Cross Reference: /frameworks/base/services/backup/

History log of /frameworks/base/services/backup/
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
d990e4d3df96e4cb9176870ba8de86108207978d	12-Oct-2016	Christopher Tate <ctate@google.com>	Respect restoreAnyVersion=true in full-data restore path The scheduling mechanism was properly checking for it, but the raw data-handling engine wasn't. Now it is. Bug 32054889 Change-Id: Id57ea12be8e2674c4f678f058278b8c14865b6fa ava/com/android/server/backup/BackupManagerService.java
a46b7f44c085671cbf9bc8c0aa1239dd75b455bf	15-Jul-2016	Chris Tate <ctate@android.com>	Merge "Turn down restore-time logspam" into nyc-mr1-dev
4c307258ac9f16bbc372af649ce66979dd117f33	15-Jul-2016	Christopher Tate <ctate@google.com>	Turn down restore-time logspam Bug 30160827 Change-Id: I14ccf0a31e5a6882bf189c28c79d1c139ec44bcc ava/com/android/server/backup/BackupManagerService.java
4595bc7f12cadfc0ec7b1f9fe0945fd2e45fb425	15-Jul-2016	Chris Tate <ctate@android.com>	Merge "Thread-safe pipe teardown during restore operations" into nyc-mr1-dev
69818781f33188fdbfea037da395d3747cf11de5	13-Jul-2016	Chris Tate <ctate@android.com>	Merge "Explicitly flush compress/encrypt stream before close" into nyc-mr1-dev
1165790f701d53c993107c6d52e0a115d93d8b37	12-Jul-2016	Chris Tate <ctate@android.com>	Merge "Harden framework against backup transport crashes" into nyc-mr1-dev
ad869cc908ff22956f8df47cb127e3446793b787	12-Jul-2016	Christopher Tate <ctate@google.com>	Thread-safe pipe teardown during restore operations Bug 29135140 Change-Id: Id474f180815318618ec28ff953dc0cab892f781e ava/com/android/server/backup/BackupManagerService.java
bf13ccf4b7d7e50f24f6eefeeaa34b7a09e25ec8	29-Jun-2016	Christopher Tate <ctate@google.com>	Back up / restore lock wallpapers If writing both system + lock wallpapers winds up hitting the transport-defined quota, the next backup operation steps back to storing only the system wallpaper. Also makes sure to unbind full-backup target agents following the backup operation. In practice this usually doesn't matter because the target gets killed following the operation, but the wallpaper agent runs in the system process where this does not happen, so was mistakenly being left in place and reused for the next operation, failing to re-run the full create + backup lifecycle. Bug 28968107 Change-Id: I219c2ddd7e899a430ef4cf693b1259464c15eed5 ava/com/android/server/backup/BackupManagerService.java
4e8ce9ec4ee383f4767b10cfbe5a53439e31117a	30-Jun-2016	Fyodor Kupolov <fkupolov@google.com>	Schedule backup of a package on a background thread Scheduling involves writing to journal file. This part can be done on the background thread in order to speed up the unlocking. Deferring writes to journal file should be safe, because the system will reschedule backups in case of a crash. Bug: 29619732 Bug: 29645167 Change-Id: I0667ac2bf159e0f40b7a5066f41ea0841df98437 ava/com/android/server/backup/BackupManagerService.java
59397a8e055faa0e2ed05b20785e43c03db86a1a	07-Jul-2016	Christopher Tate <ctate@google.com>	Explicitly flush compress/encrypt stream before close We're losing the stream footer for mysterious reasons; maybe this will help even though supposedly close() is expected to flush pending buffered writes anyway. In particular, an explicit flush of the compression stage will generate a SYNC_FLUSH point, which ordinary deflate-at-close operation does not. Bug 28056941 Change-Id: I96580411257932d7addb176c6672eae72a5ac6f7 ava/com/android/server/backup/BackupManagerService.java
a2a6533d65d195950b27788813d66821ada4bbc2	01-Jul-2016	Christopher Tate <ctate@google.com>	Harden framework against backup transport crashes Make sure we catch any exception thrown back from the transport, rather than relying on it to maintain the interface surface. Some exceptions turn out to be beyond the call-target's control to prevent. Bug 29761883 Change-Id: Ifafbac300e7d7dab793237b2fd47d3122751435f ava/com/android/server/backup/BackupManagerService.java
5cb5e89d770f474031e4ab30fb7f24c66333590a	17-Jun-2016	Christopher Tate <ctate@google.com>	Fix adb backup/restore * Exclude key/value-only backup participants until we have a chance to augment the archive format with proper handling. * Don't back up 'stopped' apps, which would un-stop them * Fix unspecified-user bindService/startActivity invocations * Teach adb restore about the onRestoreFinished() lifecycle method * Implement proper app timeout handling in the adb data flows * Backstop wallpaper backup against rare leftover-state issues Bug 28056941 Change-Id: Ia59c71a2c74a632a2c2a527b9b7374229c440d46 ava/com/android/server/backup/BackupManagerService.java
0f101342e192c75f25f90fc3ac3000a37625d380	20-Jun-2016	Chris Tate <ctate@android.com>	Merge "Let bmgr inspect the set of whitelisted transports" into nyc-dev
1c3be1a5b19b5f29eb8466d8b746a28d5a48e935	17-Jun-2016	Christopher Tate <ctate@google.com>	resolve merge conflicts of cffb19c to mnc-dev am: 3f9ea2d386 am: d6c1126fab am: e2c9b1af3e am: d2a4e1b39c Change-Id: I8e59a88278ba50ab7e3768031611065131ed6834
3f9ea2d386507fd814b33fd9fa6c2a2824f80416	17-Jun-2016	Christopher Tate <ctate@google.com>	resolve merge conflicts of cffb19c to mnc-dev Change-Id: I4dba574de2678d851e3d82961a07de27d61f5940
cffb19c812dd6d619e292519ca5ede61310aeab6	17-Jun-2016	Christopher Tate <ctate@google.com>	Don\\\'t trust callers to supply app info to bindBackupAgent() am: c58054f25f am: cd777e95a7 am: ec6c3f7a32 Change-Id: Idc2b6c712078493b4186edad750d8d5beab58adf
cd777e95a77ba0035566088a5432aa28a409e7d1	17-Jun-2016	Christopher Tate <ctate@google.com>	Don\'t trust callers to supply app info to bindBackupAgent() am: c58054f25f Change-Id: I3b0bd91c38b5f13770f09f39c2eea78b63c29d7c
e227ec61c24c3c33d42de4996d38fc4e44fa5e4d	16-Jun-2016	Christopher Tate <ctate@google.com>	Let bmgr inspect the set of whitelisted transports Needed for compliance testing. Bug 29072466 Change-Id: I025058ab9197f9e2db062bf0074e79f1cd04b443 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/Trampoline.java
c58054f25fb8ad624a749ed48e3f5775de4bec14	14-Jun-2016	Christopher Tate <ctate@google.com>	Don't trust callers to supply app info to bindBackupAgent() Get the canonical identity and metadata about the package from the Package Manager at time of usage rather than rely on the caller to have gotten things right, even when the caller has the system uid. Bug 28795098 Change-Id: I215786bc894dedf7ca28e9c80cefabd0e40ca877 ava/com/android/server/backup/BackupManagerService.java
09893e9a4157f77938a0f688d17476df8be9441a	10-Jun-2016	Christopher Tate <ctate@google.com>	Don't allow restore sessions during backups Gracefully no-op if apps attempt to restore themselves while there is a backup pass in flight. Bug 29135379 Change-Id: I8f0b5cd9d149b703e1de7a3a0b4b54c3aff766b6 ava/com/android/server/backup/BackupManagerService.java
c1c8325619aeae3ba23d69e2385071c26e3f57af	26-May-2016	Christopher Tate <ctate@google.com>	Use backstop timeouts on asynchronous countdown during preflight Work around nebulous lost-timeout issues by adding a backstop timeout to "wait for result" latch operations. When we hit these, the initial conditions will be reported as final result; so make those intial states match the error condition that is appropriate to such a timeout. Bug 28963707 Change-Id: I4d21a86c48e87633118b1e6eaa05c1d966efec81 ava/com/android/server/backup/BackupManagerService.java
2be3de172376caa0257a59dd6646952baf90b203	21-May-2016	Christopher Tate <ctate@google.com>	Backport of backup transport whitelist Sysconfig define a whitelist of permitted backup transports Previously any apk bundled in priv-app could insert a backup transport. Reduce risk surface by giving the OEM explicit control over who is allowed to handle backup data. Bug 28406080 Backport of 494df791728f4d42d67e935c327910975993ad29 from N Change-Id: I9f90e324169a68720d608f74754d284a7e59cf87 ava/com/android/server/backup/BackupManagerService.java
647cb6a6d82e3bb22eca0e5a27810e99084e2d5b	21-May-2016	Christopher Tate <ctate@google.com>	DO NOT MERGE : backport of backup transport whitelist Sysconfig define a whitelist of permitted backup transports Previously any apk bundled in priv-app could insert a backup transport. Reduce risk surface by giving the OEM explicit control over who is allowed to handle backup data. Bug 28406080 Backport of 494df791728f4d42d67e935c327910975993ad29 from N Change-Id: I405b49daee8c576584575c3e46877cc97632d8c6 ava/com/android/server/backup/BackupManagerService.java
3bed1c0ef8a66c4ce064b1c6ee443681070c5fcb	16-May-2016	Christopher Tate <ctate@google.com>	Explicitly close pipe end when we cease operations... ...because the other in-VM reference to that FD means that it won't get GC'd after we release our local reference to the containing object, and we wind up with the feeder end blocking on write to a still-fully- open pipe rather than being made aware that the read end has needed to shut down. Bug 28756668 Change-Id: I90b6aaeaabe7d912d96d7ef57c24f68d87d9d0ab ava/com/android/server/backup/BackupManagerService.java
494df791728f4d42d67e935c327910975993ad29	11-May-2016	Christopher Tate <ctate@google.com>	Sysconfig define a whitelist of permitted backup transports Previously any apk bundled in priv-app could insert a backup transport. Reduce risk surface by giving the OEM explicit control over who is allowed to handle backup data. Bug 28406080 Change-Id: I84ed954c31b41b671825122e537971b110e00a4d ava/com/android/server/backup/BackupManagerService.java
e2cdb20cf895b15acac5acaa43e2e6ffb13655b8	05-May-2016	Chris Tate <ctate@android.com>	Merge "Ensure that the stream feeder doesn't hang in write..." into nyc-dev
