History log of /frameworks/base/services/core/java/com/android/server/pm/Settings.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
d63cde7ba4a96d5a07efd48d67e552cadb45d9ce 09-Sep-2016 Svet Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't show account access request UI until app launched.

Sync adapters that don't have account access cannot run until
the user explicitly approves in the UI. This is spammy given
the user may not use the app right away. This change doesn't
show the notificaiton until the app has run.

bug:31162498

Change-Id: I1f4f2d2e9426f78763590e8aa542b94d6e93e488
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
4fb65090324ff0696e5d38795eaeebf70c72e253 31-May-2016 Todd Kennedy <toddke@google.com> Merge "Remove STOPSHIP" into nyc-dev
am: 1c39a112b4

* commit '1c39a112b43e50da4e801d634e28ae7a130c0dcb':
Remove STOPSHIP

Change-Id: Icc176dca4735f3b03c8e1b47015792ecc202d398
1c39a112b43e50da4e801d634e28ae7a130c0dcb 31-May-2016 Todd Kennedy <toddke@google.com> Merge "Remove STOPSHIP" into nyc-dev
6954259edbbd233eaa6c45835c1b0d00759c52d5 23-May-2016 Fyodor Kupolov <fkupolov@google.com> Additional clean up in onUserRemovedLPw

mDefaultPermissionsGranted, mFingerprints should be cleaned up.

Bug: 28913107
Change-Id: I3758985fe742d38e43538b5221fc3f436c55cb16
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
c30808b413deff60fafa047d9cc15c275feb3c63 13-May-2016 Fyodor Kupolov <fkupolov@google.com> Added scheduleWritePackageListLocked

Call scheduleWritePackageRestrictionsLocked and
scheduleWritePackageListLocked when a new user is created.

Bug: 28750034
Change-Id: I442551855e2eece7a1610750c6802a785bfb2fb5
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
36ecd08dc1627a7ed9c0ef498b41c40a66d646b0 11-May-2016 Todd Kennedy <toddke@google.com> Remove STOPSHIP

Instead of tracking a one-off variable, use the version code to
properly determine a pre-N OTA.

Bug: 27872764
Change-Id: Ib80b96ebddfa8bec398e02137ec26ce006164921
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ecf4622618bb963d913a3e217c92da61f305d79e 05-May-2016 Robin Lee <rgl@google.com> Merge "Disallow suspending the default dialer" into nyc-dev
0dc591b48d96c7b5ac809197c2fb758dccec15a2 04-May-2016 Robin Lee <rgl@google.com> Disallow suspending the default dialer

This is the only case that still had to be protected by priv-app, so
that check is removed at the same time.

Bug: 27635033
Change-Id: Ifd5e59ab56eb45f0651cb25882ead920c758ae51
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
f2812853b820ad994be2b9c42e7905f61e4a0106 02-May-2016 Sudheer Shanka <sudheersai@google.com> Merge "Allow any app to silently uninstall the orphan packages." into nyc-dev
07318065b22ba13ae003d7803a3e48e441f9f6e5 28-Apr-2016 Chris Tate <ctate@android.com> Merge "Make sure FIRST_LAUNCH is after PACKAGE_ADDED" into nyc-dev
5cf5578a457e448dda9fd47943e91f0f3b67690f 26-Apr-2016 Christopher Tate <ctate@google.com> Make sure FIRST_LAUNCH is after PACKAGE_ADDED

If an app undergoes restore during install, it is considered 'started'
and the FIRST_LAUNCH broadcast needs to go out. However, this must not
take place until after the restore operation has fully completed, in
order to avoid publishing the app's existence while it may still be in
an incoherent state. We now make this broadcast part of POST_INSTALL
in the restore case.

Bundled apps are in the 'started' state regardless, so no FIRST_LAUNCH
broadcast is ever sent for them -- this CL does not change that
existing behavior even in the case of setup-time data restore of
factory-installed packages.

Bug 28173625

Change-Id: Ibcc3758576662dc447b75476173a0d008a9fe4da
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
8c57aeaa8f27423b843fa043fb86b0b57c906ead 21-Apr-2016 Sudheer Shanka <sudheersai@google.com> Allow any app to silently uninstall the orphan packages.

Bug: 28302564
Change-Id: If6f2111e35ec94c7eb5b80a08bbf63fd58698c27
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ea3064a586decfe308d8252f1c2f3545c0fa9829 19-Feb-2015 Kenji Sugimoto <kenji.xb.sugimoto@sonymobile.com> Set installed flag of all users if system app is installed later

If an application(in /data) that other user installed it initially
is appended as system app later, owner user can not use the system app.

The reason this issue occurs is that the owner user's installed flag
is set false when the application was installed by other user
and the installed flag is not updated when the application is appended
as system app later.

So, we fix like as setting the installed flag to true
when the application is appended as system app.

Bug: 28183865
Change-Id: I0b4da5e0bb77fb3baf86d0453e6637a230b104ba
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
65136ac6a4f6fb2423a0768b451782dcd0e960d5 13-Apr-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Keep read/write external storage as built-in permissions" into nyc-dev
e5313a842a5e41cde624386448d1e77cb0fbfae7 11-Apr-2016 Svet Ganov <svetoslavganov@google.com> Keep read/write external storage as built-in permissions

These are permissions that were mapped to gids but we need
to keep them listed event though they are no longer mapped
to gis until an upgrade from L to the current version is to
be supported. These permissions are built-in and in L were
not stored in packages.xml as a result if they are not defined
in the platform.xml while parsing packages.xml we would
ignore these permissions being granted to apps and not
propagate the granted state.

From N we are storing the built-in permissions in packages.xml
as the saved storage is negligible (one tag with the permission)
compared to the fragility as one can remove a built-in permission
which no longer needs to be mapped to gids and break grant
propagation.

bug:27185272

Change-Id: I65e05c4f7edd9a934888b4d0974100aa4e9a9453
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
4288419787120ce85a241a4b315d7d2123aa2d4a 10-Apr-2016 Jeff Sharkey <jsharkey@android.com> Use inode numbers for CE storage.

Certain operations, such as clearing/destroying app data, or just
counting on-disk size, require us to know the CE storage directory
of a particular app. To facilitate these operations, offer a method
to get the inode of a CE directory, and accept that inode number
for later operations. Collect and store the inode number in
PackageUserState for future use when that user's CE storage is
still locked. This design means it's safe to clear/destroy app
data in both CE/DE storage at the same time.

Move most installd-related methods to a uniform calling convention
that accepts a single parent PackageParser.Package, and internally
fans out to handle all "leaf" packages under that parent.

In previous releases, we started installing apps using a new
directory-based layout, where all app code, unpacked native libraries,
and optimized code is bundled together. So now we only have a single
path to measure for code size. This fixes several outstanding bugs
that were causing sizes to be miscounted for apps supporting multiple
architectures.

Fix a subtle bug in PackageSettings that would cause "notLaunched"
to be parsed incorrectly.

Bug: 27828915, 27197819
Change-Id: Ia582cf3550553292bde4bb4313367111332913ec
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
d4041db120d7500e73e0132b03dfeffb84d402f5 09-Apr-2016 Jeff Sharkey <jsharkey@android.com> More freezing of apps when doing surgery.

We're still hearing rare reports of apps running while the system
is trying to do surgery on app code/data. To fix this once and for
all, start guarding all PackageManager critical sections by freezing
and then killing the app before doing surgery.

This is done by introducing a new PackageFreezer class which can be
used in try-with-resources blocks. It also handles child packages
uniformly, and it uses CloseGuard to defensively un-freeze packages
if a caller leaks without closing.

The set of frozen packages is now maintained outside of PackageSetting
to support newly installed packages. Add docs for the various locks
and method syntax conventions, including the new "LIF" syntax which
indicates the caller is responsible for freezing the package being
worked on.

Bug: 27698554
Change-Id: I64c4c48123060ccb4d4c50c2fbf3ef223c01e659
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
8ed9ece93dca5c7266ca7d9c5fabe7c9a6b214e7 10-Apr-2016 Jeff Sharkey <jsharkey@android.com> Revert "Keep read/write external storage as built-in permissions"

This reverts commit 4086750e30d04715d5be3ca6eaa75a4a1fa41d56.
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
30f37594e02e09903c56e1325cec85081f2aadb8 09-Apr-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Keep read/write external storage as built-in permissions" into nyc-dev
4086750e30d04715d5be3ca6eaa75a4a1fa41d56 09-Apr-2016 Svet Ganov <svetoslavganov@google.com> Keep read/write external storage as built-in permissions

These are permissions that were mapped to gids but we need
to keep them listed event though they are no longer mapped
to gis until an upgrade from L to the current version is to
be supported. These permissions are built-in and in L were
not stored in packages.xml as a result if they are not defined
in the platform.xml while parsing packages.xml we would
ignore these permissions being granted to apps and not
propagate the granted state. From N we are storing the built-in
permissions in packages.xml as the saved storage is negligible
(one tag with the permission) compared to the fragility as one
can remove a built-in permission which no longer needs to be
mapped to gids and break grant propagation.

bug:27185272

Change-Id: I440f6ceb7bc4710dece1a2fadabc995b18fc2a83
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
cea732185fd1b8560a3732116b6092975c254437 08-Apr-2016 Selim Gurun <sgurun@google.com> Merge "Corrections to processing abioverride flag" into nyc-dev
5c8acb4380874d7793ba4e44fd3f7baa9a0cb692 08-Apr-2016 Selim Gurun <sgurun@google.com> Corrections to processing abioverride flag

Bug: 28043974

One of the parameters to Settings class wrongly passes the secondaryCpuAbi
as CpuAbiOverrideString causing mayhem for multiarch libraries. Use the
correct param.

Further, for multiarch, the cpuabioverride flag is ignored. Remove the
check for cpuabioverride when checking for use32bitabi flag.

Change-Id: I7eff057031e3ddb18fcce6f380658a522af8b64d
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
29283375831d6ccf04b60d02af03e4268d79c454 05-Apr-2016 Sudheer Shanka <sudheersai@google.com> Prevent apps from uninstalling packages that are not installed by them.

Bug: 27404193
Change-Id: Ib8868d6522fc3e41526c6909fc6ea531f344e676
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
fc41ea320f203afa182c7f5816b2ae8072132dd1 26-Mar-2016 Andreas Gampe <agampe@google.com> [STOPSHIP] PackageManager: Add package setting flag for N upgrade

First upgrade to N level needs to compile apps with the first-boot
reason, as profiles are missing. The SDK level check does not work
for the preview, as the version is not incremented, yet.

