Cross Reference: /frameworks/base/core/java/android/content/pm/PackageInstaller.java

History log of /frameworks/base/core/java/android/content/pm/PackageInstaller.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
d86b8fea43ebb6e5c31691b44d8ceb0d8d3c9072	03-Jun-2017	Jeff Sharkey <jsharkey@android.com>	Annotate @SystemApi with required permissions. Most @SystemApi methods should be protected with system (or higher) permissions, so annotate common methods with @RequiresPermission to make automatic verification easier. Verification is really only relevant when calling into system services (where permissions checking can happen on the other side of a Binder call), so annotate managers with the new @SystemService annotation, which is now automatically documented. This is purely a docs change; no logic changes are being made. Test: make -j32 update-api && make -j32 offline-sdk-docs Bug: 62263906 Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
40a006285b954607a96b1209de95bbed48d856f7	18-Apr-2017	Bartosz Fabianowski <bartfab@google.com>	Add more explicit documentation for install reason This CL adds more explicit documentation of the install reason argument / return value to PackageInstaller.SessionInfo. Bug: 37324584 Test: None Change-Id: I2450cc669b194e611c5dc07c6a0a5cd78a98c039 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
910e081216ac530432ac9d0aab10d5e5e4c73ab8	22-Apr-2017	Jeff Sharkey <jsharkey@android.com>	More auto-doc work. Add support for AnyThread, CallSuper, and UiThread. Another related CL started documenting @RequiresPermission, so remove duplicated information in existing APIs. Suppress auto-doc on a handful of classes that are already well-documented. Test: make -j32 offline-sdk-docs Bug: 37526420 Change-Id: I791437dccec0f11d5349a23b982ba098cb551af8 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
683bcd30ef0a90bc2a6a3dffb91be5a803560fa9	19-Mar-2017	Jeff Sharkey <jsharkey@android.com>	Use allocatable space when measuring for install. The system is often willing to clear cached data to make room for incoming installs, so use StorageManager.getAllocatableBytes() when making "does it fit?" style decisions. Add new INSTALL_ALLOCATE_AGGRESSIVE flag, which will flow through to use StorageManager.FLAG_ALLOCATE_AGGRESSIVE when making allocation related requests. (This can be used by installers to indicate packages that are critical to system health or security. Test: runtest -x frameworks/base/core/tests/coretests/src/android/content/pm/PackageHelperTests.java Bug: 36131437 Change-Id: If8118762fd1ca1f497d2cdd1787bdb3c9759dcc0 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
02d4e3441bc1bf767d0ed57b81bdfa59d2894cb6	11-Mar-2017	Jeff Sharkey <jsharkey@android.com>	Move PackageInstaller over to AppFuse. When PackageInstaller was originally written, we needed a way to ensure that untrusted apps were fully hands-off of any opened FileDescriptors before we could proceed with certificate checks. The best way to satisfy this security constraint was to build a utility called FileBridge which was a (terribly slow) RPC mechanism that could be cut off when needed. However, a new feature called "AppFuse" offers to create a "proxy" FileDescriptor which relays file operations back into userspace, and it's much more performant than FileBridge. (Local benchmark tests that deliver a 64MB APK show that AppFuse is about 45% faster than FileBridge.) Because userspace is still involved in every operation, we can still "revoke" access at any time to deliver on our security requirements. This change adds support for AppFuse, while keeping around FileBridge as the default for now. An upcoming flag-flip CL can be used to easily switch between the two modes. Test: builds, boots, benchmarking, stress tests Bug: 35728404, 31332379, 25510838 Change-Id: I2a70c0ca922a5ba468ffdef7b2fd8ab79f7cfefd /frameworks/base/core/java/android/content/pm/PackageInstaller.java
04cc191c3cb79fd8875d813dcd25b6f797eb34cc	03-Mar-2017	Todd Kennedy <toddke@google.com>	expose isSealed() from the installer session Change-Id: I5232a012fbee8931b0e3f584d6bb2e273a789dee Fixes: 35948628 Test: Manual /frameworks/base/core/java/android/content/pm/PackageInstaller.java
6d7cb232362d8036875d1d3c3f0e8f5d47a2ad25	30-Jan-2017	Sunny Goyal <sunnygoyal@google.com>	Sending explicit broadcast to the launcher when a package is installed Test: Manually tested on device and add CTS tests Bug: 32920609 Change-Id: Ic23c077a469fb41d6c4e123d4bc022899f634198 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
