d86b8fea43ebb6e5c31691b44d8ceb0d8d3c9072 |
|
03-Jun-2017 |
Jeff Sharkey <jsharkey@android.com> |
Annotate @SystemApi with required permissions. Most @SystemApi methods should be protected with system (or higher) permissions, so annotate common methods with @RequiresPermission to make automatic verification easier. Verification is really only relevant when calling into system services (where permissions checking can happen on the other side of a Binder call), so annotate managers with the new @SystemService annotation, which is now automatically documented. This is purely a docs change; no logic changes are being made. Test: make -j32 update-api && make -j32 offline-sdk-docs Bug: 62263906 Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
40a006285b954607a96b1209de95bbed48d856f7 |
|
18-Apr-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add more explicit documentation for install reason This CL adds more explicit documentation of the install reason argument / return value to PackageInstaller.SessionInfo. Bug: 37324584 Test: None Change-Id: I2450cc669b194e611c5dc07c6a0a5cd78a98c039
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
910e081216ac530432ac9d0aab10d5e5e4c73ab8 |
|
22-Apr-2017 |
Jeff Sharkey <jsharkey@android.com> |
More auto-doc work. Add support for AnyThread, CallSuper, and UiThread. Another related CL started documenting @RequiresPermission, so remove duplicated information in existing APIs. Suppress auto-doc on a handful of classes that are already well-documented. Test: make -j32 offline-sdk-docs Bug: 37526420 Change-Id: I791437dccec0f11d5349a23b982ba098cb551af8
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
683bcd30ef0a90bc2a6a3dffb91be5a803560fa9 |
|
19-Mar-2017 |
Jeff Sharkey <jsharkey@android.com> |
Use allocatable space when measuring for install. The system is often willing to clear cached data to make room for incoming installs, so use StorageManager.getAllocatableBytes() when making "does it fit?" style decisions. Add new INSTALL_ALLOCATE_AGGRESSIVE flag, which will flow through to use StorageManager.FLAG_ALLOCATE_AGGRESSIVE when making allocation related requests. (This can be used by installers to indicate packages that are critical to system health or security. Test: runtest -x frameworks/base/core/tests/coretests/src/android/content/pm/PackageHelperTests.java Bug: 36131437 Change-Id: If8118762fd1ca1f497d2cdd1787bdb3c9759dcc0
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
02d4e3441bc1bf767d0ed57b81bdfa59d2894cb6 |
|
11-Mar-2017 |
Jeff Sharkey <jsharkey@android.com> |
Move PackageInstaller over to AppFuse. When PackageInstaller was originally written, we needed a way to ensure that untrusted apps were fully hands-off of any opened FileDescriptors before we could proceed with certificate checks. The best way to satisfy this security constraint was to build a utility called FileBridge which was a (terribly slow) RPC mechanism that could be cut off when needed. However, a new feature called "AppFuse" offers to create a "proxy" FileDescriptor which relays file operations back into userspace, and it's much more performant than FileBridge. (Local benchmark tests that deliver a 64MB APK show that AppFuse is about 45% faster than FileBridge.) Because userspace is still involved in every operation, we can still "revoke" access at any time to deliver on our security requirements. This change adds support for AppFuse, while keeping around FileBridge as the default for now. An upcoming flag-flip CL can be used to easily switch between the two modes. Test: builds, boots, benchmarking, stress tests Bug: 35728404, 31332379, 25510838 Change-Id: I2a70c0ca922a5ba468ffdef7b2fd8ab79f7cfefd
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
04cc191c3cb79fd8875d813dcd25b6f797eb34cc |
|
03-Mar-2017 |
Todd Kennedy <toddke@google.com> |
expose isSealed() from the installer session Change-Id: I5232a012fbee8931b0e3f584d6bb2e273a789dee Fixes: 35948628 Test: Manual
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
6d7cb232362d8036875d1d3c3f0e8f5d47a2ad25 |
|
30-Jan-2017 |
Sunny Goyal <sunnygoyal@google.com> |
Sending explicit broadcast to the launcher when a package is installed Test: Manually tested on device and add CTS tests Bug: 32920609 Change-Id: Ic23c077a469fb41d6c4e123d4bc022899f634198
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
be0b8896d1bc385d4c8fb54c21929745935dcbea |
|
15-Feb-2017 |
Todd Kennedy <toddke@google.com> |
Revert "Revert "Per user setting for instant app"" This reverts commit be9ffa15af9e1906e9ffb505768328d62d4a3793. Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest Change-Id: Ib21321cf157a79890de487060a093840f7182047