Add a flag to the package settings to track the status.

Note: STOPSHIP, this will be reverted before release.

Bug: 27689078
Bug: 27872764
Change-Id: Ifd460d5235348f041ef64c9b61068af47113ddcb
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
9cfba3502079f5919ec065da2f8d86fe35c475da 25-Mar-2016 Dianne Hackborn <hackbod@google.com> Fix issue #25817435: Batterystats missing UIDs for secondary users

Change-Id: I9ad907571f04b5825d234758347659544a4de6ab
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
8a372a0a280127743ce9a7ce4b6198c7a02d2a4f 16-Mar-2016 Jeff Sharkey <jsharkey@android.com> Refactoring FBE APIs based on council feedback.

Mostly consists of removing the word "encryption" from most APIs,
since we can't actually make promises about the data being encrypted.

Bug: 27531029
Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
89d60189cd53a7f0e20c23bb42d4cd4c3dbc20b4 11-Mar-2016 Todd Kennedy <toddke@google.com> Add minSdk to dumpsys

Bug: 27526333
Change-Id: I0148275013ebab899bcb63c07d71a840539c1863
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
a561e3a3b782be3aa859b8c93f78205db1b429d7 04-Mar-2016 Jeff Sharkey <jsharkey@google.com> Merge "Log FBE related flags when dumping packages." into nyc-dev
effcd935940e4d3c2acb2a2a8bc22d5bf6f9cc64 04-Mar-2016 Jeff Sharkey <jsharkey@android.com> Log FBE related flags when dumping packages.

Bug: 27455726
Change-Id: I18146431792d5be0808ff6044174eff328039251
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
66c5553c2e418724ea20b2234a8590e889f0ffe4 27-Feb-2016 Todd Kennedy <toddke@google.com> dump apk signing version

bug: 26905579
Change-Id: I5c2682904f2fb83ffce572fe2eb35c38e1b72f01
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
258be56dcddd414e101dc3eb2853b0abd7cf1423 01-Mar-2016 Jeff Sharkey <jsharkey@android.com> Make preferred activities encryption aware.

Not all built-in apps are encryption aware, so match them all when
setting up preferred activities.

Bug: 27429841
Change-Id: I0fd2195714fac95d031813bab73125a5c7b6c81a
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
800efcc7f533ddce66c0c7b34c837d3323512d2a 26-Feb-2016 Jeff Sharkey <jsharkey@android.com> configfs is special; don't delete dir contents.

Bug: 27342722
Change-Id: I63e8316a6a6260869b4fdd94fde59b5ec3d7b30a
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
5cd52bee32250e14f5eca14d9e82535a0f2f4f87 23-Feb-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Expose removed permissions flag as system API" into nyc-dev
2a1376d9dfb362a18ba110d8e172f96021f1d879 23-Feb-2016 Svet Ganov <svetoslavganov@google.com> Expose removed permissions flag as system API

There are some permissions that were removed from the platform
and guard nothing but legacy apps may be checking them before
calling APIs. Hence, these apps should get the permissions as
expected despite them being a no-op. To address this the platform
declares removed permissions as normal permissions that are hidden
such that legacy apps can always get them. These permissions are
not shown in the UI. Play needs a way to filter out these
permissions like the platform as they have permissions UI too.

bug:23361760

Change-Id: I10f442dfc09a299ddc5480d8bf2db0bd786aec62
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
2271ba3627d18b65ed5ea63218cee7f9562acd31 02-Feb-2016 Jeff Sharkey <jsharkey@android.com> Push mapping of package name to appId to kernel.

The new sdcardfs kernel driver needs to know this mapping for
deriving UID permissions, so push the data through /config when
supported by the kernel. This also has the nice benefit of letting
us push only the deltas of what actually changes, instead of
re-parsing the entire "packages.list" file.

The mappings for newly installed apps are pushed before the app is
allowed to run, removing some latent race conditions. Also cleans
up stale mappings when packages are uninstalled, and whenever the
system server reboots.

Bug: 19160983
Change-Id: Iace92efb69616c96b34c0d9d911e4b54e5fd8a67
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
f4ff39c92be840d5f53c42cb02cef6b03a1ca70f 04-Feb-2016 Svet Ganov <svetoslavganov@google.com> Multi packages per APK - broadcasts

This change introduces the ability to have multiple packages per
APK. The feature is currently restricted to privileged apps and
updates to such apps.

In essence the manifest can have multiple child package declarations.
A child package can declare everything an Android package can except
some tags or attributes that are not applicable and instead inherited
from the parent when needed. For example, the target SDK of the parent
applies to all children.

A child package can be updated only through the parent package.
A package with multiple child packages is installed, uninstalled
atomically - no partial installs where some child packages are not
installed.

This change ensures that we send package broadcasts for child packages
when they are updated, removed, disabled, replaced, etc.

Sample app:ag/848432

Change-Id: I25b29c98152dcad9ede4d4eb040cc897b7f93426
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
354cd3ce2213a1032d9138ea6fa1420f055ab08c 17-Dec-2015 Svet Ganov <svetoslavganov@google.com> Multi packages per APK

This change introduces the ability to have multiple packages per
APK. The feature is currently restricted to privileged apps and
updates to such apps.

In essence the manifest can have multiple child package declarations.
A child package can declare everything an Android package can except
some tags or attributes that are not applicable and instead inherited
from the parent when needed. For example, the target SDK of the parent
applies to all children.

A child package can be updated only through the parent package.
A package with multiple child packages is installed, uninstalled
atomically - no partial installs where some child packages are not
installed.

The remaining work is to ensure broadcasts are also sent for child
packages. This will come in a subsequent change.

Sample app:ag/848432

Design doc: https://docs.google.com/document/d/18nFWtJuZchLxrHf5SBbJW03-Ky9Rh_G0-OVB14b6u78

Change-Id: I6fd021d981bf5786290e0c53502724a14c97358c
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e84bdd38addecc80878d811ab279646acfe6ab19 08-Feb-2016 Jeff Sharkey <jsharkey@android.com> Move graphics and JIT caches to DE storage.

We confirmed with the graphics and JIT teams that no sensitive
user data is written to these caches, so they're safe to point at DE
storage.

Since we don't have control over what is written by the app, we need
to keep the cache environment variable pointing at CE storage.

Fix ensurePrivateDirExists() to always return a path, instead of
returning null which can cause scary bugs.

Change packages.list to no longer canonicalize data paths, since
these fail when CE storage is still locked.

Bug: 27069522
Change-Id: Ifff64a036fa4aa1e61aa0dd98486bc711fbf8f4a
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
47f7108c1270a9e81d9560b6b0570c659bb93a71 02-Feb-2016 Jeff Sharkey <jsharkey@android.com> Prepare user storage just before using it.

Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.

This also has the nice property that we only prepare storage when
we know that keys are unlocked.

Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
78cea814da1a83d868bdaed596c6a9e304eb4570 21-Jan-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Update flags before querying activities when parsing default apps."
5fd83dcda2d5423014c64cbcb6a880742145dc59 21-Jan-2016 Svetoslav Ganov <svetoslavganov@google.com> Update flags before querying activities when parsing default apps.

Change-Id: I0120f32bfa2a7dd93714e8592496df4a0d74d07e
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
f340974e06980e1fcc3a6ef8b5603307b6650187 12-Jan-2016 Janis Danisevskis <jdanis@google.com> Change permissions of apps' home dir to 0700 for SDK > 23

This patchset changes the installd such that apps' home
directory has permissions set to 0700 if build for a
target SDK version. In consequence the commands

create_app_data and move_complete_app

get one more parameter, the target SDK version.
Apps built for a lower SDK version will still have
home directories with permissions set to 0751.

Bug: 7208882
Change-Id: I651da956dd57d882772b23a433421e9130ea4c0b
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
12cde00dc03ec802801b8fd7611c1706ab7d4363 16-Jan-2016 Jeff Sharkey <jsharkey@google.com> Merge "Prepare app data only when storage is available."
0e62384ccbd00e9f78851929ca88b919679ee32e 14-Jan-2016 Jeff Sharkey <jsharkey@android.com> Prepare app data only when storage is available.

Before this change, scanning a package aggressively tried checking
to ensure that private app data was prepared. However, in an FBE
world we may not have access to that data at scan time. So this
change shifts the preparing of private app data until later: it
prepares DE storage when a user is started, and CE storage when a
user is unlocked. Wire ourselves into the user lifecycle so we can
prepare storage at both user start and unlock.

When DE/CE storage becomes available, this change reconciles any
found packages against known installed apps, and deletes any orphaned
data directories.

We now need to store the last-restorecon hash in an xattr on a
per-user directory basis, since we can't restorecon CE storage until
it's unlocked, or adopted storage until it's mounted. Remove a
bunch of used logic for loading dynamic SELinux policy at runtime;
our policy always comes from the system image.

Bug: 26466827, 26544104
Change-Id: I8d0a4ef862c35f4e4ef5c7f20d3bb8f12ba3fd4b
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e9fd1fa31ad6f62d1eb6f32cdcdab50349f246eb 16-Sep-2015 Christopher Tate <ctate@google.com> Back up / restore runtime permission grants

Only user-originated grant actions are backed up/restored. This
includes outright grants, one-time denials, and "never ask again"
type denials.

Bug 19870549

Change-Id: I78b4a8abb713dc5d74b93cb53217b212d57b26e4
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
fdeeeea6cfdebdb98dd70a7dd48965743af01750 12-Jan-2016 Jeff Sharkey <jsharkey@android.com> Follow installd changes, throw exceptions.

Start by passing down flags to work on both CE and DE storage areas;
a future change will refine this further.

Force consistent argument checking and null handling for all
installd callers. Throw explicit exceptions instead of returning int
values that can accidentally be ignored.

Bug: 26466827
Change-Id: Iddb591f6b3c7786d210d3f132ff7f9886a97b749
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
2bd31dbd023a11d90061c7b6831dd06454c928af 10-Jan-2016 Jeff Sharkey <jsharkey@android.com> Install non-EA providers once user is unlocked.

When starting encryption-aware apps while the device is locked, we
can only spin up ContentProviders that have been marked as
encryption-aware. Once the user is unlocked, we need to go back and
install non-encryption-aware providers in already running apps.