be0b8896d1bc385d4c8fb54c21929745935dcbea	15-Feb-2017	Todd Kennedy <toddke@google.com>	Revert "Revert "Per user setting for instant app"" This reverts commit be9ffa15af9e1906e9ffb505768328d62d4a3793. Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest Change-Id: Ib21321cf157a79890de487060a093840f7182047 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
be9ffa15af9e1906e9ffb505768328d62d4a3793	15-Feb-2017	Guang Zhu <guangzhu@google.com>	Revert "Per user setting for instant app" Bug: 35390781 This reverts commit 2f5811dcfd840e149851a9333e27ef3cdddf7a46. Change-Id: Ibb1c8dacbdc6908fc7fa2bc5dca664f2455162bf /frameworks/base/core/java/android/content/pm/PackageInstaller.java
2f5811dcfd840e149851a9333e27ef3cdddf7a46	30-Jan-2017	Todd Kennedy <toddke@google.com>	Per user setting for instant app The same application can run as either an instant app or an installed app. Store this setting per-user instead of based upon the install location. Bug: 25119046 Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest Change-Id: Iff565bb1ac10d631499f0bd0f69b401cb073c10e /frameworks/base/core/java/android/content/pm/PackageInstaller.java
6788212d17f54475ca9c3dd689a863e031db868f	12-Dec-2016	Svet Ganov <svetoslavganov@google.com>	Platform support for static shared libraries This change adds support for static shared libraries that emulate static linking allowing apps that statically link against the same library version to share a common implementation. A library is hosed by a package in a standard APK. Static shared libraries have a name and a version declared by a dedicated manifest tag. A client uses also a new tag to refer to the static library it uses by specifying the lib name, version, and the hash of the signing certificate. This allows two apps to rely on two different library versions and prevents impersonation of the shared library by a side-loaded app with the same package name. Internally apps providing static libs use synthetic package name generated from the manifest package name and the library version. This allows having different "versions" of the same package installed at the same time. An application cannot be installed if a static shared lib it depends on is missing. A used shared library cannot be uninstalled. Shared libraries can rotate certificates like normal apps. The versions of these libs should be ordered similarly to the version codes of the hosting package. Such libs cannot use shared user id, cannot be ephemeral, cannot declare other libraries, cannot rename their package, cannot declare child-packages. They must target O SDK. Also they cannot be suspended or hidden or their uninstall blocked. Generally, speaking policy regarding code in static shared libs should be applied to the packages using the library as it could have just statically linked the code. We now have APIs to query information about the shared libraries on the device in general. To clients static shared libraries are presented as multiple versions of the same package which is how they are declared and published. Therefore, one can have two versions of the same package which means we need way to query for and uninstall a specific version of a package. Also static shared libs can depend on other static shared libs which are versioned packages. To ease representation we add the concept of a versioned package which should be used in the case of static shared libs. A client can see only the static shared libs it depends on and more specifically only the versions it depends would be retrieved by using the standard package manager APIs. There is a new dedicated API to get info about all shared libraries which would provide data about all static shared lib versions. Also these libraries must use v2 signing scheme. Test: CTS tests pass bug:30974070 Change-Id: I4f3d537ee7a81f880950377b996e1d9d4813da5c /frameworks/base/core/java/android/content/pm/PackageInstaller.java
a34f53f61be31b7171d6cbcb12490ee143acffff	11-Jan-2017	Bartosz Fabianowski <bartfab@google.com>	Add install reason This CL allows a reason to be specified when installing a package. The install reason is a sticky piece of metadata: When a package is e.g. installed via enterprise policy and an update is then manually installed or sideloaded, the install reason will remain "policy." The install reason is tracked separately for each user. With this CL, two install reasons exist: "policy" and "unknown." Other install reasons will likely be supported in the future. Bug: 32692748 Bug: 33415829 Test: Tested manually with "adb install" / "adb uninstall" Change-Id: I0c9b9e1b8eb666bb6962564f6efd97e41703cd86 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
