't crash on boot
f889ed11d21bfd3010f8e4e192a0532b7f6f7994 29-May-2014 Christopher Tate <ctate@google.com> Don't crash on boot

...when removing dangling preferred-activity entries.

Bug 15310848

Change-Id: Ibe9d82a06f8c608b866a2c3c6b286da2ededacca
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8194899071e0a84c95ef10614bd1b9485b48f589 16-May-2014 Nicolas Prevot <nprevot@google.com> Rename code related to cross-profile intents.

For example, replace ForwardingIntentFilter by CrossProfileIntentFilter

Bug: 15023443

Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d9a6475c9c4825b2d8fc5ea09b9de54ad4f91ee3 22-May-2014 Christopher Tate <ctate@google.com> DO NOT MERGE - Don't crash uninstalling updates to system apps

Bug 15167960

Cherrypick from master

Change-Id: Ibcb3275adb27b20939a237511aaaa8b0011127e1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f71ece48a14e5c7da97024b0ced83da69e648a89 22-May-2014 Christopher Tate <ctate@google.com> Don't crash uninstalling updates to system apps

Bug 15167960

Change-Id: I606638292e524078f2859ba6be0a4861a4e01c00
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a562f5daf6863640afb931db9e9ea66bea94b828 21-May-2014 narayan <narayan@google.com> am 82ec8c58: am ab3d85ab: am 838b1e22: Merge "Fix NPE in PackageManagerService."

* commit '82ec8c58b1f1cd0cce56d11b7679440f6ba54f4a':
Fix NPE in PackageManagerService.
82ec8c58b1f1cd0cce56d11b7679440f6ba54f4a 21-May-2014 narayan <narayan@google.com> am ab3d85ab: am 838b1e22: Merge "Fix NPE in PackageManagerService."

* commit 'ab3d85ab1a0ae58add5df6efc30607624475405b':
Fix NPE in PackageManagerService.
1d265716954122f79d5fdd9d953a98e303d298c9 21-May-2014 Brian Carlstrom <bdc@google.com> am e77a77d0: am ec71fed0: Merge "Improve ABI handling for shared user ids."

* commit 'e77a77d081ff9d05100702f5880f356da27fd087':
Improve ABI handling for shared user ids.
96db91e0ff30c872dacc7f9a5d5a67e950e4ba26 20-May-2014 Narayan Kamath <narayan@google.com> Improve ABI handling for shared user ids.

The key improvement is that we need to keep track of
the package that's currently being scanned (this includes
new installs and upgrades of existing packages) and treat
it specially. If we didn't do that, In the case of upgrades
we would perform the shared UID calculation based on the ABI
of the old package, and not the current package.

This change also allows us to perform the CPU ABI calculation
before dexopt, which saves us from having to do it twice and
fixes a bug where we were using the wrong package path to
dexopt a package.

This also has the side effect of fixing 15081286.

bug: 15081286

(cherry-picked from commit b851c89d2252cf3d1dc504558ce1553527885316)

Change-Id: I20f8ad36941fc3df29007f0e83ce82f38f3585c8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d4e6d467cd61d6bec1ae25744a415a96f0a0f760 17-May-2014 Dianne Hackborn <hackbod@google.com> Delay the dispatching of non-wakeup alarms.

When the screen is off, there are no guarantees about when
non-wakeup alarms will be dispatched. Historically they are
dispatched any time the device wakes up. With this change,
we will delay the dispatch until sometime later.

The amount of delay is determined by how long the screen has
been off. Currently there are three possible delays: up to
2 minutes if the screen has been off for less than 5 minutes;
up to 15 minutes if it has been off for less than 30 minutes;
and otherwise up to an hour.

When the screen is turned on or a wakeup alarm is dispatched,
all delayed alarms will also be dispatched.

Note that one of the things this delays is TIME_TICK, which
means the in many cases we won't deliver TIME_TICK until the
screen is in the process of waking up. The current
implementation causes this to be delayed until the SCREEN_ON
broadcast is sent; we probably want to improve this to have
the power manager tell the alarm manager about the screen
turning on before it sends that broadcast, to help make sure
things like the lock screen can update their current time
before the screen is actually turned on.

In addition, switch all of the alarm stats to use the new
PendingIntent "tag" identifier for its operations, instead
of the old code to try to construct a pseudo-identifier
by retrieving the raw Intent.

Also add a new package manager command to immediately write
packages.xml.

Change-Id: Id4b14757cccff9cb2c6b36de994de38163abf615
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f6edb97b62a89789f7eea5ca4b31f697333c88cc 19-May-2014 Narayan Kamath <narayan@google.com> am 9672ee12: am deda5467: am a4fd1baa: Merge "Fail if we\'re unable to agree on an ISA for shared UIDs."

* commit '9672ee125d6aee73bf1e5425c4089285714f25bf':
Fail if we're unable to agree on an ISA for shared UIDs.
9672ee125d6aee73bf1e5425c4089285714f25bf 19-May-2014 Narayan Kamath <narayan@google.com> am deda5467: am a4fd1baa: Merge "Fail if we\'re unable to agree on an ISA for shared UIDs."