Fix bugs in getPackageInfo() where only one of the various MATCH_
flags was being consulted (!). Move matching logic to single unified
location in PackageUserState so we have consistent behavior.

Fix another class of bugs where Safe Mode wasn't correctly filtering
package details (!). These bugs are fixed by splicing in the new
MATCH_SYSTEM_ONLY flag as part of state-based flag mutation that was
added for encryption.

Bug: 25944787
Change-Id: I39c8da74b1f9ba944cc817176983f50ba322329c
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e06b4d1d9f718b9fe02980fea794a36831a16db2 06-Jan-2016 Jeff Sharkey <jsharkey@android.com> Consistent naming for PackageManager methods.

When hidden PackageManager methods take a userId argument, they
should be named explicitly with the "AsUser" suffix. This fixes
several lagging examples so that we can pave the way to safely
start passing flags to new methods without scary overloading.

Also fix spacing issues in various logging statements.

Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
2a90f673f5819e05ea72f6aba3e75956e0f807dc 06-Jan-2016 Jeff Sharkey <jsharkey@android.com> Update logic for resolving verifiers.

Verifiers or installers may not be encryption-aware, or the user may
have disabled them, so we probe pretty deeply during system boot to
resolve them. Use the new MATCH_SYSTEM_ONLY flag to limit results to
packages on the system image.

When there are multiple matches, pick the one with highest priority
instead of crashing the system.

Switch to updated MATCH_ constants in more places.

Bug: 26250295
Change-Id: Ia7a3b1fb74da6c3b9d2c2edbf1deaa9fb52fc40a
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
2f3e35376ada0327b34a71d7c45ac6e6d955d7dc 21-Dec-2015 Jeff Sharkey <jsharkey@android.com> More work towards triaging missing app behavior.

Many places across the platform query package details without
gracefully handling packages or components that go missing for
various reasons. This can cause annoying user data loss, such as
resetting back to built-in apps or dropping of accounts, etc.

This change verifies that system callers have thought about these
edge cases by logging if they use default matching behaviors without
explicitly marking themselves as being "triaged." (The logging is
currently disabled by default.)

Also creates explicit definitions of supported flags for various
incoming PackageManager calls, and defines a clear distinction
between flag types:

-- GET-style flags are used to request additional data that may have
been elided to save wire space.

-- MATCH-style flags are used to include components or packages that
would have otherwise been omitted from a result set by current system
state.

There are a handful of existing GET flags that better fit under the
MATCH definition, so this change clones them to new constants and
marks the old ones as deprecated.

Fixes bug in JobSchedulerService to consider jobs from apps on
external storage. Revert some dialer behavior back to being
untriaged.

Change-Id: I9b6ab0968241e3479bddbd78de0c51e3b9917318
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
db29e46ae92a5f1b5f427b1d7cdef2e457612f57 29-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Avoid byte[] allocations in writePackageListLPr"
5217cacbd9f382068bb9e176cd5a0b15388a335c 20-Dec-2015 Jeff Sharkey <jsharkey@android.com> Make JobSchedulerService encryption aware.

When a user is started, but a persisted job component doesn't appear
in the normal resolution list, we avoid enqueuing the job. Later
when the user is unlocked, we take another pass over the pending
jobs to see if they became available.

Load keyboard layouts from XML metadata regardless of crypto status,
since we don't need to spin up any remote code.

Add MATCH_SYSTEM_ONLY to make system logic easier to write when
looking for trusted components.

Sprinkle more annotations on ArrayUtils methods.

Bug: 26279465
Change-Id: Iec28e0bb46862b07d740b12a79f6360de68dab0f
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
2a9e3f8e6813716ab88ca54fd04ae047dc9aaaeb 18-Dec-2015 Jeff Sharkey <jsharkey@android.com> Better named encryption flags, start triaging.

Create distinct flags for encryption aware, unaware, and both, and
name them like the other MATCH_ flags.

Start adding logic to help triage all system internal callers to
verify that they've done their homework and thought about how to
handle apps while locked. Call sites in the system should either
ask for explicit matching behavior, or explicitly use the DEFAULT
match flag to indicate that they've been triaged to use the
default state-based matching.

Bug: 26250295
Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
b69056b6b85b6e0aad48a8142f4116b5da9ae7f2 19-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Avoid byte[] allocations in writePackageListLPr

Previously a new array was created for each package in packages.list. Now
OutputStreamWriter maintains an internal buffer for string to byte conversion.

Bug: 26237300
Change-Id: I649e21833a16e76326f9a909220820c47a27f734
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
7164cb68dd6bf5efbbb9e3319fe985682685c2af 18-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Use buffering when reading preferred apps"
b35b34c7612dc5c73502bd286b1f9c9041a0518a 17-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Use buffering when reading preferred apps

On my test, a buffered version takes 10ms in contrast to 80 ms.

Bug: 26237300
Change-Id: I91ae05798672d243873e7447261156d5ebf3b045
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
1e2839188fb49575b86646d3aadb355c81ef9cc5 26-Nov-2015 Andrei Stingaceanu <stg@google.com> Wire call to suspend a package

Adds APIs in DevicePolicyManager and PackageManager for allowing
a device admin to suspend a package. PackageManagerService sets
or unsets a new PackageUserState 'suspended' setting. Terminal
command to suspend/unsuspend has been added via
PackageManagerShellCommand (as root).

Next steps:
* use the new 'suspended' setting for denying access to start app
(probably in ActivityStackSupervisor)
* broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up
* remove app from recents (go further and kill it if it is running)
* erase existing notifications for this app

Bug: 22776576
Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
d8327bd864e52bbc6cc57e933488aa7e99654d4f 01-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Fix locking error when a new user is created

Installer should not be called with mPackages lock held.

Bug: 25934378
Change-Id: I619af324d997dd1e4a2ac99171cb0e683c5713d1
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ba51235ef5c598d845b77fcf14491329493da34f 13-Nov-2015 Jeff Sharkey <jsharkey@android.com> More file-based encryption work.

Add new "am unlock-user" command so we can trigger changes from the
command line.

Move FBE check to static method so it can safely be called early
during boot before the mount service is ready. Move FBE emulation
to persisted system property, and start reading/writing that value.

Change default permission grants to ignore current encryption-aware
flags, since many of the target apps aren't crypto aware.

Always prepare package data directories, which is how we create the
new "user_de" paths during boot.

Bug: 22358539
Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
f36003f620ba5fcb3a30dcdf77adb262b10866ee 11-Nov-2015 Dianne Hackborn <hackbod@google.com> Don't send PACKAGE_CHANGED of components to manifest receivers.

To reduce broadcast spam, when we send a PACKAGE_CHANGE filter that
to only go to registered receivers if it is reporting a change in
components of a package (not a change in the overall package). There
should be no reason for apps to launch if component states change
(they can always query the next time they run), and since apps can
change their component state as needed and don't think of this as
an especially expensive operation, we don't want that to result in
a lot of other apps launching.

Change-Id: I5fd005c4ff838b6eade767cf87a928e906f4de63
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e17ac1569793c333bb4dce86607a342e7c982ae7 07-Nov-2015 Jeff Sharkey <jsharkey@android.com> More APIs for encryption-aware apps.

Apps can mark manifest components as being encryption-aware, which
means they can safely be run before the credential encrypted storage
is available.

Start adding filtering logic so that we only return these components
when a user is running "with amnesia." That is to say, only device
encrypted storage is available, so the user is running but with only
partial knowledge of its data.

To avoid calling into ActivityManager with the PackageManager lock
held, we quickly determine user state and splice the state into the
flags for later per-component evaluation.

Bug: 22358539
Change-Id: Idc56ec29f1ef04da8963e004314d7f5e47400997
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
4c6b40ec81c6394cb10e5ecb6c00d1412cba8272 23-Oct-2015 Daniel Cashman <dcashman@google.com> Merge "libs: add libpackagelistparser" am: cc7373eafd am: 188e8875db
am: a2dbc1cea3

* commit 'a2dbc1cea3c60510f27bfeb39012ae2c2796503c':
libs: add libpackagelistparser
a2dbc1cea3c60510f27bfeb39012ae2c2796503c 23-Oct-2015 Daniel Cashman <dcashman@google.com> Merge "libs: add libpackagelistparser" am: cc7373eafd
am: 188e8875db

* commit '188e8875db1a55a6bafc8e8ef741400baab6e6fb':
libs: add libpackagelistparser
188e8875db1a55a6bafc8e8ef741400baab6e6fb 23-Oct-2015 Daniel Cashman <dcashman@google.com> Merge "libs: add libpackagelistparser"
am: cc7373eafd

* commit 'cc7373eafd0d5be7df8898748a700b47298ebf10':
libs: add libpackagelistparser
f81de0e4a5f33e8d044e18d7f65dbc40ad819e3c 21-Oct-2015 Todd Kennedy <toddke@google.com> Merge "Maintain shared user list on OTA" into mnc-dr-dev am: 0cd10ec8cf am: d12f298da4 am: c9f3b2f54b
am: 68457b9cd4

* commit '68457b9cd49a695ed50c51eb9c0d0b63fcead737':
Maintain shared user list on OTA
68f6715bb283de2aa1678ffa16f69fd897300d8d 21-Oct-2015 Todd Kennedy <toddke@google.com> Maintain shared user list on OTA

When a package is removed during an OTA, we weren't removing it from the
shared user list. This means anyone asking for the packages for a shared
UID would continue to see the old package.

Bug: 24906701
Change-Id: Ifb6d64195e6b8af7454e19591611af66a40cbd10
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
dc06bb0752c1bc3e87b04a097b308bca1bc86181 24-Jul-2015 William Roberts <william.c.roberts@intel.com> libs: add libpackagelistparser

There are 4 components that all implement package parsing, they are:
1. sdcardd
2. libselinux
3. logd
4. runas

Create a library that can be used by all of them, and new ones as needed.