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
be9ffa15af9e1906e9ffb505768328d62d4a3793 |
|
15-Feb-2017 |
Guang Zhu <guangzhu@google.com> |
Revert "Per user setting for instant app" Bug: 35390781 This reverts commit 2f5811dcfd840e149851a9333e27ef3cdddf7a46. Change-Id: Ibb1c8dacbdc6908fc7fa2bc5dca664f2455162bf
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
2f5811dcfd840e149851a9333e27ef3cdddf7a46 |
|
30-Jan-2017 |
Todd Kennedy <toddke@google.com> |
Per user setting for instant app The same application can run as either an instant app or an installed app. Store this setting per-user instead of based upon the install location. Bug: 25119046 Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest Change-Id: Iff565bb1ac10d631499f0bd0f69b401cb073c10e
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
6788212d17f54475ca9c3dd689a863e031db868f |
|
12-Dec-2016 |
Svet Ganov <svetoslavganov@google.com> |
Platform support for static shared libraries This change adds support for static shared libraries that emulate static linking allowing apps that statically link against the same library version to share a common implementation. A library is hosed by a package in a standard APK. Static shared libraries have a name and a version declared by a dedicated manifest tag. A client uses also a new tag to refer to the static library it uses by specifying the lib name, version, and the hash of the signing certificate. This allows two apps to rely on two different library versions and prevents impersonation of the shared library by a side-loaded app with the same package name. Internally apps providing static libs use synthetic package name generated from the manifest package name and the library version. This allows having different "versions" of the same package installed at the same time. An application cannot be installed if a static shared lib it depends on is missing. A used shared library cannot be uninstalled. Shared libraries can rotate certificates like normal apps. The versions of these libs should be ordered similarly to the version codes of the hosting package. Such libs cannot use shared user id, cannot be ephemeral, cannot declare other libraries, cannot rename their package, cannot declare child-packages. They must target O SDK. Also they cannot be suspended or hidden or their uninstall blocked. Generally, speaking policy regarding code in static shared libs should be applied to the packages using the library as it could have just statically linked the code. We now have APIs to query information about the shared libraries on the device in general. To clients static shared libraries are presented as multiple versions of the same package which is how they are declared and published. Therefore, one can have two versions of the same package which means we need way to query for and uninstall a specific version of a package. Also static shared libs can depend on other static shared libs which are versioned packages. To ease representation we add the concept of a versioned package which should be used in the case of static shared libs. A client can see only the static shared libs it depends on and more specifically only the versions it depends would be retrieved by using the standard package manager APIs. There is a new dedicated API to get info about all shared libraries which would provide data about all static shared lib versions. Also these libraries must use v2 signing scheme. Test: CTS tests pass bug:30974070 Change-Id: I4f3d537ee7a81f880950377b996e1d9d4813da5c
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
a34f53f61be31b7171d6cbcb12490ee143acffff |
|
11-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add install reason This CL allows a reason to be specified when installing a package. The install reason is a sticky piece of metadata: When a package is e.g. installed via enterprise policy and an update is then manually installed or sideloaded, the install reason will remain "policy." The install reason is tracked separately for each user. With this CL, two install reasons exist: "policy" and "unknown." Other install reasons will likely be supported in the future. Bug: 32692748 Bug: 33415829 Test: Tested manually with "adb install" / "adb uninstall" Change-Id: I0c9b9e1b8eb666bb6962564f6efd97e41703cd86
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
b7717682495e51f602004dfbfabdf767d3fbf3de |
|
01-Dec-2016 |
Todd Kennedy <toddke@google.com> |
Add system API to install ephemeral apps Test: manual; install using "adb install --ephemeral" Change-Id: Idce214779fea5f3c4a0121542319044f9f0e0a42
