Cross Reference: /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java

History log of /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
8c57aeaa8f27423b843fa043fb86b0b57c906ead	21-Apr-2016	Sudheer Shanka <sudheersai@google.com>	Allow any app to silently uninstall the orphan packages. Bug: 28302564 Change-Id: If6f2111e35ec94c7eb5b80a08bbf63fd58698c27 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
0e868a193e926d799c0a53b071d05cda4b0e59ed	08-Apr-2016	Svetoslav Ganov <svetoslavganov@google.com>	Merge "Fix a NPE in PackageInstallerService" into nyc-dev
3baa87653ead8982fcb114274a3778161763a894	08-Apr-2016	Svet Ganov <svetoslavganov@google.com>	Fix a NPE in PackageInstallerService bug:28051747 Change-Id: Ic38786e1ab4b4f6d0f9b1782d3bb46af04c61aa7 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
29283375831d6ccf04b60d02af03e4268d79c454	05-Apr-2016	Sudheer Shanka <sudheersai@google.com>	Prevent apps from uninstalling packages that are not installed by them. Bug: 27404193 Change-Id: Ib8868d6522fc3e41526c6909fc6ea531f344e676 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
8212ae0aee1700b9c287ebadf15af8dacdc8eae6	10-Feb-2016	Jeff Sharkey <jsharkey@android.com>	Consistent naming for internal storage APIs. Also completely remove a few confusingly named deprecated APIs. Change-Id: Ia7e4ea3190a97f0a7dfa9bebf2118da0866ec38f /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
fdeeeea6cfdebdb98dd70a7dd48965743af01750	12-Jan-2016	Jeff Sharkey <jsharkey@android.com>	Follow installd changes, throw exceptions. Start by passing down flags to work on both CE and DE storage areas; a future change will refine this further. Force consistent argument checking and null handling for all installd callers. Throw explicit exceptions instead of returning int values that can accidentally be ignored. Bug: 26466827 Change-Id: Iddb591f6b3c7786d210d3f132ff7f9886a97b749 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
cd65448ccd13c4c2d0fe9e9623fec3a898ab9372	09-Jan-2016	Jeff Sharkey <jsharkey@android.com>	Even more PackageManager caller triage. Finish moving all UID/GID callers to single AIDL method that requires callers to provide flags. Triage AppWidgets and PrintServices, which currently can only live on internal storage; we should revisit that later. Fix two bugs where we'd drop pending install sessions and persisted Uri grants for apps installed on external storage. Bug: 26471205 Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
2699f065558ba78066887210b0c7346105959860	20-Nov-2015	Todd Kennedy <toddke@google.com>	Add ephemeral installs * Add a new --ephemeral argument to 'adb install' * Add plumbing to internally track ephemeralness * Create new app directory for ephemeral installs Bug: 25119046 Change-Id: I1d379f5ccd42e9444c9051eef2d025a37bd824fe /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
c8a5a555f1482d0f45b538eb898d6ee7e26552a6	19-Nov-2015	Makoto Onuki <omakoto@google.com>	DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user - Previously on MNC, they would return the same result regardless who the calling user is. - Now they properly take DO user-id into account. Meaning, they'll always return false and null respectively, if the calling user doesn't run device owner. - Note isDeviceOwnerApp() is a public API and getDeviceOwner() is a system API. Meaning we're changing the behavior or non-private APIs. - Also cleaned up hidden APIs, and gave them explicit suffixes to avoid confusion. Bundled code should prefer them for clarity. Now we have: * APIs that work cross-users: They all require MANAGE_USERS. boolean isDeviceOwnerAppOnAnyUser(String packageName) ComponentName getDeviceOwnerComponentOnAnyUser() int getDeviceOwnerUserId() boolean isDeviceOwnedByDeviceOwner() String getDeviceOwnerNameOnAnyUser() * APIs that work within user. No permissions are required. boolean isDeviceOwnerAppOnCallingUser(String packageName) ComponentName getDeviceOwnerComponentOnCallingUser() Bug 24676413 Change-Id: I751a907c7aaf7b019335d67065d183236effaa80 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
a1d12cfdb072acb14fa95d5e771e23396e6bd8e1	30-Sep-2015	Todd Kennedy <toddke@google.com>	Update PackageInstaller install handing * Allow forcing permission check. We want to modify the PackageInstaller to use the PackageInstallerSession for better security / remove deprecated APIs. In order to do this and continue to prompt for permissions, we need to prevent the PakcageInstaller from auto-approving the permissions. * Add originating UID to SessionParams. This is used for package verifier checks. Bug: 22282121 Change-Id: I19079749d20ace66f1332f399d52cb0fb8784cd9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