Change-Id: I87a406802f95d8e7bfd8ee85f723f80e9e6b6c0c
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
7db5af124e551554f7a2f1abdd2a486c937910fe 01-Aug-2015 Fyodor Kupolov <fkupolov@google.com> Limit the number of apps running as system user

For the system user, enable apps based on the following conditions:
- app has no launcher icons or has INTERACT_ACROSS_USER_FULL permission
- app is whitelisted
- app is not in the blacklist

Bug: 23283899
Change-Id: I90fa266e8cfb28d002e5f792998fdddb6a1e6969
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
594f208d661bc29dafef91e948d36cac652d59db 18-Aug-2015 Xiaohui Chen <xiaohuic@google.com> Clean up USER_OWNER reference in pm/Settings

Bug: 19913735
Change-Id: I538ed443b945e9cbb731520450bf5ef39882ae37
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
9e398eb51497dbcd2347cb1315933fa4e7cfcd9e 14-Aug-2015 Dianne Hackborn <hackbod@google.com> am 81f3a85a: Merge "Fix issue #22940169: "pm grant" can no longer grant permissions..." into mnc-dev

* commit '81f3a85aa29d83ed1a5de4de1006587d375a1c77':
Fix issue #22940169: "pm grant" can no longer grant permissions...
81f3a85aa29d83ed1a5de4de1006587d375a1c77 14-Aug-2015 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #22940169: "pm grant" can no longer grant permissions..." into mnc-dev
4b655fd193992afff948df513c7b9b9a0389972e 14-Aug-2015 Svetoslav Ganov <svetoslavganov@google.com> am b045331f: Merge "Add GTS test to ensure valid default permission grants - framework" into mnc-dev

* commit 'b045331fcb033507072bfd7899a147bb2be7176e':
Add GTS test to ensure valid default permission grants - framework
9f5b0a27350df984fb4a98b9658e89390ed60573 14-Aug-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22940169: "pm grant" can no longer grant permissions...

...with protection flag PROTECTION_FLAG_DEVELOPMENT

Bring back the old grant/revoke code for development permissions.

Also some more dumpsys output to help debugging.

And new dumpsys command for checking a permission.

Change-Id: I6e27e62a9ca5ec1ecc0f102714a448ea02f0f41c
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
52153f4c0540a991b5b7214f4f14b5a891479a3c 11-Aug-2015 Svet Ganov <svetoslavganov@google.com> Add GTS test to ensure valid default permission grants - framework

The platform grants runtime permissions by default to apps on the
system image that provide core device use cases which a user expects
to work out-of-the-box. We are now adding a test to ensure that
OEMs cannot pregrant premissions on non approved components.

bug:23043018

Change-Id: Id76717cce0ee59678956bd0be347d3c045fe4c51
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
02d6c013e4be4b5e09562c922506c1153347d161 08-Aug-2015 Svetoslav Ganov <svetoslavganov@google.com> am 90b030ba: Merge "Do not show removed permissions in the UI - framework" into mnc-dev

* commit '90b030bae8cc1f13da7948fef4aff1d171a2885a':
Do not show removed permissions in the UI - framework
3e0be7440bf40f5d81581077bc4f5f47e57b88b7 08-Aug-2015 Svet Ganov <svetoslavganov@google.com> Do not show removed permissions in the UI - framework

bug:23043018

Change-Id: Ia5cf49f299eda627d9fde2b34498812afcb3a6d5
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
073bfb9bec7bc407c50a23a2317852cb0d69599b 04-Aug-2015 Svetoslav Ganov <svetoslavganov@google.com> am ce68917c: Merge "Ensure per package and per UID state share same package settings." into mnc-dev

* commit 'ce68917c849548d80d9aca14f262d22d9c47c3dc':
Ensure per package and per UID state share same package settings.
e7af1942bac3e674e09019f158de139cba1cbd0b 04-Aug-2015 Svet Ganov <svetoslavganov@google.com> Ensure per package and per UID state share same package settings.

When renaming a package during an OTA we were getting in a state
where the package setting mapped to the package UID was not the
same instance as the one we create for the new package mapped.
This leads to a drift between the permissions state for the package
and that state for the UID, resulting in broken for UID permission
checks as granted permissions were never appearing in the per UID
package setting.

bug:22928831

Change-Id: Ib0372632ec84a917304561fd94032cd09bb4c12f
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
863504111546fb46fcb5af356efb267c8582018a 22-Jul-2015 Dianne Hackborn <hackbod@google.com> am b7394671: Merge "Work on issue #22303510: Additional permissions aren\'t properly..." into mnc-dev

* commit 'b73946715cb9e3ca7a2702407e34f885e92a5d9a':
Work on issue #22303510: Additional permissions aren't properly...
cfbfafe1b9ca2fd135a4fb6b528b3829830803bf 22-Jul-2015 Dianne Hackborn <hackbod@google.com> Work on issue #22303510: Additional permissions aren't properly...

...disabled after toggling them off

Keep track of whether a permission that has been declared by an app
was able to actually be installed in the system, along with an API
to find this information so that system UI can tell whether that
permission is of interest.

Also clean up some of the permission debug output.

Change-Id: If4541bedb857789b255bb18f03cad155dcda0b95
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
0fc1e88c05e805324880a35b3f10126937824a79 20-Jul-2015 Christopher Tate <ctate@google.com> am 6afdad7e: Merge "Don\'t fall back to domain verification state when looking up app linkage state" into mnc-dev

* commit '6afdad7e8863cb1fa3db5909e48269606fa76991':
Don't fall back to domain verification state when looking up app linkage state
6afdad7e8863cb1fa3db5909e48269606fa76991 20-Jul-2015 Christopher Tate <ctate@google.com> Merge "Don't fall back to domain verification state when looking up app linkage state" into mnc-dev
2d9d59053fcb8504914f358a1417e67a94c0f8f1 18-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 25945302: Merge "Persist version data on a per-volume basis." into mnc-dev

* commit '259453024c015da9d70d1ffadba09604aa1c786e':
Persist version data on a per-volume basis.
f80b52b08aff0fe4c5a5fdc710aa5976c7b25699 17-Jul-2015 Jeff Sharkey <jsharkey@android.com> Persist version data on a per-volume basis.

Now that we support multiple adopted external storage devices, we
need to keep track of version data for each volume. This means we
now correctly handle certificate upgrade edge cases, permission
regranting, and clearing of code caches on a per-volume basis.

Bug: 22298966
Change-Id: Ifb9940c197f6c058a3ecca728257f853ce0fd7f4
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
d85a66420244eea14588cabf8373cd90e0a6ca49 18-Jul-2015 Christopher Tate <ctate@google.com> Don't fall back to domain verification state when looking up app linkage state

This is in support of the always/never/ask UI tweaks in Settings: any
"assume always" fallback at the verification layer should not be
conflated with the user-facing semantic toggle. This was causing the
UI to report apps as being in the 'always open their links' state
inappropriately.

Bug 22532193

Change-Id: Iaa4bc3a2d5db814e1b0d96bc1c4ecfaafb1e3105
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
b4494b02d5700b4ef4058315d44f17c3d829c0ad 14-Jul-2015 Christopher Tate <ctate@google.com> am 288ecf98: Merge "Prioritize most-recently-enabled link-handling app" into mnc-dev

* commit '288ecf98f14c9eff639b0a3de074d5b4a06eccec':
Prioritize most-recently-enabled link-handling app
f0d6cb38c47ee37583034dc3a68238ed13c91742 11-Jul-2015 Christopher Tate <ctate@google.com> Prioritize most-recently-enabled link-handling app

In the case when multiple apps handle a given web-link action,
all of which have been marked as "launch the app instead of a
browser" and so are otherwise ambiguous, always prefer the app
that was most recently placed into the always-handle-links state.

Bug 22051035

Change-Id: I3f43c19b0d7b74e9843445e41971bb5433affb1c
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
9e0e69915a2e45dd5ba158e0436571551a672636 13-Jul-2015 Paul Crowley <paulcrowley@google.com> Merge "Use mount service to create user dirs." into mnc-dr-dev
bcf48ed2262d655ebf59153dea645ca761b73db5 22-Apr-2015 Paul Crowley <paulcrowley@google.com> Use mount service to create user dirs.

Bug: 19704432

(cherry-picked from commit 9102f5d953fbde03e12f385b2225004edc43d202)

Change-Id: I64a2c85beef115158feed3953deae32f692e750f
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
4a5f4a2bc7a379a5b4174f78fefeefe745e6cd37 08-Jul-2015 Svetoslav <svetoslavganov@google.com> Fix reset permissions on clear data and package uninstall.

If the user clears data for an app we reset the permission but
only the changes made by the user. We do not modify syste or
policy flags and also ensure the permission that were granted
by default are granted after the data wipe. This is the same
as starting with a clean slate.

If the package whose data is cleared is a part of a shared user
we resent to initial state only the permissions that the cleared
package contributed. Hence, if another package also declared the
permission as used we do not clear the permission state as it is
still in use.

When a package is deleted for a user but still present for another
user we reset its permissions to their inital state follwoing
above described strategy.

Lastly when a preinstalled package wtih an upgrade is diabled
(triggers upgrade uninstall) and this package is a part of a
shared user, we do not drop permission state (grants and flags)
for permissions used by the shadowed system package. This ensures
that we do not drop runtime permission state (such state is
default grants and user changes).i

bug:22248525

Change-Id: I3a3007476d2cb9f4ff824e1e137a6e1a4d04408b
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
050aee236509512f7098941946f12e1fbf2ab8ae 02-Jul-2015 Christopher Tate <ctate@google.com> App linking: permit overlapping link handling

Allow multiple apps to be enabled as link handlers even their set of
accepted domains overlaps. Also, allow app linking to be turned on
even for unverified apps if the user wishes.

Bug 21817604

Change-Id: I8bc7f1764318e5d4bb6ce93c66483fe07e922b1d
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
38cae6c8bcb86236b21d69f852473351c0c1d82a 06-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Reconcile private volumes when mounted." into mnc-dev
6dce4964b4d1a13d276d95730b8fb09d6a5a8d04 04-Jul-2015 Jeff Sharkey <jsharkey@android.com> Reconcile private volumes when mounted.

Many things can happen while a private volume is ejected, so we need
to reconcile newly mounted volumes against known state.

First, user IDs can be recycled, so we store the serial number in the
extended attributes of the /data/user/[id] directory inode. Since a
serial number is always unique, we can quickly determine if a user
directory "10" really belongs to the current user "10". When we
detect a mismatched serial number, we destroy all data belonging to
that user. Gracefully handles upgrade case and assumes current serial
number is valid when none is defined.

Second, we destroy apps that we find no record of, either due to
uninstallation while the volume was unmounted, or reinstallation on
another volume.

When mounting a volume, ensure that data directories exist for all
current users. Similarly, create data directories on all mounted
volumes when creating a user. When forgetting a volume, gracefully
uninstall any apps that had been installed on that volume.

