Cross Reference: /frameworks/base/services/core/java/com/android/server/MountService.java

History log of /frameworks/base/services/core/java/com/android/server/MountService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
5201f1e61cbeaf3c967840c4200da76d7a3b85dd	30-Sep-2016	Philip P. Moltmann <moltmann@google.com>	Do not access MTP devices when disabled. The USB data transfer is disabled we should not allow access MTP devices (e.g. usb sticks). We have two ways of accessing them: Either by mounting them or by creating a MTPDevice in an app. Of course an app could implement implement their own MTPDevice implementation. In this case we cannot enforce the policy without completely suppressing all MTP USB devices which would be too restrictive. Note: When the policy is set we do _not_ disconnect already connected MTP devices Fixes: 31472955 Change-Id: I6080c48c49657102774b2b3b4d89ff030245a266 /frameworks/base/services/core/java/com/android/server/MountService.java
6ed74182289e84ce13ba99a5d8e7d3e9ee89979a	23-Aug-2016	Jeff Sharkey <jsharkey@android.com>	DO NOT MERGE. Block adoptable storage when using FBE. For adoptable storage and FBE to coexist we need a new dm-biocrypt kernel feature which isn't ready yet. So for now, prevent devices from being adopted on FBE devices. Bug: 30770036 Test: none Change-Id: I51d54d2a8976ed02a03b107545aa094cf68df5d0 (cherry picked from commit 3b7f4b69b7701c57f0eaf0822f93a25fd4d8fa9d) /frameworks/base/services/core/java/com/android/server/MountService.java
85f449eaba207d5d3a72bd091855a02ff019404c	23-Jun-2016	Jeff Sharkey <jsharkey@android.com>	When uninstalling, only kill the requested user. When an app is being uninstalled for a specific user, only kill the app under that user; leave the app running under other users. Bug: 28875343 Change-Id: Ie60753cfd22df10a2b17d8c3732b6f19d2fe1fb9 /frameworks/base/services/core/java/com/android/server/MountService.java
a31460ce1206ad938a809a2e19d51d2283398943	22-Jun-2016	Jeff Sharkey <jsharkey@android.com>	Start primary storage move outside lock. Otherwise there is a potential deadlock when an unsolicited event arrives from vold while we're still waiting for the move operation to be processed. The safe fix here is to kick off the move after dropping the lock. Bug: 29501052 Change-Id: I2160c6a7a19c1d9981c692a2be2b04019352db2e /frameworks/base/services/core/java/com/android/server/MountService.java
123a0e712eabcfec5987f9423e4b5db67231a31a	10-Jun-2016	Felipe Leme <felipeal@google.com>	Check for valid paths when getVolumeList() returns invisible volumes. The FLAG_INCLUDE_INVISIBLE was created to let SM.getStorageVolumes() return mounted volumes (like USB drives), but in the current form it might return invalid volumes. For example, when a SD Card is adopted as an internal storage, it will return 2 volumes instead of one, the "bad" one being: VolumeInfo{emulated}: type=EMULATED diskId=null partGuid=null mountFlags=0 mountUserId=-1 state=UNMOUNTED fsType=null fsUuid=null fsLabel=null path=null internalPath=null As such, we need to filter out those volumes that don't have a path. BUG: 29250241 Change-Id: I3f84b53eac98f31f918d843c70f9d42983e2a438 /frameworks/base/services/core/java/com/android/server/MountService.java
cc70155f3bf18341296aaa2163bd2e7df6997b11	17-May-2016	Paul Crowley <paulcrowley@google.com>	Two phases to set the password for disk encryption Revert "Revert "Two phases to set the password for disk encryption"" This reverts commit a1eb750e75ff7c7ef7698deed4442449c33334c8. Bug: 28154455 Bug: 28694324 Change-Id: I8106bfba28da401b9fd38349c6a9fa9a24f54712 /frameworks/base/services/core/java/com/android/server/MountService.java
a1eb750e75ff7c7ef7698deed4442449c33334c8	10-May-2016	Paul Crowley <paulcrowley@google.com>	Revert "Two phases to set the password for disk encryption" This reverts commit 17e5dce5112fece2d2b9cd070c2f96bf65108e40. Bug: 28694324 Change-Id: I6d89bc26cb429b195c9bcf640666c495617257b7 /frameworks/base/services/core/java/com/android/server/MountService.java
17e5dce5112fece2d2b9cd070c2f96bf65108e40	22-Apr-2016	Paul Crowley <paulcrowley@google.com>	Two phases to set the password for disk encryption In one phase, we make the new password work, and in the second we make it the only one which works ("fixation"). This means that we can set the password in Gatekeeper between these two phases, and a crash doesn't break things. Unlocking a user automatically fixates the presented credential. Bug: 28154455 Change-Id: I18812f9ce753486ce4e33b4fe2cca392b006b39c /frameworks/base/services/core/java/com/android/server/MountService.java
ab15c391ebc1a333d026692af32544a34102d2eb	05-May-2016	Jeff Sharkey <jsharkey@android.com>	Track current user without calling into AMS. From a layering point-of-view, StorageManager is below ActivityManager and it shouldn't be calling upwards, since that risks locking inversions. Instead, track the current user through the existing SystemService callbacks. Bug: 28598527 Change-Id: I02d3277eb26288d3b4e1897f4c9318a6288c9551 /frameworks/base/services/core/java/com/android/server/MountService.java
9de713d42269a5888d31423b74d4203dce382853	03-May-2016	Paul Lawrence <paullawrence@google.com>	Revert "Don't enforce this API - it's not sensitive" This reverts commit 895504e55788c5c7fd90830dcf01c41a79ca7fe4. Also adds a change to device manager to prevent failure there as in the bug below. Bug: 28512889 Change-Id: I4a445ec365133e9e2764e2d625d61fc6ee2008ec /frameworks/base/services/core/java/com/android/server/MountService.java
895504e55788c5c7fd90830dcf01c41a79ca7fe4	02-May-2016	Paul Lawrence <paullawrence@google.com>	Don't enforce this API - it's not sensitive Also it breaks device manager b/28512889 Change-Id: I0006461c6a76bc1b7d19f9b07bec35b6807a4f96 /frameworks/base/services/core/java/com/android/server/MountService.java
0bbd108aa1fee8c69bbaf41990d3f3d8a99d54cb	27-Apr-2016	Paul Lawrence <paullawrence@google.com>	Check permission on clearPassword and other CryptKeeper APIs Note - this should only ever be called from LockScreen after getting the password to avoid the double prompt Bug: 28376346 Change-Id: Ic44df4fdcc23408c56b1b9375deed1c6ad2af544 /frameworks/base/services/core/java/com/android/server/MountService.java
ce18c8167766f92856f94a8e88e19de4698960e6	28-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Introduce "unlocking" vs "unlocked" nuance. There is a narrow window of time during user unlock where we're reconciling user storage and dispatching the "unlock" status to various internal system services. While in this "unlocking" state, apps need to be told that the user still isn't actually "unlocked" so they don't try making calls to AccountManager, etc. The majority of internal services are interested in merging together both the "unlocking" and "unlocked" state, so update them. Clarify naming in AccountManagerService to make it clear that a local list is being used, which mirrors the naming in MountService. To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch after the user is unlocked, but block BOOT_COMPLETED dispatch until after all PRE_BOOT receivers are finished to avoid ANRs. Bug: 28040947, 28164677 Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce /frameworks/base/services/core/java/com/android/server/MountService.java
fcf1e55821b694df3b8434f40aa3b6d3c3e7ea50	15-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Consistent creation/destruction of user data. Preparing and destroying users currently needs to be split across installd, system_server, and vold, since no single party has all the required SELinux permissions. When preparing user directories on a storage device, always enforce the serial number and destroy data if we run into a mismatch. When deleting a user, write the updated user list first before we start destroying data. Also start reconciling users on internal storage at boot, so we can recover from stale data left behind from partially destroyed users. Check both CE and DE user directories when reconciling user storage on a newly mounted storage device. Bug: 27896918 Change-Id: I4536c82b0196e2720628c4f73fccb742c233350b /frameworks/base/services/core/java/com/android/server/MountService.java
b026b6a40f69d8068e4f9fd6324c81607191995d	12-Apr-2016	Seigo Nonaka <nona@google.com>	Merge "Fix incorrect boot time locale." into nyc-dev
33dd156ed0ed839c5e77beb116f6f1a9566416e3	07-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Give users and devices control over sdcardfs. Instead of relying only on kernel support for sdcardfs, give each device the ability to quickly toggle between sdcardfs and FUSE. Also add the ability to users to explicitly enable/disable the behavior for testing and debugging purposes. Bug: 27991427 Change-Id: Ia57f12f6ead888ab85101004bdd8c8003537b116 /frameworks/base/services/core/java/com/android/server/MountService.java
6855c48093e109c92df39340a8355a3be2540b8e	31-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Skip mounting sdcardfs in core mode. There's no point in mounting it, since it's living on top of a tmpfs that will be discarded in a few moments once the user authenticates. Bug: 27932087 Change-Id: I2df2da0136eac6cc27aa402fb9b00cfd23d562a8 /frameworks/base/services/core/java/com/android/server/MountService.java
4963dfe61295e1eed947956c689a70a34526997c	31-Mar-2016	Seigo Nonaka <nona@google.com>	Fix incorrect boot time locale. To show the localized message, MountManager keeps the last set locale string in the crypto header and set it at the very early boot stage. However by my change[1], the locale information is stored in Settings not in ICU. It is not available before decrypting the data directory. So, when ActivityManagerService obtains the configuration by Settings.System.getConfiguration, the locale set by MountManager will be overwritten by empty locale list, then always English message is shown as the result of fallback. To fix this issue, need to call updatePersistentConfiguration instead of updtaeConfiguration to write the configuration value to the Settings. Calling updatePersistentConfiguration is safe since this value won't be used after boot. [1] If57e13cc4179ff6299c71b4ab030f9d856748dea Bug: 27507829 Change-Id: Icdffd88d41fc134b6f9b4cd1bc4c77db655b1477 /frameworks/base/services/core/java/com/android/server/MountService.java