54d42be6eb149b3e43115e810e4a1b92e9865d05	21-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Avoid NPE when no staged installs. listFiles() returns null instead of empty list; deal with it. Bug: 22608671 Change-Id: I60dabec31932af3cded915c6927a4c5e5c71775d /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
7121e18595d4c559044e26bfe6035406a862f466	14-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Add APIs for verifier to grant at install and revoke permissions bug:22231699 Change-Id: Ie0c758bf73699f50bf99ff5aa0bf98dcc9004e37 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
6dce4964b4d1a13d276d95730b8fb09d6a5a8d04	04-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Reconcile private volumes when mounted. Many things can happen while a private volume is ejected, so we need to reconcile newly mounted volumes against known state. First, user IDs can be recycled, so we store the serial number in the extended attributes of the /data/user/[id] directory inode. Since a serial number is always unique, we can quickly determine if a user directory "10" really belongs to the current user "10". When we detect a mismatched serial number, we destroy all data belonging to that user. Gracefully handles upgrade case and assumes current serial number is valid when none is defined. Second, we destroy apps that we find no record of, either due to uninstallation while the volume was unmounted, or reinstallation on another volume. When mounting a volume, ensure that data directories exist for all current users. Similarly, create data directories on all mounted volumes when creating a user. When forgetting a volume, gracefully uninstall any apps that had been installed on that volume. Bug: 20674082, 20275572 Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
ab2340996a515ea0c437ad5bb1ea1fa88ab9edff	10-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Flags to select storage volume for app installs. Remote callers can now provide the "--install-location" value from the APK to help select a location, or they can explicitly force a volume by UUID. Bug: 21676789 Change-Id: Iefc92d770a851fc33e37edbf259fdb8df2b14ae5 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4	08-May-2015	Wojciech Staszkiewicz <staszkiewicz@google.com>	Pass charset to XmlPullParser.setInput instead of null Passing null to XmlPullParser.setInput forces it to do additional work, which can be easily avoided if we know the charset beforehand. bug: b/20849543 Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
2e3e943ccd419dd10d3e4df5ae7640e8b020cc76	17-Apr-2015	Benjamin Franz <bfranz@google.com>	Add package name extra to PackageInstaller callback If an app invokes app install via PackageInstaller APIs without knowing the package name, the callback contains no information about the name of the installed package. Add EXTRA_PACKAGE_NAME to this callback. Also allow PackageInstaller to distinguish between a newly installed and an updated package. Bug: 19764848 Bug: 20150135 Change-Id: I062440a08df9a723e9445ea10bc6f6800c5b99a8 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
620b32b316fd4f1bab4eef55ec8802d14a55e7dd	24-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Package and storage movement callbacks. Since package and primary storage movement can take quite awhile, we want to have SystemUI surface progress and allow the Settings app to be torn down while the movement proceeds in the background. Movement requests now return a unique ID that identifies an ongoing operation, and interested parties can observe ongoing progress and final status. Internally, progress and status are overloaded so the values 0-100 are progress, and any values outside that range are terminal status. Add explicit constants for special-cased volume UUIDs, and change the APIs to accept VolumeInfo to reduce confusion. Internally the UUID value "null" means internal storage, and "primary_physical" means the current primary physical volume. These values are used for both package and primary storage movement destinations. Persist the current primary storage location in MountService metadata, since it can be moved over time. Surface disk scanned events with separate volume count so we can determine when it's partitioned successfully. Also send broadcast to support TvSettings launching into adoption flow. Bug: 19993667 Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
805b63e253c139625f5a86d72ef7b31d6ec9f8e9	10-Apr-2015	Svetoslav <svetoslavganov@google.com>	Allow only system signed apps to grant permissions at install bug:20099946 Change-Id: Ifcc5c6638b4174ffb3ba452ae68a5a53b2d1ff0a /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
39fb7fd730dc2113ced7e663d7a35e48a4c6b1ae	18-Feb-2015	Benjamin Franz <bfranz@google.com>	Allow silent package install for device owner. Allow the device owner to silently install and remove packages using the PackageInstaller APIs. Show notifications to the user after the installation / deletion was successful. Bug: 19422461 Change-Id: I0506e18c510efd9d04c4aea9b60a37456e689615 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