Bug: 20674082, 20275572
Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
77ab6a888afaeb9010c7c3884adcd4819dbcee66 03-Jul-2015 Svet Ganov <svetoslavganov@google.com> Show basic feature warning for default granted permissions

bug:22174223

Change-Id: Ie8209e1f678ac459893151b5125e86eb5025aad8
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
cdfd230a392d0f0557a3a5bada221b7a05113392 26-Jun-2015 Svetoslav <svetoslavganov@google.com> Grant default permissons to the default SMS, Phone, Browser app.

The default SMS, Phone, Browser are selected in the UI and we
grant default permissions to these. We do this regardless if
they are on the system image as the user has made an explicit
choice in the UI and the permission we grant are considered
essential for such type of a core app to operate properly.

bug:22104986

Change-Id: Ide8caeb524b43dde11a20460666cf34c4d35f84b
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
143e118fa90bbeb8cf558ec0d303639d15ee7db7 27-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Make grant default permission more robust." into mnc-dev
ba3ba81eb8756641ae0079ae9da2779cc22aeb89 26-Jun-2015 Svet Ganov <svetoslavganov@google.com> Make grant default permission more robust.

Change-Id: If492ee3305774419671bbdb72b438c8e540005e9
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
1c3b7a6de6593c8a1c01ce48e04dda7e11471288 26-Jun-2015 Christopher Tate <ctate@google.com> Merge "Use a framework resource to name a factory-default browser app" into mnc-dev
db3fe819902f2bea08746c3e3ea55a9a55e3bac5 25-Jun-2015 Christopher Tate <ctate@google.com> Use a framework resource to name a factory-default browser app

If there is no resource-named default but there is a single factory-
installed browser app, that app is made the titular default.

This also introduces a permission guard on attempts to set the
default browser or the app-link state. These operations are now
contingent on the existing SET_PREFERRED_APPLICATIONS permission.

Bug 21778406

Change-Id: Id099bb9c4141f28917546492657cd2fba472e6b6
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ca8e6da41c6e63e3ed17eb461171f1ef2e1d29c6 25-Jun-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22023824: Download folder is not created in internal storage

The media provider and some other things need to be given storage access.

Also, seems like we should give storage access to the camera app as well.

And add a dump dump command that will dump data about a particular
permission name.

Change-Id: Idaaa9bba2ff4dc95290cf6d17e5df933df91e909
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
af15d9e755c73d1382cc66fedb30ff1d861b85f0 24-Jun-2015 Christopher Tate <ctate@google.com> Fix NPE when walking the set of packages to update app link policy

Bug 21851441

Change-Id: I3616c5a7e40f5ff9ad9bbfee579a4a2fb2b1f7fd
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
6d2268a57603e1c60329b93fb853ac2c134cb932 23-Jun-2015 Christopher Tate <ctate@google.com> Merge "Back up / restore default app and intent filter verification state" into mnc-dev
6038d15cbc7f4648ceaadf5f15d1928c4899f98e 17-Jun-2015 Christopher Tate <ctate@google.com> Back up / restore default app and intent filter verification state

For apps not present on device, the state inherited from the ancestral
device is applied when the app is ultimately installed.

Bug 20144515

Change-Id: Ie05b4f1751357fc62f14e259da174b8cf465e913
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
3ac465a7d830a973096b4f69ef4531f09dcdf07c 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> Do not thrown on error persisting runtime permissions

bug:20752986

Change-Id: I49d7e30afd49d3dcb1bcffd2fd48e9460ed5147f
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
1e575a0f32a00fc6a2f9a71fe1d1eb4426c71787 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Only grant runtime permissions to special components." into mnc-dev
adc1cf46045ae756d3a9ccbccf6b0f894e4c1edd 16-Jun-2015 Svet Ganov <svetoslavganov@google.com> Only grant runtime permissions to special components.

Now runtime permissions are granted only to components that are
part of the system or perform special system operations. For
exmple, the shell UID gets its runtime permissions granted by
default and the default phone app gets the phone permissions
granted by default.

bug:21764803

Change-Id: If8b8cadbd1980ffe7a6fc15bbb5f54a425f6e8f9
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
466ecdbc1e9f7007158c298652085676b8830f14 12-Jun-2015 Oleksiy Vyalov <ovyalov@google.com> Resolve canonical package path before writing it to packages.list.

Bug id - b/21028929

Change-Id: I82a7ba4f27017d3de29790cdbfab656ca9814cfb
(cherry picked from commit 4b42adf697c0ecde7ed18234109eb5430239fe54)
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
72c10a25f0b91bac8d50ec512d37d516ece7c9d5 13-Jun-2015 Christopher Tate <ctate@google.com> Clean up app-link verification policy

If an app claims to be the official auto-verified app for any domain
and thus the automatic handler for ACTION_VIEW / {http,https}://...
intents naming that domain, then we require that it verify as the
official app for *all* domains it purports to handle, even if the
other domains are not flagged for verify.

Bug 21335460

Change-Id: I3fdd8620defa31aea36ce738fa63ac94fc53c5f7
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
3dcdd37b66bb996ae332c29e25788a118a9e2691 29-May-2015 Svetoslav <svetoslavganov@google.com> Use AtomicFile APIs correctly when reading.

21280155

Change-Id: I354ebac8fc91d8f28eec6016474a9521ff2a490d
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
91edde24ffa5d78df18bf752de88dfe2bc8c4119 20-May-2015 Jeff Sharkey <jsharkey@android.com> Write packages.list when adding/removing users.

FUSE daemons now rely on getting per-user GID information when
packages.list is written. Normal secondary user adding/removing
usually has enough PackageManager traffic to trigger a side-effect
rewrite, but this change writes explicitly to handle guest users.

Also obtain the user list once, and exclude dying users. During
user creation we manually splice in the user ID that we're bringing
online.

Bug: 19924661
Change-Id: Icc5b1b169300c9dc12099be12651acbf89d6bea9
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4 08-May-2015 Wojciech Staszkiewicz <staszkiewicz@google.com> Pass charset to XmlPullParser.setInput instead of null

Passing null to XmlPullParser.setInput forces it to do additional
work, which can be easily avoided if we know the charset beforehand.

bug: b/20849543

Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
8c7f700a59ad26e75c9791335d78f14322cad49a 07-May-2015 Svet Ganov <svetoslavganov@google.com> Add permission meta-state flags to support grant/revoke permission policy.

We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:

1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.

2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.

3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.

Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
aef021042e1bc6851a9d66f40f00cea021d357c7 07-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 8" into mnc-dev
1f09b8c0c2a08fa5169a36031efcb3f34ec5f163 07-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 8

- fix clearing of Intent Verification Status: now do it at the correct
time when the PackageSettings info is still there
- reduce writing of Settings

See bug #19628909

Change-Id: I9113333c330964249342108fa1ca7b8ec89c3322
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
019d2304998f3ed77c0a608df6cf4bea1138f8dc 04-May-2015 Svet Ganov <svetoslavganov@google.com> Permission UI - legacy apps support

Change-Id: Id3f98c138422d33868363d587dd196898b42a0d4
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
83bb765b046a3c6d90abbd65545d4532f647ae14 01-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 7" into mnc-dev
1de3f0dcafb0c5ceb3d9bec96a5c630bb8d4a515 30-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 7

- update packages priming so that it effectively save its data
- use ArraySet instead of ArrayList for list of domains (a set
is preferable as we dont want duplicates)

See bug #19628909

Change-Id: I52085f4bc28dcbc7fbc02ba0898abcd4ae9cf1e2
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
bd0e9e4958acdc6ab5f607bc252fddba877d20f9 01-May-2015 Jeff Sharkey <jsharkey@android.com> Move both app code and data together.

Refactor app movement code into the normal install flow as a new
flavor of InstallArgs. It copies both app code and data during the
copy step, and just updates paths during the rename step.

Measure free space before kicking off a move. Spawn a thread to
derive a hacky progress estimate based on free disk space counting
down.

Remove checkFreeStorage() and getLegacyNativeLibraryPath() which
nobody was calling. Fix deadlocks around package broadcasts, and fix
wrong lock ordering when loading packages.

Bug: 19993667, 20275578, 20370140
Change-Id: I7bbf14c924a724d6ebb8a41a02434750fa3302bc
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e31b820dad4c5f2b19ee10479a675a139ad3c61e 30-Apr-2015 Jeff Sharkey <jsharkey@android.com> New "frozen" state during app move/upgrade.

This replaces mOperationPending, which was in an odd place. It adds
a new PackageSetting.frozen flag that is a last-ditch effort to
prevent ActivityManager from starting an app while it's being moved
or upgraded.

Also provides clearer guarding around all upgrades by freezing,
killing, upgrading, then unfreezing.

Bug: 20275579
Change-Id: I28bb0359a6f4e05080fb336b18dd2a249509d989
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e723e54650c5ace8beb47bc4d3c493e276e65d91 23-Apr-2015 Svet Ganov <svetoslavganov@google.com> Revert some unnecessary changes in handling XML read

Change-Id: I3bbbc3159930d80e2e1f28fa9c0035ae5029d4b8
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ba0821ed3bc2536be02df1ae850619b111cbd6f4 22-Apr-2015 Svet Ganov <svetoslavganov@google.com> Make read/write from/to XML persistent state more robust.

When writing critical state to XML an excpetion can lead to creating
a malformed XML that is later parsed and may put the device in a bad
state. Hence, on any error while writing we should bail out and drop
the partially write state on the floor.

Corollary, any error on parsing can lead to having a partially read
state that is not consistent which may lead to writing this bad state
back to disk. Hence, on any error while parsing we should bail as
our current state may be unrecoverable.

Change-Id: Ia050c16198cb583f8a51263ad2035dbb948052b8
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
529f91fc8e7e884ef19bef8eb3e4e3a1d69336f4 19-Apr-2015 Jeff Sharkey <jsharkey@android.com> Always send volume UUID with installd commands.

Since packages can be moved to other volumes, all relevant commands
to installd now require an explicit volume UUID parameter.

Bug: 20275577
Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
6036cd51265d31c08eefe0470a9f37e7f757aae8 11-Apr-2015 Jeff Sharkey <jsharkey@android.com> Merge "Support moving apps to expanded storage."
6227172310663e1267b1fabd68be890a1cb7e145 11-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add Default Browser App support and relax Hosts validation for AppLinks

- add private PackageManager APIs for setting/getting the default
Browser App package name
- serialize / deserialize the default Browser App package name per User

Also relax the Hosts name validation for the AppLinls feature. Now we
just care if the IntentFilter is having an HTTP or HTTPS scheme.

