Cross Reference: /frameworks/base/services/core/java/com/android/server/content/ContentService.java

History log of /frameworks/base/services/core/java/com/android/server/content/ContentService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
6df866a8510af2776c48425a361f708ae7f5d7d6	31-Mar-2017	Jeff Sharkey <jsharkey@android.com>	Enforce PACKAGE_USAGE_STATS for usage data. Some system services are offering package usage data through both public/system APIs and through dump() calls. In principle, usage data hould always be protected with PACKAGE_USAGE_STATS, so start enforcing that. (Otherwise if a user blocked PACKAGE_USAGE_STATS access to an app, that app could still obtain the data via dump() if they held the DUMP permission.) Bottom line, let's respect the user's wishes. Protecting the entire output like this is pretty blunt, but future CLs can add more nuance to the output if desired. Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest Bug: 32806790 Change-Id: I46173562713bea7d89e12a4313c78eb52ea8d77d /frameworks/base/services/core/java/com/android/server/content/ContentService.java
fe9a53bc45fd0124a876dc0a49680aaf86641d3e	31-Mar-2017	Jeff Sharkey <jsharkey@android.com>	Consistent dump() permission checking. This change introduces new methods on DumpUtils that can check if the caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all existing dump() methods to use these checks so that we emit consistent error messages. Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest Bug: 32806790 Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca /frameworks/base/services/core/java/com/android/server/content/ContentService.java
fb64de06cd1f6cd0346e481f13d6cb886dff1bfb	01-Mar-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Use context's userId in ContentResolver class."
b4e2ddde4f08ba25f57c97a4fe7c339cbe805559	04-Feb-2017	Sudheer Shanka <sudheersai@google.com>	Use context's userId in ContentResolver class. - When registering and notifying observers, we should use the user in the context as opposed to current user. - Relax the permission check while registering and notifying content observers to use INTERACT_ACROSS_USERS instead of INTERACT_ACROSS_USERS_FULL permission. Change-Id: I973936903d4a2272c5722f3b98a057a40c0402be Fixes: 32955100 Test: Created managed profile and verified that there are not failures. runtest -x core/tests/coretests/src/android/content/SecondaryUserContentResolverTest.java runtest -x core/tests/coretests/src/android/content/ManagedUserContentResolverTest.java /frameworks/base/services/core/java/com/android/server/content/ContentService.java
912e80d3450943ac2bbca03f33c31c042799a0a1	24-Feb-2017	Jeff Sharkey <jsharkey@android.com>	Require valid authorities for Uri notifications. Content changed notifications are really only valid for content:// Uris, which are really only valid when we have a valid ContentProvider backing them. This has been implicit for a long time, but we actually need to start enforcing it based on target API. We also now tell developers about why their notification requests are being denied, instead of silently logging. Test: builds, boots, common operations work Bug: 34049049 Change-Id: Ie8ab8d8674cff13e3e9269ffddc4ad998cb848c4 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
923e0b8811ae07659408624aeeede18bc8b1197c	17-Nov-2016	Jeff Sharkey <jsharkey@android.com>	Check provider access for content changes. For an app to either send or receive content change notifications, require that they have some level of access to the underlying provider. Without these checks, a malicious app could sniff sensitive user data from the notifications of otherwise private providers. Test: builds, boots, PoC app now fails Bug: 32555637 Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef /frameworks/base/services/core/java/com/android/server/content/ContentService.java
dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0	11-Nov-2016	Sudheer Shanka <sudheersai@google.com>	Update usage of ActivityManagerNative. - Remove references to ActivityManagerProxy. - Add isSystemReady to ActivityManager. Bug: 30977067 Test: cts/hostsidetests/services/activityandwindowmanager/util/run-test android.server.cts adb shell am instrument -e class com.android.server.am.ActivityManagerTest,com.android.server.am.TaskStackChangedListenerTest \ -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I07390b6124fb1515821f5c0b37baf6ae74adc8fa /frameworks/base/services/core/java/com/android/server/content/ContentService.java