b7717682495e51f602004dfbfabdf767d3fbf3de	01-Dec-2016	Todd Kennedy <toddke@google.com>	Add system API to install ephemeral apps Test: manual; install using "adb install --ephemeral" Change-Id: Idce214779fea5f3c4a0121542319044f9f0e0a42 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
ce71deefca1f5fe53457f6092cda788023669693	17-Mar-2016	Todd Kennedy <toddke@google.com>	Merge "update "dont kill" api" into nyc-dev
24ca5c6d7da534dd529421ccdb45447c90063108	16-Mar-2016	Todd Kennedy <toddke@google.com>	update "dont kill" api * update the name to be more consumer friendly * expose it as a system api [so zapp can use it] Change-Id: I11062e360bfd709dd5568409934fec539f64b863 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
237db27c58069d7b15d1b0ec22b4a99acaa3e561	10-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Remove references to Google packages. Bug: 26441633 Change-Id: Iba6566215e2b6d224fd3b9c11d086f5c2db87dca /frameworks/base/core/java/android/content/pm/PackageInstaller.java
948b702f39935fc856bca913714e489dcd67239b	14-Mar-2016	Todd Kennedy <toddke@google.com>	Fix API change name and allow passing in a boolean Change-Id: I29b9765fedbd6b49878bb75df782012ad87a6866 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
b0f6e311ce19add792048db855844e542e808dd6	11-Mar-2016	Todd Kennedy <toddke@google.com>	Merge "Allow app downgrades" into nyc-dev
c84d1ab11a5b9d0dc81b673e382e804cc70f35a4	11-Mar-2016	Todd Kennedy <toddke@google.com>	Allow app downgrades only system apps can do this Change-Id: If0947f13f5c447f9396690bfda3ad40b07fbbb6b /frameworks/base/core/java/android/content/pm/PackageInstaller.java
1ed6b876346b60cbe429955a022c86c02e43e280	10-Mar-2016	Todd Kennedy <toddke@google.com>	fix docs No code change; just doc clarification per API Review Council suggestions Bug: 27531045 Change-Id: Ib1eef9635d68d44be596888b46de0650883d118c /frameworks/base/core/java/android/content/pm/PackageInstaller.java
eb9b05392ad047863244f9e07a3b10e9c0561e39	08-Mar-2016	Todd Kennedy <toddke@google.com>	remove splits Individual splits can now be removed for an application. The application will be terminated if it's running when a split is removed. To remove a split, either use either "uninstall": $ adb shell cmd package uninstall <PACKAGE> <SPLIT> or "install-remove": $ adb shell cmd package install-create -r -p <PACKAGE> $ adb shell cmd package install-remove <SESSION> <SPLIT> $ adb shell cmd package install-commit <SESSION> For "install-remove" you must use '-r' and '-p' when creating the session. Bug: 27547051 Change-Id: I4d71a19ad45e39f6622d9ab6791ea8c4230a79e0 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
39bfee5e3674faea992c32204abc1c03429b8cda	24-Feb-2016	Todd Kennedy <toddke@google.com>	Splits without restart In specific cases [as determined by the installer], we can install splits without restarting the application. The split must be purely additive [i.e. it should not modify class(es)/resource(s) defined in the base or other splits. Otherwise, the behaviour could be inconsistent [e.g. if a modified class was already loaded, the modified version won't be loaded until the process is restarted]. The platform does not perform any verification that the split is purely additive. Bug: 26463098 Change-Id: I3526c3b1b847a8e0afabc7a4787fa770422196b7 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
f8880561e67e1da246970b49b14285efd4164ab1	26-Feb-2016	Jeff Sharkey <jsharkey@android.com>	When system server goes down, crash apps more. Similar to first patch, but now using new "rethrowFromSystemServer()" method which internally translates DeadObjectException into DeadSystemException. New logic over in Log.printlns() now suppresses the DeadSystemException stack traces, since they're misleading and just added pressure to the precious log buffer space. Add some extra RuntimeInit checks to suppress logging-about-logging when the system server is dead. Bug: 27364859 Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
373f0b4313d3a2444aebf6b89a71c4ba64566110	16-Dec-2015	Todd Kennedy <toddke@google.com>	revert quick install bug: 25118622 Change-Id: I61c3a1ea9015599dc45bd9e656f99f6bf8c4ec02 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