* commit 'deda5467f44fc4a03c3435f0c6d7bda4ea298b99':
Fail if we're unable to agree on an ISA for shared UIDs.
5d5f19a339bc4a8f10f75b51625d8d50ee0729e0 15-May-2014 Narayan Kamath <narayan@google.com> am 6e2e6868: am 706b1d7e: Merge "Remove "required" prefix from ABI fields."

* commit '6e2e686889037711170ee145f9dfdb442cee85db':
Remove "required" prefix from ABI fields.
1e74c37f8e1acb595f407e0f65744bb6b00c9314 15-May-2014 Narayan Kamath <narayan@google.com> Merge "Remove "required" prefix from ABI fields."
3a44f3f1b446315ef894e01d2ab9b5388c2bd8c4 29-Apr-2014 Jeff Sharkey <jsharkey@android.com> Initial support for split APKs, PackageInstaller.

Defines a new PackageInstaller class that will be used for installing
and upgrading packages. An application desiring to install an
application creates a session, stages one or more package files in
that session, and then kicks off the install.

Previously, PackageManager would always make its own copy of a package
before inspecting it, to ensure the data could be trusted. This new
session concept allows the installer to write package data directly to
its final resting place on disk, reducing disk I/O and footprint
requirements. Writes are directed through an intermediate pipe
to ensure we can prevent mutations once an install has been initiated.
Also uses fallocate() internally to support optimal ext4 block
allocation using extents to reduce fragmentation.

Sessions are also the way we support installing multiple "split" APKs
in a single atomic operation. For a set of packages to form a valid
application, they must have exactly the same package name, version
code, and certificates. A session can also be used to add a small
handful of splits to an application by inheriting existing packages
when not performing a full install.

Add PackageParser support for extracting split names and certificates.

Bug: 14975160
Change-Id: I23d1bf4fbeb9f99a8c83be0c458900a0f0d1bccc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
34f6084bc21b07ae9112be6e7a8f50c49828ac9c 30-Apr-2014 Narayan Kamath <narayan@google.com> Remove "required" prefix from ABI fields.

As per a comment on an earlier code review.

Change-Id: I3ae30f8a7bc90730068644f93b926e0e05a2cdfb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
027c75d5e2861e90058bcd2d267b47498caf82cf 13-May-2014 Brian Carlstrom <bdc@google.com> am f230061b: am 2ce02bba: am b7d7cbc9: Merge "Fix background PackageUsage writing."

* commit 'f230061b383f3e5fa63a266d84477963dc5f226c':
Fix background PackageUsage writing.
f230061b383f3e5fa63a266d84477963dc5f226c 13-May-2014 Brian Carlstrom <bdc@google.com> am 2ce02bba: am b7d7cbc9: Merge "Fix background PackageUsage writing."

* commit '2ce02bba1eea682282408b8521dad8c91837fbab':
Fix background PackageUsage writing.
809146690d03b3ec3404c37c1fb467f7b7234692 09-May-2014 Brian Carlstrom <bdc@google.com> am 09d11896: am edc31509: am b98ca5b0: Merge "If PackageUsage information is missing, treat as first boot and compile everything"

* commit '09d1189668a74b2cd4a6af124e95c9e6786499f2':
If PackageUsage information is missing, treat as first boot and compile everything
09d1189668a74b2cd4a6af124e95c9e6786499f2 09-May-2014 Brian Carlstrom <bdc@google.com> am edc31509: am b98ca5b0: Merge "If PackageUsage information is missing, treat as first boot and compile everything"

* commit 'edc31509c2ff8cba86f30c836934d32a3e249dec':
If PackageUsage information is missing, treat as first boot and compile everything
dfad99ad9fd5953b9d726715c40197a3e70e7dd0 08-May-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of 0b5598c9 to master

Change-Id: Ie911d6b0b5e2b87e2b4669fa2465a82bb5807893
6422abef786632e53337c6c298ffa64f7ddf4d90 07-May-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of 3bbef521 to master

Change-Id: I0bbb7c80f6c4f003779da784475d7acbfb898c94
0b5598c924fc140db5cfee08c17fd91e630b1c9e 07-May-2014 Brian Carlstrom <bdc@google.com> am 691079dd: am a21ba5be: Merge "Add BackgroundDexOptService"

* commit '691079ddc0055fac9b82dccaf35b4591978b2a55':
Add BackgroundDexOptService
3bbef521d4b07f86010ba0729a36ff8b73bcb0ac 07-May-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of f2db00fd to klp-modular-dev-plus-aosp

Change-Id: I745164033962f6222832f8f19fa316a2e2634fd0
010cfd458121034075c7439020ffef4eedbcc0fc 16-Apr-2014 Adam Connors <adamconnors@google.com> Add enableSystemApp methods to DevicePolicyManager

These methods allow profile or device owners to enable
systems apps pre-installed in the primary user in the
managed profile. Apps can be specified by either package
name or intent.