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
ce71deefca1f5fe53457f6092cda788023669693 |
|
17-Mar-2016 |
Todd Kennedy <toddke@google.com> |
Merge "update "dont kill" api" into nyc-dev
|
24ca5c6d7da534dd529421ccdb45447c90063108 |
|
16-Mar-2016 |
Todd Kennedy <toddke@google.com> |
update "dont kill" api * update the name to be more consumer friendly * expose it as a system api [so zapp can use it] Change-Id: I11062e360bfd709dd5568409934fec539f64b863
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
237db27c58069d7b15d1b0ec22b4a99acaa3e561 |
|
10-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Remove references to Google packages. Bug: 26441633 Change-Id: Iba6566215e2b6d224fd3b9c11d086f5c2db87dca
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
948b702f39935fc856bca913714e489dcd67239b |
|
14-Mar-2016 |
Todd Kennedy <toddke@google.com> |
Fix API change name and allow passing in a boolean Change-Id: I29b9765fedbd6b49878bb75df782012ad87a6866
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
b0f6e311ce19add792048db855844e542e808dd6 |
|
11-Mar-2016 |
Todd Kennedy <toddke@google.com> |
Merge "Allow app downgrades" into nyc-dev
|
c84d1ab11a5b9d0dc81b673e382e804cc70f35a4 |
|
11-Mar-2016 |
Todd Kennedy <toddke@google.com> |
Allow app downgrades only system apps can do this Change-Id: If0947f13f5c447f9396690bfda3ad40b07fbbb6b
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
1ed6b876346b60cbe429955a022c86c02e43e280 |
|
10-Mar-2016 |
Todd Kennedy <toddke@google.com> |
fix docs No code change; just doc clarification per API Review Council suggestions Bug: 27531045 Change-Id: Ib1eef9635d68d44be596888b46de0650883d118c
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
eb9b05392ad047863244f9e07a3b10e9c0561e39 |
|
08-Mar-2016 |
Todd Kennedy <toddke@google.com> |
remove splits Individual splits can now be removed for an application. The application will be terminated if it's running when a split is removed. To remove a split, either use either "uninstall": $ adb shell cmd package uninstall <PACKAGE> <SPLIT> or "install-remove": $ adb shell cmd package install-create -r -p <PACKAGE> $ adb shell cmd package install-remove <SESSION> <SPLIT> $ adb shell cmd package install-commit <SESSION> For "install-remove" you must use '-r' and '-p' when creating the session. Bug: 27547051 Change-Id: I4d71a19ad45e39f6622d9ab6791ea8c4230a79e0
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
39bfee5e3674faea992c32204abc1c03429b8cda |
|
24-Feb-2016 |
Todd Kennedy <toddke@google.com> |
Splits without restart In specific cases [as determined by the installer], we can install splits without restarting the application. The split must be purely additive [i.e. it should not modify class(es)/resource(s) defined in the base or other splits. Otherwise, the behaviour could be inconsistent [e.g. if a modified class was already loaded, the modified version won't be loaded until the process is restarted]. The platform does not perform any verification that the split is purely additive. Bug: 26463098 Change-Id: I3526c3b1b847a8e0afabc7a4787fa770422196b7
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
f8880561e67e1da246970b49b14285efd4164ab1 |
|
26-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
When system server goes down, crash apps more. Similar to first patch, but now using new "rethrowFromSystemServer()" method which internally translates DeadObjectException into DeadSystemException. New logic over in Log.printlns() now suppresses the DeadSystemException stack traces, since they're misleading and just added pressure to the precious log buffer space. Add some extra RuntimeInit checks to suppress logging-about-logging when the system server is dead. Bug: 27364859 Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
373f0b4313d3a2444aebf6b89a71c4ba64566110 |
|
16-Dec-2015 |
Todd Kennedy <toddke@google.com> |
revert quick install bug: 25118622 Change-Id: I61c3a1ea9015599dc45bd9e656f99f6bf8c4ec02
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
27c24fb8b85c36298de053699b1967a808c6d308 |
|
18-Sep-2015 |
Todd Kennedy <toddke@google.com> |