7732e1e544e89d4a79368c0025901da62f7226a5	31-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Fix RootsCache invalidation bugs. When RootsCache is still running and it detects a provider/package change, it needs to force reload roots. Also fix cache invalidation bug in ContentService to allow for Uri prefix matches. Mark internal storage broadcasts with flag to bypass new background checks. Bug: 27759529 Change-Id: I9d9c6fe15d8640ff56ae7214afb3bac673682c28 /frameworks/base/services/core/java/com/android/server/MountService.java
cd57599273738c30cc209894d1f87731c9defb16	29-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Delay vold connectors until published, fix NPE. If they connect too quickly, PackageManager could end up trying to obtain the yet-unpublished MountService. Fix NPE in UserManagerService when trying to persist fingerprints, and fix write ordering to always write [id].xml before userlist.xml to avoid battery pull issues. Simlarly, delete [id].xml only after updating userlist.xml. Bug: 27869443 Change-Id: I43d8552e5e37b9ca4137cca3e3e76684c7dee605 /frameworks/base/services/core/java/com/android/server/MountService.java
c02bfae73e139f2a1c56cc6b051bfc7877b8cf1d	27-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Include "invisible" volumes in new storage API. The purpose of the new StorageVolume API is to grant access to volumes that aren't typically "visible" to a developer, so include them in the returned results. Also return the real mounted state instead of augmenting based on the caller's storage permissions. Clean up API naming slightly and return as List. Bug: 27615770 Change-Id: Ida921a4b91e5af81e418e76f672d9108f45a9781 /frameworks/base/services/core/java/com/android/server/MountService.java
5a785168975f43a4c6b848342d4439ed1689b2fa	21-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Check "Secure start-up" before toggling emulation. To fully emulate FBE we need to avoid the Cryptkeeper bounce, so check to make sure user has disabled "Secure start-up" so vold can unlock early during boot. Bug: 27595501 Change-Id: Ic0d03f94982534381671e1039f14d1fd06bc0e4e /frameworks/base/services/core/java/com/android/server/MountService.java
8a372a0a280127743ce9a7ce4b6198c7a02d2a4f	16-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Refactoring FBE APIs based on council feedback. Mostly consists of removing the word "encryption" from most APIs, since we can't actually make promises about the data being encrypted. Bug: 27531029 Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625 /frameworks/base/services/core/java/com/android/server/MountService.java
20be5d62471d520eed3a52d90c11944464a71c07	26-Feb-2016	Paul Lawrence <paullawrence@google.com>	Add API to IMountService to get encryption state Bug: 18002358 Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1 /frameworks/base/services/core/java/com/android/server/MountService.java
1176e51b49fdc2bf04e48eabe2213b079078619e	01-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Need to clear identity when rebooting for FBE. Bug: 27412530 Change-Id: I6d5b925a16daefd1b6906ce036faeb6244d503fb /frameworks/base/services/core/java/com/android/server/MountService.java
d94ab7315298f4e05e967198bcfca72075e2b14d	15-Feb-2016	Paul Crowley <paulcrowley@google.com>	Send extra argument to unlock_user_keys on non-FBE startup Non-FBE startup has a loop which sets up the appropriate lock state for each user depending on whether FBE is being emulated; this loop calls unlock_user_keys when emulation is off. I didn't modify this loop when adding the extra arguemnt to unlock_user_keys. Bug: 27155768 Change-Id: I825a61552383552eafb88c77c1f30591bdfd077c /frameworks/base/services/core/java/com/android/server/MountService.java
8212ae0aee1700b9c287ebadf15af8dacdc8eae6	10-Feb-2016	Jeff Sharkey <jsharkey@android.com>	Consistent naming for internal storage APIs. Also completely remove a few confusingly named deprecated APIs. Change-Id: Ia7e4ea3190a97f0a7dfa9bebf2118da0866ec38f /frameworks/base/services/core/java/com/android/server/MountService.java
faeb3eb0ba190e6d6cfe2b82ce20af587848de57	08-Feb-2016	Paul Crowley <paulcrowley@google.com>	Password security for FBE disk encryption keys Add the means to protect FBE keys with a combination of an auth token from Gatekeeper, and a hash of the password. Both of these must be passed to unlock_user_key. Keys are created unprotected, and change_user_key changes the way they are protected. Bug: 22950892 Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30 /frameworks/base/services/core/java/com/android/server/MountService.java
47f7108c1270a9e81d9560b6b0570c659bb93a71	02-Feb-2016	Jeff Sharkey <jsharkey@android.com>	Prepare user storage just before using it. Wire up preparing of user-specific app storage to existing user lifecycle hooks. This way we're sure the storage is ready to roll just before we start reconciling app data directories. This also has the nice property that we only prepare storage when we know that keys are unlocked. Bug: 25796509 Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1 /frameworks/base/services/core/java/com/android/server/MountService.java
fd7d57ed28d98cd43b882d67dccbc12007c2736f	29-Jan-2016	Daichi Hirono <hirono@google.com>	Mount appfuse in process namespace. BUG=26148108 Change-Id: Ib2fa330a9da27a875e5456ded71c05d32e2b77dd /frameworks/base/services/core/java/com/android/server/MountService.java
cd65448ccd13c4c2d0fe9e9623fec3a898ab9372	09-Jan-2016	Jeff Sharkey <jsharkey@android.com>	Even more PackageManager caller triage. Finish moving all UID/GID callers to single AIDL method that requires callers to provide flags. Triage AppWidgets and PrintServices, which currently can only live on internal storage; we should revisit that later. Fix two bugs where we'd drop pending install sessions and persisted Uri grants for apps installed on external storage. Bug: 26471205 Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd /frameworks/base/services/core/java/com/android/server/MountService.java
e442872eaa1684d6aa7461642911f12931b2e7b5	22-Dec-2015	Daichi Hirono <hirono@google.com>	Merge "Unmount appfuse when the device FD is closed."
91e3b50636f48f0860fa7576f185fb36ec4e6dc7	16-Dec-2015	Daichi Hirono <hirono@google.com>	Unmount appfuse when the device FD is closed. The CL lets MountService to observe device FD, and request unmount to vold when the device FD was closed, or remote application providing appfuse is crashed. BUG=25756420 Change-Id: I7990694d32affa7f89e3f40badb25098d74d744d /frameworks/base/services/core/java/com/android/server/MountService.java
6348654ab09848f9bfde695f2b0d8aa0d6492773	21-Dec-2015	Daichi Hirono <hirono@google.com>	Merge "Add AppFuse class and its JNI module."
bee50c05439191d88df37f20749fff1c700d9684	14-Dec-2015	Daichi Hirono <hirono@google.com>	Add AppFuse class and its JNI module. BUG=25756145 Change-Id: I10597e3377cf860412e006a118cd979b6f108af3 /frameworks/base/services/core/java/com/android/server/MountService.java
5217cacbd9f382068bb9e176cd5a0b15388a335c	20-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Make JobSchedulerService encryption aware. When a user is started, but a persisted job component doesn't appear in the normal resolution list, we avoid enqueuing the job. Later when the user is unlocked, we take another pass over the pending jobs to see if they became available. Load keyboard layouts from XML metadata regardless of crypto status, since we don't need to spin up any remote code. Add MATCH_SYSTEM_ONLY to make system logic easier to write when looking for trusted components. Sprinkle more annotations on ArrayUtils methods. Bug: 26279465 Change-Id: Iec28e0bb46862b07d740b12a79f6360de68dab0f /frameworks/base/services/core/java/com/android/server/MountService.java
2a9e3f8e6813716ab88ca54fd04ae047dc9aaaeb	18-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Better named encryption flags, start triaging. Create distinct flags for encryption aware, unaware, and both, and name them like the other MATCH_ flags. Start adding logic to help triage all system internal callers to verify that they've done their homework and thought about how to handle apps while locked. Call sites in the system should either ask for explicit matching behavior, or explicitly use the DEFAULT match flag to indicate that they've been triaged to use the default state-based matching. Bug: 26250295 Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107 /frameworks/base/services/core/java/com/android/server/MountService.java
5b0e5207e1b2de9fd533fa444b8d9a0acadd1513	19-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Point "unlocked" logic at lower level. There is a race when starting a non-encryption-aware launcher before we've gone through the user lifecycle to enter the "running unlocked" state. This can cause the launcher to choke when it's denied access to widgets that are still considered locked. For now, relax the notion of a user being unlocked to reflect the on-disk state, instead of looking at the user lifecycle. Also add logging of encryption commands. Bug: 26267450 Change-Id: Ie330d07418cf10413e0b4380f6d6781684f01952 /frameworks/base/services/core/java/com/android/server/MountService.java
c4dd021322d38ea32ac49930e904b6d08ce6490c	18-Nov-2015	Lenka Trochtova <ltrochtova@google.com>	Introduce ephemeral users. BUG: 24883058 Change-Id: I2e1d6aa184142c2a3dc0415c0cd407573453cf41 /frameworks/base/services/core/java/com/android/server/MountService.java
ce14cd01411c384b3b979a9f662bf3cd5f9e7183	07-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Mount storage after unlock, fix leaving emulation. Delay mounting of storage devices until after the user is unlocked, which means any emulated storage areas will be ready for use. Track separate per-user unlocked states for local versus system lifecycle state. Switch to explicitly lock or unlock user keys during boot of a device without native FBE support. This allows us to recover when the user has disabled emulated FBE. Force reboot when changing FBE emulation state. Bug: 26010607, 26027473 Change-Id: Idaf8b63e69f886ddbd848a9fab6d143a5fd10500 /frameworks/base/services/core/java/com/android/server/MountService.java