b2b9ab8354da1485178cd8d8e9d89ac915b3f269	06-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Installing packages to expanded storage. PackageManager now offers to load/unload packages when expanded volumes are mounted/unmounted. Expanded storage volumes are still treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view, but this change starts treating the INSTALL_EXTERNAL flag as exclusively meaning ASEC containers. Start tracking the UUID of the volume where a package is installed, giving us a quick way to find relevant packages. When resolving an install location, look across all expanded volumes and pick the one with the largest free space. When upgrading an existing package, continue preferring the existing volume. PackageInstaller now knows how to stage on these volumes. Add new movePackage() variant that accepts a target volume UUID as destination, it will eventually move data too. Expose this move command through "pm" command for testing. Automount expanded volumes when they appear. Bug: 19993667 Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
b94c1657eb0140f7b91f5372a9f76de5a3d87e36	03-Mar-2015	Fyodor Kupolov <fkupolov@google.com>	Support for storing OAT files in app directory In installPackageLI, dexopt is now performed on a staging directory of the app (dexopt phase 1). For each codepath: - /oat/<isa> directory is created - dexopt output goes to the newly created directory. Optimized files have .odex extension. Bug: 19550105 Change-Id: Iec59790d97837b78af82b079fd1970de3388c91d /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
97d47ed036ff7bd3d7d2ddc1c6df1104ec237559	15-Oct-2014	Jeff Sharkey <jsharkey@android.com>	Reduce PackageInstaller Binder memory pressure. When restoring hundreds of apps on low-DPI devices, we end up sending icon Bitmaps inline in the response instead of splitting into ashmem regions. To avoid triggering TransactionTooLargeException, switch to using ParceledListSlice under the hood. Bug: 17926122 Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
02bd78490d8594d225ecc70a74b2058cb968a657	07-Oct-2014	Jeff Sharkey <jsharkey@android.com>	Reduce PackageInstaller I/O pressure. When performing a restore during initial device setup, we could be installing hundreds of packages. Currently, we're writing all metadata (including heavy icons) for every session mutation! Because we're holding the mSessions lock while writing all this heavy data, we end up causing ANRs when apps call other PackageInstaller APIs. This patch mitigates by moving the heavy icon data into separate per-session PNG files, which we only persist when changed. Bug: 17881962, 17567794 Change-Id: I4dee15d4a65a8eb65c381e6bb7477728b6cc30d2 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
8d05172112436a81bed6e4a0810f8914509d8a4d	01-Oct-2014	Dianne Hackborn <hackbod@google.com>	More work on issue #17656716: Unhandled exception in Window Manager Fix Slog.wtf to not acquire the activity manager lock in its code path, so that it can never deadlock. This was the original intention of it, but part was missed. Now we can put back in the code to detect when strict mode data is getting large (a little more targeted now to the actual problem), and use Slog.wtf to report it. And as a bonus, when this happens we will now clear all of the collected violations, to avoid getting in to the bad case where IPCs start failing. So this should be good enough for L to fix the problem, with wtf reports for us to see if the underlying issue is still happening. Finally, switch a butch of stuff in the system process from Log.wtf to Slog.wtf, since many of those are deadlocks waiting to happen. Oh and fix a crash in the settings provider I noticed in APR. Change-Id: I307d51b7a4db238fd1e5fe2f3f9bf1b9c6f1c041 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
cbf47916b3e7a971c3a61035eb2633f96fc043cb	12-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Fix lock inversion in PackageInstaller. In a small handful of cases individual sessions call up into the installer while holding their local locks. Defend against this by treating most InternalCallback events as async. For sealed events, perform the upcall outside of the session lock. Bug: 17482676 Change-Id: I265d981c98c8928a0fced09d8b029ca16eb650d9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
e980804df16c968c14a56b8853886bf5f049f46e	12-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Bring install and install-multiple into parity. This ensures that both are using (almost) identical logic when deciding what installs to proceed with. Installs from "pm" for all users now run as OWNER, and rely solely on INSTALL_ALL_USERS to express intent. This keeps install session notifications simple. Since installer UID can vary from installer package name, start persisting the UID. Also parse some missing flags for install sessions. Bug: 17469392 Change-Id: I6d89b1a787aa2024cc4bebf6b9c29317c358e147 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