Change-Id: I4436f66ac6beff57e14f7f3a2a00b0b582c03be9
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
b9f3674c11ed9c89b80a69f728cbc5f540b2ecde 09-Apr-2015 Jeff Sharkey <jsharkey@android.com> Support moving apps to expanded storage.

Start deriving the data path for apps based on the volume UUID where
the app lives. This path is used for all higher-level APIs, giving
us a clean place to switch app storage.

When parsing a package, keep track of the volume UUID where it lives
and update PackageSetting once installed. For now continue treating
moves as installs, but we'll eventually clean this up to avoid the
additional dexopt pass. Wire up move to use the new installd command
to move private data between devices.

Cache LoadedApk only for the current user, since otherwise the data
dir points at the wrong path.

Bug: 19993667
Change-Id: I53336e3b147d5fd3130e6800869af172b628da37
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
7d014cec63939f7aca2a8014f45cd4c9a3e1aa0c 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 4

- add domain verification priming at boot when the PackageManagerService
singleton is created. This will mainly set the domain verification status
to INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS for all Apps that
have an IntentFilter with action VIEW and data scheme HTTP or HTTPS.

- also optimize Intent resolution by taking into account Browser Apps

Change-Id: Id8e66c9759a99e79b07051595ca89a168dc5ae0e
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
0788595e0c9bc5e8c1907c63db595010006ef5b4 07-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 3

- add private API PackageManager.getAllIntentFilters(String)
for getting all IntentFilters from a given package
- update IntentFilterVerificationInfo to use an ArrayList<String>
for domains instead of a String[]
- if you make an App a default domain handler then make the
others as non default
- create an IntentVerificationInfo even if the App IntentFilters
do not need to be verified. This would be done only if the App
has some domain URLs defined and would allow to make it the
default handler for a domain
- a few code optimizations here and there

Change-Id: I4535372a0bb1a2c8e662e1485be8ca700003e9b3
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
b2b9ab8354da1485178cd8d8e9d89ac915b3f269 06-Apr-2015 Jeff Sharkey <jsharkey@android.com> Installing packages to expanded storage.

PackageManager now offers to load/unload packages when expanded
volumes are mounted/unmounted. Expanded storage volumes are still
treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view,
but this change starts treating the INSTALL_EXTERNAL flag as
exclusively meaning ASEC containers.

Start tracking the UUID of the volume where a package is installed,
giving us a quick way to find relevant packages. When resolving an
install location, look across all expanded volumes and pick the one
with the largest free space. When upgrading an existing package,
continue preferring the existing volume. PackageInstaller now knows
how to stage on these volumes.

Add new movePackage() variant that accepts a target volume UUID
as destination, it will eventually move data too. Expose this
move command through "pm" command for testing.

Automount expanded volumes when they appear.

Bug: 19993667
Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e012a235569fe307d165dfd0784ae847d0b13739 02-Apr-2015 Christopher Tate <ctate@google.com> Back up / restore preferred app configuration

Bug 19848104

Change-Id: I84cdfcc44b48a9732984955d7eedf745b5586bdd
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
3425dae8dc63372e8944dce43f7ed2d567512248 03-Apr-2015 dcashman <dcashman@google.com> Merge "Refactor KeySet code."
8c04facdf5e76fb34c55cfe3dc9a0216322b91b8 23-Mar-2015 dcashman <dcashman@google.com> Refactor KeySet code.

Eliminate dependency in packagesetting keyset metadata on other packages by
introducing reference counts for KeySets and public keys. This also allows
keysets to retain their id across reboots by eliminating the need to remove
all keyset data after scanning all packages on boot, which also should
drastically reduce the number of calls to ArraySet.removeAll().

Bug: 19617481

Change-Id: I6cc65f30e431b8e4ebe49047a9219a0d983f2774
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
1c1b47125da018b44240739db75f8898e064a948 20-Nov-2014 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification

The purpose of this feature is to prompt the Disambiguation dialog
to Users as less as possible.

- add the new "autoVerify" property to the IntentFilter class
- add new APIs to PackageManager:
verifyIntentFilter(int, int, List<String>),
getIntentVerificationStatus(String, int),
updateIntentVerificationStatus(String, int, int),
getIntentFilterVerifications(String)
for supporting IntentFilter verification
- add support for multi-user
- update PackageManager for IntentFilter verification:
basically when we are installing a new package, ask for verification
of all domains from the IntentFilters that have the "autoVerify" to true.
This means that the PackageManager will send a well defined protected
broadcast (with a new INTENT_FILTER_NEEDS_VERIFICATION action) to
an IntentFilter verifier to do the real job of verification.
We are passing in the broadcast Intent all the necessary data for
doing the verification. The PackageManager will receive as response
the result code of the domain verifications and, if needed, the list
of domains that have failed the verification.
- add a new INTENT_FILTER_VERIFICATION_AGENT permission that needs to
be set by an intent filter verifier to be considered as a trustable
party by the PackageManager.
- add also a new BIND_INTENT_FILTER_VERIFIER permission for securing
the binding between the PackageManager and a service doing the
intent filter verifications.
- add ResolveInfo filterNeedsVerification which is a boolean
to knows if the IntentFilter is of a type that needs a verification
(action VIEW, category BROWABLE, HTTP/HTTPS data URI)
- add new "domain-preferred-apps" / "d" dump command for listing the
prefered Apps for all domains
- add new "intent-filter-verifiers" / "ivf" command for listing the
IntentFilterVerifier used
- introduce the IntentVerificationService which is a basic service
for verifying IntentFilters. This service will send HTTPS requests
to the domain declared in the IntentFilter(s) for doing the
verification. This service has a low priority level so that it
can be replaced by a more sophisticated one if needed. This service
is updating the PackageManager intent verification states thru
the updateIntentVerificationStatus(...) API.
- update MockPackageManager

Change-Id: I0bfed193d0bf1f7c7ac79f6c1b160b7ab93b5fb5
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
12a692a5e8244cad6ae634cc0821e4e3590cfef6 29-Mar-2015 Svet Ganov <svetoslavganov@google.com> Fix runtime permissinos toggling and relax XML parsing.

1. Fixed the case where runtime permissons can be toggled by a
developer via a system property.

2. Relaxed the runtime permission XML parsing to be more fault
toelrant and consistent wiht the reset of the package manager
parse code.

3. Fixed a deadlock due to calling in to the activity manager
with the package manager lock held to kill an app.

Change-Id: I11dfb57ad4d8119baea79227dc2a3fe5e2208515
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
cf959f6e722ddd20033b7c98b3e04c7143f6438e 27-Mar-2015 Svetoslav <svetoslavganov@google.com> Handle dynamic enable/disable of runtime permissions support.

This change adds support for the case where we change the state
of runtime permissions support via the system property. This
was not working properly before because we did not handle system
app permissions properly.:

Change-Id: I66c5e6c823b8521999972b0432b1daaba38c9709
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
d5752bdc8fd39d4f0a508f9088c538e30e73044a 26-Mar-2015 Svet Ganov <svetoslavganov@google.com> Properly handle system app permissions - for real.

System apps targeting SDK greater than Lollipop MR1 get runtime
permissions by default but if the user takes them away we should
not regrant them. To do that we keep track for each package which
user ids were handled in the last permissions update. If a new
user id has appeared we grant runtime permissions for this user
to the sys package. When we start clean (i.e. first boot) the
sys packages were updated for no user so we grant the runtime
perms for the owner. When reading a package from packages.xml
we set the updated user ids to all users ids on the device as
the state in the xml reflects the latest state before a shutdown,
i.e. the last state when permissions were updated.

Change-Id: I93135baa57950405a357b139c59f432cf02f0bc6
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
00f3904629ef89192e061c1995801ef322fc0bcf 24-Mar-2015 Jeff Sharkey <jsharkey@android.com> Introduce per-user GIDs for storage.

This will eventually allow us to have a single unified filesystem
instead of requiring zygote to use bind mounts.

Change-Id: I29b819ab51498b4bab874e0367b1ab4165f84025
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
c6d1c345f41cf817bf2c07c97b97107d94296064 26-Feb-2015 Svetoslav <svetoslavganov@google.com> Runtime permissions: per user permission tracking.

Before all permissions were granted at install time at once, so the user
was persented with an all or nothing choice. In the new runtime permissions
model all dangarous permissions (nomal are always granted and signature
one are granted if signatures match) are not granted at install time and
the app can request them as necessary at runtime.

Before, all granted permission to an app were identical for all users as
granting is performed at install time. However, the new runtime model
allows the same app running under two different users to have different
runtime permission grants. This change refactors the permissions book
keeping in the package manager to enable per user permission tracking.

The change also adds the app facing APIs for requesting runtime permissions.

Change-Id: Icbf2fc2ced15c42ca206c335996206bd1a4a4be5
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
2018fd02517449f0c7a13a1d9b7baa7754ade7d3 12-Mar-2015 Mark Salyzyn <salyzyn@google.com> logd: optimize statistics

logd reads /data/system/packages.xml (because it also contains
shared UIDs) and is sensitive to line break and tag name issues.

Bug: 19608965
Change-Id: I2a4a6bcfb10529e4b29c9664cbbf12842e689dd1
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
33d3c53da021f0d044028860ace0f4ad817273f5 11-Feb-2015 Alex Klyubin <klyubin@google.com> resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp

Change-Id: Ic20b6c8851458483dd73a144bd5ae6e8d141e62a
b9f8a5204a1b0b3919fa921e858d04124c582828 03-Feb-2015 Alex Klyubin <klyubin@google.com> Move hidden ApplicationInfo flags into a separate field.

The public API field android.content.pm.ApplicationInfo.flags can
support only 32 flags. This limit has been reached. As a short term
workaround to enable new public flags to be added, this CL moves flags
which are not public API into a separate new field privateFlags and
renames the affected flags constants accordingly (e.g., FLAG_PRIVILEGED
is now PRIVATE_FLAG_PRIVILEGED).

The new privateFlags field is not public API and should not be used
for flags that are public API.

The flags that are moved out of ApplicationInfo.flags are:
* FLAG_HIDDEN,
* FLAG_CANT_SAVE_STATE,
* FLAG_FORWARD_LOCK, and
* FLAG_PRIVILEGED.