b9fe53705ca851c39abe44e980219fd6733bf821	03-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Attempt to unlock users with null token. When starting a locked user, try unlocking their storace will a null token, which will typically succeed if there is an insecure lockscreen (no PIN or pattern). For users with a secure lockscreen, pass through a stub token for now to indicate that it came from a user challenge. Eventually we'll hook that up to gatekeeperd. Without this, we were only unlocking users with secure lockscreens. Bug: 25943941 Change-Id: Ia0324d50f43f55dfe0b8366793ddc5d25d885922 /frameworks/base/services/core/java/com/android/server/MountService.java
8924e8759f9a8cffb5ad538ca40a7826793aac07	30-Nov-2015	Jeff Sharkey <jsharkey@android.com>	Wire up lifecycle, send unlocked broadcast. When the correct lock pattern is presented, ask the system to also unlock credential-encrypted storage, if enabled. The token passed along is empty for now, but can be wired up to gatekeeper in the future. During each system boot, ask vold to lock all users keys to give us a known starting state. This also has the effect of chmod'ing away any CE data when in emulation mode. Define and send a new foreground broadcast when the CE storage is unlocked for the first time. Add stronger last-ditch checking for encryption-awareness before starting an app. Bug: 22358539 Change-Id: Id1f1bece96a2b4e6f061214d565d51c7396ab521 /frameworks/base/services/core/java/com/android/server/MountService.java
ba51235ef5c598d845b77fcf14491329493da34f	13-Nov-2015	Jeff Sharkey <jsharkey@android.com>	More file-based encryption work. Add new "am unlock-user" command so we can trigger changes from the command line. Move FBE check to static method so it can safely be called early during boot before the mount service is ready. Move FBE emulation to persisted system property, and start reading/writing that value. Change default permission grants to ignore current encryption-aware flags, since many of the target apps aren't crypto aware. Always prepare package data directories, which is how we create the new "user_de" paths during boot. Bug: 22358539 Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621 /frameworks/base/services/core/java/com/android/server/MountService.java
9e8d9e250b4e3fe8e57072072ed84b5dea0a19d3	13-Nov-2015	Daichi Hirono <hirono@google.com>	Add a mehtod definition to StorageManager for appfuse. BUG=25091416 Change-Id: Id4d4a000daf89fab4917528fcd0d1270547fbfa4 /frameworks/base/services/core/java/com/android/server/MountService.java
f9fc6d6cc05595241bc7ced6d4cab97b45f9b901	09-Nov-2015	Jeff Sharkey <jsharkey@android.com>	More file-based encryption work. Add granular StorageManager APIs for key creation/destruction and unlocking/locking. Start passing through an opaque token as part of the unlock command, but leave it empty for now. We now have a separate "prepare" method that sanity checks that user directories are correctly setup. Define a handful of system properties used for marking devices that should be operating in FBE mode, and if they're emulating FBE. Wire a command to "sm", but persisting will come later. Start using new "encryptionAware" flag on apps previously marked with coreApp flag, which were apps running in the legacy CryptKeeper model. Small tweaks to handle non-encryptionAware voice interaction services. Switch PackageManager to consult StorageManager about the unlocked state of a user. Bug: 22358539 Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6 /frameworks/base/services/core/java/com/android/server/MountService.java
9548b380d98cf5fe2e3b0102e283e5e3b39a8968	05-Nov-2015	Paul Lawrence <paullawrence@google.com>	Merge "Add developer option to convert from FDE to FBE"
3806d9c562c4391dd523a18145a76c8e359061c3	29-Oct-2015	Paul Lawrence <paullawrence@google.com>	Add developer option to convert from FDE to FBE This set of changes adds the screen that offers this conversion, and the plumbing so the option is only available on suitable devices. It does not implement the conversion mechanism.Add conversion from FDE to FBE Change-Id: Idf7bc834f30b3d1b0473e0a53c985ef01dd0ad18 /frameworks/base/services/core/java/com/android/server/MountService.java
965da39942f9a8736f785f7c57a6c351a8c89d6b	28-Oct-2015	Clara Bayarri <clarabayarri@google.com>	Create a File Based Encryption check API Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31 /frameworks/base/services/core/java/com/android/server/MountService.java
8948c01eb726ec79983472e5597ddac8004f9f44	03-Nov-2015	Jeff Sharkey <jsharkey@android.com>	Yell when calling installd with PM lock held. As a matter of policy, we should never be holding the mPackages lock while calling down into installd. This little bit of logic helps us catch accidental cases where this happens. Change-Id: I676c81df43ef936ffd36290d45a79429630c1b4b /frameworks/base/services/core/java/com/android/server/MountService.java
e41dc59657f6345e35587504cff6cf44f6fcaa6e	03-Nov-2015	Jeff Sharkey <jsharkey@android.com>	Yell if NDC callers are holding bad locks. The current MountService design heavily depends on down-callers not holding any locks, since the vast majority of events are unsolicited and bubble up to the framework. This simple API gives us an easy way to track down people calling while holding a lock they shouldn't be. Bug: 25443096 Change-Id: Ifcbda95f00d5be8c1b88d58ca67927e76c713c3e /frameworks/base/services/core/java/com/android/server/MountService.java
5a9bb74574aecfbf6f36dc716384f31f3180b8f4	03-Nov-2015	Jeff Sharkey <jsharkey@android.com>	Fix deadlock when calling down to vold. Gotta put down the lock before you can play the saxophone. Bug: 25443096 Change-Id: I008c3a8530a2181aad20985e157c6f63208444ee /frameworks/base/services/core/java/com/android/server/MountService.java
d76d1d25cb1fb8731e212a732b60efd08fb19173	21-Oct-2015	Paul Lawrence <paullawrence@google.com>	Merge "Don\'t include password on default encryption command" into mnc-dr-dev am: 68521fd7ce am: 29c5fb2646 am: eab4352d9b am: 74a3281e9c * commit '74a3281e9c7ec37ffcc826ee7ac8cdd4b57dfab8': Don't include password on default encryption command
68521fd7ce5e87a4e752569b5691b75d441e8a48	21-Oct-2015	Paul Lawrence <paullawrence@google.com>	Merge "Don't include password on default encryption command" into mnc-dr-dev
621b3fc7a94a9b1bbbb230f264899299a806237b	02-Oct-2015	Xiaohui Chen <xiaohuic@google.com>	Cleanup USER_OWNER in mount service Also removed a failing unit test and the related code which is now deprecated. Bug: 19913735 Bug: 24064753 Change-Id: I9b11130b52caeb0ad890cc6adaaf7fb2fc7b5db6 /frameworks/base/services/core/java/com/android/server/MountService.java
e4de5a0d3b6e0c897c1cea0912b58e11db962365	23-Sep-2015	Xiaohui Chen <xiaohuic@google.com>	Cleanup OWNER references. Bug: 19913735 Change-Id: I2150c6baaab80fe11312e4401394a2a8da52e595 /frameworks/base/services/core/java/com/android/server/MountService.java
2e846c25b3a414faa936248f81fc43a495d0d072	10-Sep-2015	Jeff Sharkey <jsharkey@google.com>	am 2f12ee71: am a8831ba8: am 5b9f8dd7: am 2ebbf4c8: Merge "Special interval value to always run benchmarks." into mnc-dr-dev * commit '2f12ee718338d4a40261c605a1fc881e6f6d5893': Special interval value to always run benchmarks.
e83d8a993d91ae1c2808008ec688722162157788	09-Sep-2015	Jeff Sharkey <jsharkey@android.com>	Special interval value to always run benchmarks. When interval is set of 0, always run benchmarks after every fstrim pass, which is roughly daily. We don't actually track the last benchmark time for internal storage, so this is the best way we have to enable this. Also disable benchmarking completely when interval is set to -1. Bug: 23942769 Change-Id: I11edfda063aac6e927c6cce56567169ebe83cb71 /frameworks/base/services/core/java/com/android/server/MountService.java
5096d9e13e2cdfe9f9e78ebc4e551327bfb2c171	09-Sep-2015	Paul Lawrence <paullawrence@google.com>	Don't include password on default encryption command Bug: 22989588 Change-Id: I6f5b84519cb357af8461257654e382980b874486 /frameworks/base/services/core/java/com/android/server/MountService.java
87a38b5991713f272010159081ea3b12ef7a6bbe	24-Jul-2015	Yasuhiro Matsuda <mazda@google.com>	Do not broadcast VOLUME_STATE_CHANGED before boot has completed. This is for avoiding unnecessary launch of processes which receive VOLUME_STATE_CHANGED (e.g. com.android.externalstorage) duting boot. This change improves boot time by ~200 ms. BUG: 22163689 Change-Id: I76d39695552d49b6188bad8fdae81c5744013396 /frameworks/base/services/core/java/com/android/server/MountService.java
85b3d0347955d7244f7d5b89f80482a73e70a0ed	07-Aug-2015	Amith Yamasani <yamasani@google.com>	am 1fbc1b3b: Merge "Fix partial user cleanup on restart" into mnc-dev * commit '1fbc1b3b4b742cdba25d32d65a9813933a37005f': Fix partial user cleanup on restart
a7892486c2100d99abef355f2bd2c919e6516a6d	07-Aug-2015	Amith Yamasani <yamasani@google.com>	Fix partial user cleanup on restart Internal volume was not available during PackageManagerService creation, which resulted in a zombie user's folder not being cleaned after a reboot. Add the internal volume earlier in the boot cycle so that it can be accessed for user cleanup. Bug: 22483086 Change-Id: I8f3ffbb25f3902d00a96d1ee2d7a79373c5e35b7 /frameworks/base/services/core/java/com/android/server/MountService.java
d4842c374ab8f5578c8faca5a7e3f8d90bd7fab3	04-Aug-2015	Jeff Sharkey <jsharkey@google.com>	am 0faca96f: Merge "Avoid deadlock by broadcasting outside lock." into mnc-dev * commit '0faca96f939b8530e5387a30e317d852f39f689f': Avoid deadlock by broadcasting outside lock.
abc3e85b3c84c8fce37b4622d1f7c986a72a3961	03-Aug-2015	Jeff Sharkey <jsharkey@android.com>	Avoid deadlock by broadcasting outside lock. We can end up in a rare tangled mess when sending broadcasts while PackageManager is still trying to deal with scanAvailableAsecs(). Long-term solution is to make Environment.isExternalStorageEmulated() more robust, but for now we just send these internal broadcasts after we drop the MountService lock. Bug: 22858403 Change-Id: I7b43865782f48a679882fd1675b7b961e1292df4 /frameworks/base/services/core/java/com/android/server/MountService.java
acfaa947f45ce1ea8140c2dc52d5f750dbc0a94d	29-Jul-2015	Jeff Sharkey <jsharkey@google.com>	am b8040265: Merge "Give secondary users read-only physical cards." into mnc-dev * commit 'b8040265dd0d5a2a96e0850623647dad2f528db1': Give secondary users read-only physical cards.
