Cross Reference: /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java

History log of /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
d9d438ac4e851275abb4ddc6671f74701e07b4fc	06-Apr-2016	Todd Kennedy <toddke@google.com>	Only parse an APK once During package installation, we were parsing the APK twice; once in the context of the PackageInstaller and once in the context of the PackageManager. Instead, the installer should just pass the certificates to be used further in the process. If the PackageManager doesn't receive certificates [or, if there's an error using them], it will fallback to re-parsing the APK. Bug: 27502465 Change-Id: I94ce551af54eaa9916228e933134debe50867d21 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
eb9b05392ad047863244f9e07a3b10e9c0561e39	08-Mar-2016	Todd Kennedy <toddke@google.com>	remove splits Individual splits can now be removed for an application. The application will be terminated if it's running when a split is removed. To remove a split, either use either "uninstall": $ adb shell cmd package uninstall <PACKAGE> <SPLIT> or "install-remove": $ adb shell cmd package install-create -r -p <PACKAGE> $ adb shell cmd package install-remove <SESSION> <SPLIT> $ adb shell cmd package install-commit <SESSION> For "install-remove" you must use '-r' and '-p' when creating the session. Bug: 27547051 Change-Id: I4d71a19ad45e39f6622d9ab6791ea8c4230a79e0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
fdeeeea6cfdebdb98dd70a7dd48965743af01750	12-Jan-2016	Jeff Sharkey <jsharkey@android.com>	Follow installd changes, throw exceptions. Start by passing down flags to work on both CE and DE storage areas; a future change will refine this further. Force consistent argument checking and null handling for all installd callers. Throw explicit exceptions instead of returning int values that can accidentally be ignored. Bug: 26466827 Change-Id: Iddb591f6b3c7786d210d3f132ff7f9886a97b749 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
cd65448ccd13c4c2d0fe9e9623fec3a898ab9372	09-Jan-2016	Jeff Sharkey <jsharkey@android.com>	Even more PackageManager caller triage. Finish moving all UID/GID callers to single AIDL method that requires callers to provide flags. Triage AppWidgets and PrintServices, which currently can only live on internal storage; we should revisit that later. Fix two bugs where we'd drop pending install sessions and persisted Uri grants for apps installed on external storage. Bug: 26471205 Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
373f0b4313d3a2444aebf6b89a71c4ba64566110	16-Dec-2015	Todd Kennedy <toddke@google.com>	revert quick install bug: 25118622 Change-Id: I61c3a1ea9015599dc45bd9e656f99f6bf8c4ec02 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
c8a5a555f1482d0f45b538eb898d6ee7e26552a6	19-Nov-2015	Makoto Onuki <omakoto@google.com>	DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user - Previously on MNC, they would return the same result regardless who the calling user is. - Now they properly take DO user-id into account. Meaning, they'll always return false and null respectively, if the calling user doesn't run device owner. - Note isDeviceOwnerApp() is a public API and getDeviceOwner() is a system API. Meaning we're changing the behavior or non-private APIs. - Also cleaned up hidden APIs, and gave them explicit suffixes to avoid confusion. Bundled code should prefer them for clarity. Now we have: * APIs that work cross-users: They all require MANAGE_USERS. boolean isDeviceOwnerAppOnAnyUser(String packageName) ComponentName getDeviceOwnerComponentOnAnyUser() int getDeviceOwnerUserId() boolean isDeviceOwnedByDeviceOwner() String getDeviceOwnerNameOnAnyUser() * APIs that work within user. No permissions are required. boolean isDeviceOwnerAppOnCallingUser(String packageName) ComponentName getDeviceOwnerComponentOnCallingUser() Bug 24676413 Change-Id: I751a907c7aaf7b019335d67065d183236effaa80 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
27c24fb8b85c36298de053699b1967a808c6d308	18-Sep-2015	Todd Kennedy <toddke@google.com>	Enable "quick install" Quick install skips a lot of the normal install steps in order to dramatically reduce the installation time [eg Twitter normally takes 20s to install. But, installs in under 2.5s with quick install] The specific optimizations [with caveats]: 1. Use the JIT. Although the oat file is technically created, it only contains the exploded contents of the APK and does not contain pre-compiled native binary code. While this improves install time, it impacts app execution. [saves 17s] 2. Bypass Play verification. Play normally verifies all installs to ensure we're not installing malware. But, it can take multiple seconds for Play to collect and send package information to our backend servers. [saves 2.7s] 3. Reduce JAR file verification. Due to the structure of the JAR certs, we cannot completely bypass JAR processing. However we skip the step of verifying every manifest entry. [saves 1.3s] NOTE: #2 and #3 will only occur on eng/user-debug builds. Bug: 22848361 Change-Id: I48e77595ad5c13a9534fdb06da67ba8dae2797fb /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