35c2827c60fc8b77f97ce4d253873ff14c939581	03-May-2016	Christopher Tate <ctate@google.com>	Ensure that the stream feeder doesn't hang in write... ...if the restoring data engine thread winds up operations. By closing the engine side of the pipe unconditionally when exiting the thread, the unanticipated-failure path is now guaranteed (instead of blocking forever in write() to a pipe that isn't being read!). In addition, wire agent-timeout handling into the various stream data-handling operations (preflight, backup, restore). This were not sufficiently robust and were in some situations leaving the backup/restore mechanisms in a livelock state. Finally, plug a longstanding problem in which we'd have orphaned timeout messages coming in and producing a certain amount of "wtf?" logging and wasted CPU. No longer! Bug 28457158 Change-Id: I597c76c3eada378ffeb20870253847594f73e089 ava/com/android/server/backup/BackupManagerService.java
722d27f99c0b8ad4e69afdf7d8f0476b7d47053c	03-May-2016	Christopher Tate <ctate@google.com>	Full-data restore path needs to pass along the widget metadata The engine itself knows about it, but that's at one remove from the code that needs to consume it. Make sure it gets passed up the chain. Bug 28346706 Change-Id: Ib94c9fbc512d92039bb7db5cd6b0b088a4a66027 ava/com/android/server/backup/BackupManagerService.java
98f1ff05580f85debaa245addd02777fe9e68273	28-Apr-2016	Christopher Tate <ctate@google.com>	Don't wedge full data backups by blocking the data consumer thread In particular, don't ask the producer about error overrides when it is still relying on the consumer to do its job first. This needs to be policy for any transport-side error condition, not just the one that was previously handled safely. Any transport- initiated error "on the fly" means that the app-facing side of the engine doesn't know to stop feeding data, and mustn't be consulted with any blocking request. We also now detect unexpected PACKAGE_REJECTED by the transport after data streaming has begun, and translate that to the general TRANSPORT_ERROR for correct handling down the line. Bug 28399225 Bug 28375634 Change-Id: I613dc21bc9f2d23e6520eed6c3ac2e9dbc1d88dc ava/com/android/server/backup/BackupManagerService.java
5cf5578a457e448dda9fd47943e91f0f3b67690f	26-Apr-2016	Christopher Tate <ctate@google.com>	Make sure FIRST_LAUNCH is after PACKAGE_ADDED If an app undergoes restore during install, it is considered 'started' and the FIRST_LAUNCH broadcast needs to go out. However, this must not take place until after the restore operation has fully completed, in order to avoid publishing the app's existence while it may still be in an incoherent state. We now make this broadcast part of POST_INSTALL in the restore case. Bundled apps are in the 'started' state regardless, so no FIRST_LAUNCH broadcast is ever sent for them -- this CL does not change that existing behavior even in the case of setup-time data restore of factory-installed packages. Bug 28173625 Change-Id: Ibcc3758576662dc447b75476173a0d008a9fe4da ava/com/android/server/backup/BackupManagerService.java
021a48d50eb857aa912e5ca22ae0fff4a8b4c9dd	29-Mar-2016	Makoto Onuki <omakoto@google.com>	Merge "Extract signature related utilities" into nyc-dev
590096a0e372f640fb41d4cb97d8bc68fb7b8ea2	26-Mar-2016	Makoto Onuki <omakoto@google.com>	Extract signature related utilities So that they can be used from services/core. Bug 27548047 Change-Id: I610e267cba320418e766c0e609fa26c485dc6e1f ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/PackageManagerBackupAgent.java
d5f70b748351eb82a5f3567e2a1edea2de458951	22-Mar-2016	Christopher Tate <ctate@google.com>	Clean up a couple of bugs about transport init staging Using the right names for things typically works better. Bug 27794697 Change-Id: Ic8c3c2c978536545bd669c1c12aad9ee6783f38a ava/com/android/server/backup/BackupManagerService.java
1f4c45034235ce98fd1da171a9dcec4b7bb17efd	19-Mar-2016	Christopher Tate <ctate@google.com>	Fix deadlock when full data backup times out The code was attempting to let a reported error in the app <-> engine surface take precedence over apparent success at the engine <-> transport handoff surface. However, in the case of timeout, this is inappropriate. It was leading to deadlock because the engine runs free, with socket-closed as its shutdown signals for determinism. In this case that means that having accidentally asked it to finish and report the final result, we locked up forever since the data it was writing dutifully to the engine was no longer being consumed, and the actual teardown signals were never sent. The fix is to properly express the error-state hierarchy: only when the engine <-> transport layer is not issuing its own abort is the app-data- moving layer consulted about errors detected at that surface. Bug 22348852 Change-Id: I8987be0c4f708116dfeb08098d7222241ed317f3 ava/com/android/server/backup/BackupManagerService.java
4ebf6dd961bf4f5ee0577af0cf8221af65f8c017	01-Mar-2016	Christopher Tate <ctate@google.com>	Don't use restricted backup launch mode for system-ish processes We now impose restricted launch behavior and lifetime only on "ordinary" apps' backup/restore operations. System-ish targets such as the telephony provider continue to get their full Application instance and providers, and won't get killed following conclusion of the data-moving operations. Such customers of backup/restore are expected to be able to deal gracefully with this sort of thing. Bug 27362301 Bug 27076602 Change-Id: Ib62483b8469cc750a20f80b7c596ad486a397564 ava/com/android/server/backup/BackupManagerService.java
50f56607d55e7e9170218fac70bc48c7dc94a1f9	24-Feb-2016	Christopher Tate <ctate@google.com>	Don't use Settings for storing the backup enable state Bug 19678828 Change-Id: Ieb572bcb2e8fe4d03f654dd52596c8dc4fdd72a9 ava/com/android/server/backup/BackupManagerService.java
43fbc5f898a488dcfa9ecf3030f05f27ce5428f9	18-Feb-2016	Christopher Tate <ctate@google.com>	Add android:backupInForeground An app can now declare that it really needs to be backed up whenever possible even if it is currently engaged in foreground- equivalent work. Only applies to full-data backup clients: key/value backups are not intrusive on normal lifecycle so they can already happen in such circumstances. Bug 26790411 Change-Id: Ia0ebcc7a53da888ae9ae4d63cd4bcab6e3a2e866 ava/com/android/server/backup/BackupManagerService.java
2c1ba9a961d4f96c26df260ee437655ad9e7c03e	17-Feb-2016	Jeff Sharkey <jsharkey@android.com>	Make BackupManager encryption aware. Backup requires both CE and DE storage to be available, so delay spinning up the backup system until the user is unlocked, since that's when CE storage becomes available. Note that devices without FBE immediately transition USER_SYSTEM into the unlocked state, since their CE is always available. Offer to backup and restore files under both CE and DE. Since DE is effectively the same as CE, most logic is simply duplicated for now, but it could be simplified in the future. Since system apps can force their default storage location to DE, we always build explicit CE and DE paths. Add getDataDir() to give clean access to the top-level private data directory, but disclaim that apps shouldn't create files there. Bug: 26279618 Change-Id: Ic34a4b330223725db93b1d0f5c9dffc88002c61f ava/com/android/server/backup/BackupManagerService.java
cd8c13fc4e165cb67016b01fe77dbcd8309211b1	09-Feb-2016	Sergey Poromov <poromov@google.com>	Synchronize results from runner thread to main full backup thread. Previously, all results from runner thread - both for preflight or full backup pass were ignored. This change adds two synchronized method to get preflight result and result of full backup pass. This leads to better coverage of AGENT_ERROR to return in callback as a result of backup operation. On the other side we won't start backup pass in main thread if preflight check hasn't been succeeded. Change-Id: Id5f9e4c956a1bd5c396d59b7ad2098139a15e69d ava/com/android/server/backup/BackupManagerService.java
65775b9c68a09e188fd94845ac5ef114ddcea908	11-Feb-2016	Sergey Poromov <poromov@google.com>	Use long for preflight check size in BackupManagerService. Bug: 26557141 Change-Id: I3794a91b62578044745a61bf774f5028f3e3b373 ava/com/android/server/backup/BackupManagerService.java
266190839f0be319d7c2d200c40ae3b7cf82b930	10-Feb-2016	Sergey Poromov <poromov@google.com>	Don't call BackupTransport#checkFullBackupSize when preflight timeouted. mResult in SinglePackageBackupPreflight could be set to a negative value if preflight timeouted. Together with ag/863259 this change will better handle this case. Bug: 26818914 Change-Id: I171bf95f146552b3b50f044964c2b041f6303d90 (cherry picked from commit a235f7e4e046b1a69af988240ff5f0dd46f3b5f9) ava/com/android/server/backup/BackupManagerService.java
8212ae0aee1700b9c287ebadf15af8dacdc8eae6	10-Feb-2016	Jeff Sharkey <jsharkey@android.com>	Consistent naming for internal storage APIs. Also completely remove a few confusingly named deprecated APIs. Change-Id: Ia7e4ea3190a97f0a7dfa9bebf2118da0866ec38f ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/Trampoline.java
eee352f7a2079c4a2745179909245f4db2a04fe8	09-Feb-2016	Sergey Poromov <poromov@google.com>	Fix that backupFinished() callback is not called sometimes. Before this in case of TRANSPORT_ERROR backup pass was aborted before backupFinished() call. Now this happens in 'finally' block so that there is no way to avoid it. Also, now backup pass doesn't break in case of QUOTA_EXCEEDED result for single package. And some refactoring around 'currentPackage' variable. Bug: 27094847 Change-Id: I18df3f500b427381f32bd11ed1aa87ab9577bc91 (cherry picked from commit 2ea71ad6254c4094d0d34a39d9988c9d75b038ed) ava/com/android/server/backup/BackupManagerService.java