4634987668eb7e1fa1434bddbde969ef43de6b40	28-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Give secondary users read-only physical cards. Long ago, we mounted secondary physical cards as readable by all users on the device, which enabled the use-case of loading media on a card and viewing it from all users. More recently, we started giving write access to these secondary physical cards, but this created a one-directional channel for communication across user boundaries; something that CDD disallows. This change is designed to give us the best of both worlds: the package-specific directories are writable for the user that mounted the card, but access to those "Android" directories are blocked for all other users. Other users remain able to read content elsewhere on the card. Bug: 22787184 Change-Id: Ied8c98995fec1b7b50ff7d930550feabb4398582 /frameworks/base/services/core/java/com/android/server/MountService.java
a6b441029d0c4324efddb45489dd91e9daeef4b3	27-Jul-2015	Jeff Sharkey <jsharkey@android.com>	am 2e606d7b: Enforce DISALLOW_MOUNT_PHYSICAL_MEDIA. * commit '2e606d7be5275f2bff4c5755351bc3191ecb1bf1': Enforce DISALLOW_MOUNT_PHYSICAL_MEDIA.
2e606d7be5275f2bff4c5755351bc3191ecb1bf1	27-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Enforce DISALLOW_MOUNT_PHYSICAL_MEDIA. Bug: 22697024 Change-Id: Ib7277e8850a49909e5d8d5ad5502cd9315cddf0b /frameworks/base/services/core/java/com/android/server/MountService.java
5a18b4bfe2cf30df2e18047c155fecc6433ed52c	23-Jul-2015	Amith Yamasani <yamasani@google.com>	am b3e40760: Merge "Avoid a deadlock between PMS and AppOpsService" into mnc-dev * commit 'b3e407609f567884f9322e7b34461baa14e3f3ae': Avoid a deadlock between PMS and AppOpsService
2bd5cff7c639ed4bba2fc7ba3a545f4c764f0019	22-Jul-2015	Amith Yamasani <yamasani@google.com>	Avoid a deadlock between PMS and AppOpsService Don't check for external storage access rights from MountService for system server. Otherwise there's a case where AppOpsService is locked and PackageManagerService calls into AppOps with its own lock held and is unable to do an AppOps check via this path. Bug: 22522725 Change-Id: Ib4cf914638905de391384aa5122e691c5a7140ec /frameworks/base/services/core/java/com/android/server/MountService.java
80a3fbf4082483065d462f0b2b0f5ff8cad22b5c	18-Jul-2015	Jeff Sharkey <jsharkey@android.com>	am c9eb398a: Merge "Clear identity when killing media provider." into mnc-dev * commit 'c9eb398a1b0d7954b0d4f13fb46cae3042a99a75': Clear identity when killing media provider.
b3cf95334551e55e068bf6f9d7640681cdc05e07	18-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Clear identity when killing media provider. Otherwise various shell "sm" commands fail because they don't hold the right permissions. Bug: 22564405 Change-Id: I88081e8a9b27ee43904d3ea6f745aba3af4e2150 /frameworks/base/services/core/java/com/android/server/MountService.java
ddae5f1e584a309311387076cec7f399e6732187	14-Jul-2015	Svetoslav <svetoslavganov@google.com>	am 8b6d5b6b: Merge "Clear binder id when determining external storage state" into mnc-dev * commit '8b6d5b6b6ac3c363ad7aa36873dec1701d33de1e': Clear binder id when determining external storage state
38c3dbb2092e153109503aa9487b15b11192d5c6	14-Jul-2015	Svetoslav <svetoslavganov@google.com>	Clear binder id when determining external storage state bug:22472435 Change-Id: I5badd51cb9fb2244395880eb1bbff8f4aa0abb8c /frameworks/base/services/core/java/com/android/server/MountService.java
d7be214ca469c593d8a59cf7404020f4ad1aaed9	14-Jul-2015	Ian Pedowitz <ijpedowitz@google.com>	resolved conflicts for merge of 8cee6587 to mnc-dr-dev Change-Id: I0b2ed52214bb097d7fd69434afd0c6c890b5afb3
6ee871e59812fea4525c50231f677c4bd10c74b8	10-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Teach storage appops. For modern apps targeting M SDK and up the external storage state is deterined by granted permissions. For apps targeting older SDK the storage access is determined by app ops correspning to the storage permissions as the latter are always granted. When app ops change we do not remount as we kill the app process in both cases enabling and disabling an app op since legacy code is not prepared for dynamic behavior where an operation that failed may next succeed. Hence, we remount when we start the app. For modern apps we don't kill the app process on a permission grant, therefore we synchronously remount the app storage. bug:22104923 Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a /frameworks/base/services/core/java/com/android/server/MountService.java
bac3d0936dfdb4d594873fd8690e8017e748ed96	13-Jul-2015	Paul Crowley <paulcrowley@google.com>	Merge "Delete the user key when deleting a user." into mnc-dr-dev
9e0e69915a2e45dd5ba158e0436571551a672636	13-Jul-2015	Paul Crowley <paulcrowley@google.com>	Merge "Use mount service to create user dirs." into mnc-dr-dev
7ec733fad39ff9e439a67c9cf51b88bc84cdfda0	19-May-2015	Paul Crowley <paulcrowley@google.com>	Delete the user key when deleting a user. Bug: 19706593 (cherry-picked from commit 85e4e818d83dbc65b1e6e3ed9d39c656188acaec) Change-Id: Icc6d53a99558317b2ec154f931e481ad9fe64aa3 /frameworks/base/services/core/java/com/android/server/MountService.java
bcf48ed2262d655ebf59153dea645ca761b73db5	22-Apr-2015	Paul Crowley <paulcrowley@google.com>	Use mount service to create user dirs. Bug: 19704432 (cherry-picked from commit 9102f5d953fbde03e12f385b2225004edc43d202) Change-Id: I64a2c85beef115158feed3953deae32f692e750f /frameworks/base/services/core/java/com/android/server/MountService.java
edcdaf64637163dd2a96fe4ad274f9a16d2f9e90	09-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Timeout when partitioning takes too long. Otherwise we leave user hanging in wizard forever, instead of telling them that something went wrong. Bug: 20914299 Change-Id: Ib9ff3a8c316976c6a1dfdaffa10762abbea0c229 /frameworks/base/services/core/java/com/android/server/MountService.java
14cbe52150bad38ab7c14c868e25a68d354f8282	08-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Kill MediaProvider during drastic changes. Sadly MediaProvider makes a ton of assumptions about storage paths not changing. To ensure that it picks up radical storage changes, kill it and let it restart to pick up new paths. Also give ourselves a longer timeout when benchmarking. Bug: 20275423 Change-Id: I9971c4667dabdc685cb23528443f085f152c461d /frameworks/base/services/core/java/com/android/server/MountService.java
5af1835d678031d4a6615edc96ba58c82304b31d	08-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Generate stable MTP storage IDs. It ends up that MediaProvider is persisting MTP storage IDs in its database, so we need to make sure we generate stable IDs over time, otherwise we can end up looking into a black hole. Bug: 22256092 Change-Id: I6a75c239aac1b71fd5f6df0df69b24971079a086 /frameworks/base/services/core/java/com/android/server/MountService.java
ef10ee014594d800f5f5ca31ea93f1cab2880d05	05-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Handle missing migration source volume. Users can try migrating primary storage while the current location is missing/unmounted. Fail gracefully instead of runtime restarting. Bug: 21927076 Change-Id: I40645f8ccea05154e7cbacd188f6cba5f4dbbdc4 /frameworks/base/services/core/java/com/android/server/MountService.java
6dce4964b4d1a13d276d95730b8fb09d6a5a8d04	04-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Reconcile private volumes when mounted. Many things can happen while a private volume is ejected, so we need to reconcile newly mounted volumes against known state. First, user IDs can be recycled, so we store the serial number in the extended attributes of the /data/user/[id] directory inode. Since a serial number is always unique, we can quickly determine if a user directory "10" really belongs to the current user "10". When we detect a mismatched serial number, we destroy all data belonging to that user. Gracefully handles upgrade case and assumes current serial number is valid when none is defined. Second, we destroy apps that we find no record of, either due to uninstallation while the volume was unmounted, or reinstallation on another volume. When mounting a volume, ensure that data directories exist for all current users. Similarly, create data directories on all mounted volumes when creating a user. When forgetting a volume, gracefully uninstall any apps that had been installed on that volume. Bug: 20674082, 20275572 Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9 /frameworks/base/services/core/java/com/android/server/MountService.java
e8a4b66960056c2dc2c8dbb5f8df00710645cc64	28-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Better handling of trim/benchmark results. Request benchmarking of devices once per week during normal fstrim maintenance window. Tunable parameter gives us the ability to change frequency through global setting. Track individual benchmark and trim results for each volume, and use scrubbed volume identifier (based on adoptiong age) when logging stats to drop box. Track last benchmark and trim time for each volume separately. Bug: 21831325 Change-Id: I53b3ed788f7820c2e5bceb2840339f5b4aada3f0 /frameworks/base/services/core/java/com/android/server/MountService.java
462ac3a2aa5e1c974d056dc7221805e2b8ac7823	30-Jun-2015	Amith Yamasani <yamasani@google.com>	Don't allow non-admins to adopt sd card for internal storage Bug: 21883016 Change-Id: I9af3eeffd860b076e69bb02a3dc06edba5f95898 /frameworks/base/services/core/java/com/android/server/MountService.java
9527b223a9d4a4d149bb005afc77148dbeeff785	25-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Let's reinvent storage, yet again! Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: I62fb25d126dd815aea699b33d580e3afb90f8fd2 /frameworks/base/services/core/java/com/android/server/MountService.java
e16ee482a6f1a44267e31193b1d61e5098694756	24-Jun-2015	Tony Mantler <nicoya@google.com>	Merge "Notify on BAD_REMOVAL and pass fsUuid in broadcast" into mnc-dev
f0d710578ee23c1152ad5aadb2eabc96b5e29c08	24-Jun-2015	Tony Mantler <nicoya@google.com>	Notify on BAD_REMOVAL and pass fsUuid in broadcast b/21328721 Change-Id: I6d2fd18468bcde72e4c050b975fd7286716fbc50 /frameworks/base/services/core/java/com/android/server/MountService.java
c00398948811690728ed4909f87d01c24a8a0938	23-Jun-2015	Todd Kennedy <toddke@google.com>	Merge "Handle volume benchmark timeout" into mnc-dev
8101ee6884e9fe954aeaf3c08afd01ab1714f306	23-Jun-2015	Todd Kennedy <toddke@google.com>	Handle volume benchmark timeout If a volume benchmark operation times out, we don't want to show a cryptic toast message. Instead, we return a very large integer [eg Long.MAX_INT]. The storage wizard can then use this value to show an appropriate dialog if it chooses. Bug: 21376364 Change-Id: I3d97336e19c93511cfff2cbdb2f07ab033a1143d /frameworks/base/services/core/java/com/android/server/MountService.java