Bug: 13587051

Change-Id: Ifcbc68c139308506b6c18cf3c0ea62b8026ff75f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c79586ede6dcd6a167bc8360f058cb5cc655b33d 06-May-2014 Nicolas Prevot <nprevot@google.com> Cleaning code related to the forwarding intent filters.

Checking for INTERACT_ACROSS_USERS_FULL
Adding equivalent methods in the PackageManager

Change-Id: Iaa1328fa666613a78e67ca669ea045144275e895
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6fee7d4cf991a8d39bdefb782937250c87f60f25 01-May-2014 Nicolas Prevot <nprevot@google.com> Introducing removable and non-removable ForwardingIntentFilters.

clearForwardingIntentFilters removes only non-removable IntentFilters.
The ForwardingIntentFilters set by the profile owner are always removable.

Change-Id: If950ccd7e69261b86360ea647fdb501c92f5440b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
531381056fac077cffcd509b1e89d9b41f400fca 01-May-2014 Narayan Kamath <narayan@google.com> am 5dca099d: am 1cec7f85: Merge "Don\'t adjust ABI if PackageSetting#pkg is null."

* commit '5dca099df7100c531e111b50435605c318f1e6d4':
Don't adjust ABI if PackageSetting#pkg is null.
d6809b35aff02fdccf7ac433005aba2d06bbc3ff 01-May-2014 Narayan Kamath <narayan@google.com> am c1f81f90: am 27f2bfc4: Merge "Fix dex file pruning logic."

* commit 'c1f81f9086037dde6e082b8a80c84277cb727726':
Fix dex file pruning logic.
fbd80b58db2aa8f650acf26305e8cbed24a5755b 01-May-2014 Narayan Kamath <narayan@google.com> am 51f4367c: am bcc3b312: Merge "Adjust instruction sets for shared UID apps."

* commit '51f4367cac606580a5ca10ec1cf2dcab3982aebc':
Adjust instruction sets for shared UID apps.
3a951e52d93697b7e232501b78f9ffb0ec605516 01-May-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of 69da8a12 to klp-modular-dev-plus-aosp

Change-Id: Ie07b88f324749afcf8417b50d4dbbc6e2a271a2a
d2ec8724d2a3407e28161299d44e2e113fe437ec 01-May-2014 Narayan Kamath <narayan@google.com> am d85ded89: am 645a920f: Merge "Fix OEM native library path bug."

* commit 'd85ded890d86d454a0571c63911ff911633e3a95':
Fix OEM native library path bug.
f5c6a1b3eb10f0374fcbab55853f400778f0f8e7 01-May-2014 Narayan Kamath <narayan@google.com> am eb573498: am 986b901a: Merge "Fix native-lib dir assignment & updating"

* commit 'eb5734989b3ef5455359f8807684a860ad04c134':
Fix native-lib dir assignment & updating
0338af46f968e2e1c2fd8c62e9387546fa9ed86b 01-May-2014 Narayan Kamath <narayan@google.com> am 99253c2d: am fde59428: Merge "Handle /oem and /vendor as well"

* commit '99253c2da945cbd4725efced6cac2dc40c858d6c':
Handle /oem and /vendor as well
5bc12a1b5dadfd504fb03875fad97cda8d39cf25 01-May-2014 Narayan Kamath <narayan@google.com> am a7b465ef: am d91358b2: Merge "Support per-package lib dirs for bundled apps"

* commit 'a7b465efc4eede46b8dfc8932c6c30346e8e79de':
Support per-package lib dirs for bundled apps
ff2e05e1f69eb0cbe9ba68cb1adbd2b2922eeeb7 01-May-2014 Nicolas Prevot <nprevot@google.com> Merge "Introduce forwarding intents across profiles."
10fa67c77e11699391e27975fc2d276a0b8c7cbb 24-Mar-2014 Nicolas Prevot <nprevot@google.com> Introduce forwarding intents across profiles.

The package manager service maintains, for some user ids, a list of forwarding intent filters.
A forwarding intent filter is an intent filter with a destination (a user id).
If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent.

When the package manager service is asked for components that resolve an intent:
If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent:
The package manager service also returns the IntentForwarderActivity.
This activity will forward the intent to the destination.

Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab45d1d6d296f4f61632a472cf7bd8626c8d5a06 30-Apr-2014 Narayan Kamath <narayan@google.com> Don't adjust ABI if PackageSetting#pkg is null.

If means the package hasn't been scanned yet, and we
will adjust the ABI during the scan of the last package
in the shared user group.

NOTE: This needs some more cleaning up, which will be
done along with the remaining TODO in this function.

Change-Id: Ie332806b64e22ab4a4856e1ccd064ff6a01616bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f6b635e4f00cd40d4c46730f7d23df6cc8bf4aa4 29-Apr-2014 Narayan Kamath <narayan@google.com> Fix dex file pruning logic.