Enable "quick install" Quick install skips a lot of the normal install steps in order to dramatically reduce the installation time [eg Twitter normally takes 20s to install. But, installs in under 2.5s with quick install] The specific optimizations [with caveats]: 1. Use the JIT. Although the oat file is technically created, it only contains the exploded contents of the APK and does not contain pre-compiled native binary code. While this improves install time, it impacts app execution. [saves 17s] 2. Bypass Play verification. Play normally verifies all installs to ensure we're not installing malware. But, it can take multiple seconds for Play to collect and send package information to our backend servers. [saves 2.7s] 3. Reduce JAR file verification. Due to the structure of the JAR certs, we cannot completely bypass JAR processing. However we skip the step of verifying every manifest entry. [saves 1.3s] NOTE: #2 and #3 will only occur on eng/user-debug builds. Bug: 22848361 Change-Id: I48e77595ad5c13a9534fdb06da67ba8dae2797fb
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
a1d12cfdb072acb14fa95d5e771e23396e6bd8e1 |
|
30-Sep-2015 |
Todd Kennedy <toddke@google.com> |
Update PackageInstaller install handing * Allow forcing permission check. We want to modify the PackageInstaller to use the PackageInstallerSession for better security / remove deprecated APIs. In order to do this and continue to prompt for permissions, we need to prevent the PakcageInstaller from auto-approving the permissions. * Add originating UID to SessionParams. This is used for package verifier checks. Bug: 22282121 Change-Id: I19079749d20ace66f1332f399d52cb0fb8784cd9
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
7121e18595d4c559044e26bfe6035406a862f466 |
|
14-Jul-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add APIs for verifier to grant at install and revoke permissions bug:22231699 Change-Id: Ie0c758bf73699f50bf99ff5aa0bf98dcc9004e37
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
39fb7fd730dc2113ced7e663d7a35e48a4c6b1ae |
|
18-Feb-2015 |
Benjamin Franz <bfranz@google.com> |
Allow silent package install for device owner. Allow the device owner to silently install and remove packages using the PackageInstaller APIs. Show notifications to the user after the installation / deletion was successful. Bug: 19422461 Change-Id: I0506e18c510efd9d04c4aea9b60a37456e689615
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
b2b9ab8354da1485178cd8d8e9d89ac915b3f269 |
|
06-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
Installing packages to expanded storage. PackageManager now offers to load/unload packages when expanded volumes are mounted/unmounted. Expanded storage volumes are still treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view, but this change starts treating the INSTALL_EXTERNAL flag as exclusively meaning ASEC containers. Start tracking the UUID of the volume where a package is installed, giving us a quick way to find relevant packages. When resolving an install location, look across all expanded volumes and pick the one with the largest free space. When upgrading an existing package, continue preferring the existing volume. PackageInstaller now knows how to stage on these volumes. Add new movePackage() variant that accepts a target volume UUID as destination, it will eventually move data too. Expose this move command through "pm" command for testing. Automount expanded volumes when they appear. Bug: 19993667 Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
97d47ed036ff7bd3d7d2ddc1c6df1104ec237559 |
|
15-Oct-2014 |
Jeff Sharkey <jsharkey@android.com> |
Reduce PackageInstaller Binder memory pressure. When restoring hundreds of apps on low-DPI devices, we end up sending icon Bitmaps inline in the response instead of splitting into ashmem regions. To avoid triggering TransactionTooLargeException, switch to using ParceledListSlice under the hood. Bug: 17926122 Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
02bd78490d8594d225ecc70a74b2058cb968a657 |
|
07-Oct-2014 |
Jeff Sharkey <jsharkey@android.com> |
Reduce PackageInstaller I/O pressure. When performing a restore during initial device setup, we could be installing hundreds of packages. Currently, we're writing all metadata (including heavy icons) for every session mutation! Because we're holding the mSessions lock while writing all this heavy data, we end up causing ANRs when apps call other PackageInstaller APIs. This patch mitigates by moving the heavy icon data into separate per-session PNG files, which we only persist when changed. Bug: 17881962, 17567794 Change-Id: I4dee15d4a65a8eb65c381e6bb7477728b6cc30d2
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
de74231f245c90e5861ec84a9880b5b4ec247480 |
|
15-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Update API naming to follow style guide. Bug: 17510755 Change-Id: If73d81b416355559592feb895a62132194f4ba62
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
77d218e1869e69c8d436b09cd11dcfe45e50b2cf |
|