96b9c75cec453cd0228c5993bd691b7d5783bc7d	18-Oct-2016	Svet Ganov <svetoslavganov@google.com>	Validate input for ContentService#setIsSyncable The syncable parameter value cannot be set to SYNCABLE_NO_ACCOUNT_ACCESS which is a synthetic state that is computed but never persisted. It just means that the sync adapter cannot access the account regardless of its current syncable state and we want to keep its current syncable state to start from there once account access is granted. bug:31794527 Change-Id: I606c4b517977d0b0d3e7ffe753dfd235a875fcd7 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
91d37f43c73d76a54679bb84a71a6339bccb1e24	04-Sep-2016	Svet Ganov <svetoslavganov@google.com>	[DO NOT MERGE] While-list apps to access account if already saw it Sync adapters without an account access cannot run until the user approves the account access (for the case the account access is not allowed by other policy such as being singed with the same cert as the authenticator). However, if the sync adapter package already got the account from another app which means it already saw the account we white-list the sync adapter app to access the account as it already saw it - the bird is out of the cage. bug:31162498 Change-Id: I2b72f3b0d6307561ed68db2f2e9c900b15e8d098 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
5cb2973495084f8ce3433b579e4b4962ed9d7efc	12-Jul-2016	Svetoslav Ganov <svetoslavganov@google.com>	Only sync adapters with access can see an account - framework It was possible for a sync adapter without accounts access to see the account which it is supposed to sync which can be used to identify the user. This change ensures that only sync adapters with account access can run (which results in seeing the account), otherwise we involve the user to approve access only to this account. A sync adapter can access an account if one of these is true: - it is signed as the authenticator for this account - has the GET_ACCOUNTS permission - has an auth token for the account - it is a preinstalled app (system or privileged) The main thing we need to figure out is if the extra prompts for giving access to a sync adapter to the account create too much friction. bug:28163381 Change-Id: Ie083bb681b5a2aed81ca5f6a062193a175fad77e /frameworks/base/services/core/java/com/android/server/content/ContentService.java
7ef9f61be627a764902ee59bdc2af6aea83916df	17-Jun-2016	Svetoslav Ganov <svetoslavganov@google.com>	Merge "Don't dispatch Uris with appended user handle" into nyc-dev
3138a9938b19d596b1581a538eb019f134903d06	16-Jun-2016	Svet Ganov <svetoslavganov@google.com>	Don't dispatch Uris with appended user handle This change fixes a bug where we started appending the user id to the changing Uri for observers to know what user's Uri changed. This is problematic as it changes the Uri structure expected by observers. Also there are no public APIs to factor out the user id from the Uri. If a system component needs to know for which user a Uri changed it can use ContentObserver#onChange(boolean, Uri, int) where the last argument is the user id. bug:19312280 Change-Id: I5f0982ac3c8d6b6eab060bab65d3b53182660ac7 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
3b840e378a97a71c6592fb924b39d73d89931a38	14-Jun-2016	Shreyas Basarge <snb@google.com>	Update SyncManager min period to match JobScheduler Use JobScheduler's minimum period in SyncManager. Syncs will respect JobScheduler's min period anyway, this change ensures that dumpsys of both services show the same period. Bug: 29253834 Change-Id: I0cd7f85da56af967963573a048c3a71436ed9c5b /frameworks/base/services/core/java/com/android/server/content/ContentService.java
051f3b7aecdde128ec3b812164a39dff81633b84	18-May-2016	Nicolas Prevot <nprevot@google.com>	Use correct user id when checking uri grants for notification. An application is allowed to notify a change to a uri if it has a grant to this uri. Use the correct user id to check this grant. BUG:19312280 Change-Id: I8bad2e65325fdfef4907d7b71b4f264dff567217 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
e761777323444e900ab683137a1e4d6abecdc728	28-Apr-2016	Dianne Hackborn <hackbod@google.com>	Fix issue #28431297: Crash in system process Don't allow null URIs to get put into the notification path. Change-Id: I4f68f438960c8a90c7b417feaa2e19968a3a200a /frameworks/base/services/core/java/com/android/server/content/ContentService.java