We should now prune all normal files from /data/dalvik-cache
in addition to looking for dex files in all subdirectories of
/data/dalvik-cache.

Change-Id: I4abb2b01b359bbb1b8ece2c9025541a5d5e335f5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
df6d6dc2aac2912e98de3fe37869d2b179eb23db 28-Apr-2014 Narayan Kamath <narayan@google.com> Adjust instruction sets for shared UID apps.

Since shared UID apps are run in the same process,
we'll need to make sure they're compiled for the same
instruction set.

This change implements the recompilation of apps that
don't have any ABI constraints.

Apps that *do* have ABI constraints are harder to deal
with, since we'll need to rescan them to figure out the
full list of ABIs they support and then re-extract the
native libraries from these apps once we find an ABI we
can use throughout.

Change-Id: I365c6b0b18187df814d4736da61b199dd4494e3c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0f206a149d27385ef092a34e0009a8607d663659 12-Apr-2014 Narayan Kamath <narayan@google.com> Package manager changes for dual zygote stack.

- Pass down the app's instruction set to dexopt so that
it can compile the dex file for the right architecture.

- Also pass down the app's instruction set to rmdex, movedex
and getSize so that they can construct the cache file
location properly.

- Temporarily compile "system" jars such as am,wm etc. for
both architectures. A follow up change will ensure that
they're compiled only for one architecture (the same
arch. as the system server).

- Java "shared" libraries are now compiled for the right
architecture when an app requires them.

- Improve the app native library ABI detection to account
for system apps installed in /system/lib{64}/<packagename>
and also handle sdcard and forward locked apps correctly.

Change-Id: I4f380b146137803e51d56fdf355c3bdfc92c409d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efd 24-Apr-2014 Kenny Root <kroot@google.com> Only remember the signer certificates for Signatures

Previously we would use the JarEntry#getCertificates API which would
return a flattened array of all the signers and their certificate chain.
Since this isn't what was intended, switch to reading the certificate
chains and only paying attention to the signer certificate.

In order to migrate during upgrades of the platform, we'll scan on boot
with a compatibility mode which will check the stores signatures in the
old format by flattening the chains of the scanned packages then
comparing the two sets.

Bug: 13678484
Change-Id: I02a5c53121d8d6f70a51d7e3b98168a41e11482e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
10596fbcce710a76ffc7e917400df13af5c2ebcb 28-Apr-2014 Elliott Hughes <enh@google.com> resolved conflicts for merge of 3ce4f3d0 to master

Change-Id: Id5c5997ad8f801b32e1dbd97413ea42e38c27210
3ce4f3d0af8b20f915631ab927aafa76a6105135 28-Apr-2014 Elliott Hughes <enh@google.com> am 685a0a72: am bbd87eb9: Merge "Track libcore.os\' move to android.system."

* commit '685a0a72d445515167a2071330679cdf9b53a62d':
Track libcore.os' move to android.system.
33417df78aea04a9afe6fe73958d2dac73338666 24-Apr-2014 Jeff Sharkey <jsharkey@android.com> Fix OEM native library path bug.

Bug: 13340779
Change-Id: I3d69b3453d3d284295bbfa771e6fb4a36bca05c5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a466b101be24c1e0df098856fe0989749afe49ce 26-Apr-2014 Kenny Root <kroot@google.com> Merge "PackageManager: add versioning to packages.xml file"
c1c0d3c4f461be5649a64920cad7b58dd4162680 24-Apr-2014 Kenny Root <kroot@google.com> PackageManager: add versioning to packages.xml file

During development, a new feature might be added that requires the
packages.xml format be updated. To that end, add a database version
attribute that allows this to happen.

Change-Id: I3340a0bd55017acd625c3cba523cec10a18a4805
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
91097de49b0f683b00e26a75dbc0ac6082344137 05-Apr-2014 Dianne Hackborn <hackbod@google.com> Initial implementation of new voice interaction API.

This gives a basic working implementation of a persist
running service that can start a voice interaction when
it wants, with the target activity(s) able to go through
the protocol to interact with it. It may even work when
the screen is off by putting the activity manager in the
correct state to act like the screen is on.

Includes a sample app that is a voice interation service
and also has an activity it can launch.

Now that I have this initial implementation, I think I
want to rework some aspects of the API.

Change-Id: I7646d0af8fb4ac768c63a18fe3de43f8091f60e9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
898be168bda75b204611e8e24439d33213ecab5f 25-Apr-2014 Dianne Hackborn <hackbod@google.com> Merge "Add support for muliple active development codenames."
12e75126909152c448f70c48f3d2f2884cb359bd 25-Apr-2014 Christopher Tate <ctate@google.com> Merge "Fix native-lib dir assignment & updating"
ffcda1086185f217ebfbac0735f92fcc8a9196c8 24-Apr-2014 Dianne Hackborn <hackbod@google.com> Add support for muliple active development codenames.

The resource API level is also bumped by the number of
active codenames there are.