06-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Delayed ASEC allocation, refine progress handling. For restore use-case, session creation needs to complete quickly, so delay ASEC allocation until session is opened. When preflighting size checks, only consider external when we have a known size for the container. Also relax size checks when using MODE_INHERIT_EXISTING on external, since we don't know how much of existing app will be copied over. Consider session as "active" while commit is ongoing, until we're either finished or pending user interaction. Always publish first client needle movement away from 0. Use 25% of internal progress to reflect ASEC allocation. Avoid CloseGuard messages about leaking PFDs. Bug: 17405741, 17402982 Change-Id: I6247a1d335d26621549c701c4c4575a8d16ef8c2
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
bc7bce38b2e4733a14f6296c75f983bd50f996d1 |
|
06-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Separate active state from open/close. Also change name to setStagingProgress() to make it clearer that system may adjust the range. Start throwing from openSession() in preparation for ASEC allocation moving. Bug: 17405741 Change-Id: Id7da51a32d5d89cb512ddafbd7ceaafbcd41cac6
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
ec9bad2015c6d3bc91bab66f0824043c1e24d013 |
|
05-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Allow badging updates to install sessions. For the system restore use-case, an installer may need to enqueue their sessions quickly before badging details, like icons, have been downloaded. This change relaxes to allow an installer to update their session badging after the session has been created. Notify observers when badging changes. Rename callback registration methods to match style guide. Relax constraint that observers are home app. Fix bug around internal progress reporting. Bug: 17376797, 17389236, 17334199 Change-Id: I5fb88508baea2f08e89a1504fcf5ef972afad4a7
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
9a1507aa10577badabcbe00396613a967302e456 |
|
29-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
FileBridge needs to keep strong reference to PFD. Even though we've grabbed the underlying FD, the PFD could be GC'ed and when finalized it would end up closing the underlying FD. This fix ties the PFD object lifecycle to the returned OutputStream. Bug: 17183379 Change-Id: Ibee8f4cf78fee357181a250d15f2a653294b2877
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
381d94b712605112b35d7f70064b0d18bd877877 |
|
24-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
Treat moving app as installing in new location. Moving apps to/from SD cards has historically been neglected, meaning it can easily break. This happened most recently for split APKs, 64-bit native code, and multiArch support. To make this easier to maintain, treat move as a no-op upgrade, following the inheriting code path that split APKs depends on. Also clean up scary places where different flavors of flags were being combined, and remove unused flags. Fix media broadcasts to be sent based on existing app storage location. New API to abandon install session without opening it. Bug: 17158495 Change-Id: Ia33bf8f6fdaae099124dfe534f0e320b37bc8e16
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178 |
|
21-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
Installing splits into ASECs! Sessions can now zero-copy data directly into pre-allocated ASEC containers. Then at commit time, we compute the total size of the final app, including any inherited APKs and unpacked libraries, and resize the container in one step. This supports both brand new ASEC installs and inheriting from existing ASEC installs. To keep things simple, it currently requires copying any inherited ASEC contents, but this could be optimized in the future. Expose new vold resize command, and allow read-write mounting of ASEC containers. Move native library extraction into the installer flow, since it needs to happen before ASEC is sealed. Move multiArch flag into NativeLibraryHelper, instead of making everyone pass it around. Migrate size calculation to shared location. Separate "other" package name in public API, provide a path to a storage device when relevant, and add more docs. Bug: 16514385 Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
bb7b7bea19223c1eba74f525c7fe87ca3911813b |
|
20-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