369d3dcda03090c314ad2a350335b060eeb1bbd6	02-Oct-2015	Xiaohui Chen <xiaohuic@google.com>	Merge "Cleanup USER_OWNER in pm"
47f0795d171a25d30ee5b48a6ff1828fb5c92c19	02-Oct-2015	Xiaohui Chen <xiaohuic@google.com>	Cleanup USER_OWNER in pm Bug: 19913735 Change-Id: I27947f539ca8346e3abd96fc1f800a65945be128 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
a1d12cfdb072acb14fa95d5e771e23396e6bd8e1	30-Sep-2015	Todd Kennedy <toddke@google.com>	Update PackageInstaller install handing * Allow forcing permission check. We want to modify the PackageInstaller to use the PackageInstallerSession for better security / remove deprecated APIs. In order to do this and continue to prompt for permissions, we need to prevent the PakcageInstaller from auto-approving the permissions. * Add originating UID to SessionParams. This is used for package verifier checks. Bug: 22282121 Change-Id: I19079749d20ace66f1332f399d52cb0fb8784cd9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
f1b7f20bb839c96e8254ccb65398135f10fd45d9	29-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Remove dependencies on the package installer's package name bug:22700053 Change-Id: I8540eb8577fbec84e1a67e31e1c31ba654c828a4 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
e845a1ef646aff12978da59dcc3b74836be0875b	05-Jun-2015	Narayan Kamath <narayan@google.com>	Move linking and directory creation logic to installd. bug: 20889739 Change-Id: I1763376a2fbb25f3a3d55f60c1940cdbddcded07 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
cd1fc1465bb16eca10cc29fe887c63b0cff178e9	11-May-2015	Narayan Kamath <narayan@google.com>	Don't compile all splits when installing one. This patch consists of two broad changes : - don't "force" dex2oat when installing a new app. this should never be necessary because we will always compare checksums. - when staging a new install, we "inherit" (hard link) all compiled oat files from the previous install. this will ensure that we compile only those files that have changed, and not all of them bug: 20889739 Change-Id: I3e14335f3bcfe76d1d24d233f53a728a6d90e8a1 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
497c05218ae3b30fdd01699e06fba4d04e90659d	12-May-2015	Jeff Sharkey <jsharkey@android.com>	Ignore abandon after install relinquished. We recently changed the install flow to fully dexopt before renaming the staging directory. This exposed the ability for the session owner to abandon and destroy the stage contents while dexopt was still happening. Due to SELinux rules, the abandon would fail to clean up the stage directory, and PackageManager would "successfully" rename and install that stage, which now only contained the oat/ directory. To avoid this case, we now ignore abandon requests once we've passed the "point of no return" and relinquished our stage over to PackageManagerService. Bug: 20175072 Change-Id: I4ad5b1eba0e38f1315b8330bd95be6e3bc6c635a /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
529f91fc8e7e884ef19bef8eb3e4e3a1d69336f4	19-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Always send volume UUID with installd commands. Since packages can be moved to other volumes, all relevant commands to installd now require an explicit volume UUID parameter. Bug: 20275577 Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
39fb7fd730dc2113ced7e663d7a35e48a4c6b1ae	18-Feb-2015	Benjamin Franz <bfranz@google.com>	Allow silent package install for device owner. Allow the device owner to silently install and remove packages using the PackageInstaller APIs. Show notifications to the user after the installation / deletion was successful. Bug: 19422461 Change-Id: I0506e18c510efd9d04c4aea9b60a37456e689615 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
b2b9ab8354da1485178cd8d8e9d89ac915b3f269	06-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Installing packages to expanded storage. PackageManager now offers to load/unload packages when expanded volumes are mounted/unmounted. Expanded storage volumes are still treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view, but this change starts treating the INSTALL_EXTERNAL flag as exclusively meaning ASEC containers. Start tracking the UUID of the volume where a package is installed, giving us a quick way to find relevant packages. When resolving an install location, look across all expanded volumes and pick the one with the largest free space. When upgrading an existing package, continue preferring the existing volume. PackageInstaller now knows how to stage on these volumes. Add new movePackage() variant that accepts a target volume UUID as destination, it will eventually move data too. Expose this move command through "pm" command for testing. Automount expanded volumes when they appear. Bug: 19993667 Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