27c24fb8b85c36298de053699b1967a808c6d308	18-Sep-2015	Todd Kennedy <toddke@google.com>	Enable "quick install" Quick install skips a lot of the normal install steps in order to dramatically reduce the installation time [eg Twitter normally takes 20s to install. But, installs in under 2.5s with quick install] The specific optimizations [with caveats]: 1. Use the JIT. Although the oat file is technically created, it only contains the exploded contents of the APK and does not contain pre-compiled native binary code. While this improves install time, it impacts app execution. [saves 17s] 2. Bypass Play verification. Play normally verifies all installs to ensure we're not installing malware. But, it can take multiple seconds for Play to collect and send package information to our backend servers. [saves 2.7s] 3. Reduce JAR file verification. Due to the structure of the JAR certs, we cannot completely bypass JAR processing. However we skip the step of verifying every manifest entry. [saves 1.3s] NOTE: #2 and #3 will only occur on eng/user-debug builds. Bug: 22848361 Change-Id: I48e77595ad5c13a9534fdb06da67ba8dae2797fb /frameworks/base/core/java/android/content/pm/PackageInstaller.java
a1d12cfdb072acb14fa95d5e771e23396e6bd8e1	30-Sep-2015	Todd Kennedy <toddke@google.com>	Update PackageInstaller install handing * Allow forcing permission check. We want to modify the PackageInstaller to use the PackageInstallerSession for better security / remove deprecated APIs. In order to do this and continue to prompt for permissions, we need to prevent the PakcageInstaller from auto-approving the permissions. * Add originating UID to SessionParams. This is used for package verifier checks. Bug: 22282121 Change-Id: I19079749d20ace66f1332f399d52cb0fb8784cd9 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
7121e18595d4c559044e26bfe6035406a862f466	14-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Add APIs for verifier to grant at install and revoke permissions bug:22231699 Change-Id: Ie0c758bf73699f50bf99ff5aa0bf98dcc9004e37 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
39fb7fd730dc2113ced7e663d7a35e48a4c6b1ae	18-Feb-2015	Benjamin Franz <bfranz@google.com>	Allow silent package install for device owner. Allow the device owner to silently install and remove packages using the PackageInstaller APIs. Show notifications to the user after the installation / deletion was successful. Bug: 19422461 Change-Id: I0506e18c510efd9d04c4aea9b60a37456e689615 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
b2b9ab8354da1485178cd8d8e9d89ac915b3f269	06-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Installing packages to expanded storage. PackageManager now offers to load/unload packages when expanded volumes are mounted/unmounted. Expanded storage volumes are still treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view, but this change starts treating the INSTALL_EXTERNAL flag as exclusively meaning ASEC containers. Start tracking the UUID of the volume where a package is installed, giving us a quick way to find relevant packages. When resolving an install location, look across all expanded volumes and pick the one with the largest free space. When upgrading an existing package, continue preferring the existing volume. PackageInstaller now knows how to stage on these volumes. Add new movePackage() variant that accepts a target volume UUID as destination, it will eventually move data too. Expose this move command through "pm" command for testing. Automount expanded volumes when they appear. Bug: 19993667 Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
97d47ed036ff7bd3d7d2ddc1c6df1104ec237559	15-Oct-2014	Jeff Sharkey <jsharkey@android.com>	Reduce PackageInstaller Binder memory pressure. When restoring hundreds of apps on low-DPI devices, we end up sending icon Bitmaps inline in the response instead of splitting into ashmem regions. To avoid triggering TransactionTooLargeException, switch to using ParceledListSlice under the hood. Bug: 17926122 Change-Id: Ib4da6775e79d2fcb4aaea15f58ed998df203a5f9 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
02bd78490d8594d225ecc70a74b2058cb968a657	07-Oct-2014	Jeff Sharkey <jsharkey@android.com>	Reduce PackageInstaller I/O pressure. When performing a restore during initial device setup, we could be installing hundreds of packages. Currently, we're writing all metadata (including heavy icons) for every session mutation! Because we're holding the mSessions lock while writing all this heavy data, we end up causing ANRs when apps call other PackageInstaller APIs. This patch mitigates by moving the heavy icon data into separate per-session PNG files, which we only persist when changed. Bug: 17881962, 17567794 Change-Id: I4dee15d4a65a8eb65c381e6bb7477728b6cc30d2 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
de74231f245c90e5861ec84a9880b5b4ec247480	15-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Update API naming to follow style guide. Bug: 17510755 Change-Id: If73d81b416355559592feb895a62132194f4ba62 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