Change-Id: Ic1bac452d5c13dc3f48040ffa47f54b28abe2ccc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
353e39a973dbbadce82fee2f83ad194e04a47449 24-Apr-2014 Christopher Tate <ctate@google.com> Fix native-lib dir assignment & updating

The per-package /system/lib/* feature introduced bugs in the
native library path handling during app upgrade installs. The
crux of the fix is that when recalulating the desired native
library directory, the basis for the calculation needs to be
the scanned APK's location rather than the extant package
settings entry -- because that entry refers to the pre-upgrade
state of the application, not the new state.

Bug 14233983

Change-Id: I76c3249c72ecc055115d430529d386599e52ae42
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
07c79fcc7f2538e849a3f9961abb81df72b8d0a4 24-Apr-2014 Kenny Root <kroot@google.com> PackageManager: remove GET_CERTIFICATES boolean

This is a really old debugging flag that is not useful and also
dangerous.

Change-Id: I3badb5e361a8fe8458a355bf7d9ab055cb1b57d5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
740888f62eae158d5775be716620f0d56d87f587 18-Apr-2014 Christopher Tate <ctate@google.com> Handle /oem and /vendor as well

Bug 13170859

Change-Id: I95dec4cd68e3d64517d08b3f08eefb849ce37b86
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
addfbdc09ccf258395db8bfc510989a4c583f7ab 11-Apr-2014 Christopher Tate <ctate@google.com> Support per-package lib dirs for bundled apps

Bundled apps can now use /system/lib/apkname or /system/lib64/apkname
in addition to the (globally shared) /system/lib and /system/lib64
directories. Note that when an app is updated post hoc the update APK
will look to its normal library install directory in
/data/data/[packagename]/lib, so such updates must include *all*
needed libraries -- the private /system/lib/apkname dir will not be in
the path following such an update.

"apkname" here is the base name of the physical APK that holds the
package's code. For example, if a 32-bit package is resident on disk
as /system/priv-app/SettingsProvider.apk then its app-specific lib
directory will be /system/lib/SettingsProvider

Bug 13170859

Change-Id: Ic44cc75312f33d2f5d402a1c261b2eca3fe8badc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f148f36d140e995ec8f755e60bbb0b37f33c3da7 10-Apr-2014 Narayan Kamath <narayan@google.com> am 9e289d70: am 1d26a3f1: am 09e13cc5: Merge "System services detect and register app CPU ABIs"

* commit '9e289d70a8baaed0030413b5991653792e2a816d':
System services detect and register app CPU ABIs
d11f223c535ed9ce628fe5aaf0fd5692dd0cf9e4 10-Apr-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of 286a247e to master

Change-Id: I63df9d482da3ce2ac851959223b9180020ffad0c
9e289d70a8baaed0030413b5991653792e2a816d 10-Apr-2014 Narayan Kamath <narayan@google.com> am 1d26a3f1: am 09e13cc5: Merge "System services detect and register app CPU ABIs"

* commit '1d26a3f1efd0d965e8751e8515608c31789bdbe2':
System services detect and register app CPU ABIs
286a247e4c8fcecb59636f668678d24e33142744 10-Apr-2014 Narayan Kamath <narayan@google.com> am 0fd40cb1: am 80413c9f: Merge "Re-implement native library search and copies."

* commit '0fd40cb100bccbd5d9ad6109ca39c818a857f889':
Re-implement native library search and copies.
ed3db02c051f52f9ad3770e3c6b5b90c71a04fb1 04-Apr-2014 Christopher Tate <ctate@google.com> Significant preconditions are significant

If you are going to check whether we've failed yet, make sure that
the default state to test against has been established properly.

Bug 13790971

Change-Id: I7fc6ff1bbbd9e569df59dcb65cc30f120c128efa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c935d1f11144443a91b3c03d7da82314db6e049b 31-Mar-2014 Christopher Tate <ctate@google.com> Refuse update of a system app if it changes its shared uid

Bug 13657183

Change-Id: I6d8fb9c8810ca896d2d10e5a80a3c4a50c9e4fed
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f74aa094b413f113f7dd8cef0ce28fb933a27a5d 01-Apr-2014 Christopher Tate <ctate@google.com> Handle bad package name arguments sensically

Don't blithly go ahead and assume package name arguments are non-null,
and don't continue to do a bunch of work after an early failure on
invalid non-null package names.

Bug 13745101

Change-Id: I12ccae343066b39162dedeb46dc58869f55be0ba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e290b7708e2ac59e645f499d8348a3a087a9568 31-Mar-2014 Nick Kralevich <nnk@google.com> am ce30fca8: am e531e2ec: am 3b2a9d22: Merge "Change when the SELinux relabel of /data/data occurs."

* commit 'ce30fca85deec8e268009a2acaefe85541ab1e58':
Change when the SELinux relabel of /data/data occurs.
ce30fca85deec8e268009a2acaefe85541ab1e58 31-Mar-2014 Nick Kralevich <nnk@google.com> am e531e2ec: am 3b2a9d22: Merge "Change when the SELinux relabel of /data/data occurs."