88d2a3c0e1b4a8c53a489db5d627beb80b1b9957	23-Nov-2014	Jeff Sharkey <jsharkey@android.com>	Introduce revision codes for split APKs. Apps delivered as multiple split APKs must have identical package names, version code, and signatures. However, developers may want to iterate quickly on a subset of splits without having to increment the version code, which would require delivery of the entire app. This change introduces "revision codes" which can vary between split APKs belonging to the same app. An install is valid as long as the normal version code is identical across all splits. Splits can be added/removed to an app over time, but if a split is present across an upgrade the revision code must not decrease. Since system apps could have been updated with splits, only revert to the built-in APKs if the version code is strictly greater than the data version. Also fix bug to enable inheriting from system apps when adding splits. Bug: 18481866 Change-Id: I34d8e14c141a8eb95c33ffe24b4e52d6af5c8260 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
cbf47916b3e7a971c3a61035eb2633f96fc043cb	12-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Fix lock inversion in PackageInstaller. In a small handful of cases individual sessions call up into the installer while holding their local locks. Defend against this by treating most InternalCallback events as async. For sealed events, perform the upcall outside of the session lock. Bug: 17482676 Change-Id: I265d981c98c8928a0fced09d8b029ca16eb650d9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
e980804df16c968c14a56b8853886bf5f049f46e	12-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Bring install and install-multiple into parity. This ensures that both are using (almost) identical logic when deciding what installs to proceed with. Installs from "pm" for all users now run as OWNER, and rely solely on INSTALL_ALL_USERS to express intent. This keeps install session notifications simple. Since installer UID can vary from installer package name, start persisting the UID. Also parse some missing flags for install sessions. Bug: 17469392 Change-Id: I6d89b1a787aa2024cc4bebf6b9c29317c358e147 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bc09755e193c2802d2d88871ac3d1f182b260c30	09-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Missing manifest error should be NO_CERTIFICATES. When META-INF/MANIFEST.MF is missing, treat as NO_CERTIFICATES instead of CERTIFICATE_ENCODING. Also remove redundant layer of debugging details when wrapping exceptions. Bug: 15667982 Change-Id: I6e8216d5bf6e42da1feb70c89f991001380305be /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
77d218e1869e69c8d436b09cd11dcfe45e50b2cf	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Delayed ASEC allocation, refine progress handling. For restore use-case, session creation needs to complete quickly, so delay ASEC allocation until session is opened. When preflighting size checks, only consider external when we have a known size for the container. Also relax size checks when using MODE_INHERIT_EXISTING on external, since we don't know how much of existing app will be copied over. Consider session as "active" while commit is ongoing, until we're either finished or pending user interaction. Always publish first client needle movement away from 0. Use 25% of internal progress to reflect ASEC allocation. Avoid CloseGuard messages about leaking PFDs. Bug: 17405741, 17402982 Change-Id: I6247a1d335d26621549c701c4c4575a8d16ef8c2 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bc7bce38b2e4733a14f6296c75f983bd50f996d1	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Separate active state from open/close. Also change name to setStagingProgress() to make it clearer that system may adjust the range. Start throwing from openSession() in preparation for ASEC allocation moving. Bug: 17405741 Change-Id: Id7da51a32d5d89cb512ddafbd7ceaafbcd41cac6 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
ec9bad2015c6d3bc91bab66f0824043c1e24d013	05-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Allow badging updates to install sessions. For the system restore use-case, an installer may need to enqueue their sessions quickly before badging details, like icons, have been downloaded. This change relaxes to allow an installer to update their session badging after the session has been created. Notify observers when badging changes. Rename callback registration methods to match style guide. Relax constraint that observers are home app. Fix bug around internal progress reporting. Bug: 17376797, 17389236, 17334199 Change-Id: I5fb88508baea2f08e89a1504fcf5ef972afad4a7 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178	21-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Installing splits into ASECs! Sessions can now zero-copy data directly into pre-allocated ASEC containers. Then at commit time, we compute the total size of the final app, including any inherited APKs and unpacked libraries, and resize the container in one step. This supports both brand new ASEC installs and inheriting from existing ASEC installs. To keep things simple, it currently requires copying any inherited ASEC contents, but this could be optimized in the future. Expose new vold resize command, and allow read-write mounting of ASEC containers. Move native library