77d218e1869e69c8d436b09cd11dcfe45e50b2cf	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Delayed ASEC allocation, refine progress handling. For restore use-case, session creation needs to complete quickly, so delay ASEC allocation until session is opened. When preflighting size checks, only consider external when we have a known size for the container. Also relax size checks when using MODE_INHERIT_EXISTING on external, since we don't know how much of existing app will be copied over. Consider session as "active" while commit is ongoing, until we're either finished or pending user interaction. Always publish first client needle movement away from 0. Use 25% of internal progress to reflect ASEC allocation. Avoid CloseGuard messages about leaking PFDs. Bug: 17405741, 17402982 Change-Id: I6247a1d335d26621549c701c4c4575a8d16ef8c2 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
bc7bce38b2e4733a14f6296c75f983bd50f996d1	06-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Separate active state from open/close. Also change name to setStagingProgress() to make it clearer that system may adjust the range. Start throwing from openSession() in preparation for ASEC allocation moving. Bug: 17405741 Change-Id: Id7da51a32d5d89cb512ddafbd7ceaafbcd41cac6 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
ec9bad2015c6d3bc91bab66f0824043c1e24d013	05-Sep-2014	Jeff Sharkey <jsharkey@android.com>	Allow badging updates to install sessions. For the system restore use-case, an installer may need to enqueue their sessions quickly before badging details, like icons, have been downloaded. This change relaxes to allow an installer to update their session badging after the session has been created. Notify observers when badging changes. Rename callback registration methods to match style guide. Relax constraint that observers are home app. Fix bug around internal progress reporting. Bug: 17376797, 17389236, 17334199 Change-Id: I5fb88508baea2f08e89a1504fcf5ef972afad4a7 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
9a1507aa10577badabcbe00396613a967302e456	29-Aug-2014	Jeff Sharkey <jsharkey@android.com>	FileBridge needs to keep strong reference to PFD. Even though we've grabbed the underlying FD, the PFD could be GC'ed and when finalized it would end up closing the underlying FD. This fix ties the PFD object lifecycle to the returned OutputStream. Bug: 17183379 Change-Id: Ibee8f4cf78fee357181a250d15f2a653294b2877 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
381d94b712605112b35d7f70064b0d18bd877877	24-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Treat moving app as installing in new location. Moving apps to/from SD cards has historically been neglected, meaning it can easily break. This happened most recently for split APKs, 64-bit native code, and multiArch support. To make this easier to maintain, treat move as a no-op upgrade, following the inheriting code path that split APKs depends on. Also clean up scary places where different flavors of flags were being combined, and remove unused flags. Fix media broadcasts to be sent based on existing app storage location. New API to abandon install session without opening it. Bug: 17158495 Change-Id: Ia33bf8f6fdaae099124dfe534f0e320b37bc8e16 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178	21-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Installing splits into ASECs! Sessions can now zero-copy data directly into pre-allocated ASEC containers. Then at commit time, we compute the total size of the final app, including any inherited APKs and unpacked libraries, and resize the container in one step. This supports both brand new ASEC installs and inheriting from existing ASEC installs. To keep things simple, it currently requires copying any inherited ASEC contents, but this could be optimized in the future. Expose new vold resize command, and allow read-write mounting of ASEC containers. Move native library extraction into the installer flow, since it needs to happen before ASEC is sealed. Move multiArch flag into NativeLibraryHelper, instead of making everyone pass it around. Migrate size calculation to shared location. Separate "other" package name in public API, provide a path to a storage device when relevant, and add more docs. Bug: 16514385 Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