5cc0df214bbe2b169150c9060dc5288bb8aaf338	18-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Forget private partition keys. When we forget a private partition, ask vold to also forget the key for that partition GUID. This means we need to track both the filesystem UUID and the partition GUID for a private volume. Bug: 21782268 Change-Id: Icda1cbb65539d61dacc663428daf3d1a2e4c313e /frameworks/base/services/core/java/com/android/server/MountService.java
80b34d7b9da0e0738a4a1db78d83cd804372594b	13-Jun-2015	Makoto Onuki <omakoto@google.com>	Merge "Add StorageEventListener.onDiskDestroyed()" into mnc-dev
c7acac6798e12780194af33d5a9fdf382ab17155	13-Jun-2015	Jeff Sharkey <jsharkey@android.com>	More useful extras in disk/volume broadcasts. Change-Id: I594166cff332aaf72b2b6357ac6ed3e6e42cbc49 /frameworks/base/services/core/java/com/android/server/MountService.java
9dc575d63c5f0d7511308bd2cd3d5dbd20c15e17	13-Jun-2015	Makoto Onuki <omakoto@google.com>	Add StorageEventListener.onDiskDestroyed() Bug 21336042 Change-Id: I226cf205191dd302ff8d5156f9ae0fe8fc5b2c2b /frameworks/base/services/core/java/com/android/server/MountService.java
e9b64f97350a0661cc7d5e79216d75374c37581f	12-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Send along the disk ID that we just scanned. Change-Id: I33f1a5363ed171f715b2f6c5690fcee586a8a58c /frameworks/base/services/core/java/com/android/server/MountService.java
c7c8af6726eda245288ab1af720297c60cd1be54	10-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Merge "Send added user serial numbers to vold." into mnc-dev
bcd262da4b2698cd7a7cde066c76bfff32843e4d	10-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Send added user serial numbers to vold. vold will eventually use the serial numbers to clean up stale user directories when mounting private storage devices. Bug: 20275572 Change-Id: I37f6c10026608dfa6484598420db5a5870330d25 /frameworks/base/services/core/java/com/android/server/MountService.java
05487618c1b1da86a0313c9a89eecd7372f6c96c	09-Jun-2015	Paul Lawrence <paullawrence@google.com>	Remove hex encoding and password adjusting now that patterns are '1' based Bug: 21606650 Change-Id: Id2b01d43edcb995a9bffbc990e6297940e81f20e /frameworks/base/services/core/java/com/android/server/MountService.java
4e83cc9fc15fa4795a41d4d8dfd2b00c1ad966fd	27-May-2015	Jeff Sharkey <jsharkey@android.com>	Format volumes with "auto" filesystem type. Bug: 20275581 Change-Id: Id4c7e1ad83f28110a77fecf563e1bcb8ca4d4d9a /frameworks/base/services/core/java/com/android/server/MountService.java
1c62cbbdfe7cb524b70685150e74c9a52fcee088	03-Jun-2015	Paul Lawrence <paullawrence@google.com>	Move crypt commands to a different listener in vold In order to prevent this bug from happening, we must allow vold cryptfs commands to complete while a long running mount is underway. While waiting for vold to be changed to a binder interface, we will simply create two listeners, one for cryptfs and one for everything else. Bug: 19197175 Change-Id: I8c40211dc1ef5ecec765ab587f093e757f1173d3 /frameworks/base/services/core/java/com/android/server/MountService.java
f5a6bd7538a6800c2a43ace5ad67d65b1f8f697a	19-May-2015	Jeff Sharkey <jsharkey@android.com>	Push initial disk state, handle empty media. Stash volume count from last scan, and use it to push initial storage notifications state when listener is first attached. Also omit disks with invalid size, which usually means they're an empty slot with no media. Bug: 20503551 Change-Id: I75097035aebaad70ba32437179a863f6a0910aa5 /frameworks/base/services/core/java/com/android/server/MountService.java
2177ed407b8323e6f50d2aa64a62fbdc773e1859	15-May-2015	Jeff Sharkey <jsharkey@android.com>	Merge changes from topic 'bench' into mnc-dev * changes: Command to change force adoptable state. Initial pass at storage benchmarks.
4c099d0c49c8366efd3c26854465b3ceef49b627	15-May-2015	Jeff Sharkey <jsharkey@android.com>	Command to change force adoptable state. Since user builds can't setprop, add an explicit "sm" verb to change the force adoptable state. Bug: 21191915 Change-Id: I719d9b18c1a98c97442a5ddb1cc5512e8e4d3d3f /frameworks/base/services/core/java/com/android/server/MountService.java
9756d75ec28844f5ca30fda786a117c1a0ee88da	15-May-2015	Jeff Sharkey <jsharkey@android.com>	Initial pass at storage benchmarks. Offer an interface for Settings to invoke benchmarks on various attached volumes. Bug: 21172095 Change-Id: I847ddc87c58285457d1324be87f70ce10507accb /frameworks/base/services/core/java/com/android/server/MountService.java
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4	08-May-2015	Wojciech Staszkiewicz <staszkiewicz@google.com>	Pass charset to XmlPullParser.setInput instead of null Passing null to XmlPullParser.setInput forces it to do additional work, which can be easily avoided if we know the charset beforehand. bug: b/20849543 Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2 /frameworks/base/services/core/java/com/android/server/MountService.java
7d2af54a98358e9dea96f879ebd1ea915263522b	13-May-2015	Jeff Sharkey <jsharkey@android.com>	New "sm" shell tool to call StorageManager. Surface basic StorageManager commands through shell tool, like simple listing of disks and volumes, and commands like mounting and partitioning. The output is designed to be parsed by host-side testing tools, instead of relying on fragile dumpsys parsing. Bug: 19993667 Change-Id: I993e92ecf57996678965945f0ae648b392a77ea2 /frameworks/base/services/core/java/com/android/server/MountService.java
fced534dec1088bdd7da1495d76b73996dc8a1a1	10-May-2015	Jeff Sharkey <jsharkey@android.com>	Fix devices with primary physical storage. Always assume the factory-reset default primary storage before parsing storage settings. Without this, we'd always default to picking internal emulated storage during first boot or upgrade. Bump version code to re-evaluate this for devices that default to physical storage as primary. Also restrict available move targets when storage is physical, since we can't really translate between multi-user and non-multi-user aware storage. Bug: 20836019 Change-Id: I186ded1aa3dd9cea67497a4f53b0973031174ccd /frameworks/base/services/core/java/com/android/server/MountService.java
50a05454795c93ac483f5cb6819e74cb17be1b5b	29-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Returning to wizard, split move events. Finish wiring up notifications to jump back into in-progress wizard flow, using moveId as identifier. Split move events back into separate creation and progress events, and pass details as bundle to pass extra stuff like UUID. Null package still means moving primary storage. Add explicit "volume forgotten" event for PackageManager to clean up internal state with. Plumb through internal path reported by vold, and bring back FUSE bypass rewriting optimization. Bug: 19993667 Change-Id: I0f43edbba36c58c5cd33550022c54c4eb9f01a48 /frameworks/base/services/core/java/com/android/server/MountService.java
b36586a7c9b7718f33961406537e27bbd9b16211	27-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Split some VolumeInfo state into VolumeRecord. VolumeRecord is a historical record of a volume that we've seen in the past. It's now surfaced outside the framework for SystemUI to drive the notifications that bug users to reinsert missing private volumes. Show progress notifications for both storage and package movement operations. Notify when an empty disk is inserted (no usable volumes) which launches into the normal format flow. Add API to forget volumes. Bug: 20275424, 20275424 Change-Id: I75602c17fdcd4d1f1f62324e1a08c4a33093eefa /frameworks/base/services/core/java/com/android/server/MountService.java
7618db10380feb6036d0d742fcb19c6cd1b62940	29-Apr-2015	Christopher Tate <ctate@google.com>	Don't ostensibly back off fstrim but then do it anyway When the mount service isn't up yet, we schedule a retry in the near future, but then mistakenly go ahead and try (unsuccessfully) to do the fstrim immediately anyway. Don't do that. Furthermore, when in this situation make sure to preserve knowledge of any completion callback that may be expecting to hear back about the [eventual] fstrim operation. Change-Id: Ic7cba37b4f850540f6e448168be0c42418039b01 /frameworks/base/services/core/java/com/android/server/MountService.java
275e3e43f2fba72fa99001cafa2a70e5478fc545	25-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Migrate primary external storage. Wire up through MountService to call down into vold. Watch for unsolicited events that report progress, including special value "82" that signals that copy has finished. We use this value to persist the volumeUuid in case of unexpected reboot, since it indicates the new volume is ready. Wire progress updates through existing callback pipeline. Update the volume mounting code to match against the persisted UUID when selecting the primary external storage. Bug: 19993667 Change-Id: Id46957610fb43517bbfbc368f29b7d430664590d /frameworks/base/services/core/java/com/android/server/MountService.java
f8d26e24af8a3ad98fdf1016fd2ac62e927c8fda	24-Apr-2015	Rubin Xu <rubinxu@google.com>	Merge "Add missing permission check in MountService"
cd7a014981d956580fb0aeaa5e31bd00882f1432	18-Apr-2015	Rubin Xu <rubinxu@google.com>	Add missing permission check in MountService Protect MountService.getPassword() with ACCESS_KEYGUARD_SECURE_STORAGE permission. Protect finishMediaUpdate() which is only called by PackageManagerService. Also fix a lock issue in MountService. Bug: 19961359 Change-Id: I50ec806fb37724ef239ef83f4e33265133b51d0b /frameworks/base/services/core/java/com/android/server/MountService.java
620b32b316fd4f1bab4eef55ec8802d14a55e7dd	24-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Package and storage movement callbacks. Since package and primary storage movement can take quite awhile, we want to have SystemUI surface progress and allow the Settings app to be torn down while the movement proceeds in the background. Movement requests now return a unique ID that identifies an ongoing operation, and interested parties can observe ongoing progress and final status. Internally, progress and status are overloaded so the values 0-100 are progress, and any values outside that range are terminal status. Add explicit constants for special-cased volume UUIDs, and change the APIs to accept VolumeInfo to reduce confusion. Internally the UUID value "null" means internal storage, and "primary_physical" means the current primary physical volume. These values are used for both package and primary storage movement destinations. Persist the current primary storage location in MountService metadata, since it can be moved over time. Surface disk scanned events with separate volume count so we can determine when it's partitioned successfully. Also send broadcast to support TvSettings launching into adoption flow. Bug: 19993667 Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10 /frameworks/base/services/core/java/com/android/server/MountService.java