1cab76af8537a275d1af38d25f5692a68e48eed6	13-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Make wallpapers direct-boot aware. If the user's wallpaper isn't direct-boot aware, wait around for the user to be unlocked, instead of clearing the wallpaper. Also switch a few classes to using SystemService lifecycle, since events are dispatched faster than through broadcasts. Fix bug where ContentService.systemReady() was never called, and make sure EntropyMixer doesn't risk being GC'ed. Bug: 26280055 Change-Id: I9fff468a439b868baa68cf11bb6ee9f7d52b7b5a /frameworks/base/services/core/java/com/android/server/content/ContentService.java
141f11c82a2dbf042833f75aeae6f028e8ae2084	06-Apr-2016	Dianne Hackborn <hackbod@google.com>	More work on issue #26390151: Add new JobScheduler API... ...for monitoring content providers - Improve media provider change reporting so that observers can avoid spurious reports of the top-level content directory changing. - Fix a bug where collected content changes while a job was running were not being properly propagated to the next job. Change-Id: I29e3c2960e6fec75b16ee3ee6588d47342bf8c75 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
a3ebfec731c2f1fcc67ecf58d4634e957b044cba	04-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Invalidate caches when locale changes. When loading roots for the first time, we're okay using any cached data from the system, but if the locale changes we need to force-refresh everything. Now that we're always using the system cache, we have a nice strong signal for "empty" versus "not cached" results, so we don't need to wait around for the first loading pass to finish. Add logic to invalidate system cache when locale changes, and fix locking bug. Bug: 27977906 Change-Id: Ic50083eff360bea887799583f6c9f02c129eec91 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
7732e1e544e89d4a79368c0025901da62f7226a5	31-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Fix RootsCache invalidation bugs. When RootsCache is still running and it detects a provider/package change, it needs to force reload roots. Also fix cache invalidation bug in ContentService to allow for Uri prefix matches. Mark internal storage broadcasts with flag to bypass new background checks. Bug: 27759529 Change-Id: I9d9c6fe15d8640ff56ae7214afb3bac673682c28 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
a04c7a7c6442b8c6f87f5dd11fc5659cdb92decc	18-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Mark more Bundles as being defusable. They're destined for the system, so they're okay to look inside. Bug: 27726127 Change-Id: Ic85c308a8efe6f9b8652952717c72b3c663d328a /frameworks/base/services/core/java/com/android/server/content/ContentService.java
8731408b11a24e3a92188653548f2c90bf866a32	12-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Offer to cache ContentResolver-related Bundles. There are a handful of core system services that collect data from third-party ContentProviders by spinning them up and then caching the results locally in memory. However, if those apps are killed due to low-memory pressure, they lose that cached data and have to collect it again from scratch. It's impossible for those apps to maintain a correct cache when not running, since they'll miss out on Uri change notifications. To work around this, this change introducing a narrowly-scoped caching mechanism that maps from Uris to Bundles. The cache is isolated per-user and per-calling-package, and internally it's optimized to keep the Uri notification flow as fast as possible. Each Bundle is invalidated whenever a notification event for a Uri key is sent, or when the package hosting the provider is changed. This change also wires up DocumentsUI to use this new mechanism, which improves cold-start performance from 3300ms to 1800ms. The more DocumentsProviders a system has, the more pronounced this benefit is. Use BOOT_COMPLETED to build the cache at boot. Add more permission docs, send a missing extra in DATA_CLEARED broadcast. Bug: 18406595 Change-Id: If3eae14bb3c69a8b83a65f530e081efc3b34d4bc /frameworks/base/services/core/java/com/android/server/content/ContentService.java
40a11e525c3888613361a555d71ff13e5ef834e4	01-Feb-2016	Shreyas Basarge <snb@google.com>	Merge "Updated Javadoc to reflect min period"