8cd28b57ed732656d002d97879e15c5695b54fff	09-Jun-2014	Amith Yamasani <yamasani@google.com>	Apply cross-user restrictions to Shell Even though Shell user is allowed to perform cross-user actions, lock that path down if the target user has restrictions imposed by the profile owner device admin that prevents access via adb. If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't allow the shell user to make the following types of calls: start activities, make service calls, access content providers, send broadcasts, block/unblock packages, clear user data, etc. Bug: 15086577 Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
77d218e1869e69c8d436b09cd11dcfe45e50b2cf	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Delayed ASEC allocation, refine progress handling. For restore use-case, session creation needs to complete quickly, so delay ASEC allocation until session is opened. When preflighting size checks, only consider external when we have a known size for the container. Also relax size checks when using MODE_INHERIT_EXISTING on external, since we don't know how much of existing app will be copied over. Consider session as "active" while commit is ongoing, until we're either finished or pending user interaction. Always publish first client needle movement away from 0. Use 25% of internal progress to reflect ASEC allocation. Avoid CloseGuard messages about leaking PFDs. Bug: 17405741, 17402982 Change-Id: I6247a1d335d26621549c701c4c4575a8d16ef8c2 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
bc7bce38b2e4733a14f6296c75f983bd50f996d1	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Separate active state from open/close. Also change name to setStagingProgress() to make it clearer that system may adjust the range. Start throwing from openSession() in preparation for ASEC allocation moving. Bug: 17405741 Change-Id: Id7da51a32d5d89cb512ddafbd7ceaafbcd41cac6 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
ec9bad2015c6d3bc91bab66f0824043c1e24d013	05-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Allow badging updates to install sessions. For the system restore use-case, an installer may need to enqueue their sessions quickly before badging details, like icons, have been downloaded. This change relaxes to allow an installer to update their session badging after the session has been created. Notify observers when badging changes. Rename callback registration methods to match style guide. Relax constraint that observers are home app. Fix bug around internal progress reporting. Bug: 17376797, 17389236, 17334199 Change-Id: I5fb88508baea2f08e89a1504fcf5ef972afad4a7 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
381d94b712605112b35d7f70064b0d18bd877877	24-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Treat moving app as installing in new location. Moving apps to/from SD cards has historically been neglected, meaning it can easily break. This happened most recently for split APKs, 64-bit native code, and multiArch support. To make this easier to maintain, treat move as a no-op upgrade, following the inheriting code path that split APKs depends on. Also clean up scary places where different flavors of flags were being combined, and remove unused flags. Fix media broadcasts to be sent based on existing app storage location. New API to abandon install session without opening it. Bug: 17158495 Change-Id: Ia33bf8f6fdaae099124dfe534f0e320b37bc8e16 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178	21-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Installing splits into ASECs! Sessions can now zero-copy data directly into pre-allocated ASEC containers. Then at commit time, we compute the total size of the final app, including any inherited APKs and unpacked libraries, and resize the container in one step. This supports both brand new ASEC installs and inheriting from existing ASEC installs. To keep things simple, it currently requires copying any inherited ASEC contents, but this could be optimized in the future. Expose new vold resize command, and allow read-write mounting of ASEC containers. Move native library extraction into the installer flow, since it needs to happen before ASEC is sealed. Move multiArch flag into NativeLibraryHelper, instead of making everyone pass it around. Migrate size calculation to shared location. Separate "other" package name in public API, provide a path to a storage device when relevant, and add more docs. Bug: 16514385 Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