bb7b7bea19223c1eba74f525c7fe87ca3911813b	20-Aug-2014	Jeff Sharkey <jsharkey@android.com>	More progress towards split APKs in ASECs. Teach DefaultContainerService to install split APKs, which will be needed when moving to/from ASECs. Also support forward locking for testing purposes, even though its deprecated. Move native library unpacking code to NativeLibraryHelper location where it can be shared by both DCS and PMS. Also update footprint calculation logic to mirror the later unpack codepaths. Immediately persist sealed sessions. When resolving install locations, prefer location of any existing install of that package. Lightweight parse requesting certificates now always verifies that all contents are signed correctly. Bug: 16514385 Change-Id: Ida1c4eb0f95b065104dd971e19126d4085ebf1f0 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
742e790294b3441b79f715fe447069b63c6065db	17-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Progress towards staging ASECs. Move location selection logic into shared PackageHelper location, and share it between DCS and PackageInstaller. Fix bugs related to installed footprint calculation; always count unpacked native libs. Have PMS do its own threshold checking, since it's fine to stat devices. PMS only ever deleted staging ASECs, so move that logic into installer and nuke unclaimed staging ASECs. Allocate legacy ASEC names using PackageInstaller to make sure they don't conflict with sessions. Start wiring up session to allocate ASEC and pass through staged container for installation. Fix bug to actually delete invalid cluster-style installs. Bug: 16514385 Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
a0907436c01fd8c545a6b5c7b28bc3bc9db59270	15-Aug-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller API refactoring. Switch to using IntentSender for results to give installers easier lifecycle management. Move param and info objects to inner classes. Bug: 17008440 Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
f06009542390472872da986486d385001e91a2a7	08-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm uninstalls. Prompt user for confirmation when caller doesn't have DELETE_PACKAGES permission. Also extend uninstall events to return failure codes. Bug: 16515814 Change-Id: I15b52190ff02dbeaaf038b92364264f64c57ba89 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
7328a1b39b3dae1c0cd390c0a3695c6a46b8e9d8	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Logic to confirm permissions on install sessions. When an app without INSTALL permission attempts to commit a session, we involve user to confirm permissions. We currently point at the base APK, which defines all permissions for an app, handling the case where a session may only be adding splits. Add failure codes to represent rejection. Fix bug by ignoring stages during initial boot scan. Bug: 16515814 Change-Id: I702bb72445216817bcc62b79c83980c1c2bb0120 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
fbd0e9fa37fc17ccd25e4c1f16195bbd27de3c4c	07-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Surface user action events when un/installing. This will be used shortly to connect up with permissions confirmation UI. Bug: 16515814 Change-Id: If28cecc28549900d960ac107a1fba0b10ce5bd7b /frameworks/base/core/java/android/content/pm/PackageInstaller.java
f174c6e6de6ba863179401aa7b3d55d91ceed707	05-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Stronger constraints around install session IDs. Generate positive, non-zero session IDs, and don't recycle them within a given boot. Guard against ID starvation by crazy apps. Bug: 16792837 Change-Id: I6035afe4d942d358b5ca12b4f818c55885b74aba /frameworks/base/core/java/android/content/pm/PackageInstaller.java
1cb2d0d4bba387665128c62c342e59103ea4be26	31-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Persist install sessions, more lifecycle. To resume install sessions across device boots, persist session details and read at boot. Drop sessions older than 3 days, since they're probably buggy installers. Add session callback lifecycle around open/close to give home apps details about active installs. Also give them a well-known intent to show session details. Extend Session to list staged APKs and open them read-only, giving installers a mechanism to verify delivered bits, for example using MessageDigest, before committing. Switch to generating random session IDs instead of sequential. Defensively resize app icons if too large. Reject runaway installers when they have too many active sessions. Bug: 16514389 Change-Id: I66c2266cb82fc72b1eb980a615566773f4290498 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
16c8e3f49497b6046972ae650772f65768366be8	25-Jul-2014	Jeff Sharkey <jsharkey@android.com>	PackageInstaller changes based on feedback. Mostly cosmetic changes from API council feedback. Bug: 16543552 Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