e96c3b7eff5290f2a6c5e572babbfa8a3897be96	29-Jan-2016	Shreyas Basarge <snb@google.com>	Updated Javadoc to reflect min period Javadoc updated and logging added for min period and min flex enforcements in JobScheduler and SyncManager. Bug: 26874152 Change-Id: Ifdd248b776a1bd04df21b7b9f0ac96bdef0f8bb6 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
8c834c07675052c984728cbf79f7c2e0d8246e43	07-Jan-2016	Shreyas Basarge <snb@google.com>	SyncManager on JobScheduler SyncManager now uses JobScheduler for scheduling and persistence purposes. Change-Id: I38c92aedbf4d891ca297644d0b706835aaedfcd6 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
506e47fcc40ed8576e59abc464ffc5575cacc374	20-Jan-2016	Matthew Williams <mjwilliams@google.com>	Redact Account info from getCurrentSyncs am: f39549e389 am: 1a0aed3257 am: 0e7cd0a9fb am: be136b7a3e am: a947baa87c am: 0f292147f3 am: ce3842eb1a am: 85f169d19f am: c77a2228aa am: 4cc10825f0 am: 88d641ce26 * commit '88d641ce265fe1c6b188b5fa2a2397f3fa8e15ba': Redact Account info from getCurrentSyncs
0f292147f3ac803a8701afd7362ad3e0487fd496	20-Jan-2016	Matthew Williams <mjwilliams@google.com>	Redact Account info from getCurrentSyncs am: f39549e389 am: 1a0aed3257 am: 0e7cd0a9fb am: be136b7a3e am: a947baa87c * commit 'a947baa87caeb6733846d6de4ef2bf84f7ab0fa1': Redact Account info from getCurrentSyncs
309a75556af595ccbc0f0e06828b141cc040afbc	20-Jan-2016	Matthew Williams <mjwilliams@google.com>	Revert "Redact Account info from getCurrentSyncs" This reverts commit b63057e698a01dafcefc7ba09b397b0336bba43d. Reverting this b/c http://droidmerger-01.mtv.corp.google.com:8888/googleplex/branch/lmp-dev claims there's an automerge path from lmp-dev all the way to master. Change-Id: Ia99a20410153442436ea836b5223a524b640dcbf /frameworks/base/services/core/java/com/android/server/content/ContentService.java
f39549e389edf62f43bacd95a1b8580d75ad77ed	20-Jan-2016	Matthew Williams <mjwilliams@google.com>	Redact Account info from getCurrentSyncs BUG:26094635 If the caller to ContentResolver#getCurrentSyncs does not hold the GET_ACCOUNTS permission, return a SyncInfo object that does not contain any Account information. Change-Id: I5628ebe1f56c8e3f784aaf1b3281e6b829d19314 (cherry picked from commit b63057e698a01dafcefc7ba09b397b0336bba43d) /frameworks/base/services/core/java/com/android/server/content/ContentService.java
b63057e698a01dafcefc7ba09b397b0336bba43d	20-Jan-2016	Matthew Williams <mjwilliams@google.com>	Redact Account info from getCurrentSyncs BUG:26094635 If the caller to ContentResolver#getCurrentSyncs does not hold the GET_ACCOUNTS permission, return a SyncInfo object that does not contain any Account information. Change-Id: I5628ebe1f56c8e3f784aaf1b3281e6b829d19314 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
bef28feba57be7fd6a4d14a85a8229154338b2ed	30-Oct-2015	Dianne Hackborn <hackbod@google.com>	Initial stab at background check. Actually, this implementation is more what we want for ephemeral apps. I am realizing the two are not really the same thing. :( For this implementation, we now keep track of how long a uid has been in the background, and after a certain amount of time (currently 1 minute) we mark it as "idle". Any packages associated with that uid are then no longer allowed to run in the background. This means, until the app next goes in the foreground: - No manifest broadcast receivers in the app will execute. - No services can be started (binding services is still okay, as this is outside dependencies on the app that should still be represented). - All alarms for the app are cancelled and no more can be set. - All jobs for the app are cancelled and no more can be scheduled. - All syncs for the app are cancelled and no more can be requested. Change-Id: If53714ca4beed35faf2e89f916ce9eaaabd9290d /frameworks/base/services/core/java/com/android/server/content/ContentService.java
52153f4c0540a991b5b7214f4f14b5a891479a3c	11-Aug-2015	Svet Ganov <svetoslavganov@google.com>	Add GTS test to ensure valid default permission grants - framework The platform grants runtime permissions by default to apps on the system image that provide core device use cases which a user expects to work out-of-the-box. We are now adding a test to ensure that OEMs cannot pregrant premissions on non approved components. bug:23043018 Change-Id: Id76717cce0ee59678956bd0be347d3c045fe4c51 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
0010b70beae6fafd3faf06e1b02291f59f9f85db	01-Jul-2015	Svetoslav <svetoslavganov@google.com>	Grant permissions to headless system calendar/contacts sync adapters. bug:21861781 Change-Id: I5f9905a23ba1b23e387adf2cea842172d34207b0 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