extraction into the installer flow, since it needs to happen before ASEC is sealed. Move multiArch flag into NativeLibraryHelper, instead of making everyone pass it around. Migrate size calculation to shared location. Separate "other" package name in public API, provide a path to a storage device when relevant, and add more docs. Bug: 16514385 Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bb7b7bea19223c1eba74f525c7fe87ca3911813b	20-Aug-2014	Jeff Sharkey <jsharkey@android.com>	More progress towards split APKs in ASECs. Teach DefaultContainerService to install split APKs, which will be needed when moving to/from ASECs. Also support forward locking for testing purposes, even though its deprecated. Move native library unpacking code to NativeLibraryHelper location where it can be shared by both DCS and PMS. Also update footprint calculation logic to mirror the later unpack codepaths. Immediately persist sealed sessions. When resolving install locations, prefer location of any existing install of that package. Lightweight parse requesting certificates now always verifies that all contents are signed correctly. Bug: 16514385 Change-Id: Ida1c4eb0f95b065104dd971e19126d4085ebf1f0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
742e790294b3441b79f715fe447069b63c6065db	17-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Progress towards staging ASECs. Move location selection logic into shared PackageHelper location, and share it between DCS and PackageInstaller. Fix bugs related to installed footprint calculation; always count unpacked native libs. Have PMS do its own threshold checking, since it's fine to stat devices. PMS only ever deleted staging ASECs, so move that logic into installer and nuke unclaimed staging ASECs. Allocate legacy ASEC names using PackageInstaller to make sure they don't conflict with sessions. Start wiring up session to allocate ASEC and pass through staged container for installation. Fix bug to actually delete invalid cluster-style installs. Bug: 16514385 Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
a0907436c01fd8c545a6b5c7b28bc3bc9db59270	15-Aug-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller API refactoring. Switch to using IntentSender for results to give installers easier lifecycle management. Move param and info objects to inner classes. Bug: 17008440 Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
f06009542390472872da986486d385001e91a2a7	08-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm uninstalls. Prompt user for confirmation when caller doesn't have DELETE_PACKAGES permission. Also extend uninstall events to return failure codes. Bug: 16515814 Change-Id: I15b52190ff02dbeaaf038b92364264f64c57ba89 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
7328a1b39b3dae1c0cd390c0a3695c6a46b8e9d8	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm permissions on install sessions. When an app without INSTALL permission attempts to commit a session, we involve user to confirm permissions. We currently point at the base APK, which defines all permissions for an app, handling the case where a session may only be adding splits. Add failure codes to represent rejection. Fix bug by ignoring stages during initial boot scan. Bug: 16515814 Change-Id: I702bb72445216817bcc62b79c83980c1c2bb0120 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
fbd0e9fa37fc17ccd25e4c1f16195bbd27de3c4c	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Surface user action events when un/installing. This will be used shortly to connect up with permissions confirmation UI. Bug: 16515814 Change-Id: If28cecc28549900d960ac107a1fba0b10ce5bd7b /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
1cb2d0d4bba387665128c62c342e59103ea4be26	31-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Persist install sessions, more lifecycle. To resume install sessions across device boots, persist session details and read at boot. Drop sessions older than 3 days, since they're probably buggy installers. Add session callback lifecycle around open/close to give home apps details about active installs. Also give them a well-known intent to show session details. Extend Session to list staged APKs and open them read-only, giving installers a mechanism to verify delivered bits, for example using MessageDigest, before committing. Switch to generating random session IDs instead of sequential. Defensively resize app icons if too large. Reject runaway installers when they have too many active sessions. Bug: 16514389 Change-Id: I66c2266cb82fc72b1eb980a615566773f4290498 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
16c8e3f49497b6046972ae650772f65768366be8	25-Jul-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller changes based on feedback. Mostly cosmetic changes from API council feedback. Bug: 16543552 Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
9a445771f57dd15b06db0dbefd66c368d84eec2d	16-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Install sessions only inherit APK files. Also track historical install sessions for debugging purposes. Hide signature verification API for now. Clear code cache only after killing the app being upgraded. Bug: 14975160 Change-Id: I52fc7f11d2506f792236d8a365c8cfed21b46c30 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