NOTE: This changes the format of packages.xml. Prior to this CL flags
were stored in the "flags" attribute. With this CL, the public flags
are stored in a new "publicFlags" attribute and private flags are
stored in a new "privateFlags" attribute. The old "flags" attribute
is interpreted by using the old values of hidden/private flags.

Change-Id: Ie23eb8ddd5129de3c6e008c5261b639e22182ee5
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
c4d05fc0db6c41e9d70309aa78219aa202c7cb59 02-Dec-2014 Jeff Sharkey <jsharkey@android.com> Include splits in dumpsys package output.

Describe the currently installed splits, both in normal dumpsys
output and in checkin output. Also include revisionCode of those
splits when defined (non-zero).

Bug: 18576300
Change-Id: Ie8140961fb7b9e0ed23fd6bc267157aab075dd78
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
aebb65cb687216b9912cf98d24858ffcb3e6f50b 25-Nov-2014 Jeff Sharkey <jsharkey@android.com> package_info GID shouldn't have write.

Fix permissions on packages.list and package-usage.list to only
allow read access from the package_info GID.

Bug: 18473765
Change-Id: I9b9ef13f4a00a8355619bbcdacc836f9abfa0376
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
d052a9416ae3f7e42fc1e7de0740021df385ee48 22-Nov-2014 Dianne Hackborn <hackbod@google.com> Work on issue #18486438: Reduce size of bugreport output

Reduce how much stuff ProcessStats spews, and do collapsing of
repeated intent filter targets when dumping IntentResolvers.

Also add to pm's checkout output to include shared user ids,
and fix output formatting in a few places.

Change-Id: Ic9fc6731f0439101ba9343535e66cdbbad47e291
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
521ca5f8fba355f526e82dc3a8fc6520e4379874 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 2e700004: am d68b87cd: Recover apps with malformed certificates.

* commit '2e7000040e3d836bb591e29515974817afc49488':
Recover apps with malformed certificates.
d68b87cdd402d46013170d9316a31c82be4e4816 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> Recover apps with malformed certificates.

There was a window of time in Lollipop where we persisted certificates
after they had passed through a decode/encode cycle. The well-written
OpenSSL library was liberal when decoding (allowing slightly malformed
certs to be parsed), but then strict when encoding, giving us
different bytes for effectively the same certificate.

A related libcore change (0c990ab4a90b8a5492a67b2b728ac9a4a1ccfa1b)
now returns the original bytes verbatim, fixing both pre-Lollipop
installs and installs after that change.

This change recovers any apps that had been installed during the
window of time described above by doing a one-time check to see if
the certs are effectively equal.

Bug: 18228011
Change-Id: Ib82bd6db718d0490d7a26c9c1014b7c8457a7f2d
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
9f837a99d48c5bb8ad7fbc133943e5bf622ce065 24-Oct-2014 Jeff Sharkey <jsharkey@android.com> Reduce PackageManager RAM usage: ArrayMap/Set.

Transition PackageManager internals away from heavier HashMap/HashSet
to use drop-in ArrayMap/ArraySet replacements. Saves ~38% RAM and
thousands of objects on a typical device.

Bug: 18115729
Change-Id: Ie107d2fee4b7baa4e3c3923231b4be877d1a5d2f
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
f85e7af4d009862fc799c7232ec5cf9e2dc9fa34 14-Oct-2014 Dianne Hackborn <hackbod@google.com> Fix issue #10034864: Define YouTube application as the preferred...

...handler for its Intents

Fix bug when a third party app is installed as an additional but
worse match for the intent.

Also raise up the limit for when we start printing logs about
overly large strict mode data.

And turn off the logs about services being created and destroyed,
since with the way things are using services these days these have
become way too spammy.

Change-Id: I8fe301dfd80fb4b70213cb7783b7c5426245278d
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
8d05172112436a81bed6e4a0810f8914509d8a4d 01-Oct-2014 Dianne Hackborn <hackbod@google.com> More work on issue #17656716: Unhandled exception in Window Manager

Fix Slog.wtf to not acquire the activity manager lock in its code
path, so that it can never deadlock. This was the original intention
of it, but part was missed.

Now we can put back in the code to detect when strict mode data is
getting large (a little more targeted now to the actual problem),
and use Slog.wtf to report it. And as a bonus, when this happens
we will now clear all of the collected violations, to avoid getting
in to the bad case where IPCs start failing. So this should be
good enough for L to fix the problem, with wtf reports for us to
see if the underlying issue is still happening.

Finally, switch a butch of stuff in the system process from Log.wtf
to Slog.wtf, since many of those are deadlocks waiting to happen.

Oh and fix a crash in the settings provider I noticed in APR.

Change-Id: I307d51b7a4db238fd1e5fe2f3f9bf1b9c6f1c041
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
eeb2c7e712dbae91de04ab2338c1fbccfbce7ba2 24-Sep-2014 Dianne Hackborn <hackbod@google.com> Work on issue #17628623: Need to update default preferred activities for YouTube

Improve the warning logs when setting up preferred activities
to help identify when there are issues and what they are. Also
improve the algorithm a little to still apply permissions when
resetting them and there are additional third party apps, as long
as the additional app is something like another browser and the
preferred activity being set is more specific (has a better match).

And add an example of using manifest-based preferred activities
in to ActivityTest -- and yes it DOES work! :p

Change-Id: I1ff39e03a5df6526206e0c3882085396b355d814
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
26f9ea38a5b6030714757834b94dce737aa8d564 11-Sep-2014 Amith Yamasani <yamasani@google.com> Fix build

Import went missing between CLs

Change-Id: I8740b99dbce15b3f3508768ab3e02f551caf673d
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
f58e532e015ef31d879ee51aeeb251349784717c 11-Sep-2014 Amith Yamasani <yamasani@google.com> Merge "Apply cross-user restrictions to Shell" into lmp-dev
e107c3eb79be40f1071c4370fd9a3f9e4fd6d6de 09-Sep-2014 Adam Connors <adamconnors@google.com> Remove package level intent forwarding.

Clean up unused methods.

Bug: 17389110
Change-Id: I8a80fe3e14219f06572de05c390cdda0efcbf5db
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
8cd28b57ed732656d002d97879e15c5695b54fff 09-Jun-2014 Amith Yamasani <yamasani@google.com> Apply cross-user restrictions to Shell

Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.

If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.

Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ece305d585a3b8888ec962a5daf7a13bb93ab454 04-Sep-2014 Amith Yamasani <yamasani@google.com> Allow adb install to work even if unknown sources is disallowed

adb installs should continue to work for developer usecases,
but PackageInstaller continues to be blocked for sideloading
via the UI - browser, downloads, etc.

Bug: 13760585
Change-Id: I4f8c1445448584c17e5acf77b399579c2643f333
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
4903f64ba2478849e6c401f42f5a77c1d4f9f7df 11-Aug-2014 Narayan Kamath <narayan@google.com> Persist the cpuAbiOverride setting.

If an app is installed with an ABI override (adb install -r --abi)
we should remember this so that we don't revert to the scan derived
ABI on the next reboot.

bug: 16476618

Change-Id: I6085bc0099eb613dd9d3b07113c7c13859780697
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
29762c3dfb7a510c23f021f6797840ebd80663af 29-Jul-2014 Nicolas Prevot <nprevot@google.com> Removing old tag TAG_FORWARDING_INTENT_FILTERS.

By now, all devices should have updated, so we can remove the
old tag name.

Change-Id: Id0bc0e08f3979c5a2652c4eb8da9ff938b5d5bc4
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e5bcff624fb58b6f95be8ddff7f5b6b3bf5d19c7 20-Jul-2014 Amith Yamasani <yamasani@google.com> Rename setApplicationBlocked to setApplicationHidden

This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.

Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
e702404c5a9d46765acb76f63ea6338d0a42b030 08-Jul-2014 Nicolas Prevot <nprevot@google.com> DO NOT MERGE

Remove cross-profile intent filters when removing a user.

When a user is being removed: removing cross-profile intent filters that have
this user as their source.
This makes sure that if the user id gets reassigned without restarting the phone,
we do not have old information from the preexisting profile.

Change-Id: Ie3a2aa0cbbe6c9eb9e945e650fd907e5cc012409
(cherry picked from commit d44e2d7340c70406d8b5eb8b3d6c6c0daaa8705f)
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
4ed745d359ada6986ac15d8718452e5c55f40170 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Add code cache directory for apps.

This provides a directory where apps can cache compiled or optimized
code generated at runtime. The platform will delete all files in
this location on both app and platform upgrade.

Bug: 16187224
Change-Id: I641b21d841c436247f35ff235317e3a4ba520441
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
84f1294a958b42000755dc6570e3eda72ab42140 11-Jul-2014 Jeff Sharkey <jsharkey@android.com> Always derive native library paths at runtime.

Over time, we've unpacked native libraries at various places with
respect to their source APK. Persisting this path in PackageSettings
has caused more pain recently with the switch to supporting multiArch
and cluster installs.

This change switches us to always derive the native library paths at
runtime based on the type of install. This also ensures that
transitioning between a bundled system app and an upgraded system
app will always build the right path.

We still persist the last generated path into PackageSettings to make
cleanup at uninstall time easier.

Bug: 16208505, 16206748, 16212206
Change-Id: Ieb82a424ca4a92b5674983453c50ba4b695abfb0
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
41cd577c12a3525663101ff9217ded509bb869d6 11-Jul-2014 Amith Yamasani <yamasani@google.com> Send USER_FOREGROUND and USER_BACKGROUND to all related profiles

Also do a check for null applicationInfo object during user creation.

Bug: 16211029
Change-Id: Ib49c241cf3698735e273edf5704bef277f1142a5
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ff110bd61a69f7ed8602ae14b27f7befec76b2e7 04-Jul-2014 Narayan Kamath <narayan@google.com> Multi-arch application installs.

Each application now has two ABIs, the primary
and the secondary. The app is always launched with
the primary, but the secondary might be used by other apps
that load the given applications code. This implies we
must:

- dex2oat the app both ways.
- extract shared libraries for both abis.

The former is relatively straightforward but the latter
requires us to change the layout for shared libs that we
unpack from applications. The bulk of this change deals
with the latter.

This change continues to fill in nativeLibraryPath during
scans for backwards compatibility. This will be removed in
a future patch.

Change-Id: Ia943dd11ef815c5cbfc60f17929eaa2a652a385a
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
539a7ef5c93b3a4d6ad7db0d278b1aa5814c0393 07-Jul-2014 Alexandra Gherghina <alexgherghina@google.com> Removes cross profile package information when removing an user

This makes sure that if the user id gets reassigned without restarting the phone,
we do not have old information from the preexisting profile.