e812d9096915ad165de125520ed7371009587d1f	21-Aug-2014	Robin Lee <rgl@google.com>	Clear identity before calling out to PackageHelper PackageHelper.resolveInstallLocation expects the binding user to be equivalent to the calling user. If this is not the case, it may fail and throw an exception preventing anyone but user 0 from installing anything. Bug: 17175251 Change-Id: Id5615738c7b4e1234a548c7b4a410282d14c9ee3 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
bb7b7bea19223c1eba74f525c7fe87ca3911813b	20-Aug-2014	Jeff Sharkey <jsharkey@android.com>	More progress towards split APKs in ASECs. Teach DefaultContainerService to install split APKs, which will be needed when moving to/from ASECs. Also support forward locking for testing purposes, even though its deprecated. Move native library unpacking code to NativeLibraryHelper location where it can be shared by both DCS and PMS. Also update footprint calculation logic to mirror the later unpack codepaths. Immediately persist sealed sessions. When resolving install locations, prefer location of any existing install of that package. Lightweight parse requesting certificates now always verifies that all contents are signed correctly. Bug: 16514385 Change-Id: Ida1c4eb0f95b065104dd971e19126d4085ebf1f0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
742e790294b3441b79f715fe447069b63c6065db	17-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Progress towards staging ASECs. Move location selection logic into shared PackageHelper location, and share it between DCS and PackageInstaller. Fix bugs related to installed footprint calculation; always count unpacked native libs. Have PMS do its own threshold checking, since it's fine to stat devices. PMS only ever deleted staging ASECs, so move that logic into installer and nuke unclaimed staging ASECs. Allocate legacy ASEC names using PackageInstaller to make sure they don't conflict with sessions. Start wiring up session to allocate ASEC and pass through staged container for installation. Fix bug to actually delete invalid cluster-style installs. Bug: 16514385 Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
a0907436c01fd8c545a6b5c7b28bc3bc9db59270	15-Aug-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller API refactoring. Switch to using IntentSender for results to give installers easier lifecycle management. Move param and info objects to inner classes. Bug: 17008440 Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
f06009542390472872da986486d385001e91a2a7	08-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm uninstalls. Prompt user for confirmation when caller doesn't have DELETE_PACKAGES permission. Also extend uninstall events to return failure codes. Bug: 16515814 Change-Id: I15b52190ff02dbeaaf038b92364264f64c57ba89 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
7328a1b39b3dae1c0cd390c0a3695c6a46b8e9d8	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm permissions on install sessions. When an app without INSTALL permission attempts to commit a session, we involve user to confirm permissions. We currently point at the base APK, which defines all permissions for an app, handling the case where a session may only be adding splits. Add failure codes to represent rejection. Fix bug by ignoring stages during initial boot scan. Bug: 16515814 Change-Id: I702bb72445216817bcc62b79c83980c1c2bb0120 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
fbd0e9fa37fc17ccd25e4c1f16195bbd27de3c4c	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Surface user action events when un/installing. This will be used shortly to connect up with permissions confirmation UI. Bug: 16515814 Change-Id: If28cecc28549900d960ac107a1fba0b10ce5bd7b /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
f174c6e6de6ba863179401aa7b3d55d91ceed707	05-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Stronger constraints around install session IDs. Generate positive, non-zero session IDs, and don't recycle them within a given boot. Guard against ID starvation by crazy apps. Bug: 16792837 Change-Id: I6035afe4d942d358b5ca12b4f818c55885b74aba /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
1cb2d0d4bba387665128c62c342e59103ea4be26	31-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Persist install sessions, more lifecycle. To resume install sessions across device boots, persist session details and read at boot. Drop sessions older than 3 days, since they're probably buggy installers. Add session callback lifecycle around open/close to give home apps details about active installs. Also give them a well-known intent to show session details. Extend Session to list staged APKs and open them read-only, giving installers a mechanism to verify delivered bits, for example using MessageDigest, before committing. Switch to generating random session IDs instead of sequential. Defensively resize app icons if too large. Reject runaway installers when they have too many active sessions. Bug: 16514389 Change-Id: I66c2266cb82fc72b1eb980a615566773f4290498 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