69ea974f1712c83a9ad194187237edf1169f9064	15-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Merge "Public API for PackageInstaller!" into lmp-dev
6c833e07a05c48ca60ee4d72421bf8b1e78dc710	15-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Public API for PackageInstaller! Flesh out documentation and finalize first cut of API. Also surface installLocation and splitNames through PackageInfo. Bug: 14975160, 15348430 Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
ad11eb52fe62b6696df2194cb9e176f7d799e844	14-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Pass install result message; path selection. Oops, forgot to include message argument to invoke the new-style callback. Also use more robust way of generating cluster APK directory names, and add more logging details on rename failure. Change-Id: Ifa8abdd1db58b73e13b9a8077ec126cf20a0d90e /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
a10311434778ea1be1621c2251c0c8c2966f337b	13-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Package installation listener events. Flesh out implementation of install session observers. Carve out 20% of published install progress for final system operations such as dexopt, etc. Add dumpsys output for active install sessions. Create explicit fsync() instead of overriding meaning of flush(). Hack to throw IOExceptions over Binder calls. Bug: 14975160, 15348430 Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
e0b0bef75b66f0a87039c8f58c17b1596a2baebe	13-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Surface detailed error messages from PMS. We now both log detailed error messages and relay them back to any observer. Start refactoring PMS to throw when errors are encountered internally to make it easier to reason about flow control; already uncovered a few instances of errors being silently ignored! Change-Id: Ia335c5e31bd10243d52fd735c513ca828e83dca0 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
bb580670350b76fa2fcc5ee873f99b7970759cbf	10-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Progress toward installer public API: callbacks. Instead of surfacing all the existing cryptic error codes, we're going to classify them into broad categories when surfacing through public API. This change introduces InstallResultCallback and UninstallResultCallback, and wires them up to existing AIDL interfaces. Also start defining general SessionObserver for apps interested in general progress details, such as Launcher apps. Details about active sessions are returned through new InstallSessionInfo objects. Bug: 14975160 Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
ec55ef0934b8e0d1bb705434947de817f7be57f1	08-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Extend pm to support sessions and split APKs. Separate commands to create an install session, stream files into the staging area, and then commit the install. Streaming can accept data from stdin across adb, avoiding extra copy from push. Extend FileBridge to support blocking close(). Always destroy session regardless of result. Bug: 14975160 Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
d746057f2414cba2bdc69257cc5be8cb681bb592	07-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Change new file installs to be cluster-based! Now that all the other pieces are in place, we're ready to start installing new file-based packages as a cluster (the new unified directory-based layout). This greatly simplifies the renaming process. Also add helper methods to ApplicationInfo to give a much clearer mapping between it and internal field names, since we can't change the public API. Add recursive restorecon(). Bug: 14975160 Change-Id: I72a63c5ddbc594c2fec4a91dd59f73ef253fbfd7 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
73767b9d607d99b3a027619b5c6b7f1a09b7673d	05-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Extract native code from split APKs. In the new split APK world, multiple APKs work together to define a single package. This means that native code may be split among those APKs. To handle this, extend NativeLibraryHelper to examine all APKs in a package ordered by splitName. A package has valid native code as long as one matching ABI is found inside. The "best" ABI found across all APKs is picked for the entire package. No attempt is made to ensure that every native library defined is available for the picked ABI; that's the responsibility of the installer. Re-introduce PackageLite to represent a lightweight parsing of an entire package, which may be a single monolithic APK or a cluster of one or more APKs. Remove native code extraction from InstallerSession, since it'll be handled inside PMS for this release. Bug: 14975160 Change-Id: I4f4db0f82e88a46101c7777499ebc0a11fd911f9 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