* commit 'e531e2ec6b311c35b077cc228e832b3f1530dffa':
Change when the SELinux relabel of /data/data occurs.
f1977b4500e82b72ea6aa5c46d97406a20017caf 25-Mar-2014 Christopher Tate <ctate@google.com> Expand install observer semantics

...and now fail conservatively when two apps both attempt to define
the same permission. Apps signed with the same certificate are
permitted to redefine permissions.

We also finally have a (hidden) interface class for observing package
installation so that we can now rev the interface without breaking
existing callers.

Bug 13551375

Change-Id: Ifa4e59154dcccbb286ee46a35a6f25e4ad0f0f01
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7629a18a3f190368e6268d3f2827824905683268 26-Mar-2014 Glenn Kasten <gkasten@google.com> Revert "Expand install observer semantics"

This reverts commit ab8a501f255b272af887acb0e66eb71cdf24c755.

Change-Id: I4ab4ae1a96efa2adf9d5a513793d8b84eef38b4e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab8a501f255b272af887acb0e66eb71cdf24c755 25-Mar-2014 Christopher Tate <ctate@google.com> Expand install observer semantics

...and now fail conservatively when two apps both attempt to define
the same permission.

We also finally have a (hidden) interface class for observing package
installation so that we can now rev the interface without breaking
existing callers.

Bug 13551375

Change-Id: I3a286d024a30e812ee4b098f345401df3c00e178
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c55f9c04427796d5b6f833fe43adffd9d7b99ad2 21-Mar-2014 Christopher Tate <ctate@google.com> Cap the size of app-defined permission trees

Bug 13529742

Change-Id: I46c2ebc39caf4a9eacbffbb35fc386c2a1cedc12
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
70b7d163aa0d4b2911eff525f83c9f245bfd9813 19-Mar-2014 Nick Kralevich <nnk@google.com> am 31654e19: am b630ffe3: am e75d340a: am 5c8e1a6e: Merge "Allow PMS to restorecon directories under /data."

* commit '31654e19c92c94675c0e2f2a86b59683d4c48d2f':
Allow PMS to restorecon directories under /data.
b630ffe3fdd72be186495f2c0a8d05b936a73d46 19-Mar-2014 Nick Kralevich <nnk@google.com> am e75d340a: am 5c8e1a6e: Merge "Allow PMS to restorecon directories under /data."

* commit 'e75d340ae5919942d19f57856ae9e3f8bc62e098':
Allow PMS to restorecon directories under /data.
1be762c1ba0f4ab57c9d2038620e03d45eeb1f0a 06-Mar-2014 Jeff Sharkey <jsharkey@android.com> Define an OEM directory, scan features and APKs.

To support OEM customizations, define a new top-level directory
that roughly mirrors the layout of the system partition. Scan this
location for (non-privileged) apps, and for additional features.

Bug: 13340779
Change-Id: Idb6d6626655061ee31ad952cab734d30ea6130b9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
00d115a7533df23027f671c90c0ae52684392e4a 14-Mar-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of aa737c49 to klp-modular-dev-plus-aosp

Change-Id: I1f4e555773fe6138efaf73444525da0f747b01d5
aa737c49df79749fe92b89d745eba7442762e2b5 13-Mar-2014 Narayan Kamath <narayan@google.com> am 9af19bee: am 52af2ca9: DO NOT MERGE - Remove data dirs if a new install fails dexopt.

* commit '9af19bee1c7da8d2e8bc6e40c6e9c1e28e0640c6':
DO NOT MERGE - Remove data dirs if a new install fails dexopt.
2d3ddc2ba9f86d795e437ea90dccb59cf1ebfd11 08-Mar-2014 Dave Allison <dallison@google.com> am 199670c4: am 324aa693: am b94904ab: am 3fc3b9fd: Merge "ART profiler usage."

* commit '199670c46a9950bd2e06af43ea082427b542060a':
ART profiler usage.
324aa693b82656809b97e307676adbbce37c3d95 08-Mar-2014 Dave Allison <dallison@google.com> am b94904ab: am 3fc3b9fd: Merge "ART profiler usage."

* commit 'b94904ab6dfbb9db7e8042f10886042a295857d4':
ART profiler usage.
75870cf391eb6f1ec91f512e0a6f28840093d413 06-Mar-2014 Dianne Hackborn <hackbod@google.com> am 75374879: am ea391750: am 5e578e17: am 40a26004: Issue #13308712: Add --checkin to package manager dump.

* commit '75374879938c1767b0266132672361487f2f58d4':
Issue #13308712: Add --checkin to package manager dump.
75374879938c1767b0266132672361487f2f58d4 06-Mar-2014 Dianne Hackborn <hackbod@google.com> am ea391750: am 5e578e17: am 40a26004: Issue #13308712: Add --checkin to package manager dump.