da96e137bcc8191c584ada7b5de31eaae92f244f	15-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Parse more split APK manifest details. Allow split APKs to define activities, services, receivers, providers, and metadata. However, support for many manifest items are explicitly omitted. Only dexopt split APKs that include code. Bug: 14975160 Change-Id: I2fbf99e2a62328aa2185e5924755af33060282fc /frameworks/base/core/java/android/content/pm/PackageInstaller.java
6c833e07a05c48ca60ee4d72421bf8b1e78dc710	15-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Public API for PackageInstaller! Flesh out documentation and finalize first cut of API. Also surface installLocation and splitNames through PackageInfo. Bug: 14975160, 15348430 Change-Id: Ic27696d20ed06e508aa3526218e9cb20835af6a0 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
a10311434778ea1be1621c2251c0c8c2966f337b	13-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Package installation listener events. Flesh out implementation of install session observers. Carve out 20% of published install progress for final system operations such as dexopt, etc. Add dumpsys output for active install sessions. Create explicit fsync() instead of overriding meaning of flush(). Hack to throw IOExceptions over Binder calls. Bug: 14975160, 15348430 Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c /frameworks/base/core/java/android/content/pm/PackageInstaller.java
bb580670350b76fa2fcc5ee873f99b7970759cbf	10-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Progress toward installer public API: callbacks. Instead of surfacing all the existing cryptic error codes, we're going to classify them into broad categories when surfacing through public API. This change introduces InstallResultCallback and UninstallResultCallback, and wires them up to existing AIDL interfaces. Also start defining general SessionObserver for apps interested in general progress details, such as Launcher apps. Details about active sessions are returned through new InstallSessionInfo objects. Bug: 14975160 Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
ec55ef0934b8e0d1bb705434947de817f7be57f1	08-Jul-2014	Jeff Sharkey <jsharkey@android.com>	Extend pm to support sessions and split APKs. Separate commands to create an install session, stream files into the staging area, and then commit the install. Streaming can accept data from stdin across adb, avoiding extra copy from push. Extend FileBridge to support blocking close(). Always destroy session regardless of result. Bug: 14975160 Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466 /frameworks/base/core/java/android/content/pm/PackageInstaller.java
78cc340c2de873d6995c283b777476f7237d690f	22-May-2014	Jeff Sharkey <jsharkey@android.com>	Offer to stream and fsync() install sessions. Installers are interested in both streaming APK data and establishing a happens-after relationship to support resuming downloads after a process kill or battery pull. This exposes a generic OutputStream for writing, and hooks up flush() to be a blocking call which returns only when all outstanding write() data has been fsync()'ed to disk. Tests to verify behavior. Bug: 14975160 Change-Id: I38289867c80ac659163bb0c2158ef12d99cc570d /frameworks/base/core/java/android/content/pm/PackageInstaller.java
3a44f3f1b446315ef894e01d2ab9b5388c2bd8c4	29-Apr-2014	Jeff Sharkey <jsharkey@android.com>	Initial support for split APKs, PackageInstaller. Defines a new PackageInstaller class that will be used for installing and upgrading packages. An application desiring to install an application creates a session, stages one or more package files in that session, and then kicks off the install. Previously, PackageManager would always make its own copy of a package before inspecting it, to ensure the data could be trusted. This new session concept allows the installer to write package data directly to its final resting place on disk, reducing disk I/O and footprint requirements. Writes are directed through an intermediate pipe to ensure we can prevent mutations once an install has been initiated. Also uses fallocate() internally to support optimal ext4 block allocation using extents to reduce fragmentation. Sessions are also the way we support installing multiple "split" APKs in a single atomic operation. For a set of packages to form a valid application, they must have exactly the same package name, version code, and certificates. A session can also be used to add a small handful of splits to an application by inheriting existing packages when not performing a full install. Add PackageParser support for extracting split names and certificates. Bug: 14975160 Change-Id: I23d1bf4fbeb9f99a8c83be0c458900a0f0d1bccc /frameworks/base/core/java/android/content/pm/PackageInstaller.java