16c8e3f49497b6046972ae650772f65768366be8	25-Jul-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller changes based on feedback. Mostly cosmetic changes from API council feedback. Bug: 16543552 Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
9a445771f57dd15b06db0dbefd66c368d84eec2d	16-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Install sessions only inherit APK files. Also track historical install sessions for debugging purposes. Hide signature verification API for now. Clear code cache only after killing the app being upgraded. Bug: 14975160 Change-Id: I52fc7f11d2506f792236d8a365c8cfed21b46c30 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
6c833e07a05c48ca60ee4d72421bf8b1e78dc710	15-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Public API for PackageInstaller! Flesh out documentation and finalize first cut of API. Also surface installLocation and splitNames through PackageInfo. Bug: 14975160, 15348430 Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
a10311434778ea1be1621c2251c0c8c2966f337b	13-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Package installation listener events. Flesh out implementation of install session observers. Carve out 20% of published install progress for final system operations such as dexopt, etc. Add dumpsys output for active install sessions. Create explicit fsync() instead of overriding meaning of flush(). Hack to throw IOExceptions over Binder calls. Bug: 14975160, 15348430 Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
e0b0bef75b66f0a87039c8f58c17b1596a2baebe	13-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Surface detailed error messages from PMS. We now both log detailed error messages and relay them back to any observer. Start refactoring PMS to throw when errors are encountered internally to make it easier to reason about flow control; already uncovered a few instances of errors being silently ignored! Change-Id: Ia335c5e31bd10243d52fd735c513ca828e83dca0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
bb580670350b76fa2fcc5ee873f99b7970759cbf	10-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Progress toward installer public API: callbacks. Instead of surfacing all the existing cryptic error codes, we're going to classify them into broad categories when surfacing through public API. This change introduces InstallResultCallback and UninstallResultCallback, and wires them up to existing AIDL interfaces. Also start defining general SessionObserver for apps interested in general progress details, such as Launcher apps. Details about active sessions are returned through new InstallSessionInfo objects. Bug: 14975160 Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
ec55ef0934b8e0d1bb705434947de817f7be57f1	08-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Extend pm to support sessions and split APKs. Separate commands to create an install session, stream files into the staging area, and then commit the install. Streaming can accept data from stdin across adb, avoiding extra copy from push. Extend FileBridge to support blocking close(). Always destroy session regardless of result. Bug: 14975160 Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
3a44f3f1b446315ef894e01d2ab9b5388c2bd8c4	29-Apr-2014	Jeff Sharkey <jsharkey@android.com>	Initial support for split APKs, PackageInstaller. Defines a new PackageInstaller class that will be used for installing and upgrading packages. An application desiring to install an application creates a session, stages one or more package files in that session, and then kicks off the install. Previously, PackageManager would always make its own copy of a package before inspecting it, to ensure the data could be trusted. This new session concept allows the installer to write package data directly to its final resting place on disk, reducing disk I/O and footprint requirements. Writes are directed through an intermediate pipe to ensure we can prevent mutations once an install has been initiated. Also uses fallocate() internally to support optimal ext4 block allocation using extents to reduce fragmentation. Sessions are also the way we support installing multiple "split" APKs in a single atomic operation. For a set of packages to form a valid application, they must have exactly the same package name, version code, and certificates. A session can also be used to add a small handful of splits to an application by inheriting existing packages when not performing a full install. Add PackageParser support for extracting split names and certificates. Bug: 14975160 Change-Id: I23d1bf4fbeb9f99a8c83be0c458900a0f0d1bccc /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java