0b9ea178897e1d23f32a8d2e60b22ba815ca9398	02-Feb-2016	Christopher Tate <ctate@google.com>	fullBackupOnly=true means don't even think about key/value backup Bug 26790411 Change-Id: Ifa5b97053969de958b08cbf2975c503b10f93571 ava/com/android/server/backup/BackupManagerService.java
e5f51c212cc3292a69988cd3569ce24cbb98f978	28-Jan-2016	Christopher Tate <ctate@google.com>	Stage backup/restore data in a cache subdir rather than root Also make sure not to do the restorecon() before the file is created. (Also fix binder identity bug in the 'bmgr fullbackup' flow.) Bug 26834865 Change-Id: Ia8a59eeb55762264163c8b310caae5e303413571 ava/com/android/server/backup/BackupManagerService.java
7200364e8d74fc105023790eeda0fc42dac3310a	27-Jan-2016	Sergey Poromov <poromov@google.com>	Merge "Quota exceeded API in BackupAgent"
339b53a8e678f18da906906f5f32ed57772102bb	23-Jan-2016	Christopher Tate <ctate@google.com>	Prevent (and repair) poisoned full-data backup queue An app that transitioned from full-data to key/value backup regimes was being left in the full-data backup queue until next reboot. In edge cases this would result in the app being inappropriately shut down for backup; furthermore, it would potentially cause there to exist a full-data payload for the app that was considered "newest" and therefore be the one delivered at restore time on a new device or app (re)installation. Defense in depth: full-backup candidates are just-in-time reevaluated for validity when they come up again in the queue; app update notifications cause a reevaluation and removal from the queue if full-data is no longer the right modality; and the common engine for all cloud-facing full-data backups does an additional last-ditch validation that each stated target is actually supposed to get full-data backups rather than key/value, to backstop the checks on queue-presence validity. Bug 26744511 Change-Id: I55bea3e19a2cab0150dbe5a08dd9fc550f0068c4 ava/com/android/server/backup/BackupManagerService.java
872d3b6e19933af6fa9ae65214b9f6df04fc3222	12-Jan-2016	Sergey Poromov <poromov@google.com>	Quota exceeded API in BackupAgent Should be also implemented in GMS BackupTransport. Bug: 25693504 Change-Id: I6e4b2edb6d62addca0aced3e801d7629fb9394ca ava/com/android/server/backup/BackupManagerService.java
9448196076d5a5266b3ae7e4945216b30ee88aa7	07-Jan-2016	Sergey Poromov <poromov@google.com>	Add BackupManager#isAppEligibleForBackup() method to Backup API. Check is done only in framework. Transport still can deny backup for the package. Bug: 26443192 Change-Id: Ifcde67a4d11725aa4b15ab4f57d740f55ab2b265 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/Trampoline.java
d3665f1f0f2e2aefe4c5dd6b000b356dfb414783	21-Jan-2016	Sergey Poromov <poromov@google.com>	Merge "Introduce BackupManager#requestBackup & BackupObserver API"
fe06bf64d204c459699b0bf6465f9fb69208345e	15-Dec-2015	Sergey Poromov <poromov@google.com>	Introduce BackupManager#requestBackup & BackupObserver API Introduces a way to request immediate backup for list of packages and receive callbacks on backup progress. Bug: 25688526 Change-Id: Ib826933d44f4ebf2b981f8be366215b2d37847e2 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/Trampoline.java
63fec3ef1adb6c447cd505679714a8e780d18263	12-Dec-2015	Christopher Tate <ctate@google.com>	Don't full-data back up apps in foreground-equivalent state We have to kill the app and bring it up in a controlled lifecycle mode in order to do full-data backup, and if it's e.g. playing media, this is hugely disruptive. Instead, we now check whether an app being considered for full-data backup is in a user-observable state, and defer its backup if so. We don't kick it all the way down the daily-backup cycle in this situation -- we set it up to retry the backup in just a few hours. Bug 25960428 Change-Id: I576f25c6fb07545565f59bd685624c612b9c5ffd ava/com/android/server/backup/BackupManagerService.java
4cfe29bdf2ee14e8316d45cfc23e4548319b3ab9	04-Sep-2015	Xiaohui Chen <xiaohuic@google.com>	Cleanup USER_OWNER in backup service This is just a straight constant replace. The feature is tracked in a separate bug b/22388012. Bug: 19913735 Change-Id: I7ae0953558bfdb77441e9efd749f1bb1cc77050c ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/Trampoline.java
05a24e5b59eb378ecfd4b0fc174d2141a677b1ec	28-Aug-2015	Chris Tate <ctate@android.com>	am a6888d6d: am b5bcd607: am 27c5cfd7: am 9b2f9bcb: am 82d14d60: Merge "Crashing the system process is inadvisable" into mnc-dev * commit 'a6888d6d8b912a69fad189e1d53da79746aa74ae': Crashing the system process is inadvisable
0d446c18dc84f8db522823f24983b8e71a0b0f04	28-Aug-2015	Christopher Tate <ctate@google.com>	Crashing the system process is inadvisable When asking for the set of services published by a package, it's quite possible that there are none, in which case the returned List<> is null rather than valid-but-empty. Don't bother looking at it when it's null. Bug 23614440 Change-Id: Ibebb26b9c3f75ec810a95f1b9d2663e884cb98bc ava/com/android/server/backup/BackupManagerService.java
6578ad5bb493d43ae6a1f8a0b0d6dd180aa90b50	21-Aug-2015	Christopher Tate <ctate@google.com>	am 905cb17f: am adde39d8: am b893c1ba: am 99b252ad: am ddc2536d: Make sure to kill restore-at-install full-data targets after restore * commit '905cb17f921a804fde3679a2f8887055ec7db028': Make sure to kill restore-at-install full-data targets after restore
ddc2536d2b6f277a7828278a066be874e4f9502e	20-Aug-2015	Christopher Tate <ctate@google.com>	Make sure to kill restore-at-install full-data targets after restore Specifically: correctly distinguish the "I want to restore my own data" case, in which the app is intentionally not killed, from the single-package restore at install operation. Bug 23357388 Change-Id: Ic50ac39fe942af1f6ec9e04a32d81a39b70a0b2b ava/com/android/server/backup/BackupManagerService.java
1c1dd4bc8dbad8846bbc7520dfe307099a6c05d7	18-Aug-2015	Chris Tate <ctate@android.com>	am 45f88e1b: am 591b371f: am ccbb02f9: am b16cd62c: am c0a2254e: Merge "Clean up properly if outcall for doRestoreFinished() fails" into mnc-dev * commit '45f88e1b2c0a8433b073f69c58660db843d46d04': Clean up properly if outcall for doRestoreFinished() fails
d71d7c350c76d3494dd6688c26a837fa41ea18f8	17-Aug-2015	Christopher Tate <ctate@google.com>	Clean up properly if outcall for doRestoreFinished() fails The target app crashed at an inopportune time but this shouldn't invalidate the whole ongoing restore operation; it's a problem local to the specific app undergoing restore. Recognize this, clean up the app's possibly-incomplete data, and continue running the restore queue as planned. Bug 23228982 Change-Id: If9a19d2fe6a0ce5339c893630d7a61a5a5ccd9b1 ava/com/android/server/backup/BackupManagerService.java
1ad82779bea52865055db70ead52a8a360fcdba8	30-Jul-2015	Chris Tate <ctate@android.com>	am 5f70b3b1: am e5b25915: am e625b631: am 4de7b0ff: am 74a0744e: Merge "Fix issues around process teardown after full-data restore" into mnc-dev * commit '5f70b3b1d3360dcfa2716d610c04efa3e309521e': Fix issues around process teardown after full-data restore
2ad7e27362f682e3358b307bef23196be1c8b126	30-Jul-2015	Christopher Tate <ctate@google.com>	Fix issues around process teardown after full-data restore The unified code path for cleanup was mistakenly looking at the android:killAfterRestore manifest attribute even for full-data restore operations. That attribute is only relevant for key/value payload handling. We need to always kill after restore in the full-data case because the app will otherwise be allowed to enter normal component lifecycles without its correct Application / ContentProvider state in force. Bug 22704852 Change-Id: Ia63f985a35c28084c734389cfc49d3792173e5c7 ava/com/android/server/backup/BackupManagerService.java
7e744dfcfd916e510385ce81f794d69d13026bf3	29-Jul-2015	Chris Tate <ctate@android.com>	am 803b73a2: am f9f837fa: am 6613ec44: am 403e22b9: am 751a96a0: Merge "Don\'t redundantly call transport.finishRestore()" into mnc-dev * commit '803b73a29004d2f8bf0234c0619480f5e639b5d6': Don't redundantly call transport.finishRestore()
6ab2fb61f08d87e01874114c3c204166a287e92c	28-Jul-2015	Christopher Tate <ctate@google.com>	Don't redundantly call transport.finishRestore() The RestoreSession is no longer responsible for calling finishRestore(); that happens as part of tidying up after running the restore itself, even in failure cases. Bug 22640096 Change-Id: I0be52af2ae8c2c1ac685e9904ccb8120f7fcf522 ava/com/android/server/backup/BackupManagerService.java
a848379cabab5054e65ee29da339f5a3e8ca2481	15-Jul-2015	Kenny Guy <kennyguy@google.com>	Update backup todo to mentioned admin control. Update backup manager todo about backups for profiles to mention the need for DevicePolicyManager control. Change-Id: I7f17fc01a53d9608b104b70e57da7f619cb82c5f ava/com/android/server/backup/BackupManagerService.java
2fe00adc02cb3fdcad8374bf624118d5c3d5575e	07-Jul-2015	Christopher Tate <ctate@google.com>	Clean up obsolete pending timeout after restoring package metadata Bug 22040047 Change-Id: I460dbcc50a45d794392beb9ff4a4358c05c87e07 ava/com/android/server/backup/BackupManagerService.java
758de809b9e26e80b3490779f45c64aeaadf2a45	01-Jul-2015	Christopher Tate <ctate@google.com>	Fix dispatch of onRestoreFinished() The agent instance wasn't properly being conveyed from the generic restore engine implementation to the state machine handling the lifecycles. On top of that, the lifecycle wasn't advancing to the restore-finished callback phase properly in the full-data restore case. Bug 22194736 Change-Id: Ic649d6a196adbd21a4a0f3083c7eed2fff383e52 ava/com/android/server/backup/BackupManagerService.java