74acbbb2cd367c6e78db7de5118ff9dd56da61d0	21-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Blend in force adoptable flag when set. Bug: 19993667 Change-Id: Ic7f348d171a89e889281b7efb1aa0cbade048975 /frameworks/base/services/core/java/com/android/server/MountService.java
eba260d6d361dcfb749ce390320257c28c474ae1	19-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Wait for first scan before partitioning is done. This means newly created volumes are at least created for other platform components to start poking with. Bug: 19993667 Change-Id: I561a5d0e3659ff9146832aeb6a31ab78fd9da580 /frameworks/base/services/core/java/com/android/server/MountService.java
e6c04f9417cc4bff0f5f9e72f0d6d66d2aab6e80	19-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Broadcast hidden volumes, notification polish. Send limited broadcast intent when certain volume state changes occur; the only customer for now is ExternalStorageProvider. Change notification flow to be less bumpy. Pick USB icon based on disk type, and avoid using "generic" disk labels. Bug: 19993667 Change-Id: I263bc9e9aae2ae57eb4d1afe76da686aee5475fb /frameworks/base/services/core/java/com/android/server/MountService.java
27de30d31c3e79bc429cb71aed9681c55243f18d	19-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Wire up non-visible volumes, more states. Adds logic to ExternalStorageProvider to scan non-visible volumes, such as USB OTG devices. We use internal paths when surfacing these volumes, which also optimizes around the FUSE daemon for public devices. Also dumps internal state when requested. VolumeInfo now directly contains DiskInfo, which means it's snapshotted when sending events, avoiding teardown races. Switch notifications to use this DiskInfo directly. Finish wiring up new volume state, including helper methods to make it readable/writable state clearer. Handle disks and volumes with spaces in their labels. Bug: 19993667 Change-Id: I5c75e5658a6415976811477aebafee7694bde0f4 /frameworks/base/services/core/java/com/android/server/MountService.java
7e92ef3a1146102806fa0543ef12e09231c55639	18-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Volumes know parent disks; unsupported disks. This is cleaner and more direct than the reverse of having the disk publish child volume membership. Rename state constants to match public API. Add state representing bad removal. Make it clear that volume flags are related to mounting. Send new unsupported disk event when we finish scanning an entire disk and have no meaningful volumes. Splice disk labels into description when known. Only adoptable slots are directly visible to apps. Bug: 19993667 Change-Id: I12fda95be0d82781f70c3d85c039749052dc936b /frameworks/base/services/core/java/com/android/server/MountService.java
1783f149c73e1d78265981965b8c8475e6e0c3bd	17-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Avoid deadlock when FSTRIM requested at boot. When PackageManager decides that FSTRIM is required at boot, we can end up in deadlock. Work around this for now by kicking the requested FSTRIM can down the road for a few seconds until we're connected to vold. Bug: 20228019 Change-Id: I47e422e618d99e59aed8a8b79227821a3012eb9f /frameworks/base/services/core/java/com/android/server/MountService.java
d95d3bfb2b28a4f21f3fdcd740160c9a61eb0363	15-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Persist nickname and flags for volumes. StorageManager now offers to persist a nickname and user flags for active volumes. This metadata is kept around and spliced into any future VolumeInfo when the same UUID is present. Current user flags indicate "initialized" and "snoozed" states to control how notifications are shown. Notify listeners when metadata changes, and kick public notification after a volume is initialized. Make unique PendingIntents when multiple volumes are active. Beginnings of plumbing to ask for missing volumes. Offer explicit accessors for VolumeInfo and DiskInfo to give better path to documentation and deprecation. Bug: 19993667 Change-Id: I3d8b68be83f43ba992d21d51cad5b775776d681c /frameworks/base/services/core/java/com/android/server/MountService.java
56bd3129138b525b0f2eba52bd4fa140f23e792c	14-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Checkpoint of storage notifications. Rewrite of storage notifications to support multiple disks/volumes, handling the state of each independently. Update strings to match spec. Include actions to jump into wizard when adoptable, otherwise browse or eject. Move browse intent creation to common place on VolumeInfo. Also add well-formed extra names. VolumeInfo now carries the parent disk ID along with it to avoid races when unmounting. Bug: 19993667 Change-Id: I236ddc7f8112490355f438b828bec8d40c331fdd /frameworks/base/services/core/java/com/android/server/MountService.java
59d577a518333f4b4514315b6d10e8dba160abcd	12-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Browse mode for DocumentsUI, removed volume state. The existing management mode is too specific, and requires that storage backends add queryChildDocumentsForManage(), etc. Instead, to offer more natural browsing support, add a new BROWSE_ROOT intent. It behaves mostly like MANAGE_ROOT, except that it doesn't mutate its Uris with setManageMode(), and it shortcuts straight to VIEW on clicked documents. It can be launched like this: $ adb shell am start -a android.provider.action.BROWSE_ROOT -d content://com.android.externalstorage.documents/root/8405-1DFB -c android.intent.category.DEFAULT Also rename a MetricsConstants to make it clearer, and don't auto-mount all emulated volumes. Fix bugs around parceling of DiskInfo/VolumeInfo. Method to resolve the best description for a VolumeInfo, which might need to fall back to DiskInfo. Add back "removed" volume state so we send broadcast when a volume is destroyed, matching the expected public API behavior. Bug: 19993667 Change-Id: I13aff32c5e11dfc63da44aee9e93a27f4690a43f /frameworks/base/services/core/java/com/android/server/MountService.java
b2b9ab8354da1485178cd8d8e9d89ac915b3f269	06-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Installing packages to expanded storage. PackageManager now offers to load/unload packages when expanded volumes are mounted/unmounted. Expanded storage volumes are still treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view, but this change starts treating the INSTALL_EXTERNAL flag as exclusively meaning ASEC containers. Start tracking the UUID of the volume where a package is installed, giving us a quick way to find relevant packages. When resolving an install location, look across all expanded volumes and pick the one with the largest free space. When upgrading an existing package, continue preferring the existing volume. PackageInstaller now knows how to stage on these volumes. Add new movePackage() variant that accepts a target volume UUID as destination, it will eventually move data too. Expose this move command through "pm" command for testing. Automount expanded volumes when they appear. Bug: 19993667 Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3 /frameworks/base/services/core/java/com/android/server/MountService.java
7151a9a887051542c6da9f380376f3b306184e5c	05-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Storage methods using IDs, update listeners. Add StorageManager methods that work with Disk and Volume IDs instead of paths which can change over time. For example, a freshly formatted volume has a different UUID and mount point, even though it's the same volume. Update StorageEventListener to be all one-way calls to avoid blocking while dispatching events. Add new listener method for Volume-level state changes. The existing state method will remain focused on the per-user state reflected by StorageVolume. Switch listeners over to using the more robust RemoteCallbackList pattern under the hood. Change external ASEC scanning logic in PackageManagerService to be driven by listener events, instead of explicit MountService calls. Bug: 19993667 Change-Id: I57c505de260ff1762a78d70d15f1892f40229210 /frameworks/base/services/core/java/com/android/server/MountService.java
1b8ef7e3165ff9aa52a4905dafc8d0f83e7403f9	04-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Parcelable objects for Disk/Volume. Will eventually be used by SystemUI and/or Settings. Also fix SettingsProvider NPE. Bug: 19993667, 19909433 Change-Id: Ie326849ac5f43ee35f728d9cc0e332b72292db70 /frameworks/base/services/core/java/com/android/server/MountService.java
4887789e44cdb16b042a35e8ec03983213e88ac6	18-Mar-2015	Jeff Sharkey <jsharkey@android.com>	Progress towards dynamic storage support. Storage devices are no longer hard-coded, and instead bubble up from whatever Disk and VolumeBase that vold uncovered, turning into sibling Java objects in MountService. We now treat vold events as the source-of-truth for state, and synchronize our state by asking vold to "reset" whenever we reconnect. We've now moved to a model where all storage devices are mounted in the root mount namespace (user boundaries protected with GIDs), so we no longer need app-to-vold path translation. This also means that zygote only needs to bind mount the user-specific /mnt/user/n/ path onto /storage/self/ to make legacy paths like /sdcard work. This grealy simplifies a lot of system code. Many parts of the platform depend on a primary storage device always being present, so we hack together a stub StorageVolume when vold doesn't have a volume ready yet. StorageVolume isn't really a volume anymore; it's the user-specific view onto a volume, so MountService now filters and builds them based on the calling user. StorageVolume is now immutable, making it easier to reason about. Environment now builds all of its paths dynamically based on active volumes. Adds utility methods to turn int types and flags into user-readable strings for debugging purposes. Remove UMS sharing support for now, since no current devices support it; MTP is the recommended solution going forward because it offers better multi-user support. Simplify unmount logic, since vold will now gladly trigger EJECTING broadcast and kill stubborn processes. Bug: 19993667 Change-Id: I9842280e61974c91bae15d764e386969aedcd338 /frameworks/base/services/core/java/com/android/server/MountService.java
56e629322f0739a04c8ff48915226ecf36a13b44	22-Mar-2015	Jeff Sharkey <jsharkey@android.com>	Bring MountService into the SystemService world. Change-Id: I7f7db49ff373b199f7b81f184a7c62bee682af67 /frameworks/base/services/core/java/com/android/server/MountService.java
00e821a8608efdc19041bdda1e832d3d4b3c29e2	12-Feb-2015	Narayan Kamath <narayan@google.com>	am c7e48719: Merge "Remove references to persist.sys.language/country." automerge: 8be3724 * commit '8be3724a06f7b2d28c6664ca11a03f91f97f0972': Remove references to persist.sys.language/country.