More progress towards split APKs in ASECs. Teach DefaultContainerService to install split APKs, which will be needed when moving to/from ASECs. Also support forward locking for testing purposes, even though its deprecated. Move native library unpacking code to NativeLibraryHelper location where it can be shared by both DCS and PMS. Also update footprint calculation logic to mirror the later unpack codepaths. Immediately persist sealed sessions. When resolving install locations, prefer location of any existing install of that package. Lightweight parse requesting certificates now always verifies that all contents are signed correctly. Bug: 16514385 Change-Id: Ida1c4eb0f95b065104dd971e19126d4085ebf1f0
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
742e790294b3441b79f715fe447069b63c6065db |
|
17-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
Progress towards staging ASECs. Move location selection logic into shared PackageHelper location, and share it between DCS and PackageInstaller. Fix bugs related to installed footprint calculation; always count unpacked native libs. Have PMS do its own threshold checking, since it's fine to stat devices. PMS only ever deleted staging ASECs, so move that logic into installer and nuke unclaimed staging ASECs. Allocate legacy ASEC names using PackageInstaller to make sure they don't conflict with sessions. Start wiring up session to allocate ASEC and pass through staged container for installation. Fix bug to actually delete invalid cluster-style installs. Bug: 16514385 Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
a0907436c01fd8c545a6b5c7b28bc3bc9db59270 |
|
15-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
PackageInstaller API refactoring. Switch to using IntentSender for results to give installers easier lifecycle management. Move param and info objects to inner classes. Bug: 17008440 Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
f06009542390472872da986486d385001e91a2a7 |
|
08-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
Logic to confirm uninstalls. Prompt user for confirmation when caller doesn't have DELETE_PACKAGES permission. Also extend uninstall events to return failure codes. Bug: 16515814 Change-Id: I15b52190ff02dbeaaf038b92364264f64c57ba89
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
7328a1b39b3dae1c0cd390c0a3695c6a46b8e9d8 |
|
07-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
Logic to confirm permissions on install sessions. When an app without INSTALL permission attempts to commit a session, we involve user to confirm permissions. We currently point at the base APK, which defines all permissions for an app, handling the case where a session may only be adding splits. Add failure codes to represent rejection. Fix bug by ignoring stages during initial boot scan. Bug: 16515814 Change-Id: I702bb72445216817bcc62b79c83980c1c2bb0120
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
fbd0e9fa37fc17ccd25e4c1f16195bbd27de3c4c |
|
07-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
Surface user action events when un/installing. This will be used shortly to connect up with permissions confirmation UI. Bug: 16515814 Change-Id: If28cecc28549900d960ac107a1fba0b10ce5bd7b
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
f174c6e6de6ba863179401aa7b3d55d91ceed707 |
|
05-Aug-2014 |
Jeff Sharkey <jsharkey@android.com> |
Stronger constraints around install session IDs. Generate positive, non-zero session IDs, and don't recycle them within a given boot. Guard against ID starvation by crazy apps. Bug: 16792837 Change-Id: I6035afe4d942d358b5ca12b4f818c55885b74aba
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
1cb2d0d4bba387665128c62c342e59103ea4be26 |
|
31-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Persist install sessions, more lifecycle. To resume install sessions across device boots, persist session details and read at boot. Drop sessions older than 3 days, since they're probably buggy installers. Add session callback lifecycle around open/close to give home apps details about active installs. Also give them a well-known intent to show session details. Extend Session to list staged APKs and open them read-only, giving installers a mechanism to verify delivered bits, for example using MessageDigest, before committing. Switch to generating random session IDs instead of sequential. Defensively resize app icons if too large. Reject runaway installers when they have too many active sessions. Bug: 16514389 Change-Id: I66c2266cb82fc72b1eb980a615566773f4290498
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
16c8e3f49497b6046972ae650772f65768366be8 |
|
25-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
PackageInstaller changes based on feedback. Mostly cosmetic changes from API council feedback. Bug: 16543552 Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