ad8a96231680fae6c49bc877074b8af3562e90f1	05-Jun-2015	Christopher Tate <ctate@google.com>	Don't run backups in battery-saver mode Defer both full-data and key/value backups while in battery-saver mode. Bug 21563473 Change-Id: I081b7bcd19af21a4c88ebb434d2d3ef4bc93951f ava/com/android/server/backup/BackupManagerService.java
3d7e0d8e21e2ba706573fc43f8a7e5654814fb11	13-May-2015	Christopher Tate <ctate@google.com>	Adjust key/value backup scheduling We now try to perform key/value backups only while charging, proceeding off-charger only after we've waited a full day for the device to be plugged in. Bug 21076663 Change-Id: Ib32c9f8bfaf8a310f5f388907e38a28d3c54bd8e ava/com/android/server/backup/KeyValueBackupJob.java
03d64a52105ce6eada02bf030e1a746c226fd8b1	26-May-2015	Christopher Tate <ctate@google.com>	Don't erase backup metadata when an app is uninstalled We still retain the data in the backup, in order to support the flow in which a user has the app and its data is stored; then the app is uninstalled; then later the app is reinstalled. We depend on having correct metadata for the data in the datastore in order to evaluate its validity for restore-at-install, so we mustn't forget that metadata just because the app is not currently installed. We also now permit the sentinel pseudopackage name "@pm@" as an argument to dataChanged(), indicating specifically that the metadata should be scheduled for backup without having to be piggybacked on another app's requested backup pass. That lets us now make sure to schedule a backup pass for metadata-update in response to app install activity. Finally, fix a "min instead of max" bug in full backup scheduling that was causing the OS to ignore the transport's inter-package quiet time requirement when multiple packages were overdue for backup. Bug 21471973 Change-Id: I1dbc260edb91b8deadd2744e273dfa9578b9ef2a ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/PackageManagerBackupAgent.java
62d1e1ef7e04f03c492b49e721ee9773677bba8b	20-May-2015	Christopher Tate <ctate@google.com>	Scan at boot time to detect newly-present full backup candidates OTA or similar might have caused an app to appear without the usual notifications being sent. Make sure we pick up those apps as appropriate for full-data backup. Bug 19462310 Change-Id: Ic17bc72b14cc7599ae8ea540548fda932606b8f2 ava/com/android/server/backup/BackupManagerService.java
1a78d8c2b88fb86801937d6cdb9e4961053d898b	16-May-2015	Christopher Tate <ctate@google.com>	Rebind backup transports only when clearly needed Significantly narrow the circumstances under which transports will be re-bound. In particular, we now do not unbind + rebind whenever any component in a bound transport's host package changes; rather, we do so only when the transport component itself has changed state, or when there is a state change that might cause a new transport to become available. Bug 19775237 Change-Id: Ib386875df19ffe9f2d3eb9f9788187338360644a ava/com/android/server/backup/BackupManagerService.java
5aba226d8ac28cbac5200ee3715a174683b1faa0	06-May-2015	Christopher Tate <ctate@google.com>	Fix requestRestore() of an app's own package The BACKUP permission check was being applied over-zealously. Bug 19336200 Change-Id: Ia52b5c5cc0fd8d19b74ee624be85113d1b8dca7e ava/com/android/server/backup/BackupManagerService.java
303650c9cdb7cec88e7ec20747b161d9fff10719	18-Apr-2015	Matthew Williams <mjwilliams@google.com>	Add full backup criteria to android manifest BUG: 20010079 Api change: ApplicationInfo now has a fullBackupContent int where -1 is (off) 0 is (on) and >0 indicates an xml resource that should be parsed in order for a developer to indicate exactly which files they want to include/exclude from the backup set. dd: https://docs.google.com/document/d/1dnNctwhWOI-_qtZ7I3iNRtrbShmERj2GFTzwV4xXtOk/edit#heading=h.wcfw1q2pbmae Change-Id: I90273dc0aef5e9a3230c6b074a45e8f5409ed5ce ava/com/android/server/backup/BackupManagerService.java
511d02fcc37dce092e17354d53023db44817ebe6	09-Apr-2015	Christopher Tate <ctate@google.com>	Add system API for querying the available restore dataset for a package Bug 20123585 Change-Id: Ife6e77a224b5d4175178aacdb7c285e9944b9eab ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/Trampoline.java
e012a235569fe307d165dfd0784ae847d0b13739	02-Apr-2015	Christopher Tate <ctate@google.com>	Back up / restore preferred app configuration Bug 19848104 Change-Id: I84cdfcc44b48a9732984955d7eedf745b5586bdd ava/com/android/server/backup/BackupManagerService.java
ab06997ed5d4599f7223f3033b5c3bc77ac7044e	31-Mar-2015	Christopher Tate <ctate@google.com>	Fixes to full-backup scheduling edge cases If a scheduled full-data backup was attempted but the device had not yet run the primary key/value backup pass, the full-data backup scheduler would wind up in a bad state and potentially never retry until reboot. We now properly reschedule a future retry, using the key/value scheduling batch quantum as a backoff to be sure to give it a chance to run before the next time full data is attempted. Change-Id: Ic7eb7a7940fe6380f40d04813a46fc336e95815e ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/KeyValueBackupJob.java
a7f038c9c3715bf29aec194bf079bf061502b1d9	28-Mar-2015	Christopher Tate <ctate@google.com>	Respect the transport's requestFullBackupTime() backoff We now make sure to pause by at least requestFullBackupTime() between full-data backup operations, to give the transport the ability to apply traffic control while we're running the queue of eligible packages. Also, we now reset a package's queue position whenever a full-data backup for that package is run explicitly via adb. Bug 19732890 Change-Id: I6cf24495ad18eebd55557f229d11c703e5b7f529 ava/com/android/server/backup/BackupManagerService.java
11ae768cf1b8348e761ad9c09e98788da1e591b1	25-Mar-2015	Christopher Tate <ctate@google.com>	Add payload-size preflight stage to full transport backup We now peform a total-size preflight pass before committing data to the wire. This is to eliminate the large superfluous network traffic that would otherwise happen if the transport enforces internal quotas: we now instead ask the transport up front whether it's prepared to accept a given payload size for the package. From the app's perspective this preflight operation is indistinguishable from a full-data backup pass. If the app has provided its own full-data handling in a subclassed backup agent, their usual file-providing code path will be executed. However, the files named for backup during this pass are not opened and read; just measured for their total size. As far as component lifecycles, this measurement pass is simply another call to the agent, immediately after it is bound, with identical timeout semantics to the existing full-data backup invocation. Once the app's file set has been measured the preflight operation invokes a new method on BackupTransport, called checkFullBackupSize(). This method is called after performFullBackup() (which applies any overall whitelist/blacklist policy) but before any data is delivered to the transport via sendBackupData(). The return code from checkFullBackupSize() is similar to the other transport methods: TRANSPORT_OK to permit the full backup to proceed; or TRANSPORT_REJECT_PACKAGE to indicate that the requested payload is unacceptable; or TRANSPORT_ERROR to report a more serious overall transport-level problem that prevents a full-data backup operation from occurring right now. The estimated payload currently does not include the size of the source-package metadata (technically, the manifest entry in its archive payload) or the size of any widget metadata associated with the package's install. In practice this means the preflighted size underestimates by 3 to 5 KB. In addition, the preflight API currently cannot distinguish between payload sizes larger than 2 gigabytes; any payload estimate larger than that is passed as Integer.MAX_VALUE to the checkFullBackupSize() query. Bug 19846750 Change-Id: I44498201e2d4b07482dcb3ca8fa6935dddc467ca ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/Trampoline.java
2c7a0cc2cfa3a0502aa23e09e6236ba09979b539	24-Mar-2015	Christopher Tate <ctate@google.com>	Switch to new userActivity and package install APIs Tracking the deprecation of older API variants and switching to the new and more informative versions. Also tidying up a few unused variables along the way. Change-Id: I282a18525f9db838f4e0a77c90403b8b904e4fd7 ava/com/android/server/backup/BackupManagerService.java
27aec3c54a0319a989f7969ab6a368e9e1ae9d28	13-Mar-2015	Christopher Tate <ctate@google.com>	Don't run full backups until package metadata has been pushed Bug 19692849 Change-Id: I13615db7408b5c6fbc787c4773103c052e70f0b2 ava/com/android/server/backup/BackupManagerService.java
b538d3c06f37979a617c7c23644c23cc424f3f6a	11-Mar-2015	Christopher Tate <ctate@google.com>	Don't run full backups on stopped packages We already decline to run key/value backup passes for (participating) apps that are in the 'stopped' state. Now we also properly avoid full-data backup passes on such apps. Bug 19684052 Change-Id: Ieafc07b5531a91a243d57238c53db41ad3459140 ava/com/android/server/backup/BackupManagerService.java