b61db8229a8f220f23b22b7ccde72e5cf73e0e07	12-Feb-2015	Narayan Kamath <narayan@google.com>	Remove references to persist.sys.language/country. Addresses a couple of TODOs now that all usages have been removed and fixes a doc that specifies how the emulator locale can be set. bug: 17691569 Change-Id: I802ea1e12448a5442840cad1fdc0956d3e2c7a8c /frameworks/base/services/core/java/com/android/server/MountService.java
1194e754a95e1fa5d4eba6d0bca109156dd4df94	22-Jan-2015	Narayan Kamath <narayan@google.com>	Merge "Add support for persist.sys.locale." automerge: dca2332 automerge: 117f161 * commit '117f161fee52dfa200f89282c487d58c29b41d4f': Add support for persist.sys.locale.
d30dbb8ae12e6e83e3035f12dd291f92e1f22c18	15-Jan-2015	Narayan Kamath <narayan@google.com>	Add support for persist.sys.locale. AndroidRuntime has been changed to read "ro.product.locale" and "persist.sys.locale" instead of "ro.product.locale.language" etc. This is passed down as "-Duser.locale" to the runtime. The system_server has been changed to write out persist.sys.locale on locale changes. bug: 17691569 Change-Id: I93360c8795c9620a133656dc491d13d7b6ed162e /frameworks/base/services/core/java/com/android/server/MountService.java
91bf111aef4a0fe1cd11f08d09d0e53c8278e51e	07-Jan-2015	Paul Lawrence <paullawrence@google.com>	am 53d1022e: am a15d6402: Merge "Fix crash caused by toHex returning exception" * commit '53d1022e835f0556095dee168f5bb491a29fd0ac': Fix crash caused by toHex returning exception
24063b5ebd9124e27ea1dbd06ba6a3dd31944643	06-Jan-2015	Paul Lawrence <paullawrence@google.com>	Fix crash caused by toHex returning exception toHex was changed to throw an exception in I4986a8e806d9066129f696ab9f2e80655424e723, but its caller was not adjusted accordingly, causing a crash whenever an unencrypted device was booted. Bug: 18886749 Change-Id: If0505f617001cf5e0d99cf14c8b09e6a6a377167 /frameworks/base/services/core/java/com/android/server/MountService.java
bf0c614d33673a0a037e317c8c25ad2e6c24e77d	29-Dec-2014	Narayan Kamath <narayan@google.com>	am c97d1fbb: am 5106dd44: Merge "Throw IllegalArgumentException on invalid hex-strings." * commit 'c97d1fbbe00a91b1a67b7c526d9cf11ffec741fa': Throw IllegalArgumentException on invalid hex-strings.
25c29c19474e5cb359473d3d36fdb1eddb90f50b	17-Dec-2014	Narayan Kamath <narayan@google.com>	am 6d41504d: Merge "Move frameworks users over to libcore hex encoding API." automerge: 681e6df1 * commit '681e6df1221ca7671f574d368d428f62184448b0': Move frameworks users over to libcore hex encoding API.
1653b1dd69a3af0d8acc4121e5b8e743a2e491b7	17-Dec-2014	Narayan Kamath <narayan@google.com>	Throw IllegalArgumentException on invalid hex-strings. Beats returning null since there's let's chance it will be interpreted as the lack of a password. Change-Id: I4986a8e806d9066129f696ab9f2e80655424e723 /frameworks/base/services/core/java/com/android/server/MountService.java
78108a3e52c20ad0a481a8419c2d2c9722b53400	16-Dec-2014	Narayan Kamath <narayan@google.com>	Move frameworks users over to libcore hex encoding API. Removes dependency on apache-http. bug: 18027885 Change-Id: I508db016747985ecdd68e02d5d4efcd0ddd694df /frameworks/base/services/core/java/com/android/server/MountService.java
7265abe77a76f848a316640b5da106e882bdbc8a	21-Nov-2014	Christopher Tate <ctate@google.com>	Be increasingly aggressive about fstrim if it isn't being run The current heuristics depend on devices being alive at midnight+ in order to run periodic background fstrim operations. This unfortunately means that people who routinely turn their devices off overnight wind up with their devices never running fstrim, and this causes major performance and disk-life problems. We now backstop this very-friendly schedule with an increasingly aggressive one. If the device goes a defined time without a background fstrim, we then force the fstrim at the next reboot. Once the device hits the midnight+ idle fstrim request time, then we already aggressively attempt to fstrim at the first available moment thereafter, even if it's days/weeks later without a reboot. 'Available' here means charging + device idle. If the device never becomes idle then we can't do much without rendering an in-use device inoperable for some number of minutes -- but we have no evidence of devices ever failing to run fstrim due to this usage pattern. A new Settings.Global element (type 'long', called "fstrim_mandatory_interval") is the source of the backstop time. If this element is zero or negative, no mandatory boot-time fstrim will ever be performed. If the element is not supplied on a given device, the default backstop is 3 days. Adds a new string to display in the upgrading dialog when doing the fstrim. Note it is too late for this to be localized, but since this operation can take a long time it is probably better to have it show something even if not localized, rather than just sit there. Bug 18486922 Change-Id: I5b265ca0a65570fb8931251aa1ac37b530635a2c /frameworks/base/services/core/java/com/android/server/MountService.java
c220d8e57ca97c70db1fd72f040bd6c6f70bbf13	24-Oct-2014	Paul Lawrence <paullawrence@google.com>	Stop crypto UI from crashing during encryption Don't try to read crypto meta data during this time Bug: 18037893 Change-Id: I3628572b3b90e6fc0a7c71089b447fb0e5303ee9 /frameworks/base/services/core/java/com/android/server/MountService.java
a6711ff6f09cc25c693cbb50452e3f807c6122f5	17-Oct-2014	Svetoslav <svetoslavganov@google.com>	Accessibility no longer overrides strong encryption. Updating the accessibility layer behavior to reflect the new model where accessibility no longer overrides strong encryption. Now enabling an accessibility service lowers the encryption level but the user can bump it up in settings if desired. bug:17881324 Change-Id: Ic60d760c267d3f934040a42e1963b179bd8b9f5f /frameworks/base/services/core/java/com/android/server/MountService.java
9c33f28d912c9b51bff69e3eaad7090a6b8a3ec3	13-Oct-2014	Elliott Hughes <enh@google.com>	Ensure that the SIM language doesn't override the user language on the encryption UI. Bug: 17945169 Change-Id: I51e4f47c7cd925f3701f292b9022e467ccf95a17 /frameworks/base/services/core/java/com/android/server/MountService.java
16e4a1aade2b73edfdaa42aa86a3893fd039fc62	30-Sep-2014	Svetoslav <svetoslavganov@google.com>	Use default encryption password if an accessibility service is enabled. When device is encrypted the user has to authenticate in order to decrypt the data partition which is required for running accessibility services and Text-To-Speech. In order to address this issue we are falling back to use the default password if there is an enabled accessibility service and the user has secure lock. This will enable the user to authenticate when accessibility layer is completely functional. bug:17671790 Change-Id: Iafffe7bcd234008cf91ffb5011b21b803dca227a /frameworks/base/services/core/java/com/android/server/MountService.java
f839b4fcb6b179529585765517895a8c90fe315b	26-Sep-2014	Elliott Hughes <enh@google.com>	Set the system locale correctly even on an encrypted device. Bug: 17659622 Change-Id: Ibbbd5b959bfab5345f20b556c4720d0910b50084 /frameworks/base/services/core/java/com/android/server/MountService.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178	21-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Installing splits into ASECs! Sessions can now zero-copy data directly into pre-allocated ASEC containers. Then at commit time, we compute the total size of the final app, including any inherited APKs and unpacked libraries, and resize the container in one step. This supports both brand new ASEC installs and inheriting from existing ASEC installs. To keep things simple, it currently requires copying any inherited ASEC contents, but this could be optimized in the future. Expose new vold resize command, and allow read-write mounting of ASEC containers. Move native library extraction into the installer flow, since it needs to happen before ASEC is sealed. Move multiArch flag into NativeLibraryHelper, instead of making everyone pass it around. Migrate size calculation to shared location. Separate "other" package name in public API, provide a path to a storage device when relevant, and add more docs. Bug: 16514385 Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456 /frameworks/base/services/core/java/com/android/server/MountService.java
5f054cea32eb2e87aeaa03138341eb887cda5e0c	25-Jul-2014	JP Abgrall <jpa@google.com>	MountService: Fix android.process.media crash repeatedly problem When the framework restarts because of certain exception, the external volume id will disappear. At this time, mount service will issue "volume list" command to vold to get the status of each storage. The fix is to re-broadcast the uuid and user label again via vold "volume list broadcast" command. Bug: 16253597 Bug: 16306775 Change-Id: I227e8bc597a4f5338035d3401036490f14557211 /frameworks/base/services/core/java/com/android/server/MountService.java
92aa5a2f15032f3e5a5394ca96d0b6fd03f0b405	07-Jul-2014	Emily Bernier <ember@google.com>	Re-commit of reverted change 458959 Using correct parameters for Slog.w(). Change-Id: I0ab7a1b114431f15fe3652e98c75e7baab7a2d95 /frameworks/base/services/core/java/com/android/server/MountService.java
a35add68827c4d817066efa9e54657c830b52c98	03-Jul-2014	Narayan Kamath <narayan@google.com>	Revert "Enforce USB and storage restrictions" This reverts commit 39e53714ede48fcb464733834d7d9ccb868efe8a. Change-Id: I81199fea8ca4b48516792bb02c1c3e90e5916c1f /frameworks/base/services/core/java/com/android/server/MountService.java
59f77c32dc6e5378053d57a887d404831463d78c	02-May-2014	Emily Bernier <ember@google.com>	Enforce USB and storage restrictions When DISALLOW_MOUNT_PHYSICAL_MEDIA is true, prevent user from mounting any external media. When DISALLOW_USB_FILE_TRANSFER is true, prevent user from enabling USB mass storage. Change-Id: Ia4accec4fb0b7aad6350cf0059244f6329204796 /frameworks/base/services/core/java/com/android/server/MountService.java