adea1918bef942b6214cf549b1316affd2b10280	19-Jun-2015	Benjamin Franz <bfranz@google.com>	Make ContentObservers work across profiles Currently registering for changes to a cross-user Uri does not work, as the calling user id is used to identify the Uri. Change this to use the userId the Uri is associated with. In order to protect Uris across users, we only allow registration for a Uri when the caller has read permission. We also only allow notify calls from across users when the caller has write permission to the Uri. Bug: 19312280 Change-Id: Ide216b09980ed5ebefe9b37c946dd8160167809f /frameworks/base/services/core/java/com/android/server/content/ContentService.java
37a40c24deb02bca3868a8085069afae112f22e4	17-Jun-2015	Amith Yamasani <yamasani@google.com>	App Standby : Association between content providers and their sync adapter Set sync adapters to active if the associated content providers are used at foreground process state. Minimize how frequently published content providers are reported by keeping track of last reported time. Also cache sync adapters associated with an authority in SyncManager. Bug: 21785111 Change-Id: Ic2c8cb6a27f005d1a1d0aad21d36b1510160753a /frameworks/base/services/core/java/com/android/server/content/ContentService.java
08c7116ab9cd04ad6dd3c04aa1017237e7f409ac	28-Feb-2015	John Spurlock <jspurlock@google.com>	Remove unused imports in frameworks/base. Change-Id: I031443de83f93eb57a98863001826671b18f3b17 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
86b1df234397802895771fe14cd8f2813fa43415	21-Aug-2014	Svetoslav <svetoslavganov@google.com>	Print services setting changes not handled for managed profiles. We keep per user settings for enabled print services which are observed to update the print manager service state. We were listening to all user changes but the handling code was not updating the state of the user whose settings changed, rather the current user. Added hidden APIs in content observer to know which user changed and now the print manager serivce handles content changes for the correct user. bug:16977006 Change-Id: I71ec88c8f3f38cb405844c13ab83695c2029eb79 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
0e9ac20d7e0c9aca8cd342d97465adfac4c7e6e1	16-Jul-2014	Alexandra Gherghina <alexgherghina@google.com>	Do Not Merge Per-user API for master sync Change-Id: I6a8088eb3bfddae4c8e38904dd26baf3c7c09c9e (cherry picked from commit 222aea8bd997807784dc99ca53f63280d384fdf0) /frameworks/base/services/core/java/com/android/server/content/ContentService.java
cb22807ffcf79db1b62162842d0a90251a463ea7	01-Jul-2014	Alexandra Gherghina <alexgherghina@google.com>	Adds per-user APIs required by the Settings app Bug: 15466880 Change-Id: Ic99fbf074564901b04d32b08f3a7a38555f330b3 /frameworks/base/services/core/java/com/android/server/content/ContentService.java
0363c3eb089afd4474bfd6ae6ee8a500d6e97614	23-Jun-2014	Alexandra Gherghina <alexgherghina@google.com>	Expose per-user APIs for content services. Bug: 15466880 Change-Id: Ib5a030e78559307627fe0d2e80ce6f1a7825109d /frameworks/base/services/core/java/com/android/server/content/ContentService.java
5a9decd589f3f6a512168fd669ee2c5d8daa238b	04-Jun-2014	Matthew Williams <mjwilliams@google.com>	Redact SyncService stuff from master This changes the API surface area, deleting things we aren't releasing. I'll do the internal clean-up at the same time I do the SyncManager refactor to sit on top of the TaskManager. Bug: 14997851 Change-Id: Ibefbb246f0e98d3159399151744279902468a23c /frameworks/base/services/core/java/com/android/server/content/ContentService.java
4b9d79c30eccb61645d98a4f0d49b7769e8c7ccc	22-May-2014	Amith Yamasani <yamasani@google.com>	Fix singleUser attribute Make it work correctly for singleton content providers. Relax which apps can export singleton content providers. Change-Id: I43d315c25ed76a876bfa6d5e0d1351bc19c9bdba /frameworks/base/services/core/java/com/android/server/content/ContentService.java
49782e46c0eb85a25ae2abcf80880c48dbab5aea	20-Dec-2013	Amith Yamasani <yamasani@google.com>	am 9158825f: Move some system services to separate directories * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
9158825f9c41869689d6b1786d7c7aa8bdd524ce	22-Nov-2013	Amith Yamasani <yamasani@google.com>	Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85 /frameworks/base/services/core/java/com/android/server/content/ContentService.java