da96e137bcc8191c584ada7b5de31eaae92f244f |
|
15-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Parse more split APK manifest details. Allow split APKs to define activities, services, receivers, providers, and metadata. However, support for many manifest items are explicitly omitted. Only dexopt split APKs that include code. Bug: 14975160 Change-Id: I2fbf99e2a62328aa2185e5924755af33060282fc
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
6c833e07a05c48ca60ee4d72421bf8b1e78dc710 |
|
15-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Public API for PackageInstaller! Flesh out documentation and finalize first cut of API. Also surface installLocation and splitNames through PackageInfo. Bug: 14975160, 15348430 Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
a10311434778ea1be1621c2251c0c8c2966f337b |
|
13-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Package installation listener events. Flesh out implementation of install session observers. Carve out 20% of published install progress for final system operations such as dexopt, etc. Add dumpsys output for active install sessions. Create explicit fsync() instead of overriding meaning of flush(). Hack to throw IOExceptions over Binder calls. Bug: 14975160, 15348430 Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
bb580670350b76fa2fcc5ee873f99b7970759cbf |
|
10-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Progress toward installer public API: callbacks. Instead of surfacing all the existing cryptic error codes, we're going to classify them into broad categories when surfacing through public API. This change introduces InstallResultCallback and UninstallResultCallback, and wires them up to existing AIDL interfaces. Also start defining general SessionObserver for apps interested in general progress details, such as Launcher apps. Details about active sessions are returned through new InstallSessionInfo objects. Bug: 14975160 Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
ec55ef0934b8e0d1bb705434947de817f7be57f1 |
|
08-Jul-2014 |
Jeff Sharkey <jsharkey@android.com> |
Extend pm to support sessions and split APKs. Separate commands to create an install session, stream files into the staging area, and then commit the install. Streaming can accept data from stdin across adb, avoiding extra copy from push. Extend FileBridge to support blocking close(). Always destroy session regardless of result. Bug: 14975160 Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
78cc340c2de873d6995c283b777476f7237d690f |
|
22-May-2014 |
Jeff Sharkey <jsharkey@android.com> |
Offer to stream and fsync() install sessions. Installers are interested in both streaming APK data and establishing a happens-after relationship to support resuming downloads after a process kill or battery pull. This exposes a generic OutputStream for writing, and hooks up flush() to be a blocking call which returns only when all outstanding write() data has been fsync()'ed to disk. Tests to verify behavior. Bug: 14975160 Change-Id: I38289867c80ac659163bb0c2158ef12d99cc570d
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|
3a44f3f1b446315ef894e01d2ab9b5388c2bd8c4 |
|
29-Apr-2014 |
Jeff Sharkey <jsharkey@android.com> |
Initial support for split APKs, PackageInstaller. Defines a new PackageInstaller class that will be used for installing and upgrading packages. An application desiring to install an application creates a session, stages one or more package files in that session, and then kicks off the install. Previously, PackageManager would always make its own copy of a package before inspecting it, to ensure the data could be trusted. This new session concept allows the installer to write package data directly to its final resting place on disk, reducing disk I/O and footprint requirements. Writes are directed through an intermediate pipe to ensure we can prevent mutations once an install has been initiated. Also uses fallocate() internally to support optimal ext4 block allocation using extents to reduce fragmentation. Sessions are also the way we support installing multiple "split" APKs in a single atomic operation. For a set of packages to form a valid application, they must have exactly the same package name, version code, and certificates. A session can also be used to add a small handful of splits to an application by inheriting existing packages when not performing a full install. Add PackageParser support for extracting split names and certificates. Bug: 14975160 Change-Id: I23d1bf4fbeb9f99a8c83be0c458900a0f0d1bccc
/frameworks/base/core/java/android/content/pm/PackageInstaller.java
|