57dcf5b177b56195421535938544f32d8b591b42	19-Jun-2014	Jeff Sharkey <jsharkey@android.com>	Slow progress towards APK clusters. Differentiate between "split APKs" and "cluster packages". A cluster package is a directory containing zero or more APKs (base+splits), and a monolithic package is a single APK (base). PackageSetting will use the directory name as its codePath, so track the baseCodePath separately. Clarify documentation in several places. Require that all installers provide file:// URIs through existing hidden APIs; PackageInstaller hasn't been able to read content:// URIs for a long time. Bug: 14975160 Change-Id: I1c6fed1b55205c2474b09871161a98a26669d22e /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
cef0b39b9211882f59b6bfe1148e2cd247056693	12-Jun-2014	Narayan Kamath <narayan@google.com>	Fix native crashes when APKs can't be opened. There was lax / incomplete error checking around the construction of Apk handles. This change changes the ApkHandle API and makes it throw IOException if the zipfile couldn't be opened. Additionally : - Fix a resource leak in DefaultContainerService - Report errors correctly during package moves. bug: 15563874 (cherry picked from commit ec4516470d7ce6e47769591d678c838bd3f6f388) Change-Id: Ia35b464355467d0d36faf34fae85acbbab3f2896 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
275e085d5a42ced54bb79e40ff76c77539e7d82d	18-Jun-2014	Jeff Sharkey <jsharkey@android.com>	Stronger PackageParser contract, more split work. Require that method callers always provide relevant paths, instead of relying on constructor. Move DisplayMetrics to be an overall parser parameter, and move PARSE_TRUSTED_OVERLAY to flags. Parse split APKs and apply deterministic ordering based on split names. Assert consistent package name and version code across all split APKs in a package, and enforce unique split names and required base APK. Collect certificates for split APKs, enforcing they're all signed consistently. Better flow control and resource cleanup when collecting certs. Refactor validation code so it's easier to reason about. Cleaner maintenance of read buffer when draining stream contents. Change-Id: I8bc8c62095fbb933227b9e76ad8771f4b1246fe8 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
c4858a2ba972e86436d629c4d3f18eb49116de14	16-Jun-2014	Jeff Sharkey <jsharkey@android.com>	Switch PackageParser to reference single path. It previously kept mPath separate from mScanPath for some very odd edge cases around moving apps-on-SD. This changes it to always use a single path, refactors moving to keep separate paths. Refactors method names in PackageParser to be clearer about their APK-versus-package relationship. Beginnings of a split package parser. Instead of requiring that callers check error codes when null, switch to always throwing on parse errors, to require that callers deal with the error. Longer term the entire parser should switch to this style, but its too pervasive for a simple refactoring. Change-Id: If071d8e55e46e56cc201fadfb51cb471713ae973 /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
78cc340c2de873d6995c283b777476f7237d690f	22-May-2014	Jeff Sharkey <jsharkey@android.com>	Offer to stream and fsync() install sessions. Installers are interested in both streaming APK data and establishing a happens-after relationship to support resuming downloads after a process kill or battery pull. This exposes a generic OutputStream for writing, and hooks up flush() to be a blocking call which returns only when all outstanding write() data has been fsync()'ed to disk. Tests to verify behavior. Bug: 14975160 Change-Id: I38289867c80ac659163bb0c2158ef12d99cc570d /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java
3a44f3f1b446315ef894e01d2ab9b5388c2bd8c4	29-Apr-2014	Jeff Sharkey <jsharkey@android.com>	Initial support for split APKs, PackageInstaller. Defines a new PackageInstaller class that will be used for installing and upgrading packages. An application desiring to install an application creates a session, stages one or more package files in that session, and then kicks off the install. Previously, PackageManager would always make its own copy of a package before inspecting it, to ensure the data could be trusted. This new session concept allows the installer to write package data directly to its final resting place on disk, reducing disk I/O and footprint requirements. Writes are directed through an intermediate pipe to ensure we can prevent mutations once an install has been initiated. Also uses fallocate() internally to support optimal ext4 block allocation using extents to reduce fragmentation. Sessions are also the way we support installing multiple "split" APKs in a single atomic operation. For a set of packages to form a valid application, they must have exactly the same package name, version code, and certificates. A session can also be used to add a small handful of splits to an application by inheriting existing packages when not performing a full install. Add PackageParser support for extracting split names and certificates. Bug: 14975160 Change-Id: I23d1bf4fbeb9f99a8c83be0c458900a0f0d1bccc /frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java