77a2d78dbf91d4799f811385b1e39ad89052e7eb	04-Mar-2015	Christopher Tate <ctate@google.com>	Don't enqueue allowBackup=false apps for full backup attempts We are correctly refusing to actually process apps for backup if they have declared android:allowBackup="false" in their manifests, but we're still wasting bookkeeping & a certain amount of work in tracking them as part of the full backup queue. Fix that; now we recognize that they shouldn't be in the queue in the first place. When reinflating the queue at boot time we also re-verify the participation of each mentioned app so that we properly drop ones that have been uninstalled or altered such that they are no longer full-data backup candidates. Finally, if an app previously implemented key/value backup, so we think we'll be running it in that mode in a future backup pass, but has been updated to use the full-data path instead, we don't want to go ahead and run a key/value pass on it. Added a backstop check and proceed gracefully in this situation. (Also add bit more debug-build logging to LocalTransport) Bug 19462310 Change-Id: I07ab4f2e68e92766d9e8f2595fa763c91193d743 ava/com/android/server/backup/BackupManagerService.java
73570db59f9178cf3a8affe943e96808ac404049	27-Feb-2015	Christopher Tate <ctate@google.com>	Use scheduled job rather than periodic alarms for key/value backups Instead of a runs-forever periodic alarm that drives key/value backup passes, we instead schedule-on-demand a trigger job that will kick off the pass after a batching interval. The key semantic change is that we now never wake for key/value backup work unless we've been explicitly asked to do so. We also use a rather longer batching interval than was previously the case. Bug 19536032 Change-Id: Ie377562b2812c9aeda0ee73770dfa94af6017778 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/KeyValueBackupJob.java
6a873711cd1ed43c85f6cc93e8cf61fed7aeff0e	25-Feb-2015	Christopher Tate <ctate@google.com>	Merge "Don't crash when backup timeout races with agent completion"
12f783d6c6155a65a87511e200206a81798aa2ed	25-Feb-2015	Christopher Tate <ctate@google.com>	Don't crash when backup timeout races with agent completion There's a narrow window of time in which an agent reporting that its operation has completed races with timeouts such that we wind up handling the completion callback just after certain fundamental state has been reset. Detect this race and proceed gracefully instead of crashing. Bug 19498669 Change-Id: I5a475527db1a55a8e567366ddfb10112e427682e ava/com/android/server/backup/BackupManagerService.java
8dd7d01c1a07d9893ce1207c90869fe3d40fbced	25-Feb-2015	Christopher Tate <ctate@google.com>	Check DUMP permission in the backup service trampoline Make sure that even if backup is disabled outright (and hence there is no underlying service implementation for the trampoline to delegate to), the DUMP permission exception is thrown as expected. Bug 19422232 Change-Id: I6d1a17c5f85adcfad75af969b521920e786c05a8 ava/com/android/server/backup/Trampoline.java
33d3c53da021f0d044028860ace0f4ad817273f5	11-Feb-2015	Alex Klyubin <klyubin@google.com>	resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp Change-Id: Ic20b6c8851458483dd73a144bd5ae6e8d141e62a
b9f8a5204a1b0b3919fa921e858d04124c582828	03-Feb-2015	Alex Klyubin <klyubin@google.com>	Move hidden ApplicationInfo flags into a separate field. The public API field android.content.pm.ApplicationInfo.flags can support only 32 flags. This limit has been reached. As a short term workaround to enable new public flags to be added, this CL moves flags which are not public API into a separate new field privateFlags and renames the affected flags constants accordingly (e.g., FLAG_PRIVILEGED is now PRIVATE_FLAG_PRIVILEGED). The new privateFlags field is not public API and should not be used for flags that are public API. The flags that are moved out of ApplicationInfo.flags are: * FLAG_HIDDEN, * FLAG_CANT_SAVE_STATE, * FLAG_FORWARD_LOCK, and * FLAG_PRIVILEGED. NOTE: This changes the format of packages.xml. Prior to this CL flags were stored in the "flags" attribute. With this CL, the public flags are stored in a new "publicFlags" attribute and private flags are stored in a new "privateFlags" attribute. The old "flags" attribute is interpreted by using the old values of hidden/private flags. Change-Id: Ie23eb8ddd5129de3c6e008c5261b639e22182ee5 ava/com/android/server/backup/BackupManagerService.java
e77c12ba37b7358ef6b6a6010e778926cc4194b8	29-Jan-2015	Christopher Tate <ctate@google.com>	Don't run full-data backups when backup is disabled If the scheduled job fires but backup is disabled or the device is not yet provisioned (i.e. has not yet finished going through setup), bow out gracefully without running any backup operations. Also, even if a backup is directly invoked (e.g. via adb), verify again right before we start collecting app data, and abandon the operation in that path as well. (This is redundant; having only the latter test would suffice, but this lets us distinguish in the logging more easily.) Finally, make sure that if we were waiting on setup before permitting backup operations to begin, that we startup the full-data scheduling as well as the [separate] key/value scheduling. Bug 19197062 Change-Id: I3d8fb650c50f946d8ed7ac7170df361c707f2528 ava/com/android/server/backup/BackupManagerService.java
cf962601186a05a8818c02b690c1e7b5c15144f1	16-Jan-2015	Christopher Tate <ctate@google.com>	Don't write widget metadata to backup unless it's new/changed Redundant backup traffic is bad. Don't commit the widget metadata payload (or the deletion operation for it) unless the widget state of the app has actually changed since the last backup. Bug 19003911 Change-Id: I93819173c0e2357b030d9e2b3d2ee57f2410bb57 ava/com/android/server/backup/BackupManagerService.java
b89e1405cf9f1da533dc0843390a1b6783abb0f4	07-Jan-2015	Christopher Tate <ctate@google.com>	Support single-package backup rejection by the transport We now cleanly handle the case of the transport blacklisting specific packages from key/value backup. Previously we would halt the entire backup pass and reschedule if the transport returned any error from performBackup(pkg). Now, we recognize the TRANSPORT_PACKAGE_REJECTED result from that invocation, and properly drop that package's work but proceed with running the rest of the backup queue as expected. Bug 18694053 Change-Id: Id0dd6d59492bdea9f970540d776f37db0cc5d99c ava/com/android/server/backup/BackupManagerService.java
603ad6f7d00b6c1687102f4679314af533f18f6a	06-Jan-2015	Christopher Tate <ctate@google.com>	Remove the "backup_data_changed" event log Nowadays it's just spammy and uninformative, so away it goes. Bug 18833115 Change-Id: Ic373c596d7a892c4fedc0343e2c03dc1c295225e ava/com/android/server/backup/BackupManagerService.java
22192ada99691221f9ab167c046fb71c23baf723	05-Dec-2014	Christopher Tate <ctate@google.com>	Correctly parse previous PMBA state during backup Bug 18628030 Change-Id: Iefa23de50dd9e1b27cfa5d887f117876d57e4083 ava/com/android/server/backup/PackageManagerBackupAgent.java
a7e47d5d344674f4174919c4ac51e5b9c74b5802	01-Dec-2014	Christopher Tate <ctate@google.com>	Don't crash if a system restore fails before constructing the PMBA If a whole-system restore operation failed at just the wrong point, we'd wind up in the teardown code without a certain vital bit of it having been initialized, and crash on the null pointer. Now we recognize this failure mode and make sure not to do that. Bug 18574450 Change-Id: Ifa2c10ce16bb3c6bc916ed7151c5fd51b7225691 ava/com/android/server/backup/BackupManagerService.java
201caf57f9a9699e04620eac9b1fcdaf4338d2f0	12-Nov-2014	Zoltan Szatmary-Ban <szatmz@google.com>	Adding method to query backup manager service activity status Bug: 17367491 Change-Id: I9920c07d56c4c0ccb1f3dce637c0fb390902d2ff ava/com/android/server/backup/Trampoline.java
bbe23b31dcd0eec8af5b5198970de7ff2a9ef79a	30-Oct-2014	Christopher Tate <ctate@google.com>	Enable runtime turndown of backup/restore services The heavy implementation of the backup manager service is now sitting behind a lightweight trampoline that actually provides the binder call interface. The indirection allows us now to tear down the implementation on the fly without breaking callers who have cached binder references to the backup services: these callers will simply see their future invocations failing benignly. In addition there is now an API for suitably privileged callers such as device policy management to effect this turndown. Finally, there is now a static system property, "ro.backup.disable", that a product can use to outright remove backup/restore operation from the system's operation. The public APIs will continue to be safely usable on such products but no data will be moved to or from the device. Bug 17367491 Change-Id: I8108e386ef3b5c967938fae483366d6978fe4e04 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/FullBackupJob.java ava/com/android/server/backup/Trampoline.java
a28b5c51602ccc48f2672274dabda05d3776ccd9	16-Oct-2014	Christopher Tate <ctate@google.com>	Eliminate race condition around backup completion + resumption Ensure that the callback always sees the current-operation state in sync with the various other bits of internal backup-operation state. Previously only the current-operation state was managed inside the critical section; this resulted in a slim race window where a callback could see an ongoing operation as still valid, but after the internal state on which that operation depended had already been cleared. Bug 17931760 Change-Id: Ia032668e7a9d22f1029c57fc98db9e86484d5719 ava/com/android/server/backup/BackupManagerService.java
0f32717a17307ee581381d7f8527b686aacb3ac4	16-Oct-2014	Christopher Tate <ctate@google.com>	Fix spurious restore session timeouts The restore-session idle timeout should not be ticking while we're doing legitimate restore work. We now explicitly stop the timeout ticker [a delayed message on our handler thread] whenever we undertake a valid restore operation. The timer is already correctly resumed when restore operations conclude. (In practice we need to suspend the timeout tracking at exactly those times when we're entering the wakelock-protected restore flow. The timeout is reestablished when the wakelock is released; this part is already in the code.) Bug 17990544 Change-Id: I7318020ce30fd9c35bc3a644f8c101fd3d063c8b ava/com/android/server/backup/BackupManagerService.java