* commit 'ea391750fbf78b395b414147dba6426ad907431d':
Issue #13308712: Add --checkin to package manager dump.
7a4e519eda4e0e7bac9ad0159b29b11f61b50e01 05-Mar-2014 Christopher Tate <ctate@google.com> am 8106dce7: am a6c59158: am f63ae644: am 1e995c76: Merge "Update PackageMonitor to recognize new \'replacing\' semantics" into klp-dev

* commit '8106dce705ba69d5bc0ccafa8e21068216f42a5f':
Update PackageMonitor to recognize new 'replacing' semantics
8106dce705ba69d5bc0ccafa8e21068216f42a5f 05-Mar-2014 Christopher Tate <ctate@google.com> am a6c59158: am f63ae644: am 1e995c76: Merge "Update PackageMonitor to recognize new \'replacing\' semantics" into klp-dev

* commit 'a6c59158761423551941f6ed338a117658e581ad':
Update PackageMonitor to recognize new 'replacing' semantics
98bab263500b258025c9c6ca64f8aaff7dc914f4 27-Feb-2014 Christopher Tate <ctate@android.com> am 4522bd12: am a58c03f6: am 41bfe121: am 16678ac6: Merge "Fixed upgrading from forward-lock application to system application"

* commit '4522bd12a4f3d2b0c3156fc70937f78bed15a1f8':
Fixed upgrading from forward-lock application to system application
a58c03f603cd90d1fed5566c88af5cd6c6f4caf5 27-Feb-2014 Christopher Tate <ctate@android.com> am 41bfe121: am 16678ac6: Merge "Fixed upgrading from forward-lock application to system application"

* commit '41bfe121cfa889df803a8916000e1fd0fbe87d5a':
Fixed upgrading from forward-lock application to system application
f475ca33d9232785710aaa438f17915029dfa83b 17-Feb-2014 Sander Alewijnse <salewijnse@google.com> Enables a profile owner or device owner to set and clear default intent handler activities.

Those intent handlers are persistent preferences. They will remain the default intent
handler even if the set of potential event handlers for the intent filter changes
and if the intent preferences are reset.

Change-Id: Id0cfae46f93c10d89e441f272096a205ec518dd0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
55b8ddc30386ec15073304b1f9fabc7eb789f52e 19-Feb-2014 Adam Lesinski <adamlesinski@google.com> am 0817d16c: am 04520a01: am 6feaa267: Merge "Add fastpath for single signature comparison" into klp-modular-dev

* commit '0817d16c539ca6b499da9f807e8ac6988233e9c3':
Add fastpath for single signature comparison
04520a01b8469729379e73a7995a188ffea2b187 19-Feb-2014 Adam Lesinski <adamlesinski@google.com> am 6feaa267: Merge "Add fastpath for single signature comparison" into klp-modular-dev

* commit '6feaa267a585f22595f846c9e3d09a76dc3db47a':
Add fastpath for single signature comparison
f5b3a01e54d9b2e496f865e05b18f9455b0b8038 19-Feb-2014 Adam Lesinski <adamlesinski@google.com> Add fastpath for single signature comparison

PackageManager does not need to create a hash set
when comparing two sets of signatures, where each set
contains one signature. This is the common case for
most applications.

Bug:13029313
Change-Id: I61883d85960db7b376e234d7abae6149c4d20245
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5c8044e7e1f1402fdd4a035690329294ab07b33 12-Feb-2014 Nick Kralevich <nnk@google.com> resolved conflicts for merge of 1cbea39f to master

Change-Id: Ib33484546c6a03cbc4cd96e97d9d785d68e10700
dd3d95f182a634acdcc1b1e8e4954234d048eb54 12-Feb-2014 Nick Kralevich <nnk@google.com> resolved conflicts for merge of 4ad93639 to klp-modular-dev-plus-aosp

Change-Id: I7ad222301ec0b863d48a1a9a839469436c385ea0
7b0e2827153752ae51c3ae80746e42ee185e7358 11-Feb-2014 Jeff Sharkey <jsharkey@android.com> Merge "First <provider> always wins."
c6809bb6853c6f055905cbbbf873bbe4066c5d21 11-Feb-2014 Jeff Sharkey <jsharkey@android.com> First <provider> always wins.

In scanPackageLI(), the first provider to claim an authority wins
over any other later providers. To match this behavior, this changes
ProviderIntentResolver to ignore later providers with the same
ComponentName.

Without this behavior, AM.getContentProvider() could end up wedged
waiting for a provider that generateApplicationProvidersLocked()
never decided to spin up.