115afdadb5863a02f0b0daefcc0511bfd35b531e	07-Jun-2014	Christopher Tate <ctate@google.com>	Switch framework to using new scheduled-work API Also add the intended permission-use enforcement to said API. Bug 14994893 Bug 14993295 Change-Id: I5a3ffd32d0702c68f4ef6da68f7fa6e9de674380 /frameworks/base/services/core/java/com/android/server/MountService.java
2ee3c1e189819cc6efb4d7de24f1438bdb824087	31-May-2014	Jeff Sharkey <jsharkey@android.com>	Per-app media directories on external storage. This change defines per-app directories on external storage that will be scanned and included in MediaStore. This gives apps a way to write content to secondary shared storage in a way that can easily be surfaced to other apps. Bug: 14382377 Change-Id: I4cb367c870509e76f0c2c598f01e2f699780030a /frameworks/base/services/core/java/com/android/server/MountService.java
dfad99ad9fd5953b9d726715c40197a3e70e7dd0	08-May-2014	Brian Carlstrom <bdc@google.com>	resolved conflicts for merge of 0b5598c9 to master Change-Id: Ie911d6b0b5e2b87e2b4669fa2465a82bb5807893
0b5598c924fc140db5cfee08c17fd91e630b1c9e	07-May-2014	Brian Carlstrom <bdc@google.com>	am 691079dd: am a21ba5be: Merge "Add BackgroundDexOptService" * commit '691079ddc0055fac9b82dccaf35b4591978b2a55': Add BackgroundDexOptService
9502f990899ef576879048ec5147d403158ad89d	10-Apr-2014	Paul Lawrence <paullawrence@google.com>	Merge "Allow encryption when keyguard is set to pattern or no protection"
46791e752ca1eca35e6a882c47d7de7f4f66687c	03-Apr-2014	Paul Lawrence <paullawrence@google.com>	Allow encryption when keyguard is set to pattern or no protection Add type parameter to encryptStorage so we can set type when we encrypt Depends on https://googleplex-android-review.git.corp.google.com/#/c/444056/ Circular dependency on: https://googleplex-android-review.git.corp.google.com/#/c/444201/ Bug: 13749169 Change-Id: I52034ec25de35f12f1bbfdd1b0f8584923a0be2e /frameworks/base/services/core/java/com/android/server/MountService.java
e51dcf98a4ddb1340cffba88059ad89f0b90909a	18-Mar-2014	Paul Lawrence <paullawrence@google.com>	Save OwnerInfo so CryptKeeper can display at boot time Requires vold change from https://googleplex-android-review.git.corp.google.com/#/c/435164/ Bug: 13526708 Change-Id: I33153df9961832f72c3b8103bd5e1d3a17e77df3 /frameworks/base/services/core/java/com/android/server/MountService.java
945490c12e32b1c13b9097c00702558260b2011f	27-Mar-2014	Paul Lawrence <paullawrence@google.com>	Don't double prompt on booting encrypted device vold will store password securely until KeyGuard requests it and hands it on to KeyStore. This is a revision of https://googleplex-android-review.git.corp.google.com/#/c/418123/ which was reverted. It had two bugs in LockSettingsService.checkVoldPassword. 1) We were not checking password for null, which caused an exception 2) checkPattern/checkPassword return true if there is no saved pattern or password. This leads to situations where we get true returned even when the password doesn't match. Call the correct one based on what is there, not what vold thinks ought to be there. Bug: 12990752 Change-Id: I05315753387b1e508de5aa79b5a68ad7315791d4 /frameworks/base/services/core/java/com/android/server/MountService.java
6ee7d25010d4f23b44a151f3953225ba253de8af	26-Mar-2014	Paul Lawrence <paullawrence@google.com>	Revert "Don't prompt at boot if we already did that when decrypting" This reverts commit 493e3e7e6523fd94cc1acae3e45935a1227d58c3. Should fixes Bug: 13611885 Bug: 13656830 Change-Id: I117c988bb6679f44f8add4fcc18f45cb8238dfb4 /frameworks/base/services/core/java/com/android/server/MountService.java
493e3e7e6523fd94cc1acae3e45935a1227d58c3	06-Feb-2014	Paul Lawrence <paullawrence@google.com>	Don't prompt at boot if we already did that when decrypting vold will store password securely until KeyGuard requests it and hands it on to KeyStore. Needs matching vold changes from https://googleplex-android-review.git.corp.google.com/#/c/432050/ Bug: 12990752 Change-Id: I930ed8180cf0b8feb1e58db043d5fb6dff1bab20 /frameworks/base/services/core/java/com/android/server/MountService.java
2bc68575325ab7bf082de24f5f095f20ea63f877	10-Mar-2014	Paul Lawrence <paullawrence@google.com>	Merge "Clean up a few minor issues"
77b987f1a1bb6028a871de01065b94c4cfff0b5c	27-Feb-2014	Dianne Hackborn <hackbod@google.com>	Hold a wake lock while dispatching network activity events. Also add new API for determining whether the current data network is active, and thus better scheduling network operations. This API is designed to not be tied to a mobile network -- regardless of the network, apps can use it to determine whether they should initiate activity or wait. On non-mobile networks, it simply always reports as the network being active. This changed involved reworking how the idle timers are done so that we only register an idle timer with the current default network. This way, we can know whether we currently expect to get callbacks about the network being active, or should just always report that it is active. (Ultimately we need to be getting this radio active data from the radio itself.) Change-Id: Iaf6cc91a960d7542a70b72f87a7db26d12c4ea8e /frameworks/base/services/core/java/com/android/server/MountService.java
9a41b24c8f7768d3402256dbd876024f33b1f36b	18-Feb-2014	Jeff Sharkey <jsharkey@android.com>	am 392ee12f: am 96190f1c: am e6d256c5: am 234b0b03: Merge "Fix, MountService now only sends one onShutDownComplete" * commit '392ee12fd57870e1e8f0777d03295b0435babd1f': Fix, MountService now only sends one onShutDownComplete
96190f1c054e2e34ac741de1d7afb2f6645d218c	18-Feb-2014	Jeff Sharkey <jsharkey@android.com>	am e6d256c5: am 234b0b03: Merge "Fix, MountService now only sends one onShutDownComplete" * commit 'e6d256c50b0709378a5bfff0ae27eb7cf6cc3894': Fix, MountService now only sends one onShutDownComplete
0a18029075fbe5e5da396c66ef26cfa7e7f1a082	13-Feb-2014	Paul Lawrence <paullawrence@google.com>	Clean up a few minor issues Make public some constants, remove unused imports. See https://googleplex-android-review.git.corp.google.com/#/c/412885/ for when these were introduced. Change-Id: I90d0e33a411ebdd84c36e3d9afae70d2f2847538 /frameworks/base/services/core/java/com/android/server/MountService.java
8e39736f91a08961cf59c87075e61d9026833b50	28-Jan-2014	Paul Lawrence <paullawrence@google.com>	Support default, pattern, pin and password encryption types Java plumbing to expose methods to get/set encryption type in IMountService, and hooking up of those methods to the Settings app so the type is set correctly. Needs matching vold changes from https://googleplex-android-review.googlesource.com/#/c/412649/ Bug: 8769627 Change-Id: I70c0ed72d11f5ab6f0958a7f9c101b6822b13baa /frameworks/base/services/core/java/com/android/server/MountService.java
d417d625d244356bc770e2692fd59e754a72f59f	20-Aug-2013	Christopher Tate <ctate@google.com>	Introduce "IdleService" API to expose idle-time maintenance to apps When an application wishes to do low-priority background work when the device is otherwise idle (e.g. in a desk dock overnight), it declares a service in its manifest that requires this permission: android:permission="android.permission.BIND_IDLE_SERVICE to launch, and which publishes this intent filter: <intent-filter> <action android:name="android.service.idle.IdleService" /> </intent-filter> This string is declared in the API as IdleService.SERVICE_INTERFACE. The service must be implemented by extending the new "IdleService" class, which provides the API through which the system will communicate with the app. IdleService declares three methods, two of which are lifecycle callbacks to the service, and the third of which is for the service itself to invoke when appropriate. The lifecycle callbacks are public abstract boolean onIdleStart(); public abstract void onIdleStop(); The first of these is a notification to the service that an idle maintenance interval has begun. The service can then spin off whatever non-UI work it wishes. When the interval is over, or if the OS determines that idle services should be shut down immediately, the onIdleStop() method will be invoked. The service must shut down any background processing immediately when this method is called. Both of these methods must return immediately. However, the OS holds a wakelock on the application's behalf for the entire period between the onIdleStart() and onIdleStop() callbacks. This means that for system-arbitrated idle-time operation, the application does not need to do any of its own wakelock management, and does not need to hold any wakelock permissions. The third method in IdleService is public final void finishIdle(); Calling this method notifies the OS that the application has finished whatever idle-time operation it needed to perform, and the OS is thus free to release the wakelock and return to normal operation (or to allow other apps to run their own idle services). Currently the idle window granted to each idle service is ten minutes. The OS is rather conservative about when these services are run; low battery or any user activity will suppress them, and the OS will not choose to run them particularly often. Idle services are granted their execution windows in round-robin fashion. Bug 9680213 Change-Id: Idd6f35940c938c31b94aa4269a67870abf7125b6 /frameworks/base/services/core/java/com/android/server/MountService.java
222496f82fb78473a876da5dc395714b0fa5b99c	23-Jan-2014	Christopher Tate <ctate@android.com>	am 5d734dbc: am e1d18f6e: am 0e3df216: am cc81bcec: Merge "Only send storage intents after boot complete" * commit '5d734dbc56cd2d4350f4a35f1bedbb6b40247e5c': Only send storage intents after boot complete
38c65b1f70042bc8e37e91106692158f0ce98703	13-Jan-2014	Jeff Sharkey <jsharkey@android.com>	am 6fba240b: am 6d3700b3: am 47235e8b: am 90cadb35: Merge "MountService listeners can not be unregistered" * commit '6fba240b72e9ae2bc66c98b058e78aecd568ae3f': MountService listeners can not be unregistered
9158825f9c41869689d6b1786d7c7aa8bdd524ce	22-Nov-2013	Amith Yamasani <yamasani@google.com>	Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85 /frameworks/base/services/core/java/com/android/server/MountService.java