2aa1d18e3acd269ed7a5f5a4843d447735f0676c	10-Oct-2014	Christopher Tate <ctate@google.com>	Fix bug 17931760 - spurious timeout leads to mayhem We know a priori that the PMBA metadata package's backup pass doesn't need to be tracked for timeout, because it's run inline rather than as an asynchronous separate-process operation. Change-Id: Ifd21ab3a016917f5e557a38c1c88f8d8ac1337d2 ava/com/android/server/backup/BackupManagerService.java
6067d79807653172de9772d8cfd5e914557207b7	08-Oct-2014	Christopher Tate <ctate@google.com>	Actually tell the widget service that restore is starting Before beginning a full-system restore we need to tell the widget service, so that it can properly start remapping IDs from the ground state. Bug 17869323 Change-Id: I152257563f5b52cae67244e936bc2c44ced7618d ava/com/android/server/backup/BackupManagerService.java
ecae2116169e4cc7c109fcfc2aa9f5be1d105995	04-Oct-2014	Christopher Tate <ctate@google.com>	adb backup/restore fixes Bug 17811327 : teach adb restore about the new widget metadata entries Bug 14165872 : -nosystem should not act like -onlysystem Change-Id: I39da0ba80df7c5309a78ec1fa38016cebd80aa5f ava/com/android/server/backup/BackupManagerService.java
64f10efab72aa7701a8d292425f4f56f04ca556b	12-Sep-2014	Christopher Tate <ctate@google.com>	Track enable/disable of transport components For fallback / rollback of backup transport selection we need to handle live enable/disable of legacy or superseded transports. We now watch for component enable state changes in packages that host transports, and rebind as needed. The semantics for selecting the current transport have also been adjusted. We no longer require that the selected transport be live and currently bound in order to be designated as the active instance. This prevents nondeterministic races around upgrade and replacement. Bug 17136637 Change-Id: Idaf45cf4522a23576444e6b11626ee3f7f47c36c ava/com/android/server/backup/BackupManagerService.java
539b217b764562964c7f11b416da8391cb7cf93f	03-Sep-2014	Christopher Tate <ctate@google.com>	The transport system API needs to manage binder identity ...around writing settings. It does its own proper permission check; it just needs to make sure not to accidentally crash the caller in strange and wondrous ways because of failing to clear binder identity before writing the result to secure settings. Bug 16542048 Change-Id: I88d1f2dbeebd24eed5d86989f0ca0d834878b054 ava/com/android/server/backup/BackupManagerService.java
674d3e750133efc4b2d575d806596d1f56bda8d9	27-Aug-2014	Christopher Tate <ctate@google.com>	Do not require device provisioning to do restore-at-install Provisioning is a milestone used for gating backup operation, but it's important that restores be possible during the setup process. In particular, some applications such as home apps may be deliberately pushed for install after platform restore, but before the end of the setup process. We need to be able to do install-time restores of such apps. Bug 17288313 Change-Id: Iaff5d9919e6392b2ca5925be4d63a4116cd11f77 ava/com/android/server/backup/BackupManagerService.java
915f1dc785886ecd14a5222778f7d46f0243b1f5	27-Aug-2014	Christopher Tate <ctate@google.com>	Remember having done full-data as well as key/value app backups The "what have we ever succesfully backed up?" log is used to determine whether we can do an install-time restore from the currently-live dataset rather than go back to the ancestral dataset (if any). We now track apps that have gotten a successful full-data backup through the transport, not just key/value backups. Bug 17263823 Change-Id: If21350a8dd8aaa4ed02fb74101617e935920e4ae ava/com/android/server/backup/BackupManagerService.java
b8e6838583c9d784a7e8d030999d57eb2e87a561	23-Aug-2014	Paul Lawrence <paullawrence@google.com>	Merge "Fix adb backup for encrypted case" into lmp-dev
d1c06753d045ad10e00e7aba53ee2adba0712ccc	22-Aug-2014	Matthew Williams <mjwilliams@google.com>	Implement API review feedback for JobScheduler BUG: 17005336 Took the opportunity to clean up some back-off logic Change-Id: Ibc8ae34d1d44dd064ba071e4cbad17872f7e38cf ava/com/android/server/backup/FullBackupJob.java
e7bbe47833160d05bc31fa33f6d2e6134f3cb8e9	22-Aug-2014	Christopher Tate <ctate@google.com>	Merge "Automatically bind to newly-installed backup transports" into lmp-dev
5684dae9ccceb756c9b44b80931ccac9af198ea6	22-Aug-2014	Christopher Tate <ctate@google.com>	Automatically bind to newly-installed backup transports They'll be rebound automatically at boot, but need to be brought up immediately. As always they can only be provided by privileged apps. Bug 16542048 Change-Id: I9f121a5c111a772deb3f0c44166002a2cbb16ad5 ava/com/android/server/backup/BackupManagerService.java
32d06732cdb7ee653a58e49a4dab13a780513db5	21-Aug-2014	Paul Lawrence <paullawrence@google.com>	Fix adb backup for encrypted case New behavior. Backup no longer uses the encryption password. This is in part because that is hard with patterns, in part because it is a security issue - the off line backup is much easier to brute force than the phone. Instead, we simply insist on an encryption password if your device is encrypted and locked. Bug: 17159330 Change-Id: Ia22f84722522abf0b569a3ef1e16ead5527c726d ava/com/android/server/backup/BackupManagerService.java
8def5cbb3a1a68bb66fbe7ce63fcc8eadcbb238d	22-Aug-2014	Brian Carlstrom <bdc@google.com>	Move SystemBackupAgent from services.jar to frameworks.jar Bug: 17168017 Change-Id: I89b98ca839a78eeb7fb43930e0699ee235deafad ava/com/android/server/backup/SystemBackupAgent.java
b2707afb0cbf955952d313e4c75fd3bfd3a35e98	20-Aug-2014	Christopher Tate <ctate@google.com>	Maintain transport connection through package updates When a package is updated, existing bindings to that package's services are severed and must be manually re-established. Now that the transport can be updated outside the system per se, make sure that we detect these cases and rebind as needed. Bug 16139912 Change-Id: I5d6fa75bb86484f8f7d4f8e93c9157773995e6a7 ava/com/android/server/backup/BackupManagerService.java
9dbba1b669eeb69316b70dbc9e457f8f8b084ea1	20-Aug-2014	Christopher Tate <ctate@google.com>	Don't crash good-citizen restore session clients If an app is trying to do the right thing and end its restore sessions cleanly, but winds up being slow and having the session timed out from under them, don't crash them with an illegal state exception for having appeared to end the session twice. Bug 17133115 Change-Id: I0a0989e2067b156569bddb6626ce045e625c6604 ava/com/android/server/backup/BackupManagerService.java
10ab095a5be2cc45354266b8fbe642c3facafd55	18-Aug-2014	Christopher Tate <ctate@google.com>	Minor restore fixes 1. We were missing a 'break' in the session-timeout case of message dispatch, so were falling through into a different case. Oops. Fortunately it was benign; the other case's logic was merely logging "hey it doesn't look like there's anything to do here" and cleanly exiting. 2. After a restore operation finishes we were previously always leaving the session timeout clock running. However, this was not appropriate in the case of restore-at-install, when the restore was a one-shot kicked off by the package manager rather than an operation on an ongoing RestoreSession. That logic now properly tidies up the session timeout when winding up the restore in either situation. Bug 17080648 Change-Id: I51d4a50db4feefc4c355230a3bfb926ea2fb5944 ava/com/android/server/backup/BackupManagerService.java
a63246d6daa02c6f3e4e78d0072d991387e14c87	15-Aug-2014	Christopher Tate <ctate@google.com>	Tighten restore-at-install behavior Harden the guarantee that if we're asked about a possible restore, we always ALWAYS report back to the package manager. This involved closing "should never happen" edge cases around provisioning/auto-restore setting that nevertheless were happening. Also, on the auto-restore setting front, make sure to plumb that system API through appropriately, since going behind its back and manipulating the secure setting directly would cause things to get out of step. Bug 17060654 Change-Id: I52ca9c1ffbfc0bd6b57196157500d0868bfc2989 ava/com/android/server/backup/BackupManagerService.java
bf1a4a81ebd340a18583f4ca9b5d562a01f55674	09-Aug-2014	Christopher Tate <ctate@google.com>	Start using cancelFullBackup() when appropriate The API was in place but the framework wasn't yet calling it. Bug 16524520 Change-Id: Ie368758c830a7d0ad11e7dd3142a0ed896069944 ava/com/android/server/backup/BackupManagerService.java
0660244119243928a69e5f21ef5ea339c7f6d008	07-Aug-2014	Christopher Tate <ctate@google.com>	Merge "Sanity-check paths of files to be restored" into lmp-dev
4cf9f007e6b66c0a970600f66b4229c4ede73f7f	06-Aug-2014	Christopher Tate <ctate@google.com>	Add event logs for full backup/restore milestones Bug 16689703 Change-Id: If870f1b7b9cb3929ac1edc38affc688a37c2acfd ava/com/android/server/backup/BackupManagerService.java
46db93404b27fe5ec121ab55527712e2a6692c7a	30-Jul-2014	Michael Wright <michaelwr@google.com>	Ensure backup schedule file is closed. Change-Id: Ie4a62cda74815c67c62fb08e8df25a71d6102d4c ava/com/android/server/backup/BackupManagerService.java
cce476034388383a6006555a225e2170f3b4dcd9	04-Aug-2014	Christopher Tate <ctate@google.com>	Sanity-check paths of files to be restored The duplicated implementations are an artifact of an ongoing refactor of the full-data restore code. The adb-specific path will be switched to use the FullRestoreEngine [as has already been done for the 'adb backup' path using the parallel full backup engine], at which point the extra implementation here will be removed, but for now we need to make sure that all bases are covered. Bug 16298491 Change-Id: I9cdb8a1c537939a620208df3cf0e921061b981ad ava/com/android/server/backup/BackupManagerService.java