Bug: 12956224
Change-Id: I37d3e6e9cf3eea2cac4c0e914134f6c83b2fc2bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d8efad825df245f0b235a91fdb381b5be8248379 10-Feb-2014 Christopher Tate <ctate@android.com> am 88daefd4: am 379bb6ed: am ff27e6bc: Merge "Use canonical path for /vendor/app"

* commit '88daefd40767695f7e8a67d1d52dfaac2ab6bdb6':
Use canonical path for /vendor/app
88daefd40767695f7e8a67d1d52dfaac2ab6bdb6 08-Feb-2014 Christopher Tate <ctate@android.com> am 379bb6ed: am ff27e6bc: Merge "Use canonical path for /vendor/app"

* commit '379bb6ed4ea4de035569b04018f84d7ce95a8036':
Use canonical path for /vendor/app
8b3e3ecc3d1a0ab45c02e7cb84bc7db856d21f1d 09-Jan-2014 Christopher Tate <ctate@google.com> Update PackageMonitor to recognize new 'replacing' semantics

The ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE broadcast now uses the
EXTRA_REPLACING intent extra when it is sent as part of an upgrade operation
on a forward-locked application. Update PackageMonitor to recognize this
new information and express it appropriately to the observer.

Bug 11988313

Change-Id: I34dfaa965dd322f4fa8945e7b83c9f2e8cf5269a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
79bea304eababaae0421a0ee563f783faf1638ac 22-Jan-2014 Christopher Tate <ctate@android.com> am 46c95dfc: am b450505c: am a7a9327b: am 5474f085: am 9fc157a4: Merge "FLAG_PRIVILEGED disappears if privileged app is updated and rebooted"

* commit '46c95dfc1009607184ea023921e1f262f38cd61e':
FLAG_PRIVILEGED disappears if privileged app is updated and rebooted
46c95dfc1009607184ea023921e1f262f38cd61e 22-Jan-2014 Christopher Tate <ctate@android.com> am b450505c: am a7a9327b: am 5474f085: am 9fc157a4: Merge "FLAG_PRIVILEGED disappears if privileged app is updated and rebooted"

* commit 'b450505c2e0d0dfd67bc228961a00a6eaaf092df':
FLAG_PRIVILEGED disappears if privileged app is updated and rebooted
509cc13b705f8c488774e7097ab17471c3dacd2e 18-Jan-2014 Jeff Brown <jeffbrown@google.com> am e2c9cd58: Merge "Refactor display manager service to new pattern." into klp-modular-dev

* commit 'e2c9cd583f4f706b48270b8cbe84df627c69af24':
Refactor display manager service to new pattern.
84aa8ab3c6b6cd5fca2a06e47ae29c01b037eed8 17-Jan-2014 Dianne Hackborn <hackbod@google.com> Merge "Add --checkin to package manager dump."
60dc0d97fc0a40caae2fa91fbf296b8ac630d748 17-Jan-2014 Dianne Hackborn <hackbod@google.com> Add --checkin to package manager dump.

Change-Id: Ibafd82f40dd4fa6a5b700a8b6725b007a528a92f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ccb823a9f62e57f9d221f83a97e82967e79a9e5 17-Jan-2014 Jeff Brown <jeffbrown@google.com> Refactor display manager service to new pattern.

Transform DisplayManagerService into a SystemService and start cleaning
up other local services that it uses from window manager and input manager.

Clean up service thread initialization.

Remove unnecessary static variables from ActivityManagerService.

It's starting to become clear that we really need a better way to manage
service dependencies. Boot phases don't quite cut it.

Change-Id: If319dbd7cbfbd4812fe55ece969e818d4b20755b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
09d30981f8e882ffaa336aa4665bfe348557895a 16-Jan-2014 Jeff Brown <jeffbrown@google.com> resolved conflicts for merge of 6f357d32 to master

Change-Id: I1979e6ed1acddbe656f5010114fd900f10865e75
6f357d3284a833cc50a990e14b39f389b8972254 16-Jan-2014 Jeff Brown <jeffbrown@google.com> Start untangling system server early bootstrapping.

Refactored SystemServer to get rid of a bunch of legacy cruft related
to how the ServerThread used to be started up.

Create system context first when system server starts. This removes
the tangled initialization order dependency that forced us to start
the activity manager service before most anything else.

Moved factory test related constants into the FactoryTest class.

Partially migrated Installer, ActivityManagerService, and
PowerManagerService to the new SystemService pattern. There's more
work to be done here, particularly around the lifecycle of the
power manager.

Bug: 12172368
Change-Id: Ia527dd56e3b3fd90f9eeb41289dbe044921230d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
08af733f87857dc8fdb83f25554874bd6a561287 08-Jan-2014 Christopher Tate <ctate@google.com> Don't just log this warning; record the situation for posterity

When a previously 3rd-party permission declaration is superseded
by a new system-owned declaration, don't just log; leave a persistent
record of the fact for post-hoc recognition of what happened even
after reboots.

Change-Id: I816a5003f8f8ef2dfbdbfa36316c4bae5005dfbf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
49782e46c0eb85a25ae2abcf80880c48dbab5aea 20-Dec-2013 Amith Yamasani <yamasani@google.com> am 9158825f: Move some system services to separate directories

* commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce':
Move some system services to separate directories
9158825f9c41869689d6b1786d7c7aa8bdd524ce 22-Nov-2013 Amith Yamasani <yamasani@google.com> Move some system services to separate directories

Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.

Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java