Also renames method which needs write locks.

Bug: 15928463
Change-Id: I30b0f85cf90d3e0c289a37bcbaec8da63499a170
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
d746057f2414cba2bdc69257cc5be8cb681bb592 07-Jul-2014 Jeff Sharkey <jsharkey@android.com> Change new file installs to be cluster-based!

Now that all the other pieces are in place, we're ready to start
installing new file-based packages as a cluster (the new unified
directory-based layout). This greatly simplifies the renaming
process.

Also add helper methods to ApplicationInfo to give a much clearer
mapping between it and internal field names, since we can't change
the public API.

Add recursive restorecon().

Bug: 14975160
Change-Id: I72a63c5ddbc594c2fec4a91dd59f73ef253fbfd7
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
3a0dbfb206dbde546fffa35902cf13101667eb79 07-Jul-2014 dcashman <dcashman@google.com> Record properSigningKeySet values to packages.xml

PackageKeySetData records all of the defined keysets which are a subset of an
apk's signing keyset. It also records the original superset for all of these
in an easy-to-access 'proper' signing-keyset which is consulted as the official
source for a package. This value was not being recorded, causing
PackageManager to re-gather the certificates for a package on each boot after
a fix for a different bug. Record it.

Bug: 16076095
Change-Id: If5a7f6d70dd4784284d7bab466dab0311aa13c28
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
c13053bf1c05b980421611487ce67677c08db299 29-May-2014 Kenny Guy <kennyguy@google.com> Add package state to block uninstall.

Add package state to allow profile or device
owners to block uninstall of packages.
Add API to DevicePolicyManager to set/get the
state.

Bug: 14127299
Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
55b1078e2a1b56daa85edfd5000a5844d3c7914b 09-Apr-2014 dcashman <dcashman@google.com> Initial work for key rotation.

Introduces the upgrade-keyset tag to AndroidManifest.xml. This specifies a
KeySet by which an apk must be signed in order to update the app. Multiple
upgrade KeySets may be specified, in which case one of them must be used to
sign the updating apk. If no upgrade-keyset is specified, the current logic
involving signatures is used.

Current Key Rotation Design Decisions:
-Apps using a shared user id may not rotate keys.
-All acceptable upgrade keysets must be specified, including the key signing
the app. This enables key rotation in one update, but also 'locks' an app if
an incorrect upgrade keyset is specified.
-Minimal changes to existing KeySet code.

Bug: 6967056
Change-Id: Ib9bb693d4e9ea1aec375291ecdc182554890d29c
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
6e2ae2590ded39f04f76d5ddca0f06fe01586e26 12-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Adds cross-profile intent filters for the Settings app

Bug: 15466742
Change-Id: Id9af588f2f3d51a562ef2a06fe7404c96123cc2e
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
92b25a0ef8f6cf73d5c4e2209a8eac3288ecafd0 30-May-2014 Nicolas Prevot <nprevot@google.com> Merge "Cleaning CrossProfileIntentFilters on user deletion."
ad0634c50c5c4a18b5b66f2c8250e6a09bf69f1c 29-May-2014 Nicolas Prevot <nprevot@google.com> Small fix related to Cross-profile intents.

Change-Id: Id4cadd051c337776451ed807a2edac6d869b372a
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
a0f48855493b7b9c3cdc93a1c8f7d18f9578ed66 27-May-2014 Nicolas Prevot <nprevot@google.com> Cleaning CrossProfileIntentFilters on user deletion.

When a user is deleted, remove all CrossProfileIntentFilters that have this user as their target.

Change-Id: I1cac3ecc0c053ee129d7f0ad13648f44737a378d
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
8194899071e0a84c95ef10614bd1b9485b48f589 16-May-2014 Nicolas Prevot <nprevot@google.com> Rename code related to cross-profile intents.

For example, replace ForwardingIntentFilter by CrossProfileIntentFilter

Bug: 15023443

Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
1c91077bf7e13f8fe4e58cef8389d9b7a3ddb230 14-May-2014 Sander Alewijnse <salewijnse@google.com> Disallow adb sideloading if UserManager flag is set for user.

Solution is based on "redefining" the User_all.

Change-Id: Ie1ce5d6391e807f8caa05fe2a92009923d1032a8
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
34f6084bc21b07ae9112be6e7a8f50c49828ac9c 30-Apr-2014 Narayan Kamath <narayan@google.com> Remove "required" prefix from ABI fields.

As per a comment on an earlier code review.

Change-Id: I3ae30f8a7bc90730068644f93b926e0e05a2cdfb
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
ff2e05e1f69eb0cbe9ba68cb1adbd2b2922eeeb7 01-May-2014 Nicolas Prevot <nprevot@google.com> Merge "Introduce forwarding intents across profiles."
10fa67c77e11699391e27975fc2d276a0b8c7cbb 24-Mar-2014 Nicolas Prevot <nprevot@google.com> Introduce forwarding intents across profiles.

The package manager service maintains, for some user ids, a list of forwarding intent filters.
A forwarding intent filter is an intent filter with a destination (a user id).
If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent.

When the package manager service is asked for components that resolve an intent:
If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent:
The package manager service also returns the IntentForwarderActivity.
This activity will forward the intent to the destination.

Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
df6d6dc2aac2912e98de3fe37869d2b179eb23db 28-Apr-2014 Narayan Kamath <narayan@google.com> Adjust instruction sets for shared UID apps.

Since shared UID apps are run in the same process,
we'll need to make sure they're compiled for the same
instruction set.

This change implements the recompilation of apps that
don't have any ABI constraints.

Apps that *do* have ABI constraints are harder to deal
with, since we'll need to rescan them to figure out the
full list of ABIs they support and then re-extract the
native libraries from these apps once we find an ABI we
can use throughout.

Change-Id: I365c6b0b18187df814d4736da61b199dd4494e3c
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efd 24-Apr-2014 Kenny Root <kroot@google.com> Only remember the signer certificates for Signatures

Previously we would use the JarEntry#getCertificates API which would
return a flattened array of all the signers and their certificate chain.
Since this isn't what was intended, switch to reading the certificate
chains and only paying attention to the signer certificate.

In order to migrate during upgrades of the platform, we'll scan on boot
with a compatibility mode which will check the stores signatures in the
old format by flattening the chains of the scanned packages then
comparing the two sets.

Bug: 13678484
Change-Id: I02a5c53121d8d6f70a51d7e3b98168a41e11482e
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
c1c0d3c4f461be5649a64920cad7b58dd4162680 24-Apr-2014 Kenny Root <kroot@google.com> PackageManager: add versioning to packages.xml file

During development, a new feature might be added that requires the
packages.xml format be updated. To that end, add a database version
attribute that allows this to happen.

Change-Id: I3340a0bd55017acd625c3cba523cec10a18a4805
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
f148f36d140e995ec8f755e60bbb0b37f33c3da7 10-Apr-2014 Narayan Kamath <narayan@google.com> am 9e289d70: am 1d26a3f1: am 09e13cc5: Merge "System services detect and register app CPU ABIs"

* commit '9e289d70a8baaed0030413b5991653792e2a816d':
System services detect and register app CPU ABIs
9e289d70a8baaed0030413b5991653792e2a816d 10-Apr-2014 Narayan Kamath <narayan@google.com> am 1d26a3f1: am 09e13cc5: Merge "System services detect and register app CPU ABIs"

* commit '1d26a3f1efd0d965e8751e8515608c31789bdbe2':
System services detect and register app CPU ABIs
c03dea76307163b95a313ba3e887aa94ed01dc2c 09-Apr-2014 Sander Alewijnse <salewijnse@google.com> Merge "Changed tag name and error strings for PersistentPreferredActivity storage."
c76275377cbc807b3bbc2fc1662ff18c59043e5b 26-Mar-2014 Nick Kralevich <nnk@google.com> am 32cc40a9: am fdd63510: am 491eaf22: Merge "Note libselinux dependency on packages.list format changes."

* commit '32cc40a9b57750451a6489e01526dc6a14d72bff':
Note libselinux dependency on packages.list format changes.
32cc40a9b57750451a6489e01526dc6a14d72bff 26-Mar-2014 Nick Kralevich <nnk@google.com> am fdd63510: am 491eaf22: Merge "Note libselinux dependency on packages.list format changes."

* commit 'fdd6351067740f80148ff03c43d2ebc91f1d9656':
Note libselinux dependency on packages.list format changes.
af597627cb344a144cbeb0a982e97e282cfd8f82 20-Mar-2014 Sander Alewijnse <salewijnse@google.com> Changed tag name and error strings for PersistentPreferredActivity storage.

They still referred to hard preferred activity, which was renamed
to persistent preferred activity.

Change-Id: Ib06baa5da746ea1e4cbd035cd73e8847acba3f7c
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
75374879938c1767b0266132672361487f2f58d4 06-Mar-2014 Dianne Hackborn <hackbod@google.com> am ea391750: am 5e578e17: am 40a26004: Issue #13308712: Add --checkin to package manager dump.

* commit 'ea391750fbf78b395b414147dba6426ad907431d':
Issue #13308712: Add --checkin to package manager dump.
f475ca33d9232785710aaa438f17915029dfa83b 17-Feb-2014 Sander Alewijnse <salewijnse@google.com> Enables a profile owner or device owner to set and clear default intent handler activities.

Those intent handlers are persistent preferences. They will remain the default intent
handler even if the set of potential event handlers for the intent filter changes
and if the intent preferences are reset.

Change-Id: Id0cfae46f93c10d89e441f272096a205ec518dd0
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
60dc0d97fc0a40caae2fa91fbf296b8ac630d748 17-Jan-2014 Dianne Hackborn <hackbod@google.com> Add --checkin to package manager dump.

Change-Id: Ibafd82f40dd4fa6a5b700a8b6725b007a528a92f
/frameworks/base/services/core/java/com/android/server/pm/Settings.java
49782e46c0eb85a25ae2abcf80880c48dbab5aea 20-Dec-2013 Amith Yamasani <yamasani@google.com> am 9158825f: Move some system services to separate directories

* commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce':
Move some system services to separate directories
9158825f9c41869689d6b1786d7c7aa8bdd524ce 22-Nov-2013 Amith Yamasani <yamasani@google.com> Move some system services to separate directories

Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.

Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/pm/Settings.java