7dfbaf52db6401ae85588e334be5af751bb813a8	29-Jul-2014	Christopher Tate <ctate@google.com>	Make archive metadata idempotent We want to make sure that the manifest and widget metadata blocks are identical, including their in-stream headers, if we regenerate the archive without underlying filesystem changes. Bug 15968355 Change-Id: I828b264545d19e1d865d98d5723915d02fafc012 ava/com/android/server/backup/BackupManagerService.java
c17739d112d8e7076924c7fdd98614abafd58609	29-Jul-2014	Christopher Tate <ctate@google.com>	Provide outside-facing API for data management intent+label Bug 16346320 Change-Id: I3f4c2f4b700c77880ba3d8db7c92cdb404763d0d ava/com/android/server/backup/BackupManagerService.java
5eeb59cceb1f95813c548c1c5937f161c1ed3571	22-Jul-2014	Christopher Tate <ctate@google.com>	Schedule full backups Initial policy: at most daily; backups only run when the device is idle + charging + on an unmetered network. Bug 16485874 Change-Id: I5665d890a943bac765adcef14be79d7dba6ce078 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/FullBackupJob.java
7ff106c20d403e3217f5f384e63737285e2668a2	25-Jul-2014	Christopher Tate <ctate@google.com>	A couple of restore fixes: * Fix crasher after transport-level failure attempting to ask for the name of the next package to be restored * Current-dataset single-package restore path no longer requires that the package have its own backup agent. Bug 16548983 Change-Id: Id37f2f0e6075d53c414d9a997bf738bbf0cfff8b ava/com/android/server/backup/BackupManagerService.java
a4e4d68f08c1d48a3cdcf83617468370366d03d4	23-Jul-2014	Christopher Tate <ctate@google.com>	Handle single-package restores properly Bug 16346405 Change-Id: I69e3288f5a9d68d818fad6a2cd4b27ad45c1007e ava/com/android/server/backup/BackupManagerService.java
f7cbb1fc25223bbf793f7128280ee4b00d509eb0	22-Jul-2014	Christopher Tate <ctate@google.com>	Always check restore against the latest backend metadata Bug 16484934 Change-Id: I472a7db89a94b9804f6ea94c25da206dd111a497 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/PackageManagerBackupAgent.java
89101f7fe89134a609459e80f779c1a5114e562a	18-Jul-2014	Christopher Tate <ctate@google.com>	Tear down agents properly at EOD in full restore The restore engine wasn't tearing down the bound agent after reaching the end of data for the app, and furthermore was allowing the restore operation to resume running the queue before all data had been delivered to the current target. Also make LocalTransport deliver data in 2K chunks rather than 32K, as a first step towards making its timing characteristics more like we'll see in networked situations. Finally, added a bunch of MORE_DEBUG output for finding odd bugs like this. Change-Id: Icdbe6a070af6cc7c708a938ad044108d40ebce9a ava/com/android/server/backup/BackupManagerService.java
5f7f252b451f94bc09e2e5b880e026c28a9c2d0b	18-Jul-2014	Christopher Tate <ctate@google.com>	Properly end full restore attempt if getNextFullRestoreDataChunk() fails Don't just drop the error return on the floor and retry (forever!). Change-Id: I5f0ef2d09ea286d813add69517f865e474341b43 ava/com/android/server/backup/BackupManagerService.java
2e40d115ca4332d88424d1b591fdd8d5f78d1831	15-Jul-2014	Christopher Tate <ctate@google.com>	Add BackupAgent.onRestoreFinished() callback The agent's onRestoreFinished() method is called after all available data has been delivered to the app, whether via the key/value restore API or the full-data file-at-a-time API. This gives the app a stable opportunity to do any postprocessing that might be appropriate. Also fixes a lingering bug in the framework's handling of backup agent lifetimes. In cases where an existing agent instances was being rebound, the framework was forgetting to notify the dependent that the agent was available. This was causing timeouts and restore failure. Bug 16241004 Change-Id: I3f52b299312d30d38b0cba63a2cfaeb934991ef2 ava/com/android/server/backup/BackupManagerService.java
a176d22110a1670f363ba0f745f127d2b6ca2350	16-Jul-2014	Christopher Tate <ctate@google.com>	Always call finishBackup() if performFullBackup() succeeded Even if we later get an error from sendBackupData() we need to give the transport its teardown callback. This simplifies the transport logic considerably. Change-Id: Ib8c0e210d4a876ee6b083a4d619dfccc462da4e5 ava/com/android/server/backup/BackupManagerService.java
a7835b6b6b00923b608a6bc3194e7840f67de7a8	12-Jul-2014	Christopher Tate <ctate@google.com>	Add Context.getNoBackupFilesDir() This is an app-private filesystem space exactly like the one reported by Context.getFilesDir(), with one exception: files placed here are never backed up by the full-backup infrastructure. If an app attempts to back up any of its contents via the normal API it's immediately ignored with a logged warning. The restriction is also enforced on the restore side, because apps using support libraries might wind up creating full backup archives containing no_backup subdirs on pre-L devices (via adb backup, Helium, &c.). We check for this before passing the restore data to the app, and drop it if we detect the situation so that the app never sees the bits. Bug 16240573 Change-Id: I11216a391f1d32117ec7ce15aafc9cd93d0337de ava/com/android/server/backup/BackupManagerService.java
8f1bb3a0d47a4cb34471464dff2af932772a7ade	08-Jul-2014	Christopher Tate <ctate@google.com>	Fix NPE in platform restore Bug 16061451 Change-Id: I79d7913455886828a493a0c4ea850d259bfeeeab ava/com/android/server/backup/BackupManagerService.java
d746057f2414cba2bdc69257cc5be8cb681bb592	07-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Change new file installs to be cluster-based! Now that all the other pieces are in place, we're ready to start installing new file-based packages as a cluster (the new unified directory-based layout). This greatly simplifies the renaming process. Also add helper methods to ApplicationInfo to give a much clearer mapping between it and internal field names, since we can't change the public API. Add recursive restorecon(). Bug: 14975160 Change-Id: I72a63c5ddbc594c2fec4a91dd59f73ef253fbfd7 ava/com/android/server/backup/BackupManagerService.java
51fea57e06fcb1dab1d239a5fff6e75ba2b7cee7	24-Jun-2014	Christopher Tate <ctate@google.com>	Refactor restore to deal with heterogeneous datasets Transport-based restore now handles both key/value and full-data (stream) data delivery. Also: PMBA now holds metadata for all apps, not just those with backup agents. Since we need to consult this for every restore- at-install operation we cache this locally now, tagged per transport and per remote dataset, to avoid having to re-download it as part of every future restore operation. Also fixed a bug in LocalTransport that was preventing restore of key/value datasets, i.e. all of them that were nominally available prior to this change. NOTE: at present there is no automatic full-data backup; if for testing purposes you need to create some to then use for restore, you still need to use 'bmgr fullbackup ...' to push them. NOTE: at present the unified transport restore uses a refactored "engine" implementation to handle stream data that encapsulates the existing "adb restore" implementation. However, the adb restore code path has not yet been refactored to wrap the newly- extracted engine version; it still contains its own copy of all the relevant logic. This will change in a future CL, at which point offline/USB archive restore will simply wrap the same shared stream-restore engine implementation. Bug 15330073 Bug 15989617 Change-Id: Ieedb18fd7836ad31ba24656ec9feaaf69e164af8 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/PackageManagerBackupAgent.java
6a49dd087f29cfca82d55dfabeb97439ef84b508	17-Jun-2014	Christopher Tate <ctate@google.com>	Tweak restore API We need the transport to tell the system not only what package it's going to deliver data for next, but also what format that data is in. Change-Id: I989cf78febf923a4208acb33ed80ccc7869356f5 ava/com/android/server/backup/BackupManagerService.java
9ff53a7100b1a40f5d2df3eb19a2f3f2fff39a46	04-Jun-2014	Christopher Tate <ctate@google.com>	Implement full data backup through transport Currently no timed/scheduled full-data backup operations are performed by the OS, but the plumbing is now in place and can be tested using 'adb shell bmgr fullbackup pkg [pkg2 pkg3 ...]'. The LocalTransport test transport implementation has been augmented to support the new full-data backup API as well. In addition, 'adb backup' now takes the -compress/-nocompress command line options to control whether the resulting archive is compressed before leaving the device. Previously the archive was always compressed. (The default is still to compress, as it will usually reduce the archive size considerably.) Internally, the core implementation of gathering the full backup data stream from the target application has been refactored into an "engine" component that is shared by both 'adb backup' and the transport-oriented full backup task. The archive file header generation, encryption, and compression logic are now factored out of the engine itself instead of being hardwired into the data handling. Bug 15329632 Change-Id: I4a044faa4070d684ef457bd3e11771198cdf557c ava/com/android/server/backup/BackupManagerService.java
4dd2635bf501ad1a1adc22a6ceb4c66cd61a1a23	03-Jun-2014	Christopher Tate <ctate@google.com>	Add full-backup stream API to BackupTransport Also started migrating the definition of transport success/failure constants into BackupTransport to make them permanent. The new methods are not yet plumbed in; this is just to allow forward progress against a proposed stable API. Bug 15329632 Change-Id: I27472e09b831350c140b9fa548ebda3af334eb1a ava/com/android/server/backup/BackupManagerService.java
f97c63350abcc6715ba9fdc21fd3405d0f7ba716	29-Apr-2014	Elliott Hughes <enh@google.com>	Move internal libcore.os users over to android.system. Change-Id: I84e1ace19ba3b4e58d7bb24f3ecda1bdf5dc75a5 ava/com/android/server/backup/BackupManagerService.java
d4659698fe2c8d854089138000ec24193d8359b8	09-Apr-2014	Christopher Tate <ctate@google.com>	Don't crash on null installer package bookkeeping. Bug 13906859 Change-Id: I926ccc5620abae8b97bd2b7de21b82b7729e78dd ava/com/android/server/backup/PackageManagerBackupAgent.java
a99d02170bc0e54f729b2b735571c8eea8d5034d	05-Apr-2014	Christopher Tate <ctate@google.com>	Back up the preferred home app, if any If the user has stated a preference about their home app, make sure we capture that so that a system restore can return them to that preferred situation. It's built into the system metadata so that we can, if necessary, fast-path configuration of that home app while the rest of the restore operation is in flight. Change-Id: I64dfee8f7a2a9e40f556cd19298d7b367c6aa8dc ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/PackageManagerBackupAgent.java
cba5941c6085dab1566bc047c1ea31f58a2dd4cf	01-Apr-2014	Christopher Tate <ctate@google.com>	Rejigger the invalid-key checks at backup time Bug 13732002 Change-Id: Ic8f71234d1bbc7420eaa8e1762b999d09f308d46 ava/com/android/server/backup/BackupManagerService.java
adfe8b86e9178a553b6db9722340fa4ff5201cf1	05-Feb-2014	Christopher Tate <ctate@google.com>	App widget backup/restore infrastructure Backup/restore now supports app widgets. An application involved with app widgets, either hosting or publishing, now has associated data in its backup dataset related to the state of widget instantiation on the ancestral device. That data is processed by the OS during restore so that the matching widget instances can be "automatically" regenerated. To take advantage of this facility, widget-using apps need to do two things: first, implement a backup agent and store whatever widget state they need to properly deal with them post-restore (e.g. the widget instance size & location, for a host); and second, implement handlers for new AppWidgetManager broadcasts that describe how to translate ancestral-dataset widget id numbers to the post-restore world. Note that a host or provider doesn't technically need to store any data on its own via its agent; it just needs to opt in to the backup/restore process by publishing an agent. The OS will then store a small amount of data on behalf of each widget-savvy app within the backup dataset, and act on that data at restore time. The broadcasts are AppWidgetManager.ACTION_APPWIDGET_RESTORED and ACTION_APPWIDGET_HOST_RESTORED, and have three associated extras: EXTRA_APPWIDGET_OLD_IDS EXTRA_APPWIDGET_IDS EXTRA_HOST_ID [for the host-side broadcast] The first two are same-sized arrays of integer widget IDs. The _OLD_IDS values are the widget IDs as known to the ancestral device. The _IDS array holds the corresponding widget IDs in the new post- restore environment. The app should simply update the stored widget IDs in its bookkeeping to the new values, and things are off and running. The HOST_ID extra, as one might expect, is the app-defined host ID value of the particular host instance which has just been restored. The broadcasts are sent following the conclusion of the overall restore pass. This is because the restore might have occurred in a tightly restricted lifecycle environment without content providers or the package's custom Application class. The _RESTORED broadcast, however, is always delivered into a normal application environment, so that the app can use its content provider etc as expected. All widget instances that were processed over the course of the system restore are indicated in the _RESTORED broadcast, even if the backing provider or host is not yet installed. The widget participant is responsible for understanding that these are promises that might be fulfilled later rather than necessarily reflecting the immediate presentable widget state. (Remember that following a cloud restore, apps may be installed piecemeal over a lengthy period of time.) Telling the hosts up front about all intended widget instances allows them to show placeholder UI or similarly useful information rather than surprising the user with piecemeal unexpected appearances. The AppWidgetProvider helper class has been updated to add a new callback, onRestored(...), invoked when the _RESTORED broadcast is received. The call to onRestored() is immediately followed by an invocation of onUpdate() for the affected widgets because they will need to have their RemoteViews regenerated under the new ID values. Bug 10622506 Bug 10707117 Change-Id: Ie0007cdf809600b880d91989c00c3c3b8a4f988b ava/com/android/server/backup/BackupManagerService.java
cb20740ee171de3e604c07cdd02963d4d08a5fc9	06-Mar-2014	Christopher Tate <ctate@google.com>	Fix build. Silly gits. Change-Id: I8f21b7239621da500d9a73eb17d350e06dda9b20 ava/com/android/server/backup/BackupManagerService.java
ff8b037c10a7ce90cbb6130b49c8cb076e1e7c0f	05-Mar-2014	Christopher Tate <ctate@google.com>	am 777b8a80: am 422b2656: resolved conflicts for merge of c45ff35f to klp-modular-dev * commit '777b8a808ee76401429f7210ebb7194632040d45': Adapt to underlying changes in the PBKDF2 implementation Change-Id: Ia68694a03e52693fceaedc6740dbd8e690e21257 ava/com/android/server/backup/BackupManagerService.java
5c38516e83f772fe04176f72f2ab7a1094e17430	03-Mar-2014	Christopher Tate <ctate@google.com>	Don't hang installs if the transport disappears Bug 12991308 Change-Id: Ie5d3d27fe565dd4014976f5333e37b5707acb707 ava/com/android/server/backup/BackupManagerService.java
091e8d2aefe39cec85f64d74898354fff596735c	11-Feb-2014	Narayan Kamath <narayan@google.com>	Fix build. com.android.server.SystemServer was no longer imported on master. Change-Id: Ie712aa28940953952aa7a99cbb22f74129649249 ava/com/android/server/backup/BackupManagerService.java
cab8617b8ccea3a99b1ee15e15915c512a10c738	11-Feb-2014	Jeff Brown <jeffbrown@google.com>	am 25df673b: am 1b51c9cb: Merge "Make SystemService constructor take a Context." into klp-modular-dev * commit '25df673b849de374cf1de40250dfd8a48b7ac28b': Make SystemService constructor take a Context.
b880d880c6cd989eacc28c365fc9a41d31900da1	11-Feb-2014	Jeff Brown <jeffbrown@google.com>	Make SystemService constructor take a Context. This change simplifies the process of initializing a SystemService by folding the onCreate() step back into the constructor. It removes some ambuiguity about what work should happen in the constructor and should make it possible for services to retain most of their final fields after refactoring into the new pattern. Change-Id: I25f41af0321bc01898658ab44b369f9c5d16800b ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/BackupManagerSystemService.java
9f97de13359662c2709eed227b3fab2ce7d5dabc	06-Feb-2014	Adam Lesinski <adamlesinski@google.com>	am a5a93f55: am 7f416631: Merge "Check feature bits before loading optional services" into klp-modular-dev * commit 'a5a93f559d337ad5b79716b05ea43707eb779dc8': Check feature bits before loading optional services
898c13df7b9b12ff10062f3542593e12fbe0c119	29-Jan-2014	Adam Lesinski <adamlesinski@google.com>	Check feature bits before loading optional services At startup, we check with PackageManager whether a system service is available before attempting to load it. A system service is available if its associated feature (similar to hardware features) is present. This does not remove unavailable services from the compiled jar. Change-Id: I13571805083aa4e65519a74acb52efd17b9fb3d7 ndroid.mk ava/service.mk
684d6f9f4d1a11069d9c9c1996fbc45cda7e7f04	13-Jan-2014	Christopher Tate <ctate@google.com>	Adapt to underlying changes in the PBKDF2 implementation We need to specify "PBKDF2WithHmacSHA1And8bit" now in order to get precisely the same output as was previously generated with "PBKDF2WithHmacSHA1". We also now try both when it's ambiguous which was used to generate the archive checksums. Bug 12494407 Change-Id: I5443f31a5e13c24f44445768b6e9a6eea221ede6 ava/com/android/server/backup/BackupManagerService.java
e58a49e411327e26b6ad9939833f53c7fa5aef20	21-Dec-2013	Amith Yamasani <yamasani@google.com>	Merge commit '817ec49e' into manualmerge Conflicts: services/print/java/com/android/server/print/PrintManagerService.java Change-Id: I1b9bf364ca50ee3c48f53d87ae0ce23e7f3c2bc2
817ec49e7991d4cac50b2308cd7cf5f8641e1e29	20-Dec-2013	Amith Yamasani <yamasani@google.com>	Wrap some services into a SystemService These services can now be excluded by modifying the list of REQUIRED_SERVICES (TB renamed) Changed appwidget, devicepolicy, backup and print services. Change-Id: Id8e2855d5c045cd57bdb02dca9ed75172803bce7 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/BackupManagerSystemService.java
49782e46c0eb85a25ae2abcf80880c48dbab5aea	20-Dec-2013	Amith Yamasani <yamasani@google.com>	am 9158825f: Move some system services to separate directories * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
9158825f9c41869689d6b1786d7c7aa8bdd524ce	22-Nov-2013	Amith Yamasani <yamasani@google.com>	Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85 ava/com/android/server/backup/BackupManagerService.java ava/com/android/server/backup/PackageManagerBackupAgent.java ava/com/android/server/backup/SystemBackupAgent.java ava/service.mk